Vh4yXUdZddlZddlmZddlmZddlmZddlm Z e e e d< ddl Z dZ dd lmZdd lmZdd lmZmZmZmZdd lmZmZdd lmZddlmZddlm Z m!Z!ddl"m#Z#ddl$m%Z%ddl&m'Z'ddl(m)Z)e%drdZ*ddl+m,Z,ddl-m.Z.m/Z/ddl0m1Z1ddl2m3Z3ndZ*e4edddZ5ndZ5Gdde)Z6Gdde)Z7Gd d!e)Z8Gd"d#e)Z9Gd$d%e)Z:Gd&d'e)Z;Gd(d)e)Z<ed*d+gZ=Gd,d-e>Z?Gd.d/e)Z@y#e$rdZ YwxYw)0z& Tests for L{twisted.conch.checkers}. N) encodebytes) namedtuple)BytesIO)Optional cryptSkipzcannot run without crypt module) verifyObject)'InMemoryUsernamePasswordDatabaseDontUse)ISSHPrivateKeyIUsernamePassword SSHPrivateKeyUsernamePassword)UnauthorizedLoginUnhandledCredentials)Deferred)util)ShadowDatabase UserDatabase)FilePath) requireModule)MockOS)TestCase cryptography)checkers)NotEnoughAuthenticationValidPublicKey)keys)keydatazcan't run without cryptographygeteuidz0Cannot run without effective UIDs (questionable)cLeZdZdZexseZdZdZdZ dZ dZ dZ dZ d Zy ) HelperTestszl Tests for helper functions L{verifyCryptedPassword}, L{_pwdGetByName} and L{_shadowGetByName}. c"t|_yN)rmockosselfs P/home/dcms/DCMS/lib/python3.12/site-packages/twisted/conch/test/test_checkers.pysetUpzHelperTests.setUp@s h cd}d}tj||}|jtj||dj ||y)z L{verifyCryptedPassword} returns C{True} if the plaintext password passed to it matches the encrypted password passed to it. secret stringsaltyz5{!r} supposed to be valid encrypted password for {!r}Ncrypt assertTruerverifyCryptedPasswordformatr%passwordsaltcrypteds r&test_verifyCryptedPasswordz&HelperTests.test_verifyCryptedPasswordCsM #++h-   * *7H = C J J  r(cd}d}tj||}|jtj||dj ||y)z L{verifyCryptedPassword} returns True if the provided cleartext password matches the provided MD5 password hash. r2z$1$saltz3{!r} supposed to be valid encrypted password for {}Nr,r1s r&test_verifyCryptedPasswordMD5z)HelperTests.test_verifyCryptedPasswordMD5RsM ++h-   * *7H = A H H  r(cd}d}d}tj||}|jtj||dj ||y)z L{verifyCryptedPassword} returns C{False} if the plaintext password passed to it does not match the encrypted password passed to it. z string secretsomesaltr*z7{!r} not supposed to be valid encrypted password for {}N)r- assertFalserr/r0)r%r2r3wrongr4s r&test_refuteCryptedPasswordz&HelperTests.test_refuteCryptedPasswordasT #++h-   * *7E : E L L  r(c t}|jddddddd|jtd||j tj d|j dy ) z L{_pwdGetByName} returns a tuple of items from the UNIX /etc/passwd database if the L{pwd} module is present. alicesecrit first last/foo/bin/shpwdN)raddUserpatchr assertEqual _pwdGetByNamegetpwnamr%userdbs r&test_pwdGetByNamezHelperTests.test_pwdGetByNameqsW w!Q fiP 8UF+ //8&//':RSr(cz|jtdd|jtjdy)zW If the C{pwd} module isn't present, L{_pwdGetByName} returns L{None}. rENr>)rGr assertIsNonerIr$s r&test_pwdGetByNameWithoutPwdz'HelperTests.test_pwdGetByNameWithoutPwd{s- 8UD) (009:r(c t}|jddddddddd |jtd |d |j_d |j_|jtd |j|jtjd|jd|j|jjdd g|j|jjdd gy)z L{_shadowGetByName} returns a tuple of items from the UNIX /etc/shadow database if the L{spwd} is present. bob passphraser@rAspwd) osrN) rrFrGrr#euidegidrrH_shadowGetByNamegetspnam seteuidCalls setegidCallsrKs r&test_shadowGetByNamez HelperTests.test_shadowGetByNames  !ulAq!Q1a@ 8VV,   4t{{+ 22596??5;QR 11At9= 11At9=r(c|jtdd|jtjd|j |j j g|j |j jgy)zP L{_shadowGetByName} returns L{None} if C{spwd} is not present. rYNrR)rGrrOr_rHr#rarbr$s r&test_shadowGetByNameWithoutSpwdz+HelperTests.test_shadowGetByNameWithoutSpwdsa 8VT* (33E:; 1126 1126r(N)__name__ __module__ __qualname____doc__rdependencySkipskipr'r5r7r<rMrPrcrer(r&r r 8s<  &D     T;>"7r(r c`eZdZdZexseZddZdZdZ dZ dZ dZ d Z d Zd Zd Zd Zy)SSHPublicKeyDatabaseTestsz, Tests for L{SSHPublicKeyDatabase}. Nc tj|_td|_td|_d|jzdz|j zdz|_t|_|jtd|jt|j|_ t|jjtsJ|jj!d|_|j"j%t'}|j)dd d d d |jjd ||j_y)Nfoobareggspamst1 s foo t2 s egg r\.sshuserr2r@rArB /bin/shell)rSSHPublicKeyDatabasecheckerrkey1key2contentrr#rGrrmktemppath isinstancestrchildsshDirmakedirsrrF_userdbrKs r&r'zSSHPublicKeyDatabaseTests.setUps446  *  +  )L8499DyP h  4t{{+T[[]+ $))..#...iioof-      IINN   & r(c|j|jg}|j|ddt|j|ddd|jt |dy)zJ L{SSHPublicKeyDatabase} is deprecated as of version 15.0 )offendingFunctionsrcategorymessageztwisted.conch.checkers.SSHPublicKeyDatabase was deprecated in Twisted 15.0.0: Please use twisted.conch.checkers.SSHPublicKeyChecker, initialized with an instance of twisted.conch.checkers.UNIXAuthorizedKeysFiles instead.r@N) flushWarningsr'rHDeprecationWarninglen)r% warningsShowns r&test_deprecatedz)SSHPublicKeyDatabaseTests.test_deprecatedsp**tzzl*K  q)*57IJ  ! Y ' F  ]+Q/r(c|jj|j|jt dd}d|_|j |jj|d|_|j |jj|d|_|j|jj|y)Nuserpasswordrprqs notallowed) rr~ setContentryr blobr.rvcheckKeyr:)r%filenamerss r& _testCheckKeyz'SSHPublicKeyDatabaseTests._testCheckKeys (#..t||<5   --d34   --d34!  ..t45r(c|jd|j|jjg|j|jjgy)z L{SSHPublicKeyDatabase.checkKey} should retrieve the content of the authorized_keys file and check the keys against that file. authorized_keysNrrHr#rarbr$s r& test_checkKeyz'SSHPublicKeyDatabaseTests.test_checkKeysG ,- 1126 1126r(c|jd|j|jjg|j|jjgy)z L{SSHPublicKeyDatabase.checkKey} should retrieve the content of the authorized_keys2 file and check the keys against that file. authorized_keys2Nrr$s r&test_checkKey2z(SSHPublicKeyDatabaseTests.test_checkKey2sG -. 1126 1126r(c|jjdj|jj d|j jd|j jfd}d|j _d|j _ |j|j d||jtd|j td d }d |_ |j|jj!||j#|j j$gd |j#|j j&d dgy)z If the key file is readable, L{SSHPublicKeyDatabase.checkKey} should switch its uid/gid to the ones of the authenticated user. rrc6jd|S)Nr)chmod)r]keyFile savedSeteuids r&seteuidz>SSHPublicKeyDatabaseTests.test_checkKeyAsRoot..seteuids MM% % %r(rZr[rr\rrrp)rr@rrZrAN)rr~rryr addCleanupr#rr]r^rGrr rr.rvrrHrarb)r%rrsrrs @@r&test_checkKeyAsRootz-SSHPublicKeyDatabaseTests.test_checkKeyAsRoots ++##$564<<( e  u-{{**  &    4;; 73 4t{{+5   --d34 11?C 11At9=r(c Td}jjd|tddtjdt j jtjjd}jj|}fd}|j|S)z L{SSHPublicKeyDatabase.requestAvatarId} should return the avatar id passed in if its C{_checkKey} method returns True. cyNTrlignoreds r& _checkKeyzASSHPublicKeyDatabaseTests.test_requestAvatarId.._checkKey r(rtestssh-rsafooc*j|dyNrrHavatarIdr%s r&_verifyz?SSHPublicKeyDatabaseTests.test_requestAvatarId.._verify   Xw /r() rGrvr rpublicRSA_opensshrKey fromStringprivateRSA_opensshsignrequestAvatarId addCallback)r%r credentialsdrs` r&test_requestAvatarIdz.SSHPublicKeyDatabaseTests.test_requestAvatarIds   4<<Y7#    % %  HH   : : ; @ @ H   LL ( ( 5 0}}W%%r(cd}|j|jd|tddtjdd}|jj |}|j |tS)a( L{SSHPublicKeyDatabase.requestAvatarId} should raise L{ValidPublicKey} if the credentials represent a valid key without a signature. This tells the user that the key is valid for login, but does not actually allow that user to do so without a signature. cyrrlrs r&rzQSSHPublicKeyDatabaseTests.test_requestAvatarIdWithoutSignature.._checkKey&rr(rrrN)rGrvr rrr assertFailurerr%rrrs r&$test_requestAvatarIdWithoutSignaturez>SSHPublicKeyDatabaseTests.test_requestAvatarIdWithoutSignaturesa  4<<Y7# Z!:!:D$  LL ( ( 5!!!^44r(cd}|j|jd||jjd}|j|tS)z If L{SSHPublicKeyDatabase.checkKey} returns False, C{_cbRequestAvatarId} should raise L{UnauthorizedLogin}. cyNFrlrs r&rzKSSHPublicKeyDatabaseTests.test_requestAvatarIdInvalidKey.._checkKey6r(rN)rGrvrrr)r%rrs r&test_requestAvatarIdInvalidKeyz8SSHPublicKeyDatabaseTests.test_requestAvatarIdInvalidKey0sE   4<<Y7 LL ( ( .!!!%677r(c Rd}|j|jd|tddtjdt j jtjjd}|jj|}|j|tS)z Valid keys with invalid signatures should cause L{SSHPublicKeyDatabase.requestAvatarId} to return a {UnauthorizedLogin} failure cyrrlrs r&rzQSSHPublicKeyDatabaseTests.test_requestAvatarIdInvalidSignature.._checkKeyDrr(rrrr) rGrvr rrrrrprivateDSA_opensshrrrrrs r&$test_requestAvatarIdInvalidSignaturez>SSHPublicKeyDatabaseTests.test_requestAvatarIdInvalidSignature=s  4<<Y7#    % %  HH   : : ; @ @ H   LL ( ( 5!!!%677r(cd}jjd|tddddd}jj|}fd}|j |j |t S) z~ Exceptions raised while verifying the key should be normalized into an C{UnauthorizedLogin} failure. cyrrlrs r&rzSSSHPublicKeyDatabaseTests.test_requestAvatarIdNormalizeException.._checkKeyXrr(rrNsblobssigDatassigc|jtj}jt |d|S)Nr@)flushLoggedErrorsr BadKeyErrorrHr)failureerrorsr%s r&_verifyLoggedExceptionz`SSHPublicKeyDatabaseTests.test_requestAvatarIdNormalizeException.._verifyLoggedException_s2++D,<,<=F   S[! ,Nr()rGrvr r addErrbackrr)r%rrrrs` r&&test_requestAvatarIdNormalizeExceptionz@SSHPublicKeyDatabaseTests.test_requestAvatarIdNormalizeExceptionRsl   4<<Y7#GT7JO LL ( ( 5  +,!!!%677r(returnN)rfrgrhrieuidSkiprjrkr'rrrrrrrrrrrlr(r&rnrnsJ  %~D&40 677>6&05$ 88*8r(rnc8eZdZdZeZdZdZdZdZ dZ dZ y) SSHProtocolCheckerTestsz* Tests for L{SSHProtocolChecker}. cNtj}|j|jg|j tj |j|jt g|j|jt tj y)z L{SSHProcotolChecker.registerChecker} should add the given checker to the list of registered checkers. N)rSSHProtocolCheckerrHcredentialInterfacesregisterCheckerrur assertIsInstancer%rvs r&test_registerCheckerz,SSHProtocolCheckerTests.test_registerCheckeros --/ 55r:  ) ) +  557GH    ^ ,h.K.K r(cXtj}|j|jg|j tj t |j|jt g|j|jt tj y)z If a specific interface is passed into L{SSHProtocolChecker.registerChecker}, that interface should be registered instead of what the checker specifies in credentialIntefaces. N)rrrHrrrur rrs r&!test_registerCheckerWithInterfacez9SSHProtocolCheckerTests.test_registerCheckerWithInterface~s--/ 55r: = = ?ARS 558I7JK    . /1N1N r(ctj}t}|jdd|j ||j t dd}fd}|j|S)z L{SSHProtocolChecker.requestAvatarId} should defer to one if its registered checkers to authenticate a user. rc*j|dyrrrs r& _callbackz?SSHProtocolCheckerTests.test_requestAvatarId.._callbackrr()rrr rFrrr r)r%rvpasswordDatabaserrs` r&rz,SSHProtocolCheckerTests.test_requestAvatarIdsi --/BD  '2 01  # #$4Wg$F G 0}}Y''r(ctj}d}|j|d|t}|j dd|j ||j tdd}|j|tS)z If the client indicates that it is never satisfied, by always returning False from _areDone, then L{SSHProtocolChecker} should raise L{NotEnoughAuthentication}. cyrrl)rs r&_areDonezYSSHProtocolCheckerTests.test_requestAvatarIdWithNotEnoughAuthentication.._areDonerr(areDoner) rrrGr rFrrr rr)r%rvrrrs r&/test_requestAvatarIdWithNotEnoughAuthenticationzGSSHProtocolCheckerTests.test_requestAvatarIdWithNotEnoughAuthentications} --/  7Ix0BD  '2 01  # #$4Wg$F G!!!%<==r(ctj}|jtdd}|j |t S)z If the passed credentials aren't handled by any registered checker, L{SSHProtocolChecker} should raise L{UnhandledCredentials}. r)rrrr rr)r%rvrs r&%test_requestAvatarIdInvalidCredentialz=SSHProtocolCheckerTests.test_requestAvatarIdInvalidCredentials> --/  # #$4Wg$F G!!!%9::r(ch|jtjjdy)zV The default L{SSHProcotolChecker.areDone} should simply return True. N)r.rrrr$s r& test_areDonez$SSHProtocolCheckerTests.test_areDones$ 335==dCDr(N) rfrgrhrirjrkrrrrrrrlr(r&rrhs- D    ( >&;Er(rcfeZdZdZexseZdeededdfdZ dZ dZ d Z d Z d Zd Zd ZdZy)UNIXPasswordDatabaseTestsz, Tests for L{UNIXPasswordDatabase}. rusernamerNcF|j|j||y)z Assert that the L{Deferred} passed in is called back with the value 'username'. This represents a valid login for this TestCase. @param d: a L{Deferred} from an L{IChecker.requestAvatarId} method. N)rHsuccessResultOf)r%rrs r&assertLoggedInz(UNIXPasswordDatabaseTests.assertLoggedIns --a0(;r(c tj}d}t}|jd|ddddddd|jd d ddd d dt }|jdd ddddddd |jd |d dddddddd |j td||j td|t }|j td|d|_d|_ tdd }|j|j|d|j|jg|j|jgd!|_|j|j|d!|j|jd"dg|j|jd"dgy#)$z L{UNIXPasswordDatabase} with no arguments has checks the C{pwd} database and then the C{spwd} database. cdtj||}tj|d|z}|S)Nz$1$)r-)rr2r3r4s r&r4z?UNIXPasswordDatabaseTests.test_defaultCheckers..crypteds+;;x2Dkk(EDL9GNr(r>r2r@rAfoorCrDrRxbar/barr;rTrUrVrWrX rErYr\rZr[alicerbobrN)rUNIXPasswordDatabaserrFrrGrrr]r^r rrrHrarbr)r%rvr4rErYr#creds r&test_defaultCheckersz.UNIXPasswordDatabaseTests.test_defaultCheckerss //1  n WWj11a   E31eVY? Wgq!Q1a; UGE:61b"b"bQ 8UC( 8VT* 4v&  +6 G33D98D ,,b1 ,,b1  G33D96B ,,q$i8 ,,q$i8r(cD|j|tjy)a Asserts that the L{Deferred} passed in is erred back with an L{UnauthorizedLogin} L{Failure}. This reprsents an invalid login for this TestCase. NOTE: To work, this method's return value must be returned from the test method, or otherwise hooked up to the test machinery. @param d: a L{Deferred} from an L{IChecker.requestAvatarId} method. @type d: L{Deferred} @rtype: L{None} N)failureResultOfrrr%rs r&assertUnauthorizedLoginz1UNIXPasswordDatabaseTests.assertUnauthorizedLogins Q : :;r(c tjdd}t}|jd|dddddtj|j g}|j |jtdd dy ) zo L{UNIXPasswordDatabase} takes a list of functions to check for UNIX user information. secretanybodyr@rArrrDsanybodyssecretN) r-rrFrrrJrrr )r%r2rLrvs r&test_passInCheckersz-UNIXPasswordDatabaseTests.test_passInCheckerssp ;;x2y(Aq%K//0AB   # #$4Z$K Lj r(cd}d}|jtd|tj|g}tdd}|j |j |dy)z If the encrypted password provided by the getpwnam function is valid (verified by the L{verifyCryptedPassword} function), we callback the C{requestAvatarId} L{Deferred} with the username. c ||k(Sr"rlr4pws r&r/zLUNIXPasswordDatabaseTests.test_verifyPassword..verifyCryptedPassword b= r(c ||gSr"rlrs r&rJz?UNIXPasswordDatabaseTests.test_verifyPassword..getpwnams h' 'r(r/usernameNrGrrr rrr%r/rJrv credentials r&test_verifyPasswordz-UNIXPasswordDatabaseTests.test_verifyPasswordsY ! ( 846KL// ;%k;?  G33J?Mr(cd}tj|g}tdd}|j|j |y)z} If the getpwnam function raises a KeyError, the login fails with an L{UnauthorizedLogin} exception. ct|r")KeyErrorrs r&rJz?UNIXPasswordDatabaseTests.test_failOnKeyError..getpwnam,s 8$ $r(rrN)rrr r r)r%rJrvrs r&test_failOnKeyErrorz-UNIXPasswordDatabaseTests.test_failOnKeyError&s@  %// ;%k;?  $$W%<%.verifyCryptedPassword9rr(c |dgS)Nrrlrs r&rJzBUNIXPasswordDatabaseTests.test_failOnBadPassword..getpwnam<s k* *r(r/rrN)rGrrr r rrs r&test_failOnBadPasswordz0UNIXPasswordDatabaseTests.test_failOnBadPassword3sW   + 846KL// ;%k;?  $$W%<%.verifyCryptedPasswordLrr(c |dgS)Nznot the passwordrlrs r& getpwnam1zFUNIXPasswordDatabaseTests.test_loopThroughFunctions..getpwnam1Os01 1r(c |dgS)Nr2rlrs r& getpwnam2zFUNIXPasswordDatabaseTests.test_loopThroughFunctions..getpwnam2Rs j) )r(r/rrNr)r%r/r(r*rvrs r&test_loopThroughFunctionsz3UNIXPasswordDatabaseTests.test_loopThroughFunctionsDsa ! 2 * 846KL//I0FG%k;?  G33J?Mr(c  t}|jddddddd|jddddddd|jd d ddddd|jtd |tjtj g}t d d }|j|j|t dd}|j|j|t dd}|j|j|y)z If the password returned by any function is C{""}, C{"x"}, or C{"*"} it is not compared against the supplied password. Instead it is skipped. r>r@rArrrRrcarol*rErr(rxscarol*N) rrFrGrrrIr r r)r%rErvrs r&test_failOnSpecialz,UNIXPasswordDatabaseTests.test_failOnSpecialZs n GRAr5%8 E31b%7 GS!QE59 8UC(//1G1G0HI#. $$W%<%zCAuthorizedKeyFileReaderTests.test_ignoresComments..s1r(s this is notsand this is notNrrreadAuthorizedKeyFilerHlistr%fileobjresults r&test_ignoresCommentsz1AuthorizedKeyFileReaderTests.test_ignoresCommentswsA    //E .*<=tF|Lr(ctd}tj|d}|jdgt |y)zw L{checkers.readAuthorizedKeyFile} ignores leading whitespace in lines, as well as empty lines sg # ignore not ignored c|Sr"rlr8s r&r9zYAuthorizedKeyFileReaderTests.test_ignoresLeadingWhitespaceAndEmptyLines..sAr(parseKeys not ignoredNr:r=s r&*test_ignoresLeadingWhitespaceAndEmptyLineszGAuthorizedKeyFileReaderTests.test_ignoresLeadingWhitespaceAndEmptyLiness>    //+N .)4<8r(cd}td}tj||}|jdgt |y)z L{checkers.readAuthorizedKeyFile} does not raise an exception when a key fails to parse (raises a L{twisted.conch.ssh.keys.BadKeyError}), but rather just keeps going cR|jdrtjd|S)Nfzfailed to parse) startswithrr)lines r& failOnSomezKAuthorizedKeyFileReaderTests.test_ignoresUnparsableKeys..failOnSomes%t$&&'899Kr(sfailed key good keyrCsgood keyNr:)r%rKr>r?s r&test_ignoresUnparsableKeysz7AuthorizedKeyFileReaderTests.test_ignoresUnparsableKeyss<  12//*M +V 5r(N) rfrgrhrirjrkr@rErLrlr(r&r5r5ps D M 96r(r5c&eZdZdZeZdZdZdZy)InMemorySSHKeyDBTestsz0 Tests for L{checkers.InMemorySSHKeyDB} chtjddgi}ttj|y)z_ L{checkers.InMemorySSHKeyDB} implements L{checkers.IAuthorizedKeysDB} rskeyN)rInMemorySSHKeyDBrIAuthorizedKeysDBr%keydbs r&test_implementsInterfacez.InMemorySSHKeyDBTests.test_implementsInterfaces+ ))8fX*>?X//7r(ctjddgi}|jgt|j dy)z If the user is not in the mapping provided to L{checkers.InMemorySSHKeyDB}, an empty iterator is returned by L{checkers.InMemorySSHKeyDB.getAuthorizedKeys} rskeysrNrrPrHr<getAuthorizedKeysrRs r&test_noKeysForUnauthorizedUserz4InMemorySSHKeyDBTests.test_noKeysForUnauthorizedUsers; ))8gY*?@ T%"9"9&"ABCr(ctjdddgi}|jddgt|j dy)z If the user is in the mapping provided to L{checkers.InMemorySSHKeyDB}, an iterator with all the keys is returned by L{checkers.InMemorySSHKeyDB.getAuthorizedKeys} rabNrVrRs r&test_allKeysForAuthorizedUserz3InMemorySSHKeyDBTests.test_allKeysForAuthorizedUsersA ))8dD\*BC $tE,C,CH,M'NOr(N) rfrgrhrirjrkrTrXr\rlr(r&rNrNs D8DPr(rNc:eZdZdZeZd dZdZdZdZ dZ dZ y) UNIXAuthorizedKeysFilesTestsz8 Tests for L{checkers.UNIXAuthorizedKeysFiles}. Nc &t|j|_t|jjtsJ|jj t |_|jjddddd|jjd|jjd|_ |jj |jjd}|jd d d g|_ y) Nr>r2r@rAzalice lastnamertrrrs key 1 key 2skey 1skey 2) rrzr{r|r}rrrLrFr~rr expectedKeys)r%authorizedKeyss r&r'z"UNIXAuthorizedKeysFilesTests.setUpsT[[]+ $))..#... "n      IINN  iioof-  **+<=!!/2%x0r(cvtj|j}ttj|y)zg L{checkers.UNIXAuthorizedKeysFiles} implements L{checkers.IAuthorizedKeysDB}. N)rUNIXAuthorizedKeysFilesrLrrQrRs r&rTz5UNIXAuthorizedKeysFilesTests.test_implementsInterfaces( 00=X//7r(ctj|jd}|jgt |j dy)z If the user is not in the user database provided to L{checkers.UNIXAuthorizedKeysFiles}, an empty iterator is returned by L{checkers.UNIXAuthorizedKeysFiles.getAuthorizedKeys}. c|Sr"rlr8s r&r9zMUNIXAuthorizedKeysFilesTests.test_noKeysForUnauthorizedUser..QRr(rCrN)rrcrLrHr<rWrRs r&rXz;UNIXAuthorizedKeysFilesTests.test_noKeysForUnauthorizedUsers: 00{S T%"9"9&"ABCr(c |jjdjdtj|j d}|j |jdgzt|jdy)a If the user is in the user database provided to L{checkers.UNIXAuthorizedKeysFiles}, an iterator with all the keys in C{~/.ssh/authorized_keys} and C{~/.ssh/authorized_keys2} is returned by L{checkers.UNIXAuthorizedKeysFiles.getAuthorizedKeys}. rskey 3c|Sr"rlr8s r&r9z`UNIXAuthorizedKeysFilesTests.test_allKeysInAllAuthorizedFilesForAuthorizedUser..rfr(rCrN) rr~rrrcrLrHr`r<rWrRs r&1test_allKeysInAllAuthorizedFilesForAuthorizedUserzNUNIXAuthorizedKeysFilesTests.test_allKeysInAllAuthorizedFilesForAuthorizedUsersh ,-88B00{S     *D1H1H1R,S r(ctj|jd}|j|jt |j dy)z L{checkers.UNIXAuthorizedKeysFiles.getAuthorizedKeys} returns only the keys in C{~/.ssh/authorized_keys} and C{~/.ssh/authorized_keys2} if they exist. c|Sr"rlr8s r&r9zJUNIXAuthorizedKeysFilesTests.test_ignoresNonexistantFile..rfr(rCrN)rrcrLrHr`r<rWrRs r&test_ignoresNonexistantFilez8UNIXAuthorizedKeysFilesTests.test_ignoresNonexistantFiles@ 00{S **D1H1H1R,STr(c|jjdjtj|j d}|j |jt|jdy)z L{checkers.UNIXAuthorizedKeysFiles.getAuthorizedKeys} returns only the keys in C{~/.ssh/authorized_keys} and C{~/.ssh/authorized_keys2} if they are readable. rc|Sr"rlr8s r&r9zIUNIXAuthorizedKeysFilesTests.test_ignoresUnreadableFile..rfr(rCrN) rr~rrrcrLrHr`r<rWrRs r&test_ignoresUnreadableFilez7UNIXAuthorizedKeysFilesTests.test_ignoresUnreadableFile s\ ,-66800{S **D1H1H1R,STr(r) rfrgrhrirjrkr'rTrXrirlrorlr(r&r^r^s/ D1.8D  UUr(r^_KeyDBrWceZdZdZy)_DummyExceptionz0 Fake exception to be used for testing. N)rfrgrhrirlr(r&rrrrs  r(rrc>eZdZdZeZdZdZdZdZ dZ dZ dZ y ) SSHPublicKeyCheckerTestsz4 Tests for L{checkers.SSHPublicKeyChecker}. c &tddtjdtjj tj jd|_td|_ tj|j|_ y)Nrrrc^tjjtjgSr")rrrrr)_s r&r9z0SSHPublicKeyCheckerTests.setUp..0stxx':':7;T;T'U&Vr()r rrrrrrrrrprSrSSHPublicKeyCheckerrvr$s r&r'zSSHPublicKeyCheckerTests.setUp(si(    % %  HH   : : ; @ @ H  VW 33DJJ? r(cd|j_|j|jj |jt y)z Calling L{checkers.SSHPublicKeyChecker.requestAvatarId} with credentials that do not have a signature fails with L{ValidPublicKey}. N)r signaturer rvrrr$s r& test_credentialsWithoutSignaturez9SSHPublicKeyCheckerTests.test_credentialsWithoutSignature3s: &*"  LL ( ()9)9 :N r(cd|j_|j|jj |jt j y)z Calling L{checkers.SSHPublicKeyChecker.requestAvatarId} with credentials that have a bad key fails with L{keys.BadKeyError}. r(N)rrr rvrrrr$s r&test_credentialsWithBadKeyz3SSHPublicKeyCheckerTests.test_credentialsWithBadKey=s@ !$  LL ( ()9)9 :D.failgs !# #r(verifyN) rGrrr rvrrrrrr)r%rs r&test_failureVerifyingKeyz1SSHPublicKeyCheckerTests.test_failureVerifyingKey`sV $ 488Xt,  LL ( ()9)9 :rsF  " C=I.I G+?,0,+ N&K&*5N 2y$+HAHc7(c7LG8G8TUEhUEpmDmD`16816hPHPDMU8MU` H23 4 i V