LEFT | RIGHT |
(no file at all) | |
| 1 // Copyright 2012 The Go Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style |
| 3 // license that can be found in the LICENSE file. |
| 4 |
| 5 // +build darwin freebsd linux netbsd openbsd |
| 6 |
| 7 package test |
| 8 |
| 9 // functional test harness for unix. |
| 10 |
| 11 import ( |
| 12 "crypto" |
| 13 "crypto/dsa" |
| 14 "crypto/rsa" |
| 15 "crypto/x509" |
| 16 "encoding/pem" |
| 17 "errors" |
| 18 "io" |
| 19 "io/ioutil" |
| 20 "net" |
| 21 "os" |
| 22 "os/exec" |
| 23 "os/user" |
| 24 "path/filepath" |
| 25 "testing" |
| 26 "text/template" |
| 27 "time" |
| 28 |
| 29 "code.google.com/p/go.crypto/ssh" |
| 30 ) |
| 31 |
| 32 const ( |
| 33 sshd_config = ` |
| 34 Protocol 2 |
| 35 HostKey {{.Dir}}/ssh_host_rsa_key |
| 36 HostKey {{.Dir}}/ssh_host_dsa_key |
| 37 HostKey {{.Dir}}/ssh_host_ecdsa_key |
| 38 Pidfile {{.Dir}}/sshd.pid |
| 39 #UsePrivilegeSeparation no |
| 40 KeyRegenerationInterval 3600 |
| 41 ServerKeyBits 768 |
| 42 SyslogFacility AUTH |
| 43 LogLevel INFO |
| 44 LoginGraceTime 120 |
| 45 PermitRootLogin no |
| 46 StrictModes no |
| 47 RSAAuthentication yes |
| 48 PubkeyAuthentication yes |
| 49 AuthorizedKeysFile {{.Dir}}/authorized_keys |
| 50 IgnoreRhosts yes |
| 51 RhostsRSAAuthentication no |
| 52 HostbasedAuthentication no |
| 53 ` |
| 54 testClientPrivateKey = `-----BEGIN RSA PRIVATE KEY----- |
| 55 MIIEowIBAAKCAQEAxF/3T7uD5rb4Cty2vc4qAhA6yclK+sRCCuz6/qy4MnXKlk1P |
| 56 5Le8O4CozsOL784B34ypdPQlsr4G/suXQok5PTMSPnqxjYbN6cGqEvhGrwG2sAe4 |
| 57 hKmMk3qd2GiSvuESeDl+2ZVzACDK0y/lFayvPbeeoQpBWGgIKN1WPs+q2/292wwW |
| 58 LRNWNrUuwt2ru92g4Hm/abCK0lfOrnCgU5eV+thZ2IshnfvsQpyweri8YpjOTil3 |
| 59 y8yUDUv0MmcpNdoNw/MuvV8NRswkil9btfjEG6Mn9ByXBtq8lAix3XA1aaQKch8d |
| 60 ji6ud4ZZEP8sXX5Q6gqgBOI/naGoErCHwtU9kwIDAQABAoIBAFJRKAp0QEZmTHPB |
| 61 MZk+4r0asIoFpziXLFgIHu7C2DPOzK1Umzj1DCKlPB3wOqi7Ym2jOSWdcnAK2EPW |
| 62 dAGgJC5TSkKGjAcXixmB5RkumfKidUI0+lQh/puTurcMnvcEwglDkLkEvMBA/sSo |
| 63 Pw9m486rOgOnmNzGPyViItURmD2+0yDdLl/vOsO/L1p76GCd0q0J3LqnmsQmawi7 |
| 64 Zwj2Stm6BIrggG5GsF204Iet5219TYLo4g1Qb2AlJ9C8P1FtAWhMwJalDxH9Os2/ |
| 65 KCDjnaq5n3bXbIU+3QjskjeVXL/Fnbhjnh4zs1EA7eHzl9dCGbcZ2LOimo2PRo8q |
| 66 wVQmz4ECgYEA9dhiu74TxRVoaO5N2X+FsMzRO8gZdP3Z9IrV4jVN8WT4Vdp0snoF |
| 67 gkVkqqbQUNKUb5K6B3Js/qNKfcjLbCNq9fewTcT6WsHQdtPbX/QA6Pa2Z29wrlA2 |
| 68 wrIYaAkmVaHny7wsOmgX01aOnuf2MlUnksK43sjZHdIo/m+sDKwwY1cCgYEAzHx4 |
| 69 mwUDMdRF4qpDKJhthraBNejRextNQQYsHVnNaMwZ4aeQcH5l85Cgjm7VpGlbVyBQ |
| 70 h4zwFvllImp3D2U3mjVkV8Tm9ID98eWvw2YDzBnS3P3SysajD23Z+BXSG9GNv/8k |
| 71 oAm+bVlvnJy4haK2AcIMk1YFuDuAOmy73abk7iUCgYEAj4qVM1sq/eKfAM1LJRfg |
| 72 /jbIX+hYfMePD8pUUWygIra6jJ4tjtvSBZrwyPb3IImjY3W/KoP0AcVjxAeORohz |
| 73 dkP1a6L8LiuFxSuzpdW5BkyuebxGhXCOWKVVvMDC4jLTPVCUXlHSv3GFemCjjgXM |
| 74 QlNxT5rjsha4Gr8nLIsJAacCgYA4VA1Q/pd7sXKy1p37X8nD8yAyvnh+Be5I/C9I |
| 75 woUP2jFC9MqYAmmJJ4ziz2swiAkuPeuQ+2Tjnz2ZtmQnrIUdiJmkh8vrDGFnshKx |
| 76 q7deELsCPzVCwGcIiAUkDra7DQWUHu9y2lxHePyC0rUNst2aLF8UcvzOXC2danhx |
| 77 vViQtQKBgCmZ7YavE/GNWww8N3xHBJ6UPmUuhQlnAbgNCcdyz30MevBg/JbyUTs2 |
| 78 slftTH15QusJ1UoITnnZuFJ40LqDvh8UhiK09ffM/IbUx839/m2vUOdFZB/WNn9g |
| 79 Cy0LzddU4KE8JZ/tlk68+hM5fjLLA0aqSunaql5CKfplwLu8x1hL |
| 80 -----END RSA PRIVATE KEY----- |
| 81 ` |
| 82 ) |
| 83 |
| 84 var keys = map[string]string{ |
| 85 "ssh_host_dsa_key": `-----BEGIN DSA PRIVATE KEY----- |
| 86 MIIBugIBAAKBgQDe2SIKvZdBp+InawtSXH0NotiMPhm3udyu4hh/E+icMz264kDX |
| 87 v+sV7ddnSQGQWZ/eVU7Jtx29dCMD1VlFpEd7yGKzmdwJIeA+YquNWoqBRQEJsWWS |
| 88 7Fsfvv83dA/DTNIQfOY3+TIs6Mb9vagbgQMU3JUWEhbLE9LCEU6UwwRlpQIVAL4p |
| 89 JF83SwpE8Jx6KnDpR89npkl/AoGAAy00TdDnAXvStwrZiAFbjZi8xDmPa9WwpfhJ |
| 90 Rkno45TthDLrS+WmqY8/LTwlqZdOBtoBAynMJfKkUiZM21lWWpL1hRKYdwBlIBy5 |
| 91 XdR2/6wcPSuZ0tCQhDBTstX0Q3P1j198KGKvzy7q9vILKQwtSRqLS1y4JJERafdO |
| 92 E+9CnGwCgYBz0WwBe2EZtGhGhBdnelTIBeo7PIsr0PzqxQj+dc8PBl8K9FfhRyOp |
| 93 U39stUvoUxE9vaIFrY1P5xENjLFnPf+hlcuf40GUWEssW9YWPOaBp8afa9hY5Sxs |
| 94 pvNR6eZFEFOJnx/ZgcA4g+vbrgGi5cM0W470mbGw2CkfJQUafdoIgAIUF+2I9kZe |
| 95 2FTBuC9uacqczDlc+0k= |
| 96 -----END DSA PRIVATE KEY-----`, |
| 97 "ssh_host_rsa_key": `-----BEGIN RSA PRIVATE KEY----- |
| 98 MIIEowIBAAKCAQEAuf76Ue2Wtae9oDtaS6rIJgO7iCFTsZUTW9LBsvx/2nli6jKU |
| 99 d9tUbBRzgdbnRLJ32UljXhERuB/axlrX8/lBzUZ+oYiM0KkEEOXY1z/bcMxdRxGF |
| 100 XHuf4uXvyC2XyA4+ZvBeS4j1QFyIHZ62o7gAlKMTjiek3B4AQEJAlCLmhH3jB8wc |
| 101 K/IYXAOlNGM5G44/ZLQpTi8diOV6DLs7tJ7rtEQedOEJfZng5rwp0USFkqcbfDbe |
| 102 9/hk0J32jZvOtZNBokYtBb4YEdIiWBzzNtHzU3Dzw61+TKVXaH5HaIvzL9iMrw9f |
| 103 kJbJyogfZk9BJfemEN+xqP72jlhE8LXNhpTxFQIDAQABAoIBAHbdf+Y5+5XuNF6h |
| 104 b8xpwW2h9whBnDYiOnP1VfroKWFbMB7R4lZS4joMO+FfkP8zOyqvHwTvza4pFWys |
| 105 g9SUmDvy8FyVYsC7MzEFYzX0xm3o/Te898ip7P1Zy4rXsGeWysSImwqU5X+TYx3i |
| 106 33/zyNM1APtZVJ+jwK9QZ+sD/uPuZK2yS03HGSMZq6ebdoOSaYhluKrxXllSLO1J |
| 107 KJxDiDdy2lEFw0W8HcI3ly1lg6OI+TRqqaCcLVNF4fNJmYIFM+2VEI9BdgynIh0Q |
| 108 pMZlJKgaEBcSqCymnTK81ohYD1cV4st2B0km3Sw35Rl04Ij5ITeiya3hp8VfE6UY |
| 109 PljkA6UCgYEA4811FTFj+kzNZ86C4OW1T5sM4NZt8gcz6CSvVnl+bDzbEOMMyzP7 |
| 110 2I9zKsR5ApdodH2m8d+RUw1Oe0bNGW5xig/DH/hn9lLQaO52JAi0we8A94dUUMSq |
| 111 fUk9jKZEXpP/MlfTdJaPos9mxT7z8jREQxIiqH9AV0rLVDOCfDbSWj8CgYEA0QTE |
| 112 IAUuki3UUqYKzLQrh/QmhY5KTx5amNW9XZ2VGtJvDPJrtBSBZlPEuXZAc4eBWEc7 |
| 113 U3Y9QwsalzupU6Yi6+gmofaXs8xJnj+jKth1DnJvrbLLGlSmf2Ijnwt22TyFUOtt |
| 114 UAknpjHutDjQPf7pUGWaCPgwwKFsdB8EBjpJF6sCgYAfXesBQAvEK08dPBJJZVfR |
| 115 3kenrd71tIgxLtv1zETcIoUHjjv0vvOunhH9kZAYC0EWyTZzl5UrGmn0D4uuNMbt |
| 116 e74iaNHn2P9Zc3xQ+eHp0j8P1lKFzI6tMaiH9Vz0qOw6wl0bcJ/WizhbcI+migvc |
| 117 MGMVUHBLlMDqly0gbWwJgQKBgQCgtb9ut01FjANSwORQ3L8Tu3/a9Lrh9n7GQKFn |
| 118 V4CLrP1BwStavOF5ojMCPo/zxF6JV8ufsqwL3n/FhFP/QyBarpb1tTqTPiHkkR2O |
| 119 Ffx67TY9IdnUFv4lt3mYEiKBiW0f+MSF42Qe/wmAfKZw5IzUCirTdrFVi0huSGK5 |
| 120 vxrwHQKBgHZ7RoC3I2f6F5fflA2ZAe9oJYC7XT624rY7VeOBwK0W0F47iV3euPi/ |
| 121 pKvLIBLcWL1Lboo+girnmSZtIYg2iLS3b4T9VFcKWg0y4AVwmhMWe9jWIltfWAAX |
| 122 9l0lNikMRGAx3eXudKXEtbGt3/cUzPVaQUHy5LiBxkxnFxgaJPXs |
| 123 -----END RSA PRIVATE KEY-----`, |
| 124 "ssh_host_ecdsa_key": `-----BEGIN EC PRIVATE KEY----- |
| 125 MHcCAQEEINGWx0zo6fhJ/0EAfrPzVFyFC9s18lBt3cRoEDhS3ARooAoGCCqGSM49 |
| 126 AwEHoUQDQgAEi9Hdw6KvZcWxfg2IDhA7UkpDtzzt6ZqJXSsFdLd+Kx4S3Sx4cVO+ |
| 127 6/ZOXRnPmNAlLUqjShUsUBBngG0u2fqEqA== |
| 128 -----END EC PRIVATE KEY-----`, |
| 129 "authorized_keys": `ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDEX/dPu4PmtvgK
3La9zioCEDrJyUr6xEIK7Pr+rLgydcqWTU/kt7w7gKjOw4vvzgHfjKl09CWyvgb+y5dCiTk9MxI+erGN
hs3pwaoS+EavAbawB7iEqYyTep3YaJK+4RJ4OX7ZlXMAIMrTL+UVrK89t56hCkFYaAgo3VY+z6rb/b3b
DBYtE1Y2tS7C3au73aDgeb9psIrSV86ucKBTl5X62FnYiyGd++xCnLB6uLximM5OKXfLzJQNS/QyZyk1
2g3D8y69Xw1GzCSKX1u1+MQboyf0HJcG2ryUCLHdcDVppApyHx2OLq53hlkQ/yxdflDqCqAE4j+doagS
sIfC1T2T user@host`, |
| 130 } |
| 131 |
| 132 var ( |
| 133 configTmpl template.Template |
| 134 sshd string // path to sshd |
| 135 rsakey *rsa.PrivateKey |
| 136 ) |
| 137 |
| 138 func init() { |
| 139 template.Must(configTmpl.Parse(sshd_config)) |
| 140 block, _ := pem.Decode([]byte(testClientPrivateKey)) |
| 141 rsakey, _ = x509.ParsePKCS1PrivateKey(block.Bytes) |
| 142 } |
| 143 |
| 144 type server struct { |
| 145 t *testing.T |
| 146 cleanup func() // executed during Shutdown |
| 147 configfile string |
| 148 cmd *exec.Cmd |
| 149 } |
| 150 |
| 151 func (s *server) Dial() *ssh.ClientConn { |
| 152 s.cmd = exec.Command("sshd", "-f", s.configfile, "-i") |
| 153 stdin, err := s.cmd.StdinPipe() |
| 154 if err != nil { |
| 155 s.t.Fatal(err) |
| 156 } |
| 157 stdout, err := s.cmd.StdoutPipe() |
| 158 if err != nil { |
| 159 s.t.Fatal(err) |
| 160 } |
| 161 s.cmd.Stderr = os.Stderr |
| 162 err = s.cmd.Start() |
| 163 if err != nil { |
| 164 s.Shutdown() |
| 165 s.t.Fatal(err) |
| 166 } |
| 167 |
| 168 user, err := user.Current() |
| 169 if err != nil { |
| 170 s.Shutdown() |
| 171 s.t.Fatal(err) |
| 172 } |
| 173 kc := new(keychain) |
| 174 kc.keys = append(kc.keys, rsakey) |
| 175 config := &ssh.ClientConfig{ |
| 176 User: user.Username, |
| 177 Auth: []ssh.ClientAuth{ |
| 178 ssh.ClientAuthKeyring(kc), |
| 179 }, |
| 180 } |
| 181 conn, err := ssh.Client(&client{stdin, stdout}, config) |
| 182 if err != nil { |
| 183 s.Shutdown() |
| 184 s.t.Fatal(err) |
| 185 } |
| 186 return conn |
| 187 } |
| 188 |
| 189 func (s *server) Shutdown() { |
| 190 if err := s.cmd.Process.Kill(); err != nil { |
| 191 s.t.Error(err) |
| 192 } |
| 193 s.cleanup() |
| 194 } |
| 195 |
| 196 // client wraps a pair of Reader/WriteClosers to implement the |
| 197 // net.Conn interface. |
| 198 type client struct { |
| 199 io.WriteCloser |
| 200 io.Reader |
| 201 } |
| 202 |
| 203 func (c *client) LocalAddr() net.Addr { return nil } |
| 204 func (c *client) RemoteAddr() net.Addr { return nil } |
| 205 func (c *client) SetDeadline(time.Time) error { return nil } |
| 206 func (c *client) SetReadDeadline(time.Time) error { return nil } |
| 207 func (c *client) SetWriteDeadline(time.Time) error { return nil } |
| 208 |
| 209 // newServer returns a new mock ssh server. |
| 210 func newServer(t *testing.T) *server { |
| 211 dir, err := ioutil.TempDir("", "sshtest") |
| 212 if err != nil { |
| 213 t.Fatal(err) |
| 214 } |
| 215 f, err := os.Create(filepath.Join(dir, "sshd_config")) |
| 216 if err != nil { |
| 217 t.Fatal(err) |
| 218 } |
| 219 err = configTmpl.Execute(f, map[string]string{ |
| 220 "Dir": dir, |
| 221 }) |
| 222 if err != nil { |
| 223 t.Fatal(err) |
| 224 } |
| 225 f.Close() |
| 226 |
| 227 for k, v := range keys { |
| 228 f, err := os.OpenFile(filepath.Join(dir, k), os.O_WRONLY|os.O_TR
UNC|os.O_CREATE, 0600) |
| 229 if err != nil { |
| 230 t.Fatal(err) |
| 231 } |
| 232 if _, err := f.Write([]byte(v)); err != nil { |
| 233 t.Fatal(err) |
| 234 } |
| 235 f.Close() |
| 236 } |
| 237 |
| 238 return &server{ |
| 239 t: t, |
| 240 configfile: f.Name(), |
| 241 cleanup: func() { |
| 242 if err := os.RemoveAll(dir); err != nil { |
| 243 t.Error(err) |
| 244 } |
| 245 }, |
| 246 } |
| 247 } |
| 248 |
| 249 // keychain implements the ClientKeyring interface |
| 250 type keychain struct { |
| 251 keys []interface{} |
| 252 } |
| 253 |
| 254 func (k *keychain) Key(i int) (interface{}, error) { |
| 255 if i < 0 || i >= len(k.keys) { |
| 256 return nil, nil |
| 257 } |
| 258 switch key := k.keys[i].(type) { |
| 259 case *rsa.PrivateKey: |
| 260 return &key.PublicKey, nil |
| 261 case *dsa.PrivateKey: |
| 262 return &key.PublicKey, nil |
| 263 } |
| 264 panic("unknown key type") |
| 265 } |
| 266 |
| 267 func (k *keychain) Sign(i int, rand io.Reader, data []byte) (sig []byte, err err
or) { |
| 268 hashFunc := crypto.SHA1 |
| 269 h := hashFunc.New() |
| 270 h.Write(data) |
| 271 digest := h.Sum(nil) |
| 272 switch key := k.keys[i].(type) { |
| 273 case *rsa.PrivateKey: |
| 274 return rsa.SignPKCS1v15(rand, key, hashFunc, digest) |
| 275 } |
| 276 return nil, errors.New("ssh: unknown key type") |
| 277 } |
| 278 |
| 279 func (k *keychain) loadPEM(file string) error { |
| 280 buf, err := ioutil.ReadFile(file) |
| 281 if err != nil { |
| 282 return err |
| 283 } |
| 284 block, _ := pem.Decode(buf) |
| 285 if block == nil { |
| 286 return errors.New("ssh: no key found") |
| 287 } |
| 288 r, err := x509.ParsePKCS1PrivateKey(block.Bytes) |
| 289 if err != nil { |
| 290 return err |
| 291 } |
| 292 k.keys = append(k.keys, r) |
| 293 return nil |
| 294 } |
LEFT | RIGHT |