aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJakub Jelen <jjelen@redhat.com>2017-11-16 16:51:58 +0100
committerAndreas Schneider <asn@cryptomilk.org>2017-12-21 11:43:19 +0100
commitdab8985c05b7323b91ad0cff4016c8b865d5af67 (patch)
tree0fec6f21c220771fe891d1808de3be979b33b32e
parent0bd6ccc066692b7a5711dc6975efd509bd859f6d (diff)
downloadlibssh-dab8985c05b7323b91ad0cff4016c8b865d5af67.tar.gz
libssh-dab8985c05b7323b91ad0cff4016c8b865d5af67.tar.xz
libssh-dab8985c05b7323b91ad0cff4016c8b865d5af67.zip
tests/config: Enable and disable authentication methods
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
-rw-r--r--tests/unittests/torture_config.c80
1 files changed, 80 insertions, 0 deletions
diff --git a/tests/unittests/torture_config.c b/tests/unittests/torture_config.c
index aaca1c91..e603d4c9 100644
--- a/tests/unittests/torture_config.c
+++ b/tests/unittests/torture_config.c
@@ -13,6 +13,7 @@
#define LIBSSH_TESTCONFIG5 "libssh_testconfig5.tmp"
#define LIBSSH_TESTCONFIG6 "libssh_testconfig6.tmp"
#define LIBSSH_TESTCONFIG7 "libssh_testconfig7.tmp"
+#define LIBSSH_TESTCONFIG8 "libssh_testconfig8.tmp"
#define LIBSSH_TESTCONFIGGLOB "libssh_testc*[36].tmp"
#define USERNAME "testuser"
@@ -35,6 +36,7 @@ static int setup_config_files(void **state)
unlink(LIBSSH_TESTCONFIG5);
unlink(LIBSSH_TESTCONFIG6);
unlink(LIBSSH_TESTCONFIG7);
+ unlink(LIBSSH_TESTCONFIG8);
torture_write_file(LIBSSH_TESTCONFIG1,
"User "USERNAME"\nInclude "LIBSSH_TESTCONFIG2"\n\n");
@@ -62,6 +64,25 @@ static int setup_config_files(void **state)
"\tGlobalKnownHostsFile "GLOBAL_KNOWN_HOSTS"\n"
"\tUserKnownHostsFile "USER_KNOWN_HOSTS"\n");
+ /* authentication methods */
+ torture_write_file(LIBSSH_TESTCONFIG8,
+ "Host gss\n"
+ "\tGSSAPIAuthentication yes\n"
+ "Host kbd\n"
+ "\tKbdInteractiveAuthentication yes\n"
+ "Host pass\n"
+ "\tPasswordAuthentication yes\n"
+ "Host pubkey\n"
+ "\tPubkeyAuthentication yes\n"
+ "Host nogss\n"
+ "\tGSSAPIAuthentication no\n"
+ "Host nokbd\n"
+ "\tKbdInteractiveAuthentication no\n"
+ "Host nopass\n"
+ "\tPasswordAuthentication no\n"
+ "Host nopubkey\n"
+ "\tPubkeyAuthentication no\n");
+
session = ssh_new();
*state = session;
@@ -77,6 +98,7 @@ static int teardown(void **state)
unlink(LIBSSH_TESTCONFIG5);
unlink(LIBSSH_TESTCONFIG6);
unlink(LIBSSH_TESTCONFIG7);
+ unlink(LIBSSH_TESTCONFIG8);
ssh_free(*state);
@@ -173,6 +195,61 @@ static void torture_config_known_hosts(void **state) {
assert_string_equal(session->opts.global_knownhosts, GLOBAL_KNOWN_HOSTS);
}
+/**
+ * @brief Verify the authentication methods from configuration are effective
+ */
+static void torture_config_auth_methods(void **state) {
+ ssh_session session = *state;
+ int ret = 0;
+
+ /* gradually disable all the methods based on different hosts */
+ ssh_options_set(session, SSH_OPTIONS_HOST, "nogss");
+ ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG8);
+ assert_true(ret == 0);
+ assert_false(session->opts.flags & SSH_OPT_FLAG_GSSAPI_AUTH);
+ assert_true(session->opts.flags & SSH_OPT_FLAG_KBDINT_AUTH);
+
+ ssh_options_set(session, SSH_OPTIONS_HOST, "nokbd");
+ ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG8);
+ assert_true(ret == 0);
+ assert_false(session->opts.flags & SSH_OPT_FLAG_KBDINT_AUTH);
+
+ ssh_options_set(session, SSH_OPTIONS_HOST, "nopass");
+ ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG8);
+ assert_true(ret == 0);
+ assert_false(session->opts.flags & SSH_OPT_FLAG_PASSWORD_AUTH);
+
+ ssh_options_set(session, SSH_OPTIONS_HOST, "nopubkey");
+ ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG8);
+ assert_true(ret == 0);
+ assert_false(session->opts.flags & SSH_OPT_FLAG_PUBKEY_AUTH);
+
+ /* no method should be left enabled */
+ assert_int_equal(session->opts.port, 0);
+
+ /* gradually enable them again */
+ ssh_options_set(session, SSH_OPTIONS_HOST, "gss");
+ ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG8);
+ assert_true(ret == 0);
+ assert_true(session->opts.flags & SSH_OPT_FLAG_GSSAPI_AUTH);
+ assert_false(session->opts.flags & SSH_OPT_FLAG_KBDINT_AUTH);
+
+ ssh_options_set(session, SSH_OPTIONS_HOST, "kbd");
+ ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG8);
+ assert_true(ret == 0);
+ assert_true(session->opts.flags & SSH_OPT_FLAG_KBDINT_AUTH);
+
+ ssh_options_set(session, SSH_OPTIONS_HOST, "pass");
+ ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG8);
+ assert_true(ret == 0);
+ assert_true(session->opts.flags & SSH_OPT_FLAG_PASSWORD_AUTH);
+
+ ssh_options_set(session, SSH_OPTIONS_HOST, "pubkey");
+ ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG8);
+ assert_true(ret == 0);
+ assert_true(session->opts.flags & SSH_OPT_FLAG_PUBKEY_AUTH);
+}
+
int torture_run_tests(void) {
int rc;
struct CMUnitTest tests[] = {
@@ -188,6 +265,9 @@ int torture_run_tests(void) {
cmocka_unit_test_setup_teardown(torture_config_known_hosts,
setup_config_files,
teardown),
+ cmocka_unit_test_setup_teardown(torture_config_auth_methods,
+ setup_config_files,
+ teardown),
};