Source file src/golang.org/x/crypto/ssh/server_test.go

Documentation: golang.org/x/crypto/ssh

     1  // Copyright 2023 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  package ssh
     6  
     7  import (
     8  	"io"
     9  	"net"
    10  	"sync/atomic"
    11  	"testing"
    12  	"time"
    13  )
    14  
    15  func TestClientAuthRestrictedPublicKeyAlgos(t *testing.T) {
    16  	for _, tt := range []struct {
    17  		name      string
    18  		key       Signer
    19  		wantError bool
    20  	}{
    21  		{"rsa", testSigners["rsa"], false},
    22  		{"dsa", testSigners["dsa"], true},
    23  		{"ed25519", testSigners["ed25519"], true},
    24  	} {
    25  		c1, c2, err := netPipe()
    26  		if err != nil {
    27  			t.Fatalf("netPipe: %v", err)
    28  		}
    29  		defer c1.Close()
    30  		defer c2.Close()
    31  		serverConf := &ServerConfig{
    32  			PublicKeyAuthAlgorithms: []string{KeyAlgoRSASHA256, KeyAlgoRSASHA512},
    33  			PublicKeyCallback: func(conn ConnMetadata, key PublicKey) (*Permissions, error) {
    34  				return nil, nil
    35  			},
    36  		}
    37  		serverConf.AddHostKey(testSigners["ecdsap256"])
    38  
    39  		done := make(chan struct{})
    40  		go func() {
    41  			defer close(done)
    42  			NewServerConn(c1, serverConf)
    43  		}()
    44  
    45  		clientConf := ClientConfig{
    46  			User: "user",
    47  			Auth: []AuthMethod{
    48  				PublicKeys(tt.key),
    49  			},
    50  			HostKeyCallback: InsecureIgnoreHostKey(),
    51  		}
    52  
    53  		_, _, _, err = NewClientConn(c2, "", &clientConf)
    54  		if err != nil {
    55  			if !tt.wantError {
    56  				t.Errorf("%s: got unexpected error %q", tt.name, err.Error())
    57  			}
    58  		} else if tt.wantError {
    59  			t.Errorf("%s: succeeded, but want error", tt.name)
    60  		}
    61  		<-done
    62  	}
    63  }
    64  
    65  func TestNewServerConnValidationErrors(t *testing.T) {
    66  	serverConf := &ServerConfig{
    67  		PublicKeyAuthAlgorithms: []string{CertAlgoRSAv01},
    68  	}
    69  	c := &markerConn{}
    70  	_, _, _, err := NewServerConn(c, serverConf)
    71  	if err == nil {
    72  		t.Fatal("NewServerConn with invalid public key auth algorithms succeeded")
    73  	}
    74  	if !c.isClosed() {
    75  		t.Fatal("NewServerConn with invalid public key auth algorithms left connection open")
    76  	}
    77  	if c.isUsed() {
    78  		t.Fatal("NewServerConn with invalid public key auth algorithms used connection")
    79  	}
    80  
    81  	serverConf = &ServerConfig{
    82  		Config: Config{
    83  			KeyExchanges: []string{kexAlgoDHGEXSHA256},
    84  		},
    85  	}
    86  	c = &markerConn{}
    87  	_, _, _, err = NewServerConn(c, serverConf)
    88  	if err == nil {
    89  		t.Fatal("NewServerConn with unsupported key exchange succeeded")
    90  	}
    91  	if !c.isClosed() {
    92  		t.Fatal("NewServerConn with unsupported key exchange left connection open")
    93  	}
    94  	if c.isUsed() {
    95  		t.Fatal("NewServerConn with unsupported key exchange used connection")
    96  	}
    97  }
    98  
    99  type markerConn struct {
   100  	closed uint32
   101  	used   uint32
   102  }
   103  
   104  func (c *markerConn) isClosed() bool {
   105  	return atomic.LoadUint32(&c.closed) != 0
   106  }
   107  
   108  func (c *markerConn) isUsed() bool {
   109  	return atomic.LoadUint32(&c.used) != 0
   110  }
   111  
   112  func (c *markerConn) Close() error {
   113  	atomic.StoreUint32(&c.closed, 1)
   114  	return nil
   115  }
   116  
   117  func (c *markerConn) Read(b []byte) (n int, err error) {
   118  	atomic.StoreUint32(&c.used, 1)
   119  	if atomic.LoadUint32(&c.closed) != 0 {
   120  		return 0, net.ErrClosed
   121  	} else {
   122  		return 0, io.EOF
   123  	}
   124  }
   125  
   126  func (c *markerConn) Write(b []byte) (n int, err error) {
   127  	atomic.StoreUint32(&c.used, 1)
   128  	if atomic.LoadUint32(&c.closed) != 0 {
   129  		return 0, net.ErrClosed
   130  	} else {
   131  		return 0, io.ErrClosedPipe
   132  	}
   133  }
   134  
   135  func (*markerConn) LocalAddr() net.Addr  { return nil }
   136  func (*markerConn) RemoteAddr() net.Addr { return nil }
   137  
   138  func (*markerConn) SetDeadline(t time.Time) error      { return nil }
   139  func (*markerConn) SetReadDeadline(t time.Time) error  { return nil }
   140  func (*markerConn) SetWriteDeadline(t time.Time) error { return nil }
   141  

View as plain text