Mercurial > dropbear
comparison test/test_svrauth.py @ 1885:5d8dbb6fdab7
Fix SSH_PUBKEYINFO, limit characters, add tests
We fix a bad_bufptr() failure from a previous commit. We now limit
the allowed characters to those that will definitely be safe
in a shell. Some scripts/programs may use arbitrary environment
variables without escaping correctly - that could be a problem
in a restricted environment.
The current allowed set is a-z A-Z 0-9 .,_-+@
This also adds a test for SSH_PUBKEYINFO, by default it only runs
under github actions (or "act -j build").
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Wed, 16 Mar 2022 17:17:23 +0800 |
| parents | |
| children | 30fd047f6ebf |
comparison
equal
deleted
inserted
replaced
| 1884:75d6a9faf919 | 1885:5d8dbb6fdab7 |
|---|---|
| 1 from test_dropbear import * | |
| 2 import signal | |
| 3 import queue | |
| 4 import socket | |
| 5 import os | |
| 6 from pathlib import Path | |
| 7 | |
| 8 # Tests for server side authentication | |
| 9 | |
| 10 # Requires keyfile and authorized_keys set up in github action build.yml | |
| 11 @pytest.mark.skipif('DBTEST_IN_ACTION' not in os.environ, reason="DBTEST_PUBKEYINFO not set") | |
| 12 def test_pubkeyinfo(request, dropbear): | |
| 13 kf = str(Path.home() / ".ssh/id_dropbear_key2") | |
| 14 r = dbclient(request, "-i", kf, "echo -n $SSH_PUBKEYINFO", capture_output=True) | |
| 15 # stop at first space | |
| 16 assert r.stdout.decode() == "key2" | |
| 17 | |
| 18 @pytest.mark.skipif('DBTEST_IN_ACTION' not in os.environ, reason="DBTEST_PUBKEYINFO not set") | |
| 19 def test_pubkeyinfo_special(request, dropbear): | |
| 20 kf = str(Path.home() / ".ssh/id_dropbear_key3") | |
| 21 r = dbclient(request, "-i", kf, "echo -n $SSH_PUBKEYINFO", capture_output=True) | |
| 22 # comment contains special characters so the SSH_PUBKEYINFO should not be set | |
| 23 assert r.stdout.decode() == "" | |
| 24 | |
| 25 @pytest.mark.skipif('DBTEST_IN_ACTION' not in os.environ, reason="DBTEST_PUBKEYINFO not set") | |
| 26 def test_pubkeyinfo_okchar(request, dropbear): | |
| 27 kf = str(Path.home() / ".ssh/id_dropbear_key4") | |
| 28 r = dbclient(request, "-i", kf, "echo -n $SSH_PUBKEYINFO", capture_output=True) | |
| 29 # comment contains special characters so the SSH_PUBKEYINFO should not be set | |
| 30 assert r.stdout.decode() == "key4,char" |