Test the GSSAPI plumbing within the sshserver
(t *testing.T)
| 160 | |
| 161 | // Test the GSSAPI plumbing within the sshserver |
| 162 | func TestAuthGSSAPI(t *testing.T) { |
| 163 | user2 := sshserver.NewTestUser("foo") |
| 164 | logger := log.NewTestLogger(t) |
| 165 | |
| 166 | sshconf := config.SSHConfig{} |
| 167 | structutils.Defaults(&sshconf) |
| 168 | |
| 169 | srv := sshserver.NewTestServer( |
| 170 | t, |
| 171 | sshserver.NewTestAuthenticationHandler( |
| 172 | sshserver.NewTestHandler(), |
| 173 | user2, |
| 174 | ), |
| 175 | logger, |
| 176 | nil, |
| 177 | ) |
| 178 | srv.Start() |
| 179 | |
| 180 | gssClient := gssApiClient{ |
| 181 | username: "foo", |
| 182 | } |
| 183 | sshConfig := &ssh.ClientConfig{ |
| 184 | User: "foo", |
| 185 | Auth: []ssh.AuthMethod{ssh.GSSAPIWithMICAuthMethod(&gssClient, "testing.containerssh.io")}, |
| 186 | } |
| 187 | sshConfig.HostKeyCallback = func(hostname string, remote net.Addr, key ssh.PublicKey) error { |
| 188 | marshaledKey := key.Marshal() |
| 189 | private, err := ssh.ParsePrivateKey([]byte(srv.GetHostKey())) |
| 190 | if err != nil { |
| 191 | panic(err) |
| 192 | } |
| 193 | if bytes.Equal(marshaledKey, private.PublicKey().Marshal()) { |
| 194 | return nil |
| 195 | } |
| 196 | return fmt.Errorf("invalid host") |
| 197 | } |
| 198 | |
| 199 | sshConnection, err := ssh.Dial("tcp", srv.GetListen(), sshConfig) |
| 200 | if err != nil { |
| 201 | if !strings.Contains(err.Error(), "unable to authenticate") { |
| 202 | assert.Fail(t, "handshake failed for non-auth reasons", err) |
| 203 | } |
| 204 | } else { |
| 205 | _ = sshConnection.Close() |
| 206 | assert.Fail(t, "authentication succeeded", err) |
| 207 | } |
| 208 | |
| 209 | defer srv.Stop(10 * time.Second) |
| 210 | } |
| 211 | |
| 212 | func TestSessionSuccess(t *testing.T) { |
| 213 | //t.Parallel()() |
nothing calls this directly
no test coverage detected