(t *testing.T)
| 786 | } |
| 787 | |
| 788 | func TestSSHAuthFlow(t *testing.T) { |
| 789 | if runtime.GOOS != "linux" && runtime.GOOS != "darwin" { |
| 790 | t.Skipf("skipping on %q; only runs on linux and darwin", runtime.GOOS) |
| 791 | } |
| 792 | varRoot := t.TempDir() |
| 793 | acceptRule := newSSHRule(&tailcfg.SSHAction{ |
| 794 | Accept: true, |
| 795 | Message: "Welcome to Tailscale SSH!", |
| 796 | }) |
| 797 | bobRule := newSSHRule(&tailcfg.SSHAction{ |
| 798 | Accept: true, |
| 799 | Message: "Welcome to Tailscale SSH!", |
| 800 | }) |
| 801 | bobRule.SSHUsers = map[string]string{"bob": "bob"} |
| 802 | rejectRule := newSSHRule(&tailcfg.SSHAction{ |
| 803 | Reject: true, |
| 804 | Message: "Go Away!", |
| 805 | }) |
| 806 | |
| 807 | tests := []struct { |
| 808 | name string |
| 809 | sshUser string // defaults to alice |
| 810 | state *localState |
| 811 | wantBanners []string |
| 812 | usesPassword bool |
| 813 | authErr bool |
| 814 | }{ |
| 815 | { |
| 816 | name: "no-policy", |
| 817 | state: &localState{ |
| 818 | sshEnabled: true, |
| 819 | varRoot: varRoot, |
| 820 | }, |
| 821 | authErr: true, |
| 822 | wantBanners: []string{"tailscale: tailnet policy does not permit you to SSH to this node\n"}, |
| 823 | }, |
| 824 | { |
| 825 | name: "user-mismatch", |
| 826 | state: &localState{ |
| 827 | sshEnabled: true, |
| 828 | varRoot: varRoot, |
| 829 | matchingRule: bobRule, |
| 830 | }, |
| 831 | authErr: true, |
| 832 | wantBanners: []string{`tailscale: tailnet policy does not permit you to SSH as user "alice"` + "\n"}, |
| 833 | }, |
| 834 | { |
| 835 | name: "accept", |
| 836 | state: &localState{ |
| 837 | sshEnabled: true, |
| 838 | varRoot: varRoot, |
| 839 | matchingRule: acceptRule, |
| 840 | }, |
| 841 | wantBanners: []string{"Welcome to Tailscale SSH!"}, |
| 842 | }, |
| 843 | { |
| 844 | name: "reject", |
| 845 | state: &localState{ |
nothing calls this directly
no test coverage detected
searching dependent graphs…