diff options
author | Tatiana Kholkina <holkina@selectel.ru> | 2018-02-01 18:08:15 +0300 |
---|---|---|
committer | Tatiana Kholkina <holkina@selectel.ru> | 2018-02-02 10:12:27 +0300 |
commit | 45289a00bf8c043c5783c527c4ea720e67e0524b (patch) | |
tree | 3a9d5504012cfd6851089be1f9eeac29490c6758 /tests | |
parent | f7deaf15acf382d62554e2b1d70daa9a9109d542 (diff) | |
download | vyos-cloud-init-45289a00bf8c043c5783c527c4ea720e67e0524b.tar.gz vyos-cloud-init-45289a00bf8c043c5783c527c4ea720e67e0524b.zip |
Fix ssh keys validation in ssh_util
This fixes a bug where invalid keys would sneak into authorized_keys.
Diffstat (limited to 'tests')
-rw-r--r-- | tests/unittests/test_sshutil.py | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/tests/unittests/test_sshutil.py b/tests/unittests/test_sshutil.py index 2a8e6abe..4c62c8be 100644 --- a/tests/unittests/test_sshutil.py +++ b/tests/unittests/test_sshutil.py @@ -126,6 +126,48 @@ class TestAuthKeyLineParser(test_helpers.TestCase): self.assertFalse(key.valid()) +class TestUpdateAuthorizedKeys(test_helpers.TestCase): + + def test_new_keys_replace(self): + """new entries with the same base64 should replace old.""" + orig_entries = [ + ' '.join(('rsa', VALID_CONTENT['rsa'], 'orig_comment1')), + ' '.join(('dsa', VALID_CONTENT['dsa'], 'orig_comment2'))] + + new_entries = [ + ' '.join(('rsa', VALID_CONTENT['rsa'], 'new_comment1')), ] + + expected = '\n'.join([new_entries[0], orig_entries[1]]) + '\n' + + parser = ssh_util.AuthKeyLineParser() + found = ssh_util.update_authorized_keys( + [parser.parse(p) for p in orig_entries], + [parser.parse(p) for p in new_entries]) + + self.assertEqual(expected, found) + + def test_new_invalid_keys_are_ignored(self): + """new entries that are invalid should be skipped.""" + orig_entries = [ + ' '.join(('rsa', VALID_CONTENT['rsa'], 'orig_comment1')), + ' '.join(('dsa', VALID_CONTENT['dsa'], 'orig_comment2'))] + + new_entries = [ + ' '.join(('rsa', VALID_CONTENT['rsa'], 'new_comment1')), + 'xxx-invalid-thing1', + 'xxx-invalid-blob2' + ] + + expected = '\n'.join([new_entries[0], orig_entries[1]]) + '\n' + + parser = ssh_util.AuthKeyLineParser() + found = ssh_util.update_authorized_keys( + [parser.parse(p) for p in orig_entries], + [parser.parse(p) for p in new_entries]) + + self.assertEqual(expected, found) + + class TestParseSSHConfig(test_helpers.TestCase): def setUp(self): |