aboutsummaryrefslogtreecommitdiff
path: root/ssh/client_auth_test.go
diff options
context:
space:
mode:
authorAdam Langley <agl@golang.org>2014-05-12 11:19:56 -0700
committerAdam Langley <agl@golang.org>2014-05-12 11:19:56 -0700
commit2dfe547928fdf792f2d4b626eeab4490419ca5f4 (patch)
treee24ebd7be9a7c5a98f7ae8f8720f97001c2d5c82 /ssh/client_auth_test.go
parent6f0540ef5e740839c84c8a89ac9cd1c72a3bdacd (diff)
downloadgo-x-crypto-2dfe547928fdf792f2d4b626eeab4490419ca5f4.tar.xz
go.crypto/ssh: use permissions from public key cache when accepting a key.
Fixes golang/go#7913. LGTM=hanwen R=hanwen CC=golang-codereviews https://golang.org/cl/96220043
Diffstat (limited to 'ssh/client_auth_test.go')
-rw-r--r--ssh/client_auth_test.go48
1 files changed, 48 insertions, 0 deletions
diff --git a/ssh/client_auth_test.go b/ssh/client_auth_test.go
index e6b979f..c92b587 100644
--- a/ssh/client_auth_test.go
+++ b/ssh/client_auth_test.go
@@ -343,3 +343,51 @@ func TestClientLoginCert(t *testing.T) {
t.Errorf("cert login with source-address succeeded")
}
}
+
+func testPermissionsPassing(withPermissions bool, t *testing.T) {
+ serverConfig := &ServerConfig{
+ PublicKeyCallback: func(conn ConnMetadata, key PublicKey) (*Permissions, error) {
+ if conn.User() == "nopermissions" {
+ return nil, nil
+ } else {
+ return &Permissions{}, nil
+ }
+ },
+ }
+ serverConfig.AddHostKey(testSigners["rsa"])
+
+ clientConfig := &ClientConfig{
+ Auth: []AuthMethod{
+ PublicKeys(testSigners["rsa"]),
+ },
+ }
+ if withPermissions {
+ clientConfig.User = "permissions"
+ } else {
+ clientConfig.User = "nopermissions"
+ }
+
+ c1, c2, err := netPipe()
+ if err != nil {
+ t.Fatalf("netPipe: %v", err)
+ }
+ defer c1.Close()
+ defer c2.Close()
+
+ go NewClientConn(c2, "", clientConfig)
+ serverConn, err := newServer(c1, serverConfig)
+ if err != nil {
+ t.Fatal(err)
+ }
+ if p := serverConn.Permissions; (p != nil) != withPermissions {
+ t.Fatalf("withPermissions is %t, but Permissions object is %#v", withPermissions, p)
+ }
+}
+
+func TestPermissionsPassing(t *testing.T) {
+ testPermissionsPassing(true, t)
+}
+
+func TestNoPermissionsPassing(t *testing.T) {
+ testPermissionsPassing(false, t)
+}
generated by cgit v1.3 (git 2.53.0) at 2026-04-15 06:26:00 +0000