You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
248 lines
7.7 KiB
248 lines
7.7 KiB
var SSH2Stream = require('../lib/ssh');
|
|
var parseKey = require('../lib/utils').parseKey;
|
|
|
|
var assert = require('assert');
|
|
var fs = require('fs');
|
|
|
|
var t = -1;
|
|
var SERVER_PRV_KEY = fs.readFileSync(__dirname + '/fixtures/openssh_new_rsa');
|
|
var PARSED_SERVER_KEY = parseKey(SERVER_PRV_KEY);
|
|
var CLIENT_PRV_KEY = fs.readFileSync(__dirname + '/fixtures/openssh_old_rsa');
|
|
var PARSED_CLIENT_KEY = parseKey(CLIENT_PRV_KEY);
|
|
|
|
function makePair(cb) {
|
|
var server = new SSH2Stream({
|
|
server: true,
|
|
hostKeys: {
|
|
'ssh-rsa': PARSED_SERVER_KEY
|
|
},
|
|
algorithms: {
|
|
serverHostKey: ['ssh-rsa']
|
|
}
|
|
});
|
|
var client = new SSH2Stream();
|
|
|
|
var done = [];
|
|
function tryDone(who) {
|
|
done.push(who);
|
|
if (done.length !== 2)
|
|
return;
|
|
cb(server, client);
|
|
}
|
|
|
|
server.on('NEWKEYS', function () { tryDone('server'); });
|
|
client.on('NEWKEYS', function () { tryDone('client'); });
|
|
server.pipe(client).pipe(server);
|
|
}
|
|
|
|
function signWithClientKey(blob, syncCb) {
|
|
syncCb(PARSED_CLIENT_KEY.sign(blob));
|
|
}
|
|
|
|
function bufferEqual(a, b) {
|
|
if (a.length !== b.length)
|
|
return false;
|
|
for (var i = 0; i < a.length; ++i) {
|
|
if (a[i] !== b[i])
|
|
return false;
|
|
}
|
|
return true;
|
|
}
|
|
|
|
function publickey(server, client) {
|
|
server.on('USERAUTH_REQUEST', function(user, service, method, data) {
|
|
assert.equal(user, 'bob');
|
|
assert.equal(service, 'ssh-connection');
|
|
assert.equal(method, 'publickey');
|
|
assert.equal(data.keyAlgo, PARSED_CLIENT_KEY.type);
|
|
assert.equal(true, bufferEqual(data.key, PARSED_CLIENT_KEY.getPublicSSH()));
|
|
assert.equal(data.signature, undefined);
|
|
assert.equal(data.blob, undefined);
|
|
return server.authPKOK(data.keyAlgo, data.key);
|
|
});
|
|
client.on('USERAUTH_PK_OK', function() {
|
|
next();
|
|
}).authPK('bob', PARSED_CLIENT_KEY);
|
|
}
|
|
|
|
function keyboardInteractive(server, client) {
|
|
var infoReqsRxed = 0;
|
|
|
|
server.on('USERAUTH_REQUEST', function(user, service, method, data) {
|
|
assert.equal(user, 'bob');
|
|
assert.equal(service, 'ssh-connection');
|
|
assert.equal(method, 'keyboard-interactive');
|
|
assert.equal(data, '');
|
|
process.nextTick(function() {
|
|
server.authInfoReq('req 0', 'instructions', [
|
|
{ prompt: 'Say something to req 0', echo: true }
|
|
]);
|
|
});
|
|
}).on('USERAUTH_INFO_RESPONSE', function(responses) {
|
|
if (infoReqsRxed === 1) {
|
|
assert.equal(responses.length, 1);
|
|
assert.equal(responses[0], 'hello to req 0');
|
|
process.nextTick(function() {
|
|
server.authInfoReq('req 1', 'new instructions', [
|
|
{ prompt: 'Say something to req 1', echo: true },
|
|
{ prompt: 'Say something else', echo: false }
|
|
]);
|
|
});
|
|
} else if (infoReqsRxed === 2) {
|
|
assert.equal(responses.length, 2);
|
|
assert.equal(responses[0], 'hello to req 1');
|
|
assert.equal(responses[1], 'something else');
|
|
next();
|
|
} else {
|
|
throw new Error('Received too many info reqs: ' + infoReqsRxed);
|
|
}
|
|
});
|
|
|
|
client.on('USERAUTH_INFO_REQUEST', function (name, inst, lang, prompts) {
|
|
infoReqsRxed++;
|
|
if (infoReqsRxed === 1) {
|
|
assert.equal(name, 'req 0');
|
|
assert.equal(inst, 'instructions');
|
|
assert.equal(lang, '');
|
|
assert.deepEqual(prompts, [
|
|
{ prompt: 'Say something to req 0', echo: true }
|
|
]);
|
|
process.nextTick(function() {
|
|
client.authInfoRes([ 'hello to req 0' ]);
|
|
});
|
|
} else if (infoReqsRxed === 2) {
|
|
assert.equal(name, 'req 1');
|
|
assert.equal(inst, 'new instructions');
|
|
assert.equal(lang, '');
|
|
assert.deepEqual(prompts, [
|
|
{ prompt: 'Say something to req 1', echo: true },
|
|
{ prompt: 'Say something else', echo: false }
|
|
]);
|
|
process.nextTick(function() {
|
|
client.authInfoRes([ 'hello to req 1', 'something else' ]);
|
|
});
|
|
} else {
|
|
throw new Error('Received too many info reqs: ' + infoReqsRxed);
|
|
}
|
|
}).authKeyboard('bob');
|
|
}
|
|
|
|
function mixedMethods(server, client) {
|
|
var expectedStages = [
|
|
'SERVER_SEES_PK_CHECK',
|
|
'SERVER_SEES_PK_REQUEST',
|
|
'SERVER_SEES_PASSWORD',
|
|
'SERVER_SEES_KEYBOARD_INTERACTIVE',
|
|
'CLIENT_SEES_PK_OK',
|
|
'CLIENT_SEES_USERAUTH_FAILURE_PK',
|
|
'CLIENT_SEES_USERAUTH_FAILURE_PASSWORD',
|
|
'CLIENT_SEES_KEYBOARD_REQ',
|
|
'SERVER_SEES_KEYBOARD_RES',
|
|
'CLIENT_SEES_USERAUTH_SUCCESS',
|
|
];
|
|
|
|
server.on('USERAUTH_REQUEST', function(name, service, method, data) {
|
|
assert.equal(name, 'bob');
|
|
assert.equal(service, 'ssh-connection');
|
|
var expectedStage = expectedStages.shift();
|
|
switch (expectedStage) {
|
|
case 'SERVER_SEES_PK_CHECK':
|
|
assert.equal(method, 'publickey');
|
|
assert.equal(data.signature, undefined);
|
|
return process.nextTick(function() {
|
|
server.authPKOK(data.keyAlgo, data.key);
|
|
});
|
|
case 'SERVER_SEES_PK_REQUEST':
|
|
assert.equal(method, 'publickey');
|
|
assert.notEqual(data.signature, undefined);
|
|
return process.nextTick(function() {
|
|
server.authFailure(
|
|
['publickey', 'password', 'keyboard-interactive'],
|
|
false
|
|
);
|
|
});
|
|
case 'SERVER_SEES_PASSWORD':
|
|
assert.equal(method, 'password');
|
|
assert.equal(data, 'seekrit');
|
|
return process.nextTick(function() {
|
|
server.authFailure(
|
|
['publickey', 'password', 'keyboard-interactive'],
|
|
false
|
|
);
|
|
});
|
|
case 'SERVER_SEES_KEYBOARD_INTERACTIVE':
|
|
assert.equal(method, 'keyboard-interactive');
|
|
assert.equal(data, '');
|
|
return process.nextTick(function() {
|
|
server.authInfoReq('Password required', 'Password prompt', [
|
|
{ prompt: 'Password:', echo: false }
|
|
]);
|
|
});
|
|
default:
|
|
throw new Error('Server saw USERAUTH_REQUEST ' + method +
|
|
' but expected ' + expectedStage);
|
|
}
|
|
}).on('USERAUTH_INFO_RESPONSE', function(responses) {
|
|
assert.equal(expectedStages.shift(), 'SERVER_SEES_KEYBOARD_RES');
|
|
assert.deepEqual(responses, [ 'seekrit' ]);
|
|
process.nextTick(function() {
|
|
server.authSuccess();
|
|
});
|
|
});
|
|
|
|
|
|
client.on('USERAUTH_PK_OK', function() {
|
|
assert.equal(expectedStages.shift(), 'CLIENT_SEES_PK_OK');
|
|
}).on('USERAUTH_FAILURE', function() {
|
|
var expectedStage = expectedStages.shift();
|
|
if (expectedStage !== 'CLIENT_SEES_USERAUTH_FAILURE_PK' &&
|
|
expectedStage !== 'CLIENT_SEES_USERAUTH_FAILURE_PASSWORD') {
|
|
throw new Error('Client saw USERAUTH_FAILURE but expected ' +
|
|
expectedStage);
|
|
}
|
|
}).on('USERAUTH_INFO_REQUEST', function(name, inst, lang, prompts) {
|
|
assert.equal(expectedStages.shift(), 'CLIENT_SEES_KEYBOARD_REQ');
|
|
assert.equal(name, 'Password required');
|
|
assert.equal(inst, 'Password prompt');
|
|
assert.equal(lang, '');
|
|
assert.deepEqual(prompts, [ { prompt: 'Password:', echo: false } ]);
|
|
process.nextTick(function() {
|
|
client.authInfoRes([ 'seekrit' ]);
|
|
});
|
|
}).on('USERAUTH_SUCCESS', function() {
|
|
assert.equal(expectedStages.shift(), 'CLIENT_SEES_USERAUTH_SUCCESS');
|
|
assert.equal(expectedStages.shift(), undefined);
|
|
next();
|
|
});
|
|
|
|
// Silly to submit all these auths at once, but allowed by RFC4252
|
|
client.authPK('bob', PARSED_CLIENT_KEY);
|
|
client.authPK('bob', PARSED_CLIENT_KEY, signWithClientKey);
|
|
client.authPassword('bob', 'seekrit');
|
|
client.authKeyboard('bob');
|
|
}
|
|
|
|
var tests = [
|
|
publickey,
|
|
keyboardInteractive,
|
|
// password // ssh2-streams can't generate a password change request
|
|
mixedMethods
|
|
];
|
|
|
|
|
|
function next() {
|
|
if (Array.isArray(process._events.exit))
|
|
process._events.exit = process._events.exit[1];
|
|
if (++t === tests.length)
|
|
return;
|
|
|
|
var v = tests[t];
|
|
makePair(v);
|
|
}
|
|
|
|
process.once('exit', function() {
|
|
assert(t === tests.length,
|
|
'Only finished ' + t + '/' + tests.length + ' tests');
|
|
});
|
|
|
|
next();
|
|
|