func testConnection(handler protocol.ConnectionHandlerFunc) protocol.MessageReadWriteCloser {
serverReader, clientWriter := io.Pipe()
clientReader, serverWriter := io.Pipe()
serverConnection := ReadWriter(serverReader, serverWriter)
go handler(protocol.NewMessageConnection(serverConnection))
clientConnection := ReadWriter(clientReader, clientWriter)
return protocol.NewMessageConnection(clientConnection)
}
/*
New returns a properly-initialized client for the calling
function.
*/
func NewClient(address string) (retClient protocol.MessageReadWriteCloser, err error) {
localSocket, err := net.Dial("unix", address)
if err != nil {
return
}
retClient = protocol.NewMessageConnection(localSocket)
return
}
/*
listen accepts incoming connections and hands them off to the
connection handler.
*/
func (us *server) listen() {
for {
conn, err := us.s.Accept()
if err != nil {
continue
}
smc := protocol.NewMessageConnection(conn)
go us.handler(smc)
}
}
func TestServerStateMachine(t *testing.T) {
// This silly thing is needed for equality testing for the LDAP dummy.
neededModifyRequest := ldap.NewModifyRequest("something")
neededModifyRequest.Add("sshPublicKey", []string{"test"})
Convey("Given a state machine setup with a null logger", t, func() {
authenticator := &DummyAuthenticator{&server.User{Username: "******"}}
ldap := &DummyLDAP{
username: "******",
password: "******",
sshKeys: []string{},
req: neededModifyRequest,
}
testServer := server.New(authenticator, &dummyCredentials{}, "default", g2s.Noop(), ldap, "cn", "dc=testdn,dc=com", false)
r, w := io.Pipe()
testConnection := protocol.NewMessageConnection(ReadWriter(r, w))
go testServer.HandleConnection(testConnection)
Convey("When a ping message comes in", func() {
testPing := &protocol.Message{Ping: &protocol.Ping{}}
testConnection.Write(testPing)
Convey("Then the server should respond with a pong response.", func() {
recvMsg, recvErr := testConnection.Read()
So(recvErr, ShouldBeNil)
So(recvMsg.GetPing(), ShouldNotBeNil)
})
})
Convey("After an AssumeRequest", func() {
role := "testrole"
msg := &protocol.Message{
ServerRequest: &protocol.ServerRequest{
AssumeRole: &protocol.AssumeRole{
Role: &role,
},
},
}
testConnection.Write(msg)
msg, err := testConnection.Read()
if err != nil {
t.Fatal(err)
}
Convey("it should challenge, then send credentials on success", func() {
challenge := msg.GetServerResponse().GetChallenge().GetChallenge()
So(len(challenge), ShouldEqual, 64)
format := "test"
sig := []byte("ssss")
challengeResponseMsg := &protocol.Message{
ServerRequest: &protocol.ServerRequest{
ChallengeResponse: &protocol.SSHChallengeResponse{
Format: &format,
Signature: sig,
},
},
}
testConnection.Write(challengeResponseMsg)
credsMsg, err := testConnection.Read()
if err != nil {
t.Fatal(err)
}
So(credsMsg, ShouldNotBeNil)
So(credsMsg.GetServerResponse(), ShouldNotBeNil)
So(credsMsg.GetServerResponse().GetCredentials(), ShouldNotBeNil)
creds := credsMsg.GetServerResponse().GetCredentials()
So(creds.GetAccessKeyId(), ShouldEqual, "access_key")
So(creds.GetSecretAccessKey(), ShouldEqual, "secret")
So(creds.GetAccessToken(), ShouldEqual, "token")
So(creds.GetExpiration(), ShouldBeGreaterThanOrEqualTo, time.Now().Unix())
})
Convey("it should then send failure message on failed key verification", func() {
authenticator.user = nil
challenge := msg.GetServerResponse().GetChallenge().GetChallenge()
So(len(challenge), ShouldEqual, 64)
format := "test"
sig := []byte("ssss")
challengeResponseMsg := &protocol.Message{
ServerRequest: &protocol.ServerRequest{
ChallengeResponse: &protocol.SSHChallengeResponse{
Format: &format,
Signature: sig,
},
},
}
testConnection.Write(challengeResponseMsg)
credsMsg, err := testConnection.Read()
if err != nil {
t.Fatal(err)
}
So(credsMsg, ShouldNotBeNil)
So(credsMsg.GetServerResponse(), ShouldNotBeNil)
So(credsMsg.GetServerResponse().GetVerificationFailure(), ShouldNotBeNil)
})
})
Convey("When a request to add an SSH key comes in", func() {
user := "******"
password := "******"
sshKey := "test"
testMessage := &protocol.Message{
ServerRequest: &protocol.ServerRequest{
AddSSHkey: &protocol.AddSSHKey{
Username: &user,
Passwordhash: &password,
Sshkeybytes: &sshKey,
},
},
}
testConnection.Write(testMessage)
Convey("If this request is valid", func() {
msg, err := testConnection.Read()
if err != nil {
t.Fatal(err)
}
if msg.GetSuccess() == nil {
t.Fail()
}
Convey("It should add the SSH key to the user.", func() {
So(ldap.sshKeys[0], ShouldEqual, sshKey)
Convey("If the user tries to add the same SSH key", func() {
testConnection.Write(testMessage)
Convey("It should not insert the same key twice.", func() {
So(len(ldap.sshKeys), ShouldEqual, 1)
})
})
})
})
})
})
}
