func (suite *ServerSuite) TestInvalidQueryParams() {
channel := "/echo?%"
r := router.New(log.NullLog, nil, nil)
r.Register("/echo", &EchoHandler{log.New("echo")})
r.Register("/bad", &BadHandler{})
acceptErr := errors.New("accept error")
ch := &sshmocks.MockNewChannel{
TypeName: channel,
AcceptErr: acceptErr,
}
ch.On("ChannelType").Return(channel)
ch.On("Reject", InvalidQueryParams, "invalid query params in channel type").Return(errors.New("unknown reason 1002"))
conn := &sshmocks.MockConn{}
conn.On("Close").Return(nil)
serverConn := ssh.ServerConn{
Conn: conn,
}
// Create dispatcher
dispatcher := &UrlDispatcher{Logger: log.NullLog, Router: r}
dispatcher.Dispatch(context.Background(), &serverConn, ch)
// assert that the expectations were met
ch.AssertCalled(suite.T(), "ChannelType")
ch.AssertCalled(suite.T(), "Reject", InvalidQueryParams, "invalid query params in channel type")
conn.AssertCalled(suite.T(), "Close")
}
func (suite *ServerSuite) TestWildcard() {
writer := log.NewConcurrentWriter(os.Stdout)
logger := log.NewLogger(writer, "sshh_test")
r := router.New(logger, nil, nil)
r.Register("/echo", &EchoHandler{log.New("echo")})
r.Register("/bad", &BadHandler{})
acceptErr := errors.New("accept error")
ch := &sshmocks.MockNewChannel{
TypeName: "*",
AcceptErr: acceptErr,
}
ch.On("ChannelType").Return("*")
ch.On("Reject", ssh.UnknownChannelType, "*").Return(errors.New("unknown reason 1000"))
conn := &sshmocks.MockConn{}
conn.On("Close").Return(nil)
serverConn := ssh.ServerConn{
Conn: conn,
}
// Create dispatcher
dispatcher := &UrlDispatcher{Logger: log.NullLog, Router: r}
dispatcher.Dispatch(context.Background(), &serverConn, ch)
// assert that the expectations were met
ch.AssertCalled(suite.T(), "ChannelType")
ch.AssertCalled(suite.T(), "Reject", ssh.UnknownChannelType, "*")
conn.AssertCalled(suite.T(), "Close")
}
func (suite *ServerSuite) TestSchemeNotSupported() {
r := router.New(log.NullLog, nil, nil)
r.Register("/echo", &EchoHandler{log.New("echo")})
r.Register("/bad", &BadHandler{})
acceptErr := errors.New("accept error")
ch := &sshmocks.MockNewChannel{
TypeName: "https://[email protected]/api/route",
AcceptErr: acceptErr,
}
ch.On("ChannelType").Return("https://[email protected]/api/route")
ch.On("Reject", SchemeNotSupported, "schemes are not supported in the channel URI").Return(errors.New("unknown reason 1002"))
conn := &sshmocks.MockConn{}
conn.On("Close").Return(nil)
serverConn := ssh.ServerConn{
Conn: conn,
}
// Create dispatcher
dispatcher := &UrlDispatcher{Logger: log.NullLog, Router: r}
dispatcher.Dispatch(context.Background(), &serverConn, ch)
// assert that the expectations were met
ch.AssertCalled(suite.T(), "ChannelType")
ch.AssertCalled(suite.T(), "Reject", SchemeNotSupported, "schemes are not supported in the channel URI")
conn.AssertCalled(suite.T(), "Close")
}
func (suite *ServerSuite) TestInvalidChannelType() {
// g := grim.Reaper()
r := router.New(log.NullLog, nil, nil)
r.Register("/echo", &EchoHandler{log.New("echo")})
r.Register("/bad", &BadHandler{})
acceptErr := errors.New("accept error")
ch := &sshmocks.MockNewChannel{
TypeName: ":/route",
AcceptErr: acceptErr,
}
ch.On("ChannelType").Return(":/route")
ch.On("Reject", InvalidChannelType, "invalid channel URI").Return(errors.New("unknown reason 1001"))
conn := &sshmocks.MockConn{}
conn.On("Close").Return(nil)
serverConn := ssh.ServerConn{
Conn: conn,
}
// Create dispatcher
dispatcher := &UrlDispatcher{Logger: log.NullLog, Router: r}
dispatcher.Dispatch(context.Background(), &serverConn, ch)
// g.SpawnFunc(channelHandler(g, log.NullLog, &serverConn, ch, r))
// g.Wait()
// assert that the expectations were met
ch.AssertCalled(suite.T(), "ChannelType")
ch.AssertCalled(suite.T(), "Reject", InvalidChannelType, "invalid channel URI")
conn.AssertCalled(suite.T(), "Close")
}
func (suite *ServerSuite) createConfig() Config {
// Create logger
writer := log.NewConcurrentWriter(os.Stdout)
// writer := log.NewConcurrentWriter(ioutil.Discard)
logger := log.NewLogger(writer, "sshh")
// logger := log.DefaultLog
// Get signer
signer, err := ssh.ParsePrivateKey([]byte(serverKey))
if err != nil {
suite.Fail("Private key could not be parsed", err.Error())
}
// Create config
cfg := Config{
Deadline: time.Second,
Handlers: map[string]SSHHandler{
"echo": &EchoHandler{log.New("echo")},
"bad": &BadHandler{},
},
Logger: logger,
Bind: ":9022",
PrivateKey: signer,
PasswordCallback: passwordCallback,
PublicKeyCallback: publicKeyCallback,
}
return cfg
}
func TestConfig(t *testing.T) {
var authLogCalled bool
var authLogCallback = func(conn ssh.ConnMetadata, method string, err error) {
authLogCalled = true
}
// Create logger
writer := log.NewConcurrentWriter(ioutil.Discard)
logger := log.NewLogger(writer, "sshh")
// Get signer
signer, err := ssh.ParsePrivateKey([]byte(serverKey))
if err != nil {
t.Fatalf("Private key could not be parsed", err.Error())
}
r := router.New(logger, nil, nil)
r.Register("/echo", &EchoHandler{log.New("echo")})
cfg := Config{
Deadline: time.Second,
Dispatcher: &UrlDispatcher{
Router: r,
Logger: logger,
},
// Handlers: map[string]SSHHandler{
// "echo": &EchoHandler{log.New("echo")},
// },
Logger: logger,
Bind: ":9022",
PrivateKey: signer,
AuthLogCallback: authLogCallback,
PasswordCallback: passwordCallback,
PublicKeyCallback: publicKeyCallback,
}
// Assertions
assert.Equal(t, time.Second, cfg.Deadline, "Deadline should be 1s")
assert.Equal(t, ":9022", cfg.Bind, "Bind should be :9022")
// Create SSH config
c := cfg.SSHConfig()
assert.NotNil(t, c, "SSH config should not be nil")
assert.Equal(t, passwordCallback, c.PasswordCallback, "PasswordCallback should use the one we passed in")
assert.Equal(t, publicKeyCallback, c.PublicKeyCallback, "PublicKeyCallback should use the one we passed in")
assert.Equal(t, authLogCallback, c.AuthLogCallback, "AuthLogCallback should use the one we passed in")
// // Test Handlers
// h, ok := cfg.Handler("echo")
// assert.True(t, ok, "Echo handler should be registered")
// assert.NotNil(t, h, "Echo handler should not be nil")
// h, ok = cfg.Handler("shell")
// assert.False(t, ok, "Shell handler should not be registered")
// assert.Nil(t, h, "Shell handler should be nil")
}
// NewExpirationManager creates a new ExpirationManager that is backed
// using a given view, and uses the provided router for revocation.
func NewExpirationManager(router *Router, view *BarrierView, ts *TokenStore, logger log.Logger) *ExpirationManager {
if logger == nil {
logger = log.New("expiration_manager")
}
exp := &ExpirationManager{
router: router,
idView: view.SubView(leaseViewPrefix),
tokenView: view.SubView(tokenViewPrefix),
tokenStore: ts,
logger: logger,
pending: make(map[string]*time.Timer),
}
return exp
}
func (suite *ServerSuite) createConfig() Config {
// Create logger
writer := log.NewConcurrentWriter(os.Stdout)
// writer := log.NewConcurrentWriter(ioutil.Discard)
logger := log.NewLogger(writer, "sshh")
// logger := log.DefaultLog
// Get signer
signer, err := ssh.ParsePrivateKey([]byte(serverKey))
if err != nil {
suite.Fail("Private key could not be parsed", err.Error())
}
r := router.New(logger, nil, nil)
r.Register("/echo", &EchoHandler{log.New("echo")})
r.Register("/bad", &BadHandler{})
// Create config
cfg := Config{
Context: context.Background(),
Deadline: time.Second,
Dispatcher: &UrlDispatcher{
Router: r,
Logger: logger,
},
// Handlers: map[string]SSHHandler{
// "echo": &EchoHandler{log.New("echo")},
// "bad": &BadHandler{},
// },
Logger: logger,
Bind: ":9022",
PrivateKey: signer,
PasswordCallback: passwordCallback,
PublicKeyCallback: publicKeyCallback,
}
return cfg
}
// NewVaultLogger creates a new logger with the specified level and a Vault
// formatter
func NewVaultLogger(level int) log.Logger {
logger := log.New("vault")
return setLevelFormatter(logger, level, createVaultFormatter())
}
