Initial import

2025-10-10 10:05:13 +02:00
parent 3effc1597b
commit b96b6e7f8f
164 changed files with 5473 additions and 0 deletions
--- a/auth/file_test.go
+++ b/auth/file_test.go
@@ -0,0 +1,134 @@
+package auth
+
+import (
+	"net"
+	"path/filepath"
+	"testing"
+
+	"golang.org/x/crypto/ssh"
+)
+
+var testAddr = &net.TCPAddr{
+	IP:   net.ParseIP("127.1.2.3"),
+	Port: 22,
+}
+
+type testConnMetadata struct {
+	user          string
+	sessionID     []byte
+	clientVersion string
+	serverVersion string
+	laddr, raddr  net.Addr
+}
+
+func (t testConnMetadata) User() string          { return t.user }
+func (t testConnMetadata) SessionID() []byte     { return t.sessionID }
+func (t testConnMetadata) ClientVersion() []byte { return []byte(t.clientVersion) }
+func (t testConnMetadata) ServerVersion() []byte { return []byte(t.serverVersion) }
+func (t testConnMetadata) RemoteAddr() net.Addr  { return t.raddr }
+func (t testConnMetadata) LocalAddr() net.Addr   { return t.laddr }
+
+var _ ssh.ConnMetadata = (*testConnMetadata)(nil)
+
+func TestPasswordFile(t *testing.T) {
+	a, err := PasswordFile(filepath.Join("testdata", "passwd"))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	tests := []struct {
+		Username string
+		Password string
+	}{
+		{"example", "example"},
+		{"bcrypt", "example"},
+	}
+	for _, test := range tests {
+		t.Run(test.Username, func(it *testing.T) {
+			p, err := a.VerifyPassword(testConnMetadata{user: test.Username}, test.Password)
+			if err != nil {
+				it.Error(err)
+			} else {
+				it.Logf("%s: %s (%T)", p.Type(), p.Identity(), p)
+			}
+		})
+	}
+}
+
+func TestPublicKeyFile(t *testing.T) {
+	a, err := PublicKeyFile(filepath.Join("testdata", "pubkey"))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	tests := []struct {
+		Name      string
+		Username  string
+		PublicKey string
+	}{
+		{"single/ed25519", "test_a", "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFo1lt6lEk+1VUrMbhlaVpkI0p1TFUGujHaKKn7+VoGb"},
+		{"dual/ed25519", "test_b", "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICA9dQjNeX3eBvkOXJN+nJm1C2W9UtRiLbK9O87Mjkir"},
+		{"dual/rsa", "test_b", "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFq82Pfsg7KjTU5LN4jikxITDQhCWB3TFxQdXTgYtKt40+gv88hZkemM1MYTzR30bUX/zcRsioUSwr3u7/2La7ti+BoilsHjrEx4w+nxNGCCe8D3M6K5Xi8MPL2AqbXFqkPSEpX+psrs+qILfNhs1lWAsN7GLP0cTIxPynFNECwJnUlleN0hsn8N8bQCoUInZQGmHwIHq62H+3IPbv7Vko3J0Zrqqo4OqfeV5BA0By7ZP+2Jd9ZsLJ2efaiALcs6oTk0v95wVQ36wp605x9ePYg6zHzIZDfpA400RqeuiZF5jpiG7q3eb0+CysfMbU0BpfeHmCq15PFYqre8HKAJZ3"},
+	}
+	for _, test := range tests {
+		t.Run(test.Username, func(it *testing.T) {
+			k, _, _, _, err := ssh.ParseAuthorizedKey([]byte(test.PublicKey))
+			if err != nil {
+				it.Fatal(err)
+			}
+
+			p, err := a.VerifyPublicKey(testConnMetadata{
+				user:  test.Username,
+				laddr: testAddr,
+				raddr: testAddr,
+			}, k)
+			if err != nil {
+				it.Error(err)
+			} else {
+				it.Logf("%s: %s (%T)", p.Type(), p.Identity(), p)
+			}
+		})
+	}
+}
+
+func BenchmarkPasswordFileHits(b *testing.B) {
+	a, err := PasswordFile(filepath.Join("testdata", "passwd"))
+	if err != nil {
+		b.Fatal(err)
+	}
+
+	c := testConnMetadata{user: "example"}
+
+	b.ResetTimer()
+	for b.Loop() {
+		a.VerifyPassword(c, "example")
+	}
+}
+
+func BenchmarkPasswordFileMissPassword(b *testing.B) {
+	a, err := PasswordFile(filepath.Join("testdata", "passwd"))
+	if err != nil {
+		b.Fatal(err)
+	}
+
+	c := testConnMetadata{user: "example"}
+
+	b.ResetTimer()
+	for b.Loop() {
+		a.VerifyPassword(c, "invalid")
+	}
+}
+
+func BenchmarkPasswordFileMissPrincipal(b *testing.B) {
+	a, err := PasswordFile(filepath.Join("testdata", "passwd"))
+	if err != nil {
+		b.Fatal(err)
+	}
+
+	c := testConnMetadata{user: "invalid"}
+
+	b.ResetTimer()
+	for b.Loop() {
+		a.VerifyPassword(c, "example")
+	}
+}