Commit bf8756d6 by Carlos Martín Nieto

ssh: add test for host key

Test that the certificate check callback gets the right fingerprint from
the host we're connecting to.
parent 41698f22
...@@ -33,6 +33,9 @@ ssh-keygen -t rsa -f ~/.ssh/id_rsa -N "" -q ...@@ -33,6 +33,9 @@ ssh-keygen -t rsa -f ~/.ssh/id_rsa -N "" -q
cat ~/.ssh/id_rsa.pub >>~/.ssh/authorized_keys cat ~/.ssh/id_rsa.pub >>~/.ssh/authorized_keys
ssh-keyscan -t rsa localhost >>~/.ssh/known_hosts ssh-keyscan -t rsa localhost >>~/.ssh/known_hosts
# Get the fingerprint for localhost and remove the colons so we can parse it as a hex number
export GITTEST_REMOTE_SSH_FINGERPRINT=$(ssh-keygen -F localhost -l | tail -n 1 | cut -d ' ' -f 2 | tr -d ':')
export GITTEST_REMOTE_URL="ssh://localhost/$HOME/_temp/test.git" export GITTEST_REMOTE_URL="ssh://localhost/$HOME/_temp/test.git"
export GITTEST_REMOTE_USER=$USER export GITTEST_REMOTE_USER=$USER
export GITTEST_REMOTE_SSH_KEY="$HOME/.ssh/id_rsa" export GITTEST_REMOTE_SSH_KEY="$HOME/.ssh/id_rsa"
...@@ -40,7 +43,7 @@ export GITTEST_REMOTE_SSH_PUBKEY="$HOME/.ssh/id_rsa.pub" ...@@ -40,7 +43,7 @@ export GITTEST_REMOTE_SSH_PUBKEY="$HOME/.ssh/id_rsa.pub"
export GITTEST_REMOTE_SSH_PASSPHRASE="" export GITTEST_REMOTE_SSH_PASSPHRASE=""
if [ -e ./libgit2_clar ]; then if [ -e ./libgit2_clar ]; then
./libgit2_clar -sonline::push -sonline::clone::cred_callback && ./libgit2_clar -sonline::push -sonline::clone::cred_callback -sonline::clone::ssh_cert &&
rm -rf $HOME/_temp/test.git && rm -rf $HOME/_temp/test.git &&
git init --bare $HOME/_temp/test.git && # create an empty one git init --bare $HOME/_temp/test.git && # create an empty one
./libgit2_clar -sonline::clone::ssh_with_paths ./libgit2_clar -sonline::clone::ssh_with_paths
......
...@@ -464,6 +464,38 @@ void test_online_clone__ssh_cannot_change_username(void) ...@@ -464,6 +464,38 @@ void test_online_clone__ssh_cannot_change_username(void)
cl_git_fail(git_clone(&g_repo, "ssh://git@github.com/libgit2/TestGitRepository", "./foo", &g_options)); cl_git_fail(git_clone(&g_repo, "ssh://git@github.com/libgit2/TestGitRepository", "./foo", &g_options));
} }
int ssh_certificate_check(git_cert_t type, void *data, size_t len, int valid, void *payload)
{
git_cert_hostkey *key;
git_oid expected = {{0}}, actual = {{0}};
const char *expected_str;
GIT_UNUSED(len);
GIT_UNUSED(valid);
GIT_UNUSED(payload);
expected_str = cl_getenv("GITTEST_REMOTE_SSH_FINGERPRINT");
if (!expected_str)
cl_skip();
cl_git_pass(git_oid_fromstr(&expected, expected_str));
cl_assert_equal_i(GIT_CERT_HOSTKEY_LIBSSH2, type);
key = (git_cert_hostkey *) data;
git_oid_fromraw(&actual, key->hash);
cl_assert(git_oid_equal(&expected, &actual));
return GIT_EUSER;
}
void test_online_clone__ssh_cert(void)
{
g_options.remote_callbacks.certificate_check = ssh_certificate_check;
cl_git_fail_with(GIT_EUSER, git_clone(&g_repo, "ssh://localhost/foo", "./foo", &g_options));
}
void test_online_clone__url_with_no_path_returns_EINVALIDSPEC(void) void test_online_clone__url_with_no_path_returns_EINVALIDSPEC(void)
{ {
cl_git_fail_with(git_clone(&g_repo, "http://github.com", "./foo", &g_options), cl_git_fail_with(git_clone(&g_repo, "http://github.com", "./foo", &g_options),
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment