diff options
| author | Carlos Martín Nieto <cmn@dwim.me> | 2014-09-15 21:51:42 +0200 |
|---|---|---|
| committer | Carlos Martín Nieto <cmn@dwim.me> | 2014-09-16 17:01:32 +0200 |
| commit | bf8756d6a2c42dc77b8a2de814a12e2ceb4487fd (patch) | |
| tree | 4c14f928310dd422be2d259f3b1f3aaec956d778 | |
| parent | 41698f22f683d3452ef83de3b3e82f5cb178b0b3 (diff) | |
| download | libgit2-bf8756d6a2c42dc77b8a2de814a12e2ceb4487fd.tar.gz | |
ssh: add test for host key
Test that the certificate check callback gets the right fingerprint from
the host we're connecting to.
| -rwxr-xr-x | script/cibuild.sh | 5 | ||||
| -rw-r--r-- | tests/online/clone.c | 32 |
2 files changed, 36 insertions, 1 deletions
diff --git a/script/cibuild.sh b/script/cibuild.sh index 981f95b7e..c7c341ce5 100755 --- a/script/cibuild.sh +++ b/script/cibuild.sh @@ -33,6 +33,9 @@ ssh-keygen -t rsa -f ~/.ssh/id_rsa -N "" -q cat ~/.ssh/id_rsa.pub >>~/.ssh/authorized_keys ssh-keyscan -t rsa localhost >>~/.ssh/known_hosts +# Get the fingerprint for localhost and remove the colons so we can parse it as a hex number +export GITTEST_REMOTE_SSH_FINGERPRINT=$(ssh-keygen -F localhost -l | tail -n 1 | cut -d ' ' -f 2 | tr -d ':') + export GITTEST_REMOTE_URL="ssh://localhost/$HOME/_temp/test.git" export GITTEST_REMOTE_USER=$USER export GITTEST_REMOTE_SSH_KEY="$HOME/.ssh/id_rsa" @@ -40,7 +43,7 @@ export GITTEST_REMOTE_SSH_PUBKEY="$HOME/.ssh/id_rsa.pub" export GITTEST_REMOTE_SSH_PASSPHRASE="" if [ -e ./libgit2_clar ]; then - ./libgit2_clar -sonline::push -sonline::clone::cred_callback && + ./libgit2_clar -sonline::push -sonline::clone::cred_callback -sonline::clone::ssh_cert && rm -rf $HOME/_temp/test.git && git init --bare $HOME/_temp/test.git && # create an empty one ./libgit2_clar -sonline::clone::ssh_with_paths diff --git a/tests/online/clone.c b/tests/online/clone.c index cebe3b2ba..2e51364f6 100644 --- a/tests/online/clone.c +++ b/tests/online/clone.c @@ -464,6 +464,38 @@ void test_online_clone__ssh_cannot_change_username(void) cl_git_fail(git_clone(&g_repo, "ssh://git@github.com/libgit2/TestGitRepository", "./foo", &g_options)); } +int ssh_certificate_check(git_cert_t type, void *data, size_t len, int valid, void *payload) +{ + git_cert_hostkey *key; + git_oid expected = {{0}}, actual = {{0}}; + const char *expected_str; + + GIT_UNUSED(len); + GIT_UNUSED(valid); + GIT_UNUSED(payload); + + expected_str = cl_getenv("GITTEST_REMOTE_SSH_FINGERPRINT"); + if (!expected_str) + cl_skip(); + + cl_git_pass(git_oid_fromstr(&expected, expected_str)); + cl_assert_equal_i(GIT_CERT_HOSTKEY_LIBSSH2, type); + + key = (git_cert_hostkey *) data; + git_oid_fromraw(&actual, key->hash); + + cl_assert(git_oid_equal(&expected, &actual)); + + return GIT_EUSER; +} + +void test_online_clone__ssh_cert(void) +{ + g_options.remote_callbacks.certificate_check = ssh_certificate_check; + + cl_git_fail_with(GIT_EUSER, git_clone(&g_repo, "ssh://localhost/foo", "./foo", &g_options)); +} + void test_online_clone__url_with_no_path_returns_EINVALIDSPEC(void) { cl_git_fail_with(git_clone(&g_repo, "http://github.com", "./foo", &g_options), |