Merge branch '2.0' into 1061-int

author: Jeff Forcier <jeff@bitprophet.org> 2017-09-12 13:09:48 -0700
committer: Jeff Forcier <jeff@bitprophet.org> 2017-09-12 13:09:48 -0700
commit: 35c27b812ff77e1ad78a4c7f85da32987ea70db3 (patch)
tree: fef911b1e862128a9394dc37cc4a3360fda33d1d /tests
parent: 85996f55531c137909617f8cbe003666c9b60f6a (diff)
parent: 516c3c75b4f810959d1fbf00e9602774b54f5b4f (diff)
download: paramiko-35c27b812ff77e1ad78a4c7f85da32987ea70db3.tar.gz
1 files changed, 61 insertions, 0 deletions
diff --git a/tests/test_client.py b/tests/test_client.py
index bfdf5f81..9da6eaca 100644
--- a/tests/test_client.py
+++ b/tests/test_client.py
@@ -141,6 +141,7 @@ class SSHClientTest (unittest.TestCase):
         self.assertTrue(self.ts.is_active())
         self.assertEqual('slowdive', self.ts.get_username())
         self.assertEqual(True, self.ts.is_authenticated())
+        self.assertEqual(False, self.tc.get_transport().gss_kex_used)
 
         # Command execution functions?
         stdin, stdout, stderr = self.tc.exec_command('yes')
@@ -366,3 +367,63 @@ class SSHClientTest (unittest.TestCase):
             password='pygmalion',
         )
         self._test_connection(**kwargs)
+
+    def test_9_auth_trickledown_gsskex(self):
+        """
+        Failed gssapi-keyex auth doesn't prevent subsequent key auth from succeeding
+        """
+        if not paramiko.GSS_AUTH_AVAILABLE:
+            return  # for python 2.6 lacks skipTest
+        kwargs = dict(
+            gss_kex=True,
+            key_filename=[test_path('test_rsa.key')],
+        )
+        self._test_connection(**kwargs)
+
+    def test_10_auth_trickledown_gssauth(self):
+        """
+        Failed gssapi-with-mic auth doesn't prevent subsequent key auth from succeeding
+        """
+        if not paramiko.GSS_AUTH_AVAILABLE:
+            return  # for python 2.6 lacks skipTest
+        kwargs = dict(
+            gss_auth=True,
+            key_filename=[test_path('test_rsa.key')],
+        )
+        self._test_connection(**kwargs)
+
+    def test_11_reject_policy(self):
+        """
+        verify that SSHClient's RejectPolicy works.
+        """
+        threading.Thread(target=self._run).start()
+
+        self.tc = paramiko.SSHClient()
+        self.tc.set_missing_host_key_policy(paramiko.RejectPolicy())
+        self.assertEqual(0, len(self.tc.get_host_keys()))
+        self.assertRaises(
+            paramiko.SSHException,
+            self.tc.connect,
+            password='pygmalion', **self.connect_kwargs
+        )
+
+    def test_12_reject_policy_gsskex(self):
+        """
+        verify that SSHClient's RejectPolicy works,
+        even if gssapi-keyex was enabled but not used.
+        """
+        # Test for a bug present in paramiko versions released before 2017-08-01
+        if not paramiko.GSS_AUTH_AVAILABLE:
+            return  # for python 2.6 lacks skipTest
+        threading.Thread(target=self._run).start()
+
+        self.tc = paramiko.SSHClient()
+        self.tc.set_missing_host_key_policy(paramiko.RejectPolicy())
+        self.assertEqual(0, len(self.tc.get_host_keys()))
+        self.assertRaises(
+            paramiko.SSHException,
+            self.tc.connect,
+            password='pygmalion',
+            gss_kex=True,
+             **self.connect_kwargs
+        )
author	Jeff Forcier <jeff@bitprophet.org>	2017-09-12 13:09:48 -0700
committer	Jeff Forcier <jeff@bitprophet.org>	2017-09-12 13:09:48 -0700
commit	35c27b812ff77e1ad78a4c7f85da32987ea70db3 (patch)
tree	fef911b1e862128a9394dc37cc4a3360fda33d1d /tests
parent	85996f55531c137909617f8cbe003666c9b60f6a (diff)
parent	516c3c75b4f810959d1fbf00e9602774b54f5b4f (diff)
download	paramiko-35c27b812ff77e1ad78a4c7f85da32987ea70db3.tar.gz