dulwich.contrib.test_paramiko_vendor module

Tests for paramiko_vendor.

class dulwich.contrib.test_paramiko_vendor.ParamikoSSHVendorTests(methodName='runTest')

Bases: TestCase

Create an instance of the class that will use the named test method when executed. Raises a ValueError if the instance does not have a method with the specified name.

setUp()

Hook method for setting up the test fixture before exercising it.

tearDown()

Hook method for deconstructing the test fixture after testing it.

test_run_command_data_transfer()
test_run_command_password()
test_run_command_with_privkey()
class dulwich.contrib.test_paramiko_vendor.Server(commands, *args, **kwargs)

Bases: ServerInterface

http://docs.paramiko.org/en/2.4/api/server.html

check_auth_password(username, password)

Determine if a given username and password supplied by the client is acceptable for use in authentication.

Return AUTH_FAILED if the password is not accepted, AUTH_SUCCESSFUL if the password is accepted and completes the authentication, or AUTH_PARTIALLY_SUCCESSFUL if your authentication is stateful, and this key is accepted for authentication, but more authentication is required. (In this latter case, get_allowed_auths will be called to report to the client what options it has for continuing the authentication.)

The default implementation always returns AUTH_FAILED.

Parameters
  • username (str) – the username of the authenticating client.

  • password (str) – the password given by the client.

Returns

AUTH_FAILED if the authentication fails; AUTH_SUCCESSFUL if it succeeds; AUTH_PARTIALLY_SUCCESSFUL if the password auth is successful, but authentication must continue.

Return type

int

check_auth_publickey(username, key)

Determine if a given key supplied by the client is acceptable for use in authentication. You should override this method in server mode to check the username and key and decide if you would accept a signature made using this key.

Return AUTH_FAILED if the key is not accepted, AUTH_SUCCESSFUL if the key is accepted and completes the authentication, or AUTH_PARTIALLY_SUCCESSFUL if your authentication is stateful, and this password is accepted for authentication, but more authentication is required. (In this latter case, get_allowed_auths will be called to report to the client what options it has for continuing the authentication.)

Note that you don’t have to actually verify any key signtature here. If you’re willing to accept the key, Paramiko will do the work of verifying the client’s signature.

The default implementation always returns AUTH_FAILED.

Parameters
  • username (str) – the username of the authenticating client

  • key (.PKey) – the key object provided by the client

Returns

AUTH_FAILED if the client can’t authenticate with this key; AUTH_SUCCESSFUL if it can; AUTH_PARTIALLY_SUCCESSFUL if it can authenticate with this key but must continue with authentication

Return type

int

check_channel_exec_request(channel, command)

Determine if a shell command will be executed for the client. If this method returns True, the channel should be connected to the stdin, stdout, and stderr of the shell command.

The default implementation always returns False.

Parameters
  • channel (.Channel) – the .Channel the request arrived on.

  • command (str) – the command to execute.

Returns

True if this channel is now hooked up to the stdin, stdout, and stderr of the executing command; False if the command will not be executed.

New in version 1.1.

check_channel_request(kind, chanid)

Determine if a channel request of a given type will be granted, and return OPEN_SUCCEEDED or an error code. This method is called in server mode when the client requests a channel, after authentication is complete.

If you allow channel requests (and an ssh server that didn’t would be useless), you should also override some of the channel request methods below, which are used to determine which services will be allowed on a given channel:

  • check_channel_pty_request

  • check_channel_shell_request

  • check_channel_subsystem_request

  • check_channel_window_change_request

  • check_channel_x11_request

  • check_channel_forward_agent_request

The chanid parameter is a small number that uniquely identifies the channel within a .Transport. A .Channel object is not created unless this method returns OPEN_SUCCEEDED – once a .Channel object is created, you can call .Channel.get_id to retrieve the channel ID.

The return value should either be OPEN_SUCCEEDED (or 0) to allow the channel request, or one of the following error codes to reject it:

  • OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED

  • OPEN_FAILED_CONNECT_FAILED

  • OPEN_FAILED_UNKNOWN_CHANNEL_TYPE

  • OPEN_FAILED_RESOURCE_SHORTAGE

The default implementation always returns OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED.

Parameters
  • kind (str) – the kind of channel the client would like to open (usually "session").

  • chanid (int) – ID of the channel

Returns

an int success or failure code (listed above)

get_allowed_auths(username)

Return a list of authentication methods supported by the server. This list is sent to clients attempting to authenticate, to inform them of authentication methods that might be successful.

The “list” is actually a string of comma-separated names of types of authentication. Possible values are "password", "publickey", and "none".

The default implementation always returns "password".

Parameters

username (str) – the username requesting authentication.

Returns

a comma-separated str of authentication types