From c09625e02150a2d3cb9814474b2f478d7c5950ff Mon Sep 17 00:00:00 2001 From: Simon Cross Date: Tue, 22 Mar 2016 18:13:16 +0200 Subject: [PATCH 1/6] Fix name of authorized_keys config key. --- vumi/middleware/manhole.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vumi/middleware/manhole.py b/vumi/middleware/manhole.py index aade08a3d..22d7db9dd 100644 --- a/vumi/middleware/manhole.py +++ b/vumi/middleware/manhole.py @@ -18,7 +18,7 @@ class ManholeMiddlewareConfig(BaseMiddlewareConfig): twisted_endpoint = ConfigServerEndpoint( "Twisted endpoint to listen on", default="tcp:0", static=True) - autorized_keys = ConfigList( + authorized_keys = ConfigList( "List of absolute paths to `authorized_keys` files containing SSH " "public keys that are allowed access.", default=None, static=True) From 7c7cf913c96bf6e947fac19b128756cda3a37582 Mon Sep 17 00:00:00 2001 From: Simon Cross Date: Tue, 22 Mar 2016 19:09:04 +0200 Subject: [PATCH 2/6] Fix use of Twisted server endpoint config. --- vumi/middleware/manhole.py | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/vumi/middleware/manhole.py b/vumi/middleware/manhole.py index 22d7db9dd..2dfc1a07b 100644 --- a/vumi/middleware/manhole.py +++ b/vumi/middleware/manhole.py @@ -6,13 +6,11 @@ from vumi.middleware.base import BaseMiddlewareConfig from vumi.config import ConfigServerEndpoint -from twisted.internet import reactor from twisted.internet.defer import inlineCallbacks from twisted.cred import portal from twisted.conch import manhole_ssh, manhole_tap from twisted.conch.checkers import SSHPublicKeyDatabase from twisted.python.filepath import FilePath -from twisted.internet.endpoints import serverFromString class ManholeMiddlewareConfig(BaseMiddlewareConfig): @@ -73,8 +71,7 @@ def setup_middleware(self): }) ssh_portal = portal.Portal(ssh_realm, [checker]) factory = manhole_ssh.ConchFactory(ssh_portal) - endpoint = serverFromString(reactor, self.twisted_endpoint) - self.socket = yield endpoint.listen(factory) + self.socket = yield self.twisted_endpoint.listen(factory) def teardown_middleware(self): return self.socket.stopListening() From 93d30e884b9df038d9cdd48f1dabb3174f323f20 Mon Sep 17 00:00:00 2001 From: Simon Cross Date: Tue, 22 Mar 2016 19:09:49 +0200 Subject: [PATCH 3/6] Clean up tests and yield on setup_middleware. --- vumi/middleware/tests/test_manhole.py | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/vumi/middleware/tests/test_manhole.py b/vumi/middleware/tests/test_manhole.py index 0d4ef3021..6eaf4adba 100644 --- a/vumi/middleware/tests/test_manhole.py +++ b/vumi/middleware/tests/test_manhole.py @@ -1,7 +1,7 @@ from twisted.trial.unittest import SkipTest from twisted.internet import defer, protocol, reactor -from twisted.internet.defer import inlineCallbacks +from twisted.internet.defer import inlineCallbacks, returnValue from twisted.internet.endpoints import TCP4ClientEndpoint from vumi.tests.helpers import VumiTestCase @@ -29,6 +29,7 @@ class DummyWorker(object): class TestManholeMiddleware(VumiTestCase): + @inlineCallbacks def setUp(self): if not ssh: raise SkipTest('Crypto requirements missing. Skipping Test.') @@ -38,10 +39,7 @@ def setUp(self): self.pub_key_file.write(public_key.toString('OPENSSH')) self.pub_key_file.flush() - self._middlewares = [] - self._client_sockets = [] - - self.mw = self.get_middleware({ + self.mw = yield self.get_middleware({ 'authorized_keys': [self.pub_key_file.name] }) @@ -53,17 +51,17 @@ def open_shell(self, middleware): factory.channelConnected = defer.Deferred() endpoint = TCP4ClientEndpoint(reactor, host.host, host.port) - proto = yield endpoint.connect(factory) + transport = yield endpoint.connect(factory) channel = yield factory.channelConnected conn = channel.conn term = session.packRequest_pty_req("vt100", (0, 0, 0, 0), '') yield conn.sendRequest(channel, 'pty-req', term, wantReply=1) yield conn.sendRequest(channel, 'shell', '', wantReply=1) - self._client_sockets.append(proto) - self.add_cleanup(proto.loseConnection) + self.add_cleanup(transport.loseConnection) defer.returnValue(channel) + @inlineCallbacks def get_middleware(self, config={}): config = dict({ 'port': '0', @@ -73,10 +71,9 @@ def get_middleware(self, config={}): worker.transport_name = 'foo' mw = ManholeMiddleware("test_manhole_mw", config, worker) - mw.setup_middleware() - self._middlewares.append(mw) + yield mw.setup_middleware() self.add_cleanup(mw.teardown_middleware) - return mw + returnValue(mw) @inlineCallbacks def test_mw(self): From 26fd0145c8a54d98a02cd26c4112e71067adbbe6 Mon Sep 17 00:00:00 2001 From: Simon Cross Date: Tue, 22 Mar 2016 19:10:18 +0200 Subject: [PATCH 4/6] Return public and private key directly from getPublicKey and getPrivateKey. --- vumi/middleware/manhole_utils.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vumi/middleware/manhole_utils.py b/vumi/middleware/manhole_utils.py index e92820f58..172798586 100644 --- a/vumi/middleware/manhole_utils.py +++ b/vumi/middleware/manhole_utils.py @@ -27,10 +27,10 @@ def getPassword(self, prompt=None): return def getPublicKey(self): - return public_key.blob() + return public_key def getPrivateKey(self): - return defer.succeed(private_key.keyObject) + return defer.succeed(private_key) class ClientConnection(connection.SSHConnection): From a6200c5e064ad4400dfeaa12e3e47033c9e573d6 Mon Sep 17 00:00:00 2001 From: Simon Cross Date: Tue, 22 Mar 2016 19:44:49 +0200 Subject: [PATCH 5/6] Install PyCrypto so we can test the manhole middleware on Twisted 13.2. --- .travis.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index f47c2edd9..57e8e5d62 100644 --- a/.travis.yml +++ b/.travis.yml @@ -13,8 +13,9 @@ matrix: # Although there are two different things we're testing against here, they # are orthogonal and any failures should be easily attributable to either # Twisted version or Riak version without adding an additional build job. + # Twisted 13.2 requires PyCrypto for twisted.conch.ssh support. - python: "2.7" - env: TWISTED_VERSION="Twisted==13.2.0" RIAK_VERSION="2.1.1" + env: TWISTED_VERSION="Twisted==13.2.0" RIAK_VERSION="2.1.1" PYCRYPTO_VERSION="PyCrypto==2.6.1" # Test on pypy without coverage, because it's unnecessary and very slow. # Also, we hit an obscure GC bug in pypy<=2.6.0 so we need at least 2.6.1. - python: "pypy" @@ -40,6 +41,8 @@ install: # Travis seems to have pip 6.x, which doesn't build and cache wheels. - "pip install 'pip>=7.1.0'" - "pip install ${TWISTED_VERSION}" + # If requested, install PyCrypto + - if [ ! -z "$PYCRYPTO_VERSION" ]; then pip install "$PYCRYPTO_VERSION" - "pip install -r requirements.pip" - "pip install coveralls" From 2b450cb34336b733f9ea9c617aae75856c6d39a5 Mon Sep 17 00:00:00 2001 From: Simon Cross Date: Tue, 22 Mar 2016 19:48:12 +0200 Subject: [PATCH 6/6] Add missing fi. --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 57e8e5d62..1344550ff 100644 --- a/.travis.yml +++ b/.travis.yml @@ -42,7 +42,7 @@ install: - "pip install 'pip>=7.1.0'" - "pip install ${TWISTED_VERSION}" # If requested, install PyCrypto - - if [ ! -z "$PYCRYPTO_VERSION" ]; then pip install "$PYCRYPTO_VERSION" + - if [ ! -z "$PYCRYPTO_VERSION" ]; then pip install "$PYCRYPTO_VERSION"; fi - "pip install -r requirements.pip" - "pip install coveralls"