diff options
| author | Sebastian Deiss <sebastian.deiss@atos.net> | 2017-09-18 10:24:15 +0200 |
|---|---|---|
| committer | Sebastian Deiss <sebastian.deiss@atos.net> | 2017-09-18 10:24:15 +0200 |
| commit | 8f4b1771ff397f5dce6ed6462c992c41e1cd2c33 (patch) | |
| tree | b8361517e335844c588fa7cd8acb6c42414c16ba /tests | |
| parent | c4aed573db0392ec35f1dbe3d4ba6aa0b25f8815 (diff) | |
Fix rekeying with GSS-API key exchange
When GSS-API key exchange is used a rekey caused a GSS-API MIC
failure and closed the transport.
This happened because the MIC of the transport session ID
(H of the initial kex) was checked against the MIC of the new H
created during rekey.
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/test_kex_gss.py | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/tests/test_kex_gss.py b/tests/test_kex_gss.py index 3bf788da..af342a7c 100644 --- a/tests/test_kex_gss.py +++ b/tests/test_kex_gss.py @@ -93,7 +93,7 @@ class GSSKexTest(unittest.TestCase): server = NullServer() self.ts.start_server(self.event, server) - def test_1_gsskex_and_auth(self): + def _test_gsskex_and_auth(self, gss_host, rekey=False): """ Verify that Paramiko can handle SSHv2 GSS-API / SSPI authenticated Diffie-Hellman Key Exchange and user authentication with the GSS-API @@ -106,16 +106,19 @@ class GSSKexTest(unittest.TestCase): self.tc.get_host_keys().add('[%s]:%d' % (self.hostname, self.port), 'ssh-rsa', public_host_key) self.tc.connect(self.hostname, self.port, username=self.username, - gss_auth=True, gss_kex=True) + gss_auth=True, gss_kex=True, gss_host=gss_host) self.event.wait(1.0) self.assert_(self.event.is_set()) self.assert_(self.ts.is_active()) self.assertEquals(self.username, self.ts.get_username()) self.assertEquals(True, self.ts.is_authenticated()) + self.assertEquals(True, self.tc.get_transport().gss_kex_used) stdin, stdout, stderr = self.tc.exec_command('yes') schan = self.ts.accept(1.0) + if rekey: + self.tc.get_transport().renegotiate_keys() schan.send('Hello there.\n') schan.send_stderr('This is on stderr.\n') @@ -129,3 +132,17 @@ class GSSKexTest(unittest.TestCase): stdin.close() stdout.close() stderr.close() + + def test_1_gsskex_and_auth(self): + """ + Verify that Paramiko can handle SSHv2 GSS-API / SSPI authenticated + Diffie-Hellman Key Exchange and user authentication with the GSS-API + context created during key exchange. + """ + self._test_gsskex_and_auth(gss_host=None) + + def test_2_gsskex_and_auth_rekey(self): + """ + Verify that Paramiko can rekey. + """ + self._test_gsskex_and_auth(gss_host=None, rekey=True) |