mirror of
https://github.com/gravitational/teleport
synced 2024-10-20 01:03:40 +00:00
Fixed tests
This commit is contained in:
parent
c52ca519db
commit
bd80127fac
6
Makefile
6
Makefile
|
@ -20,12 +20,6 @@ BINARIES=$(BUILDDIR)/tsh $(BUILDDIR)/teleport $(BUILDDIR)/tctl
|
|||
VERSRC = version.go gitref.go
|
||||
LIBS = $(shell find lib -type f -name '*.go') *.go
|
||||
|
||||
# TODO: REMOVE ME
|
||||
.PHONY: mac
|
||||
mac:
|
||||
BUILDDIR=darwin $(MAKE) all
|
||||
|
||||
|
||||
#
|
||||
# Default target: builds all 3 executables and plaaces them in a current directory
|
||||
#
|
||||
|
|
|
@ -354,7 +354,8 @@ func (i *TeleInstance) Start() (err error) {
|
|||
return err
|
||||
}
|
||||
|
||||
// NewClient returns a fully configured client (with server CAs and user keys)
|
||||
// NewClient returns a fully configured and pre-authenticated client
|
||||
// (pre-authenticated with server CAs and signed session key)
|
||||
func (i *TeleInstance) NewClient(login string, site string, host string, port int) (tc *client.TeleportClient, err error) {
|
||||
keyDir, err := ioutil.TempDir(i.Config.DataDir, "tsh")
|
||||
if err != nil {
|
||||
|
@ -394,7 +395,7 @@ func (i *TeleInstance) NewClient(login string, site string, host string, port in
|
|||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
// tells the client to use user keys from 'secrets':
|
||||
// confnigures the client authenticate using the keys from 'secrets':
|
||||
user, ok := i.Secrets.Users[login]
|
||||
if !ok {
|
||||
return nil, trace.Errorf("unknown login '%v'", login)
|
||||
|
@ -402,11 +403,12 @@ func (i *TeleInstance) NewClient(login string, site string, host string, port in
|
|||
if user.Key == nil {
|
||||
return nil, trace.Errorf("user %v has no key", login)
|
||||
}
|
||||
err = tc.AddKey(host, user.Key)
|
||||
_, err = tc.AddKey(host, user.Key)
|
||||
if err != nil {
|
||||
return nil, trace.Wrap(err)
|
||||
}
|
||||
// tell the client to trust given CAs (from secrets)
|
||||
// tell the client to trust given CAs (from secrets). this is the
|
||||
// equivalent of 'known hosts' in openssh
|
||||
cas := i.Secrets.GetCAs()
|
||||
for i := range cas {
|
||||
err = tc.AddTrustedCA(cas[i].V1())
|
||||
|
|
|
@ -104,7 +104,6 @@ func (s *IntSuite) newTeleport(c *check.C, logins []string, enableSSH bool) *Tel
|
|||
for _, login := range logins {
|
||||
t.AddUser(login, []string{login})
|
||||
}
|
||||
|
||||
if t.Create(nil, enableSSH, nil) != nil {
|
||||
c.FailNow()
|
||||
}
|
||||
|
|
|
@ -121,7 +121,7 @@ type Config struct {
|
|||
|
||||
// AuthMethods to use to login into cluster. If left empty, teleport will
|
||||
// use its own session store,
|
||||
AuthMethods []*CertAuthMethod
|
||||
AuthMethods []ssh.AuthMethod
|
||||
|
||||
Stdout io.Writer
|
||||
Stderr io.Writer
|
||||
|
@ -355,7 +355,6 @@ func NewClient(c *Config) (tc *TeleportClient, err error) {
|
|||
}
|
||||
return tc, nil
|
||||
}
|
||||
tc.Config.AuthMethods = append(tc.Config.AuthMethods, tc.LocalAgent().AuthMethods()...)
|
||||
return tc, nil
|
||||
}
|
||||
|
||||
|
@ -848,6 +847,16 @@ func (tc *TeleportClient) getProxyLogin() string {
|
|||
return proxyLogin
|
||||
}
|
||||
|
||||
// authMethods returns a list (slice) of all SSH auth methods this client
|
||||
// can use to try to authenticate
|
||||
func (tc *TeleportClient) authMethods() []ssh.AuthMethod {
|
||||
// return the auth methods that we were configured with
|
||||
// plus our local key agent (i.e. methods we've added during runtime
|
||||
// by the means of .AddKey())
|
||||
m := append([]ssh.AuthMethod(nil), tc.Config.AuthMethods...)
|
||||
return append(m, tc.LocalAgent().AuthMethods()...)
|
||||
}
|
||||
|
||||
// ConnectToProxy dials the proxy server and returns ProxyClient if successful
|
||||
func (tc *TeleportClient) ConnectToProxy() (*ProxyClient, error) {
|
||||
proxyAddr := tc.Config.ProxySSHHostPort()
|
||||
|
@ -856,7 +865,7 @@ func (tc *TeleportClient) ConnectToProxy() (*ProxyClient, error) {
|
|||
HostKeyCallback: tc.HostKeyCallback,
|
||||
}
|
||||
// helper to create a ProxyClient struct
|
||||
makeProxyClient := func(sshClient *ssh.Client, m *CertAuthMethod) *ProxyClient {
|
||||
makeProxyClient := func(sshClient *ssh.Client, m ssh.AuthMethod) *ProxyClient {
|
||||
return &ProxyClient{
|
||||
Client: sshClient,
|
||||
proxyAddress: proxyAddr,
|
||||
|
@ -868,7 +877,7 @@ func (tc *TeleportClient) ConnectToProxy() (*ProxyClient, error) {
|
|||
}
|
||||
successMsg := fmt.Sprintf("[CLIENT] successful auth with proxy %v", proxyAddr)
|
||||
// try to authenticate using every non interactive auth method we have:
|
||||
for i, m := range tc.Config.AuthMethods {
|
||||
for i, m := range tc.authMethods() {
|
||||
log.Infof("[CLIENT] connecting proxy=%v login='%v' method=%d", proxyAddr, sshConfig.User, i)
|
||||
|
||||
sshConfig.Auth = []ssh.AuthMethod{m}
|
||||
|
|
|
@ -44,7 +44,7 @@ type ProxyClient struct {
|
|||
hostLogin string
|
||||
proxyAddress string
|
||||
hostKeyCallback utils.HostKeyCallback
|
||||
authMethod *CertAuthMethod
|
||||
authMethod ssh.AuthMethod
|
||||
siteName string
|
||||
}
|
||||
|
||||
|
@ -155,8 +155,11 @@ func (proxy *ProxyClient) ConnectToSite(ctx context.Context, quiet bool) (auth.C
|
|||
// look at the certificate which we've received from the proxy and pick the 1st
|
||||
// valid principal to pass to the auth server
|
||||
authLogin := proxy.hostLogin
|
||||
if cert, ok := proxy.authMethod.Cert.PublicKey().(*ssh.Certificate); ok && len(cert.ValidPrincipals) > 0 {
|
||||
authLogin = cert.ValidPrincipals[0]
|
||||
certMethod, ok := proxy.authMethod.(*CertAuthMethod)
|
||||
if ok {
|
||||
if cert, ok := certMethod.Cert.PublicKey().(*ssh.Certificate); ok && len(cert.ValidPrincipals) > 0 {
|
||||
authLogin = cert.ValidPrincipals[0]
|
||||
}
|
||||
}
|
||||
|
||||
// this connects us to the node which is an auth server for this site
|
||||
|
|
|
@ -100,7 +100,10 @@ func (a *LocalKeyAgent) AddHostSignersToCache(hostSigners []services.CertAuthori
|
|||
return trace.Wrap(err)
|
||||
}
|
||||
log.Debugf("[KEY AGENT] adding CA key for %s", hostSigner.DomainName)
|
||||
a.keyStore.AddKnownHostKeys(hostSigner.DomainName, publicKeys)
|
||||
err = a.keyStore.AddKnownHostKeys(hostSigner.DomainName, publicKeys)
|
||||
if err != nil {
|
||||
return trace.Wrap(err)
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
@ -155,7 +158,13 @@ func (a *LocalKeyAgent) CheckHostSignature(hostId string, remote net.Addr, key s
|
|||
return err
|
||||
}
|
||||
|
||||
// AddKey stores a new signed session key for future use.
|
||||
//
|
||||
// It returns an implementation of ssh.Authmethod which can be passed to ssh.Config
|
||||
// to make new SSH connections authenticated by this key.
|
||||
//
|
||||
func (a *LocalKeyAgent) AddKey(host string, username string, key *Key) (*CertAuthMethod, error) {
|
||||
// save it to disk (usually into ~/.tsh)
|
||||
err := a.keyStore.AddKey(host, username, key)
|
||||
if err != nil {
|
||||
return nil, trace.Wrap(err)
|
||||
|
@ -164,15 +173,18 @@ func (a *LocalKeyAgent) AddKey(host string, username string, key *Key) (*CertAut
|
|||
if err != nil {
|
||||
return nil, trace.Wrap(err)
|
||||
}
|
||||
// add it to SSH agent as well:
|
||||
// add it to the external SSH agent:
|
||||
if a.sshAgent != nil {
|
||||
if err = a.sshAgent.Add(*agentKey); err != nil {
|
||||
log.Warn(err)
|
||||
}
|
||||
}
|
||||
// add it to our own in-memory key agent:
|
||||
if err = a.Agent.Add(*agentKey); err != nil {
|
||||
return nil, trace.Wrap(err)
|
||||
}
|
||||
// generate SSH auth method based on the given signed key and return
|
||||
// it to the caller:
|
||||
signer, err := ssh.NewSignerFromKey(agentKey.PrivateKey)
|
||||
if err != nil {
|
||||
return nil, trace.Wrap(err)
|
||||
|
@ -215,7 +227,7 @@ func (a *LocalKeyAgent) DeleteKey(proxyHost string, username string) error {
|
|||
// It returns two:
|
||||
// 1. First to try is the external SSH agent
|
||||
// 2. Itself (disk-based local agent)
|
||||
func (a *LocalKeyAgent) AuthMethods() (m []*CertAuthMethod) {
|
||||
func (a *LocalKeyAgent) AuthMethods() (m []ssh.AuthMethod) {
|
||||
// combine our certificates with external SSH agent's:
|
||||
var certs []ssh.Signer
|
||||
if ourCerts, _ := a.Signers(); ourCerts != nil {
|
||||
|
@ -227,7 +239,7 @@ func (a *LocalKeyAgent) AuthMethods() (m []*CertAuthMethod) {
|
|||
}
|
||||
}
|
||||
// for every certificate create a new "auth method" and return them
|
||||
m = make([]*CertAuthMethod, len(certs))
|
||||
m = make([]ssh.AuthMethod, len(certs))
|
||||
for i := range certs {
|
||||
m[i] = methodForCert(certs[i])
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue