Launchpad itself

Merge lp:~cjwatson/launchpad/split-lazr.sshserver into lp:launchpad

split-lazr.sshserver
Merge into devel

Proposed by Colin Watson on 2015-01-06

Status:	Merged
Approved by:	Colin Watson on 2015-01-13
Approved revision:	no longer in the source branch.
Merged at revision:	17302
Proposed branch:	lp:~cjwatson/launchpad/split-lazr.sshserver
Merge into:	lp:launchpad
Diff against target:	2125 lines (+38/-1808) 25 files modified daemons/poppy-sftp.tac (+7/-5) daemons/sftp.tac (+1/-3) lib/lp/codehosting/sftp.py (+1/-1) lib/lp/codehosting/sshserver/daemon.py (+4/-5) lib/lp/codehosting/sshserver/session.py (+2/-2) lib/lp/codehosting/sshserver/tests/test_daemon.py (+17/-2) lib/lp/codehosting/tests/test_sftp.py (+1/-1) lib/lp/poppy/tests/test_twistedsftp.py (+1/-1) lib/lp/poppy/twistedsftp.py (+2/-2) lib/lp/services/sshserver/__init__.py (+0/-8) lib/lp/services/sshserver/accesslog.py (+0/-86) lib/lp/services/sshserver/auth.py (+0/-308) lib/lp/services/sshserver/events.py (+0/-148) lib/lp/services/sshserver/service.py (+0/-191) lib/lp/services/sshserver/session.py (+0/-124) lib/lp/services/sshserver/sftp.py (+0/-45) lib/lp/services/sshserver/tests/__init__.py (+0/-8) lib/lp/services/sshserver/tests/keys/ssh_host_key_rsa (+0/-15) lib/lp/services/sshserver/tests/keys/ssh_host_key_rsa.pub (+0/-1) lib/lp/services/sshserver/tests/test_accesslog.py (+0/-146) lib/lp/services/sshserver/tests/test_auth.py (+0/-516) lib/lp/services/sshserver/tests/test_events.py (+0/-91) lib/lp/services/sshserver/tests/test_session.py (+0/-99) setup.py (+1/-0) versions.cfg (+1/-0)
To merge this branch:	bzr merge lp:~cjwatson/launchpad/split-lazr.sshserver
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
William Grant	code	2015-01-06	Approve on 2015-01-13
Review via email: mp+245647@code.launchpad.net

Commit Message

Split out lp.services.sshserver to lazr.sshserver.

Description of the Change

Split out lp.services.sshserver to lazr.sshserver.

William Grant (wgrant) on 2015-01-13:

review: Approve (code)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to status/vote changes:

Tzaddi

Tzaddi Belding

 === modified file 'daemons/poppy-sftp.tac'
 --- daemons/poppy-sftp.tac	2012-03-26 05:50:20 +0000
 +++ daemons/poppy-sftp.tac	2015-01-12 18:55:56 +0000
@@ -7,6 +7,13 @@
  import logging
++from lazr.sshserver.auth import (
++    LaunchpadAvatar,
++    PublicKeyFromLaunchpadChecker,
++    )
++from lazr.sshserver.service import SSHService
++from lazr.sshserver.session import DoNothingSession
++
  from twisted.application import service
  from twisted.conch.interfaces import ISession
  from twisted.conch.ssh import filetransfer
@@ -26,10 +33,6 @@
      FTPServiceFactory,
+     )
  from lp.poppy.twistedsftp import SFTPServer
--from lp.services.sshserver.auth import (
--    LaunchpadAvatar, PublicKeyFromLaunchpadChecker)
--from lp.services.sshserver.service import SSHService
--from lp.services.sshserver.session import DoNothingSession
  from lp.services.twistedsupport.loggingsupport import set_up_oops_reporting
@@ -106,7 +109,6 @@
      portal=make_portal(),
      private_key_path=config.poppy.host_key_private,
      public_key_path=config.poppy.host_key_public,
--    oops_configuration='poppy',
      main_log='poppy',
      access_log='poppy.access',
      access_log_path=config.poppy.access_log,
 === modified file 'daemons/sftp.tac'
 --- daemons/sftp.tac	2011-12-29 05:29:36 +0000
 +++ daemons/sftp.tac	2015-01-12 18:55:56 +0000
@@ -5,6 +5,7 @@
  #     twistd -noy sftp.tac
  # or similar.  Refer to the twistd(1) man page for details.
++from lazr.sshserver.service import SSHService
  from twisted.application import service
  from twisted.protocols.policies import TimeoutFactory
@@ -16,11 +17,9 @@
      get_key_path,
      LOG_NAME,
      make_portal,
--    OOPS_CONFIG_SECTION,
      PRIVATE_KEY_FILE,
      PUBLIC_KEY_FILE,
+     )
--from lp.services.sshserver.service import SSHService
  from lp.services.twistedsupport.gracefulshutdown import (
      ConnTrackingFactoryWrapper,
      make_web_status_service,
@@ -55,7 +54,6 @@
      portal=make_portal(),
      private_key_path=get_key_path(PRIVATE_KEY_FILE),
      public_key_path=get_key_path(PUBLIC_KEY_FILE),
--    oops_configuration=OOPS_CONFIG_SECTION,
      main_log=LOG_NAME,
      access_log=ACCESS_LOG_NAME,
      access_log_path=config.codehosting.access_log,
 === modified file 'lib/lp/codehosting/sftp.py'
 --- lib/lp/codehosting/sftp.py	2012-06-29 08:40:05 +0000
 +++ lib/lp/codehosting/sftp.py	2015-01-12 18:55:56 +0000
@@ -30,6 +30,7 @@
      urlutils,
+     )
  from bzrlib.transport.local import LocalTransport
++from lazr.sshserver.sftp import FileIsADirectory
  from twisted.conch.interfaces import (
      ISFTPFile,
      ISFTPServer,
@@ -45,7 +46,6 @@
      LaunchpadServer,
+     )
  from lp.services.config import config
--from lp.services.sshserver.sftp import FileIsADirectory
  from lp.services.twistedsupport import gatherResults
 === modified file 'lib/lp/codehosting/sshserver/daemon.py'
 --- lib/lp/codehosting/sshserver/daemon.py	2012-01-01 02:58:52 +0000
 +++ lib/lp/codehosting/sshserver/daemon.py	2015-01-12 18:55:56 +0000
@@ -17,6 +17,10 @@
  import os
++from lazr.sshserver.auth import (
++    LaunchpadAvatar,
++    PublicKeyFromLaunchpadChecker,
++    )
  from twisted.conch.interfaces import ISession
  from twisted.conch.ssh import filetransfer
  from twisted.cred.portal import (
@@ -30,17 +34,12 @@
  from lp.codehosting import sftp
  from lp.codehosting.sshserver.session import launch_smart_server
  from lp.services.config import config
--from lp.services.sshserver.auth import (
--    LaunchpadAvatar,
--    PublicKeyFromLaunchpadChecker,
--    )
  # The names of the key files of the server itself. The directory itself is
  # given in config.codehosting.host_key_pair_path.
  PRIVATE_KEY_FILE = 'ssh_host_key_rsa'
  PUBLIC_KEY_FILE = 'ssh_host_key_rsa.pub'
--OOPS_CONFIG_SECTION = 'codehosting'
  LOG_NAME = 'codehosting'
  ACCESS_LOG_NAME = 'codehosting.access'
 === modified file 'lib/lp/codehosting/sshserver/session.py'
 --- lib/lp/codehosting/sshserver/session.py	2012-06-29 08:40:05 +0000
 +++ lib/lp/codehosting/sshserver/session.py	2015-01-12 18:55:56 +0000
@@ -14,6 +14,8 @@
  import sys
  import urlparse
++from lazr.sshserver.events import AvatarEvent
++from lazr.sshserver.session import DoNothingSession
  from twisted.internet import (
      error,
      interfaces,
@@ -25,8 +27,6 @@
  from lp.codehosting import get_bzr_path
  from lp.services.config import config
--from lp.services.sshserver.events import AvatarEvent
--from lp.services.sshserver.session import DoNothingSession
  class BazaarSSHStarted(AvatarEvent):
 === modified file 'lib/lp/codehosting/sshserver/tests/test_daemon.py'
 --- lib/lp/codehosting/sshserver/tests/test_daemon.py	2010-10-30 22:44:21 +0000
 +++ lib/lp/codehosting/sshserver/tests/test_daemon.py	2015-01-12 18:55:56 +0000
@@ -5,6 +5,11 @@
  __metaclass__ = type
++from lazr.sshserver.auth import (
++    NoSuchPersonWithName,
++    SSHUserAuthServer,
++    )
++from lazr.sshserver.service import Factory
  from twisted.conch.ssh.common import NS
  from twisted.conch.ssh.keys import Key
  from twisted.test.proto_helpers import StringTransport
@@ -15,9 +20,8 @@
      PRIVATE_KEY_FILE,
      PUBLIC_KEY_FILE,
+     )
--from lp.services.sshserver.auth import SSHUserAuthServer
--from lp.services.sshserver.service import Factory
  from lp.testing import TestCase
++from lp.xmlrpc import faults
  class StringTransportWith_setTcpKeepAlive(StringTransport):
@@ -85,3 +89,14 @@
          mind2 = server_transport2.service.getMind()
          self.assertIsNot(mind1.cache, mind2.cache)
++
++
++class TestXMLRPC(TestCase):
++    """Test XML-RPC protocol integrity."""
++
++    def test_NoSuchPersonWithName_error_code(self):
++        # The error code for NoSuchPersonWithName in lazr.sshserver matches
++        # that in lp.xmlrpc.faults.
++        self.assertEqual(
++            faults.NoSuchPersonWithName.error_code,
++            NoSuchPersonWithName.error_code)
 === modified file 'lib/lp/codehosting/tests/test_sftp.py'
 --- lib/lp/codehosting/tests/test_sftp.py	2011-12-22 09:05:46 +0000
 +++ lib/lp/codehosting/tests/test_sftp.py	2015-01-12 18:55:56 +0000
@@ -13,6 +13,7 @@
  from bzrlib.tests import TestCaseInTempDir
  from bzrlib.transport import get_transport
  from bzrlib.transport.memory import MemoryTransport
++from lazr.sshserver.sftp import FileIsADirectory
  from testtools.deferredruntest import (
      assert_fails_with,
      AsynchronousDeferredRunTest,
@@ -33,7 +34,6 @@
      TransportSFTPServer,
+     )
  from lp.codehosting.sshserver.daemon import CodehostingAvatar
--from lp.services.sshserver.sftp import FileIsADirectory
  from lp.services.utils import file_exists
  from lp.testing import TestCase
  from lp.testing.factory import LaunchpadObjectFactory
 === modified file 'lib/lp/poppy/tests/test_twistedsftp.py'
 --- lib/lp/poppy/tests/test_twistedsftp.py	2011-11-30 16:27:15 +0000
 +++ lib/lp/poppy/tests/test_twistedsftp.py	2015-01-12 18:55:56 +0000
@@ -8,9 +8,9 @@
  import os
  from fixtures import TempDir
++from lazr.sshserver.sftp import FileIsADirectory
  from lp.poppy.twistedsftp import SFTPServer
--from lp.services.sshserver.sftp import FileIsADirectory
  from lp.testing import (
      NestedTempfile,
      TestCase,
 === modified file 'lib/lp/poppy/twistedsftp.py'
 --- lib/lp/poppy/twistedsftp.py	2012-06-29 08:40:05 +0000
 +++ lib/lp/poppy/twistedsftp.py	2015-01-12 18:55:56 +0000
@@ -14,6 +14,8 @@
  import os
  import tempfile
++from lazr.sshserver.events import SFTPClosed
++from lazr.sshserver.sftp import FileIsADirectory
  from twisted.conch.interfaces import (
      ISFTPFile,
      ISFTPServer,
@@ -26,8 +28,6 @@
  from lp.poppy.filesystem import UploadFileSystem
  from lp.poppy.hooks import Hooks
--from lp.services.sshserver.events import SFTPClosed
--from lp.services.sshserver.sftp import FileIsADirectory
  class SFTPServer:
 === removed directory 'lib/lp/services/sshserver'
 === removed file 'lib/lp/services/sshserver/__init__.py'
 --- lib/lp/services/sshserver/__init__.py	2010-04-15 14:49:55 +0000
 +++ lib/lp/services/sshserver/__init__.py	1970-01-01 00:00:00 +0000
@@ -1,8 +0,0 @@
--# Copyright 2010 Canonical Ltd.  This software is licensed under the
--# GNU Affero General Public License version 3 (see the file LICENSE).
--
--"""The Launchpad SSH server."""
--
--__metaclass__ = type
--__all__ = []
--
 === removed file 'lib/lp/services/sshserver/accesslog.py'
 --- lib/lp/services/sshserver/accesslog.py	2014-08-29 04:29:16 +0000
 +++ lib/lp/services/sshserver/accesslog.py	1970-01-01 00:00:00 +0000
@@ -1,86 +0,0 @@
--# Copyright 2009 Canonical Ltd.  This software is licensed under the
--# GNU Affero General Public License version 3 (see the file LICENSE).
--
--"""Logging for the SSH server."""
--
--__metaclass__ = type
--__all__ = [
--    'LoggingManager',
--    ]
--
--import logging
--from logging.handlers import WatchedFileHandler
--
--from twisted.python import log as tplog
--from zope.component import (
--    adapter,
--    getGlobalSiteManager,
--    provideHandler,
--    )
--# This non-standard import is necessary to hook up the event system.
--import zope.component.event
--
--from lp.services.sshserver.events import ILoggingEvent
--from lp.services.utils import synchronize
--
--
--class LoggingManager:
--    """Class for managing SSH server logging."""
--
--    def __init__(self, main_log, access_log, access_log_path):
--        """Construct the logging manager.
--
--        :param main_log: The main log. Twisted will log to this.
--        :param access_log: The access log object.
--        :param access_log_path: The path to the file where access log
--            messages go.
--        """
--        self._main_log = main_log
--        self._access_log = access_log
--        self._access_log_path = access_log_path
--        self._is_set_up = False
--
--    def setUp(self):
--        """Set up logging for the smart server.
--
--        This sets up a debugging handler on the main logger and makes sure
--        that things logged there won't go to stderr. It also sets up an access
--        logger.
--        """
--        log = self._main_log
--        self._orig_level = log.level
--        self._orig_handlers = list(log.handlers)
--        self._orig_observers = list(tplog.theLogPublisher.observers)
--        log.setLevel(logging.INFO)
--        log.addHandler(logging.NullHandler())
--        handler = WatchedFileHandler(self._access_log_path)
--        handler.setFormatter(
--            logging.Formatter("%(asctime)s %(levelname)s %(message)s"))
--        self._access_log.addHandler(handler)
--        self._access_log.setLevel(logging.INFO)
--        # Make sure that our logging event handler is there, ready to receive
--        # logging events.
--        provideHandler(self._log_event)
--        self._is_set_up = True
--
--    @adapter(ILoggingEvent)
--    def _log_event(self, event):
--        """Log 'event' to the access log."""
--        self._access_log.log(event.level, event.message)
--
--    def tearDown(self):
--        if not self._is_set_up:
--            return
--        log = self._main_log
--        log.level = self._orig_level
--        synchronize(
--            log.handlers, self._orig_handlers, log.addHandler,
--            log.removeHandler)
--        synchronize(
--            self._access_log.handlers, self._orig_handlers,
--            self._access_log.addHandler, self._access_log.removeHandler)
--        synchronize(
--            tplog.theLogPublisher.observers, self._orig_observers,
--            tplog.addObserver, tplog.removeObserver)
--        getGlobalSiteManager().unregisterHandler(self._log_event)
--        self._is_set_up = False
 === removed file 'lib/lp/services/sshserver/auth.py'
 --- lib/lp/services/sshserver/auth.py	2014-01-30 15:04:06 +0000
 +++ lib/lp/services/sshserver/auth.py	1970-01-01 00:00:00 +0000
@@ -1,308 +0,0 @@
--# Copyright 2009 Canonical Ltd.  This software is licensed under the
--# GNU Affero General Public License version 3 (see the file LICENSE).
--
--"""Custom authentication for the SSH server.
--
--Launchpad's SSH server authenticates users against a XML-RPC service (see
--`lp.services.authserver.interfaces.IAuthServer` and
--`PublicKeyFromLaunchpadChecker`) and provides richer error messages in the
--case of failed authentication (see `SSHUserAuthServer`).
--"""
--
--__metaclass__ = type
--__all__ = [
--    'LaunchpadAvatar',
--    'PublicKeyFromLaunchpadChecker',
--    'SSHUserAuthServer',
--    ]
--
--import binascii
--
--from twisted.conch import avatar
--from twisted.conch.checkers import SSHPublicKeyDatabase
--from twisted.conch.error import ConchError
--from twisted.conch.interfaces import IConchUser
--from twisted.conch.ssh import (
--    keys,
--    userauth,
--    )
--from twisted.conch.ssh.common import (
--    getNS,
--    NS,
--    )
--from twisted.cred import credentials
--from twisted.cred.checkers import ICredentialsChecker
--from twisted.cred.error import UnauthorizedLogin
--from twisted.internet import defer
--from twisted.python import failure
--from zope.event import notify
--from zope.interface import implements
--
--from lp.services.sshserver import events
--from lp.services.sshserver.session import PatchedSSHSession
--from lp.services.sshserver.sftp import FileTransferServer
--from lp.services.twistedsupport.xmlrpc import trap_fault
--from lp.xmlrpc import faults
--
--
--class LaunchpadAvatar(avatar.ConchUser):
--    """An account on the SSH server, corresponding to a Launchpad person.
--
--    :ivar channelLookup: See `avatar.ConchUser`.
--    :ivar subsystemLookup: See `avatar.ConchUser`.
--    :ivar user_id: The Launchpad database ID of the Person for this account.
--    :ivar username: The Launchpad username for this account.
--    """
--
--    def __init__(self, user_dict):
--        """Construct a `LaunchpadAvatar`.
--
--        :param user_dict: The result of a call to
--            `IAuthServer.getUserAndSSHKeys`.
--        """
--        avatar.ConchUser.__init__(self)
--        self.user_id = user_dict['id']
--        self.username = user_dict['name']
--
--        # Set the only channel as a standard SSH session (with a couple of bug
--        # fixes).
--        self.channelLookup = {'session': PatchedSSHSession}
--        # ...and set the only subsystem to be SFTP.
--        self.subsystemLookup = {'sftp': FileTransferServer}
--
--    def logout(self):
--        notify(events.UserLoggedOut(self))
--
--
--class UserDisplayedUnauthorizedLogin(UnauthorizedLogin):
--    """UnauthorizedLogin which should be reported to the user."""
--
--
--class ISSHPrivateKeyWithMind(credentials.ISSHPrivateKey):
--    """Marker interface for SSH credentials that reference a Mind."""
--
--
--class SSHPrivateKeyWithMind(credentials.SSHPrivateKey):
--    """SSH credentials that also reference a Mind."""
--
--    implements(ISSHPrivateKeyWithMind)
--
--    def __init__(self, username, algName, blob, sigData, signature, mind):
--        credentials.SSHPrivateKey.__init__(
--            self, username, algName, blob, sigData, signature)
--        self.mind = mind
--
--
--class UserDetailsMind:
--    """A 'Mind' object that answers and caches requests for user details.
--
--    A mind is a (poorly named) concept from twisted.cred that basically can be
--    passed to portal.login to represent the client side view of
--    authentication.  In our case we attach a mind to the SSHUserAuthServer
--    object that corresponds to an attempt to authenticate against the server.
--    """
--
--    def __init__(self):
--        self.cache = {}
--
--    def lookupUserDetails(self, proxy, username):
--        """Find details for the named user, including registered SSH keys.
--
--        This method basically wraps `IAuthServer.getUserAndSSHKeys` -- see the
--        documentation of that method for more details -- and caches the
--        details found for any particular user.
--
--        :param proxy: A twisted.web.xmlrpc.Proxy object for the authentication
--            endpoint.
--        :param username: The username to look up.
--        """
--        if username in self.cache:
--            return defer.succeed(self.cache[username])
--        else:
--            d = proxy.callRemote('getUserAndSSHKeys', username)
--            d.addBoth(self._add_to_cache, username)
--            return d
--
--    def _add_to_cache(self, result, username):
--        """Add the results to our cache."""
--        self.cache[username] = result
--        return result
--
--
--class SSHUserAuthServer(userauth.SSHUserAuthServer):
--    """Subclass of Conch's SSHUserAuthServer to customize various behaviours.
--
--    There are two main differences:
--
--     * We override ssh_USERAUTH_REQUEST to display as a banner the reason why
--       an authentication attempt failed.
--
--     * We override auth_publickey to create credentials that reference a
--       UserDetailsMind and pass the same mind to self.portal.login.
--
--    Conch is not written in a way to make this easy; we've had to copy and
--    paste and change the implementations of these methods.
--    """
--
--    def __init__(self, transport=None, banner=None):
--        self.transport = transport
--        self._banner = banner
--        self._configured_banner_sent = False
--        self._mind = UserDetailsMind()
--        self.interfaceToMethod = userauth.SSHUserAuthServer.interfaceToMethod
--        self.interfaceToMethod[ISSHPrivateKeyWithMind] = 'publickey'
--
--    def sendBanner(self, text, language='en'):
--        bytes = '\r\n'.join(text.encode('UTF8').splitlines() + [''])
--        self.transport.sendPacket(userauth.MSG_USERAUTH_BANNER,
--                                  NS(bytes) + NS(language))
--
--    def _sendConfiguredBanner(self, passed_through):
--        if not self._configured_banner_sent and self._banner:
--            self._configured_banner_sent = True
--            self.sendBanner(self._banner)
--        return passed_through
--
--    def ssh_USERAUTH_REQUEST(self, packet):
--        # This is copied and pasted from twisted/conch/ssh/userauth.py in
--        # Twisted 8.0.1. We do this so we can add _ebLogToBanner between
--        # two existing errbacks.
--        user, nextService, method, rest = getNS(packet, 3)
--        if user != self.user or nextService != self.nextService:
--            self.authenticatedWith = [] # clear auth state
--        self.user = user
--        self.nextService = nextService
--        self.method = method
--        d = self.tryAuth(method, user, rest)
--        if not d:
--            self._ebBadAuth(failure.Failure(ConchError('auth returned none')))
--            return
--        d.addCallback(self._sendConfiguredBanner)
--        d.addCallbacks(self._cbFinishedAuth)
--        d.addErrback(self._ebMaybeBadAuth)
--        # This line does not appear in the original.
--        d.addErrback(self._ebLogToBanner)
--        d.addErrback(self._ebBadAuth)
--        return d
--
--    def _cbFinishedAuth(self, result):
--        ret = userauth.SSHUserAuthServer._cbFinishedAuth(self, result)
--        # Tell the avatar about the transport, so we can tie it to the
--        # connection in the logs.
--        avatar = self.transport.avatar
--        avatar.transport = self.transport
--        notify(events.UserLoggedIn(avatar))
--        return ret
--
--    def _ebLogToBanner(self, reason):
--        reason.trap(UserDisplayedUnauthorizedLogin)
--        self.sendBanner(reason.getErrorMessage())
--        return reason
--
--    def getMind(self):
--        """Return the mind that should be passed to self.portal.login().
--
--        If multiple requests to authenticate within this overall login attempt
--        should share state, this method can return the same mind each time.
--        """
--        return self._mind
--
--    def makePublicKeyCredentials(self, username, algName, blob, sigData,
--                                 signature):
--        """Construct credentials for a request to login with a public key.
--
--        Our implementation returns a SSHPrivateKeyWithMind.
--
--        :param username: The username the request is for.
--        :param algName: The algorithm name for the blob.
--        :param blob: The public key blob as sent by the client.
--        :param sigData: The data the signature was made from.
--        :param signature: The signed data.  This is checked to verify that the
--            user owns the private key.
--        """
--        mind = self.getMind()
--        return SSHPrivateKeyWithMind(
--                username, algName, blob, sigData, signature, mind)
--
--    def auth_publickey(self, packet):
--        # This is copied and pasted from twisted/conch/ssh/userauth.py in
--        # Twisted 8.0.1. We do this so we can customize how the credentials
--        # are built and pass a mind to self.portal.login.
--        hasSig = ord(packet[0])
--        algName, blob, rest = getNS(packet[1:], 2)
--        pubKey = keys.Key.fromString(blob).keyObject
--        signature = hasSig and getNS(rest)[0] or None
--        if hasSig:
--            b = NS(self.transport.sessionID) + \
--                chr(userauth.MSG_USERAUTH_REQUEST) +  NS(self.user) + \
--                NS(self.nextService) + NS('publickey') +  chr(hasSig) + \
--                NS(keys.objectType(pubKey)) + NS(blob)
--            # The next three lines are different from the original.
--            c = self.makePublicKeyCredentials(
--                self.user, algName, blob, b, signature)
--            return self.portal.login(c, self.getMind(), IConchUser)
--        else:
--            # The next four lines are different from the original.
--            c = self.makePublicKeyCredentials(
--                self.user, algName, blob, None, None)
--            return self.portal.login(
--                c, self.getMind(), IConchUser).addErrback(
--                    self._ebCheckKey, packet[1:])
--
--
--class PublicKeyFromLaunchpadChecker(SSHPublicKeyDatabase):
--    """Cred checker for getting public keys from launchpad.
--
--    It knows how to get the public keys from the authserver.
--    """
--    credentialInterfaces = ISSHPrivateKeyWithMind,
--    implements(ICredentialsChecker)
--
--    def __init__(self, authserver):
--        self.authserver = authserver
--
--    def checkKey(self, credentials):
--        """Check whether `credentials` is a valid request to authenticate.
--
--        We check the key data in credentials against the keys the named user
--        has registered in Launchpad.
--        """
--        d = credentials.mind.lookupUserDetails(
--            self.authserver, credentials.username)
--        d.addCallback(self._checkForAuthorizedKey, credentials)
--        d.addErrback(self._reportNoSuchUser, credentials)
--        return d
--
--    def _reportNoSuchUser(self, failure, credentials):
--        """Report the user named in the credentials not existing nicely."""
--        trap_fault(failure, faults.NoSuchPersonWithName)
--        raise UserDisplayedUnauthorizedLogin(
--            "No such Launchpad account: %s" % credentials.username)
--
--    def _checkForAuthorizedKey(self, user_dict, credentials):
--        """Check the key data in credentials against the keys found in LP."""
--        if credentials.algName == 'ssh-dss':
--            wantKeyType = 'DSA'
--        elif credentials.algName == 'ssh-rsa':
--            wantKeyType = 'RSA'
--        else:
--            # unknown key type
--            return False
--
--        if len(user_dict['keys']) == 0:
--            raise UserDisplayedUnauthorizedLogin(
--                "Launchpad user %r doesn't have a registered SSH key"
--                % credentials.username)
--
--        for keytype, keytext in user_dict['keys']:
--            if keytype != wantKeyType:
--                continue
--            try:
--                if keytext.decode('base64') == credentials.blob:
--                    return True
--            except binascii.Error:
--                continue
--
--        raise UnauthorizedLogin(
--            "Your SSH key does not match any key registered for Launchpad "
--            "user %s" % credentials.username)
 === removed file 'lib/lp/services/sshserver/events.py'
 --- lib/lp/services/sshserver/events.py	2010-08-20 20:31:18 +0000
 +++ lib/lp/services/sshserver/events.py	1970-01-01 00:00:00 +0000
@@ -1,148 +0,0 @@
--# Copyright 2010 Canonical Ltd.  This software is licensed under the
--# GNU Affero General Public License version 3 (see the file LICENSE).
--
--"""Events generated by the SSH server."""
--
--__metaclass__ = type
--__all__ = [
--    'AuthenticationFailed',
--    'AvatarEvent',
--    'ILoggingEvent',
--    'LoggingEvent',
--    'ServerStarting',
--    'ServerStopped',
--    'SFTPClosed',
--    'SFTPStarted',
--    'UserConnected',
--    'UserDisconnected',
--    'UserLoggedIn',
--    'UserLoggedOut',
--    ]
--
--import logging
--
--from zope.interface import (
--    Attribute,
--    implements,
--    Interface,
--    )
--
--
--class ILoggingEvent(Interface):
--    """An event is a logging event if it has a message and a severity level.
--
--    Events that provide this interface will be logged in the SSH server access
--    log.
--    """
--
--    level = Attribute("The level to log the event at.")
--    message = Attribute("The message to log.")
--
--
--class LoggingEvent:
--    """An event that can be logged to a Python logger.
--
--    :ivar level: The level to log itself as. This should be defined as a
--        class variable in subclasses.
--    :ivar template: The format string of the message to log. This should be
--        defined as a class variable in subclasses.
--    """
--
--    implements(ILoggingEvent)
--
--    def __init__(self, level=None, template=None, **data):
--        """Construct a logging event.
--
--        :param level: The level to log the event as. If specified, overrides
--            the 'level' class variable.
--        :param template: The format string of the message to log. If
--            specified, overrides the 'template' class variable.
--        :param **data: Information to be logged. Entries will be substituted
--            into the template and stored as attributes.
--        """
--        if level is not None:
--            self._level = level
--        if template is not None:
--            self.template = template
--        self._data = data
--
--    @property
--    def level(self):
--        """See `ILoggingEvent`."""
--        return self._level
--
--    @property
--    def message(self):
--        """See `ILoggingEvent`."""
--        return self.template % self._data
--
--
--class ServerStarting(LoggingEvent):
--
--    level = logging.INFO
--    template = '---- Server started ----'
--
--
--class ServerStopped(LoggingEvent):
--
--    level = logging.INFO
--    template = '---- Server stopped ----'
--
--
--class UserConnected(LoggingEvent):
--
--    level = logging.INFO
--    template = '[%(session_id)s] %(address)s connected.'
--
--    def __init__(self, transport, address):
--        LoggingEvent.__init__(
--            self, session_id=id(transport), address=address)
--
--
--class AuthenticationFailed(LoggingEvent):
--
--    level = logging.INFO
--    template = '[%(session_id)s] failed to authenticate.'
--
--    def __init__(self, transport):
--        LoggingEvent.__init__(self, session_id=id(transport))
--
--
--class UserDisconnected(LoggingEvent):
--
--    level = logging.INFO
--    template = '[%(session_id)s] disconnected.'
--
--    def __init__(self, transport):
--        LoggingEvent.__init__(self, session_id=id(transport))
--
--
--class AvatarEvent(LoggingEvent):
--    """Base avatar event."""
--
--    level = logging.INFO
--
--    def __init__(self, avatar):
--        self.avatar = avatar
--        LoggingEvent.__init__(
--            self, session_id=id(avatar.transport), username=avatar.username)
--
--
--class UserLoggedIn(AvatarEvent):
--
--    template = '[%(session_id)s] %(username)s logged in.'
--
--
--class UserLoggedOut(AvatarEvent):
--
--    template = '[%(session_id)s] %(username)s disconnected.'
--
--
--class SFTPStarted(AvatarEvent):
--
--    template = '[%(session_id)s] %(username)s started SFTP session.'
--
--
--class SFTPClosed(AvatarEvent):
--
--    template = '[%(session_id)s] %(username)s closed SFTP session.'
 === removed file 'lib/lp/services/sshserver/service.py'
 --- lib/lp/services/sshserver/service.py	2012-04-16 23:02:44 +0000
 +++ lib/lp/services/sshserver/service.py	1970-01-01 00:00:00 +0000
@@ -1,191 +0,0 @@
--# Copyright 2009-2011 Canonical Ltd.  This software is licensed under the
--# GNU Affero General Public License version 3 (see the file LICENSE).
--
--"""Twisted `service.Service` class for the Launchpad SSH server.
--
--An `SSHService` object can be used to launch the SSH server.
--"""
--
--__metaclass__ = type
--__all__ = [
--    'SSHService',
--    ]
--
--
--import logging
--import os
--
--from twisted.application import (
--    service,
--    strports,
--    )
--from twisted.conch.ssh.factory import SSHFactory
--from twisted.conch.ssh.keys import Key
--from twisted.conch.ssh.transport import SSHServerTransport
--from twisted.internet import defer
--from zope.event import notify
--
--from lp.services.sshserver import (
--    accesslog,
--    events,
--    )
--from lp.services.sshserver.auth import SSHUserAuthServer
--from lp.services.twistedsupport import gatherResults
--
--
--class KeepAliveSettingSSHServerTransport(SSHServerTransport):
--
--    def connectionMade(self):
--        SSHServerTransport.connectionMade(self)
--        self.transport.setTcpKeepAlive(True)
--
--
--class Factory(SSHFactory):
--    """SSH factory that uses Launchpad's custom authentication.
--
--    This class tells the SSH service to use our custom authentication service
--    and configures the host keys for the SSH server. It also logs connection
--    to and disconnection from the SSH server.
--    """
--
--    protocol = KeepAliveSettingSSHServerTransport
--
--    def __init__(self, portal, private_key, public_key, banner=None):
--        """Construct an SSH factory.
--
--        :param portal: The portal used to turn credentials into users.
--        :param private_key: The private key of the server, must be an RSA
--            key, given as a `twisted.conch.ssh.keys.Key` object.
--        :param public_key: The public key of the server, must be an RSA
--            key, given as a `twisted.conch.ssh.keys.Key` object.
--        :param banner: The text to display when users successfully log in.
--        """
--        # Although 'portal' isn't part of the defined interface for
--        # `SSHFactory`, defining it here is how the `SSHUserAuthServer` gets
--        # at it. (Look for the beautiful line "self.portal =
--        # self.transport.factory.portal").
--        self.portal = portal
--        self.services['ssh-userauth'] = self._makeAuthServer
--        self._private_key = private_key
--        self._public_key = public_key
--        self._banner = banner
--
--    def _makeAuthServer(self, *args, **kwargs):
--        kwargs['banner'] = self._banner
--        return SSHUserAuthServer(*args, **kwargs)
--
--    def buildProtocol(self, address):
--        """Build an SSH protocol instance, logging the event.
--
--        The protocol object we return is slightly modified so that we can hook
--        into the 'connectionLost' event and log the disconnection.
--        """
--        transport = SSHFactory.buildProtocol(self, address)
--        transport._realConnectionLost = transport.connectionLost
--        transport.connectionLost = (
--            lambda reason: self.connectionLost(transport, reason))
--        notify(events.UserConnected(transport, address))
--        return transport
--
--    def connectionLost(self, transport, reason):
--        """Call 'connectionLost' on 'transport', logging the event."""
--        try:
--            return transport._realConnectionLost(reason)
--        finally:
--            # Conch's userauth module sets 'avatar' on the transport if the
--            # authentication succeeded. Thus, if it's not there,
--            # authentication failed. We can't generate this event from the
--            # authentication layer since:
--            #
--            # a) almost every SSH login has at least one failure to
--            # authenticate due to multiple keys on the client-side.
--            #
--            # b) the server doesn't normally generate a "go away" event.
--            # Rather, the client simply stops trying.
--            if getattr(transport, 'avatar', None) is None:
--                notify(events.AuthenticationFailed(transport))
--            notify(events.UserDisconnected(transport))
--
--    def getPublicKeys(self):
--        """Return the server's configured public key.
--
--        See `SSHFactory.getPublicKeys`.
--        """
--        return {'ssh-rsa': self._public_key}
--
--    def getPrivateKeys(self):
--        """Return the server's configured private key.
--
--        See `SSHFactory.getPrivateKeys`.
--        """
--        return {'ssh-rsa': self._private_key}
--
--
--class SSHService(service.Service):
--    """A Twisted service for the SSH server."""
--
--    def __init__(self, portal, private_key_path, public_key_path,
--                 oops_configuration, main_log, access_log,
--                 access_log_path, strport='tcp:22', factory_decorator=None,
--                 banner=None):
--        """Construct an SSH service.
--
--        :param portal: The `twisted.cred.portal.Portal` that turns
--            authentication requests into views on the system.
--        :param private_key_path: The path to the SSH server's private key.
--        :param public_key_path: The path to the SSH server's public key.
--        :param oops_configuration: The section of the configuration file with
--            the OOPS config details for this server.
--        :param main_log: The name of the logger to log most of the server
--            stuff to.
--        :param access_log: The name of the logger object to log the server
--            access details to.
--        :param access_log_path: The path to the access log file.
--        :param strport: The port to run the server on, expressed in Twisted's
--            "strports" mini-language. Defaults to 'tcp:22'.
--        :param factory_decorator: An optional callable that can decorate the
--            server factory (e.g. with a
--            `twisted.protocols.policies.TimeoutFactory`).  It takes one
--            argument, a factory, and must return a factory.
--        :param banner: An announcement printed to users when they connect.
--            By default, announce nothing.
--        """
--        ssh_factory = Factory(
--            portal,
--            private_key=Key.fromFile(private_key_path),
--            public_key=Key.fromFile(public_key_path),
--            banner=banner)
--        if factory_decorator is not None:
--            ssh_factory = factory_decorator(ssh_factory)
--        self.service = strports.service(strport, ssh_factory)
--        self._oops_configuration = oops_configuration
--        self._main_log = main_log
--        self._access_log = access_log
--        self._access_log_path = access_log_path
--
--    def startService(self):
--        """Start the SSH service."""
--        manager = accesslog.LoggingManager(
--            logging.getLogger(self._main_log),
--            logging.getLogger(self._access_log_path),
--            self._access_log_path)
--        manager.setUp()
--        notify(events.ServerStarting())
--        # By default, only the owner of files should be able to write to them.
--        # Perhaps in the future this line will be deleted and the umask
--        # managed by the startup script.
--        os.umask(0022)
--        service.Service.startService(self)
--        self.service.startService()
--
--    def stopService(self):
--        """Stop the SSH service."""
--        deferred = gatherResults([
--            defer.maybeDeferred(service.Service.stopService, self),
--            defer.maybeDeferred(self.service.stopService)])
--
--        def log_stopped(ignored):
--            notify(events.ServerStopped())
--            return ignored
--
--        return deferred.addBoth(log_stopped)
 === removed file 'lib/lp/services/sshserver/session.py'
 --- lib/lp/services/sshserver/session.py	2010-08-20 20:31:18 +0000
 +++ lib/lp/services/sshserver/session.py	1970-01-01 00:00:00 +0000
@@ -1,124 +0,0 @@
--# Copyright 2010 Canonical Ltd.  This software is licensed under the
--# GNU Affero General Public License version 3 (see the file LICENSE).
--
--"""Patched SSH session for the Launchpad server."""
--
--__metaclass__ = type
--__all__ = [
--    'DoNothingSession',
--    'PatchedSSHSession',
--    ]
--
--from twisted.conch.interfaces import ISession
--from twisted.conch.ssh import (
--    channel,
--    connection,
--    session,
--    )
--from zope.interface import implements
--
--
--class PatchedSSHSession(session.SSHSession, object):
--    """Session adapter that corrects bugs in Conch.
--
--    This object provides no custom logic for Launchpad, it just addresses some
--    simple bugs in the base `session.SSHSession` class that are not yet fixed
--    upstream.
--    """
--
--    def closeReceived(self):
--        # Without this, the client hangs when it's finished transferring.
--        # XXX: JonathanLange 2009-01-05: This does not appear to have a
--        # corresponding bug in Twisted. We should test that the above comment
--        # is indeed correct and then file a bug upstream.
--        self.loseConnection()
--
--    def loseConnection(self):
--        # XXX: JonathanLange 2008-03-31: This deliberately replaces the
--        # implementation of session.SSHSession.loseConnection. The default
--        # implementation will try to call loseConnection on the client
--        # transport even if it's None. I don't know *why* it is None, so this
--        # doesn't necessarily address the root cause.
--        # See http://twistedmatrix.com/trac/ticket/2754.
--        transport = getattr(self.client, 'transport', None)
--        if transport is not None:
--            transport.loseConnection()
--        # This is called by session.SSHSession.loseConnection. SSHChannel is
--        # the base class of SSHSession.
--        channel.SSHChannel.loseConnection(self)
--
--    def stopWriting(self):
--        """See `session.SSHSession.stopWriting`.
--
--        When the client can't keep up with us, we ask the child process to
--        stop giving us data.
--        """
--        # XXX: MichaelHudson 2008-06-27: Being cagey about whether
--        # self.client.transport is entirely paranoia inspired by the comment
--        # in `loseConnection` above. It would be good to know if and why it is
--        # necessary. See http://twistedmatrix.com/trac/ticket/2754.
--        transport = getattr(self.client, 'transport', None)
--        if transport is not None:
--            # For SFTP connections, 'transport' is actually a _DummyTransport
--            # instance. Neither _DummyTransport nor the protocol it wraps
--            # (filetransfer.FileTransferServer) support pausing.
--            pauseProducing = getattr(transport, 'pauseProducing', None)
--            if pauseProducing is not None:
--                pauseProducing()
--
--    def startWriting(self):
--        """See `session.SSHSession.startWriting`.
--
--        The client is ready for data again, so ask the child to start
--        producing data again.
--        """
--        # XXX: MichaelHudson 2008-06-27: Being cagey about whether
--        # self.client.transport is entirely paranoia inspired by the comment
--        # in `loseConnection` above. It would be good to know if and why it is
--        # necessary. See http://twistedmatrix.com/trac/ticket/2754.
--        transport = getattr(self.client, 'transport', None)
--        if transport is not None:
--            # For SFTP connections, 'transport' is actually a _DummyTransport
--            # instance. Neither _DummyTransport nor the protocol it wraps
--            # (filetransfer.FileTransferServer) support pausing.
--            resumeProducing = getattr(transport, 'resumeProducing', None)
--            if resumeProducing is not None:
--                resumeProducing()
--
--
--class DoNothingSession:
--    """A Conch user session that allows nothing."""
--
--    implements(ISession)
--
--    def __init__(self, avatar):
--        self.avatar = avatar
--
--    def closed(self):
--        """See ISession."""
--
--    def eofReceived(self):
--        """See ISession."""
--
--    def errorWithMessage(self, protocol, msg):
--        protocol.session.writeExtended(
--            connection.EXTENDED_DATA_STDERR, msg)
--        protocol.loseConnection()
--
--    def execCommand(self, protocol, command):
--        """See ISession."""
--        self.errorWithMessage(
--            protocol, "Not allowed to execute commands on this server.\r\n")
--
--    def getPty(self, term, windowSize, modes):
--        """See ISession."""
--        # Do nothing, as we don't provide shell access. openShell will get
--        # called and handle this error message and disconnect.
--
--    def openShell(self, protocol):
--        """See ISession."""
--        self.errorWithMessage(protocol, "No shells on this server.\r\n")
--
--    def windowChanged(self, newWindowSize):
--        """See ISession."""
--        raise NotImplementedError(self.windowChanged)
 === removed file 'lib/lp/services/sshserver/sftp.py'
 --- lib/lp/services/sshserver/sftp.py	2010-08-20 20:31:18 +0000
 +++ lib/lp/services/sshserver/sftp.py	1970-01-01 00:00:00 +0000
@@ -1,45 +0,0 @@
--# Copyright 2010 Canonical Ltd.  This software is licensed under the
--# GNU Affero General Public License version 3 (see the file LICENSE).
--
--"""Generic SFTP server functionality."""
--
--__metaclass__ = type
--__all__ = [
--    'FileIsADirectory',
--    'FileTransferServer',
--    ]
--
--from bzrlib import errors as bzr_errors
--from twisted.conch.ssh import filetransfer
--from zope.event import notify
--
--from lp.services.sshserver import events
--
--
--class FileIsADirectory(bzr_errors.PathError):
--    """Raised when writeChunk is called on a directory.
--
--    This exists mainly to be translated into the appropriate SFTP error.
--    """
--
--    _fmt = 'File is a directory: %(path)r%(extra)s'
--
--
--class FileTransferServer(filetransfer.FileTransferServer):
--    """SFTP protocol implementation that logs key events."""
--
--    def __init__(self, data=None, avatar=None):
--        filetransfer.FileTransferServer.__init__(self, data, avatar)
--        notify(events.SFTPStarted(avatar))
--        self.avatar = avatar
--
--    def connectionLost(self, reason):
--        # This method gets called twice: once from `SSHChannel.closeReceived`
--        # when the client closes the channel and once from `SSHSession.closed`
--        # when the server closes the session. We change the avatar attribute
--        # to avoid logging the `SFTPClosed` event twice.
--        filetransfer.FileTransferServer.connectionLost(self, reason)
--        if self.avatar is not None:
--            avatar = self.avatar
--            self.avatar = None
--            notify(events.SFTPClosed(avatar))
 === removed directory 'lib/lp/services/sshserver/tests'
 === removed file 'lib/lp/services/sshserver/tests/__init__.py'
 --- lib/lp/services/sshserver/tests/__init__.py	2010-04-15 14:49:55 +0000
 +++ lib/lp/services/sshserver/tests/__init__.py	1970-01-01 00:00:00 +0000
@@ -1,8 +0,0 @@
--# Copyright 2010 Canonical Ltd.  This software is licensed under the
--# GNU Affero General Public License version 3 (see the file LICENSE).
--
--"""Tests for the Launchpad SSH server."""
--
--__metaclass__ = type
--__all__ = []
--
 === removed directory 'lib/lp/services/sshserver/tests/keys'
 === removed file 'lib/lp/services/sshserver/tests/keys/ssh_host_key_rsa'
 --- lib/lp/services/sshserver/tests/keys/ssh_host_key_rsa	2010-04-15 15:27:30 +0000
 +++ lib/lp/services/sshserver/tests/keys/ssh_host_key_rsa	1970-01-01 00:00:00 +0000
@@ -1,15 +0,0 @@
-------BEGIN RSA PRIVATE KEY-----
--MIICXAIBAAKBgQDSSpVRPhCiU9PPuZN7QyJdMOgTVwPyYpZGOHutR/9kxFvOLa39
--nY0Eqo39OTumfZBMEEVqIPadQanO9LcdTnl9/Z4LcBGn09EFQ2y7VUkC6J2dSQtr
--YMY0tV+C5HGZ2oYBWKBl5PZ1RI4+qrJpAMMmINdnF0uEE/x8B1iMWGB3PwIBIwKB
--gQCcN2ebb+8ZgBmwQLazVnFMirsHDXClbc630i/9EOmbUAmvGp6B4sCHH5ytevkc
--l8pHIget7JnxKXbUQMKKzJTCpPwwEyL3ZVDxYXg37WQU74cVf93CjOjChs+hOeS1
--sW5m9JFr9oomL5JWnGXr+TV/kYBCNVW++J1Bckn6kYpH+wJBAPUw0ZunXlBRuugA
--YTSmXUUX+ALu6maDD1t7gAk37waxNQMaH5DMk5R4IQtoxeQgCLqL2yEJUqK1lxOy
--wlp1k8UCQQDbj+Vr4poE9MpYNtPDiDqv2aXe6CJ3p1qQuNE0rSxk+0G9h3ASISRw
--DDLgcapg2xkOvG3pidfAJG9P827XiVszAkEA4CyiYm0jB5suivkIaqa7rOK23hxE
--BfQrTFOoQvFPkRcL5ZQ6Hfzes6EIRPIUA8WEUskC3GBLjXLTRTW5Aj+dCwJBAMi+
--E5XWfjBqx6EcL1OvwKDG/g2hCZH4GEnNjBLneQveZ/29qEsW/L43CfHHAiyrD5hx
--w5OxOklF4h02VrZu9EsCQBEZcTAQOrWnkmp7uBrz1V8nFLAE6zFh/6Wj1Mn8k08j
--pcsLJAhm+qlV7EtV/5rk+v3WcXrKiRIiiC0Ron96Dx0=
-------END RSA PRIVATE KEY-----
 === removed file 'lib/lp/services/sshserver/tests/keys/ssh_host_key_rsa.pub'
 --- lib/lp/services/sshserver/tests/keys/ssh_host_key_rsa.pub	2010-04-15 15:27:30 +0000
 +++ lib/lp/services/sshserver/tests/keys/ssh_host_key_rsa.pub	1970-01-01 00:00:00 +0000
@@ -1,1 +0,0 @@
--ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA0kqVUT4QolPTz7mTe0MiXTDoE1cD8mKWRjh7rUf/ZMRbzi2t/Z2NBKqN/Tk7pn2QTBBFaiD2nUGpzvS3HU55ff2eC3ARp9PRBUNsu1VJAuidnUkLa2DGNLVfguRxmdqGAVigZeT2dUSOPqqyaQDDJiDXZxdLhBP8fAdYjFhgdz8= andrew@frobozz
 === removed file 'lib/lp/services/sshserver/tests/test_accesslog.py'
 --- lib/lp/services/sshserver/tests/test_accesslog.py	2012-03-26 06:08:39 +0000
 +++ lib/lp/services/sshserver/tests/test_accesslog.py	1970-01-01 00:00:00 +0000
@@ -1,146 +0,0 @@
--# Copyright 2009 Canonical Ltd.  This software is licensed under the
--# GNU Affero General Public License version 3 (see the file LICENSE).
--
--"""Tests for the logging system of the sshserver."""
--
--__metaclass__ = type
--
--import codecs
--import logging
--from logging.handlers import WatchedFileHandler
--import os
--from StringIO import StringIO
--import sys
--import tempfile
--
--from bzrlib.tests import TestCase as BzrTestCase
--import zope.component.event
--
--from lp.services.sshserver.accesslog import LoggingManager
--from lp.testing import TestCase
--
--
--class LoggingManagerMixin:
--
--    _log_count = 0
--
--    def makeLogger(self, name=None):
--        if name is None:
--            self._log_count += 1
--            name = '%s-%s' % (self.id().split('.')[-1], self._log_count)
--        return logging.getLogger(name)
--
--    def installLoggingManager(self, main_log=None, access_log=None,
--                              access_log_path=None):
--        if main_log is None:
--            main_log = self.makeLogger()
--        if access_log is None:
--            access_log = self.makeLogger()
--        if access_log_path is None:
--            fd, access_log_path = tempfile.mkstemp()
--            os.close(fd)
--            self.addCleanup(os.unlink, access_log_path)
--        manager = LoggingManager(main_log, access_log, access_log_path)
--        manager.setUp()
--        self.addCleanup(manager.tearDown)
--        return manager
--
--
--class TestLoggingBazaarInteraction(BzrTestCase, LoggingManagerMixin):
--
--    def setUp(self):
--        BzrTestCase.setUp(self)
--
--        # Trap stderr.
--        self._real_stderr = sys.stderr
--        sys.stderr = codecs.getwriter('utf8')(StringIO())
--
--    def tearDown(self):
--        sys.stderr = self._real_stderr
--        BzrTestCase.tearDown(self)
--
--    def test_leaves_bzr_handlers_unchanged(self):
--        # Bazaar's log handling is untouched by logging setup.
--        root_handlers = logging.getLogger('').handlers
--        bzr_handlers = logging.getLogger('bzr').handlers
--
--        self.installLoggingManager()
--
--        self.assertEqual(root_handlers, logging.getLogger('').handlers)
--        self.assertEqual(bzr_handlers, logging.getLogger('bzr').handlers)
--
--    def test_log_doesnt_go_to_stderr(self):
--        # Once logging setup is called, any messages logged to the
--        # SSH server logger should *not* be logged to stderr. If they are,
--        # they will appear on the user's terminal.
--        log = self.makeLogger()
--        self.installLoggingManager(log)
--
--        # Make sure that a logged message does not go to stderr.
--        log.info('Hello hello')
--        self.assertEqual(sys.stderr.getvalue(), '')
--
--
--class TestLoggingManager(TestCase, LoggingManagerMixin):
--
--    def test_main_log_handlers(self):
--        # There needs to be at least one handler for the root logger. If there
--        # isn't, we'll get constant errors complaining about the lack of
--        # logging handlers.
--        log = self.makeLogger()
--        self.assertEqual([], log.handlers)
--        self.installLoggingManager(log)
--        self.assertNotEqual([], log.handlers)
--
--    def _get_handlers(self):
--        registrations = (
--            zope.component.getGlobalSiteManager().registeredHandlers())
--        return [
--            registration.factory
--            for registration in registrations]
--
--    def test_set_up_registers_event_handler(self):
--        manager = self.installLoggingManager()
--        self.assertIn(manager._log_event, self._get_handlers())
--
--    def test_teardown_restores_event_handlers(self):
--        handlers = self._get_handlers()
--        manager = self.installLoggingManager()
--        manager.tearDown()
--        self.assertEqual(handlers, self._get_handlers())
--
--    def test_teardown_restores_level(self):
--        log = self.makeLogger()
--        old_level = log.level
--        manager = self.installLoggingManager(log)
--        manager.tearDown()
--        self.assertEqual(old_level, log.level)
--
--    def test_teardown_restores_main_log_handlers(self):
--        # tearDown restores log handlers for the main logger.
--        log = self.makeLogger()
--        handlers = list(log.handlers)
--        manager = self.installLoggingManager(log)
--        manager.tearDown()
--        self.assertEqual(handlers, log.handlers)
--
--    def test_teardown_restores_access_log_handlers(self):
--        # tearDown restores log handlers for the access logger.
--        log = self.makeLogger()
--        handlers = list(log.handlers)
--        manager = self.installLoggingManager(access_log=log)
--        manager.tearDown()
--        self.assertEqual(handlers, log.handlers)
--
--    def test_access_handlers(self):
--        # The logging setup installs a rotatable log handler that logs output
--        # to the SSH server access log.
--        directory = self.makeTemporaryDirectory()
--        access_log = self.makeLogger()
--        access_log_path = os.path.join(directory, 'access.log')
--        self.installLoggingManager(
--            access_log=access_log,
--            access_log_path=access_log_path)
--        [handler] = access_log.handlers
--        self.assertIsInstance(handler, WatchedFileHandler)
--        self.assertEqual(access_log_path, handler.baseFilename)
 === removed file 'lib/lp/services/sshserver/tests/test_auth.py'
 --- lib/lp/services/sshserver/tests/test_auth.py	2012-01-01 02:58:52 +0000
 +++ lib/lp/services/sshserver/tests/test_auth.py	1970-01-01 00:00:00 +0000
@@ -1,516 +0,0 @@
--# Copyright 2009-2010 Canonical Ltd.  This software is licensed under the
--# GNU Affero General Public License version 3 (see the file LICENSE).
--
--import os
--
--from testtools.deferredruntest import (
--    assert_fails_with,
--    AsynchronousDeferredRunTest,
--    flush_logged_errors,
--    )
--from twisted.conch.checkers import SSHPublicKeyDatabase
--from twisted.conch.error import ConchError
--from twisted.conch.ssh import userauth
--from twisted.conch.ssh.common import (
--    getNS,
--    NS,
--    )
--from twisted.conch.ssh.keys import (
--    BadKeyError,
--    Key,
--    )
--from twisted.conch.ssh.transport import (
--    SSHCiphers,
--    SSHServerTransport,
--    )
--from twisted.cred.error import UnauthorizedLogin
--from twisted.cred.portal import (
--    IRealm,
--    Portal,
--    )
--from twisted.internet import defer
--from twisted.python import failure
--from twisted.python.util import sibpath
--from zope.interface import implements
--
--from lp.services.sshserver import auth
--from lp.services.twistedsupport import suppress_stderr
--from lp.testing import TestCase
--from lp.xmlrpc import faults
--
--
--class MockRealm:
--    """A mock realm for testing userauth.SSHUserAuthServer.
--
--    This realm is not actually used in the course of testing, so calls to
--    requestAvatar will raise an exception.
--    """
--
--    implements(IRealm)
--
--    def requestAvatar(self, avatar_id, mind, *interfaces):
--        user_dict = {
--            'id': avatar_id, 'name': avatar_id, 'teams': [],
--            'initialBranches': []}
--        return (
--            interfaces[0], auth.LaunchpadAvatar(user_dict), lambda: None)
--
--
--class MockSSHTransport(SSHServerTransport):
--    """A mock SSH transport for testing userauth.SSHUserAuthServer.
--
--    SSHUserAuthServer expects an SSH transport which has a factory attribute
--    which in turn has a portal attribute. Because the portal is important for
--    testing authentication, we need to be able to provide an interesting portal
--    object to the SSHUserAuthServer.
--
--    In addition, we want to be able to capture any packets sent over the
--    transport.
--    """
--
--    class Factory:
--        def getService(self, transport, nextService):
--            return lambda: None
--
--    def __init__(self, portal):
--        # In Twisted 8.0.1, Conch's transport starts referring to
--        # currentEncryptions where it didn't before. Provide a dummy value for
--        # it.
--        self.currentEncryptions = SSHCiphers('none', 'none', 'none', 'none')
--        self.packets = []
--        self.factory = self.Factory()
--        self.factory.portal = portal
--
--    def sendPacket(self, messageType, payload):
--        self.packets.append((messageType, payload))
--
--    def setService(self, service):
--        pass
--
--
--class UserAuthServerMixin(object):
--    def setUp(self):
--        self.portal = Portal(MockRealm())
--        self.transport = MockSSHTransport(self.portal)
--        self.user_auth = auth.SSHUserAuthServer(self.transport)
--
--    def _getMessageName(self, message_type):
--        """Get the name of the message for the given message type constant."""
--        return userauth.SSHUserAuthServer.protocolMessages[message_type]
--
--    def assertMessageOrder(self, message_types):
--        """Assert that SSH messages were sent in the given order."""
--        messages = userauth.SSHUserAuthServer.protocolMessages
--        self.assertEqual(
--            [messages[msg_type] for msg_type in message_types],
--            [messages[packet_type]
--             for packet_type, contents in self.transport.packets])
--
--    def assertBannerSent(self, banner_message, expected_language='en'):
--        """Assert that 'banner_message' was sent as an SSH banner."""
--        # Check that we received a BANNER, then a FAILURE.
--        for packet_type, packet_content in self.transport.packets:
--            if packet_type == userauth.MSG_USERAUTH_BANNER:
--                bytes, language, empty = getNS(packet_content, 2)
--                self.assertEqual(banner_message, bytes.decode('UTF8'))
--                self.assertEqual(expected_language, language)
--                self.assertEqual('', empty)
--                break
--        else:
--            self.fail("No banner logged.")
--
--
--class TestUserAuthServer(TestCase, UserAuthServerMixin):
--
--    def setUp(self):
--        TestCase.setUp(self)
--        UserAuthServerMixin.setUp(self)
--
--    def test_sendBanner(self):
--        # sendBanner should send an SSH 'packet' with type MSG_USERAUTH_BANNER
--        # and two fields. The first field is the message itself, and the
--        # second is the language tag.
--        #
--        # sendBanner automatically adds a trailing newline, because openssh
--        # and Twisted don't add one when displaying the banner.
--        #
--        # See RFC 4252, Section 5.4.
--        message = u"test message"
--        self.user_auth.sendBanner(message, language='en-US')
--        self.assertBannerSent(message + '\r\n', 'en-US')
--        self.assertEqual(
--            1, len(self.transport.packets),
--            "More than just banner was sent: %r" % self.transport.packets)
--
--    def test_sendBannerUsesCRLF(self):
--        # sendBanner should make sure that any line breaks in the message are
--        # sent as CR LF pairs.
--        #
--        # See RFC 4252, Section 5.4.
--        self.user_auth.sendBanner(u"test\nmessage")
--        [(messageType, payload)] = self.transport.packets
--        bytes, language, empty = getNS(payload, 2)
--        self.assertEqual(bytes.decode('UTF8'), u"test\r\nmessage\r\n")
--
--    def test_requestRaisesConchError(self):
--        # ssh_USERAUTH_REQUEST should raise a ConchError if tryAuth returns
--        # None. Added to catch a bug noticed by pyflakes.
--        # Whitebox test.
--        def mock_try_auth(kind, user, data):
--            return None
--        def mock_eb_bad_auth(reason):
--            reason.trap(ConchError)
--        tryAuth = self.user_auth.tryAuth
--        self.user_auth.tryAuth = mock_try_auth
--        _ebBadAuth, self.user_auth._ebBadAuth = (self.user_auth._ebBadAuth,
--                                                 mock_eb_bad_auth)
--        self.user_auth.serviceStarted()
--        try:
--            packet = NS('jml') + NS('foo') + NS('public_key') + NS('data')
--            self.user_auth.ssh_USERAUTH_REQUEST(packet)
--        finally:
--            self.user_auth.serviceStopped()
--            self.user_auth.tryAuth = tryAuth
--            self.user_auth._ebBadAuth = _ebBadAuth
--
--
--class MockChecker(SSHPublicKeyDatabase):
--    """A very simple public key checker which rejects all offered credentials.
--
--    Used by TestAuthenticationBannerDisplay to test that errors raised by
--    checkers are sent to SSH clients.
--    """
--
--    error_message = u'error message'
--
--    def requestAvatarId(self, credentials):
--        if credentials.username == 'success':
--            return credentials.username
--        else:
--            return failure.Failure(
--                auth.UserDisplayedUnauthorizedLogin(self.error_message))
--
--
--class TestAuthenticationBannerDisplay(UserAuthServerMixin, TestCase):
--    """Check that auth error information is passed through to the client.
--
--    Normally, SSH servers provide minimal information on failed authentication.
--    With Launchpad, much more user information is public, so it is helpful and
--    not insecure to tell users why they failed to authenticate.
--
--    SSH doesn't provide a standard way of doing this, but the
--    MSG_USERAUTH_BANNER message is allowed and seems appropriate. See RFC 4252,
--    Section 5.4 for more information.
--    """
--
--    run_tests_with = AsynchronousDeferredRunTest
--
--    def setUp(self):
--        UserAuthServerMixin.setUp(self)
--        TestCase.setUp(self)
--        self.portal.registerChecker(MockChecker())
--        self.user_auth.serviceStarted()
--        self.key_data = self._makeKey()
--
--    def tearDown(self):
--        self.user_auth.serviceStopped()
--        TestCase.tearDown(self)
--
--    def _makeKey(self):
--        keydir = sibpath(__file__, 'keys')
--        public_key = Key.fromString(
--            open(os.path.join(keydir, 'ssh_host_key_rsa.pub'), 'rb').read())
--        if isinstance(public_key, str):
--            return chr(0) + NS('rsa') + NS(public_key)
--        else:
--            return chr(0) + NS('rsa') + NS(public_key.blob())
--
--    def requestFailedAuthentication(self):
--        return self.user_auth.ssh_USERAUTH_REQUEST(
--            NS('failure') + NS('') + NS('publickey') + self.key_data)
--
--    def requestSuccessfulAuthentication(self):
--        return self.user_auth.ssh_USERAUTH_REQUEST(
--            NS('success') + NS('') + NS('publickey') + self.key_data)
--
--    def requestUnsupportedAuthentication(self):
--        # Note that it doesn't matter how the checker responds -- the server
--        # doesn't get that far.
--        return self.user_auth.ssh_USERAUTH_REQUEST(
--            NS('success') + NS('') + NS('none') + NS(''))
--
--    def test_bannerNotSentOnSuccess(self):
--        # No banner is printed when the user authenticates successfully.
--        self.user_auth._banner = None
--
--        d = self.requestSuccessfulAuthentication()
--        def check(ignored):
--            # Check that no banner was sent to the user.
--            self.assertMessageOrder([userauth.MSG_USERAUTH_SUCCESS])
--        return d.addCallback(check)
--
--    def test_defaultBannerSentOnSuccess(self):
--        # If a banner was passed to the user auth agent then we send it to the
--        # user when they log in.
--        self.user_auth._banner = "Boogedy boo"
--        d = self.requestSuccessfulAuthentication()
--        def check(ignored):
--            self.assertMessageOrder(
--                [userauth.MSG_USERAUTH_BANNER, userauth.MSG_USERAUTH_SUCCESS])
--            self.assertBannerSent(self.user_auth._banner + '\r\n')
--        return d.addCallback(check)
--
--    def test_defaultBannerSentOnlyOnce(self):
--        # We don't send the banner on each authentication attempt, just on the
--        # first one. It is usual for there to be many authentication attempts
--        # per SSH session.
--        self.user_auth._banner = "Boogedy boo"
--
--        d = self.requestUnsupportedAuthentication()
--        d.addCallback(lambda ignored: self.requestSuccessfulAuthentication())
--
--        def check(ignored):
--            # Check that no banner was sent to the user.
--            self.assertMessageOrder(
--                [userauth.MSG_USERAUTH_FAILURE, userauth.MSG_USERAUTH_BANNER,
--                 userauth.MSG_USERAUTH_SUCCESS])
--            self.assertBannerSent(self.user_auth._banner + '\r\n')
--
--        return d.addCallback(check)
--
--    def test_defaultBannerNotSentOnFailure(self):
--        # Failed authentication attempts do not get the default banner
--        # sent.
--        self.user_auth._banner = "You come away two hundred quid down"
--
--        d = self.requestFailedAuthentication()
--
--        def check(ignored):
--            self.assertMessageOrder(
--                [userauth.MSG_USERAUTH_BANNER, userauth.MSG_USERAUTH_FAILURE])
--            self.assertBannerSent(MockChecker.error_message + '\r\n')
--
--        return d.addCallback(check)
--
--    def test_loggedToBanner(self):
--        # When there's an authentication failure, we display an informative
--        # error message through the SSH authentication protocol 'banner'.
--        d = self.requestFailedAuthentication()
--        def check(ignored):
--            # Check that we received a BANNER, then a FAILURE.
--            self.assertMessageOrder(
--                [userauth.MSG_USERAUTH_BANNER, userauth.MSG_USERAUTH_FAILURE])
--            self.assertBannerSent(MockChecker.error_message + '\r\n')
--        return d.addCallback(check)
--
--    def test_unsupportedAuthMethodNotLogged(self):
--        # Trying various authentication methods is a part of the normal
--        # operation of the SSH authentication protocol. We should not spam the
--        # client with warnings about this, as whenever it becomes a problem,
--        # we can rely on the SSH client itself to report it to the user.
--        d = self.requestUnsupportedAuthentication()
--        def check(ignored):
--            # Check that we received only a FAILRE.
--            self.assertMessageOrder([userauth.MSG_USERAUTH_FAILURE])
--        return d.addCallback(check)
--
--
--class TestPublicKeyFromLaunchpadChecker(TestCase):
--    """Tests for the SSH server authentication mechanism.
--
--    PublicKeyFromLaunchpadChecker accepts the SSH authentication information
--    and contacts the authserver to determine if the given details are valid.
--
--    Any authentication errors are displayed back to the user via an SSH
--    MSG_USERAUTH_BANNER message.
--    """
--
--    run_tests_with = AsynchronousDeferredRunTest
--
--    class FakeAuthenticationEndpoint:
--        """A fake client for enough of `IAuthServer` for this test.
--        """
--
--        valid_user = 'valid_user'
--        no_key_user = 'no_key_user'
--        valid_key = 'valid_key'
--
--        def __init__(self):
--            self.calls = []
--
--        def callRemote(self, function_name, *args, **kwargs):
--            return getattr(
--                self, 'xmlrpc_%s' % function_name)(*args, **kwargs)
--
--        def xmlrpc_getUserAndSSHKeys(self, username):
--            self.calls.append(username)
--            if username == self.valid_user:
--                return defer.succeed({
--                    'name': username,
--                    'keys': [('DSA', self.valid_key.encode('base64'))],
--                    })
--            elif username == self.no_key_user:
--                return defer.succeed({
--                    'name': username,
--                    'keys': [],
--                    })
--            else:
--                try:
--                    raise faults.NoSuchPersonWithName(username)
--                except faults.NoSuchPersonWithName:
--                    return defer.fail()
--
--    def makeCredentials(self, username, public_key, mind=None):
--        if mind is None:
--            mind = auth.UserDetailsMind()
--        return auth.SSHPrivateKeyWithMind(
--            username, 'ssh-dss', public_key, '', None, mind)
--
--    def makeChecker(self, do_signature_checking=False):
--        """Construct a PublicKeyFromLaunchpadChecker.
--
--        :param do_signature_checking: if False, as is the default, monkeypatch
--            the returned instance to not verify the signatures of the keys.
--        """
--        checker = auth.PublicKeyFromLaunchpadChecker(self.authserver)
--        if not do_signature_checking:
--            checker._cbRequestAvatarId = self._cbRequestAvatarId
--        return checker
--
--    def _cbRequestAvatarId(self, is_key_valid, credentials):
--        if is_key_valid:
--            return credentials.username
--        return failure.Failure(UnauthorizedLogin())
--
--    def setUp(self):
--        TestCase.setUp(self)
--        self.authserver = self.FakeAuthenticationEndpoint()
--
--    def test_successful(self):
--        # Attempting to log in with a username and key known to the
--        # authentication end-point succeeds.
--        creds = self.makeCredentials(
--            self.authserver.valid_user, self.authserver.valid_key)
--        checker = self.makeChecker()
--        d = checker.requestAvatarId(creds)
--        return d.addCallback(self.assertEqual, self.authserver.valid_user)
--
--    @suppress_stderr
--    def test_invalid_signature(self):
--        # The checker requests attempts to authenticate if the requests have
--        # an invalid signature.
--        creds = self.makeCredentials(
--            self.authserver.valid_user, self.authserver.valid_key)
--        creds.signature = 'a'
--        checker = self.makeChecker(True)
--        d = checker.requestAvatarId(creds)
--        def flush_errback(f):
--            flush_logged_errors(BadKeyError)
--            return f
--        d.addErrback(flush_errback)
--        return assert_fails_with(d, UnauthorizedLogin)
--
--    def assertLoginError(self, checker, creds, error_message):
--        """Logging in with 'creds' against 'checker' fails with 'message'.
--
--        In particular, this tests that the login attempt fails in a way that
--        is sent to the client.
--
--        :param checker: The `ICredentialsChecker` used.
--        :param creds: SSHPrivateKey credentials.
--        :param error_message: String excepted to match the exception's message.
--        :return: Deferred. You must return this from your test.
--        """
--        d = assert_fails_with(
--            checker.requestAvatarId(creds),
--            auth.UserDisplayedUnauthorizedLogin)
--        d.addCallback(
--            lambda exception: self.assertEqual(str(exception), error_message))
--        return d
--
--    def test_noSuchUser(self):
--        # When someone signs in with a non-existent user, they should be told
--        # that. The usual security issues don't apply here because the list of
--        # Launchpad user names is public.
--        checker = self.makeChecker()
--        creds = self.makeCredentials(
--            'no-such-user', self.authserver.valid_key)
--        return self.assertLoginError(
--            checker, creds, 'No such Launchpad account: no-such-user')
--
--    def test_noKeys(self):
--        # When you sign into an existing account with no SSH keys, the SSH
--        # server informs you that the account has no keys.
--        checker = self.makeChecker()
--        creds = self.makeCredentials(
--            self.authserver.no_key_user, self.authserver.valid_key)
--        return self.assertLoginError(
--            checker, creds,
--            "Launchpad user %r doesn't have a registered SSH key"
--            % self.authserver.no_key_user)
--
--    def test_wrongKey(self):
--        # When you sign into an existing account using the wrong key, you
--        # are *not* informed of the wrong key. This is because SSH often
--        # tries several keys as part of normal operation.
--        checker = self.makeChecker()
--        creds = self.makeCredentials(
--            self.authserver.valid_user, 'invalid key')
--        # We cannot use assertLoginError because we are checking that we fail
--        # with UnauthorizedLogin and not its subclass
--        # UserDisplayedUnauthorizedLogin.
--        d = assert_fails_with(
--            checker.requestAvatarId(creds),
--            UnauthorizedLogin)
--        d.addCallback(
--            lambda exception:
--            self.failIf(isinstance(exception,
--                                   auth.UserDisplayedUnauthorizedLogin),
--                        "Should not be a UserDisplayedUnauthorizedLogin"))
--        return d
--
--    def test_successful_with_second_key_calls_authserver_once(self):
--        # It is normal in SSH authentication to be presented with a number of
--        # keys.  When the valid key is presented after some invalid ones (a)
--        # the login succeeds and (b) only one call is made to the authserver
--        # to retrieve the user's details.
--        checker = self.makeChecker()
--        mind = auth.UserDetailsMind()
--        wrong_key_creds = self.makeCredentials(
--            self.authserver.valid_user, 'invalid key', mind)
--        right_key_creds = self.makeCredentials(
--            self.authserver.valid_user, self.authserver.valid_key, mind)
--        d = checker.requestAvatarId(wrong_key_creds)
--        def try_second_key(failure):
--            failure.trap(UnauthorizedLogin)
--            return checker.requestAvatarId(right_key_creds)
--        d.addErrback(try_second_key)
--        d.addCallback(self.assertEqual, self.authserver.valid_user)
--        def check_one_call(r):
--            self.assertEqual(
--                [self.authserver.valid_user], self.authserver.calls)
--            return r
--        d.addCallback(check_one_call)
--        return d
--
--    def test_noSuchUser_with_two_keys_calls_authserver_once(self):
--        # When more than one key is presented for a username that does not
--        # exist, only one call is made to the authserver.
--        checker = self.makeChecker()
--        mind = auth.UserDetailsMind()
--        creds_1 = self.makeCredentials(
--            'invalid-user', 'invalid key 1', mind)
--        creds_2 = self.makeCredentials(
--            'invalid-user', 'invalid key 2', mind)
--        d = checker.requestAvatarId(creds_1)
--        def try_second_key(failure):
--            return assert_fails_with(
--                checker.requestAvatarId(creds_2),
--                UnauthorizedLogin)
--        d.addErrback(try_second_key)
--        def check_one_call(r):
--            self.assertEqual(
--                ['invalid-user'], self.authserver.calls)
--            return r
--        d.addCallback(check_one_call)
--        return d
 === removed file 'lib/lp/services/sshserver/tests/test_events.py'
 --- lib/lp/services/sshserver/tests/test_events.py	2011-08-12 11:37:08 +0000
 +++ lib/lp/services/sshserver/tests/test_events.py	1970-01-01 00:00:00 +0000
@@ -1,91 +0,0 @@
--# Copyright 2010 Canonical Ltd.  This software is licensed under the
--# GNU Affero General Public License version 3 (see the file LICENSE).
--
--"""Tests for the logging events."""
--
--__metaclass__ = type
--
--import logging
--
--from zope.component import (
--    adapter,
--    getGlobalSiteManager,
--    provideHandler,
--    )
--# This non-standard import is necessary to hook up the event system.
--import zope.component.event
--from zope.event import notify
--
--from lp.services.sshserver.events import (
--    ILoggingEvent,
--    LoggingEvent,
--    )
--from lp.testing import TestCase
--
--
--class ListHandler(logging.Handler):
--    """Logging handler that just appends records to a list.
--
--    This handler isn't intended to be used by production code -- memory leak
--    city! -- instead it's useful for unit tests that want to make sure the
--    right events are being logged.
--    """
--
--    def __init__(self, logging_list):
--        """Construct a `ListHandler`.
--
--        :param logging_list: A list that will be appended to. The handler
--             mutates this list.
--        """
--        logging.Handler.__init__(self)
--        self._list = logging_list
--
--    def emit(self, record):
--        """Append 'record' to the list."""
--        self._list.append(record)
--
--
--class TestLoggingEvent(TestCase):
--
--    def assertLogs(self, records, function, *args, **kwargs):
--        """Assert 'function' logs 'records' when run with the given args."""
--        logged_events = []
--        handler = ListHandler(logged_events)
--        self.logger.addHandler(handler)
--        result = function(*args, **kwargs)
--        self.logger.removeHandler(handler)
--        self.assertEqual(
--            [(record.levelno, record.getMessage())
--             for record in logged_events], records)
--        return result
--
--    def assertEventLogs(self, record, logging_event):
--        self.assertLogs([record], notify, logging_event)
--
--    def setUp(self):
--        TestCase.setUp(self)
--        logger = logging.getLogger(self.factory.getUniqueString())
--        logger.setLevel(logging.DEBUG)
--        self.logger = logger
--
--        @adapter(ILoggingEvent)
--        def _log_event(event):
--            logger.log(event.level, event.message)
--
--        provideHandler(_log_event)
--        self.addCleanup(getGlobalSiteManager().unregisterHandler, _log_event)
--
--    def test_level(self):
--        event = LoggingEvent(logging.CRITICAL, "foo")
--        self.assertEventLogs((logging.CRITICAL, 'foo'), event)
--
--    def test_formatting(self):
--        event = LoggingEvent(logging.DEBUG, "foo: %(name)s", name="bar")
--        self.assertEventLogs((logging.DEBUG, 'foo: bar'), event)
--
--    def test_subclass(self):
--        class SomeEvent(LoggingEvent):
--            template = "%(something)s happened."
--            level = logging.INFO
--        self.assertEventLogs(
--            (logging.INFO, 'foo happened.'), SomeEvent(something='foo'))
 === removed file 'lib/lp/services/sshserver/tests/test_session.py'
 --- lib/lp/services/sshserver/tests/test_session.py	2011-08-12 11:37:08 +0000
 +++ lib/lp/services/sshserver/tests/test_session.py	1970-01-01 00:00:00 +0000
@@ -1,99 +0,0 @@
--# Copyright 2010 Canonical Ltd.  This software is licensed under the
--# GNU Affero General Public License version 3 (see the file LICENSE).
--
--"""Tests for generic SSH session support."""
--
--__metaclass__ = type
--
--from twisted.conch.interfaces import ISession
--from twisted.conch.ssh import connection
--
--from lp.services.sshserver.session import DoNothingSession
--from lp.testing import TestCase
--
--
--class MockSSHSession:
--    """Just enough of SSHSession to allow checking of reporting to stderr."""
--
--    def __init__(self, log):
--        self.log = log
--
--    def writeExtended(self, channel, data):
--        self.log.append(('writeExtended', channel, data))
--
--
--class MockProcessTransport:
--    """Mock transport used to fake speaking with child processes that are
--    mocked out in tests.
--    """
--
--    def __init__(self, executable):
--        self._executable = executable
--        self.log = []
--        self.session = MockSSHSession(self.log)
--
--    def closeStdin(self):
--        self.log.append(('closeStdin',))
--
--    def loseConnection(self):
--        self.log.append(('loseConnection',))
--
--    def signalProcess(self, signal):
--        self.log.append(('signalProcess', signal))
--
--    def write(self, data):
--        self.log.append(('write', data))
--
--
--class TestDoNothing(TestCase):
--    """Tests for DoNothingSession."""
--
--    def setUp(self):
--        super(TestDoNothing, self).setUp()
--        self.session = DoNothingSession(None)
--
--    def test_getPtyIsANoOp(self):
--        # getPty is called on the way to establishing a shell. Since we don't
--        # give out shells, it should be a no-op. Raising an exception would
--        # log an OOPS, so we won't do that.
--        self.assertEqual(None, self.session.getPty(None, None, None))
--
--    def test_openShellNotImplemented(self):
--        # openShell closes the connection.
--        protocol = MockProcessTransport('bash')
--        self.session.openShell(protocol)
--        self.assertEqual(
--            [('writeExtended', connection.EXTENDED_DATA_STDERR,
--              'No shells on this server.\r\n'),
--             ('loseConnection',)],
--            protocol.log)
--
--    def test_windowChangedNotImplemented(self):
--        # windowChanged raises a NotImplementedError. It doesn't matter what
--        # we pass it.
--        self.assertRaises(NotImplementedError,
--                          self.session.windowChanged, None)
--
--    def test_providesISession(self):
--        # DoNothingSession must provide ISession.
--        self.failUnless(ISession.providedBy(self.session),
--                        "DoNothingSession doesn't implement ISession")
--
--    def test_closedDoesNothing(self):
--        # closed is a no-op.
--        self.assertEqual(None, self.session.closed())
--
--    def test_execCommandNotImplemented(self):
--        # DoNothingSession.execCommand spawns the appropriate process.
--        protocol = MockProcessTransport('bash')
--        command = 'cat /etc/hostname'
--        self.session.execCommand(protocol, command)
--        self.assertEqual(
--            [('writeExtended', connection.EXTENDED_DATA_STDERR,
--              'Not allowed to execute commands on this server.\r\n'),
--             ('loseConnection',)],
--            protocol.log)
--
--    def test_eofReceivedDoesNothingWhenNoCommand(self):
--        # When no process has been created, 'eofReceived' is a no-op.
--        self.assertEqual(None, self.session.eofReceived())
 === modified file 'setup.py'
 --- setup.py	2014-01-17 02:01:54 +0000
 +++ setup.py	2015-01-12 18:55:56 +0000
@@ -55,6 +55,7 @@
          'lazr.restful',
          'lazr.jobrunner',
          'lazr.smtptest',
++        'lazr.sshserver',
          'lazr.testing',
          'lazr.uri',
          'lpjsmin',
 === modified file 'versions.cfg'
 --- versions.cfg	2014-12-08 02:23:41 +0000
 +++ versions.cfg	2015-01-12 18:55:56 +0000
@@ -53,6 +53,7 @@
  lazr.restful = 0.19.10
  lazr.restfulclient = 0.13.2
  lazr.smtptest = 1.3
++lazr.sshserver = 0.1
  lazr.testing = 0.1.1
  lazr.uri = 1.0.2
  lpjsmin = 0.5