From 83a46c77565ac7d7ba94d8f8671080d888a3da58 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Tue, 3 Jul 2018 10:24:32 +0200
Subject: [PATCH] tests: Add knownhosts test for detecting conflics

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
---
 tests/client/torture_knownhosts_verify.c | 70 ++++++++++++++++++++++++
 1 file changed, 70 insertions(+)

diff --git a/tests/client/torture_knownhosts_verify.c b/tests/client/torture_knownhosts_verify.c
index 058a5757..2baaea7f 100644
--- a/tests/client/torture_knownhosts_verify.c
+++ b/tests/client/torture_knownhosts_verify.c
@@ -33,6 +33,8 @@
 
 #define TORTURE_KNOWN_HOSTS_FILE "libssh_torture_knownhosts"
 
+#define BAD_ED25519 "AAAAC3NzaC1lZDI1NTE5AAAAIE74wHmKKkrxpW/dZ69pKPlMoWG9VvWfrNnUkWRQqaDa"
+
 static int sshd_group_setup(void **state)
 {
     torture_setup_sshd_server(state);
@@ -283,6 +285,71 @@ static void torture_knownhosts_unknown(void **state)
     /* session will be freed by session_teardown() */
 }
 
+static void torture_knownhosts_conflict(void **state)
+{
+    struct torture_state *s = *state;
+    ssh_session session = s->ssh.session;
+    char known_hosts_file[1024] = {0};
+    enum ssh_known_hosts_e found;
+    FILE *file = NULL;
+    int rc;
+
+    snprintf(known_hosts_file,
+             sizeof(known_hosts_file),
+             "%s/%s",
+             s->socket_dir,
+             TORTURE_KNOWN_HOSTS_FILE);
+
+    file = fopen(known_hosts_file, "w");
+    assert_non_null(file);
+    fprintf(file,
+            "127.0.0.10 %s %s\n",
+            "ssh-ed25519",
+            BAD_ED25519);
+    fclose(file);
+
+    rc = ssh_options_set(session, SSH_OPTIONS_KNOWNHOSTS, known_hosts_file);
+    assert_ssh_return_code(session, rc);
+
+    rc = ssh_options_set(session, SSH_OPTIONS_HOSTKEYS, "ssh-ed25519");
+    assert_ssh_return_code(session, rc);
+
+    rc = ssh_connect(session);
+    assert_ssh_return_code(session, rc);
+
+    found = ssh_session_is_known_server(session);
+    assert_int_equal(found, SSH_KNOWN_HOSTS_CHANGED);
+
+    rc = ssh_session_update_known_hosts(session);
+    assert_ssh_return_code(session, rc);
+
+    ssh_disconnect(session);
+    ssh_free(session);
+
+    /* connect again and check host key */
+    session = ssh_new();
+    assert_non_null(session);
+
+    s->ssh.session = session;
+
+    rc = ssh_options_set(session, SSH_OPTIONS_HOST, TORTURE_SSH_SERVER);
+    assert_ssh_return_code(session, rc);
+
+    rc = ssh_options_set(session, SSH_OPTIONS_KNOWNHOSTS, known_hosts_file);
+    assert_ssh_return_code(session, rc);
+
+    rc = ssh_options_set(session, SSH_OPTIONS_HOSTKEYS, "ssh-ed25519");
+    assert_ssh_return_code(session, rc);
+
+    rc = ssh_connect(session);
+    assert_ssh_return_code(session, rc);
+
+    found = ssh_session_is_known_server(session);
+    assert_int_equal(found, SSH_KNOWN_HOSTS_OK);
+
+    /* session will be freed by session_teardown() */
+}
+
 int torture_run_tests(void) {
     int rc;
     struct CMUnitTest tests[] = {
@@ -301,6 +368,9 @@ int torture_run_tests(void) {
         cmocka_unit_test_setup_teardown(torture_knownhosts_unknown,
                                         session_setup,
                                         session_teardown),
+        cmocka_unit_test_setup_teardown(torture_knownhosts_conflict,
+                                        session_setup,
+                                        session_teardown),
     };
 
     ssh_init();