Beispiel #1
0
        def test_with_uid(self, initgroups, setuid, setgid, getpwuid,
                          parse_gid, parse_uid, getuid, geteuid, getgid,
                          getegid):
            geteuid.return_value = 10
            getuid.return_value = 10

            class pw_struct(object):
                pw_gid = 50001

            def raise_on_second_call(*args, **kwargs):
                setuid.side_effect = OSError()
                setuid.side_effect.errno = errno.EPERM

            setuid.side_effect = raise_on_second_call
            getpwuid.return_value = pw_struct()
            parse_uid.return_value = 5001
            parse_gid.return_value = 5001
            maybe_drop_privileges(uid='user')
            parse_uid.assert_called_with('user')
            getpwuid.assert_called_with(5001)
            setgid.assert_called_with(50001)
            initgroups.assert_called_with(5001, 50001)
            setuid.assert_has_calls([call(5001), call(0)])

            setuid.side_effect = raise_on_second_call

            def to_root_on_second_call(mock, first):
                return_value = [first]

                def on_first_call(*args, **kwargs):
                    ret, return_value[0] = return_value[0], 0
                    return ret

                mock.side_effect = on_first_call

            to_root_on_second_call(geteuid, 10)
            to_root_on_second_call(getuid, 10)
            with self.assertRaises(AssertionError):
                maybe_drop_privileges(uid='user')

            getuid.return_value = getuid.side_effect = None
            geteuid.return_value = geteuid.side_effect = None
            getegid.return_value = 0
            getgid.return_value = 0
            setuid.side_effect = raise_on_second_call
            with self.assertRaises(AssertionError):
                maybe_drop_privileges(gid='group')

            getuid.reset_mock()
            geteuid.reset_mock()
            setuid.reset_mock()
            getuid.side_effect = geteuid.side_effect = None

            def raise_on_second_call(*args, **kwargs):
                setuid.side_effect = OSError()
                setuid.side_effect.errno = errno.ENOENT

            setuid.side_effect = raise_on_second_call
            with self.assertRaises(OSError):
                maybe_drop_privileges(uid='user')
Beispiel #2
0
        def test_with_uid(
            self, initgroups, setuid, setgid, getpwuid, parse_gid, parse_uid, getuid, geteuid, getgid, getegid
        ):
            geteuid.return_value = 10
            getuid.return_value = 10

            class pw_struct(object):
                pw_gid = 50001

            def raise_on_second_call(*args, **kwargs):
                setuid.side_effect = OSError()
                setuid.side_effect.errno = errno.EPERM

            setuid.side_effect = raise_on_second_call
            getpwuid.return_value = pw_struct()
            parse_uid.return_value = 5001
            parse_gid.return_value = 5001
            maybe_drop_privileges(uid="user")
            parse_uid.assert_called_with("user")
            getpwuid.assert_called_with(5001)
            setgid.assert_called_with(50001)
            initgroups.assert_called_with(5001, 50001)
            setuid.assert_has_calls([call(5001), call(0)])

            setuid.side_effect = raise_on_second_call

            def to_root_on_second_call(mock, first):
                return_value = [first]

                def on_first_call(*args, **kwargs):
                    ret, return_value[0] = return_value[0], 0
                    return ret

                mock.side_effect = on_first_call

            to_root_on_second_call(geteuid, 10)
            to_root_on_second_call(getuid, 10)
            with self.assertRaises(AssertionError):
                maybe_drop_privileges(uid="user")

            getuid.return_value = getuid.side_effect = None
            geteuid.return_value = geteuid.side_effect = None
            getegid.return_value = 0
            getgid.return_value = 0
            setuid.side_effect = raise_on_second_call
            with self.assertRaises(AssertionError):
                maybe_drop_privileges(gid="group")

            getuid.reset_mock()
            geteuid.reset_mock()
            setuid.reset_mock()
            getuid.side_effect = geteuid.side_effect = None

            def raise_on_second_call(*args, **kwargs):
                setuid.side_effect = OSError()
                setuid.side_effect.errno = errno.ENOENT

            setuid.side_effect = raise_on_second_call
            with self.assertRaises(OSError):
                maybe_drop_privileges(uid="user")
Beispiel #3
0
 def test_with_guid(self, initgroups, setuid, setgid, parse_gid, parse_uid):
     parse_uid.return_value = 5001
     parse_gid.return_value = 50001
     maybe_drop_privileges(uid="user", gid="group")
     parse_uid.assert_called_with("user")
     parse_gid.assert_called_with("group")
     setgid.assert_called_with(50001)
     initgroups.assert_called_with(5001, 50001)
     setuid.assert_called_with(5001)
Beispiel #4
0
        def test_seteuid(self, _seteuid, _geteuid, parse_uid):
            parse_uid.return_value = 5001
            _geteuid.return_value = 5001
            seteuid("user")
            parse_uid.assert_called_with("user")
            self.assertFalse(_seteuid.called)

            _geteuid.return_value = 1
            seteuid("user")
            _seteuid.assert_called_with(5001)
Beispiel #5
0
 def test_with_guid(self, initgroups, setuid, setgid, parse_gid,
                    parse_uid):
     parse_uid.return_value = 5001
     parse_gid.return_value = 50001
     maybe_drop_privileges(uid="user", gid="group")
     parse_uid.assert_called_with("user")
     parse_gid.assert_called_with("group")
     setgid.assert_called_with(50001)
     initgroups.assert_called_with(5001, 50001)
     setuid.assert_called_with(5001)
Beispiel #6
0
        def test_seteuid(self, _seteuid, _geteuid, parse_uid):
            parse_uid.return_value = 5001
            _geteuid.return_value = 5001
            seteuid('user')
            parse_uid.assert_called_with('user')
            self.assertFalse(_seteuid.called)

            _geteuid.return_value = 1
            seteuid('user')
            _seteuid.assert_called_with(5001)
Beispiel #7
0
        def test_with_uid(self, initgroups, setuid, setgid, getpwuid, parse_uid):
            class pw_struct(object):
                pw_gid = 50001

            getpwuid.return_value = pw_struct()
            parse_uid.return_value = 5001
            maybe_drop_privileges(uid="user")
            parse_uid.assert_called_with("user")
            getpwuid.assert_called_with(5001)
            setgid.assert_called_with(50001)
            initgroups.assert_called_with(5001, 50001)
            setuid.assert_called_with(5001)
Beispiel #8
0
        def test_with_uid(self, initgroups, setuid, setgid, getpwuid,
                          parse_uid):
            class pw_struct(object):
                pw_gid = 50001

            getpwuid.return_value = pw_struct()
            parse_uid.return_value = 5001
            maybe_drop_privileges(uid="user")
            parse_uid.assert_called_with("user")
            getpwuid.assert_called_with(5001)
            setgid.assert_called_with(50001)
            initgroups.assert_called_with(5001, 50001)
            setuid.assert_called_with(5001)
Beispiel #9
0
        def test_with_uid(self, initgroups, setuid, setgid, getpwuid, parse_uid):
            class pw_struct(object):
                pw_gid = 50001

            def raise_on_second_call(*args, **kwargs):
                setuid.side_effect = OSError()
                setuid.side_effect.errno = errno.EPERM

            setuid.side_effect = raise_on_second_call
            getpwuid.return_value = pw_struct()
            parse_uid.return_value = 5001
            maybe_drop_privileges(uid="user")
            parse_uid.assert_called_with("user")
            getpwuid.assert_called_with(5001)
            setgid.assert_called_with(50001)
            initgroups.assert_called_with(5001, 50001)
            setuid.assert_has_calls([call(5001), call(0)])
Beispiel #10
0
        def test_with_uid(self, initgroups, setuid, setgid, getpwuid,
                          parse_uid):
            class pw_struct(object):
                pw_gid = 50001

            def raise_on_second_call(*args, **kwargs):
                setuid.side_effect = OSError()
                setuid.side_effect.errno = errno.EPERM

            setuid.side_effect = raise_on_second_call
            getpwuid.return_value = pw_struct()
            parse_uid.return_value = 5001
            maybe_drop_privileges(uid='user')
            parse_uid.assert_called_with('user')
            getpwuid.assert_called_with(5001)
            setgid.assert_called_with(50001)
            initgroups.assert_called_with(5001, 50001)
            setuid.assert_has_calls([call(5001), call(0)])
Beispiel #11
0
    def test_with_guid(self, initgroups, setuid, setgid, parse_gid, parse_uid):
        def raise_on_second_call(*args, **kwargs):
            setuid.side_effect = OSError()
            setuid.side_effect.errno = errno.EPERM

        setuid.side_effect = raise_on_second_call
        parse_uid.return_value = 5001
        parse_gid.return_value = 50001
        maybe_drop_privileges(uid='user', gid='group')
        parse_uid.assert_called_with('user')
        parse_gid.assert_called_with('group')
        setgid.assert_called_with(50001)
        initgroups.assert_called_with(5001, 50001)
        setuid.assert_has_calls([call(5001), call(0)])

        setuid.side_effect = None
        with pytest.raises(SecurityError):
            maybe_drop_privileges(uid='user', gid='group')
        setuid.side_effect = OSError()
        setuid.side_effect.errno = errno.EINVAL
        with pytest.raises(OSError):
            maybe_drop_privileges(uid='user', gid='group')
Beispiel #12
0
        def test_with_guid(self, initgroups, setuid, setgid, parse_gid, parse_uid):
            def raise_on_second_call(*args, **kwargs):
                setuid.side_effect = OSError()
                setuid.side_effect.errno = errno.EPERM

            setuid.side_effect = raise_on_second_call
            parse_uid.return_value = 5001
            parse_gid.return_value = 50001
            maybe_drop_privileges(uid="user", gid="group")
            parse_uid.assert_called_with("user")
            parse_gid.assert_called_with("group")
            setgid.assert_called_with(50001)
            initgroups.assert_called_with(5001, 50001)
            setuid.assert_has_calls([call(5001), call(0)])

            setuid.side_effect = None
            with self.assertRaises(RuntimeError):
                maybe_drop_privileges(uid="user", gid="group")
            setuid.side_effect = OSError()
            setuid.side_effect.errno = errno.EINVAL
            with self.assertRaises(OSError):
                maybe_drop_privileges(uid="user", gid="group")
Beispiel #13
0
    def test_with_guid(self, initgroups, setuid, setgid,
                       parse_gid, parse_uid):

        def raise_on_second_call(*args, **kwargs):
            setuid.side_effect = OSError()
            setuid.side_effect.errno = errno.EPERM
        setuid.side_effect = raise_on_second_call
        parse_uid.return_value = 5001
        parse_gid.return_value = 50001
        maybe_drop_privileges(uid='user', gid='group')
        parse_uid.assert_called_with('user')
        parse_gid.assert_called_with('group')
        setgid.assert_called_with(50001)
        initgroups.assert_called_with(5001, 50001)
        setuid.assert_has_calls([call(5001), call(0)])

        setuid.side_effect = None
        with pytest.raises(SecurityError):
            maybe_drop_privileges(uid='user', gid='group')
        setuid.side_effect = OSError()
        setuid.side_effect.errno = errno.EINVAL
        with pytest.raises(OSError):
            maybe_drop_privileges(uid='user', gid='group')
Beispiel #14
0
 def test_setuid(self, _setuid, parse_uid):
     parse_uid.return_value = 5001
     setuid('user')
     parse_uid.assert_called_with('user')
     _setuid.assert_called_with(5001)
Beispiel #15
0
 def test_setuid(self, _setuid, parse_uid):
     parse_uid.return_value = 5001
     setuid('user')
     parse_uid.assert_called_with('user')
     _setuid.assert_called_with(5001)