def setUp(self):
AvatarTestCase.setUp(self)
self.avatar = CodehostingAvatar(self.aliceUserDict, None)
self.reactor = MockReactor()
def lookup_template(command):
if command == 'foo':
return 'bar baz %(user_id)s'
raise ForbiddenCommand("Not allowed to execute %r." % command)
self.session = RestrictedExecOnlySession(self.avatar, self.reactor,
lookup_template)
def setUp(self):
AvatarTestCase.setUp(self)
self.avatar = CodehostingAvatar(self.aliceUserDict, None)
self.reactor = MockReactor()
def lookup_template(command):
if command == 'foo':
return 'bar baz %(user_id)s'
raise ForbiddenCommand("Not allowed to execute %r." % command)
self.session = RestrictedExecOnlySession(
self.avatar, self.reactor, lookup_template)
def test_getAvatarAdapter(self):
# getAvatarAdapter is a convenience classmethod so that
# RestrictedExecOnlySession can be easily registered as an adapter for
# Conch avatars.
from twisted.internet import reactor
def lookup_template(command):
if command == 'foo':
return 'bar baz'
raise ForbiddenCommand(command)
adapter = RestrictedExecOnlySession.getAvatarAdapter(lookup_template)
session = adapter(self.avatar)
self.assertTrue(
isinstance(session, RestrictedExecOnlySession),
"ISession(avatar) doesn't adapt to RestrictedExecOnlySession. "
"Got %r instead." % (session, ))
self.assertIs(self.avatar, session.avatar)
self.assertIs(reactor, session.reactor)
self.assertEqual('bar baz', session.lookup_command_template('foo'))
self.assertRaises(ForbiddenCommand, session.lookup_command_template,
'notfoo')
def test_getAvatarAdapter(self):
# getAvatarAdapter is a convenience classmethod so that
# RestrictedExecOnlySession can be easily registered as an adapter for
# Conch avatars.
from twisted.internet import reactor
def lookup_template(command):
if command == 'foo':
return 'bar baz'
raise ForbiddenCommand(command)
adapter = RestrictedExecOnlySession.getAvatarAdapter(
lookup_template)
session = adapter(self.avatar)
self.failUnless(
isinstance(session, RestrictedExecOnlySession),
"ISession(avatar) doesn't adapt to RestrictedExecOnlySession. "
"Got %r instead." % (session,))
self.assertIs(self.avatar, session.avatar)
self.assertIs(reactor, session.reactor)
self.assertEqual('bar baz',
session.lookup_command_template('foo'))
self.assertRaises(ForbiddenCommand,
session.lookup_command_template, 'notfoo')
class TestRestrictedExecOnlySession(AvatarTestCase):
"""Tests for RestrictedExecOnlySession.
bzr+ssh requests to the code hosting SSH server ask the server to execute
a particular command: 'bzr serve --inet /'. The SSH server rejects all
other commands.
When it receives the expected command, the SSH server doesn't actually
execute the exact given command. Instead, it executes another pre-defined
command.
"""
def setUp(self):
AvatarTestCase.setUp(self)
self.avatar = CodehostingAvatar(self.aliceUserDict, None)
self.reactor = MockReactor()
def lookup_template(command):
if command == 'foo':
return 'bar baz %(user_id)s'
raise ForbiddenCommand("Not allowed to execute %r." % command)
self.session = RestrictedExecOnlySession(self.avatar, self.reactor,
lookup_template)
def test_makeRestrictedExecOnlySession(self):
# A RestrictedExecOnlySession is constructed with an avatar, a reactor
# and an expected command.
self.assertTrue(
isinstance(self.session, RestrictedExecOnlySession),
"%r not an instance of RestrictedExecOnlySession" %
(self.session, ))
self.assertEqual(self.avatar, self.session.avatar)
self.assertEqual(self.reactor, self.session.reactor)
self.assertEqual('bar baz %(user_id)s',
self.session.lookup_command_template('foo'))
self.assertRaises(ForbiddenCommand,
self.session.lookup_command_template, 'notfoo')
def test_execCommandRejectsUnauthorizedCommands(self):
# execCommand rejects all commands except for the command specified in
# the constructor and closes the connection.
# Note that Conch doesn't have a well-defined way of rejecting
# commands. Disconnecting in execCommand will do. We don't raise
# an exception to avoid logging an OOPS.
protocol = MockProcessTransport('cat')
self.assertEqual(None, self.session.execCommand(protocol, 'cat'))
self.assertEqual([('writeExtended', connection.EXTENDED_DATA_STDERR,
"Not allowed to execute 'cat'.\r\n"),
('loseConnection', )], protocol.log)
def test_getCommandToRunReturnsTemplateCommand(self):
# When passed the allowed command, getCommandToRun always returns the
# executable and arguments corresponding to the provided executed
# command template.
executable, arguments = self.session.getCommandToRun('foo')
self.assertEqual('bar', executable)
self.assertEqual(['bar', 'baz', str(self.avatar.user_id)],
list(arguments))
def test_getAvatarAdapter(self):
# getAvatarAdapter is a convenience classmethod so that
# RestrictedExecOnlySession can be easily registered as an adapter for
# Conch avatars.
from twisted.internet import reactor
def lookup_template(command):
if command == 'foo':
return 'bar baz'
raise ForbiddenCommand(command)
adapter = RestrictedExecOnlySession.getAvatarAdapter(lookup_template)
session = adapter(self.avatar)
self.assertTrue(
isinstance(session, RestrictedExecOnlySession),
"ISession(avatar) doesn't adapt to RestrictedExecOnlySession. "
"Got %r instead." % (session, ))
self.assertIs(self.avatar, session.avatar)
self.assertIs(reactor, session.reactor)
self.assertEqual('bar baz', session.lookup_command_template('foo'))
self.assertRaises(ForbiddenCommand, session.lookup_command_template,
'notfoo')
class TestRestrictedExecOnlySession(AvatarTestCase):
"""Tests for RestrictedExecOnlySession.
bzr+ssh requests to the code hosting SSH server ask the server to execute
a particular command: 'bzr serve --inet /'. The SSH server rejects all
other commands.
When it receives the expected command, the SSH server doesn't actually
execute the exact given command. Instead, it executes another pre-defined
command.
"""
def setUp(self):
AvatarTestCase.setUp(self)
self.avatar = CodehostingAvatar(self.aliceUserDict, None)
self.reactor = MockReactor()
def lookup_template(command):
if command == 'foo':
return 'bar baz %(user_id)s'
raise ForbiddenCommand("Not allowed to execute %r." % command)
self.session = RestrictedExecOnlySession(
self.avatar, self.reactor, lookup_template)
def test_makeRestrictedExecOnlySession(self):
# A RestrictedExecOnlySession is constructed with an avatar, a reactor
# and an expected command.
self.failUnless(
isinstance(self.session, RestrictedExecOnlySession),
"%r not an instance of RestrictedExecOnlySession"
% (self.session,))
self.assertEqual(self.avatar, self.session.avatar)
self.assertEqual(self.reactor, self.session.reactor)
self.assertEqual('bar baz %(user_id)s',
self.session.lookup_command_template('foo'))
self.assertRaises(ForbiddenCommand,
self.session.lookup_command_template, 'notfoo')
def test_execCommandRejectsUnauthorizedCommands(self):
# execCommand rejects all commands except for the command specified in
# the constructor and closes the connection.
# Note that Conch doesn't have a well-defined way of rejecting
# commands. Disconnecting in execCommand will do. We don't raise
# an exception to avoid logging an OOPS.
protocol = MockProcessTransport('cat')
self.assertEqual(
None, self.session.execCommand(protocol, 'cat'))
self.assertEqual(
[('writeExtended', connection.EXTENDED_DATA_STDERR,
"Not allowed to execute 'cat'.\r\n"),
('loseConnection',)],
protocol.log)
def test_getCommandToRunReturnsTemplateCommand(self):
# When passed the allowed command, getCommandToRun always returns the
# executable and arguments corresponding to the provided executed
# command template.
executable, arguments = self.session.getCommandToRun('foo')
self.assertEqual('bar', executable)
self.assertEqual(
['bar', 'baz', str(self.avatar.user_id)], list(arguments))
def test_getAvatarAdapter(self):
# getAvatarAdapter is a convenience classmethod so that
# RestrictedExecOnlySession can be easily registered as an adapter for
# Conch avatars.
from twisted.internet import reactor
def lookup_template(command):
if command == 'foo':
return 'bar baz'
raise ForbiddenCommand(command)
adapter = RestrictedExecOnlySession.getAvatarAdapter(
lookup_template)
session = adapter(self.avatar)
self.failUnless(
isinstance(session, RestrictedExecOnlySession),
"ISession(avatar) doesn't adapt to RestrictedExecOnlySession. "
"Got %r instead." % (session,))
self.assertIs(self.avatar, session.avatar)
self.assertIs(reactor, session.reactor)
self.assertEqual('bar baz',
session.lookup_command_template('foo'))
self.assertRaises(ForbiddenCommand,
session.lookup_command_template, 'notfoo')
