class FakeTarget(object):
def __init__(self, d):
self.connection = None
self.ip = None
self.server_ip = None
self.datetime = time.strftime('%Y%m%d%H%M%S',time.gmtime())
self.testdir = d.getVar("TEST_LOG_DIR", True)
self.pn = d.getVar("PN", True)
def exportStart(self):
self.sshlog = os.path.join(self.testdir, "ssh_target_log.%s" % self.datetime)
sshloglink = os.path.join(self.testdir, "ssh_target_log")
if os.path.lexists(sshloglink):
os.remove(sshloglink)
os.symlink(self.sshlog, sshloglink)
print("SSH log file: %s" % self.sshlog)
self.connection = SSHControl(self.ip, logfile=self.sshlog)
def run(self, cmd, timeout=None):
return self.connection.run(cmd, timeout)
def copy_to(self, localpath, remotepath):
return self.connection.copy_to(localpath, remotepath)
def copy_from(self, remotepath, localpath):
return self.connection.copy_from(remotepath, localpath)
def test_all_users_can_connect_via_ssh_without_password(self):
"""
Summary: Check if all users can connect via ssh without password
Expected: 1. Connection to the image via ssh using root user without providing a password should NOT be allowed.
2. Connection to the image via ssh using tester user without providing a password should be allowed.
Product: oe-core
Author: Ionut Chisanovici <*****@*****.**>
AutomatedBy: Daniel Istrate <*****@*****.**>
"""
features = 'EXTRA_IMAGE_FEATURES = "ssh-server-openssh allow-empty-password allow-root-login"\n'
features += 'INHERIT += "extrausers"\n'
features += 'EXTRA_USERS_PARAMS = "useradd -p \'\' {}; usermod -s /bin/sh {};"'.format(self.test_user, self.test_user)
self.write_config(features)
# Build a core-image-minimal
bitbake('core-image-minimal')
with runqemu("core-image-minimal") as qemu:
# Attempt to ssh with each user into qemu with empty password
for user in [self.root_user, self.test_user]:
ssh = SSHControl(ip=qemu.ip, logfile=qemu.sshlog, user=user)
status, output = ssh.run("true")
if user == 'root':
self.assertNotEqual(status, 0, 'ssh to user root was allowed when it should not have been')
else:
self.assertEqual(status, 0, 'ssh to user tester failed with %s' % output)
def test_non_root_user_can_connect_via_ssh_without_password(self):
"""
Summary: Check if non root user can connect via ssh without password
Expected: 1. Connection to the image via ssh using root user without providing a password should be allowed.
2. Connection to the image via ssh using tester user without providing a password should be allowed.
Product: oe-core
Author: Ionut Chisanovici <*****@*****.**>
AutomatedBy: Daniel Istrate <*****@*****.**>
"""
features = 'EXTRA_IMAGE_FEATURES = "ssh-server-openssh empty-root-password allow-empty-password"\n'
features += 'INHERIT += "extrausers"\n'
features += "EXTRA_USERS_PARAMS = \"useradd -p '' {}; usermod -s /bin/sh {};\"".format(
self.test_user, self.test_user
)
# Append 'features' to local.conf
self.append_config(features)
# Build a core-image-minimal
bitbake("core-image-minimal")
with runqemu("core-image-minimal", self) as qemu:
# Attempt to ssh with each user into qemu with empty password
for user in [self.root_user, self.test_user]:
ssh = SSHControl(ip=qemu.ip, logfile=qemu.sshlog, user=user)
status, output = ssh.run("true")
self.assertEqual(status, 0, "ssh to user %s failed with %s" % (user, output))
class FakeTarget(object):
def __init__(self, d):
self.connection = None
self.ip = None
self.server_ip = None
self.datetime = time.strftime('%Y%m%d%H%M%S', time.gmtime())
self.testdir = d.getVar("TEST_LOG_DIR")
self.pn = d.getVar("PN")
def exportStart(self):
self.sshlog = os.path.join(self.testdir,
"ssh_target_log.%s" % self.datetime)
sshloglink = os.path.join(self.testdir, "ssh_target_log")
if os.path.lexists(sshloglink):
os.remove(sshloglink)
os.symlink(self.sshlog, sshloglink)
print("SSH log file: %s" % self.sshlog)
self.connection = SSHControl(self.ip, logfile=self.sshlog)
def run(self, cmd, timeout=None):
return self.connection.run(cmd, timeout)
def copy_to(self, localpath, remotepath):
return self.connection.copy_to(localpath, remotepath)
def copy_from(self, remotepath, localpath):
return self.connection.copy_from(remotepath, localpath)
def test_all_users_can_connect_via_ssh_without_password(self):
"""
Summary: Check if all users can connect via ssh without password
Expected: 1. Connection to the image via ssh using root user without providing a password should NOT be allowed.
2. Connection to the image via ssh using tester user without providing a password should be allowed.
Product: oe-core
Author: Ionut Chisanovici <*****@*****.**>
AutomatedBy: Daniel Istrate <*****@*****.**>
"""
features = 'EXTRA_IMAGE_FEATURES = "ssh-server-openssh allow-empty-password allow-root-login"\n'
features += 'INHERIT += "extrausers"\n'
features += 'EXTRA_USERS_PARAMS = "useradd -p \'\' {}; usermod -s /bin/sh {};"'.format(
self.test_user, self.test_user)
self.write_config(features)
# Build a core-image-minimal
bitbake('core-image-minimal')
with runqemu("core-image-minimal") as qemu:
# Attempt to ssh with each user into qemu with empty password
for user in [self.root_user, self.test_user]:
ssh = SSHControl(ip=qemu.ip, logfile=qemu.sshlog, user=user)
status, output = ssh.run("true")
if user == 'root':
self.assertNotEqual(
status, 0,
'ssh to user root was allowed when it should not have been'
)
else:
self.assertEqual(
status, 0,
'ssh to user tester failed with %s' % output)
def _start_runqemu(self):
# Test runqemu machine iso
self.logger.info("start runqemu")
cmd = "%s %s iso" % (self.cmd_common, self.machine)
with runqemu(self.anaconda_recipe, ssh=False, launch_cmd=cmd) as qemu:
self.logger.info("runqemu as qemu")
qemu_shutdown_succeeded = self.__start_qemu_shutdown_check_if_shutdown_succeeded(
qemu, self.install_timeout)
if not qemu_shutdown_succeeded:
ssh = SSHControl(ip="127.0.0.1",
logfile=qemu.sshlog,
port="2222")
for log in ['anaconda.log', 'program.log', 'packaging.log']:
self.logger.error("-----------%s----------" % log)
status, output = ssh.run("/bin/cat /tmp/%s" % log)
self.logger.error(output)
self.assertTrue(
qemu_shutdown_succeeded,
'Failed: %s does not shutdown within timeout(%s)' %
(self.machine, self.install_timeout))
with open(qemu.qemurunnerlog) as f:
self.assertTrue('media=cdrom' in f.read(), "Failed: %s" % cmd)