def setUp(self):
self.admin = credentials.UsernamePassword("admin", "asdf")
self.alice = credentials.UsernamePassword("alice", "foo")
self.badPass = credentials.UsernamePassword("alice", "foobar")
self.badUser = credentials.UsernamePassword("x", "yz")
self.checker = strcred.makeChecker("unix")
self.adminBytes = credentials.UsernamePassword(b"admin", b"asdf")
self.aliceBytes = credentials.UsernamePassword(b"alice", b"foo")
self.badPassBytes = credentials.UsernamePassword(b"alice", b"foobar")
self.badUserBytes = credentials.UsernamePassword(b"x", b"yz")
self.checkerBytes = strcred.makeChecker("unix")
# Hack around the pwd and spwd modules, since we can't really
# go about reading your /etc/passwd or /etc/shadow files
if pwd:
database = UserDatabase()
for username, password in self.users.items():
database.addUser(
username,
crypt.crypt(password, "F/"),
1000,
1000,
username,
"/home/" + username,
"/bin/sh",
)
self.patch(pwd, "getpwnam", database.getpwnam)
if spwd:
self.patch(spwd, "getspnam", self._spwd_getspnam)
def test_warnWithBadFilename(self):
"""
When the file auth plugin is given a file that doesn't exist, it
should produce a warning.
"""
oldOutput = cred_file.theFileCheckerFactory.errorOutput
newOutput = StringIO.StringIO()
cred_file.theFileCheckerFactory.errorOutput = newOutput
strcred.makeChecker('file:' + self._fakeFilename())
cred_file.theFileCheckerFactory.errorOutput = oldOutput
self.assertIn(cred_file.invalidFileWarning, newOutput.getvalue())
def test_warnWithBadFilename(self):
"""
When the file auth plugin is given a file that doesn't exist, it
should produce a warning.
"""
oldOutput = cred_file.theFileCheckerFactory.errorOutput
newOutput = NativeStringIO()
cred_file.theFileCheckerFactory.errorOutput = newOutput
strcred.makeChecker('file:' + self._fakeFilename())
cred_file.theFileCheckerFactory.errorOutput = oldOutput
self.assertIn(cred_file.invalidFileWarning, newOutput.getvalue())
def get_www():
from buildbot.plugins import util
from twisted.cred import strcred
import private
return dict(
port = "unix:/home/buildbot/buildbot.sock",
plugins = dict(
waterfall_view = {},
console_view = {},
grid_view = {},
badges = {}
),
auth = util.GitHubAuth(
private.github_client_id,
private.github_client_secret,
apiVersion = 4,
getTeamsMembership = True
),
authz = util.Authz(
allowRules = [
util.AnyControlEndpointMatcher(role = "SFML")
],
roleMatchers = [
util.RolesFromGroups()
]
),
change_hook_dialects = {'base': True, 'github' : {}},
change_hook_auth = [strcred.makeChecker("file:changehook.passwd")]
)
def setUp(self):
self.admin = credentials.UsernamePassword("admin", "asdf")
self.alice = credentials.UsernamePassword("alice", "foo")
self.badPass = credentials.UsernamePassword("alice", "foobar")
self.badUser = credentials.UsernamePassword("x", "yz")
self.filename = self.mktemp()
FilePath(self.filename).setContent("admin:asdf\nalice:foo\n")
self.checker = strcred.makeChecker("file:" + self.filename)
def setUp(self):
self.admin = credentials.UsernamePassword(b"admin", b"asdf")
self.alice = credentials.UsernamePassword(b"alice", b"foo")
self.badPass = credentials.UsernamePassword(b"alice", b"foobar")
self.badUser = credentials.UsernamePassword(b"x", b"yz")
self.filename = self.mktemp()
FilePath(self.filename).setContent(b"admin:asdf\nalice:foo\n")
self.checker = strcred.makeChecker("file:" + self.filename)
def test_isChecker(self):
"""
Verifies that strcred.makeChecker('anonymous') returns an object
that implements the L{ICredentialsChecker} interface.
"""
checker = strcred.makeChecker('anonymous')
self.assertTrue(checkers.ICredentialsChecker.providedBy(checker))
self.assertIn(credentials.IAnonymous, checker.credentialInterfaces)
def setUp(self):
self.admin = credentials.UsernamePassword('admin', 'asdf')
self.alice = credentials.UsernamePassword('alice', 'foo')
self.badPass = credentials.UsernamePassword('alice', 'foobar')
self.badUser = credentials.UsernamePassword('x', 'yz')
self.filename = self.mktemp()
FilePath(self.filename).setContent('admin:asdf\nalice:foo\n')
self.checker = strcred.makeChecker('file:' + self.filename)
def setUp(self):
self.admin = credentials.UsernamePassword(b'admin', b'asdf')
self.alice = credentials.UsernamePassword(b'alice', b'foo')
self.badPass = credentials.UsernamePassword(b'alice', b'foobar')
self.badUser = credentials.UsernamePassword(b'x', b'yz')
self.filename = self.mktemp()
FilePath(self.filename).setContent(b'admin:asdf\nalice:foo\n')
self.checker = strcred.makeChecker('file:' + self.filename)
def test_isChecker(self):
"""
Verifies that strcred.makeChecker('anonymous') returns an object
that implements the L{ICredentialsChecker} interface.
"""
checker = strcred.makeChecker('anonymous')
self.assertTrue(checkers.ICredentialsChecker.providedBy(checker))
self.assertIn(credentials.IAnonymous, checker.credentialInterfaces)
def makeService(self, options):
with open(options.config, "r") as config_file:
config = json.load(config_file)
root = resource.Resource()
root.putChild('jsMath', static.File(config["global"]["jsmath"]))
bot = service.MultiService()
xmppclient = XMPPClient(JID(config["global"]["jid"]),
config["global"]["password"])
xmppclient.logTraffic = options['verbose']
xmppclient.setServiceParent(bot)
xmppclient.dbpool = DatabaseRunner(config["global"]["database"])
xmppclient.rooms = dict()
xmlrpc_port = config["global"].get("xml-rpc-port", None)
if xmlrpc_port is not None:
xmlrpcinterface = XMLRPCInterface(xmppclient)
rpc = internet.TCPServer(xmlrpc_port, server.Site(xmlrpcinterface))
rpc.setName('XML-RPC')
rpc.setServiceParent(bot)
for muc_config in config["mucs"]:
room_jid = JID(muc_config["jid"])
mucbot = KITBot(room_jid, muc_config.get("password", None),
config["global"]["logpath"])
mucbot.setHandlerParent(xmppclient)
if "xml-rpc-id" in muc_config:
xmppclient.rooms[muc_config["xml-rpc-id"]] = mucbot
# Log resource
portal = Portal(
LogViewRealm(os.path.join(config["global"]['logpath'],
room_jid.user + '.log')),
[strcred.makeChecker(muc_config["log-auth"])]
)
credential_factory = DigestCredentialFactory('md5', 'Hello Kitty!')
auth_resource = HTTPAuthSessionWrapper(portal, [credential_factory])
root.putChild(room_jid.user, auth_resource)
httpd_log_view = internet.TCPServer(config["global"]["http-port"],
server.Site(root))
httpd_log_view.setServiceParent(bot)
# REPL over SSH
def makeREPLProtocol():
namespace = dict(bot=xmppclient)
return insults.ServerProtocol(manhole.ColoredManhole, namespace)
repl_realm = manhole_ssh.TerminalRealm()
repl_realm.chainedProtocolFactory = makeREPLProtocol
repl_checker = checkers.SSHPublicKeyDatabase()
repl_portal = Portal(repl_realm, [repl_checker])
repl_factory = manhole_ssh.ConchFactory(repl_portal)
repl = internet.TCPServer(config["global"]["ssh-port"], repl_factory)
repl.setServiceParent(bot)
return bot
def test_isChecker(self):
"""
Verifies that strcred.makeChecker('sshkey') returns an object
that implements the L{ICredentialsChecker} interface.
"""
sshChecker = strcred.makeChecker('sshkey')
self.assertTrue(checkers.ICredentialsChecker.providedBy(sshChecker))
self.assertIn(
credentials.ISSHPrivateKey, sshChecker.credentialInterfaces)
def test_isChecker(self):
"""
Verifies that strcred.makeChecker('sshkey') returns an object
that implements the L{ICredentialsChecker} interface.
"""
sshChecker = strcred.makeChecker('sshkey')
self.assertTrue(checkers.ICredentialsChecker.providedBy(sshChecker))
self.assertIn(credentials.ISSHPrivateKey,
sshChecker.credentialInterfaces)
def testAnonymousAccessSucceeds(self):
"""
Test that we can log in anonymously using this checker.
"""
checker = strcred.makeChecker('anonymous')
request = checker.requestAvatarId(credentials.Anonymous())
def _gotAvatar(avatar):
self.assertIdentical(checkers.ANONYMOUS, avatar)
return request.addCallback(_gotAvatar)
def testAnonymousAccessSucceeds(self):
"""
Test that we can log in anonymously using this checker.
"""
checker = strcred.makeChecker('anonymous')
request = checker.requestAvatarId(credentials.Anonymous())
def _gotAvatar(avatar):
self.assertIdentical(checkers.ANONYMOUS, avatar)
return request.addCallback(_gotAvatar)
def setUp(self):
self.admin = credentials.UsernamePassword('admin', 'asdf')
self.alice = credentials.UsernamePassword('alice', 'foo')
self.badPass = credentials.UsernamePassword('alice', 'foobar')
self.badUser = credentials.UsernamePassword('x', 'yz')
self.checker = strcred.makeChecker('unix')
self.adminBytes = credentials.UsernamePassword(b'admin', b'asdf')
self.aliceBytes = credentials.UsernamePassword(b'alice', b'foo')
self.badPassBytes = credentials.UsernamePassword(b'alice', b'foobar')
self.badUserBytes = credentials.UsernamePassword(b'x', b'yz')
self.checkerBytes = strcred.makeChecker('unix')
# Hack around the pwd and spwd modules, since we can't really
# go about reading your /etc/passwd or /etc/shadow files
if pwd:
database = UserDatabase()
for username, password in self.users.items():
database.addUser(username, crypt.crypt(password,
'F/'), 1000, 1000,
username, '/home/' + username, '/bin/sh')
self.patch(pwd, 'getpwnam', database.getpwnam)
if spwd:
self.patch(spwd, 'getspnam', self._spwd_getspnam)
def setUp(self):
self.admin = credentials.UsernamePassword('admin', 'asdf')
self.alice = credentials.UsernamePassword('alice', 'foo')
self.badPass = credentials.UsernamePassword('alice', 'foobar')
self.badUser = credentials.UsernamePassword('x', 'yz')
self.checker = strcred.makeChecker('unix')
# Hack around the pwd and spwd modules, since we can't really
# go about reading your /etc/passwd or /etc/shadow files
if pwd:
self._pwd_getpwnam = pwd.getpwnam
pwd.getpwnam = self._pwd
if spwd:
self._spwd_getspnam = spwd.getspnam
spwd.getspnam = self._spwd
def setUp(self):
self.admin = credentials.UsernamePassword('admin', 'asdf')
self.alice = credentials.UsernamePassword('alice', 'foo')
self.badPass = credentials.UsernamePassword('alice', 'foobar')
self.badUser = credentials.UsernamePassword('x', 'yz')
self.checker = strcred.makeChecker('unix')
# Hack around the pwd and spwd modules, since we can't really
# go about reading your /etc/passwd or /etc/shadow files
if pwd:
database = UserDatabase()
for username, password in self.users.items():
database.addUser(
username, crypt.crypt(password, 'F/'),
1000, 1000, username, '/home/' + username, '/bin/sh')
self.patch(pwd, 'getpwnam', database.getpwnam)
if spwd:
self._spwd_getspnam = spwd.getspnam
spwd.getspnam = self._spwd
def setUp(self):
self.admin = credentials.UsernamePassword("admin", "asdf")
self.alice = credentials.UsernamePassword("alice", "foo")
self.badPass = credentials.UsernamePassword("alice", "foobar")
self.badUser = credentials.UsernamePassword("x", "yz")
self.checker = strcred.makeChecker("unix")
# Hack around the pwd and spwd modules, since we can't really
# go about reading your /etc/passwd or /etc/shadow files
if pwd:
database = UserDatabase()
for username, password in self.users.items():
database.addUser(
username, crypt.crypt(password, "F/"), 1000, 1000, username, "/home/" + username, "/bin/sh"
)
self.patch(pwd, "getpwnam", database.getpwnam)
if spwd:
self._spwd_getspnam = spwd.getspnam
spwd.getspnam = self._spwd
def test_setupSiteWithHookAndAuth(self):
fn = self.mktemp()
with open(fn, 'w') as f:
f.write("user:pass")
new_config = self.makeConfig(
port=8080,
plugins={},
change_hook_dialects={'base': True},
change_hook_auth=[strcred.makeChecker("file:" + fn)])
self.svc.setupSite(new_config)
yield self.svc.reconfigServiceWithBuildbotConfig(new_config)
rsrc = self.svc.site.resource.getChildWithDefault('', mock.Mock())
res = yield self.render_resource(rsrc, '')
self.assertIn('{"type": "file"}', res)
rsrc = self.svc.site.resource.getChildWithDefault('change_hook', mock.Mock())
res = yield self.render_resource(rsrc, '/change_hook/base')
# as UnauthorizedResource is in private namespace, we cannot use assertIsInstance :-(
self.assertIn('UnauthorizedResource', repr(res))
def test_setupSiteWithHookAndAuth(self):
fn = self.mktemp()
with open(fn, 'w') as f:
f.write("user:pass")
new_config = self.makeConfig(
port=8080,
plugins={},
change_hook_dialects={'base': True},
change_hook_auth=[strcred.makeChecker("file:" + fn)])
self.svc.setupSite(new_config)
yield self.svc.reconfigServiceWithBuildbotConfig(new_config)
rsrc = self.svc.site.resource.getChildWithDefault('', mock.Mock())
res = yield self.render_resource(rsrc, '')
self.assertIn('{"type": "file"}', res)
rsrc = self.svc.site.resource.getChildWithDefault(
'change_hook', mock.Mock())
res = yield self.render_resource(rsrc, '/change_hook/base')
# as UnauthorizedResource is in private namespace, we cannot use assertIsInstance :-(
self.assertIn('UnauthorizedResource', repr(res))
def get_www():
from buildbot.plugins import util
from twisted.cred import strcred
import private
return dict(
port="unix:/home/buildbot/buildbot.sock",
plugins=dict(waterfall_view={},
console_view={},
grid_view={},
badges={}),
auth=util.GitHubAuth(private.github_client_id,
private.github_client_secret,
apiVersion=4,
getTeamsMembership=True),
authz=util.Authz(
allowRules=[util.AnyControlEndpointMatcher(role="SFML")],
roleMatchers=[util.RolesFromGroups()]),
change_hook_dialects={
'base': True,
'github': {}
},
change_hook_auth=[strcred.makeChecker("file:changehook.passwd")])
def setUp(self):
self.admin = credentials.UsernamePassword('admin', 'asdf')
self.alice = credentials.UsernamePassword('alice', 'foo')
self.badPass = credentials.UsernamePassword('alice', 'foobar')
self.badUser = credentials.UsernamePassword('x', 'yz')
self.checker = strcred.makeChecker('memory:admin:asdf:alice:foo')
www = {
'plugins': dict(waterfall_view={}, console_view={}, grid_view={}),
# TODO:
# order_console_by_time: True,
}
if os.path.exists(htfile):
www['authz'] = Authz(auth=HTPasswdAuth(htfile),
forceBuild='auth', # only authenticated users
forceAllBuilds='auth', # only authenticated users
stopBuild='auth', # only authenticated users
stopAllBuilds='auth', # only authenticated users
cancelPendingBuild='auth', # only authenticated users
)
try:
if len(config.www_port) == 2:
www['port'] = "tcp:{1}:interface={0}".format(*config.www_port)
elif len(config.www_port) == 1:
www['port'] = "tcp:{0}".format(*config.www_port)
else:
raise Exception("www_port hasn't length 2")
except TypeError:
www['port'] = "tcp:{0}".format(config.www_port)
if os.path.exists(changehook_passwd):
www['change_hook_auth'] = [strcred.makeChecker("file:{0}".format(changehook_passwd))]
www['change_hook_dialects'] = {'github': True}
services = []
def setUp(self):
self.admin = credentials.UsernamePassword("admin", "asdf")
self.alice = credentials.UsernamePassword("alice", "foo")
self.badPass = credentials.UsernamePassword("alice", "foobar")
self.badUser = credentials.UsernamePassword("x", "yz")
self.checker = strcred.makeChecker("memory:admin:asdf:alice:foo")
def setUp(self):
self.admin = credentials.UsernamePassword('admin', 'asdf')
self.alice = credentials.UsernamePassword('alice', 'foo')
self.badPass = credentials.UsernamePassword('alice', 'foobar')
self.badUser = credentials.UsernamePassword('x', 'yz')
self.checker = strcred.makeChecker('memory:admin:asdf:alice:foo')
def setUp(self):
self.admin = credentials.UsernamePassword("admin", "asdf")
self.alice = credentials.UsernamePassword("alice", "foo")
self.badPass = credentials.UsernamePassword("alice", "foobar")
self.badUser = credentials.UsernamePassword("x", "yz")
self.checker = strcred.makeChecker("memory:admin:asdf:alice:foo")
