def test_avatarAdaptsToRestrictedExecOnlySession(self): # When Conch tries to adapt the SSH server avatar to ISession, it # adapts to a RestrictedExecOnlySession. This means that a # RestrictedExecOnlySession handles any requests to execute a command. session = ISession(self.avatar) self.assertTrue( isinstance(session, RestrictedExecOnlySession), "ISession(avatar) doesn't adapt to ExecOnlySession. " "Got %r instead." % (session, )) self.assertEqual(get_BZR_PLUGIN_PATH_for_subprocess(), session.environment['BZR_PLUGIN_PATH']) self.assertEqual('*****@*****.**' % self.avatar.username, session.environment['BZR_EMAIL']) executable, arguments = session.getCommandToRun( 'bzr serve --inet --directory=/ --allow-writes') interpreter = '%s/bin/py' % config.root self.assertEqual(interpreter, executable) self.assertEqual([ interpreter, get_bzr_path(), 'lp-serve', '--inet', str(self.avatar.user_id) ], list(arguments)) self.assertRaises(ForbiddenCommand, session.getCommandToRun, 'rm -rf /')
def test_avatarAdaptsToRestrictedExecOnlySession(self): # When Conch tries to adapt the SSH server avatar to ISession, it # adapts to a RestrictedExecOnlySession. This means that a # RestrictedExecOnlySession handles any requests to execute a command. session = ISession(self.avatar) self.failUnless( isinstance(session, RestrictedExecOnlySession), "ISession(avatar) doesn't adapt to ExecOnlySession. " "Got %r instead." % (session,)) self.assertEqual( get_BZR_PLUGIN_PATH_for_subprocess(), session.environment['BZR_PLUGIN_PATH']) self.assertEqual( '*****@*****.**' % self.avatar.username, session.environment['BZR_EMAIL']) executable, arguments = session.getCommandToRun( 'bzr serve --inet --directory=/ --allow-writes') interpreter = '%s/bin/py' % config.root self.assertEqual(interpreter, executable) self.assertEqual( [interpreter, get_bzr_path(), 'lp-serve', '--inet', str(self.avatar.user_id)], list(arguments)) self.assertRaises( ForbiddenCommand, session.getCommandToRun, 'rm -rf /')
def test_avatarAdaptsToForkingRestrictedExecOnlySession(self): config.push('codehosting-forking', "[codehosting]\nuse_forking_daemon: True\n") self.addCleanup(config.pop, 'codehosting-forking') session = ISession(self.avatar) self.assertTrue( isinstance(session, ForkingRestrictedExecOnlySession), "ISession(avatar) doesn't adapt to " " ForkingRestrictedExecOnlySession. " "Got %r instead." % (session, )) executable, arguments = session.getCommandToRun( 'bzr serve --inet --directory=/ --allow-writes') executable, arguments, env = session.getCommandToFork( executable, arguments, session.environment) self.assertEqual('bzr', executable) self.assertEqual( ['bzr', 'lp-serve', '--inet', str(self.avatar.user_id)], list(arguments))
def test_avatarAdaptsToForkingRestrictedExecOnlySession(self): config.push('codehosting-forking', "[codehosting]\nuse_forking_daemon: True\n") self.addCleanup(config.pop, 'codehosting-forking') session = ISession(self.avatar) self.failUnless( isinstance(session, ForkingRestrictedExecOnlySession), "ISession(avatar) doesn't adapt to " " ForkingRestrictedExecOnlySession. " "Got %r instead." % (session,)) executable, arguments = session.getCommandToRun( 'bzr serve --inet --directory=/ --allow-writes') executable, arguments, env = session.getCommandToFork( executable, arguments, session.environment) self.assertEqual('bzr', executable) self.assertEqual( ['bzr', 'lp-serve', '--inet', str(self.avatar.user_id)], list(arguments))