def test_groups(self): bundle = MagicMock() user = users.User( bundle, "bundlewrap", { 'full_name': "Blöck Wart", 'gid': 2345, 'groups': ["group1", "group2", "group3"], 'home': "/home/bundlewrap", 'password_hash': "secret", 'shell': "/bin/bash", 'uid': 1123, }, ) status = ItemStatus(correct=False) status.info = { 'exists': True, 'full_name': "Blöck Wart", 'gid': 2345, 'groups': ["group3", "group2", "group4", "group5"], 'home': "/home/bundlewrap", 'shadow_hash': "secret", 'shell': "/bin/bash", 'uid': 1123, 'needs_fixing': ['groups'], } self.assertEqual( user.ask(status), "missing groups group1\n" + "extra groups group4, group5\n" )
def test_shadow_not_found(self): bundle = MagicMock() user = users.User( bundle, "bundlewrap", { 'full_name': "Blöck Wart", 'gid': 2345, 'groups': ["group1", "group2"], 'home': "/home/bundlewrap", 'password_hash': "secret", 'shell': "/bin/bash", 'uid': 1123, }, ) status = ItemStatus(correct=False) status.info = { 'exists': True, 'full_name': "Blöck Wart", 'gid': 2345, 'groups': ["group1", "group2"], 'home': "/home/bundlewrap", 'shadow_hash': None, 'shell': "/bin/bash", 'uid': 1123, 'needs_fixing': ['password'], } self.assertEqual( user.ask(status), "password hash not found in /etc/shadow\n" )
def test_group(self): bundle = MagicMock() group = groups.Group( bundle, "bundlewrap", { 'gid': 2345 }, ) status = ItemStatus(correct=False) status.info = { 'exists': True, 'gid': 2357, } self.assertEqual( group.ask(status), "GID 2357 → 2345\n", )
def get_status(self): # verify content of /etc/group grep_result = self.node.run( "grep -e '^{}:' /etc/group".format(self.name), may_fail=True, ) if grep_result.return_code != 0: return ItemStatus(correct=self.attributes['delete'], info={'exists': False}) status = ItemStatus(correct=not self.attributes['delete'], info={'exists': True}) status.info.update(_parse_group_line(grep_result.stdout_text)) if self.attributes['gid'] is not None and \ status.info['gid'] != self.attributes['gid']: status.correct = False return status
def test_passwd(self): bundle = MagicMock() user = users.User( bundle, "bundlewrap", { 'home': "/home/bundlewrap", 'full_name': "Blöck Wart", 'gid': 2345, 'groups': ["group1", "group2"], 'password_hash': "topsecret", 'shell': "/bin/bash", 'uid': 1123, 'use_shadow': False, }, ) status = ItemStatus(correct=False) status.info = { 'exists': True, 'full_name': "BundleWrap", 'gid': 2357, 'groups': ["group1", "group2"], 'home': "/home/blkwrt", 'passwd_hash': "secret", 'shell': "/bin/bsh", 'uid': 1113, 'needs_fixing': ['home', 'full_name', 'gid', 'password', 'shell', 'uid'], } self.assertEqual( user.ask(status), "home dir /home/blkwrt → /home/bundlewrap\n" "full name BundleWrap → Blöck Wart\n" "GID 2357 → 2345\n" "shell /bin/bsh → /bin/bash\n" "UID 1113 → 1123\n" "password hash secret\n" " → topsecret\n" )
def get_status(self): # verify content of /etc/passwd passwd_grep_result = self.node.run( "grep -e '^{}:' /etc/passwd".format(self.name), may_fail=True, ) if passwd_grep_result.return_code != 0: return ItemStatus( correct=self.attributes['delete'], info={'exists': False, 'needs_fixing': sorted(_ATTRIBUTE_OPTIONS.keys())}, ) elif self.attributes['delete']: return ItemStatus(correct=False, info={ 'exists': True, 'needs_fixing': sorted(_ATTRIBUTE_OPTIONS.keys()), }) status = ItemStatus(correct=True, info={'exists': True}) status.info['needs_fixing'] = [] status.info.update(_parse_passwd_line(passwd_grep_result.stdout_text)) if self.attributes['gid'] is not None: if self.attributes['gid'].isdigit(): if int(self.attributes['gid']) != status.info['gid']: status.info['needs_fixing'].append('gid') elif _group_name_for_gid(self.node, status.info['gid']) != self.attributes['gid']: status.info['needs_fixing'].append('gid') for fieldname in ('uid', 'full_name', 'home', 'shell'): if self.attributes[fieldname] is None: continue if status.info[fieldname] != self.attributes[fieldname]: status.info['needs_fixing'].append(fieldname) if self.attributes['password_hash'] is not None: if self.attributes['use_shadow']: # verify content of /etc/shadow shadow_grep_result = self.node.run( "grep -e '^{}:' /etc/shadow".format(self.name), may_fail=True, ) if shadow_grep_result.return_code != 0: status.info['shadow_hash'] = None status.info['needs_fixing'].append('password') else: status.info['shadow_hash'] = shadow_grep_result.stdout_text.split(":")[1] if status.info['shadow_hash'] != self.attributes['password_hash']: status.info['needs_fixing'].append('password_hash') else: if status.info['passwd_hash'] != self.attributes['password_hash']: status.info['needs_fixing'].append('password_hash') # verify content of /etc/group status.info['groups'] = _groups_for_user(self.node, self.name) if self.attributes['groups'] is not None and \ set(self.attributes['groups']) != set(status.info['groups']): status.info['needs_fixing'].append('groups') if status.info['needs_fixing']: status.correct = False return status