def __init__(self, data, storage, payload, instclass): FirstbootSpokeMixIn.__init__(self) NormalTUISpoke.__init__(self, data, storage, payload, instclass) self.initialize_start() self.title = N_("User creation") self._container = None if self.data.user.userList: self._user_data = self.data.user.userList[0] self._create_user = True else: self._user_data = self.data.UserData() self._create_user = False self._use_password = self._user_data.isCrypted or self._user_data.password self._groups = "" self._is_admin = False self._policy = self.data.anaconda.pwpolicy.get_policy("user", fallback_to_default=True) self.errors = [] self._users_module = USERS.get_observer() self._users_module.connect() self.initialize_done()
def test_evaluation_passwd_minlen_no_passwd( proxy_getter, rule_data, ksdata_mock, storage_mock): password_proxy_mock = USERS.get_proxy() password_proxy_mock.IsRootPasswordSet = False evaluation_passwd_minlen_no_passwd(rule_data, ksdata_mock, storage_mock, 8, (10, 11)) evaluation_passwd_minlen_no_passwd(rule_data, ksdata_mock, storage_mock, 10, (8, 11)) evaluation_passwd_minlen_no_passwd(rule_data, ksdata_mock, storage_mock, 11, (8, 10))
def __init__(self, *args): NormalSpoke.__init__(self, *args) GUISpokeInputCheckHandler.__init__(self) self._users_module = USERS.get_observer() self._users_module.connect() self._services_module = SERVICES.get_observer() self._services_module.connect()
def test_evaluation_passwd_minlen_good_passwd(proxy_getter, rule_data, ksdata_mock, storage_mock): password_proxy_mock = USERS.get_proxy() password_proxy_mock.IsRootPasswordCrypted = False password_proxy_mock.RootPassword = "******" rule_data.new_rule("passwd --minlen=8") messages = rule_data.eval_rules(ksdata_mock, storage_mock, report_only=False) # minimal password length less than actual length --> no warning assert not messages
def eval_rules(self, ksdata, storage, report_only=False): """:see: RuleHandler.eval_rules""" if self._minlen == 0: # no password restrictions, nothing to be done here return [] ret = [] users_proxy = USERS.get_proxy() if not users_proxy.IsRootPasswordSet: # root password was not set msg = _("make sure to create password with minimal length of %d " "characters") % self._minlen ret = [RuleMessage(self.__class__, common.MESSAGE_TYPE_WARNING, msg)] else: # root password set if users_proxy.IsRootPasswordCrypted: msg = _("cannot check root password length (password is crypted)") log.warning("cannot check root password length (password is crypted)") return [RuleMessage(self.__class__, common.MESSAGE_TYPE_WARNING, msg)] elif len(users_proxy.RootPassword) < self._minlen: # too short msg = _("root password is too short, a longer one with at " "least %d characters is required") % self._minlen ret = [RuleMessage(self.__class__, common.MESSAGE_TYPE_FATAL, msg)] else: ret = [] if report_only: return ret # set the policy in any case (so that a weaker password is not entered) pw_policy = ksdata.anaconda.pwpolicy.get_policy("root") if pw_policy is None: pw_policy = F22_PwPolicyData() log.info("OSCAP addon: setting password policy %s" % pw_policy) ksdata.anaconda.pwpolicy.policyList.append(pw_policy) log.info("OSCAP addon: password policy list: %s" % ksdata.anaconda.pwpolicy.policyList) self._created_policy = True self._orig_minlen = pw_policy.minlen self._orig_strict = pw_policy.strict pw_policy.minlen = self._minlen pw_policy.strict = True return ret
def test_evaluation_passwd_minlen_crypted_passwd( proxy_getter, rule_data, ksdata_mock, storage_mock): password_proxy_mock = USERS.get_proxy() password_proxy_mock.IsRootPasswordCrypted = True password_proxy_mock.RootPassword = "******" rule_data.new_rule("passwd --minlen=8") messages = rule_data.eval_rules(ksdata_mock, storage_mock, report_only=False) # minimal password length greater than actual length --> one warning assert len(messages) == 1 assert messages[0].type == common.MESSAGE_TYPE_WARNING # warning has to mention that the password cannot be checked assert "cannot check" in messages[0].text
def __init__(self, data, storage, payload): NormalTUISpoke.__init__(self, data, storage, payload) self.initialize_start() self.title = N_("Root password") self.input_required = False self._policy = self.data.anaconda.pwpolicy.get_policy("root", fallback_to_default=True) self._password = None self._users_module = USERS.get_observer() self._users_module.connect() self._services_module = SERVICES.get_observer() self._services_module.connect() self.initialize_done()
def test_evaluation_passwd_minlen_report_only_not_ignored( proxy_getter, rule_data, ksdata_mock, storage_mock): password_proxy_mock = USERS.get_proxy() password_proxy_mock.IsRootPasswordCrypted = False password_proxy_mock.RootPassword = "******" rule_data.new_rule("passwd --minlen=8") messages = rule_data.eval_rules(ksdata_mock, storage_mock, report_only=False) # Mock pw_policy returned by anaconda.pwpolicy.get_policy() pw_policy_mock = mock.Mock() pw_policy_mock.minlen = 6 pw_policy_mock.strict = False ksdata_mock.anaconda.pwpolicy.get_policy.return_value = pw_policy_mock # call eval_rules with report_only=False # should set password minimal length to 8 messages = rule_data.eval_rules(ksdata_mock, storage_mock, report_only=False) # Password Policy changed --> no warnings assert not messages assert rule_data._passwd_rules._orig_minlen == 6 assert not rule_data._passwd_rules._orig_strict assert pw_policy_mock.minlen == 8 assert pw_policy_mock.strict assert rule_data._passwd_rules._minlen == 8 # call of eval_rules with report_only=True # should not change anything messages = rule_data.eval_rules(ksdata_mock, storage_mock, report_only=True) # Password Policy stayed the same --> no warnings assert not messages assert rule_data._passwd_rules._orig_minlen == 6 assert not rule_data._passwd_rules._orig_strict assert pw_policy_mock.minlen == 8 assert pw_policy_mock.strict assert rule_data._passwd_rules._minlen == 8
def execute(self, storage, ksdata, users): users_proxy = USERS.get_proxy() if flags.automatedInstall and not users_proxy.IsRootPasswordSet and not users_proxy.IsRootpwKickstarted: # Lock the root password if during an installation with kickstart # the root password is empty & not specififed as empty in the kickstart # (seen == False) via the rootpw command. # Note that kickstart is actually the only way to specify an empty # root password - we don't allow that via the UI. users_proxy.SetRootAccountLocked(True) elif not flags.automatedInstall and not users_proxy.IsRootPasswordSet: # Also lock the root password if it was not set during interactive installation. users_proxy.SetRootAccountLocked(True) users.setRootPassword(users_proxy.RootPassword, users_proxy.IsRootPasswordCrypted, users_proxy.IsRootAccountLocked, None, util.getSysroot())
def set_dbus_defaults(): boss = BOSS.get_proxy() boss.GetModules.return_value = [ KDUMP.service_name ] kdump = KDUMP.get_proxy() kdump.KdumpEnabled = True user_interface = BOSS.get_proxy(USER_INTERFACE) user_interface.PasswordPolicies = {} network = NETWORK.get_proxy() network.Connected.return_value = True firewall = NETWORK.get_proxy(FIREWALL) firewall.EnabledServices = [] firewall.DisabledServices = [] firewall.EnabledPorts = [] firewall.Trusts = [] device_tree = STORAGE.get_proxy(DEVICE_TREE) device_tree.GetDeviceMountOptions.return_value = "defaults" device_tree.GetMountPoints.return_value = {} bootloader = STORAGE.get_proxy(BOOTLOADER) bootloader.IsPasswordSet = False users = USERS.get_proxy() users.IsRootPasswordSet = True users.IsRootPasswordCrypted = False users.RootPassword = "******" payloads = PAYLOADS.get_proxy() payloads.ActivePayload = "/fake/payload/1" dnf_payload = PAYLOADS.get_proxy("/fake/payload/1") dnf_payload.Type = PAYLOAD_TYPE_DNF packages_data = PackagesSelectionData() dnf_payload.PackagesSelection = PackagesSelectionData.to_structure(packages_data)
def set_dbus_defaults(): network = NETWORK.get_proxy() network.Connected.return_value = True firewall = NETWORK.get_proxy(FIREWALL) firewall.EnabledServices = [] firewall.DisabledServices = [] firewall.EnabledPorts = [] firewall.Trusts = [] device_tree = STORAGE.get_proxy(DEVICE_TREE) device_tree.GetDeviceMountOptions.return_value = "defaults" device_tree.GetMountPoints.return_value = {} bootloader = STORAGE.get_proxy(BOOTLOADER) bootloader.IsPasswordSet = False users = USERS.get_proxy() users.IsRootPasswordSet = True users.IsRootPasswordCrypted = False users.RootPassword = "******"
def test_evaluation_passwd_minlen_report_only_not_ignored( proxy_getter, rule_data, ksdata_mock, storage_mock): password_proxy_mock = USERS.get_proxy() password_proxy_mock.IsRootPasswordCrypted = False password_proxy_mock.RootPassword = "******" rule_data.new_rule("passwd --minlen=8") # call eval_rules with report_only=False # should set password minimal length to 8 messages = rule_data.eval_rules(ksdata_mock, storage_mock, report_only=False) # Password Policy changed --> no warnings assert not messages assert rule_data._passwd_rules._orig_minlen == 6 assert not rule_data._passwd_rules._orig_strict assert rule_data._passwd_rules._minlen == 8 policy = PasswordPolicy.from_defaults(PASSWORD_POLICY_ROOT) policy.min_length = 8 policy.is_strict = True policies = {PASSWORD_POLICY_ROOT: policy} ui_mock = BOSS.get_proxy(USER_INTERFACE) assert ui_mock.PasswordPolicies == \ PasswordPolicy.to_structure_dict(policies) # call of eval_rules with report_only=True # should not change anything messages = rule_data.eval_rules(ksdata_mock, storage_mock, report_only=True) # Password Policy stayed the same --> no warnings assert not messages assert rule_data._passwd_rules._orig_minlen == 6 assert not rule_data._passwd_rules._orig_strict assert rule_data._passwd_rules._minlen == 8 assert ui_mock.PasswordPolicies == \ PasswordPolicy.to_structure_dict(policies)
def test_evaluation_passwd_minlen_short_passwd_report_only( proxy_getter, rule_data, ksdata_mock, storage_mock): password_proxy_mock = USERS.get_proxy() password_proxy_mock.IsRootPasswordCrypted = False password_proxy_mock.RootPassword = "******" rule_data.new_rule("passwd --minlen=8") messages = rule_data.eval_rules(ksdata_mock, storage_mock, report_only=True) # minimal password length greater than actual length --> one warning assert len(messages) == 1 assert messages[0].type == common.MESSAGE_TYPE_FATAL # warning has to mention the length assert "8" in messages[0].text # warning should mention that something is wrong with the old password assert "is" in messages[0].text # doing changes --> password should not be cleared assert password_proxy_mock.RootPassword == "aaaa"
def __str__(self): users_proxy = USERS.get_proxy() return users_proxy.GenerateTemporaryKickstart()