Esempio n. 1
0
    def setUp(self):
        self.admin = credentials.UsernamePassword("admin", "asdf")
        self.alice = credentials.UsernamePassword("alice", "foo")
        self.badPass = credentials.UsernamePassword("alice", "foobar")
        self.badUser = credentials.UsernamePassword("x", "yz")
        self.checker = strcred.makeChecker("unix")
        self.adminBytes = credentials.UsernamePassword(b"admin", b"asdf")
        self.aliceBytes = credentials.UsernamePassword(b"alice", b"foo")
        self.badPassBytes = credentials.UsernamePassword(b"alice", b"foobar")
        self.badUserBytes = credentials.UsernamePassword(b"x", b"yz")
        self.checkerBytes = strcred.makeChecker("unix")

        # Hack around the pwd and spwd modules, since we can't really
        # go about reading your /etc/passwd or /etc/shadow files
        if pwd:
            database = UserDatabase()
            for username, password in self.users.items():
                database.addUser(
                    username,
                    crypt.crypt(password, "F/"),
                    1000,
                    1000,
                    username,
                    "/home/" + username,
                    "/bin/sh",
                )
            self.patch(pwd, "getpwnam", database.getpwnam)
        if spwd:
            self.patch(spwd, "getspnam", self._spwd_getspnam)
Esempio n. 2
0
 def test_pwdGetByName(self):
     """
     L{_pwdGetByName} returns a tuple of items from the UNIX /etc/passwd
     database if the L{pwd} module is present.
     """
     userdb = UserDatabase()
     userdb.addUser("alice", "secrit", 1, 2, "first last", "/foo", "/bin/sh")
     self.patch(checkers, "pwd", userdb)
     self.assertEqual(checkers._pwdGetByName("alice"), userdb.getpwnam("alice"))
Esempio n. 3
0
 def test_pwdGetByName(self):
     """
     L{_pwdGetByName} returns a tuple of items from the UNIX /etc/passwd
     database if the L{pwd} module is present.
     """
     userdb = UserDatabase()
     userdb.addUser('alice', 'secrit', 1, 2, 'first last', '/foo',
                    '/bin/sh')
     self.patch(checkers, 'pwd', userdb)
     self.assertEqual(checkers._pwdGetByName('alice'),
                      userdb.getpwnam('alice'))
Esempio n. 4
0
 def test_passInCheckers(self):
     """
     L{UNIXPasswordDatabase} takes a list of functions to check for UNIX
     user information.
     """
     password = crypt.crypt('secret', 'secret')
     userdb = UserDatabase()
     userdb.addUser('anybody', password, 1, 2, 'foo', '/bar', '/bin/sh')
     checker = checkers.UNIXPasswordDatabase([userdb.getpwnam])
     self.assertLoggedIn(
         checker.requestAvatarId(UsernamePassword('anybody', 'secret')),
         'anybody')
Esempio n. 5
0
 def test_passInCheckers(self):
     """
     L{UNIXPasswordDatabase} takes a list of functions to check for UNIX
     user information.
     """
     password = crypt.crypt("secret", "secret")
     userdb = UserDatabase()
     userdb.addUser("anybody", password, 1, 2, "foo", "/bar", "/bin/sh")
     checker = checkers.UNIXPasswordDatabase([userdb.getpwnam])
     self.assertLoggedIn(
         checker.requestAvatarId(UsernamePassword(b"anybody", b"secret")),
         b"anybody")
Esempio n. 6
0
    def setUp(self):
        mockos = MockOS()
        mockos.path = FilePath(self.mktemp())
        mockos.path.makedirs()

        self.userdb = UserDatabase()
        self.userdb.addUser('alice', 'password', 1, 2, 'alice lastname',
                            mockos.path.path, '/bin/shell')

        self.sshDir = mockos.path.child('.ssh')
        self.sshDir.makedirs()
        authorized_keys = self.sshDir.child('authorized_keys')
        authorized_keys.setContent('key 1\nkey 2')
Esempio n. 7
0
    def setUp(self):
        self.checker = checkers.SSHPublicKeyDatabase()
        self.key1 = base64.encodestring("foobar")
        self.key2 = base64.encodestring("eggspam")
        self.content = "t1 %s foo\nt2 %s egg\n" % (self.key1, self.key2)

        self.mockos = MockOS()
        self.mockos.path = FilePath(self.mktemp())
        self.mockos.path.makedirs()
        self.patch(util, 'os', self.mockos)
        self.sshDir = self.mockos.path.child('.ssh')
        self.sshDir.makedirs()

        userdb = UserDatabase()
        userdb.addUser('user', 'password', 1, 2, 'first last',
                       self.mockos.path.path, '/bin/shell')
        self.checker._userdb = userdb
    def test_bootstrap(self, mock_getuid, mock_getgrnam, mock_chown):
        data_path = self.makeDir()
        log_dir = self.makeDir()
        fake_pwd = UserDatabase()
        fake_pwd.addUser("landscape", None, 1234, None, None, None, None)

        mock_getgrnam("root").gr_gid = 5678

        with mock.patch("landscape.lib.bootstrap.pwd", new=fake_pwd):
            bootstrap_list.bootstrap(data_path=data_path,
                                     log_dir=log_dir)

        def path(*suffix):
            return os.path.join(data_path, *suffix)

        paths = ["package",
                 "package/hash-id",
                 "package/binaries",
                 "package/upgrade-tool",
                 "messages",
                 "sockets",
                 "custom-graph-scripts",
                 log_dir,
                 "package/database"]
        calls = [mock.call(path(path_comps), 1234, 5678)
                 for path_comps in paths]
        mock_chown.assert_has_calls([mock.call(path(), 1234, 5678)] + calls)
        self.assertTrue(os.path.isdir(path()))
        self.assertTrue(os.path.isdir(path("package")))
        self.assertTrue(os.path.isdir(path("messages")))
        self.assertTrue(os.path.isdir(path("custom-graph-scripts")))
        self.assertTrue(os.path.isdir(log_dir))
        self.assertTrue(os.path.isfile(path("package/database")))

        def mode(*suffix):
            return stat.S_IMODE(os.stat(path(*suffix)).st_mode)

        self.assertEqual(mode(), 0o755)
        self.assertEqual(mode("messages"), 0o755)
        self.assertEqual(mode("package"), 0o755)
        self.assertEqual(mode("package/hash-id"), 0o755)
        self.assertEqual(mode("package/binaries"), 0o755)
        self.assertEqual(mode("sockets"), 0o750)
        self.assertEqual(mode("custom-graph-scripts"), 0o755)
        self.assertEqual(mode("package/database"), 0o644)
Esempio n. 9
0
    def setUp(self):
        self.checker = checkers.SSHPublicKeyDatabase()
        self.key1 = _b64encodebytes(b"foobar")
        self.key2 = _b64encodebytes(b"eggspam")
        self.content = (b"t1 " + self.key1 + b" foo\nt2 " + self.key2 +
                        b" egg\n")

        self.mockos = MockOS()
        self.mockos.path = FilePath(self.mktemp())
        self.mockos.path.makedirs()
        self.patch(util, 'os', self.mockos)
        self.sshDir = self.mockos.path.child('.ssh')
        self.sshDir.makedirs()

        userdb = UserDatabase()
        userdb.addUser(b'user', b'password', 1, 2, b'first last',
                       self.mockos.path.path, b'/bin/shell')
        self.checker._userdb = userdb
Esempio n. 10
0
 def setUp(self):
     """
     Create a L{cftp.StdioClient} hooked up to dummy transport and a fake
     user database.
     """
     self.fakeFilesystem = FilesystemAccessExpectations()
     sftpClient = InMemorySFTPClient(self.fakeFilesystem )
     self.client = cftp.StdioClient(sftpClient)
     self.client.currentDirectory = '/'
     self.database = self.client._pwd = UserDatabase()
     # Use a fixed width for all tests so that we get the same results when
     # running these tests from different terminals.
     # Run tests in a wide console so that all items are delimited by at
     # least one space character.
     self.setKnownConsoleSize(500, 24)
     # Intentionally bypassing makeConnection - that triggers some code
     # which uses features not provided by our dumb Connection fake.
     self.client.transport = self.client.client.transport
Esempio n. 11
0
    def setUp(self):
        """
        Create a L{cftp.StdioClient} hooked up to dummy transport and a fake
        user database.
        """
        class Connection:
            pass

        conn = Connection()
        conn.transport = StringTransport()
        conn.transport.localClosed = False

        self.client = cftp.StdioClient(conn)
        self.database = self.client._pwd = UserDatabase()

        # Intentionally bypassing makeConnection - that triggers some code
        # which uses features not provided by our dumb Connection fake.
        self.client.transport = StringTransport()
Esempio n. 12
0
    def setUp(self):
        self.admin = credentials.UsernamePassword('admin', 'asdf')
        self.alice = credentials.UsernamePassword('alice', 'foo')
        self.badPass = credentials.UsernamePassword('alice', 'foobar')
        self.badUser = credentials.UsernamePassword('x', 'yz')
        self.checker = strcred.makeChecker('unix')

        # Hack around the pwd and spwd modules, since we can't really
        # go about reading your /etc/passwd or /etc/shadow files
        if pwd:
            database = UserDatabase()
            for username, password in self.users.items():
                database.addUser(username, crypt.crypt(password,
                                                       'F/'), 1000, 1000,
                                 username, '/home/' + username, '/bin/sh')
            self.patch(pwd, 'getpwnam', database.getpwnam)
        if spwd:
            self._spwd_getspnam = spwd.getspnam
            spwd.getspnam = self._spwd
Esempio n. 13
0
def patchUserDatabase(patch, user, uid, group, gid):
    """
    Patch L{pwd.getpwnam} so that it behaves as though only one user exists
    and patch L{grp.getgrnam} so that it behaves as though only one group
    exists.

    @param patch: A function like L{TestCase.patch} which will be used to
        install the fake implementations.

    @type user: C{str}
    @param user: The name of the single user which will exist.

    @type uid: C{int}
    @param uid: The UID of the single user which will exist.

    @type group: C{str}
    @param group: The name of the single user which will exist.

    @type gid: C{int}
    @param gid: The GID of the single group which will exist.
    """
    # Try not to be an unverified fake, but try not to depend on quirks of
    # the system either (eg, run as a process with a uid and gid which
    # equal each other, and so doesn't reliably test that uid is used where
    # uid should be used and gid is used where gid should be used). -exarkun
    pwent = pwd.getpwuid(os.getuid())
    grent = grp.getgrgid(os.getgid())

    database = UserDatabase()
    database.addUser(
        user, pwent.pw_passwd, uid, pwent.pw_gid,
        pwent.pw_gecos, pwent.pw_dir, pwent.pw_shell)

    def getgrnam(name):
        result = list(grent)
        result[result.index(grent.gr_name)] = group
        result[result.index(grent.gr_gid)] = gid
        result = tuple(result)
        return {group: result}[name]

    patch(pwd, "getpwnam", database.getpwnam)
    patch(grp, "getgrnam", getgrnam)
Esempio n. 14
0
    def test_failOnSpecial(self):
        """
        If the password returned by any function is C{""}, C{"x"}, or C{"*"} it
        is not compared against the supplied password.  Instead it is skipped.
        """
        pwd = UserDatabase()
        pwd.addUser("alice", "", 1, 2, "", "foo", "bar")
        pwd.addUser("bob", "x", 1, 2, "", "foo", "bar")
        pwd.addUser("carol", "*", 1, 2, "", "foo", "bar")
        self.patch(checkers, "pwd", pwd)

        checker = checkers.UNIXPasswordDatabase([checkers._pwdGetByName])
        cred = UsernamePassword(b"alice", b"")
        self.assertUnauthorizedLogin(checker.requestAvatarId(cred))

        cred = UsernamePassword(b"bob", b"x")
        self.assertUnauthorizedLogin(checker.requestAvatarId(cred))

        cred = UsernamePassword(b"carol", b"*")
        self.assertUnauthorizedLogin(checker.requestAvatarId(cred))
Esempio n. 15
0
    def test_failOnSpecial(self):
        """
        If the password returned by any function is C{""}, C{"x"}, or C{"*"} it
        is not compared against the supplied password.  Instead it is skipped.
        """
        pwd = UserDatabase()
        pwd.addUser('alice', '', 1, 2, '', 'foo', 'bar')
        pwd.addUser('bob', 'x', 1, 2, '', 'foo', 'bar')
        pwd.addUser('carol', '*', 1, 2, '', 'foo', 'bar')
        self.patch(checkers, 'pwd', pwd)

        checker = checkers.UNIXPasswordDatabase([checkers._pwdGetByName])
        cred = UsernamePassword('alice', '')
        self.assertUnauthorizedLogin(checker.requestAvatarId(cred))

        cred = UsernamePassword('bob', 'x')
        self.assertUnauthorizedLogin(checker.requestAvatarId(cred))

        cred = UsernamePassword('carol', '*')
        self.assertUnauthorizedLogin(checker.requestAvatarId(cred))
Esempio n. 16
0
    def test_defaultCheckers(self):
        """
        L{UNIXPasswordDatabase} with no arguments has checks the C{pwd} database
        and then the C{spwd} database.
        """
        checker = checkers.UNIXPasswordDatabase()

        def crypted(username, password):
            salt = crypt.crypt(password, username)
            crypted = crypt.crypt(password, '$1$' + salt)
            return crypted

        pwd = UserDatabase()
        pwd.addUser('alice', crypted('alice', 'password'), 1, 2, 'foo', '/foo',
                    '/bin/sh')
        # x and * are convention for "look elsewhere for the password"
        pwd.addUser('bob', 'x', 1, 2, 'bar', '/bar', '/bin/sh')
        spwd = ShadowDatabase()
        spwd.addUser('alice', 'wrong', 1, 2, 3, 4, 5, 6, 7)
        spwd.addUser('bob', crypted('bob', 'password'), 8, 9, 10, 11, 12, 13,
                     14)

        self.patch(checkers, 'pwd', pwd)
        self.patch(checkers, 'spwd', spwd)

        mockos = MockOS()
        self.patch(checkers, 'os', mockos)
        self.patch(util, 'os', mockos)

        mockos.euid = 2345
        mockos.egid = 1234

        cred = UsernamePassword("alice", "password")
        self.assertLoggedIn(checker.requestAvatarId(cred), 'alice')
        self.assertEquals(mockos.seteuidCalls, [])
        self.assertEquals(mockos.setegidCalls, [])
        cred.username = "******"
        self.assertLoggedIn(checker.requestAvatarId(cred), 'bob')
        self.assertEquals(mockos.seteuidCalls, [0, 2345])
        self.assertEquals(mockos.setegidCalls, [0, 1234])
Esempio n. 17
0
    def setUp(self):
        mockos = MockOS()
        mockos.path = FilePath(self.mktemp())
        mockos.path.makedirs()

        self.userdb = UserDatabase()
        self.userdb.addUser(
            b"alice",
            b"password",
            1,
            2,
            b"alice lastname",
            mockos.path.path,
            b"/bin/shell",
        )

        self.sshDir = mockos.path.child(".ssh")
        self.sshDir.makedirs()
        authorizedKeys = self.sshDir.child("authorized_keys")
        authorizedKeys.setContent(b"key 1\nkey 2")

        self.expectedKeys = [b"key 1", b"key 2"]
Esempio n. 18
0
    def test_defaultCheckers(self):
        """
        L{UNIXPasswordDatabase} with no arguments has checks the C{pwd} database
        and then the C{spwd} database.
        """
        checker = checkers.UNIXPasswordDatabase()

        def crypted(username, password):
            salt = crypt.crypt(password, username)
            crypted = crypt.crypt(password, "$1$" + salt)
            return crypted

        pwd = UserDatabase()
        pwd.addUser("alice", crypted("alice", "password"), 1, 2, "foo", "/foo",
                    "/bin/sh")
        # x and * are convention for "look elsewhere for the password"
        pwd.addUser("bob", "x", 1, 2, "bar", "/bar", "/bin/sh")
        spwd = ShadowDatabase()
        spwd.addUser("alice", "wrong", 1, 2, 3, 4, 5, 6, 7)
        spwd.addUser("bob", crypted("bob", "password"), 8, 9, 10, 11, 12, 13,
                     14)

        self.patch(checkers, "pwd", pwd)
        self.patch(checkers, "spwd", spwd)

        mockos = MockOS()
        self.patch(util, "os", mockos)

        mockos.euid = 2345
        mockos.egid = 1234

        cred = UsernamePassword(b"alice", b"password")
        self.assertLoggedIn(checker.requestAvatarId(cred), b"alice")
        self.assertEqual(mockos.seteuidCalls, [])
        self.assertEqual(mockos.setegidCalls, [])
        cred.username = b"bob"
        self.assertLoggedIn(checker.requestAvatarId(cred), b"bob")
        self.assertEqual(mockos.seteuidCalls, [0, 2345])
        self.assertEqual(mockos.setegidCalls, [0, 1234])
Esempio n. 19
0
    def setUp(self):
        self.checker = checkers.SSHPublicKeyDatabase()
        self.key1 = encodebytes(b"foobar")
        self.key2 = encodebytes(b"eggspam")
        self.content = b"t1 " + self.key1 + b" foo\nt2 " + self.key2 + b" egg\n"

        self.mockos = MockOS()
        self.mockos.path = FilePath(self.mktemp())
        self.mockos.path.makedirs()
        self.patch(util, "os", self.mockos)
        self.sshDir = self.mockos.path.child(".ssh")
        self.sshDir.makedirs()

        userdb = UserDatabase()
        userdb.addUser(
            b"user",
            b"password",
            1,
            2,
            b"first last",
            self.mockos.path.path,
            b"/bin/shell",
        )
        self.checker._userdb = userdb
Esempio n. 20
0
 def __init__(self, users):
     self._users = users
     self._userdb = UserDatabase()
     for i, username in enumerate(self._users):
         self._userdb.addUser(username, b"garbage", 123 + i, 456, None,
                              None, None)
Esempio n. 21
0
 def setUp(self):
     super(WatchDogRunTests, self).setUp()
     self.fake_pwd = UserDatabase()
Esempio n. 22
0
 def setUp(self):
     """
     Create a L{UserDatabase} with no user data in it.
     """
     self.database = UserDatabase()
     self._counter = SYSTEM_UID_MAX + 1