def test_update_all_four(self): old_rule = PamdRule.rulefromstring( 'auth sufficient pam_unix.so nullok try_first_pass') new_rule = PamdRule.rulefromstring('one two three four five') update_rule(self.pamd, old_rule, new_rule) self.assertIn(str(new_rule).rstrip(), str(self.pamd)) self.assertNotIn(str(old_rule).rstrip(), str(self.pamd))
def test_remove_module_arguments_one(self): old_rule = PamdRule.rulefromstring('auth sufficient pam_unix.so nullok try_first_pass') new_rule = PamdRule.rulefromstring('auth sufficient pam_unix.so try_first_pass') args_to_remove = ['nullok'] remove_module_arguments(self.pamd, old_rule, args_to_remove) self.assertIn(str(new_rule).rstrip(), str(self.pamd)) self.assertNotIn(str(old_rule).rstrip(), str(self.pamd))
def test_update_rule_module_path_slash(self): old_rule = PamdRule.rulefromstring('auth required pam_env.so') new_rule = PamdRule.rulefromstring( 'auth required /lib64/security/pam_duo.so') update_rule(self.pamd, old_rule, new_rule) self.assertIn(str(new_rule).rstrip(), str(self.pamd)) self.assertNotIn(str(old_rule).rstrip(), str(self.pamd))
def test_remove_module_arguments_two(self): old_rule = PamdRule.rulefromstring('session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid') new_rule = PamdRule.rulefromstring('session [success=1 default=ignore] pam_succeed_if.so in quiet use_uid') args_to_remove = ['service', 'crond'] remove_module_arguments(self.pamd, old_rule, args_to_remove) self.assertIn(str(new_rule).rstrip(), str(self.pamd)) self.assertNotIn(str(old_rule).rstrip(), str(self.pamd))
def test_update_rule_module_path(self): old_rule = PamdRule.rulefromstring('auth required pam_env.so') new_rule = PamdRule.rulefromstring( 'session required pam_limits.so') update_rule(self.pamd, old_rule, new_rule) self.assertIn(str(new_rule).rstrip(), str(self.pamd)) self.assertNotIn(str(old_rule).rstrip(), str(self.pamd))
def test_add_module_arguments_where_none_existed(self): old_rule = PamdRule.rulefromstring('account required pam_unix.so') new_rule = PamdRule.rulefromstring( 'account required pam_unix.so arg1 arg2= arg3=arg3') args_to_add = ['arg1', 'arg2=', 'arg3=arg3'] add_module_arguments(self.pamd, old_rule, args_to_add) self.assertIn(str(new_rule).rstrip(), str(self.pamd))
def test_insert_after_rule(self): old_rule = PamdRule.rulefromstring('account required pam_unix.so') new_rule = PamdRule.rulefromstring('account required pam_permit.so arg1 arg2 arg3') insert_after_rule(self.pamd, old_rule, new_rule) line_to_test = str(old_rule).rstrip() line_to_test += '\n' line_to_test += str(new_rule).rstrip() self.assertIn(line_to_test, str(self.pamd))
def test_insert_before_rule(self): old_rule = PamdRule.rulefromstring('account required pam_unix.so') new_rule = PamdRule.rulefromstring('account required pam_permit.so') insert_before_rule(self.pamd, old_rule, new_rule) line_to_test = str(new_rule).rstrip() line_to_test += '\n' line_to_test += str(old_rule).rstrip() self.assertIn(line_to_test, str(self.pamd))
def test_update_rule_module_args(self): old_rule = PamdRule.rulefromstring( 'auth sufficient pam_unix.so nullok try_first_pass') new_rule = PamdRule.rulefromstring( 'auth sufficient pam_unix.so uid uid') update_rule(self.pamd, old_rule, new_rule) self.assertIn(str(new_rule).rstrip(), str(self.pamd)) self.assertNotIn(str(old_rule).rstrip(), str(self.pamd))
def test_insert_after_rule_another(self): old_rule = PamdRule.rulefromstring('auth sufficient pam_rootok.so') new_rule = PamdRule.rulefromstring('auth required pam_wheel.so use_id') insert_after_rule(self.pamd, old_rule, new_rule) line_to_test = str(old_rule).rstrip() line_to_test += '\n' line_to_test += str(new_rule).rstrip() self.assertIn(line_to_test, str(self.pamd))
def test_add_module_args_with_string(self): old_rule = PamdRule.rulefromstring( "account required pam_access.so") new_rule = PamdRule.rulefromstring( "account required pam_access.so listsep=,") args_to_add = ['listsep=,'] add_module_arguments(self.pamd, old_rule, args_to_add) self.assertIn(str(new_rule).rstrip(), str(self.pamd))
def test_insert_after_rule_last_rule(self): old_rule = PamdRule.rulefromstring('session required pam_unix.so') new_rule = PamdRule.rulefromstring( 'session required pam_permit.so arg1 arg2 arg3') insert_after_rule(self.pamd, old_rule, new_rule) line_to_test = str(old_rule).rstrip() line_to_test += '\n' line_to_test += str(new_rule).rstrip() self.assertIn(line_to_test, str(self.pamd))
def test_add_module_arguments_where_some_existed(self): old_rule = PamdRule.rulefromstring( 'auth sufficient pam_unix.so nullok try_first_pass') new_rule = PamdRule.rulefromstring( 'auth sufficient pam_unix.so nullok try_first_pass arg1 arg2= arg3=arg3' ) args_to_add = ['arg1', 'arg2=', 'arg3=arg3'] add_module_arguments(self.pamd, old_rule, args_to_add) self.assertIn(str(new_rule).rstrip(), str(self.pamd))
def test_insert_after_rule_another(self): old_rule = PamdRule.rulefromstring('auth sufficient pam_rootok.so') new_rule = PamdRule.rulefromstring( 'auth required pam_wheel.so use_id') insert_after_rule(self.pamd, old_rule, new_rule) line_to_test = str(old_rule).rstrip() line_to_test += '\n' line_to_test += str(new_rule).rstrip() self.assertIn(line_to_test, str(self.pamd))
def test_update_rule_control_more_complex(self): old_rule = PamdRule.rulefromstring( 'session [success=1 test=me default=ignore] pam_succeed_if.so service in crond quiet use_uid' ) new_rule = PamdRule.rulefromstring( 'session [success=2 test=me default=ignore] pam_succeed_if.so service in crond quiet use_uid' ) update_rule(self.pamd, old_rule, new_rule) self.assertIn(str(new_rule).rstrip(), str(self.pamd)) self.assertNotIn(str(old_rule).rstrip(), str(self.pamd))
def test_update_rule_module_args(self): self.assertTrue( self.pamd.update_rule('auth', 'sufficient', 'pam_unix.so', new_args='uid uid')) test_rule = PamdRule('auth', 'sufficient', 'pam_unix.so', 'uid uid') self.assertIn(str(test_rule), str(self.pamd)) test_rule = PamdRule('auth', 'sufficient', 'pam_unix.so', 'nullok try_first_pass') self.assertNotIn(str(test_rule), str(self.pamd))
def test_update_all_four(self): self.assertTrue( self.pamd.update_rule('auth', 'sufficient', 'pam_unix.so', new_type='one', new_control='two', new_path='three', new_args='four five')) test_rule = PamdRule('one', 'two', 'three', 'four five') self.assertIn(str(test_rule), str(self.pamd)) test_rule = PamdRule('auth', 'sufficient', 'pam_unix.so', 'nullok try_first_pass') self.assertNotIn(str(test_rule), str(self.pamd))
def test_remove_rule(self): self.assertTrue(self.pamd.remove('account', 'required', 'pam_unix.so')) # Second run should not change anything self.assertFalse(self.pamd.remove('account', 'required', 'pam_unix.so')) test_rule = PamdRule('account', 'required', 'pam_unix.so') self.assertNotIn(str(test_rule), str(self.pamd))
def test_rule_with_args(self): line = "account optional pam_echo.so file1=/etc/lockout1.txt file2=/etc/lockout2.txt" module = PamdRule.rulefromstring(stringline=line) self.assertEqual(module.rule_type, 'account') self.assertEqual(module.rule_control, 'optional') self.assertEqual(module.rule_module_path, 'pam_echo.so') self.assertEqual(module.rule_module_args, ['file1=/etc/lockout1.txt', 'file2=/etc/lockout2.txt'])
def test_slash_in_args_more(self): rule = "auth [success=1 default=ignore] /lib64/security/pam_duo.so".rstrip( ) module = PamdRule.rulefromstring(stringline=rule) module_string = re.sub(' +', ' ', str(module).replace('\t', ' ')) self.assertEqual(rule, module_string.rstrip()) self.assertEqual('', module.get_module_args_as_string())
def test_simple_more(self): simple = "auth required pam_tally2.so deny=5 onerr=fail".rstrip() module = PamdRule.rulefromstring(stringline=simple) module_string = re.sub(' +', ' ', str(module).replace('\t', ' ')) self.assertEqual(simple, module_string.rstrip()) self.assertEqual('deny=5 onerr=fail', module.get_module_args_as_string())
def test_less_than_in_args(self): rule = "auth requisite pam_succeed_if.so uid >= 1025 quiet_success" module = PamdRule.rulefromstring(stringline=rule) module_string = re.sub(' +', ' ', str(module).replace('\t', ' ')) self.assertEqual(rule, module_string.rstrip()) self.assertEqual('uid >= 1025 quiet_success', module.get_module_args_as_string())
def test_rule_with_arg(self): line = "account optional pam_echo.so file=/etc/lockout.txt" module = PamdRule.rulefromstring(stringline=line) self.assertEqual(module.rule_type, 'account') self.assertEqual(module.rule_control, 'optional') self.assertEqual(module.rule_module_path, 'pam_echo.so') self.assertEqual(module.rule_module_args, ['file=/etc/lockout.txt'])
def test_more_complicated_rule(self): complicated = "auth" complicated += " [success=done ignore=ignore default=die]" complicated += " pam_unix.so" complicated += " try_first_pass".rstrip() module = PamdRule.rulefromstring(stringline=complicated) module_string = re.sub(' +', ' ', str(module).replace('\t', ' ')) self.assertEqual(complicated, module_string.rstrip()) self.assertEqual('try_first_pass', module.get_module_args_as_string())
def setUp(self): self.bad_type = PamdRule('foobar', 'optional', 'pam_keyinit.so', 'revoke') self.bad_control_simple = PamdRule('account', 'foobar', 'pam_keyinit.so', 'revoke') self.bad_control_value = PamdRule('account', '[foobar=1 default=ignore]', 'pam_keyinit.so', 'revoke') self.bad_control_action = PamdRule('account', '[success=1 default=foobar]', 'pam_keyinit.so', 'revoke')
def test_update_rule_with_slash(self): self.assertTrue( self.pamd.update_rule('account', '[success=1 default=ignore]', 'pam_succeed_if.so', new_type='session', new_path='pam_access.so')) test_rule = PamdRule('session', '[success=1 default=ignore]', 'pam_access.so') self.assertIn(str(test_rule), str(self.pamd))
def test_update_rule_control_simple(self): self.assertTrue( self.pamd.update_rule('session', 'optional', 'pam_keyinit.so', new_control='required')) self.assertTrue( self.pamd.has_rule('session', 'required', 'pam_keyinit.so')) test_rule = PamdRule('session', 'required', 'pam_keyinit.so') self.assertIn(str(test_rule), str(self.pamd))
def test_update_rule_type(self): self.assertTrue( self.pamd.update_rule('session', 'optional', 'pam_keyinit.so', new_type='account')) self.assertTrue( self.pamd.has_rule('account', 'optional', 'pam_keyinit.so')) test_rule = PamdRule('account', 'optional', 'pam_keyinit.so', 'revoke') self.assertIn(str(test_rule), str(self.pamd))
def test_update_first_three_with_module_args(self): self.assertTrue( self.pamd.update_rule('auth', 'sufficient', 'pam_unix.so', new_type='one', new_control='two', new_path='three')) self.assertTrue(self.pamd.has_rule('one', 'two', 'three')) test_rule = PamdRule('one', 'two', 'three') self.assertIn(str(test_rule), str(self.pamd)) self.assertIn(str(test_rule), str(self.pamd))
def test_update_rule_type_two(self): self.assertTrue( self.pamd.update_rule('session', '[success=1 default=ignore]', 'pam_succeed_if.so', new_type='account')) self.assertTrue( self.pamd.has_rule('account', '[success=1 default=ignore]', 'pam_succeed_if.so')) test_rule = PamdRule('account', '[success=1 default=ignore]', 'pam_succeed_if.so') self.assertIn(str(test_rule), str(self.pamd))
def test_update_rule_control_complex(self): self.assertTrue( self.pamd.update_rule( 'session', '[success=1 default=ignore]', 'pam_succeed_if.so', new_control='[success=2 test=me default=ignore]')) self.assertTrue( self.pamd.has_rule('session', '[success=2 test=me default=ignore]', 'pam_succeed_if.so')) test_rule = PamdRule('session', '[success=2 test=me default=ignore]', 'pam_succeed_if.so') self.assertIn(str(test_rule), str(self.pamd))
class PamdRuleBadValidationTestCase(unittest.TestCase): def setUp(self): self.bad_type = PamdRule('foobar', 'optional', 'pam_keyinit.so', 'revoke') self.bad_control_simple = PamdRule('account', 'foobar', 'pam_keyinit.so', 'revoke') self.bad_control_value = PamdRule('account', '[foobar=1 default=ignore]', 'pam_keyinit.so', 'revoke') self.bad_control_action = PamdRule('account', '[success=1 default=foobar]', 'pam_keyinit.so', 'revoke') def test_validate_bad_type(self): self.assertFalse(self.bad_type.validate()[0]) def test_validate_bad_control_simple(self): self.assertFalse(self.bad_control_simple.validate()[0]) def test_validate_bad_control_value(self): self.assertFalse(self.bad_control_value.validate()[0]) def test_validate_bad_control_action(self): self.assertFalse(self.bad_control_action.validate()[0])
class PamdRuleTestCase(unittest.TestCase): def setUp(self): self.rule = PamdRule('account', 'optional', 'pam_keyinit.so', 'revoke') def test_type(self): self.assertEqual(self.rule.rule_type, 'account') def test_control(self): self.assertEqual(self.rule.rule_control, 'optional') self.assertEqual(self.rule._control, 'optional') def test_path(self): self.assertEqual(self.rule.rule_path, 'pam_keyinit.so') def test_args(self): self.assertEqual(self.rule.rule_args, ['revoke']) def test_valid(self): self.assertTrue(self.rule.validate()[0])
def test_update_rule_control_simple(self): old_rule = PamdRule.rulefromstring('auth required pam_env.so') new_rule = PamdRule.rulefromstring('auth sufficent pam_env.so') update_rule(self.pamd, old_rule, new_rule) self.assertIn(str(new_rule).rstrip(), str(self.pamd)) self.assertNotIn(str(old_rule).rstrip(), str(self.pamd))
def test_simple(self): simple = "auth required pam_env.so".rstrip() module = PamdRule.rulefromstring(stringline=simple) module_string = re.sub(' +', ' ', str(module).replace('\t', ' ')) self.assertEqual(simple, module_string.rstrip()) self.assertEqual('', module.get_module_args_as_string())
def test_add_module_args_with_string(self): old_rule = PamdRule.rulefromstring("account required pam_access.so") new_rule = PamdRule.rulefromstring("account required pam_access.so listsep=,") args_to_add = ['listsep=,'] add_module_arguments(self.pamd, old_rule, args_to_add) self.assertIn(str(new_rule).rstrip(), str(self.pamd))
def test_trailing_comma(self): rule = "account required pam_access.so listsep=," module = PamdRule.rulefromstring(stringline=rule) module_string = re.sub(' +', ' ', str(module).replace('\t', ' ')) self.assertEqual(rule, module_string.rstrip())
def test_slash_in_args_more(self): rule = "auth [success=1 default=ignore] /lib64/security/pam_duo.so".rstrip() module = PamdRule.rulefromstring(stringline=rule) module_string = re.sub(' +', ' ', str(module).replace('\t', ' ')) self.assertEqual(rule, module_string.rstrip()) self.assertEqual('', module.get_module_args_as_string())
def test_update_rule_module_args(self): old_rule = PamdRule.rulefromstring('auth sufficient pam_unix.so nullok try_first_pass') new_rule = PamdRule.rulefromstring('auth sufficient pam_unix.so uid uid') update_rule(self.pamd, old_rule, new_rule) self.assertIn(str(new_rule).rstrip(), str(self.pamd)) self.assertNotIn(str(old_rule).rstrip(), str(self.pamd))
def test_update_rule_control_more_complex(self): old_rule = PamdRule.rulefromstring('session [success=1 test=me default=ignore] pam_succeed_if.so service in crond quiet use_uid') new_rule = PamdRule.rulefromstring('session [success=2 test=me default=ignore] pam_succeed_if.so service in crond quiet use_uid') update_rule(self.pamd, old_rule, new_rule) self.assertIn(str(new_rule).rstrip(), str(self.pamd)) self.assertNotIn(str(old_rule).rstrip(), str(self.pamd))
def test_add_module_arguments_where_none_existed(self): old_rule = PamdRule.rulefromstring('account required pam_unix.so') new_rule = PamdRule.rulefromstring('account required pam_unix.so arg1 arg2= arg3=arg3') args_to_add = ['arg1', 'arg2=', 'arg3=arg3'] add_module_arguments(self.pamd, old_rule, args_to_add) self.assertIn(str(new_rule).rstrip(), str(self.pamd))
def test_add_module_arguments_where_some_existed(self): old_rule = PamdRule.rulefromstring('auth sufficient pam_unix.so nullok try_first_pass') new_rule = PamdRule.rulefromstring('auth sufficient pam_unix.so nullok try_first_pass arg1 arg2= arg3=arg3') args_to_add = ['arg1', 'arg2=', 'arg3=arg3'] add_module_arguments(self.pamd, old_rule, args_to_add) self.assertIn(str(new_rule).rstrip(), str(self.pamd))
def test_remove_rule(self): old_rule = PamdRule.rulefromstring('account required pam_unix.so') remove_rule(self.pamd, old_rule) self.assertNotIn(str(old_rule).rstrip(), str(self.pamd))
def test_complicated_rule(self): complicated = "-auth [default=1 success=ok] pam_localuser.so".rstrip() module = PamdRule.rulefromstring(stringline=complicated) module_string = re.sub(' +', ' ', str(module).replace('\t', ' ')) self.assertEqual(complicated, module_string.rstrip()) self.assertEqual('', module.get_module_args_as_string())
def test_update_all_four(self): old_rule = PamdRule.rulefromstring('auth sufficient pam_unix.so nullok try_first_pass') new_rule = PamdRule.rulefromstring('one two three four five') update_rule(self.pamd, old_rule, new_rule) self.assertIn(str(new_rule).rstrip(), str(self.pamd)) self.assertNotIn(str(old_rule).rstrip(), str(self.pamd))
def test_update_rule_type(self): old_rule = PamdRule.rulefromstring('auth required pam_env.so') new_rule = PamdRule.rulefromstring('session required pam_env.so') update_rule(self.pamd, old_rule, new_rule) self.assertIn(str(new_rule).rstrip(), str(self.pamd)) self.assertNotIn(str(old_rule).rstrip(), str(self.pamd))
def test_update_rule_module_path_slash(self): old_rule = PamdRule.rulefromstring('auth required pam_env.so') new_rule = PamdRule.rulefromstring('auth required /lib64/security/pam_duo.so') update_rule(self.pamd, old_rule, new_rule) self.assertIn(str(new_rule).rstrip(), str(self.pamd)) self.assertNotIn(str(old_rule).rstrip(), str(self.pamd))
def test_update_first_three(self): old_rule = PamdRule.rulefromstring('auth required pam_env.so') new_rule = PamdRule.rulefromstring('one two three') update_rule(self.pamd, old_rule, new_rule) self.assertIn(str(new_rule).rstrip(), str(self.pamd)) self.assertNotIn(str(old_rule).rstrip(), str(self.pamd))