def testGetGroupMap(self):
"""Verify we build a correct group map from nss calls."""
foo = ('foo', '*', 10, [])
bar = ('bar', '*', 20, ['foo', 'bar'])
self.mox.StubOutWithMock(grp, 'getgrall')
grp.getgrall().AndReturn([foo, bar])
entry1 = group.GroupMapEntry()
entry1.name = 'foo'
entry1.passwd = '*'
entry1.gid = 10
entry1.members = ['']
entry2 = group.GroupMapEntry()
entry2.name = 'bar'
entry2.passwd = '*'
entry2.gid = 20
entry2.members = ['foo', 'bar']
self.mox.ReplayAll()
group_map = nss.GetGroupMap()
self.assertTrue(isinstance(group_map, group.GroupMap))
self.assertEquals(len(group_map), 2)
self.assertTrue(group_map.Exists(entry1))
self.assertTrue(group_map.Exists(entry2))
def testNssDbGroupHandlerWriteData(self):
ent = 'foo:x:1000:bar'
makedb_stdin = self.mox.CreateMock(sys.stdin)
makedb_stdin.write('.foo %s\n' % ent)
makedb_stdin.write('=1000 %s\n' % ent)
makedb_stdin.write('00 %s\n' % ent)
m = group.GroupMap()
g = group.GroupMapEntry()
g.name = 'foo'
g.gid = 1000
g.passwd = 'x'
g.members = ['bar']
self.failUnless(m.Add(g))
writer = nssdb.NssDbGroupHandler({
'makedb': '/bin/false',
'dir': '/tmp'
})
self.mox.ReplayAll()
writer.WriteData(makedb_stdin, g, 0)
def setUp(self):
self.good_entry = group.GroupMapEntry()
self.good_entry.name = 'foo'
self.good_entry.passwd = 'x'
self.good_entry.gid = 10
self.good_entry.members = ['foo', 'bar']
self.parser = s3source.S3GroupMapParser()
def Transform(self, obj):
"""Transforms a LDAP posixGroup object into a group(5) entry."""
gr = group.GroupMapEntry()
gr.name = obj['cn'][0]
# group passwords are deferred to gshadow
gr.passwd = '*'
members = []
if 'memberUid' in obj:
if hasattr(self, 'groupregex'):
members.extend(''.join([x for x in self.groupregex.findall(obj['memberUid'])]))
else:
members.extend(obj['memberUid'])
elif 'member' in obj:
for member_dn in obj['member']:
member_uid = member_dn.split(',')[0].split('=')[1]
if hasattr(self, 'groupregex'):
members.append(''.join([x for x in self.groupregex.findall(member_uid)]))
else:
members.append(member_uid)
elif 'uniqueMember' in obj:
""" This contains a DN and is processed in PostProcess in GetUpdates."""
members.extend(obj['uniqueMember'])
members.sort()
gr.gid = int(obj['gidNumber'][0])
gr.members = members
return gr
def testVerifyFailure(self):
# create a map
m = group.GroupMap()
e = group.GroupMapEntry()
e.name = 'foo'
e.gid = 2000
self.assertTrue(m.Add(e))
updater = nssdb.NssDbGroupHandler({
'dir': self.workdir,
'makedb': '/usr/bin/makedb'
})
written = updater.Write(m)
self.assertTrue(os.path.exists(updater.temp_cache_filename),
'updater.Write() did not create a file')
# change the cache
db = btopen(updater.temp_cache_filename)
del db[db.first()[0]]
db.sync()
db.close()
retval = updater.Verify(written)
self.assertEqual(False, retval)
self.assertFalse(
os.path.exists(os.path.join(updater.temp_cache_filename)))
def __init__(self, obj):
"""Set some default avalible data for testing."""
super(TestGroupMap, self).__init__(obj)
self._good_entry = group.GroupMapEntry()
self._good_entry.name = 'foo'
self._good_entry.passwd = 'x'
self._good_entry.gid = 10
self._good_entry.members = ['foo', 'bar']
def testInit(self):
"""Construct an empty and seeded GroupMapEntry."""
self.assert_(group.GroupMapEntry(),
msg='Could not create empty GroupMapEntry')
seed = {'name': 'foo', 'gid': 10}
entry = group.GroupMapEntry(seed)
self.assert_(entry.Verify(),
msg='Could not verify seeded PasswdMapEntry')
self.assertEquals(entry.name,
'foo',
msg='Entry returned wrong value for name')
self.assertEquals(entry.passwd,
'x',
msg='Entry returned wrong value for passwd')
self.assertEquals(entry.gid,
10,
msg='Entry returned wrong value for gid')
self.assertEquals(entry.members, [],
msg='Entry returned wrong value for members')
def _ReadEntry(self, line):
"""Return a GroupMapEntry from a record in the target cache."""
line = line.split(':')
map_entry = group.GroupMapEntry()
# map entries expect strict typing, so convert as appropriate
map_entry.name = line[0]
map_entry.passwd = line[1]
map_entry.gid = int(line[2])
map_entry.members = line[3].split(',')
return map_entry
def Transform(self, obj):
"""Transforms a LDAP posixGroup object into a group(5) entry."""
gr = group.GroupMapEntry()
if self.conf.get('ad'):
gr.name = obj['sAMAccountName'][0]
# hack to map the users as the corresponding group with the same name
elif 'uid' in obj:
gr.name = obj['uid'][0]
else:
gr.name = obj['cn'][0]
# group passwords are deferred to gshadow
gr.passwd = '*'
base = self.conf.get("base")
members = []
group_members = []
if 'memberUid' in obj:
if hasattr(self, 'groupregex'):
members.extend(''.join(
[x for x in self.groupregex.findall(obj['memberUid'])]))
else:
members.extend(obj['memberUid'])
elif 'member' in obj:
for member_dn in obj['member']:
member_uid = member_dn.split(',')[0].split('=')[1]
# Note that there is not currently a way to consistently distinguish
# a group from a person
group_members.append(member_uid)
if hasattr(self, 'groupregex'):
members.append(''.join(
[x for x in self.groupregex.findall(member_uid)]))
else:
members.append(member_uid)
elif 'uniqueMember' in obj:
"""This contains a DN and is processed in PostProcess in
GetUpdates."""
members.extend(obj['uniqueMember'])
members.sort()
if self.conf.get('ad'):
gr.gid = int(sidToStr(obj['objectSid'][0]).split('-')[-1])
elif self.conf.get('use_rid'):
gr.gid = int(sidToStr(obj['sambaSID'][0]).split('-')[-1])
else:
gr.gid = int(obj['gidNumber'][0])
if 'offset' in self.conf:
gr.gid = int(gr.gid + self.conf['offset'])
gr.members = members
gr.groupmembers = group_members
return gr
def _ReadEntry(self, name, entry):
"""Return a GroupMapEntry from a record in the target cache."""
map_entry = group.GroupMapEntry()
# map entries expect strict typing, so convert as appropriate
map_entry.name = name
map_entry.passwd = entry.get('passwd', 'x')
map_entry.gid = int(entry['gid'])
try:
members = entry.get('members', '').split('\n')
except (ValueError, TypeError):
members = ['']
map_entry.members = members
return map_entry
def testAdd(self):
"""Add raises exceptions for objects it can't add or verify."""
pmap = passwd.PasswdMap()
entry = self._good_entry
self.assertTrue(pmap.Add(entry), msg='failed to add new entry.')
self.assertEqual(1, len(pmap), msg='unexpected size for Map.')
ret_entry = pmap.PopItem()
self.assertEqual(ret_entry, entry, msg='failed to pop existing entry.')
gentry = group.GroupMapEntry()
gentry.name = 'foo'
gentry.gid = 10
self.assertRaises(TypeError, pmap.Add, gentry)
def testWriteGroupEntry(self):
"""We correctly write a typical entry in /etc/group format."""
cache = files.FilesGroupMapHandler(self.config)
file_mock = self.mox.CreateMock(sys.stdout)
file_mock.write('root:x:0:zero_cool,acid_burn\n')
map_entry = group.GroupMapEntry()
map_entry.name = 'root'
map_entry.passwd = 'x'
map_entry.gid = 0
map_entry.members = ['zero_cool', 'acid_burn']
self.mox.ReplayAll()
cache._WriteData(file_mock, map_entry)
def GetGroupMap():
"""Returns a GroupMap built from nss calls."""
group_map = group.GroupMap()
for nss_entry in grp.getgrall():
map_entry = group.GroupMapEntry()
map_entry.name = nss_entry[0]
map_entry.passwd = nss_entry[1]
map_entry.gid = nss_entry[2]
map_entry.members = nss_entry[3]
if not map_entry.members:
map_entry.members = ['']
group_map.Add(map_entry)
return group_map
def Transform(self, obj):
"""Transforms a LDAP posixGroup object into a group(5) entry."""
gr = group.GroupMapEntry()
gr.name = obj['cn'][0]
# group passwords are deferred to gshadow
gr.passwd = '*'
members = []
if 'memberUid' in obj:
members.extend(obj['memberUid'])
members.sort()
gr.gid = int(obj['gidNumber'][0])
gr.members = members
return gr
def testNssDbGroupHandlerWrite(self):
ent = 'foo:x:1000:bar'
makedb_stdin = self.mox.CreateMock(sys.stdin)
makedb_stdin.write('.foo %s\n' % ent)
makedb_stdin.write('=1000 %s\n' % ent)
makedb_stdin.write('00 %s\n' % ent)
makedb_stdin.close()
makedb_stdout = self.mox.CreateMock(sys.stdout)
makedb_stdout.read().AndReturn('')
makedb_stdout.close()
m = group.GroupMap()
g = group.GroupMapEntry()
g.name = 'foo'
g.gid = 1000
g.passwd = 'x'
g.members = ['bar']
g.Verify()
self.failUnless(m.Add(g))
self.mox.StubOutWithMock(select, 'select')
select.select([makedb_stdout], (), (), 0).AndReturn(([37], [], []))
select.select([makedb_stdout], (), (), 0).AndReturn(([], [], []))
def SpawnMakeDb():
makedb = MakeDbDummy()
makedb.stdin = makedb_stdin
makedb.stdout = makedb_stdout
return makedb
writer = nssdb.NssDbGroupHandler({
'makedb': '/usr/bin/makedb',
'dir': self.workdir
})
writer._SpawnMakeDb = SpawnMakeDb
self.mox.ReplayAll()
writer.Write(m)
tmpgroup = os.path.join(self.workdir, 'group.db')
self.failIf(os.path.exists(tmpgroup))
# just clean it up, Write() doesn't Commit()
writer._Rollback()
def testAttributes(self):
"""Test that we can get and set all expected attributes."""
entry = group.GroupMapEntry()
entry.name = 'foo'
self.assertEquals(entry.name,
'foo',
msg='Could not set attribute: name')
entry.passwd = 'x'
self.assertEquals(entry.passwd,
'x',
msg='Could not set attribute: passwd')
entry.gid = 10
self.assertEquals(entry.gid, 10, msg='Could not set attribute: gid')
members = ['foo', 'bar']
entry.members = members
self.assertEquals(entry.members,
members,
msg='Could not set attribute: members')
def testVerifyFailure(self):
# Can't test if no makedb
if not os.path.exists('/usr/bin/makedb'):
raise TestSkipped('no /usr/bin/makedb')
# Hide the warning that we expect to get
class TestFilter(logging.Filter):
def filter(self, record):
return not record.msg.startswith(
'verify failed: %d keys missing')
fltr = TestFilter()
logging.getLogger('NssDbGroupHandler').addFilter(fltr)
# create a map
m = group.GroupMap()
e = group.GroupMapEntry()
e.name = 'foo'
e.gid = 2000
self.failUnless(m.Add(e))
updater = nssdb.NssDbGroupHandler({
'dir': self.workdir,
'makedb': '/usr/bin/makedb'
})
written = updater.Write(m)
self.failUnless(os.path.exists(updater.temp_cache_filename),
'updater.Write() did not create a file')
# change the cache
db = bsddb.btopen(updater.temp_cache_filename)
del db[db.first()[0]]
db.sync()
db.close()
retval = updater.Verify(written)
self.failUnlessEqual(False, retval)
self.failIf(os.path.exists(os.path.join(updater.temp_cache_filename)))
# no longer hide this message
logging.getLogger('NssDbGroupHandler').removeFilter(fltr)
def ConvertValueToMapEntry(self, entry):
"""Convert a grent-like string into a GroupMapEntry.
Args:
entry: A string containing a grent entry ala /etc/group
Returns:
A GroupMapEntry instance
"""
if entry.endswith('\x00'):
entry = entry[:-1]
entry = entry.split(':')
map_entry = group.GroupMapEntry()
# map entries expect strict typing, so convert as appropriate
map_entry.name = entry[0]
map_entry.passwd = entry[1]
map_entry.gid = int(entry[2])
map_entry.members = entry[3].split(',')
return map_entry
def testVerify(self):
# create a map
m = group.GroupMap()
e = group.GroupMapEntry()
e.name = 'foo'
e.gid = 2000
self.failUnless(m.Add(e))
updater = nssdb.NssDbGroupHandler({
'dir': self.workdir,
'makedb': '/usr/bin/makedb'
})
written = updater.Write(m)
self.failUnless(os.path.exists(updater.temp_cache_filename),
'updater.Write() did not create a file')
retval = updater.Verify(written)
self.failUnlessEqual(True, retval)
os.unlink(updater.temp_cache_filename)
def testVerify(self):
"""Test that the object can verify it's attributes and itself."""
entry = group.GroupMapEntry()
# Empty object should bomb
self.failIf(entry.Verify())
def testKey(self):
"""Key() should return the value of the 'name' attribute."""
entry = group.GroupMapEntry()
entry.name = 'foo'
self.assertEquals(entry.Key(), entry.name)
