def test_get_default_user(self):
"""Test that default user is correctly added by get_user_list()."""
users_module_mock = Mock()
users_module_mock.Users = []
user_data_list = get_user_list(users_module_mock, add_default=True)
default_added_user_data = UserData()
default_added_user_data.set_admin_priviledges(True)
assert len(user_data_list) == 1
assert isinstance(user_data_list[0], UserData)
assert compare_data(user_data_list[0], default_added_user_data)
def get_default_user_test(self):
"""Test that default user is correctly added by get_user_list()."""
users_module_mock = Mock()
users_module_mock.Users = []
user_data_list = get_user_list(users_module_mock, add_default=True)
self.assertEqual(len(user_data_list), 1)
self.assertIsInstance(user_data_list[0], UserData)
self.assertTrue(compare_data(user_data_list[0], UserData()))
def get_user_list(users_module, add_default=False, add_if_not_empty=False):
"""Get list of users from the Users DBus module.
If add_default is True we will add an empty UserData instance as the first element
of the list, so that the UIs don't have to handle that themselves.
:param users_module: Users DBus module proxy
:param bool add_default: if True add default user as first list element
:returns: list of users from the Users DBus module
:rtype: list
"""
user_data_list = UserData.from_structure_list(users_module.Users)
if add_default:
# we only add default user to an empty list, to add default user to
# a populated list the add_if_not_empty option needs to be used
if not user_data_list or add_if_not_empty:
user_data_list.insert(0, UserData())
return user_data_list
def Users(self) -> List[Structure]:
"""List of users, each describing a single user.
:return: a list of user describing DBus Structures
"""
# internally we hold the data about users as a list of structures,
# which we need to turn into a list of dicts before returning it
# over DBus
user_dicts = []
for user_data in self.implementation.users:
user_dicts.append(UserData.to_structure(user_data))
return user_dicts
def set_user_list(users_module, user_data_list, remove_unset=False):
"""Properly set the user list in the Users DBus module.
Internally we are working with a list of UserData instances, while the SetUsers DBus API
requires a list of DBus structures.
Doing the conversion each time we need to set a new user list would be troublesome so
this method takes a list of UserData instances, converts them to list of DBus structs
and then forwards the list to the Users module.
Also if remove_unset is True we will drop any UserData instances from the list before
forwarding it to the Users DBus module. Missing name is used as an indicator that the
given user has been unset by one of the UIs and should be discarded.
:param users_module: Users DBus module proxy
:param list user_data_list: list of user data objects
:param bool remove_unset: remove all users without name from the list before setting it
:type user_data_list: list of UserData instances
"""
if remove_unset:
user_data_list = [user for user in user_data_list if user.name]
users_module.Users = UserData.to_structure_list(user_data_list)
def test_eq(self):
"""Test that the __eq__() method works correctly for UserData instances."""
# the comparison is name based
user_data_1 = UserData()
user_data_1.name = "foo"
user_data_2 = UserData()
user_data_2.name = "bar"
user_data_3 = UserData()
user_data_3.name = "foo"
assert user_data_1 == user_data_3
assert not (user_data_1 == user_data_2)
assert not (user_data_2 == user_data_1)
assert not (user_data_2 == user_data_3)
# now try changing the name on existing instance
user_data_1.name = "bar"
user_data_2.name = "foo"
user_data_3.name = "foo"
assert not (user_data_1 == user_data_2)
assert not (user_data_1 == user_data_3)
assert user_data_2 == user_data_3
assert user_data_3 == user_data_2
# only name is used, other attributes should not influence the comparison
user_data_a = UserData()
user_data_a.name = "foo"
user_data_a.uid = 1
user_data_a.gid = 1
user_data_a.homedir = "/foo"
user_data_b = UserData()
user_data_b.name = "foo"
user_data_b.uid = 2
user_data_b.gid = 2
user_data_b.homedir = "/bar"
assert user_data_a == user_data_b
def test_admin_user_detection_6(self):
"""Test that admin user detection works correctly - 1 admin (case 5)."""
# 2 users, unlocked root
user1 = UserData()
user1.name = "user1"
user1.groups = ["foo", "bar"]
user1.lock = False
user2 = UserData()
user2.name = "user2"
user2.groups = ["baz", "bar"]
user2.lock = False
self.users_interface.SetUsers(UserData.to_structure_list([user1, user2]))
self.users_interface.SetCryptedRootPassword("abc")
self.users_interface.SetRootAccountLocked(False)
assert self.users_interface.CheckAdminUserExists()
def test_admin_user_detection_2(self):
"""Test that admin user detection works correctly - 0 admins (case 1)."""
# 2 locked admin users, locked root
user1 = UserData()
user1.name = "user1"
user1.groups = ["foo", "wheel", "bar"]
user1.lock = True
user2 = UserData()
user2.name = "user2"
user2.groups = ["baz", "bar", "wheel"]
user2.lock = True
self.users_interface.SetUsers(UserData.to_structure_list([user1, user2]))
self.users_interface.SetCryptedRootPassword("abc")
self.users_interface.SetRootAccountLocked(True)
assert not self.users_interface.CheckAdminUserExists()
def test_set_user_list(self):
"""Test the shared set_user_list() method."""
user1 = UserData()
user1.name = "user1"
user1.uid = 123
user1.groups = ["foo", "bar"]
user1.gid = 321
user1.homedir = "user1_home"
user1.password = "******"
user1.is_crypted = False
user1.lock = False
user1.shell = "zsh"
user1.gecos = "some stuff"
user2 = UserData()
user2.name = "user2"
user2.uid = 456
user2.groups = ["baz", "bar"]
user2.gid = 654
user2.homedir = "user2_home"
user2.password = "******"
user2.is_crypted = True
user2.lock = False
user2.shell = "csh"
user2.gecos = "some other stuff"
users_module_mock = Mock()
set_user_list(users_module_mock, [user1, user2])
user_data_list = users_module_mock.SetUsers.call_args[0][0]
assert len(user_data_list) == 2
assert user_data_list[0] == UserData.to_structure(user1)
assert user_data_list[1] == UserData.to_structure(user2)
user1.name = ""
set_user_list(users_module_mock, [user1, user2], remove_unset=True)
user_data_list = users_module_mock.SetUsers.call_args[0][0]
assert len(user_data_list) == 1
assert user_data_list[0] == UserData.to_structure(user2)
def test_getter_setter(self):
"""Test getters and setters for the User UID and GID values."""
user_data = UserData()
user_data.name = "user"
# everything should be unset by default
assert user_data.uid == 0
assert user_data.uid_mode == ID_MODE_USE_DEFAULT
assert user_data.get_uid() is None
assert user_data.gid == 0
assert user_data.gid_mode == ID_MODE_USE_DEFAULT
assert user_data.get_gid() is None
user_data.set_uid(123)
user_data.set_gid(456)
# now everything is set
assert user_data.uid == 123
assert user_data.uid_mode == ID_MODE_USE_VALUE
assert user_data.get_uid() == 123
assert user_data.gid == 456
assert user_data.gid_mode == ID_MODE_USE_VALUE
assert user_data.get_gid() == 456
user_data.uid_mode = ID_MODE_USE_DEFAULT
user_data.gid_mode = ID_MODE_USE_DEFAULT
# mode should decide whether numbers are used, regardless of being stored
assert user_data.uid_mode == ID_MODE_USE_DEFAULT
assert user_data.uid == 123
assert user_data.get_uid() is None
assert user_data.gid_mode == ID_MODE_USE_DEFAULT
assert user_data.gid == 456
assert user_data.get_gid() is None
user_data.set_uid(None)
user_data.set_gid(None)
# setting None resets everything
assert user_data.uid == 0
assert user_data.uid_mode == ID_MODE_USE_DEFAULT
assert user_data.get_uid() is None
assert user_data.gid == 0
assert user_data.gid_mode == ID_MODE_USE_DEFAULT
assert user_data.get_gid() is None
def admin_user_detection_5_test(self):
"""Test that admin user detection works correctly - 1 admin (case 4)."""
# 1 user, 1 unlocked admin user, locked root
user1 = UserData()
user1.name = "user1"
user1.groups = ["foo", "bar"]
user1.lock = False
user2 = UserData()
user2.name = "user2"
user2.groups = ["baz", "bar", "wheel"]
user2.lock = False
self.users_interface.SetUsers(
UserData.to_structure_list([user1, user2]))
self.users_interface.SetCryptedRootPassword("abc")
self.users_interface.SetRootAccountLocked(True)
self.assertTrue(self.users_interface.CheckAdminUserExists())
def Users(self, users: List[Structure]):
"""Set a list of users, each corresponding to a single user.
:param users: a list of user describing DBus structures
"""
self.implementation.set_users(UserData.from_structure_list(users))
def Users(self) -> List[Structure]:
"""List of users, each describing a single user.
:return: a list of user describing DBus Structures
"""
return UserData.to_structure_list(self.implementation.users)
def test_admin_user_detection_1(self):
"""Test that admin user detection works correctly - 3 admins."""
# 2 admin users, unlocked root
user1 = UserData()
user1.name = "user1"
user1.groups = ["foo", "wheel", "bar"]
user1.lock = False
user2 = UserData()
user2.name = "user2"
user2.groups = ["baz", "bar", "wheel"]
user2.lock = False
self.users_interface.Users = UserData.to_structure_list([user1, user2])
self.users_interface.SetCryptedRootPassword("abc")
self.users_interface.IsRootAccountLocked = False
assert self.users_interface.CheckAdminUserExists()
def _ksdata_to_user_data(self, user_ksdata):
"""Apply kickstart user command data to UserData instance.
:param user_ksdata: data for the kickstart user command
:return: UserData instance with kickstart data applied
"""
user_data = UserData()
user_data.name = user_ksdata.name
user_data.groups = user_ksdata.groups
user_data.set_uid(user_ksdata.uid)
user_data.set_gid(user_ksdata.gid)
user_data.homedir = user_ksdata.homedir
user_data.password = user_ksdata.password
user_data.is_crypted = user_ksdata.isCrypted
user_data.lock = user_ksdata.lock
# make sure the user account is locked by default unless a password
# is set in kickstart
if not user_ksdata.password:
log.debug(
"user (%s) specified in kickstart without password, locking account",
user_ksdata.name)
user_data.lock = True
user_data.shell = user_ksdata.shell
user_data.gecos = user_ksdata.gecos
return user_data
def test_has_admin_priviledges(self):
"""Test the has_admin_priviledges() method works correctly."""
user_data = UserData()
user_data.groups = ["wheel"]
assert user_data.has_admin_priviledges()
user_data = UserData()
user_data.groups = ["foo"]
assert not user_data.has_admin_priviledges()
user_data = UserData()
user_data.groups = ["foo", "wheel", "bar"]
assert user_data.has_admin_priviledges()
# multiple wheels
user_data = UserData()
user_data.groups = ["foo", "wheel", "bar", "wheel", "baz"]
assert user_data.has_admin_priviledges()
# group name is case sensitive
user_data = UserData()
user_data.groups = ["WHEEL", "Wheel"]
assert not user_data.has_admin_priviledges()
def test_set_admin_priviledges(self):
"""Test setting user admin privileges works correctly."""
user_data = UserData()
assert not user_data.has_admin_priviledges()
assert "wheel" not in user_data.groups
# turn it on
user_data.set_admin_priviledges(True)
assert user_data.has_admin_priviledges()
assert "wheel" in user_data.groups
# turn it off
user_data.set_admin_priviledges(False)
assert not user_data.has_admin_priviledges()
assert "wheel" not in user_data.groups
# existing groups - turn in on
user_data = UserData()
user_data.groups = ["foo", "bar"]
user_data.set_admin_priviledges(True)
assert user_data.has_admin_priviledges()
assert "wheel" in user_data.groups
assert "foo" in user_data.groups
assert "bar" in user_data.groups
# existing groups - turn in off
user_data.set_admin_priviledges(False)
assert not user_data.has_admin_priviledges()
assert "wheel" not in user_data.groups
assert "foo" in user_data.groups
assert "bar" in user_data.groups
# group wheel added externally
user_data = UserData()
user_data.groups = ["foo", "bar", "wheel"]
assert user_data.has_admin_priviledges()
assert "wheel" in user_data.groups
assert "foo" in user_data.groups
assert "bar" in user_data.groups
# now remove the wheel group via API
user_data.set_admin_priviledges(False)
assert not user_data.has_admin_priviledges()
assert "wheel" not in user_data.groups
assert "foo" in user_data.groups
assert "bar" in user_data.groups
def has_admin_priviledges_test(self):
"""Test the has_admin_priviledges() method works correctly."""
user_data = UserData()
user_data.groups = ["wheel"]
self.assertTrue(user_data.has_admin_priviledges())
user_data = UserData()
user_data.groups = ["foo"]
self.assertFalse(user_data.has_admin_priviledges())
user_data = UserData()
user_data.groups = ["foo", "wheel", "bar"]
self.assertTrue(user_data.has_admin_priviledges())
# multiple wheels
user_data = UserData()
user_data.groups = ["foo", "wheel", "bar", "wheel", "baz"]
self.assertTrue(user_data.has_admin_priviledges())
# group name is case sensitive
user_data = UserData()
user_data.groups = ["WHEEL", "Wheel"]
self.assertFalse(user_data.has_admin_priviledges())
def test_get_user_list(self):
"""Test the shared get_user_list() method."""
user1 = UserData()
user1.name = "user1"
user1.uid = 123
user1.groups = ["foo", "bar"]
user1.gid = 321
user1.homedir = "user1_home"
user1.password = "******"
user1.is_crypted = False
user1.lock = False
user1.shell = "zsh"
user1.gecos = "some stuff"
user2 = UserData()
user2.name = "user2"
user2.uid = 456
user2.groups = ["baz", "bar"]
user2.gid = 654
user2.homedir = "user2_home"
user2.password = "******"
user2.is_crypted = True
user2.lock = False
user2.shell = "csh"
user2.gecos = "some other stuff"
users_module_mock = Mock()
users_module_mock.Users = UserData.to_structure_list([user1, user2])
user_data_list = get_user_list(users_module_mock)
assert len(user_data_list) == 2
assert isinstance(user_data_list[0], UserData)
assert isinstance(user_data_list[1], UserData)
assert compare_data(user_data_list[0], user1)
assert compare_data(user_data_list[1], user2)
user_data_list = get_user_list(users_module_mock, add_default=True)
assert len(user_data_list) == 2
assert isinstance(user_data_list[0], UserData)
assert isinstance(user_data_list[1], UserData)
assert compare_data(user_data_list[0], user1)
assert compare_data(user_data_list[1], user2)
user_data_list = get_user_list(users_module_mock, add_default=True, add_if_not_empty=True)
assert len(user_data_list) == 3
assert isinstance(user_data_list[0], UserData)
assert isinstance(user_data_list[1], UserData)
assert isinstance(user_data_list[2], UserData)
assert compare_data(user_data_list[0], UserData())
assert compare_data(user_data_list[1], user1)
assert compare_data(user_data_list[2], user2)
def set_admin_priviledges_test(self):
"""Test setting user admin privileges works correctly."""
user_data = UserData()
self.assertFalse(user_data.has_admin_priviledges())
self.assertNotIn("wheel", user_data.groups)
# turn it on
user_data.set_admin_priviledges(True)
self.assertTrue(user_data.has_admin_priviledges())
self.assertIn("wheel", user_data.groups)
# turn it off
user_data.set_admin_priviledges(False)
self.assertFalse(user_data.has_admin_priviledges())
self.assertNotIn("wheel", user_data.groups)
# existing groups - turn in on
user_data = UserData()
user_data.groups = ["foo", "bar"]
user_data.set_admin_priviledges(True)
self.assertTrue(user_data.has_admin_priviledges())
self.assertIn("wheel", user_data.groups)
self.assertIn("foo", user_data.groups)
self.assertIn("bar", user_data.groups)
# existing groups - turn in off
user_data.set_admin_priviledges(False)
self.assertFalse(user_data.has_admin_priviledges())
self.assertNotIn("wheel", user_data.groups)
self.assertIn("foo", user_data.groups)
self.assertIn("bar", user_data.groups)
# group wheel added externally
user_data = UserData()
user_data.groups = ["foo", "bar", "wheel"]
self.assertTrue(user_data.has_admin_priviledges())
self.assertIn("wheel", user_data.groups)
self.assertIn("foo", user_data.groups)
self.assertIn("bar", user_data.groups)
# now remove the wheel group via API
user_data.set_admin_priviledges(False)
self.assertFalse(user_data.has_admin_priviledges())
self.assertNotIn("wheel", user_data.groups)
self.assertIn("foo", user_data.groups)
self.assertIn("bar", user_data.groups)
def _ksdata_to_user_data(self, user_ksdata):
"""Apply kickstart user command data to UserData instance.
:param user_ksdata: data for the kickstart user command
:return: UserData instance with kickstart data applied
"""
user_data = UserData()
user_data.name = user_ksdata.name
user_data.groups = user_ksdata.groups
# To denote that a value has not been set:
# - kickstart uses None
# - our DBus API uses -1
# -> as user data is -1 by default ve only set it if kickstart has something,
# that is not None
# We need to make sure we correctly convert between these two.
if user_ksdata.uid is not None:
user_data.uid = user_ksdata.uid
if user_ksdata.gid is not None:
user_data.gid = user_ksdata.gid
user_data.homedir = user_ksdata.homedir
user_data.password = user_ksdata.password
user_data.is_crypted = user_ksdata.isCrypted
user_data.lock = user_ksdata.lock
# make sure the user account is locked by default unless a password
# is set in kickstart
if not user_ksdata.password:
log.debug(
"user (%s) specified in kickstart without password, locking account",
user_ksdata.name)
user_data.lock = True
user_data.shell = user_ksdata.shell
user_data.gecos = user_ksdata.gecos
return user_data
def getter_setter_test(self):
"""Test getters and setters for the User UID and GID values."""
user_data = UserData()
user_data.name = "user"
# everything should be unset by default
self.assertEqual(user_data.uid, 0)
self.assertEqual(user_data.uid_mode, ID_MODE_USE_DEFAULT)
self.assertEqual(user_data.get_uid(), None)
self.assertEqual(user_data.gid, 0)
self.assertEqual(user_data.gid_mode, ID_MODE_USE_DEFAULT)
self.assertEqual(user_data.get_gid(), None)
user_data.set_uid(123)
user_data.set_gid(456)
# now everything is set
self.assertEqual(user_data.uid, 123)
self.assertEqual(user_data.uid_mode, ID_MODE_USE_VALUE)
self.assertEqual(user_data.get_uid(), 123)
self.assertEqual(user_data.gid, 456)
self.assertEqual(user_data.gid_mode, ID_MODE_USE_VALUE)
self.assertEqual(user_data.get_gid(), 456)
user_data.uid_mode = ID_MODE_USE_DEFAULT
user_data.gid_mode = ID_MODE_USE_DEFAULT
# mode should decide whether numbers are used, regardless of being stored
self.assertEqual(user_data.uid_mode, ID_MODE_USE_DEFAULT)
self.assertEqual(user_data.uid, 123)
self.assertEqual(user_data.get_uid(), None)
self.assertEqual(user_data.gid_mode, ID_MODE_USE_DEFAULT)
self.assertEqual(user_data.gid, 456)
self.assertEqual(user_data.get_gid(), None)
user_data.set_uid(None)
user_data.set_gid(None)
# setting None resets everything
self.assertEqual(user_data.uid, 0)
self.assertEqual(user_data.uid_mode, ID_MODE_USE_DEFAULT)
self.assertEqual(user_data.get_uid(), None)
self.assertEqual(user_data.gid, 0)
self.assertEqual(user_data.gid_mode, ID_MODE_USE_DEFAULT)
self.assertEqual(user_data.get_gid(), None)
