def test_run_shell_command_badpermissions():
commands = ["rm -f %s" % TMP_TEST_FILE]
switch_to_non_root_user()
with pytest.raises(CalledProcessError):
run_commands(commands)
def test_run_shell_command_list():
commands = ["rm -f %s" % TMP_TEST_FILE]
assert os.path.exists(TMP_TEST_FILE)
run_commands(commands)
assert not os.path.exists(TMP_TEST_FILE)
def test_run_shell_bad_cmd_with_callback():
def callback(a, b, c):
assert isinstance(a, int)
assert isinstance(b, str)
# assert isinstance(c, str)
return True
assert run_commands(["yolo swag", "yolo swag", "yolo swag"],
callback=callback) == 3
def callback(a, b, c):
assert isinstance(a, int)
assert isinstance(b, str)
# assert isinstance(c, str)
return False
assert run_commands(["yolo swag", "yolo swag"], callback=callback) == 1
def callback(a, b, c):
assert isinstance(a, int)
assert isinstance(b, str)
assert isinstance(c, tuple)
return True
run_commands(["yolo swag"], separate_stderr=True, callback=callback)
def test_run_shell_kwargs():
with pytest.raises(ValueError):
run_commands([""], stdout="None")
with pytest.raises(ValueError):
run_commands([""], stderr="None")
run_commands(["ls"], cwd="/tmp")
with pytest.raises(OSError):
run_commands(["ls"], cwd="/yoloswag")
def firewall_reload(skip_upnp=False):
"""
Reload all firewall rules
Keyword arguments:
skip_upnp -- Do not refresh port forwarding using UPnP
"""
from yunohost.hook import hook_callback
from yunohost.service import _run_service_command
reloaded = False
errors = False
# Check if SSH port is allowed
ssh_port = _get_ssh_port()
if ssh_port not in firewall_list()["opened_ports"]:
firewall_allow("TCP", ssh_port, no_reload=True)
# Retrieve firewall rules and UPnP status
firewall = firewall_list(raw=True)
upnp = firewall_upnp()["enabled"] if not skip_upnp else False
# IPv4
try:
process.check_output("iptables -w -L")
except process.CalledProcessError as e:
logger.debug(
"iptables seems to be not available, it outputs:\n%s",
prependlines(e.output.rstrip(), "> "),
)
logger.warning(m18n.n("iptables_unavailable"))
else:
rules = [
"iptables -w -F",
"iptables -w -X",
"iptables -w -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT",
]
# Iterate over ports and add rule
for protocol in ["TCP", "UDP"]:
for port in firewall["ipv4"][protocol]:
rules.append(
"iptables -w -A INPUT -p %s --dport %s -j ACCEPT" %
(protocol, process.quote(str(port))))
rules += [
"iptables -w -A INPUT -i lo -j ACCEPT",
"iptables -w -A INPUT -p icmp -j ACCEPT",
"iptables -w -P INPUT DROP",
]
# Execute each rule
if process.run_commands(rules, callback=_on_rule_command_error):
errors = True
reloaded = True
# IPv6
try:
process.check_output("ip6tables -L")
except process.CalledProcessError as e:
logger.debug(
"ip6tables seems to be not available, it outputs:\n%s",
prependlines(e.output.rstrip(), "> "),
)
logger.warning(m18n.n("ip6tables_unavailable"))
else:
rules = [
"ip6tables -w -F",
"ip6tables -w -X",
"ip6tables -w -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT",
]
# Iterate over ports and add rule
for protocol in ["TCP", "UDP"]:
for port in firewall["ipv6"][protocol]:
rules.append(
"ip6tables -w -A INPUT -p %s --dport %s -j ACCEPT" %
(protocol, process.quote(str(port))))
rules += [
"ip6tables -w -A INPUT -i lo -j ACCEPT",
"ip6tables -w -A INPUT -p icmpv6 -j ACCEPT",
"ip6tables -w -P INPUT DROP",
]
# Execute each rule
if process.run_commands(rules, callback=_on_rule_command_error):
errors = True
reloaded = True
if not reloaded:
raise YunohostError("firewall_reload_failed")
hook_callback("post_iptable_rules",
args=[upnp, os.path.exists("/proc/net/if_inet6")])
if upnp:
# Refresh port forwarding with UPnP
firewall_upnp(no_refresh=False)
_run_service_command("reload", "fail2ban")
if errors:
logger.warning(m18n.n("firewall_rules_cmd_failed"))
else:
logger.success(m18n.n("firewall_reloaded"))
return firewall_list()
def test_run_shell_badcommand():
commands = ["yolo swag"]
with pytest.raises(CalledProcessError):
run_commands(commands)
def test_run_shell_bad_callback():
callback = 1
with pytest.raises(ValueError):
run_commands(["ls"], callback=callback)
def test_run_shell_bad_cmd():
with pytest.raises(CalledProcessError):
run_commands(["yolo swag"])
def test_run_shell_command_list(test_file):
assert os.path.exists(str(test_file))
run_commands(["rm -f %s" % str(test_file)])
assert not os.path.exists(str(test_file))