def setUp(self): self.admin = credentials.UsernamePassword("admin", "asdf") self.alice = credentials.UsernamePassword("alice", "foo") self.badPass = credentials.UsernamePassword("alice", "foobar") self.badUser = credentials.UsernamePassword("x", "yz") self.checker = strcred.makeChecker("unix") self.adminBytes = credentials.UsernamePassword(b"admin", b"asdf") self.aliceBytes = credentials.UsernamePassword(b"alice", b"foo") self.badPassBytes = credentials.UsernamePassword(b"alice", b"foobar") self.badUserBytes = credentials.UsernamePassword(b"x", b"yz") self.checkerBytes = strcred.makeChecker("unix") # Hack around the pwd and spwd modules, since we can't really # go about reading your /etc/passwd or /etc/shadow files if pwd: database = UserDatabase() for username, password in self.users.items(): database.addUser( username, crypt.crypt(password, "F/"), 1000, 1000, username, "/home/" + username, "/bin/sh", ) self.patch(pwd, "getpwnam", database.getpwnam) if spwd: self.patch(spwd, "getspnam", self._spwd_getspnam)
def test_pwdGetByName(self): """ L{_pwdGetByName} returns a tuple of items from the UNIX /etc/passwd database if the L{pwd} module is present. """ userdb = UserDatabase() userdb.addUser("alice", "secrit", 1, 2, "first last", "/foo", "/bin/sh") self.patch(checkers, "pwd", userdb) self.assertEqual(checkers._pwdGetByName("alice"), userdb.getpwnam("alice"))
def test_pwdGetByName(self): """ L{_pwdGetByName} returns a tuple of items from the UNIX /etc/passwd database if the L{pwd} module is present. """ userdb = UserDatabase() userdb.addUser('alice', 'secrit', 1, 2, 'first last', '/foo', '/bin/sh') self.patch(checkers, 'pwd', userdb) self.assertEqual(checkers._pwdGetByName('alice'), userdb.getpwnam('alice'))
def test_passInCheckers(self): """ L{UNIXPasswordDatabase} takes a list of functions to check for UNIX user information. """ password = crypt.crypt('secret', 'secret') userdb = UserDatabase() userdb.addUser('anybody', password, 1, 2, 'foo', '/bar', '/bin/sh') checker = checkers.UNIXPasswordDatabase([userdb.getpwnam]) self.assertLoggedIn( checker.requestAvatarId(UsernamePassword('anybody', 'secret')), 'anybody')
def test_passInCheckers(self): """ L{UNIXPasswordDatabase} takes a list of functions to check for UNIX user information. """ password = crypt.crypt("secret", "secret") userdb = UserDatabase() userdb.addUser("anybody", password, 1, 2, "foo", "/bar", "/bin/sh") checker = checkers.UNIXPasswordDatabase([userdb.getpwnam]) self.assertLoggedIn( checker.requestAvatarId(UsernamePassword(b"anybody", b"secret")), b"anybody")
def setUp(self): mockos = MockOS() mockos.path = FilePath(self.mktemp()) mockos.path.makedirs() self.userdb = UserDatabase() self.userdb.addUser('alice', 'password', 1, 2, 'alice lastname', mockos.path.path, '/bin/shell') self.sshDir = mockos.path.child('.ssh') self.sshDir.makedirs() authorized_keys = self.sshDir.child('authorized_keys') authorized_keys.setContent('key 1\nkey 2')
def setUp(self): self.checker = checkers.SSHPublicKeyDatabase() self.key1 = base64.encodestring("foobar") self.key2 = base64.encodestring("eggspam") self.content = "t1 %s foo\nt2 %s egg\n" % (self.key1, self.key2) self.mockos = MockOS() self.mockos.path = FilePath(self.mktemp()) self.mockos.path.makedirs() self.patch(util, 'os', self.mockos) self.sshDir = self.mockos.path.child('.ssh') self.sshDir.makedirs() userdb = UserDatabase() userdb.addUser('user', 'password', 1, 2, 'first last', self.mockos.path.path, '/bin/shell') self.checker._userdb = userdb
def test_bootstrap(self, mock_getuid, mock_getgrnam, mock_chown): data_path = self.makeDir() log_dir = self.makeDir() fake_pwd = UserDatabase() fake_pwd.addUser("landscape", None, 1234, None, None, None, None) mock_getgrnam("root").gr_gid = 5678 with mock.patch("landscape.lib.bootstrap.pwd", new=fake_pwd): bootstrap_list.bootstrap(data_path=data_path, log_dir=log_dir) def path(*suffix): return os.path.join(data_path, *suffix) paths = ["package", "package/hash-id", "package/binaries", "package/upgrade-tool", "messages", "sockets", "custom-graph-scripts", log_dir, "package/database"] calls = [mock.call(path(path_comps), 1234, 5678) for path_comps in paths] mock_chown.assert_has_calls([mock.call(path(), 1234, 5678)] + calls) self.assertTrue(os.path.isdir(path())) self.assertTrue(os.path.isdir(path("package"))) self.assertTrue(os.path.isdir(path("messages"))) self.assertTrue(os.path.isdir(path("custom-graph-scripts"))) self.assertTrue(os.path.isdir(log_dir)) self.assertTrue(os.path.isfile(path("package/database"))) def mode(*suffix): return stat.S_IMODE(os.stat(path(*suffix)).st_mode) self.assertEqual(mode(), 0o755) self.assertEqual(mode("messages"), 0o755) self.assertEqual(mode("package"), 0o755) self.assertEqual(mode("package/hash-id"), 0o755) self.assertEqual(mode("package/binaries"), 0o755) self.assertEqual(mode("sockets"), 0o750) self.assertEqual(mode("custom-graph-scripts"), 0o755) self.assertEqual(mode("package/database"), 0o644)
def setUp(self): self.checker = checkers.SSHPublicKeyDatabase() self.key1 = _b64encodebytes(b"foobar") self.key2 = _b64encodebytes(b"eggspam") self.content = (b"t1 " + self.key1 + b" foo\nt2 " + self.key2 + b" egg\n") self.mockos = MockOS() self.mockos.path = FilePath(self.mktemp()) self.mockos.path.makedirs() self.patch(util, 'os', self.mockos) self.sshDir = self.mockos.path.child('.ssh') self.sshDir.makedirs() userdb = UserDatabase() userdb.addUser(b'user', b'password', 1, 2, b'first last', self.mockos.path.path, b'/bin/shell') self.checker._userdb = userdb
def setUp(self): """ Create a L{cftp.StdioClient} hooked up to dummy transport and a fake user database. """ self.fakeFilesystem = FilesystemAccessExpectations() sftpClient = InMemorySFTPClient(self.fakeFilesystem ) self.client = cftp.StdioClient(sftpClient) self.client.currentDirectory = '/' self.database = self.client._pwd = UserDatabase() # Use a fixed width for all tests so that we get the same results when # running these tests from different terminals. # Run tests in a wide console so that all items are delimited by at # least one space character. self.setKnownConsoleSize(500, 24) # Intentionally bypassing makeConnection - that triggers some code # which uses features not provided by our dumb Connection fake. self.client.transport = self.client.client.transport
def setUp(self): """ Create a L{cftp.StdioClient} hooked up to dummy transport and a fake user database. """ class Connection: pass conn = Connection() conn.transport = StringTransport() conn.transport.localClosed = False self.client = cftp.StdioClient(conn) self.database = self.client._pwd = UserDatabase() # Intentionally bypassing makeConnection - that triggers some code # which uses features not provided by our dumb Connection fake. self.client.transport = StringTransport()
def setUp(self): self.admin = credentials.UsernamePassword('admin', 'asdf') self.alice = credentials.UsernamePassword('alice', 'foo') self.badPass = credentials.UsernamePassword('alice', 'foobar') self.badUser = credentials.UsernamePassword('x', 'yz') self.checker = strcred.makeChecker('unix') # Hack around the pwd and spwd modules, since we can't really # go about reading your /etc/passwd or /etc/shadow files if pwd: database = UserDatabase() for username, password in self.users.items(): database.addUser(username, crypt.crypt(password, 'F/'), 1000, 1000, username, '/home/' + username, '/bin/sh') self.patch(pwd, 'getpwnam', database.getpwnam) if spwd: self._spwd_getspnam = spwd.getspnam spwd.getspnam = self._spwd
def patchUserDatabase(patch, user, uid, group, gid): """ Patch L{pwd.getpwnam} so that it behaves as though only one user exists and patch L{grp.getgrnam} so that it behaves as though only one group exists. @param patch: A function like L{TestCase.patch} which will be used to install the fake implementations. @type user: C{str} @param user: The name of the single user which will exist. @type uid: C{int} @param uid: The UID of the single user which will exist. @type group: C{str} @param group: The name of the single user which will exist. @type gid: C{int} @param gid: The GID of the single group which will exist. """ # Try not to be an unverified fake, but try not to depend on quirks of # the system either (eg, run as a process with a uid and gid which # equal each other, and so doesn't reliably test that uid is used where # uid should be used and gid is used where gid should be used). -exarkun pwent = pwd.getpwuid(os.getuid()) grent = grp.getgrgid(os.getgid()) database = UserDatabase() database.addUser( user, pwent.pw_passwd, uid, pwent.pw_gid, pwent.pw_gecos, pwent.pw_dir, pwent.pw_shell) def getgrnam(name): result = list(grent) result[result.index(grent.gr_name)] = group result[result.index(grent.gr_gid)] = gid result = tuple(result) return {group: result}[name] patch(pwd, "getpwnam", database.getpwnam) patch(grp, "getgrnam", getgrnam)
def test_failOnSpecial(self): """ If the password returned by any function is C{""}, C{"x"}, or C{"*"} it is not compared against the supplied password. Instead it is skipped. """ pwd = UserDatabase() pwd.addUser("alice", "", 1, 2, "", "foo", "bar") pwd.addUser("bob", "x", 1, 2, "", "foo", "bar") pwd.addUser("carol", "*", 1, 2, "", "foo", "bar") self.patch(checkers, "pwd", pwd) checker = checkers.UNIXPasswordDatabase([checkers._pwdGetByName]) cred = UsernamePassword(b"alice", b"") self.assertUnauthorizedLogin(checker.requestAvatarId(cred)) cred = UsernamePassword(b"bob", b"x") self.assertUnauthorizedLogin(checker.requestAvatarId(cred)) cred = UsernamePassword(b"carol", b"*") self.assertUnauthorizedLogin(checker.requestAvatarId(cred))
def test_failOnSpecial(self): """ If the password returned by any function is C{""}, C{"x"}, or C{"*"} it is not compared against the supplied password. Instead it is skipped. """ pwd = UserDatabase() pwd.addUser('alice', '', 1, 2, '', 'foo', 'bar') pwd.addUser('bob', 'x', 1, 2, '', 'foo', 'bar') pwd.addUser('carol', '*', 1, 2, '', 'foo', 'bar') self.patch(checkers, 'pwd', pwd) checker = checkers.UNIXPasswordDatabase([checkers._pwdGetByName]) cred = UsernamePassword('alice', '') self.assertUnauthorizedLogin(checker.requestAvatarId(cred)) cred = UsernamePassword('bob', 'x') self.assertUnauthorizedLogin(checker.requestAvatarId(cred)) cred = UsernamePassword('carol', '*') self.assertUnauthorizedLogin(checker.requestAvatarId(cred))
def test_defaultCheckers(self): """ L{UNIXPasswordDatabase} with no arguments has checks the C{pwd} database and then the C{spwd} database. """ checker = checkers.UNIXPasswordDatabase() def crypted(username, password): salt = crypt.crypt(password, username) crypted = crypt.crypt(password, '$1$' + salt) return crypted pwd = UserDatabase() pwd.addUser('alice', crypted('alice', 'password'), 1, 2, 'foo', '/foo', '/bin/sh') # x and * are convention for "look elsewhere for the password" pwd.addUser('bob', 'x', 1, 2, 'bar', '/bar', '/bin/sh') spwd = ShadowDatabase() spwd.addUser('alice', 'wrong', 1, 2, 3, 4, 5, 6, 7) spwd.addUser('bob', crypted('bob', 'password'), 8, 9, 10, 11, 12, 13, 14) self.patch(checkers, 'pwd', pwd) self.patch(checkers, 'spwd', spwd) mockos = MockOS() self.patch(checkers, 'os', mockos) self.patch(util, 'os', mockos) mockos.euid = 2345 mockos.egid = 1234 cred = UsernamePassword("alice", "password") self.assertLoggedIn(checker.requestAvatarId(cred), 'alice') self.assertEquals(mockos.seteuidCalls, []) self.assertEquals(mockos.setegidCalls, []) cred.username = "******" self.assertLoggedIn(checker.requestAvatarId(cred), 'bob') self.assertEquals(mockos.seteuidCalls, [0, 2345]) self.assertEquals(mockos.setegidCalls, [0, 1234])
def setUp(self): mockos = MockOS() mockos.path = FilePath(self.mktemp()) mockos.path.makedirs() self.userdb = UserDatabase() self.userdb.addUser( b"alice", b"password", 1, 2, b"alice lastname", mockos.path.path, b"/bin/shell", ) self.sshDir = mockos.path.child(".ssh") self.sshDir.makedirs() authorizedKeys = self.sshDir.child("authorized_keys") authorizedKeys.setContent(b"key 1\nkey 2") self.expectedKeys = [b"key 1", b"key 2"]
def test_defaultCheckers(self): """ L{UNIXPasswordDatabase} with no arguments has checks the C{pwd} database and then the C{spwd} database. """ checker = checkers.UNIXPasswordDatabase() def crypted(username, password): salt = crypt.crypt(password, username) crypted = crypt.crypt(password, "$1$" + salt) return crypted pwd = UserDatabase() pwd.addUser("alice", crypted("alice", "password"), 1, 2, "foo", "/foo", "/bin/sh") # x and * are convention for "look elsewhere for the password" pwd.addUser("bob", "x", 1, 2, "bar", "/bar", "/bin/sh") spwd = ShadowDatabase() spwd.addUser("alice", "wrong", 1, 2, 3, 4, 5, 6, 7) spwd.addUser("bob", crypted("bob", "password"), 8, 9, 10, 11, 12, 13, 14) self.patch(checkers, "pwd", pwd) self.patch(checkers, "spwd", spwd) mockos = MockOS() self.patch(util, "os", mockos) mockos.euid = 2345 mockos.egid = 1234 cred = UsernamePassword(b"alice", b"password") self.assertLoggedIn(checker.requestAvatarId(cred), b"alice") self.assertEqual(mockos.seteuidCalls, []) self.assertEqual(mockos.setegidCalls, []) cred.username = b"bob" self.assertLoggedIn(checker.requestAvatarId(cred), b"bob") self.assertEqual(mockos.seteuidCalls, [0, 2345]) self.assertEqual(mockos.setegidCalls, [0, 1234])
def setUp(self): self.checker = checkers.SSHPublicKeyDatabase() self.key1 = encodebytes(b"foobar") self.key2 = encodebytes(b"eggspam") self.content = b"t1 " + self.key1 + b" foo\nt2 " + self.key2 + b" egg\n" self.mockos = MockOS() self.mockos.path = FilePath(self.mktemp()) self.mockos.path.makedirs() self.patch(util, "os", self.mockos) self.sshDir = self.mockos.path.child(".ssh") self.sshDir.makedirs() userdb = UserDatabase() userdb.addUser( b"user", b"password", 1, 2, b"first last", self.mockos.path.path, b"/bin/shell", ) self.checker._userdb = userdb
def __init__(self, users): self._users = users self._userdb = UserDatabase() for i, username in enumerate(self._users): self._userdb.addUser(username, b"garbage", 123 + i, 456, None, None, None)
def setUp(self): super(WatchDogRunTests, self).setUp() self.fake_pwd = UserDatabase()
def setUp(self): """ Create a L{UserDatabase} with no user data in it. """ self.database = UserDatabase() self._counter = SYSTEM_UID_MAX + 1