def setUp(self):
mockos = MockOS()
mockos.path = FilePath(self.mktemp())
mockos.path.makedirs()
self.userdb = UserDatabase()
self.userdb.addUser('alice', 'password', 1, 2, 'alice lastname',
mockos.path.path, '/bin/shell')
self.sshDir = mockos.path.child('.ssh')
self.sshDir.makedirs()
authorized_keys = self.sshDir.child('authorized_keys')
authorized_keys.setContent('key 1\nkey 2')
def setUp(self):
mockos = MockOS()
mockos.path = FilePath(self.mktemp())
mockos.path.makedirs()
self.userdb = UserDatabase()
self.userdb.addUser('alice', 'password', 1, 2, 'alice lastname',
mockos.path.path, '/bin/shell')
self.sshDir = mockos.path.child('.ssh')
self.sshDir.makedirs()
authorized_keys = self.sshDir.child('authorized_keys')
authorized_keys.setContent('key 1\nkey 2')
def setUp(self):
self.factory = OpenSSHFactory()
self.keysDir = FilePath(self.mktemp())
self.keysDir.makedirs()
self.factory.dataRoot = self.keysDir.path
self.moduliDir = FilePath(self.mktemp())
self.moduliDir.makedirs()
self.factory.moduliRoot = self.moduliDir.path
self.keysDir.child("ssh_host_foo").setContent(b"foo")
self.keysDir.child("bar_key").setContent(b"foo")
self.keysDir.child("ssh_host_one_key").setContent(
keydata.privateRSA_openssh)
self.keysDir.child("ssh_host_two_key").setContent(
keydata.privateDSA_openssh)
self.keysDir.child("ssh_host_three_key").setContent(
b"not a key content")
self.keysDir.child("ssh_host_one_key.pub").setContent(
keydata.publicRSA_openssh)
self.moduliDir.child("moduli").setContent(b"""
# $OpenBSD: moduli,v 1.xx 2016/07/26 12:34:56 jhacker Exp $
# Time Type Tests Tries Size Generator Modulus
20030501000000 2 6 100 2047 2 FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF
""")
self.mockos = MockOS()
self.patch(os, "seteuid", self.mockos.seteuid)
self.patch(os, "setegid", self.mockos.setegid)
def test_daemonizationHooksNotCalled(self):
"""
L{_twistd_unix.daemonize} does NOT call
L{IReactorDaemonize.beforeDaemonize} or
L{IReactorDaemonize.afterDaemonize} if the reactor does NOT
implement L{IReactorDaemonize}.
"""
reactor = FakeNonDaemonizingReactor()
os = MockOS()
_twistd_unix.daemonize(reactor, os)
self.assertFalse(reactor._beforeDaemonizeCalled)
self.assertFalse(reactor._afterDaemonizeCalled)
def test_daemonizationHooksCalled(self):
"""
L{_twistd_unix.daemonize} indeed calls
L{IReactorDaemonize.beforeDaemonize} and
L{IReactorDaemonize.afterDaemonize} if the reactor implements
L{IReactorDaemonize}.
"""
reactor = FakeDaemonizingReactor()
os = MockOS()
_twistd_unix.daemonize(reactor, os)
self.assertTrue(reactor._beforeDaemonizeCalled)
self.assertTrue(reactor._afterDaemonizeCalled)
def test_defaultCheckers(self):
"""
L{UNIXPasswordDatabase} with no arguments has checks the C{pwd} database
and then the C{spwd} database.
"""
checker = checkers.UNIXPasswordDatabase()
def crypted(username, password):
salt = crypt.crypt(password, username)
crypted = crypt.crypt(password, '$1$' + salt)
return crypted
pwd = UserDatabase()
pwd.addUser('alice', crypted('alice', 'password'),
1, 2, 'foo', '/foo', '/bin/sh')
# x and * are convention for "look elsewhere for the password"
pwd.addUser('bob', 'x', 1, 2, 'bar', '/bar', '/bin/sh')
spwd = ShadowDatabase()
spwd.addUser('alice', 'wrong', 1, 2, 3, 4, 5, 6, 7)
spwd.addUser('bob', crypted('bob', 'password'),
8, 9, 10, 11, 12, 13, 14)
self.patch(checkers, 'pwd', pwd)
self.patch(checkers, 'spwd', spwd)
mockos = MockOS()
self.patch(checkers, 'os', mockos)
self.patch(util, 'os', mockos)
mockos.euid = 2345
mockos.egid = 1234
cred = UsernamePassword("alice", "password")
self.assertLoggedIn(checker.requestAvatarId(cred), 'alice')
self.assertEquals(mockos.seteuidCalls, [])
self.assertEquals(mockos.setegidCalls, [])
cred.username = "******"
self.assertLoggedIn(checker.requestAvatarId(cred), 'bob')
self.assertEquals(mockos.seteuidCalls, [0, 2345])
self.assertEquals(mockos.setegidCalls, [0, 1234])
def test_defaultCheckers(self):
"""
L{UNIXPasswordDatabase} with no arguments has checks the C{pwd} database
and then the C{spwd} database.
"""
checker = checkers.UNIXPasswordDatabase()
def crypted(username, password):
salt = crypt.crypt(password, username)
crypted = crypt.crypt(password, '$1$' + salt)
return crypted
pwd = UserDatabase()
pwd.addUser('alice', crypted('alice', 'password'), 1, 2, 'foo', '/foo',
'/bin/sh')
# x and * are convention for "look elsewhere for the password"
pwd.addUser('bob', 'x', 1, 2, 'bar', '/bar', '/bin/sh')
spwd = ShadowDatabase()
spwd.addUser('alice', 'wrong', 1, 2, 3, 4, 5, 6, 7)
spwd.addUser('bob', crypted('bob', 'password'), 8, 9, 10, 11, 12, 13,
14)
self.patch(checkers, 'pwd', pwd)
self.patch(checkers, 'spwd', spwd)
mockos = MockOS()
self.patch(checkers, 'os', mockos)
self.patch(util, 'os', mockos)
mockos.euid = 2345
mockos.egid = 1234
cred = UsernamePassword("alice", "password")
self.assertLoggedIn(checker.requestAvatarId(cred), 'alice')
self.assertEquals(mockos.seteuidCalls, [])
self.assertEquals(mockos.setegidCalls, [])
cred.username = "******"
self.assertLoggedIn(checker.requestAvatarId(cred), 'bob')
self.assertEquals(mockos.seteuidCalls, [0, 2345])
self.assertEquals(mockos.setegidCalls, [0, 1234])
def setUp(self):
mockos = MockOS()
mockos.path = FilePath(self.mktemp())
mockos.path.makedirs()
self.userdb = UserDatabase()
self.userdb.addUser(
b"alice",
b"password",
1,
2,
b"alice lastname",
mockos.path.path,
b"/bin/shell",
)
self.sshDir = mockos.path.child(".ssh")
self.sshDir.makedirs()
authorizedKeys = self.sshDir.child("authorized_keys")
authorizedKeys.setContent(b"key 1\nkey 2")
self.expectedKeys = [b"key 1", b"key 2"]
def test_defaultCheckers(self):
"""
L{UNIXPasswordDatabase} with no arguments has checks the C{pwd} database
and then the C{spwd} database.
"""
checker = checkers.UNIXPasswordDatabase()
def crypted(username, password):
salt = crypt.crypt(password, username)
crypted = crypt.crypt(password, "$1$" + salt)
return crypted
pwd = UserDatabase()
pwd.addUser("alice", crypted("alice", "password"), 1, 2, "foo", "/foo",
"/bin/sh")
# x and * are convention for "look elsewhere for the password"
pwd.addUser("bob", "x", 1, 2, "bar", "/bar", "/bin/sh")
spwd = ShadowDatabase()
spwd.addUser("alice", "wrong", 1, 2, 3, 4, 5, 6, 7)
spwd.addUser("bob", crypted("bob", "password"), 8, 9, 10, 11, 12, 13,
14)
self.patch(checkers, "pwd", pwd)
self.patch(checkers, "spwd", spwd)
mockos = MockOS()
self.patch(util, "os", mockos)
mockos.euid = 2345
mockos.egid = 1234
cred = UsernamePassword(b"alice", b"password")
self.assertLoggedIn(checker.requestAvatarId(cred), b"alice")
self.assertEqual(mockos.seteuidCalls, [])
self.assertEqual(mockos.setegidCalls, [])
cred.username = b"bob"
self.assertLoggedIn(checker.requestAvatarId(cred), b"bob")
self.assertEqual(mockos.seteuidCalls, [0, 2345])
self.assertEqual(mockos.setegidCalls, [0, 1234])
def setUp(self):
self.checker = SSHPublicKeyDatabase()
self.sshDir = FilePath(self.mktemp())
self.sshDir.makedirs()
self.key1 = base64.encodestring("foobar")
self.key2 = base64.encodestring("eggspam")
self.content = "t1 %s foo\nt2 %s egg\n" % (self.key1, self.key2)
self.mockos = MockOS()
self.mockos.path = self.sshDir.path
self.patch(os.path, "expanduser", self.mockos.expanduser)
self.patch(pwd, "getpwnam", self.mockos.getpwnam)
self.patch(os, "seteuid", self.mockos.seteuid)
self.patch(os, "setegid", self.mockos.setegid)
def setUp(self):
self.checker = checkers.SSHPublicKeyDatabase()
self.key1 = base64.encodestring("foobar")
self.key2 = base64.encodestring("eggspam")
self.content = "t1 %s foo\nt2 %s egg\n" % (self.key1, self.key2)
self.mockos = MockOS()
self.mockos.path = FilePath(self.mktemp())
self.mockos.path.makedirs()
self.patch(util, 'os', self.mockos)
self.sshDir = self.mockos.path.child('.ssh')
self.sshDir.makedirs()
userdb = UserDatabase()
userdb.addUser('user', 'password', 1, 2, 'first last',
self.mockos.path.path, '/bin/shell')
self.checker._userdb = userdb
def setUp(self):
self.checker = checkers.SSHPublicKeyDatabase()
self.key1 = _b64encodebytes(b"foobar")
self.key2 = _b64encodebytes(b"eggspam")
self.content = (b"t1 " + self.key1 + b" foo\nt2 " + self.key2 +
b" egg\n")
self.mockos = MockOS()
self.mockos.path = FilePath(self.mktemp())
self.mockos.path.makedirs()
self.patch(util, 'os', self.mockos)
self.sshDir = self.mockos.path.child('.ssh')
self.sshDir.makedirs()
userdb = UserDatabase()
userdb.addUser(b'user', b'password', 1, 2, b'first last',
self.mockos.path.path, b'/bin/shell')
self.checker._userdb = userdb
def setUp(self):
self.factory = OpenSSHFactory()
self.keysDir = FilePath(self.mktemp())
self.keysDir.makedirs()
self.factory.dataRoot = self.keysDir.path
self.keysDir.child("ssh_host_foo").setContent("foo")
self.keysDir.child("bar_key").setContent("foo")
self.keysDir.child("ssh_host_one_key").setContent(
keydata.privateRSA_openssh)
self.keysDir.child("ssh_host_two_key").setContent(
keydata.privateDSA_openssh)
self.keysDir.child("ssh_host_three_key").setContent(
"not a key content")
self.keysDir.child("ssh_host_one_key.pub").setContent(
keydata.publicRSA_openssh)
self.mockos = MockOS()
self.patch(os, "seteuid", self.mockos.seteuid)
self.patch(os, "setegid", self.mockos.setegid)
def setUp(self):
self.checker = checkers.SSHPublicKeyDatabase()
self.key1 = encodebytes(b"foobar")
self.key2 = encodebytes(b"eggspam")
self.content = b"t1 " + self.key1 + b" foo\nt2 " + self.key2 + b" egg\n"
self.mockos = MockOS()
self.mockos.path = FilePath(self.mktemp())
self.mockos.path.makedirs()
self.patch(util, "os", self.mockos)
self.sshDir = self.mockos.path.child(".ssh")
self.sshDir.makedirs()
userdb = UserDatabase()
userdb.addUser(
b"user",
b"password",
1,
2,
b"first last",
self.mockos.path.path,
b"/bin/shell",
)
self.checker._userdb = userdb
def setUp(self):
self.mockos = MockOS()
self.patch(os, "geteuid", self.mockos.geteuid)
self.patch(os, "getegid", self.mockos.getegid)
self.patch(os, "seteuid", self.mockos.seteuid)
self.patch(os, "setegid", self.mockos.setegid)
def setUp(self):
self.mockos = MockOS()
self.patch(util, "os", self.mockos)
self.patch(util, "initgroups", self.initgroups)
self.initgroupsCalls = []
class SwitchUIDTest(unittest.TestCase):
"""
Tests for L{util.switchUID}.
"""
if getattr(os, "getuid", None) is None:
skip = "getuid/setuid not available"
def setUp(self):
self.mockos = MockOS()
self.patch(util, "os", self.mockos)
self.patch(util, "initgroups", self.initgroups)
self.initgroupsCalls = []
def initgroups(self, uid, gid):
"""
Save L{util.initgroups} calls in C{self.initgroupsCalls}.
"""
self.initgroupsCalls.append((uid, gid))
def test_uid(self):
"""
L{util.switchUID} calls L{util.initgroups} and then C{os.setuid} with
the given uid.
"""
util.switchUID(12000, None)
self.assertEqual(self.initgroupsCalls, [(12000, None)])
self.assertEqual(self.mockos.actions, [("setuid", 12000)])
def test_euid(self):
"""
L{util.switchUID} calls L{util.initgroups} and then C{os.seteuid} with
the given uid if the C{euid} parameter is set to C{True}.
"""
util.switchUID(12000, None, True)
self.assertEqual(self.initgroupsCalls, [(12000, None)])
self.assertEqual(self.mockos.seteuidCalls, [12000])
def test_currentUID(self):
"""
If the current uid is the same as the uid passed to L{util.switchUID},
then initgroups does not get called, but a warning is issued.
"""
uid = self.mockos.getuid()
util.switchUID(uid, None)
self.assertEqual(self.initgroupsCalls, [])
self.assertEqual(self.mockos.actions, [])
warnings = self.flushWarnings([util.switchUID])
self.assertEqual(len(warnings), 1)
self.assertIn('tried to drop privileges and setuid %i' % uid,
warnings[0]['message'])
self.assertIn('but uid is already %i' % uid, warnings[0]['message'])
def test_currentEUID(self):
"""
If the current euid is the same as the euid passed to L{util.switchUID},
then initgroups does not get called, but a warning is issued.
"""
euid = self.mockos.geteuid()
util.switchUID(euid, None, True)
self.assertEqual(self.initgroupsCalls, [])
self.assertEqual(self.mockos.seteuidCalls, [])
warnings = self.flushWarnings([util.switchUID])
self.assertEqual(len(warnings), 1)
self.assertIn('tried to drop privileges and seteuid %i' % euid,
warnings[0]['message'])
self.assertIn('but euid is already %i' % euid, warnings[0]['message'])
def setUp(self):
self.mockos = MockOS()
def setUp(self):
self.mockos = MockOS()
self.patch(util, "os", self.mockos)
self.patch(util, "initgroups", self.initgroups)
self.initgroupsCalls = []
class SwitchUIDTests(unittest.TestCase):
"""
Tests for L{util.switchUID}.
"""
if getattr(os, "getuid", None) is None:
skip = "getuid/setuid not available"
def setUp(self):
self.mockos = MockOS()
self.patch(util, "os", self.mockos)
self.patch(util, "initgroups", self.initgroups)
self.initgroupsCalls = []
def initgroups(self, uid, gid):
"""
Save L{util.initgroups} calls in C{self.initgroupsCalls}.
"""
self.initgroupsCalls.append((uid, gid))
def test_uid(self):
"""
L{util.switchUID} calls L{util.initgroups} and then C{os.setuid} with
the given uid.
"""
util.switchUID(12000, None)
self.assertEqual(self.initgroupsCalls, [(12000, None)])
self.assertEqual(self.mockos.actions, [("setuid", 12000)])
def test_euid(self):
"""
L{util.switchUID} calls L{util.initgroups} and then C{os.seteuid} with
the given uid if the C{euid} parameter is set to C{True}.
"""
util.switchUID(12000, None, True)
self.assertEqual(self.initgroupsCalls, [(12000, None)])
self.assertEqual(self.mockos.seteuidCalls, [12000])
def test_currentUID(self):
"""
If the current uid is the same as the uid passed to L{util.switchUID},
then initgroups does not get called, but a warning is issued.
"""
uid = self.mockos.getuid()
util.switchUID(uid, None)
self.assertEqual(self.initgroupsCalls, [])
self.assertEqual(self.mockos.actions, [])
currentWarnings = self.flushWarnings([util.switchUID])
self.assertEqual(len(currentWarnings), 1)
self.assertIn('tried to drop privileges and setuid %i' % uid,
currentWarnings[0]['message'])
self.assertIn(
'but uid is already %i' % uid, currentWarnings[0]['message'])
def test_currentEUID(self):
"""
If the current euid is the same as the euid passed to L{util.switchUID},
then initgroups does not get called, but a warning is issued.
"""
euid = self.mockos.geteuid()
util.switchUID(euid, None, True)
self.assertEqual(self.initgroupsCalls, [])
self.assertEqual(self.mockos.seteuidCalls, [])
currentWarnings = self.flushWarnings([util.switchUID])
self.assertEqual(len(currentWarnings), 1)
self.assertIn('tried to drop privileges and seteuid %i' % euid,
currentWarnings[0]['message'])
self.assertIn(
'but euid is already %i' % euid, currentWarnings[0]['message'])