def testUserInfoRoleCommandArg2(self):
res, code = utils.sr_cmd("-i -r info0 -c command")
utils.multipleAssertCommand(
res, code, code == 0,
utils.assertCount(res, "you can execute \"command\" with command",
1),
utils.assertCount(res, "sr -r \"info0\" -c \"command\"", 1))
def testUserInfoRoleCommandArg(self):
res, code = utils.sr_cmd("-i -r info2 -c command1")
utils.multipleAssertCommand(
res, code, code == 0, utils.assertCount(res, "simplified", 1),
utils.assertCount(res, "sr -c \"command1\"", 1),
utils.assertCount(res, "-r info2", 0),
utils.assertCount(res, "full privileges", 1))
def testCapableSyntaxError(self):
res, code = utils.capable_cmd("-foobar")
utils.multipleAssertCommand(
res, code, code != 0,
res.count("capable: invalid option -- 'f'") == 1,
res.count("Bad parameter.") == 1,
res.count("Usage") == 1)
def testUserInfoCommandArg(self):
res, code = utils.sr_cmd("-i -c command1")
utils.multipleAssertCommand(
res, code, code == 0, utils.assertCount(res, "info2", 0),
utils.assertCount(res, "cap_net_raw", 0),
utils.assertCount(res, "this command", 1),
utils.assertCount(res, "sr -c \"command1\"", 1))
def testCapableCommandTcpdumpResult(self):
res, code = utils.capable_cmd("-c tcpdump")
self.assertEqual(code, 0, "Assert Code == 0")
utils.multipleAssertCommand(res, code, code == 0,
res.count("cap_dac_override") == 1,
res.count("cap_dac_read_search") == 1,
res.count("cap_net_admin") == 1,
res.count("cap_net_raw") == 1,
res.count("cap_sys_admin") == 1)
def testScenario1(self):
port = "79"
utils.before("scenario1",
[utils.getuser(), constants.SC1_FILE_SERVERPY, port])
res, code = utils.sr_cmd(
"-r role1 -c 'python %s -p %s'" %
(constants.SC1_FILE_SERVERPY, port), 1)
utils.multipleAssertCommand(res, code, code == 0, res.count("OK") == 1)
utils.after()
def testUserInfoCommandArgNoRole(self):
utils.before("testInfo/infousernorole")
res, code = utils.sr_cmd("-i -c null")
utils.multipleAssertCommand(
res, code, code == 0,
utils.assertCount(res, r"you can\\'t execute this command", 1),
utils.assertCount(res, "sr -c", 0),
utils.assertCount(res, "roles", 0),
utils.assertCount(res, "null", 0))
utils.after()
def testCapableCommandApache(self):
res, code = utils.capable_cmd("-c '/usr/sbin/apache2ctl start'", 5)
self.assertEqual(code, 0, "Assert Code == 0")
try:
utils.multipleAssertCommand(res, code,
res.count("cap_sys_ptrace") == 1,
res.count("cap_net_bind_service") == 1,
res.count("cap_sys_admin") == 1)
except AssertionError as e:
e.args += ("Have-you installed apache2?", 0)
def testCapableCommandPingResult(self):
res, code = utils.capable_cmd("-c 'ping 8.8.8.8 -c 1'")
self.assertEqual(code, 0, "Assert Code == 0")
utils.multipleAssertCommand(
res,
code,
res.count("cap_setuid") == 1,
res.count("cap_setpcap") == 1, # ping downgrade his capabilities
res.count("cap_net_raw") == 1,
res.count("cap_sys_admin") == 1)
def testCapableCommandSSHD(self):
res, code = utils.capable_cmd("-c '/usr/sbin/sshd'", 5)
self.assertEqual(code, 0, "Assert Code == 0")
try:
utils.multipleAssertCommand(res, code,
res.count("cap_dac_override") == 1,
res.count("cap_dac_read_search") == 1,
res.count("cap_setgid") == 1,
res.count("cap_net_bind_service") == 1,
res.count("cap_sys_resource") == 1,
res.count("cap_sys_admin") == 1)
except AssertionError as e:
e.args += ("Have-you installed sshd?", 0)
def testUserInfoArg(self):
res, code = utils.sr_cmd("-i")
utils.multipleAssertCommand(
res, code, code == 0, utils.assertCount(res, "null", 0),
utils.assertCount(res, "info0", 1),
utils.assertCount(res, "info1", 1),
utils.assertCount(res, "info2", 1),
utils.assertCount(res, "info3", 1),
utils.assertCount(res, "info4", 1),
utils.assertCount(res, "cap_net_raw", 2),
utils.assertCount(res, "with any commands", 2),
utils.assertCount(res, "without any commands", 1),
utils.assertCount(res, "command1", 2),
utils.assertCount(res, "command2", 1),
utils.assertCount(res, "full privileges", 3))
def testUserInfoCommandArg1(self):
res, code = utils.sr_cmd("-i -c null")
utils.multipleAssertCommand(res, code, code == 0,
utils.assertCount(res, "info0", 1),
utils.assertCount(res, "info1", 1))
def testCapableCommandCatResult(self):
res, code = utils.capable_cmd("-c 'cat /proc/kallsyms>/dev/null'")
self.assertEqual(code, 0, "Assert Code == 0")
utils.multipleAssertCommand(res, code,
res.count("cap_syslog") == 1,
res.count("cap_sys_admin") == 1)
def testFindRoleWithUserWrongCommand(self):
echo = "wrong-command"
res, code = utils.sr_echo_cmd(echo)
utils.multipleAssertCommand(res, code, code != 0, res.count(echo) == 0)
def testFindFirstRoleWithUser(self):
echo = "role1-user-cmd"
res, code = utils.sr_echo_cmd(echo)
utils.multipleAssertCommand(res, code, code == 0,
res.count("r0le1") == 1)
def testFindRoleWithGroupWithCommandArrayConfiguration(self):
echo = "role3-group-cmd2"
res, code = utils.sr_echo_cmd(echo)
utils.multipleAssertCommand(res, code, code == 0, res.count(echo) == 1)
def testCapableSleepIncorrect(self):
res, code = utils.capable_cmd("-s D")
utils.multipleAssertCommand(res, code, code != 0,
res.count("Bad parameter.") == 1,
res.count("Usage : ") == 1)
def testFindRoleWithGroupWrongCommand(self):
echo = "role2-gfoo-cmd"
res, code = utils.sr_echo_cmd(echo)
utils.multipleAssertCommand(res, code, code != 0, res.count(echo) == 0)
def testFindFirstRoleWithGroup(self):
echo = "role1-group-cmd"
res, code = utils.sr_echo_cmd(echo)
utils.multipleAssertCommand(res, code, code == 0, res.count(echo) == 1)
def testFindUserRoleNoCommandInConfiguration(self):
echo = "role1-user-cmd"
res, code = utils.sr_echo_cmd(echo)
utils.multipleAssertCommand(res, code, code != 0, res.count(echo) == 0)
def testUserInfoRoleCommandArg1(self):
res, code = utils.sr_cmd("-i -r null -c null")
utils.multipleAssertCommand(
res, code, code == 0,
utils.assertCount(res, r"you can\\'t execute this command", 1))
def testUserInfoCommandArg2(self):
res, code = utils.sr_cmd("-i -c command3")
utils.multipleAssertCommand(res, code, code == 0,
utils.assertCount(res, "cap_net_raw", 1))
def testFindRoleWithUserInCommandArrayConfig(self):
echo = "role3-user-cmd2"
res, code = utils.sr_echo_cmd(echo)
utils.multipleAssertCommand(res, code, code == 0, res.count(echo) == 1)
def testUserInfoRoleArg(self):
res, code = utils.sr_cmd("-i -r info1")
utils.multipleAssertCommand(res, code, code == 0,
utils.assertCount(res, "info1", 1),
utils.assertCount(res, "cap_net_raw", 1),
utils.assertCount(res, "any commands", 1))
def testUserInfoRoleArg2(self):
res, code = utils.sr_cmd("-i -r info3")
utils.multipleAssertCommand(
res, code, code == 0,
utils.assertCount(res, "without any commands", 1))
def testUserInfoRoleArg1(self):
res, code = utils.sr_cmd("-i -r null")
utils.multipleAssertCommand(
res, code, code == 0, utils.assertCount(res, "null", 1),
utils.assertCount(res, r"You can\\+'t use the role", 1))
