def test_setsid_perm_failure_ignored(self):
setsid_calls = []
def _setsid(*args):
setsid_calls.append(args)
e = OSError('test')
e.errno = EPERM
raise e
exc = None
orig_setsid = service.setsid
try:
service.setsid = _setsid
service.droppriv('user')
except Exception as err:
exc = err
finally:
service.setsid = orig_setsid
self.assertEqual(exc, None)
self.assertEqual(self.setgroups_calls, [([],)])
self.assertEqual(self.setuid_calls, [(1,)])
self.assertEqual(self.setgid_calls, [(2,)])
self.assertEqual(self.os_umask_calls, [(0022,)])
self.assertEqual(setsid_calls, [()])
self.assertEqual(self.chdir_calls, [('/',)])
def test_setgroups_failure(self):
setgroups_calls = []
def _setgroups(*args):
setgroups_calls.append(args)
e = OSError('test')
e.errno = 0
raise e
exc = None
orig_setgroups = service.setgroups
try:
service.setgroups = _setgroups
service.droppriv('user')
except Exception as err:
exc = err
finally:
service.setgroups = orig_setgroups
self.assertEqual(str(exc), 'test')
self.assertEqual(setgroups_calls, [([],)])
self.assertEqual(self.setuid_calls, [])
self.assertEqual(self.setgid_calls, [])
self.assertEqual(self.os_umask_calls, [])
self.assertEqual(self.setsid_calls, [])
self.assertEqual(self.chdir_calls, [])
def test_droppriv_umask(self):
service.droppriv('user', umask=0123)
self.assertEquals(self.setgroups_calls, [([],)])
self.assertEquals(self.setuid_calls, [(1,)])
self.assertEquals(self.setgid_calls, [(2,)])
self.assertEquals(self.os_umask_calls, [(0123,)])
self.assertEquals(self.setsid_calls, [()])
self.assertEquals(self.chdir_calls, [('/',)])
def test_droppriv_to_same_uid_gid(self):
service.droppriv('user')
self.assertEquals(self.setgroups_calls, [([],)])
self.assertEquals(self.setuid_calls, [(1,)])
self.assertEquals(self.setgid_calls, [(2,)])
self.assertEquals(self.os_umask_calls, [(0022,)])
self.assertEquals(self.setsid_calls, [()])
self.assertEquals(self.chdir_calls, [('/',)])
def test_droppriv_to_different_uid_gid(self):
self.pwnam['user'].pw_uid = 10
self.pwnam['user'].pw_gid = 20
self.grnam['group'].gr_gid = 30
service.droppriv('user', 'group')
self.assertEquals(self.setgroups_calls, [([],)])
self.assertEquals(self.setuid_calls, [(10,)])
self.assertEquals(self.setgid_calls, [(30,)])
self.assertEquals(self.os_umask_calls, [(0022,)])
self.assertEquals(self.setsid_calls, [()])
self.assertEquals(self.chdir_calls, [('/',)])
def test_setgid_failure(self):
def _setgid(*args):
raise OSError()
exc = None
orig_setgid = service.setgid
try:
service.setgid = _setgid
service.droppriv('user', 'group')
except Exception, err:
exc = err
def test_droppriv_unknown_group(self):
exc = None
try:
service.droppriv('user', 'unknown')
except Exception as err:
exc = err
self.assertEqual(str(exc), "Cannot switch to unknown group 'unknown'.")
self.assertEqual(self.setgroups_calls, [([],)])
self.assertEqual(self.setuid_calls, [])
self.assertEqual(self.setgid_calls, [])
self.assertEqual(self.os_umask_calls, [])
self.assertEqual(self.setsid_calls, [])
self.assertEqual(self.chdir_calls, [])
def test_setsid_perm_failure_ignored(self):
setsid_calls = []
def _setsid(*args):
setsid_calls.append(args)
e = OSError('test')
e.errno = EPERM
raise e
exc = None
orig_setsid = service.setsid
try:
service.setsid = _setsid
service.droppriv('user')
except Exception, err:
exc = err
def test_setgroups_failure(self):
setgroups_calls = []
def _setgroups(*args):
setgroups_calls.append(args)
e = OSError('test')
e.errno = 0
raise e
exc = None
orig_setgroups = service.setgroups
try:
service.setgroups = _setgroups
service.droppriv('user')
except Exception, err:
exc = err
def test_setgid_failure(self):
def _setgid(*args):
raise OSError()
exc = None
orig_setgid = service.setgid
try:
service.setgid = _setgid
service.droppriv('user', 'group')
except Exception as err:
exc = err
finally:
service.setgid = orig_setgid
self.assertEqual(
str(exc), "Permission denied when switching to group 'group'.")
self.assertEqual(self.setgroups_calls, [([],)])
# This also asserts setuid is not called before setgid.
self.assertEqual(self.setuid_calls, [])
self.assertEqual(self.setgid_calls, [])
self.assertEqual(self.os_umask_calls, [])
self.assertEqual(self.setsid_calls, [])
self.assertEqual(self.chdir_calls, [])
def test_droppriv_unknown_group(self):
exc = None
try:
service.droppriv('user', 'unknown')
except Exception, err:
exc = err
