def test_setsid_perm_failure_ignored(self): setsid_calls = [] def _setsid(*args): setsid_calls.append(args) e = OSError('test') e.errno = EPERM raise e exc = None orig_setsid = service.setsid try: service.setsid = _setsid service.droppriv('user') except Exception as err: exc = err finally: service.setsid = orig_setsid self.assertEqual(exc, None) self.assertEqual(self.setgroups_calls, [([],)]) self.assertEqual(self.setuid_calls, [(1,)]) self.assertEqual(self.setgid_calls, [(2,)]) self.assertEqual(self.os_umask_calls, [(0022,)]) self.assertEqual(setsid_calls, [()]) self.assertEqual(self.chdir_calls, [('/',)])
def test_setgroups_failure(self): setgroups_calls = [] def _setgroups(*args): setgroups_calls.append(args) e = OSError('test') e.errno = 0 raise e exc = None orig_setgroups = service.setgroups try: service.setgroups = _setgroups service.droppriv('user') except Exception as err: exc = err finally: service.setgroups = orig_setgroups self.assertEqual(str(exc), 'test') self.assertEqual(setgroups_calls, [([],)]) self.assertEqual(self.setuid_calls, []) self.assertEqual(self.setgid_calls, []) self.assertEqual(self.os_umask_calls, []) self.assertEqual(self.setsid_calls, []) self.assertEqual(self.chdir_calls, [])
def test_droppriv_umask(self): service.droppriv('user', umask=0123) self.assertEquals(self.setgroups_calls, [([],)]) self.assertEquals(self.setuid_calls, [(1,)]) self.assertEquals(self.setgid_calls, [(2,)]) self.assertEquals(self.os_umask_calls, [(0123,)]) self.assertEquals(self.setsid_calls, [()]) self.assertEquals(self.chdir_calls, [('/',)])
def test_droppriv_to_same_uid_gid(self): service.droppriv('user') self.assertEquals(self.setgroups_calls, [([],)]) self.assertEquals(self.setuid_calls, [(1,)]) self.assertEquals(self.setgid_calls, [(2,)]) self.assertEquals(self.os_umask_calls, [(0022,)]) self.assertEquals(self.setsid_calls, [()]) self.assertEquals(self.chdir_calls, [('/',)])
def test_droppriv_to_different_uid_gid(self): self.pwnam['user'].pw_uid = 10 self.pwnam['user'].pw_gid = 20 self.grnam['group'].gr_gid = 30 service.droppriv('user', 'group') self.assertEquals(self.setgroups_calls, [([],)]) self.assertEquals(self.setuid_calls, [(10,)]) self.assertEquals(self.setgid_calls, [(30,)]) self.assertEquals(self.os_umask_calls, [(0022,)]) self.assertEquals(self.setsid_calls, [()]) self.assertEquals(self.chdir_calls, [('/',)])
def test_setgid_failure(self): def _setgid(*args): raise OSError() exc = None orig_setgid = service.setgid try: service.setgid = _setgid service.droppriv('user', 'group') except Exception, err: exc = err
def test_droppriv_unknown_group(self): exc = None try: service.droppriv('user', 'unknown') except Exception as err: exc = err self.assertEqual(str(exc), "Cannot switch to unknown group 'unknown'.") self.assertEqual(self.setgroups_calls, [([],)]) self.assertEqual(self.setuid_calls, []) self.assertEqual(self.setgid_calls, []) self.assertEqual(self.os_umask_calls, []) self.assertEqual(self.setsid_calls, []) self.assertEqual(self.chdir_calls, [])
def test_setsid_perm_failure_ignored(self): setsid_calls = [] def _setsid(*args): setsid_calls.append(args) e = OSError('test') e.errno = EPERM raise e exc = None orig_setsid = service.setsid try: service.setsid = _setsid service.droppriv('user') except Exception, err: exc = err
def test_setgroups_failure(self): setgroups_calls = [] def _setgroups(*args): setgroups_calls.append(args) e = OSError('test') e.errno = 0 raise e exc = None orig_setgroups = service.setgroups try: service.setgroups = _setgroups service.droppriv('user') except Exception, err: exc = err
def test_setgid_failure(self): def _setgid(*args): raise OSError() exc = None orig_setgid = service.setgid try: service.setgid = _setgid service.droppriv('user', 'group') except Exception as err: exc = err finally: service.setgid = orig_setgid self.assertEqual( str(exc), "Permission denied when switching to group 'group'.") self.assertEqual(self.setgroups_calls, [([],)]) # This also asserts setuid is not called before setgid. self.assertEqual(self.setuid_calls, []) self.assertEqual(self.setgid_calls, []) self.assertEqual(self.os_umask_calls, []) self.assertEqual(self.setsid_calls, []) self.assertEqual(self.chdir_calls, [])
def test_droppriv_unknown_group(self): exc = None try: service.droppriv('user', 'unknown') except Exception, err: exc = err