def test_executeAsUser_Unix(self):
"""
Test executing as a different user.
"""
initial_uid, initial_gid = os.geteuid(), os.getegid()
initial_groups = os.getgroups()
test_user = mk.getTestUser(u'normal')
self.assertNotEqual(
sorted(self.getGroupsIDForTestAccount()),
sorted(os.getgroups()),
)
with system_users.executeAsUser(username=test_user.name):
import pwd
import grp
uid, gid = os.geteuid(), os.getegid()
impersonated_username = pwd.getpwuid(uid)[0].decode('utf-8')
impersonated_groupname = grp.getgrgid(gid)[0].decode('utf-8')
impersonated_groups = os.getgroups()
self.assertEqual(test_user.name, impersonated_username)
self.assertEqual(TEST_ACCOUNT_GROUP, impersonated_groupname)
self.assertNotEqual(initial_uid, uid)
self.assertNotEqual(initial_gid, gid)
self.assertNotEqual(initial_groups, impersonated_groups)
if self.os_name != 'osx':
# On OSX newer than 10.5 get/set groups are useless.
self.assertEqual(
sorted(self.getGroupsIDForTestAccount()),
sorted(impersonated_groups),
)
self.assertEqual(initial_uid, os.geteuid())
self.assertEqual(initial_gid, os.getegid())
self.assertEqual(initial_groups, os.getgroups())
def test_getTestUser_not_found(self):
"""
Returns `None` if user is not found.
"""
result = mk.getTestUser(u'no-such-user-ever')
self.assertIsNone(result)
def test_isUserInGroups_non_existent_group(self):
"""
False is returned if isUserInGroups is asked for a non-existent group.
"""
test_user = mk.getTestUser(u'normal')
groups = [u'non-existent-group']
self.assertFalse(system_users.isUserInGroups(
username=test_user.name, groups=groups, token=test_user.token))
def test_isUserInGroups_not_in_groups(self):
"""
False is returned if user is not in the groups.
"""
test_user = mk.getTestUser(u'normal')
groups = [u'root', u'Administrators']
self.assertFalse(system_users.isUserInGroups(
username=test_user.name, groups=groups, token=test_user.token))
def setUpClass(cls):
super(TestElevatedLocalTestFilesystem, cls).setUpClass()
cls.user = compat_mk.getTestUser('normal')
home_folder_path = system_users.getHomeFolder(
username=cls.user.name, token=cls.user.token)
cls.avatar = compat_mk.makeFilesystemOSAvatar(
name=cls.user.name,
home_folder_path=home_folder_path,
token=cls.user.token,
)
def test_executeAsUser_multiple_call_on_same_credentials(self):
"""
Test executing as a different user reusing the credentials.
"""
test_user = mk.getTestUser(u'normal')
with system_users.executeAsUser(
username=test_user.name, token=test_user.token):
pass
with system_users.executeAsUser(
username=test_user.name, token=test_user.token):
pass
def test_getPrimaryGroup_good(self):
"""
Check getting primary group.
"""
test_user = mk.getTestUser(u'normal')
avatar = mk.makeFilesystemOSAvatar(
name=TEST_ACCOUNT_USERNAME, token=test_user.token)
group_name = system_users.getPrimaryGroup(username=avatar.name)
if os.name == 'nt':
self.assertEqual(WINDOWS_PRIMARY_GROUP, group_name)
else:
self.assertEqual(TEST_ACCOUNT_GROUP, group_name)
def test_executeAsUser_NT(self):
"""
Test executing as a different user.
"""
test_user = mk.getTestUser(u'normal')
with system_users.executeAsUser(
username=test_user.name, token=test_user.token):
self.assertEqual(
test_user.name, system_users.getCurrentUserName())
self.assertEqual(
mk.username, system_users.getCurrentUserName())
def test_getHomeFolder_nt_custom_user_no_token(self):
"""
An error is raised if no token is provided and the username differs
from the current/service username.
"""
test_user = mk.getTestUser(u'other')
with self.assertRaises(CompatError) as context:
system_users.getHomeFolder(test_user.name)
self.assertCompatError(1014, context.exception)
self.assertContains(
'Invalid username/token combination.', context.exception.message)
def test_executeAsUser(self):
"""
It uses the token to impersonate the account under which this
process is executed..
"""
test_user = mk.getTestUser(u'domain')
self.assertNotEqual(test_user.name, system_users.getCurrentUserName())
with system_users.executeAsUser(
username=test_user.name, token=test_user.token):
self.assertEqual(
test_user.name, system_users.getCurrentUserName())
def test_getHomeFolder_good(self):
"""
If a valid token is provided the home folder path can be retrieved
for any other account, as long as the process has the required
capabilities.
"""
test_user = mk.getTestUser(u'domain')
home_folder = system_users.getHomeFolder(
username=test_user.name, token=test_user.token)
self.assertContains(test_user.name.lower(), home_folder.lower())
self.assertIsInstance(text_type, home_folder)
def test_isUserInGroups(self):
"""
Return `True` when the user is member of the group and
`False` otherwise.
"""
test_user = mk.getTestUser(u'domain')
# FIXME:1471:
# Don't know why is not working with TEST_ACCOUNT_GROUP_DOMAIN so
# for now we use the default group.
groups = [u'Domain Users']
groups_non_existent = [u'non-existent-group']
self.assertTrue(system_users.isUserInGroups(
test_user.upn, groups, test_user.token))
self.assertFalse(system_users.isUserInGroups(
test_user.upn, groups_non_existent, test_user.token))
def test_getImpersonationContext_use_impersonation_nt(self):
"""
If use_impersonation is `True` an impersonation context is active.
Inside the context we have the new user and outside we have the normal
user.
"""
test_user = mk.getTestUser(u'normal')
avatar = ImpersonatedAvatarImplementation(
name=test_user.name,
token=test_user.token,
use_impersonation=True,
)
with avatar.getImpersonationContext():
self.assertEqual(
test_user.name, system_users.getCurrentUserName())
self.assertEqual(
mk.username, system_users.getCurrentUserName())
def test_isUserInGroups_success(self):
"""
True is returned if user is in groups.
"""
test_user = mk.getTestUser(u'normal')
groups = [
TEST_ACCOUNT_GROUP,
TEST_ACCOUNT_GROUP_WIN,
]
self.assertTrue(system_users.isUserInGroups(
username=test_user.name, groups=groups, token=test_user.token))
groups = [
u'non-existent-group',
TEST_ACCOUNT_GROUP,
TEST_ACCOUNT_GROUP_WIN,
]
self.assertTrue(system_users.isUserInGroups(
username=test_user.name, groups=groups, token=test_user.token))
def test_executeAsUser_Unix(self):
"""
Test executing as a different user.
"""
initial_uid, initial_gid = os.geteuid(), os.getegid()
initial_groups = os.getgroups()
test_user = mk.getTestUser(u'normal')
self.assertNotEqual(
sorted(self.getGroupsIDForTestAccount()),
sorted(os.getgroups()),
)
with system_users.executeAsUser(username=test_user.name):
import pwd
import grp
uid, gid = os.geteuid(), os.getegid()
impersonated_username = pwd.getpwuid(uid)[0].decode('utf-8')
impersonated_groupname = grp.getgrgid(gid)[0].decode('utf-8')
impersonated_groups = os.getgroups()
self.assertEqual(test_user.name, impersonated_username)
self.assertEqual(TEST_ACCOUNT_GROUP, impersonated_groupname)
self.assertNotEqual(initial_uid, uid)
self.assertNotEqual(initial_gid, gid)
if self.os_name != 'osx':
# FIXME:3808:
# Investigate why this no longer works/passes on OSX.
# On OSX newer than 10.5 get/set groups are useless.
self.assertNotEqual(initial_groups, impersonated_groups)
# On Alpine, we get duplicate groups from the Python os.
if self.os_version.startswith('alpine'):
impersonated_groups = list(set(impersonated_groups))
self.assertEqual(
sorted(self.getGroupsIDForTestAccount()),
sorted(impersonated_groups),
)
self.assertEqual(initial_uid, os.geteuid())
self.assertEqual(initial_gid, os.getegid())
self.assertEqual(initial_groups, os.getgroups())
