def test_executeAsUser_Unix(self): """ Test executing as a different user. """ initial_uid, initial_gid = os.geteuid(), os.getegid() initial_groups = os.getgroups() test_user = mk.getTestUser(u'normal') self.assertNotEqual( sorted(self.getGroupsIDForTestAccount()), sorted(os.getgroups()), ) with system_users.executeAsUser(username=test_user.name): import pwd import grp uid, gid = os.geteuid(), os.getegid() impersonated_username = pwd.getpwuid(uid)[0].decode('utf-8') impersonated_groupname = grp.getgrgid(gid)[0].decode('utf-8') impersonated_groups = os.getgroups() self.assertEqual(test_user.name, impersonated_username) self.assertEqual(TEST_ACCOUNT_GROUP, impersonated_groupname) self.assertNotEqual(initial_uid, uid) self.assertNotEqual(initial_gid, gid) self.assertNotEqual(initial_groups, impersonated_groups) if self.os_name != 'osx': # On OSX newer than 10.5 get/set groups are useless. self.assertEqual( sorted(self.getGroupsIDForTestAccount()), sorted(impersonated_groups), ) self.assertEqual(initial_uid, os.geteuid()) self.assertEqual(initial_gid, os.getegid()) self.assertEqual(initial_groups, os.getgroups())
def test_getTestUser_not_found(self): """ Returns `None` if user is not found. """ result = mk.getTestUser(u'no-such-user-ever') self.assertIsNone(result)
def test_isUserInGroups_non_existent_group(self): """ False is returned if isUserInGroups is asked for a non-existent group. """ test_user = mk.getTestUser(u'normal') groups = [u'non-existent-group'] self.assertFalse(system_users.isUserInGroups( username=test_user.name, groups=groups, token=test_user.token))
def test_isUserInGroups_not_in_groups(self): """ False is returned if user is not in the groups. """ test_user = mk.getTestUser(u'normal') groups = [u'root', u'Administrators'] self.assertFalse(system_users.isUserInGroups( username=test_user.name, groups=groups, token=test_user.token))
def setUpClass(cls): super(TestElevatedLocalTestFilesystem, cls).setUpClass() cls.user = compat_mk.getTestUser('normal') home_folder_path = system_users.getHomeFolder( username=cls.user.name, token=cls.user.token) cls.avatar = compat_mk.makeFilesystemOSAvatar( name=cls.user.name, home_folder_path=home_folder_path, token=cls.user.token, )
def test_executeAsUser_multiple_call_on_same_credentials(self): """ Test executing as a different user reusing the credentials. """ test_user = mk.getTestUser(u'normal') with system_users.executeAsUser( username=test_user.name, token=test_user.token): pass with system_users.executeAsUser( username=test_user.name, token=test_user.token): pass
def test_getPrimaryGroup_good(self): """ Check getting primary group. """ test_user = mk.getTestUser(u'normal') avatar = mk.makeFilesystemOSAvatar( name=TEST_ACCOUNT_USERNAME, token=test_user.token) group_name = system_users.getPrimaryGroup(username=avatar.name) if os.name == 'nt': self.assertEqual(WINDOWS_PRIMARY_GROUP, group_name) else: self.assertEqual(TEST_ACCOUNT_GROUP, group_name)
def test_executeAsUser_NT(self): """ Test executing as a different user. """ test_user = mk.getTestUser(u'normal') with system_users.executeAsUser( username=test_user.name, token=test_user.token): self.assertEqual( test_user.name, system_users.getCurrentUserName()) self.assertEqual( mk.username, system_users.getCurrentUserName())
def test_getHomeFolder_nt_custom_user_no_token(self): """ An error is raised if no token is provided and the username differs from the current/service username. """ test_user = mk.getTestUser(u'other') with self.assertRaises(CompatError) as context: system_users.getHomeFolder(test_user.name) self.assertCompatError(1014, context.exception) self.assertContains( 'Invalid username/token combination.', context.exception.message)
def test_executeAsUser(self): """ It uses the token to impersonate the account under which this process is executed.. """ test_user = mk.getTestUser(u'domain') self.assertNotEqual(test_user.name, system_users.getCurrentUserName()) with system_users.executeAsUser( username=test_user.name, token=test_user.token): self.assertEqual( test_user.name, system_users.getCurrentUserName())
def test_getHomeFolder_good(self): """ If a valid token is provided the home folder path can be retrieved for any other account, as long as the process has the required capabilities. """ test_user = mk.getTestUser(u'domain') home_folder = system_users.getHomeFolder( username=test_user.name, token=test_user.token) self.assertContains(test_user.name.lower(), home_folder.lower()) self.assertIsInstance(text_type, home_folder)
def test_isUserInGroups(self): """ Return `True` when the user is member of the group and `False` otherwise. """ test_user = mk.getTestUser(u'domain') # FIXME:1471: # Don't know why is not working with TEST_ACCOUNT_GROUP_DOMAIN so # for now we use the default group. groups = [u'Domain Users'] groups_non_existent = [u'non-existent-group'] self.assertTrue(system_users.isUserInGroups( test_user.upn, groups, test_user.token)) self.assertFalse(system_users.isUserInGroups( test_user.upn, groups_non_existent, test_user.token))
def test_getImpersonationContext_use_impersonation_nt(self): """ If use_impersonation is `True` an impersonation context is active. Inside the context we have the new user and outside we have the normal user. """ test_user = mk.getTestUser(u'normal') avatar = ImpersonatedAvatarImplementation( name=test_user.name, token=test_user.token, use_impersonation=True, ) with avatar.getImpersonationContext(): self.assertEqual( test_user.name, system_users.getCurrentUserName()) self.assertEqual( mk.username, system_users.getCurrentUserName())
def test_isUserInGroups_success(self): """ True is returned if user is in groups. """ test_user = mk.getTestUser(u'normal') groups = [ TEST_ACCOUNT_GROUP, TEST_ACCOUNT_GROUP_WIN, ] self.assertTrue(system_users.isUserInGroups( username=test_user.name, groups=groups, token=test_user.token)) groups = [ u'non-existent-group', TEST_ACCOUNT_GROUP, TEST_ACCOUNT_GROUP_WIN, ] self.assertTrue(system_users.isUserInGroups( username=test_user.name, groups=groups, token=test_user.token))
def test_executeAsUser_Unix(self): """ Test executing as a different user. """ initial_uid, initial_gid = os.geteuid(), os.getegid() initial_groups = os.getgroups() test_user = mk.getTestUser(u'normal') self.assertNotEqual( sorted(self.getGroupsIDForTestAccount()), sorted(os.getgroups()), ) with system_users.executeAsUser(username=test_user.name): import pwd import grp uid, gid = os.geteuid(), os.getegid() impersonated_username = pwd.getpwuid(uid)[0].decode('utf-8') impersonated_groupname = grp.getgrgid(gid)[0].decode('utf-8') impersonated_groups = os.getgroups() self.assertEqual(test_user.name, impersonated_username) self.assertEqual(TEST_ACCOUNT_GROUP, impersonated_groupname) self.assertNotEqual(initial_uid, uid) self.assertNotEqual(initial_gid, gid) if self.os_name != 'osx': # FIXME:3808: # Investigate why this no longer works/passes on OSX. # On OSX newer than 10.5 get/set groups are useless. self.assertNotEqual(initial_groups, impersonated_groups) # On Alpine, we get duplicate groups from the Python os. if self.os_version.startswith('alpine'): impersonated_groups = list(set(impersonated_groups)) self.assertEqual( sorted(self.getGroupsIDForTestAccount()), sorted(impersonated_groups), ) self.assertEqual(initial_uid, os.geteuid()) self.assertEqual(initial_gid, os.getegid()) self.assertEqual(initial_groups, os.getgroups())