def testGetGroupMap(self): """Verify we build a correct group map from nss calls.""" foo = ('foo', '*', 10, []) bar = ('bar', '*', 20, ['foo', 'bar']) self.mox.StubOutWithMock(grp, 'getgrall') grp.getgrall().AndReturn([foo, bar]) entry1 = group.GroupMapEntry() entry1.name = 'foo' entry1.passwd = '*' entry1.gid = 10 entry1.members = [''] entry2 = group.GroupMapEntry() entry2.name = 'bar' entry2.passwd = '*' entry2.gid = 20 entry2.members = ['foo', 'bar'] self.mox.ReplayAll() group_map = nss.GetGroupMap() self.assertTrue(isinstance(group_map, group.GroupMap)) self.assertEquals(len(group_map), 2) self.assertTrue(group_map.Exists(entry1)) self.assertTrue(group_map.Exists(entry2))
def testNssDbGroupHandlerWriteData(self): ent = 'foo:x:1000:bar' makedb_stdin = self.mox.CreateMock(sys.stdin) makedb_stdin.write('.foo %s\n' % ent) makedb_stdin.write('=1000 %s\n' % ent) makedb_stdin.write('00 %s\n' % ent) m = group.GroupMap() g = group.GroupMapEntry() g.name = 'foo' g.gid = 1000 g.passwd = 'x' g.members = ['bar'] self.failUnless(m.Add(g)) writer = nssdb.NssDbGroupHandler({ 'makedb': '/bin/false', 'dir': '/tmp' }) self.mox.ReplayAll() writer.WriteData(makedb_stdin, g, 0)
def setUp(self): self.good_entry = group.GroupMapEntry() self.good_entry.name = 'foo' self.good_entry.passwd = 'x' self.good_entry.gid = 10 self.good_entry.members = ['foo', 'bar'] self.parser = s3source.S3GroupMapParser()
def Transform(self, obj): """Transforms a LDAP posixGroup object into a group(5) entry.""" gr = group.GroupMapEntry() gr.name = obj['cn'][0] # group passwords are deferred to gshadow gr.passwd = '*' members = [] if 'memberUid' in obj: if hasattr(self, 'groupregex'): members.extend(''.join([x for x in self.groupregex.findall(obj['memberUid'])])) else: members.extend(obj['memberUid']) elif 'member' in obj: for member_dn in obj['member']: member_uid = member_dn.split(',')[0].split('=')[1] if hasattr(self, 'groupregex'): members.append(''.join([x for x in self.groupregex.findall(member_uid)])) else: members.append(member_uid) elif 'uniqueMember' in obj: """ This contains a DN and is processed in PostProcess in GetUpdates.""" members.extend(obj['uniqueMember']) members.sort() gr.gid = int(obj['gidNumber'][0]) gr.members = members return gr
def testVerifyFailure(self): # create a map m = group.GroupMap() e = group.GroupMapEntry() e.name = 'foo' e.gid = 2000 self.assertTrue(m.Add(e)) updater = nssdb.NssDbGroupHandler({ 'dir': self.workdir, 'makedb': '/usr/bin/makedb' }) written = updater.Write(m) self.assertTrue(os.path.exists(updater.temp_cache_filename), 'updater.Write() did not create a file') # change the cache db = btopen(updater.temp_cache_filename) del db[db.first()[0]] db.sync() db.close() retval = updater.Verify(written) self.assertEqual(False, retval) self.assertFalse( os.path.exists(os.path.join(updater.temp_cache_filename)))
def __init__(self, obj): """Set some default avalible data for testing.""" super(TestGroupMap, self).__init__(obj) self._good_entry = group.GroupMapEntry() self._good_entry.name = 'foo' self._good_entry.passwd = 'x' self._good_entry.gid = 10 self._good_entry.members = ['foo', 'bar']
def testInit(self): """Construct an empty and seeded GroupMapEntry.""" self.assert_(group.GroupMapEntry(), msg='Could not create empty GroupMapEntry') seed = {'name': 'foo', 'gid': 10} entry = group.GroupMapEntry(seed) self.assert_(entry.Verify(), msg='Could not verify seeded PasswdMapEntry') self.assertEquals(entry.name, 'foo', msg='Entry returned wrong value for name') self.assertEquals(entry.passwd, 'x', msg='Entry returned wrong value for passwd') self.assertEquals(entry.gid, 10, msg='Entry returned wrong value for gid') self.assertEquals(entry.members, [], msg='Entry returned wrong value for members')
def _ReadEntry(self, line): """Return a GroupMapEntry from a record in the target cache.""" line = line.split(':') map_entry = group.GroupMapEntry() # map entries expect strict typing, so convert as appropriate map_entry.name = line[0] map_entry.passwd = line[1] map_entry.gid = int(line[2]) map_entry.members = line[3].split(',') return map_entry
def Transform(self, obj): """Transforms a LDAP posixGroup object into a group(5) entry.""" gr = group.GroupMapEntry() if self.conf.get('ad'): gr.name = obj['sAMAccountName'][0] # hack to map the users as the corresponding group with the same name elif 'uid' in obj: gr.name = obj['uid'][0] else: gr.name = obj['cn'][0] # group passwords are deferred to gshadow gr.passwd = '*' base = self.conf.get("base") members = [] group_members = [] if 'memberUid' in obj: if hasattr(self, 'groupregex'): members.extend(''.join( [x for x in self.groupregex.findall(obj['memberUid'])])) else: members.extend(obj['memberUid']) elif 'member' in obj: for member_dn in obj['member']: member_uid = member_dn.split(',')[0].split('=')[1] # Note that there is not currently a way to consistently distinguish # a group from a person group_members.append(member_uid) if hasattr(self, 'groupregex'): members.append(''.join( [x for x in self.groupregex.findall(member_uid)])) else: members.append(member_uid) elif 'uniqueMember' in obj: """This contains a DN and is processed in PostProcess in GetUpdates.""" members.extend(obj['uniqueMember']) members.sort() if self.conf.get('ad'): gr.gid = int(sidToStr(obj['objectSid'][0]).split('-')[-1]) elif self.conf.get('use_rid'): gr.gid = int(sidToStr(obj['sambaSID'][0]).split('-')[-1]) else: gr.gid = int(obj['gidNumber'][0]) if 'offset' in self.conf: gr.gid = int(gr.gid + self.conf['offset']) gr.members = members gr.groupmembers = group_members return gr
def _ReadEntry(self, name, entry): """Return a GroupMapEntry from a record in the target cache.""" map_entry = group.GroupMapEntry() # map entries expect strict typing, so convert as appropriate map_entry.name = name map_entry.passwd = entry.get('passwd', 'x') map_entry.gid = int(entry['gid']) try: members = entry.get('members', '').split('\n') except (ValueError, TypeError): members = [''] map_entry.members = members return map_entry
def testAdd(self): """Add raises exceptions for objects it can't add or verify.""" pmap = passwd.PasswdMap() entry = self._good_entry self.assertTrue(pmap.Add(entry), msg='failed to add new entry.') self.assertEqual(1, len(pmap), msg='unexpected size for Map.') ret_entry = pmap.PopItem() self.assertEqual(ret_entry, entry, msg='failed to pop existing entry.') gentry = group.GroupMapEntry() gentry.name = 'foo' gentry.gid = 10 self.assertRaises(TypeError, pmap.Add, gentry)
def testWriteGroupEntry(self): """We correctly write a typical entry in /etc/group format.""" cache = files.FilesGroupMapHandler(self.config) file_mock = self.mox.CreateMock(sys.stdout) file_mock.write('root:x:0:zero_cool,acid_burn\n') map_entry = group.GroupMapEntry() map_entry.name = 'root' map_entry.passwd = 'x' map_entry.gid = 0 map_entry.members = ['zero_cool', 'acid_burn'] self.mox.ReplayAll() cache._WriteData(file_mock, map_entry)
def GetGroupMap(): """Returns a GroupMap built from nss calls.""" group_map = group.GroupMap() for nss_entry in grp.getgrall(): map_entry = group.GroupMapEntry() map_entry.name = nss_entry[0] map_entry.passwd = nss_entry[1] map_entry.gid = nss_entry[2] map_entry.members = nss_entry[3] if not map_entry.members: map_entry.members = [''] group_map.Add(map_entry) return group_map
def Transform(self, obj): """Transforms a LDAP posixGroup object into a group(5) entry.""" gr = group.GroupMapEntry() gr.name = obj['cn'][0] # group passwords are deferred to gshadow gr.passwd = '*' members = [] if 'memberUid' in obj: members.extend(obj['memberUid']) members.sort() gr.gid = int(obj['gidNumber'][0]) gr.members = members return gr
def testNssDbGroupHandlerWrite(self): ent = 'foo:x:1000:bar' makedb_stdin = self.mox.CreateMock(sys.stdin) makedb_stdin.write('.foo %s\n' % ent) makedb_stdin.write('=1000 %s\n' % ent) makedb_stdin.write('00 %s\n' % ent) makedb_stdin.close() makedb_stdout = self.mox.CreateMock(sys.stdout) makedb_stdout.read().AndReturn('') makedb_stdout.close() m = group.GroupMap() g = group.GroupMapEntry() g.name = 'foo' g.gid = 1000 g.passwd = 'x' g.members = ['bar'] g.Verify() self.failUnless(m.Add(g)) self.mox.StubOutWithMock(select, 'select') select.select([makedb_stdout], (), (), 0).AndReturn(([37], [], [])) select.select([makedb_stdout], (), (), 0).AndReturn(([], [], [])) def SpawnMakeDb(): makedb = MakeDbDummy() makedb.stdin = makedb_stdin makedb.stdout = makedb_stdout return makedb writer = nssdb.NssDbGroupHandler({ 'makedb': '/usr/bin/makedb', 'dir': self.workdir }) writer._SpawnMakeDb = SpawnMakeDb self.mox.ReplayAll() writer.Write(m) tmpgroup = os.path.join(self.workdir, 'group.db') self.failIf(os.path.exists(tmpgroup)) # just clean it up, Write() doesn't Commit() writer._Rollback()
def testAttributes(self): """Test that we can get and set all expected attributes.""" entry = group.GroupMapEntry() entry.name = 'foo' self.assertEquals(entry.name, 'foo', msg='Could not set attribute: name') entry.passwd = 'x' self.assertEquals(entry.passwd, 'x', msg='Could not set attribute: passwd') entry.gid = 10 self.assertEquals(entry.gid, 10, msg='Could not set attribute: gid') members = ['foo', 'bar'] entry.members = members self.assertEquals(entry.members, members, msg='Could not set attribute: members')
def testVerifyFailure(self): # Can't test if no makedb if not os.path.exists('/usr/bin/makedb'): raise TestSkipped('no /usr/bin/makedb') # Hide the warning that we expect to get class TestFilter(logging.Filter): def filter(self, record): return not record.msg.startswith( 'verify failed: %d keys missing') fltr = TestFilter() logging.getLogger('NssDbGroupHandler').addFilter(fltr) # create a map m = group.GroupMap() e = group.GroupMapEntry() e.name = 'foo' e.gid = 2000 self.failUnless(m.Add(e)) updater = nssdb.NssDbGroupHandler({ 'dir': self.workdir, 'makedb': '/usr/bin/makedb' }) written = updater.Write(m) self.failUnless(os.path.exists(updater.temp_cache_filename), 'updater.Write() did not create a file') # change the cache db = bsddb.btopen(updater.temp_cache_filename) del db[db.first()[0]] db.sync() db.close() retval = updater.Verify(written) self.failUnlessEqual(False, retval) self.failIf(os.path.exists(os.path.join(updater.temp_cache_filename))) # no longer hide this message logging.getLogger('NssDbGroupHandler').removeFilter(fltr)
def ConvertValueToMapEntry(self, entry): """Convert a grent-like string into a GroupMapEntry. Args: entry: A string containing a grent entry ala /etc/group Returns: A GroupMapEntry instance """ if entry.endswith('\x00'): entry = entry[:-1] entry = entry.split(':') map_entry = group.GroupMapEntry() # map entries expect strict typing, so convert as appropriate map_entry.name = entry[0] map_entry.passwd = entry[1] map_entry.gid = int(entry[2]) map_entry.members = entry[3].split(',') return map_entry
def testVerify(self): # create a map m = group.GroupMap() e = group.GroupMapEntry() e.name = 'foo' e.gid = 2000 self.failUnless(m.Add(e)) updater = nssdb.NssDbGroupHandler({ 'dir': self.workdir, 'makedb': '/usr/bin/makedb' }) written = updater.Write(m) self.failUnless(os.path.exists(updater.temp_cache_filename), 'updater.Write() did not create a file') retval = updater.Verify(written) self.failUnlessEqual(True, retval) os.unlink(updater.temp_cache_filename)
def testVerify(self): """Test that the object can verify it's attributes and itself.""" entry = group.GroupMapEntry() # Empty object should bomb self.failIf(entry.Verify())
def testKey(self): """Key() should return the value of the 'name' attribute.""" entry = group.GroupMapEntry() entry.name = 'foo' self.assertEquals(entry.Key(), entry.name)