def __init__(self, data, storage, payload, instclass):
FirstbootSpokeMixIn.__init__(self)
NormalTUISpoke.__init__(self, data, storage, payload, instclass)
self.initialize_start()
self.title = N_("User creation")
self._container = None
if self.data.user.userList:
self._user_data = self.data.user.userList[0]
self._create_user = True
else:
self._user_data = self.data.UserData()
self._create_user = False
self._use_password = self._user_data.isCrypted or self._user_data.password
self._groups = ""
self._is_admin = False
self._policy = self.data.anaconda.pwpolicy.get_policy("user", fallback_to_default=True)
self.errors = []
self._users_module = USERS.get_observer()
self._users_module.connect()
self.initialize_done()
def test_evaluation_passwd_minlen_no_passwd(
proxy_getter, rule_data, ksdata_mock, storage_mock):
password_proxy_mock = USERS.get_proxy()
password_proxy_mock.IsRootPasswordSet = False
evaluation_passwd_minlen_no_passwd(rule_data, ksdata_mock, storage_mock, 8, (10, 11))
evaluation_passwd_minlen_no_passwd(rule_data, ksdata_mock, storage_mock, 10, (8, 11))
evaluation_passwd_minlen_no_passwd(rule_data, ksdata_mock, storage_mock, 11, (8, 10))
def __init__(self, *args):
NormalSpoke.__init__(self, *args)
GUISpokeInputCheckHandler.__init__(self)
self._users_module = USERS.get_observer()
self._users_module.connect()
self._services_module = SERVICES.get_observer()
self._services_module.connect()
def test_evaluation_passwd_minlen_good_passwd(proxy_getter, rule_data, ksdata_mock, storage_mock):
password_proxy_mock = USERS.get_proxy()
password_proxy_mock.IsRootPasswordCrypted = False
password_proxy_mock.RootPassword = "******"
rule_data.new_rule("passwd --minlen=8")
messages = rule_data.eval_rules(ksdata_mock, storage_mock, report_only=False)
# minimal password length less than actual length --> no warning
assert not messages
def eval_rules(self, ksdata, storage, report_only=False):
""":see: RuleHandler.eval_rules"""
if self._minlen == 0:
# no password restrictions, nothing to be done here
return []
ret = []
users_proxy = USERS.get_proxy()
if not users_proxy.IsRootPasswordSet:
# root password was not set
msg = _("make sure to create password with minimal length of %d "
"characters") % self._minlen
ret = [RuleMessage(self.__class__,
common.MESSAGE_TYPE_WARNING, msg)]
else:
# root password set
if users_proxy.IsRootPasswordCrypted:
msg = _("cannot check root password length (password is crypted)")
log.warning("cannot check root password length (password is crypted)")
return [RuleMessage(self.__class__,
common.MESSAGE_TYPE_WARNING, msg)]
elif len(users_proxy.RootPassword) < self._minlen:
# too short
msg = _("root password is too short, a longer one with at "
"least %d characters is required") % self._minlen
ret = [RuleMessage(self.__class__,
common.MESSAGE_TYPE_FATAL, msg)]
else:
ret = []
if report_only:
return ret
# set the policy in any case (so that a weaker password is not entered)
pw_policy = ksdata.anaconda.pwpolicy.get_policy("root")
if pw_policy is None:
pw_policy = F22_PwPolicyData()
log.info("OSCAP addon: setting password policy %s" % pw_policy)
ksdata.anaconda.pwpolicy.policyList.append(pw_policy)
log.info("OSCAP addon: password policy list: %s" % ksdata.anaconda.pwpolicy.policyList)
self._created_policy = True
self._orig_minlen = pw_policy.minlen
self._orig_strict = pw_policy.strict
pw_policy.minlen = self._minlen
pw_policy.strict = True
return ret
def test_evaluation_passwd_minlen_crypted_passwd(
proxy_getter, rule_data, ksdata_mock, storage_mock):
password_proxy_mock = USERS.get_proxy()
password_proxy_mock.IsRootPasswordCrypted = True
password_proxy_mock.RootPassword = "******"
rule_data.new_rule("passwd --minlen=8")
messages = rule_data.eval_rules(ksdata_mock, storage_mock, report_only=False)
# minimal password length greater than actual length --> one warning
assert len(messages) == 1
assert messages[0].type == common.MESSAGE_TYPE_WARNING
# warning has to mention that the password cannot be checked
assert "cannot check" in messages[0].text
def __init__(self, data, storage, payload):
NormalTUISpoke.__init__(self, data, storage, payload)
self.initialize_start()
self.title = N_("Root password")
self.input_required = False
self._policy = self.data.anaconda.pwpolicy.get_policy("root", fallback_to_default=True)
self._password = None
self._users_module = USERS.get_observer()
self._users_module.connect()
self._services_module = SERVICES.get_observer()
self._services_module.connect()
self.initialize_done()
def test_evaluation_passwd_minlen_report_only_not_ignored(
proxy_getter, rule_data, ksdata_mock, storage_mock):
password_proxy_mock = USERS.get_proxy()
password_proxy_mock.IsRootPasswordCrypted = False
password_proxy_mock.RootPassword = "******"
rule_data.new_rule("passwd --minlen=8")
messages = rule_data.eval_rules(ksdata_mock,
storage_mock,
report_only=False)
# Mock pw_policy returned by anaconda.pwpolicy.get_policy()
pw_policy_mock = mock.Mock()
pw_policy_mock.minlen = 6
pw_policy_mock.strict = False
ksdata_mock.anaconda.pwpolicy.get_policy.return_value = pw_policy_mock
# call eval_rules with report_only=False
# should set password minimal length to 8
messages = rule_data.eval_rules(ksdata_mock,
storage_mock,
report_only=False)
# Password Policy changed --> no warnings
assert not messages
assert rule_data._passwd_rules._orig_minlen == 6
assert not rule_data._passwd_rules._orig_strict
assert pw_policy_mock.minlen == 8
assert pw_policy_mock.strict
assert rule_data._passwd_rules._minlen == 8
# call of eval_rules with report_only=True
# should not change anything
messages = rule_data.eval_rules(ksdata_mock,
storage_mock,
report_only=True)
# Password Policy stayed the same --> no warnings
assert not messages
assert rule_data._passwd_rules._orig_minlen == 6
assert not rule_data._passwd_rules._orig_strict
assert pw_policy_mock.minlen == 8
assert pw_policy_mock.strict
assert rule_data._passwd_rules._minlen == 8
def execute(self, storage, ksdata, users):
users_proxy = USERS.get_proxy()
if flags.automatedInstall and not users_proxy.IsRootPasswordSet and not users_proxy.IsRootpwKickstarted:
# Lock the root password if during an installation with kickstart
# the root password is empty & not specififed as empty in the kickstart
# (seen == False) via the rootpw command.
# Note that kickstart is actually the only way to specify an empty
# root password - we don't allow that via the UI.
users_proxy.SetRootAccountLocked(True)
elif not flags.automatedInstall and not users_proxy.IsRootPasswordSet:
# Also lock the root password if it was not set during interactive installation.
users_proxy.SetRootAccountLocked(True)
users.setRootPassword(users_proxy.RootPassword,
users_proxy.IsRootPasswordCrypted,
users_proxy.IsRootAccountLocked, None,
util.getSysroot())
def execute(self, storage, ksdata, users):
users_proxy = USERS.get_proxy()
if flags.automatedInstall and not users_proxy.IsRootPasswordSet and not users_proxy.IsRootpwKickstarted:
# Lock the root password if during an installation with kickstart
# the root password is empty & not specififed as empty in the kickstart
# (seen == False) via the rootpw command.
# Note that kickstart is actually the only way to specify an empty
# root password - we don't allow that via the UI.
users_proxy.SetRootAccountLocked(True)
elif not flags.automatedInstall and not users_proxy.IsRootPasswordSet:
# Also lock the root password if it was not set during interactive installation.
users_proxy.SetRootAccountLocked(True)
users.setRootPassword(users_proxy.RootPassword,
users_proxy.IsRootPasswordCrypted,
users_proxy.IsRootAccountLocked,
None,
util.getSysroot())
def set_dbus_defaults():
boss = BOSS.get_proxy()
boss.GetModules.return_value = [
KDUMP.service_name
]
kdump = KDUMP.get_proxy()
kdump.KdumpEnabled = True
user_interface = BOSS.get_proxy(USER_INTERFACE)
user_interface.PasswordPolicies = {}
network = NETWORK.get_proxy()
network.Connected.return_value = True
firewall = NETWORK.get_proxy(FIREWALL)
firewall.EnabledServices = []
firewall.DisabledServices = []
firewall.EnabledPorts = []
firewall.Trusts = []
device_tree = STORAGE.get_proxy(DEVICE_TREE)
device_tree.GetDeviceMountOptions.return_value = "defaults"
device_tree.GetMountPoints.return_value = {}
bootloader = STORAGE.get_proxy(BOOTLOADER)
bootloader.IsPasswordSet = False
users = USERS.get_proxy()
users.IsRootPasswordSet = True
users.IsRootPasswordCrypted = False
users.RootPassword = "******"
payloads = PAYLOADS.get_proxy()
payloads.ActivePayload = "/fake/payload/1"
dnf_payload = PAYLOADS.get_proxy("/fake/payload/1")
dnf_payload.Type = PAYLOAD_TYPE_DNF
packages_data = PackagesSelectionData()
dnf_payload.PackagesSelection = PackagesSelectionData.to_structure(packages_data)
def set_dbus_defaults():
network = NETWORK.get_proxy()
network.Connected.return_value = True
firewall = NETWORK.get_proxy(FIREWALL)
firewall.EnabledServices = []
firewall.DisabledServices = []
firewall.EnabledPorts = []
firewall.Trusts = []
device_tree = STORAGE.get_proxy(DEVICE_TREE)
device_tree.GetDeviceMountOptions.return_value = "defaults"
device_tree.GetMountPoints.return_value = {}
bootloader = STORAGE.get_proxy(BOOTLOADER)
bootloader.IsPasswordSet = False
users = USERS.get_proxy()
users.IsRootPasswordSet = True
users.IsRootPasswordCrypted = False
users.RootPassword = "******"
def test_evaluation_passwd_minlen_report_only_not_ignored(
proxy_getter, rule_data, ksdata_mock, storage_mock):
password_proxy_mock = USERS.get_proxy()
password_proxy_mock.IsRootPasswordCrypted = False
password_proxy_mock.RootPassword = "******"
rule_data.new_rule("passwd --minlen=8")
# call eval_rules with report_only=False
# should set password minimal length to 8
messages = rule_data.eval_rules(ksdata_mock, storage_mock, report_only=False)
# Password Policy changed --> no warnings
assert not messages
assert rule_data._passwd_rules._orig_minlen == 6
assert not rule_data._passwd_rules._orig_strict
assert rule_data._passwd_rules._minlen == 8
policy = PasswordPolicy.from_defaults(PASSWORD_POLICY_ROOT)
policy.min_length = 8
policy.is_strict = True
policies = {PASSWORD_POLICY_ROOT: policy}
ui_mock = BOSS.get_proxy(USER_INTERFACE)
assert ui_mock.PasswordPolicies == \
PasswordPolicy.to_structure_dict(policies)
# call of eval_rules with report_only=True
# should not change anything
messages = rule_data.eval_rules(ksdata_mock, storage_mock, report_only=True)
# Password Policy stayed the same --> no warnings
assert not messages
assert rule_data._passwd_rules._orig_minlen == 6
assert not rule_data._passwd_rules._orig_strict
assert rule_data._passwd_rules._minlen == 8
assert ui_mock.PasswordPolicies == \
PasswordPolicy.to_structure_dict(policies)
def test_evaluation_passwd_minlen_short_passwd_report_only(
proxy_getter, rule_data, ksdata_mock, storage_mock):
password_proxy_mock = USERS.get_proxy()
password_proxy_mock.IsRootPasswordCrypted = False
password_proxy_mock.RootPassword = "******"
rule_data.new_rule("passwd --minlen=8")
messages = rule_data.eval_rules(ksdata_mock, storage_mock, report_only=True)
# minimal password length greater than actual length --> one warning
assert len(messages) == 1
assert messages[0].type == common.MESSAGE_TYPE_FATAL
# warning has to mention the length
assert "8" in messages[0].text
# warning should mention that something is wrong with the old password
assert "is" in messages[0].text
# doing changes --> password should not be cleared
assert password_proxy_mock.RootPassword == "aaaa"
def __str__(self):
users_proxy = USERS.get_proxy()
return users_proxy.GenerateTemporaryKickstart()
