def test_10_disappeared_user_stays(self): '''Users are actually being cached in db''' user = testlib.TestUser() login = user.login uid = user.uid gid = user.gid # Verify user disappears from "files" as expected... expected = 'uid=%d(%s) gid=%d(%s) groups=%d(%s)\n' % ( uid, login, gid, login, gid, login) self.assertShellOutputEquals(expected, ['id', login]) user = None self.assertShellOutputEquals('id: %s: No such user\n' % (login), ['id', login]) user = testlib.TestUser() login = user.login uid = user.uid os.chdir('/var/lib/misc') self.assertShellExitEquals(0, ['make']) # Verify user stays in db until we rebuild expected = 'uid=%d(%s) gid=%d(%s) groups=%d(%s)\n' % ( uid, login, gid, login, gid, login) self.assertShellOutputEquals(expected, ['id', login]) user = None self.assertShellOutputEquals(expected, ['id', login])
def setUp(self): '''Set up prior to each test_* function''' self.pam_su = "/etc/pam.d/su" self.pam_login = "******" self.user = testlib.TestUser(shell="/bin/bash") self.userB = testlib.TestUser(shell="/bin/bash") self.tmpdir = tempfile.mkdtemp(prefix='testlib', dir='/tmp') self.cronfile = "/etc/cron.d/testlib-crontest" if os.path.exists(self.cronfile): os.unlink(self.cronfile)
def setUp(self): '''Set up prior to each test_* function''' self.sshd_config = '/etc/ssh/sshd_config' self.sshd_rsa_private_keyfile = '/etc/ssh/ssh_host_rsa_key' self.sshd_rsa_private_key = \ '''-----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAs7PQMZkt6/s3ibdNW6C4ZUr6k1uSE0XZ5RK2cfdh0Ug1+DkJ Rp8WTdsIKOVY69No1k3zKGm7EFvx5JhmSXxFcPqMj1/+NYw+JeT8q18JzPrhvEmI KhP3+ydW+B+6w8PP2uEIpOS9OX7ISQgsgJ2J2M48aP2aAkdAjtO61JepJ6d+UHtD cFyRS7P/17/o1QfWalAgbdLpZuq0eguRedVO6OTugTLu96g3w7Tk7watLO0GRStG PlXRNRyZW4ER6xnUrG5lbEYICTYISA5yLSYBb3TTPyfQv6flD9SD64Xa8kgktGkD AbMx7wa6BiRMeshNM+uFRJ/ZimcAKdUJMyYf4QIDAQABAoIBAQCt+W+eFQZ4aAYk temWw8rBhg2BjC2nqwCA3dT0EOQKkTZu0glA7dPSHDOSJDgqV8ovb9fxUCticyGE hmbAzicMcgSS6gRaIyQn28EiyCfc4yaX+zhwRFTYOgXgwhc2X+Rjq2mK+kiX2T5e NiOfgOVrmH6zxpHLkt/VZvaByzJgyA2deH3KT9W/O+Mm52dDaer3ZKNKy/orpxbo Ip4SbNIEdTylX9DoBZQzn6AKBkc/S8Qok3xGT/uM/mbj2IruwHwrkFURYQyzbcmQ jDX1T3AJz92+LbiW8kKw8uODfoVdxv91ooTmST4z6izU6shpNGsHOHtV/rsOfvGs H/fNYqSBAoGBAO9ULRjWeWcyMO/M+dLc4z4+LQ4QWPMVChuxjNVKIX4HycrXbIo4 uEZYhIDYDW7tIJp7Jp4YPzpbAGQldR//3EW3Pr9t4e7Y7TT2EDutNpFn+2a+cr2J Qn+k0aO458V0vNXofpThIPyZppCF6y2ass/LG/RrIx+4XeIhprFzFlmtAoGBAMA4 Wc5GCaPbh+URejTptbE/WCBolUgt6gMDuEMvwVrdRJSP/7HTy5SdCzEExn8S86AY S3TBGq5c5Pa+S8vuGXWaVidsVr4tf50yNTBkmyMazzi8cM+q0BHWFqT5L5+wbfpW ahS+vidFhoF+1jK14Gg4WMVfZubDX4aiRYC44s2FAoGAfgU3/eUpZhKCvDKVtdfD /Mlmlgo7nDwO54g1XTY8ro1RT3Lh32KAfeIsW1/oqulICrAgJI0l9gdnDFTA+MmU Zk1YSBqHJmqpdQLAh3vsyOIU+gP8jRsSnf3eubQqrsmKiaRzytdEtF3/3Af4Tzov P8V2gdxMUW6WWPVZPgUY1r0CgYBoerilnAAFZn/5DITmWdn+W7Xk97Ocpgg6Vz1C l6R7ZSWvso2C9OIFB09b94KE86IkdNAeyA9ekvOJAmpkkCiaeac2inajrEtfADlU 8no4nIviBNs0pV2vNDTeuusd22IL3giO+haVdf7kSDLZIW62d1oY/gAKkktL/MvW aagtmQKBgFQJ8FhBmSU/pkl5cRLEySwFWv/SvK7/VPBB1KDnbqAFC3YV1J2EIghL 7Rq/s93NCBweb97e5SgH/IBPpWnlXzRGL5ApmwXuoPzp7PZokgw7Tv4X8SSjaOmP ITfOx9KgntLukRe860E+CbkBxEhPD+2+GhtXL0d21o4JoS/YQb80 -----END RSA PRIVATE KEY----- ''' self.sshd_rsa_public_key = \ '''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzs9AxmS3r+zeJt01boLhlSvqTW5ITRdnlErZx92HRSDX4OQlGnxZN2wgo5Vjr02jWTfMoabsQW/HkmGZJfEVw+oyPX/41jD4l5PyrXwnM+uG8SYgqE/f7J1b4H7rDw8/a4Qik5L05fshJCCyAnYnYzjxo/ZoCR0CO07rUl6knp35Qe0NwXJFLs//Xv+jVB9ZqUCBt0ulm6rR6C5F51U7o5O6BMu73qDfDtOTvBq0s7QZFK0Y+VdE1HJlbgRHrGdSsbmVsRggJNghIDnItJgFvdNM/J9C/p+UP1IPrhdrySCS0aQMBszHvBroGJEx6yE0z64VEn9mKZwAp1QkzJh/h root@localhost ''' testlib.config_replace(self.sshd_rsa_private_keyfile, self.sshd_rsa_private_key) testlib.config_replace(self.sshd_rsa_private_keyfile + ".pub", self.sshd_rsa_public_key) self._restart_daemon() # create a user to log in via ssh self.user = testlib.TestUser() self.other_user = testlib.TestUser() self._create_ssh_dir(self.user) self._create_ssh_dir(self.other_user)
def setUp(self): '''Set up prior to each test_* function''' self.daemon = testlib.TestDaemon("/etc/init.d/cron") self.daemon.restart() self.tmpdir = tempfile.mkdtemp(prefix='testlib', dir='/tmp') self.seconds = 130 self.spooldir = "/var/spool/cron/crontabs" self.script = os.path.join(self.tmpdir, "test.sh") self.cronfile = os.path.join(self.tmpdir, "test.cron") self.works = os.path.join(self.tmpdir, "it_works") contents = '''#!/bin/sh set -e touch %s ''' % (self.works) testlib.create_fill(self.script, contents, mode=0755) contents = "*/1 * * * * %s\n" % (self.script) testlib.create_fill(self.cronfile, contents) self.user = testlib.TestUser() #group='users',uidmin=2000,lower=True) os.chown(os.path.dirname(self.works), self.user.uid, self.user.gid)
def setUp(self): '''Set up prior to each test_* function''' self.update_exim4_conf = "/etc/exim4/update-exim4.conf.conf" self.exim4_conf_template = "/etc/exim4/exim4.conf.template" self.exim4_passwd = "/etc/exim4/passwd" self.exim4_trusted = "/etc/exim4/trusted_configs" self.exim4_spool = "/var/spool/exim4" self.exim4_hack_conf = "/var/spool/exim4/e.conf" self.exim4_hack_setuid = "/var/spool/exim4/setuid" self.exim4_panic_log = "/var/log/exim4/paniclog" self.had_system_exim4_passwd = False self.port = 25 # TODO: different port (2525?) self.domain = "example.com" testlib.config_replace(self.exim4_trusted, "", append=True) self.user = testlib.TestUser(lower=True) self.s = None # Silently allow for this connection to fail, to handle the # initial setup of the exim4 server. try: self.s = smtplib.SMTP('localhost', port=self.port) except: pass
def test_zz_CVE_2010_0442(self): '''Test CVE-2010-0442''' self.user = testlib.TestUser() self.testuser = self.user.login self.testdb = "%s_db" % (self.testuser) self._create_user(self.testuser, self.user.password) self._create_db(self.testdb, self.testuser) import pg self.pgcnx = pg.connect(dbname=self.testdb, host='127.0.0.1', user=self.testuser, passwd=self.user.password) rc, result = self.daemon.status() try: q = self.pgcnx.query( "SELECT substring(B'10101010101010101010101010101010101010101010101',33,-15);" ) except: # Natty and older calculate the string length, and return a # result. Oneiric and newer actually error out if the length # is specified as negative. if self.lsb_release['Release'] < 11.10: self.assertTrue( False, "SELECT returned with error (likely vulnerable)") else: self.assertTrue(True, "SELECT should have returned an error!")
def test_user_filter_regression(self): '''Test CVE-2010-4345 user filter regression''' # See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611572 forward_user = testlib.TestUser(lower=True) self._write_forward( forward_user, '''# Exim filter if $header_subject: contains "Ubuntu" or $header_subject: contains "Rocks" then save $home/mail/ubunturocks endif ''') rc, report = testlib.cmd([ 'sudo', '-u', forward_user.login, '/bin/bash', '-c', 'echo "" | /usr/sbin/exim4 -bf /home/' + forward_user.login + '/.forward' ]) expected = 0 result = 'Got exit code %d, expected %d\n' % (rc, expected) self.assertEquals(expected, rc, result + report) self.assertTrue("Normal delivery will occur" in report, "Didn't find 'Normal deliver will occur'") self.assertFalse("Operation not permitted" in report, "Found 'Operation not permitted'")
def test_pygresql_escape_string(self): '''Test pygresql (escape strings)''' self.user = testlib.TestUser() self.testuser = self.user.login self.testdb = "pygresql_db" self._create_user(self.testuser, self.user.password) self._create_db(self.testdb, self.testuser) import pg self.pgcnx = pg.connect(dbname=self.testdb, host='127.0.0.1', user=self.testuser, passwd=self.user.password) search = "''" warning = 'Could not find "%s"\n' % search self.assertTrue(pg.escape_string("'") == search, warning) # fix for CVE-2009-2940 added this search = "''" warning = 'Could not find "%s"\n' % search try: self.assertTrue(self.pgcnx.escape_string("'") == search, warning) except AttributeError: warning = 'CVE-2009-2940: Could not find required pyobj.escape_string()' self.assertTrue(False, warning)
def test_basic_install(self): '''Test basic install''' # taken from http://testcases.qa.ubuntu.com/Install/ServerWhole self.user = testlib.TestUser() self.testuser = self.user.login self.testdb = "%s_db" % (self.testuser) print "" print " List databases" (rc, report) = testlib.cmd(['sudo', '-u', 'postgres', 'psql', '-l']) expected = 0 result = 'Got exit code %d, expected %d\n' % (rc, expected) self.assertEquals(expected, rc, result + report) for search in ['List of databases', 'template0']: result = "Could not find '%s' in report\n" % (search) self.assertTrue(search in report, result + report) print " Create user" self._create_user(self.testuser) print " Create database" self._create_db(self.testdb, self.testuser) print " Connect to database as user" (rc, report) = testlib.cmd([ 'sudo', '-u', self.testuser, 'psql', '-d', self.testdb, '-c', '\du' ]) expected = 0 result = 'Got exit code %d, expected %d\n' % (rc, expected) self.assertEquals(expected, rc, result + report) for search in ['List of roles', self.testuser]: result = "Could not find '%s' in report\n" % (search) self.assertTrue(search in report, result + report)
def setUp(self): '''Set up prior to each test_* function''' self.user = testlib.TestUser() # Lucid fails to verify signatures, not sure why # skip importing the key so example rpms are still installable if self.lsb_release['Release'] > 10.04: self._import_key()
def setUp(self): '''Set up prior to each test_* function''' self.topdir = os.getcwd() self.cached_src = os.path.join(self.topdir, "source") self.tmpdir = tempfile.mkdtemp(prefix='libjpegturbo', dir='/tmp') self.builder = testlib.TestUser() testlib.cmd(['chgrp', self.builder.login, self.tmpdir]) os.chmod(self.tmpdir, 0775) self.patch_system = "quiltv3"
def setUp(self): '''Set up prior to each test_* function''' # Dovecot in quantal+ doesn't like mixed-case usernames self.user = testlib.TestUser(lower=True) self.dovecot = testlib_dovecot.Dovecot(self, self.user) self.rubyscript = tempfile.NamedTemporaryFile(suffix='.rb', prefix='imap-test-') os.chmod(self.rubyscript.name, 0700) self.hostname = self.yank_commonname_from_cert(self.dovecot.get_cert()) self._remove_snakeoil_symlinks()
def test_droppriv(self): '''Test dropped privs''' self.user = testlib.TestUser() #group='users',uidmin=2000,lower=True) rc, report = testlib.cmd(self.common_args + ['-Z', self.user.login]) expected = 0 result = 'Got exit code %d\n' % (rc) self.assertTrue(rc == expected, result + report) reg = '^\d\d:\d\d:\d\d\.\d{6} ' self._regex_find(reg, report)
def setUp(self): '''Set up prior to each test_* function''' self.mailman_daemon = testlib.TestDaemon("/etc/init.d/mailman") self.mailman_cfg = '/etc/mailman/mm_cfg.py' self.mailman_aliases = '/var/lib/mailman/data/aliases' self.mailman_pid = '/var/run/mailman/mailman.pid' self.postfix_daemon = testlib.TestDaemon("/etc/init.d/postfix") self.postfix_mastercf = '/etc/postfix/master.cf' self.postfix_maincf = '/etc/postfix/main.cf' self.postfix_transport = '/etc/postfix/transportqrt' self.postfix_aliases = '/etc/aliases' self.ports_file = "/etc/apache2/ports.conf" self.mailman_site = "/etc/apache2/sites-enabled/mailman" self.tempdir = tempfile.mkdtemp() if self.lsb_release['Release'] >= 12.10: self.default_site = "/etc/apache2/sites-available/000-default.conf" else: self.default_site = "/etc/apache2/sites-available/default" if self.lsb_release['Release'] >= 13.10: self.apache_pid = "/var/run/apache2/apache2.pid" else: self.apache_pid = "/var/run/apache2.pid" self.cj = cookielib.LWPCookieJar() self.opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(self.cj)) # Make sure daemons are stopped before we begin self.postfix_daemon.stop() self.mailman_daemon.stop() testlib.config_replace(self.mailman_aliases, "", append=True) testlib.config_set(self.mailman_cfg,'MTA',"'Postfix'") subprocess.call(['/usr/lib/mailman/bin/genaliases'], stdout=subprocess.PIPE) subprocess.call(['chown', 'root:list', self.mailman_aliases]) # Is this a packaging mistake? subprocess.call(['chown', 'list:list', '/var/lib/mailman/archives/private']) self._zap_lists() subprocess.call(['/usr/sbin/newlist', '-q', '*****@*****.**', '*****@*****.**' ,'ubuntu'], stdout=subprocess.PIPE) self._setUp_postfix() self._setUp_apache() self.mailman_daemon.restart() self.user = testlib.TestUser(lower=True) self.s = None # Silently allow for this connection to fail, to handle the # initial setup of the postfix server. try: self.s = smtplib.SMTP('localhost', port=25) except: pass
def setUp(self): '''Set up prior to each test_* function''' self.tmpdir = tempfile.mkdtemp(prefix='testlib', dir='/tmp') self.topdir = os.getcwd() self.cached_src = os.path.join(self.topdir, "source") self.patch_system = None self.builder = testlib.TestUser( ) #group='users',uidmin=2000,lower=True) self.tmpdir = tempfile.mkdtemp(prefix='testlib', dir='/tmp') testlib.cmd(['chgrp', self.builder.login, self.tmpdir]) os.chmod(self.tmpdir, 0775)
def setUp(self): '''Set up prior to each test_* function''' # list of files that we update self.conf_files = [ '/etc/postfix/master.cf', '/etc/postfix/main.cf', '/etc/default/saslauthd', '/etc/postfix/sasl/smtpd.conf', '/etc/sasldb2'] self.user = testlib.TestUser(lower=True) self.s = None # Silently allow for this connection to fail, to handle the # initial setup of the postfix server. try: self.s = smtplib.SMTP('localhost', port=2525) except: pass
def test_freshclam(self): '''Test freshclam''' self.user = testlib.TestUser() #group='users',uidmin=2000,lower=True) self.tmpdir = tempfile.mkdtemp(prefix='testlib', dir='/var/lib/clamav') testlib.cmd(['chown', self.user.login, self.tmpdir]) logfile = os.path.join(self.tmpdir, "freshclam.log") rc, report = testlib.cmd([ 'sudo', '-u', self.user.login, 'freshclam', '--log=%s' % (logfile), '--datadir=%s' % (self.tmpdir) ]) expected = 0 result = 'Got exit code %d\n' % (rc) self.assertTrue(rc == expected, result + report)
def setUp(self): '''Set up prior to each test_* function''' self.topdir = os.getcwd() self.cached_src = os.path.join(self.topdir, "source") self.tmpdir = tempfile.mkdtemp(prefix='testlib', dir='/tmp') self.builder = testlib.TestUser() testlib.cmd(['chgrp', self.builder.login, self.tmpdir]) os.chmod(self.tmpdir, 0775) self.patch_system = "quiltv3" if self.lsb_release['Release'] < 10.10: self.patch_system = "quilt" # Some tests needs tools that are built but not shipped in packages so # let's keep the build_dir around for them self.cached_build_topdir = os.path.join(self.topdir, "build")
def test_devices(self): '''Test devices''' self.unpriv_user = testlib.TestUser() client = os.path.abspath('./usbmuxd/usbmux.py') # TODO: would be nice to plug in a device during this time and check # for it rc, report = testlib.cmd( ['su', '-', self.unpriv_user.login, '-c', client]) expected = 0 self.assertEquals(expected, rc, "Got error code '%d':\n%s" % (rc, report)) for s in ['Waiting for devices', 'Devices:']: result = "Could not find '%s' in report:\n%s" % (s, report) self.assertTrue(s in report, result)
def setUp(self): tmpfd, self.tmppath = tempfile.mkstemp(prefix='fetchmail-test') self.user = testlib.TestUser() # use NULL-byte certs self.certs = tempfile.mkdtemp(prefix='dovecot-certs-') self.cert_pub = self.certs + '/public.pem' self.cert_key = self.certs + '/private.pem' self.assertShellExitEquals( 0, ['fetchmail/null-snakeoil.py', self.cert_pub, self.cert_key]) self.dovecot = testlib_dovecot.Dovecot(self, self.user, cert_pub=self.cert_pub, cert_key=self.cert_key) self.hostname = self.yank_commonname_from_cert( self.dovecot.get_cert()).split('\x00')[0]
def test_pygresql_escape_bytea(self): '''Test pygresql (escape bytea)''' if self.lsb_release['Release'] == 6.06: return self._skipped("functions don't exist in Dapper") self.user = testlib.TestUser() self.testuser = self.user.login self.testdb = "pygresql_db" self._create_user(self.testuser, self.user.password) self._create_db(self.testdb, self.testuser) import pg self.pgcnx = pg.connect(dbname=self.testdb, host='127.0.0.1', user=self.testuser, passwd=self.user.password) binary = file('/bin/ls', 'rb').read() escaped = pg.escape_bytea(binary) search = "Usage: " warning = 'Could not find "%s"\n' % search self.assertTrue(search in escaped, warning) search = "\\\\000" warning = 'Could not find "%s"\n' % search self.assertTrue(search in escaped, warning) # The following extra tests don't work on Oneiric+ if self.lsb_release['Release'] >= 11.10: return # fix for CVE-2009-2940 added this try: escaped = self.pgcnx.escape_bytea(binary) except AttributeError: warning = 'CVE-2009-2940: Could not find required pyobj.escape_bytea()' self.assertTrue(False, warning) search = "Usage: " warning = 'Could not find "%s"\n' % search self.assertTrue(search in escaped, warning) search = "\\\\000" warning = 'Could not find "%s"\n' % search self.assertTrue(search in escaped, warning)
def setUp(self): '''Set up prior to each test_* function''' self.user = testlib.TestUser() self.user_testfile = os.path.join(self.user.home, "testfile") self.user_teststring = "Ubuntu rocks!" testlib.create_fill(self.user_testfile, self.user_teststring) self.vsftpd_conf = "/etc/vsftpd.conf" testlib.config_set(self.vsftpd_conf,'write_enable','YES', spaces=False) testlib.config_set(self.vsftpd_conf,'local_enable','YES', spaces=False) self.tempdir = tempfile.mkdtemp(dir='/tmp',prefix="vsftpd-") self.daemon = testlib.TestDaemon("/etc/init.d/vsftpd") self.daemon.restart() self.current_dir = os.getcwd()
def setUp(self): '''Set up prior to each test_* function''' self.daemon = testlib.TestDaemon("/etc/init.d/apport") self.defaults = "/etc/default/apport" self.core_pattern = "/proc/sys/kernel/core_pattern" self.tmpdir = tempfile.mkdtemp(dir='/tmp') self.crashdir = "/var/crash" self.user = testlib.TestUser() #group='users',uidmin=2000,lower=True) testlib.cmd(['adduser', self.user.login, 'adm']) testlib.cmd(['adduser', self.user.login, 'admin']) # needed by some tests self.test_dir = os.path.join(self.crashdir, "testlib-dir") self.test_empty = os.path.join(self.crashdir, "testlib.empty") self.test_old = os.path.join(self.crashdir, "testlib.old") # we need a program that is in a package here, for apport to generate # a report self.test_exec = "/usr/bin/free" self.test_exec_bak = "/usr/bin/free.testlib" self.test_exec_report = os.path.join(self.crashdir, "_usr_bin_free") # name this, but don't create it self.test_file = os.path.join(self.crashdir, "testlib-file") testlib.create_fill(self.test_empty, '') os.chown(self.test_empty, self.user.uid, self.user.gid) testlib.create_fill(self.test_old, 'stuff') subprocess.call(['touch', '-t', '200601010000', self.test_old]) os.chown(self.test_old, self.user.uid, self.user.gid) os.mkdir(self.test_dir) os.chown(self.test_dir, self.user.uid, self.user.gid) # The location of the test-runner changed in karmic(?) if os.path.exists("/usr/share/apport/testsuite/run-tests"): self.testsuite = "/usr/share/apport/testsuite/run-tests" else: self.testsuite = "/usr/share/apport/testsuite/run" # Vivid no longer ships the test suite if self.lsb_release['Release'] >= 15.04: self.testsuite = None self.apt_sources = "/etc/apt/sources.list"
def test_20_environment_leak(self): '''Does not leak DB_CONFIG contents (CVE-2010-0826)''' user = testlib.TestUser() try: line1 = file('/etc/shadow').read().splitlines()[0].split(":")[0] tmpdir = tempfile.mkdtemp(prefix='dbleak-') os.chdir(tmpdir) os.chown(tmpdir, user.uid, user.gid) self.assertShellExitEquals(0, [ 'sudo', '-u', user.login, "ln", "-s", "/etc/shadow", 'DB_CONFIG' ]) rc, output = testlib.cmd(['sudo', '-u', user.login, "sudo"]) self.assertTrue('incorrect name-value pair' not in output, output) self.assertTrue(line1 not in output, output) finally: os.chdir('/') shutil.rmtree(tmpdir)
def setUp(self): '''Set up prior to each test_* function''' self.secret = "UbuntuRocks!" self.opiekeys = "/etc/opiekeys" self.opie_pam = "/etc/pam.d/opie" self.long_username = "******" # If there's no database file, create one so it gets purged # properly when the test script ends. if not os.path.exists(self.opiekeys): subprocess.call(['touch', self.opiekeys]) testlib.config_replace(self.opiekeys, "") # Create the pam config file open(self.opie_pam, 'w').write('''auth sufficient pam_unix.so auth sufficient pam_opie.so auth required pam_deny.so ''') # Create a system user with an opie key self.user = testlib.TestUser() (self.opie_user, self.opie_seq, self.opie_seed) = self._create_opie()
def setUp(self): '''Set up prior to each test_* function''' self.daemon = testlib.TestDaemon("/etc/init.d/freeradius") self.tmpdir = tempfile.mkdtemp(prefix='freeradius-', dir='/tmp') self.auth_approved = "code 2" self.auth_denied = "code 3" # Add a default user self.users_file = "/etc/freeradius/users" self.test_user = "******" self.test_pass = "******" config_line = '%s Cleartext-Password := "******"' % (self.test_user, self.test_pass) testlib.config_replace(self.users_file, config_line, append=True) # Enable Unix auth self.default_site = "/etc/freeradius/sites-available/default" testlib.config_replace(self.default_site, "", append=True) subprocess.call(['sed', '-i', 's/^#\tunix/\tunix/', self.default_site]) # Create a test user self.user = testlib.TestUser() self._restart_daemon()
def test_10_sending_mail_forward_normal(self): '''Mail delivered via .forward''' forward_user = testlib.TestUser(lower=True) self._write_forward(forward_user, self.user.login+'\n') self._test_roundtrip_mail(forward_user, self.user)
def setUp(self): '''Set up prior to each test_* function''' # Create a system user key self.user = testlib.TestUser()
def _test_zz_testsuite(self): '''Test testsuite''' if self.lsb_release['Release'] < 11.04: return self._skipped("testsuite doesn't work on this release") self.cached_src = os.path.join(self.topdir, "source") self.patch_system = None self.builder = testlib.TestUser( ) #group='users',uidmin=2000,lower=True) testlib.cmd(['chgrp', self.builder.login, self.tmpdir]) os.chmod(self.tmpdir, 0775) build_dir = testlib.prepare_source('apt', \ self.builder, \ self.cached_src, \ os.path.join(self.tmpdir, \ os.path.basename(self.cached_src)), \ self.patch_system) os.chdir(build_dir) print "" # print " clean" # rc, report = testlib.cmd(['sudo', '-u', self.builder.login, 'fakeroot', 'debian/rules', 'clean']) # expected = 0 # result = 'Got exit code %d, expected %d\n' % (rc, expected) # self.assertEquals(expected, rc, result + report) print " build" rc, report = testlib.cmd([ 'sudo', '-u', self.builder.login, 'fakeroot', 'debian/rules', 'build' ]) expected = 0 result = 'Got exit code %d, expected %d\n' % (rc, expected) self.assertEquals(expected, rc, result + report) # Only Precise and higher have a usable testsuite print " tests", if self.lsb_release['Release'] < 12.04: print "(skipped in this release)" else: print "" rc, report = testlib.cmd( ['sudo', '-u', self.builder.login, 'make', 'test']) expected = 0 result = 'Got exit code %d, expected %d\n' % (rc, expected) self.assertEquals(expected, rc, result + report) failure_txt = "" for line in report.splitlines(): if "FAIL" in line: failure_txt += line + "\n" self.assertTrue( failure_txt == "", "Found failures in report:\n%s\nLines with failures:\n%s" % (report, failure_txt)) # Only Natty and higher have integration tests print " integration tests", if self.lsb_release['Release'] < 11.04: print "(skipped in this release)" else: print "" testlib.cmd([ 'sudo', '-H', '-u', self.builder.login, 'mkdir', '-m', '0700', os.path.join("/home", self.builder.login, ".gnupg") ]) if self.lsb_release['Release'] >= 12.04: rc, report = testlib.cmd([ 'sudo', '-H', '-u', self.builder.login, 'make', '-C', 'test/integration', 'test' ]) else: os.chdir(os.path.join(build_dir, 'test', 'integration')) rc, report = testlib.cmd( ['sudo', '-H', '-u', self.builder.login, './run-tests']) expected = 0 result = 'Got exit code %d, expected %d\n' % (rc, expected) self.assertEquals(expected, rc, result + report) # Attempt to parse test output of the form (as seen by pyunit, not # terminal output): # Testcase test-apt-get-autoremove: P P P P P P P P P P P # Testcase test-apt-get-changelog: P P P P P # -E: changelog download failed # +E: changelog for this version is not (yet) available; try https://launchpad.net/ubuntu/+source/apt/+changelog # ###FAILED### # ... efails = ['test-apt-key-net-update:'] # LP: #1013639 efails = [] if self.lsb_release['Release'] >= 12.04: efails += [ 'test-apt-get-changelog:', 'test-bug-593360-modifiers-in-names:', 'test-bug-601016-description-translation:', 'test-bug-612099-multiarch-conflicts:', 'test-bug-64141-install-dependencies-for-on-hold:', 'test-conflicts-loop:', 'test-ubuntu-bug-859188-multiarch-reinstall:', ] elif self.lsb_release['Release'] == 11.10: efails += [ 'test-apt-get-changelog:', 'test-apt-get-download:', 'test-bug-407511-fail-invalid-default-release:', 'test-bug-470115-new-and-tighten-recommends:', 'test-bug-549968-install-depends-of-not-installed:', 'test-bug-590041-prefer-non-virtual-packages:', 'test-bug-601016-description-translation:', 'test-bug-612099-multiarch-conflicts:', 'test-bug-618288-multiarch-same-lockstep:', 'test-bug-632221-cross-dependency-satisfaction:', 'test-bug-64141-install-dependencies-for-on-hold:', 'test-compressed-indexes:', 'test-disappearing-packages:', 'test-handling-broken-orgroups:', 'test-release-candidate-switching:', 'test-ubuntu-bug-802901-multiarch-early-remove:', 'test-ubuntu-bug-806274-install-suggests:', 'test-ubuntu-bug-835625-multiarch-lockstep-installed-first:', ] elif self.lsb_release['Release'] == 11.04: efails += [ 'test-bug-590041-prefer-non-virtual-packages:', 'test-bug-595691-empty-and-broken-archive-files:', 'test-bug-601016-description-translation:', 'test-bug-64141-install-dependencies-for-on-hold:', 'test-compressed-indexes:', 'test-disappearing-packages:', 'test-pdiff-usage:', ] failure_txt = "" testcase_txt = "" in_testcase = False for line in report.splitlines(): testcase_txt += line + "\n" if line.startswith("Testcase"): in_testcase = True testcase_txt = line + "\n" continue elif in_testcase and '###FAILED###' in line: ex_fail = False for e in efails: if e in testcase_txt.splitlines()[0]: ex_fail = True break if not ex_fail: testcase_txt += line + "\n" failure_txt += testcase_txt + "\n" self.assertTrue( failure_txt == "", "Found failures in report:\n%s\nLines with failures:\n%s" % (report, failure_txt))
def test_permissions(self): '''Test permissions/ownership''' def file_access(path, username, mode, needs_access): '''Determine if user has read, write or execute access to the file. ''' if mode == "read": rc, report = testlib.cmd( ['su', '-c', 'cat %s' % path, username]) elif mode == "write": rc, report = testlib.cmd( ['su', '-c', 'echo "# has write" > %s' % path, username]) f = open(path) report = f.read() f.close() elif mode == "execute": rc, report = testlib.cmd(['su', '-c', path, username]) else: print "Unsupported mode '%s'" % mode # debugging #ls_rc, ls_report = testlib.cmd(['ls', '-l', path]) #print " DEBUG: rc=%d,mode=%s,user=%s,access=%s,report=%s" % (rc, mode, username, needs_access, ls_report.strip()) #print " DEBUG: %s" % (open(path).read()) expected = 0 result = 'Got exit code %d\n' % (rc) if needs_access: self.assertTrue(expected == rc, result + report) else: self.assertFalse(expected == rc, result + report) search = "# has %s" % mode result = "Couldn't find '%s' in report" % search if needs_access: self.assertTrue(search in report, result + report) else: self.assertFalse(search in report, result + report) def dir_access(path, username, mode, needs_access): '''Determine if user has read, write or execute access to the directory.''' if mode == "read": rc, report = testlib.cmd( ['su', '-c', 'ls %s' % path, username]) elif mode == "write": rc, report = testlib.cmd([ 'su', '-c', 'touch %s' % os.path.join(path, "testme"), username ]) testlib.cmd([ 'su', '-c', 'rm -f %s' % os.path.join(path, "testme"), username ]) elif mode == "execute": rc, report = testlib.cmd( ['su', '-c', 'cat %s' % path, username]) else: print "Unsupported mode '%s'" % mode # debugging #ls_path = path #if not os.path.isdir(path): # ls_path = os.path.dirname(path) #ls_rc, ls_report = testlib.cmd(['ls', '-ld', ls_path]) #print " DEBUG: rc=%d,mode=%s,user=%s,access=%s,report=%s" % (rc, mode, username, needs_access, ls_report.strip()) expected = 0 result = 'Got exit code %d\n' % (rc) if needs_access: self.assertTrue(expected == rc, result + report) else: self.assertFalse(expected == rc, result + report) if mode == "execute": search = "# has" result = "Couldn't find '%s' in report" % search if needs_access: self.assertTrue(search in report, result + report) else: self.assertFalse(search in report, result + report) self._create_fs() self.user = testlib.TestUser() self.user2 = testlib.TestUser() dir = os.path.join(self.mnt, "foo") os.mkdir(dir) fn = os.path.join(dir, "bar") rc, report = testlib.cmd(['chmod', '-R', 'a+rX', self.tmpdir]) expected = 0 result = 'Got exit code %d, expected %d\n' % (rc, expected) self.assertEquals(expected, rc, result + report) print "" print " file:" # The idea here is to have self.user access the file. The file's # ownership is adjusted to self.user2 accordingly. for j in ['o', 'g', 'u']: for i in ['rx', 'w', 'r', '']: # need 'rx' instead of just 'x' for a script # reset the file contents, ownership, and permissions each time f = open(fn, 'w') f.write( "#!/bin/sh\n# has read\necho -n '#' ; echo ' has execute'\n" ) f.close() rc, report = testlib.cmd([ 'chown', "%s:%s" % (self.user2.login, self.user2.login), fn ]) expected = 0 result = 'Got exit code %d, expected %d\n' % (rc, expected) self.assertEquals(expected, rc, result + report) rc, report = testlib.cmd(['chmod', "0000", fn]) expected = 0 result = 'Got exit code %d, expected %d\n' % (rc, expected) self.assertEquals(expected, rc, result + report) # set new permissions p = "%s=%s" % (j, i) print " %s" % p rc, report = testlib.cmd(['chmod', p, fn]) expected = 0 result = 'Got exit code %d, expected %d\n' % (rc, expected) self.assertEquals(expected, rc, result + report) if j == 'u' or j == 'g': file_access(fn, self.user.login, 'read', False) file_access(fn, self.user.login, 'write', False) file_access(fn, self.user.login, 'execute', False) if j == 'u': # set owner rc, report = testlib.cmd( ['chown', "%s" % (self.user.login), fn]) expected = 0 result = 'Got exit code %d, expected %d\n' % (rc, expected) self.assertEquals(expected, rc, result + report) elif j == 'g': rc, report = testlib.cmd( ['chgrp', self.user.login, fn]) expected = 0 result = 'Got exit code %d, expected %d\n' % (rc, expected) self.assertEquals(expected, rc, result + report) file_access(fn, self.user.login, 'read', 'r' in i) file_access(fn, self.user.login, 'execute', 'x' in i) # 'write' must be last since it overwrites the file file_access(fn, self.user.login, 'write', 'w' in i) rc, report = testlib.cmd(['chmod', "0777", fn]) expected = 0 result = 'Got exit code %d, expected %d\n' % (rc, expected) self.assertEquals(expected, rc, result + report) f = open(fn, 'w') f.write("#!/bin/sh\n# has read\necho -n '#' ; echo ' has execute'\n") f.close() print " directory:" for j in ['o', 'g', 'u']: for i in ['r', 'wx', 'x', '']: # reset each time rc, report = testlib.cmd(['chmod', "0000", dir]) expected = 0 result = 'Got exit code %d, expected %d\n' % (rc, expected) self.assertEquals(expected, rc, result + report) rc, report = testlib.cmd([ 'chown', "%s:%s" % (self.user2.login, self.user2.login), dir ]) expected = 0 result = 'Got exit code %d, expected %d\n' % (rc, expected) self.assertEquals(expected, rc, result + report) # set new permissions p = "%s=%s" % (j, i) print " %s" % p rc, report = testlib.cmd(['chmod', p, dir]) expected = 0 result = 'Got exit code %d, expected %d\n' % (rc, expected) self.assertEquals(expected, rc, result + report) if j == 'u' or j == 'g': dir_access(dir, self.user.login, 'read', False) dir_access(dir, self.user.login, 'write', False) dir_access(fn, self.user.login, 'execute', False) if j == 'u': # set owner rc, report = testlib.cmd( ['chown', "%s" % (self.user.login), dir]) expected = 0 result = 'Got exit code %d, expected %d\n' % (rc, expected) self.assertEquals(expected, rc, result + report) elif j == 'g': rc, report = testlib.cmd( ['chgrp', self.user.login, dir]) expected = 0 result = 'Got exit code %d, expected %d\n' % (rc, expected) self.assertEquals(expected, rc, result + report) dir_access(dir, self.user.login, 'read', 'r' in i) dir_access(dir, self.user.login, 'write', 'w' in i) dir_access(fn, self.user.login, 'execute', 'x' in i)