def setUp(self): self.admin = credentials.UsernamePassword("admin", "asdf") self.alice = credentials.UsernamePassword("alice", "foo") self.badPass = credentials.UsernamePassword("alice", "foobar") self.badUser = credentials.UsernamePassword("x", "yz") self.checker = strcred.makeChecker("unix") self.adminBytes = credentials.UsernamePassword(b"admin", b"asdf") self.aliceBytes = credentials.UsernamePassword(b"alice", b"foo") self.badPassBytes = credentials.UsernamePassword(b"alice", b"foobar") self.badUserBytes = credentials.UsernamePassword(b"x", b"yz") self.checkerBytes = strcred.makeChecker("unix") # Hack around the pwd and spwd modules, since we can't really # go about reading your /etc/passwd or /etc/shadow files if pwd: database = UserDatabase() for username, password in self.users.items(): database.addUser( username, crypt.crypt(password, "F/"), 1000, 1000, username, "/home/" + username, "/bin/sh", ) self.patch(pwd, "getpwnam", database.getpwnam) if spwd: self.patch(spwd, "getspnam", self._spwd_getspnam)
def test_warnWithBadFilename(self): """ When the file auth plugin is given a file that doesn't exist, it should produce a warning. """ oldOutput = cred_file.theFileCheckerFactory.errorOutput newOutput = StringIO.StringIO() cred_file.theFileCheckerFactory.errorOutput = newOutput strcred.makeChecker('file:' + self._fakeFilename()) cred_file.theFileCheckerFactory.errorOutput = oldOutput self.assertIn(cred_file.invalidFileWarning, newOutput.getvalue())
def test_warnWithBadFilename(self): """ When the file auth plugin is given a file that doesn't exist, it should produce a warning. """ oldOutput = cred_file.theFileCheckerFactory.errorOutput newOutput = NativeStringIO() cred_file.theFileCheckerFactory.errorOutput = newOutput strcred.makeChecker('file:' + self._fakeFilename()) cred_file.theFileCheckerFactory.errorOutput = oldOutput self.assertIn(cred_file.invalidFileWarning, newOutput.getvalue())
def get_www(): from buildbot.plugins import util from twisted.cred import strcred import private return dict( port = "unix:/home/buildbot/buildbot.sock", plugins = dict( waterfall_view = {}, console_view = {}, grid_view = {}, badges = {} ), auth = util.GitHubAuth( private.github_client_id, private.github_client_secret, apiVersion = 4, getTeamsMembership = True ), authz = util.Authz( allowRules = [ util.AnyControlEndpointMatcher(role = "SFML") ], roleMatchers = [ util.RolesFromGroups() ] ), change_hook_dialects = {'base': True, 'github' : {}}, change_hook_auth = [strcred.makeChecker("file:changehook.passwd")] )
def setUp(self): self.admin = credentials.UsernamePassword("admin", "asdf") self.alice = credentials.UsernamePassword("alice", "foo") self.badPass = credentials.UsernamePassword("alice", "foobar") self.badUser = credentials.UsernamePassword("x", "yz") self.filename = self.mktemp() FilePath(self.filename).setContent("admin:asdf\nalice:foo\n") self.checker = strcred.makeChecker("file:" + self.filename)
def setUp(self): self.admin = credentials.UsernamePassword(b"admin", b"asdf") self.alice = credentials.UsernamePassword(b"alice", b"foo") self.badPass = credentials.UsernamePassword(b"alice", b"foobar") self.badUser = credentials.UsernamePassword(b"x", b"yz") self.filename = self.mktemp() FilePath(self.filename).setContent(b"admin:asdf\nalice:foo\n") self.checker = strcred.makeChecker("file:" + self.filename)
def test_isChecker(self): """ Verifies that strcred.makeChecker('anonymous') returns an object that implements the L{ICredentialsChecker} interface. """ checker = strcred.makeChecker('anonymous') self.assertTrue(checkers.ICredentialsChecker.providedBy(checker)) self.assertIn(credentials.IAnonymous, checker.credentialInterfaces)
def setUp(self): self.admin = credentials.UsernamePassword('admin', 'asdf') self.alice = credentials.UsernamePassword('alice', 'foo') self.badPass = credentials.UsernamePassword('alice', 'foobar') self.badUser = credentials.UsernamePassword('x', 'yz') self.filename = self.mktemp() FilePath(self.filename).setContent('admin:asdf\nalice:foo\n') self.checker = strcred.makeChecker('file:' + self.filename)
def setUp(self): self.admin = credentials.UsernamePassword(b'admin', b'asdf') self.alice = credentials.UsernamePassword(b'alice', b'foo') self.badPass = credentials.UsernamePassword(b'alice', b'foobar') self.badUser = credentials.UsernamePassword(b'x', b'yz') self.filename = self.mktemp() FilePath(self.filename).setContent(b'admin:asdf\nalice:foo\n') self.checker = strcred.makeChecker('file:' + self.filename)
def makeService(self, options): with open(options.config, "r") as config_file: config = json.load(config_file) root = resource.Resource() root.putChild('jsMath', static.File(config["global"]["jsmath"])) bot = service.MultiService() xmppclient = XMPPClient(JID(config["global"]["jid"]), config["global"]["password"]) xmppclient.logTraffic = options['verbose'] xmppclient.setServiceParent(bot) xmppclient.dbpool = DatabaseRunner(config["global"]["database"]) xmppclient.rooms = dict() xmlrpc_port = config["global"].get("xml-rpc-port", None) if xmlrpc_port is not None: xmlrpcinterface = XMLRPCInterface(xmppclient) rpc = internet.TCPServer(xmlrpc_port, server.Site(xmlrpcinterface)) rpc.setName('XML-RPC') rpc.setServiceParent(bot) for muc_config in config["mucs"]: room_jid = JID(muc_config["jid"]) mucbot = KITBot(room_jid, muc_config.get("password", None), config["global"]["logpath"]) mucbot.setHandlerParent(xmppclient) if "xml-rpc-id" in muc_config: xmppclient.rooms[muc_config["xml-rpc-id"]] = mucbot # Log resource portal = Portal( LogViewRealm(os.path.join(config["global"]['logpath'], room_jid.user + '.log')), [strcred.makeChecker(muc_config["log-auth"])] ) credential_factory = DigestCredentialFactory('md5', 'Hello Kitty!') auth_resource = HTTPAuthSessionWrapper(portal, [credential_factory]) root.putChild(room_jid.user, auth_resource) httpd_log_view = internet.TCPServer(config["global"]["http-port"], server.Site(root)) httpd_log_view.setServiceParent(bot) # REPL over SSH def makeREPLProtocol(): namespace = dict(bot=xmppclient) return insults.ServerProtocol(manhole.ColoredManhole, namespace) repl_realm = manhole_ssh.TerminalRealm() repl_realm.chainedProtocolFactory = makeREPLProtocol repl_checker = checkers.SSHPublicKeyDatabase() repl_portal = Portal(repl_realm, [repl_checker]) repl_factory = manhole_ssh.ConchFactory(repl_portal) repl = internet.TCPServer(config["global"]["ssh-port"], repl_factory) repl.setServiceParent(bot) return bot
def test_isChecker(self): """ Verifies that strcred.makeChecker('sshkey') returns an object that implements the L{ICredentialsChecker} interface. """ sshChecker = strcred.makeChecker('sshkey') self.assertTrue(checkers.ICredentialsChecker.providedBy(sshChecker)) self.assertIn( credentials.ISSHPrivateKey, sshChecker.credentialInterfaces)
def test_isChecker(self): """ Verifies that strcred.makeChecker('sshkey') returns an object that implements the L{ICredentialsChecker} interface. """ sshChecker = strcred.makeChecker('sshkey') self.assertTrue(checkers.ICredentialsChecker.providedBy(sshChecker)) self.assertIn(credentials.ISSHPrivateKey, sshChecker.credentialInterfaces)
def testAnonymousAccessSucceeds(self): """ Test that we can log in anonymously using this checker. """ checker = strcred.makeChecker('anonymous') request = checker.requestAvatarId(credentials.Anonymous()) def _gotAvatar(avatar): self.assertIdentical(checkers.ANONYMOUS, avatar) return request.addCallback(_gotAvatar)
def setUp(self): self.admin = credentials.UsernamePassword('admin', 'asdf') self.alice = credentials.UsernamePassword('alice', 'foo') self.badPass = credentials.UsernamePassword('alice', 'foobar') self.badUser = credentials.UsernamePassword('x', 'yz') self.checker = strcred.makeChecker('unix') self.adminBytes = credentials.UsernamePassword(b'admin', b'asdf') self.aliceBytes = credentials.UsernamePassword(b'alice', b'foo') self.badPassBytes = credentials.UsernamePassword(b'alice', b'foobar') self.badUserBytes = credentials.UsernamePassword(b'x', b'yz') self.checkerBytes = strcred.makeChecker('unix') # Hack around the pwd and spwd modules, since we can't really # go about reading your /etc/passwd or /etc/shadow files if pwd: database = UserDatabase() for username, password in self.users.items(): database.addUser(username, crypt.crypt(password, 'F/'), 1000, 1000, username, '/home/' + username, '/bin/sh') self.patch(pwd, 'getpwnam', database.getpwnam) if spwd: self.patch(spwd, 'getspnam', self._spwd_getspnam)
def setUp(self): self.admin = credentials.UsernamePassword('admin', 'asdf') self.alice = credentials.UsernamePassword('alice', 'foo') self.badPass = credentials.UsernamePassword('alice', 'foobar') self.badUser = credentials.UsernamePassword('x', 'yz') self.checker = strcred.makeChecker('unix') # Hack around the pwd and spwd modules, since we can't really # go about reading your /etc/passwd or /etc/shadow files if pwd: self._pwd_getpwnam = pwd.getpwnam pwd.getpwnam = self._pwd if spwd: self._spwd_getspnam = spwd.getspnam spwd.getspnam = self._spwd
def setUp(self): self.admin = credentials.UsernamePassword('admin', 'asdf') self.alice = credentials.UsernamePassword('alice', 'foo') self.badPass = credentials.UsernamePassword('alice', 'foobar') self.badUser = credentials.UsernamePassword('x', 'yz') self.checker = strcred.makeChecker('unix') # Hack around the pwd and spwd modules, since we can't really # go about reading your /etc/passwd or /etc/shadow files if pwd: database = UserDatabase() for username, password in self.users.items(): database.addUser( username, crypt.crypt(password, 'F/'), 1000, 1000, username, '/home/' + username, '/bin/sh') self.patch(pwd, 'getpwnam', database.getpwnam) if spwd: self._spwd_getspnam = spwd.getspnam spwd.getspnam = self._spwd
def setUp(self): self.admin = credentials.UsernamePassword("admin", "asdf") self.alice = credentials.UsernamePassword("alice", "foo") self.badPass = credentials.UsernamePassword("alice", "foobar") self.badUser = credentials.UsernamePassword("x", "yz") self.checker = strcred.makeChecker("unix") # Hack around the pwd and spwd modules, since we can't really # go about reading your /etc/passwd or /etc/shadow files if pwd: database = UserDatabase() for username, password in self.users.items(): database.addUser( username, crypt.crypt(password, "F/"), 1000, 1000, username, "/home/" + username, "/bin/sh" ) self.patch(pwd, "getpwnam", database.getpwnam) if spwd: self._spwd_getspnam = spwd.getspnam spwd.getspnam = self._spwd
def test_setupSiteWithHookAndAuth(self): fn = self.mktemp() with open(fn, 'w') as f: f.write("user:pass") new_config = self.makeConfig( port=8080, plugins={}, change_hook_dialects={'base': True}, change_hook_auth=[strcred.makeChecker("file:" + fn)]) self.svc.setupSite(new_config) yield self.svc.reconfigServiceWithBuildbotConfig(new_config) rsrc = self.svc.site.resource.getChildWithDefault('', mock.Mock()) res = yield self.render_resource(rsrc, '') self.assertIn('{"type": "file"}', res) rsrc = self.svc.site.resource.getChildWithDefault('change_hook', mock.Mock()) res = yield self.render_resource(rsrc, '/change_hook/base') # as UnauthorizedResource is in private namespace, we cannot use assertIsInstance :-( self.assertIn('UnauthorizedResource', repr(res))
def test_setupSiteWithHookAndAuth(self): fn = self.mktemp() with open(fn, 'w') as f: f.write("user:pass") new_config = self.makeConfig( port=8080, plugins={}, change_hook_dialects={'base': True}, change_hook_auth=[strcred.makeChecker("file:" + fn)]) self.svc.setupSite(new_config) yield self.svc.reconfigServiceWithBuildbotConfig(new_config) rsrc = self.svc.site.resource.getChildWithDefault('', mock.Mock()) res = yield self.render_resource(rsrc, '') self.assertIn('{"type": "file"}', res) rsrc = self.svc.site.resource.getChildWithDefault( 'change_hook', mock.Mock()) res = yield self.render_resource(rsrc, '/change_hook/base') # as UnauthorizedResource is in private namespace, we cannot use assertIsInstance :-( self.assertIn('UnauthorizedResource', repr(res))
def get_www(): from buildbot.plugins import util from twisted.cred import strcred import private return dict( port="unix:/home/buildbot/buildbot.sock", plugins=dict(waterfall_view={}, console_view={}, grid_view={}, badges={}), auth=util.GitHubAuth(private.github_client_id, private.github_client_secret, apiVersion=4, getTeamsMembership=True), authz=util.Authz( allowRules=[util.AnyControlEndpointMatcher(role="SFML")], roleMatchers=[util.RolesFromGroups()]), change_hook_dialects={ 'base': True, 'github': {} }, change_hook_auth=[strcred.makeChecker("file:changehook.passwd")])
def setUp(self): self.admin = credentials.UsernamePassword('admin', 'asdf') self.alice = credentials.UsernamePassword('alice', 'foo') self.badPass = credentials.UsernamePassword('alice', 'foobar') self.badUser = credentials.UsernamePassword('x', 'yz') self.checker = strcred.makeChecker('memory:admin:asdf:alice:foo')
www = { 'plugins': dict(waterfall_view={}, console_view={}, grid_view={}), # TODO: # order_console_by_time: True, } if os.path.exists(htfile): www['authz'] = Authz(auth=HTPasswdAuth(htfile), forceBuild='auth', # only authenticated users forceAllBuilds='auth', # only authenticated users stopBuild='auth', # only authenticated users stopAllBuilds='auth', # only authenticated users cancelPendingBuild='auth', # only authenticated users ) try: if len(config.www_port) == 2: www['port'] = "tcp:{1}:interface={0}".format(*config.www_port) elif len(config.www_port) == 1: www['port'] = "tcp:{0}".format(*config.www_port) else: raise Exception("www_port hasn't length 2") except TypeError: www['port'] = "tcp:{0}".format(config.www_port) if os.path.exists(changehook_passwd): www['change_hook_auth'] = [strcred.makeChecker("file:{0}".format(changehook_passwd))] www['change_hook_dialects'] = {'github': True} services = []
def setUp(self): self.admin = credentials.UsernamePassword("admin", "asdf") self.alice = credentials.UsernamePassword("alice", "foo") self.badPass = credentials.UsernamePassword("alice", "foobar") self.badUser = credentials.UsernamePassword("x", "yz") self.checker = strcred.makeChecker("memory:admin:asdf:alice:foo")