def test_allowed_hosts(self):
        logging.debug('')
        logging.debug('test_allowed_hosts')

        hostname = socket.gethostname()
        host_ipv4 = socket.gethostbyname(hostname)
        dot = host_ipv4.rfind('.')
        domain_ipv4 = host_ipv4[:dot+1]
        gibberish = '$^&*'

        with open('hosts.allow', 'w') as out:
            out.write("""
# Local host IPv4.
%s

# Local domain IPv4.
%s

# Local host name.
%s

# Gibberish.
%s
""" % (host_ipv4, domain_ipv4, hostname, gibberish))

        try:
            allowed_hosts = read_allowed_hosts('hosts.allow')
        finally:
            os.remove('hosts.allow')

        # Check read data.
        expected = 3
        try:
            # This actally resolves in some environments.
            socket.gethostbyname(gibberish)
        except socket.gaierror:
            pass
        else:
            expected += 1
        self.assertEqual(len(allowed_hosts), expected)
        self.assertEqual(allowed_hosts[0], host_ipv4)
        self.assertEqual(allowed_hosts[1], domain_ipv4)
        self.assertEqual(allowed_hosts[2], host_ipv4)

        # Check AF_INET addresses.
        logger = logging.getLogger()
        self.assertTrue(is_legal_connection((host_ipv4, 0),
                                            allowed_hosts, logger))
        domain_host = domain_ipv4 + '123'
        self.assertTrue(is_legal_connection((domain_host, 0),
                                            allowed_hosts, logger))
        self.assertFalse(is_legal_connection(('0.0.0.0', 0),
                                            allowed_hosts, logger))

        # Check AF_UNIX address.
        self.assertTrue(is_legal_connection('/tmp/pipe',
                                            allowed_hosts, logger))
示例#2
0
    def test_allowed_hosts(self):
        logging.debug('')
        logging.debug('test_allowed_hosts')

        hostname = socket.gethostname()
        host_ipv4 = socket.gethostbyname(hostname)
        dot = host_ipv4.rfind('.')
        domain_ipv4 = host_ipv4[:dot+1]

        with open('hosts.allow', 'w') as out:
            out.write("""
# Local host IPv4.
%s

# Local domain IPv4.
%s

# Local host name.
%s

# Gibberish.
$^&*
""" % (host_ipv4, domain_ipv4, hostname))

        try:
            allowed_hosts = read_allowed_hosts('hosts.allow')
        finally:
            os.remove('hosts.allow')

        # Check read data.
        self.assertEqual(len(allowed_hosts), 3)
        self.assertEqual(allowed_hosts[0], host_ipv4)
        self.assertEqual(allowed_hosts[1], domain_ipv4)
        self.assertEqual(allowed_hosts[2], host_ipv4)

        # Check AF_INET addresses.
        logger = logging.getLogger()
        self.assertTrue(is_legal_connection((host_ipv4, 0),
                                            allowed_hosts, logger))
        domain_host = domain_ipv4 + '123'
        self.assertTrue(is_legal_connection((domain_host, 0),
                                            allowed_hosts, logger))
        self.assertFalse(is_legal_connection(('0.0.0.0', 0),
                                            allowed_hosts, logger))

        # Check AF_UNIX address.
        self.assertTrue(is_legal_connection('/tmp/pipe',
                                            allowed_hosts, logger))
    def test_allowed_hosts(self):
        logging.debug('')
        logging.debug('test_allowed_hosts')

        hostname = socket.gethostname()
        host_ipv4 = socket.gethostbyname(hostname)
        dot = host_ipv4.rfind('.')
        domain_ipv4 = host_ipv4[:dot+1]

        good_data = """
# Local host IPv4.
%s

# Local domain IPv4.
%s

# Local host name.
%s

""" % (host_ipv4, domain_ipv4, hostname)

        gibberish = '$^&*'
        bad_data = good_data + """
# Gibberish.
%s
""" % gibberish

        # Try good data.
        with open('hosts.allow', 'w') as out:
            out.write(good_data)
        if sys.platform != 'win32' or HAVE_PYWIN32:
            make_private('hosts.allow')
        try:
            allowed_hosts = read_allowed_hosts('hosts.allow')
        finally:
            os.remove('hosts.allow')
        self.assertEqual(len(allowed_hosts), 3)
        self.assertEqual(allowed_hosts[0], host_ipv4)
        self.assertEqual(allowed_hosts[1], domain_ipv4)
        self.assertEqual(allowed_hosts[2], host_ipv4)

        # Try bad data.
        with open('hosts.allow', 'w') as out:
            out.write(bad_data)
        if sys.platform != 'win32' or HAVE_PYWIN32:
            make_private('hosts.allow')
        try:
            allowed_hosts = read_allowed_hosts('hosts.allow')
        except RuntimeError as exc:
            self.assertEqual(str(exc),
                             "1 errors in 'hosts.allow', check log for details")
        else:
            expected = 3
            try:
                # This actally resolves in some environments.
                socket.gethostbyname(gibberish)
            except socket.gaierror:
                pass
            else:
                expected += 1
            self.assertEqual(len(allowed_hosts), expected)
            self.assertEqual(allowed_hosts[0], host_ipv4)
            self.assertEqual(allowed_hosts[1], domain_ipv4)
            self.assertEqual(allowed_hosts[2], host_ipv4)
        finally:
            os.remove('hosts.allow')

        # Check AF_INET addresses.
        logger = logging.getLogger()
        self.assertTrue(is_legal_connection((host_ipv4, 0),
                                            allowed_hosts, logger))
        domain_host = domain_ipv4 + '123'
        self.assertTrue(is_legal_connection((domain_host, 0),
                                            allowed_hosts, logger))
        self.assertFalse(is_legal_connection(('0.0.0.0', 0),
                                            allowed_hosts, logger))

        # Check AF_UNIX address.
        self.assertTrue(is_legal_connection('/tmp/pipe',
                                            allowed_hosts, logger))
        # Try nonexistant file.
        assert_raises(self, "read_allowed_hosts('no-such-file')",
                      globals(), locals(), RuntimeError,
                      "'no-such-file' does not exist")

        # Try insecure file.
        if sys.platform != 'win32' or HAVE_PYWIN32:
            with open('hosts.allow', 'w') as out:
                out.write('\n')
            os.chmod('hosts.allow', 0666)
            try:
                assert_raises(self, "read_allowed_hosts('hosts.allow')",
                              globals(), locals(), RuntimeError,
                              "'hosts.allow' is not private")
            finally:
                os.remove('hosts.allow')
示例#4
0
    def test_allowed_hosts(self):
        logging.debug('')
        logging.debug('test_allowed_hosts')

        hostname = socket.gethostname()
        host_ipv4 = socket.gethostbyname(hostname)
        dot = host_ipv4.rfind('.')
        domain_ipv4 = host_ipv4[:dot + 1]

        good_data = """
# Local host IPv4.
%s

# Local domain IPv4.
%s

# Local host name.
%s

""" % (host_ipv4, domain_ipv4, hostname)

        gibberish = '$^&*'
        bad_data = good_data + """
# Gibberish.
%s
""" % gibberish

        # Try good data.
        with open('hosts.allow', 'w') as out:
            out.write(good_data)
        if sys.platform != 'win32' or HAVE_PYWIN32:
            make_private('hosts.allow')
        try:
            allowed_hosts = read_allowed_hosts('hosts.allow')
        finally:
            os.remove('hosts.allow')
        self.assertEqual(len(allowed_hosts), 3)
        self.assertEqual(allowed_hosts[0], host_ipv4)
        self.assertEqual(allowed_hosts[1], domain_ipv4)
        self.assertEqual(allowed_hosts[2], host_ipv4)

        # Try bad data.
        with open('hosts.allow', 'w') as out:
            out.write(bad_data)
        if sys.platform != 'win32' or HAVE_PYWIN32:
            make_private('hosts.allow')
        try:
            allowed_hosts = read_allowed_hosts('hosts.allow')
        except RuntimeError as exc:
            self.assertEqual(
                str(exc), "1 errors in 'hosts.allow', check log for details")
        else:
            expected = 3
            try:
                # This actally resolves in some environments.
                socket.gethostbyname(gibberish)
            except socket.gaierror:
                pass
            else:
                expected += 1
            self.assertEqual(len(allowed_hosts), expected)
            self.assertEqual(allowed_hosts[0], host_ipv4)
            self.assertEqual(allowed_hosts[1], domain_ipv4)
            self.assertEqual(allowed_hosts[2], host_ipv4)
        finally:
            os.remove('hosts.allow')

        # Check AF_INET addresses.
        logger = logging.getLogger()
        self.assertTrue(
            is_legal_connection((host_ipv4, 0), allowed_hosts, logger))
        domain_host = domain_ipv4 + '123'
        self.assertTrue(
            is_legal_connection((domain_host, 0), allowed_hosts, logger))
        self.assertFalse(
            is_legal_connection(('0.0.0.0', 0), allowed_hosts, logger))

        # Check AF_UNIX address.
        self.assertTrue(is_legal_connection('/tmp/pipe', allowed_hosts,
                                            logger))
        # Try nonexistant file.
        assert_raises(self, "read_allowed_hosts('no-such-file')", globals(),
                      locals(), RuntimeError, "'no-such-file' does not exist")

        # Try insecure file.
        if sys.platform != 'win32' or HAVE_PYWIN32:
            with open('hosts.allow', 'w') as out:
                out.write('\n')
            os.chmod('hosts.allow', 0666)
            try:
                assert_raises(self, "read_allowed_hosts('hosts.allow')",
                              globals(), locals(), RuntimeError,
                              "'hosts.allow' is not private")
            finally:
                os.remove('hosts.allow')