mitogen/tests/sudo_test.py

105 lines
3.2 KiB
Python
Raw Normal View History

import os
import mitogen
Refactor Stream, introduce quasi-asynchronous connect, much more Split Stream into many, many classes * mitogen.parent.Connection: Handles connection setup logic only. * Maintain references to stdout and stderr streams. * Manages TimerList timer to cancel connection attempt after deadline * Blocking setup code replaced by async equivalents running on the broker * mitogen.parent.Options: Tracks connection-specific options. This keeps the connection class small, but more importantly, it is generic to the future desire to build and execute command lines without starting a full connection. * mitogen.core.Protocol: Handles program behaviour relating to events on a stream. Protocol performs no IO of its own, instead deferring it to Stream and Side. This makes testing much easier, and means libssh can reimplement Stream and Side to reuse MitogenProtocol * mitogen.core.MitogenProtocol: Guts of the old Mitogen stream implementtion * mitogen.core.BufferedWriter: Guts of the old Mitogen buffered transmit implementation, made generic * mitogen.core.DelineatedProtocol: Guts of the old IoLogger, knows how to split up input and pass it on to a on_line_received()/on_partial_line_received() callback. * mitogen.parent.BootstrapProtocol: Asynchronous equivalent of the old blocking connect code. Waits for various prompts (MITO001 etc) and writes the bootstrap using a BufferedWriter. On success, switches the stream to MitogenProtocol. * mitogen.core.Message: move encoding parts of MitogenProtocol out to Message (where it belongs) and write a bunch of new tests for pickling. * The bizarre Stream.construct() is gone now, Option.__init__ is its own constructor. Should fix many LGTM errors. * Update all connection methods: Every connection method is updated to use async logic, defining protocols as required to handle interactive prompts like in SSH or su. Add new real integration tests for at least doas and su. * Eliminate manual fd management: File descriptors are trapped in file objects at their point of origin, and Side is updated to use file objects rather than raw descriptors. This eliminates a whole class of bugs where unrelated FDs could be closed by the wrong component. Now an FD's open/closed status is fused to it everywhere in the library. * Halve file descriptor usage: now FD open/close state is tracked by its file object, we don't need to duplicate FDs everywhere so that receive/transmit side can be closed independently. Instead both sides back on to the same file object. Closes #26, Closes #470. * Remove most uses of dup/dup2: Closes #256. File descriptors are trapped in a common file object and shared among classes. The remaining few uses for dup/dup2 are as close to minimal as possible. * Introduce mitogen.parent.Process: uniform interface for subprocesses created either via mitogen.fork or the subprocess module. Remove all the crap where we steal a pid from subprocess guts. Now we use subprocess to manage its processes as it should be. Closes #169 by using the new Timers facility to poll for a slow-to-exit subprocess. * Fix su password race: Closes #363. DelineatedProtocol naturally retries partially received lines, preventing the cause of the original race. * Delete old blocking IO utility functions iter_read()/write_all()/discard_until(). Closes #26 Closes #147 Closes #169 Closes #256 Closes #363 Closes #419 Closes #470
2019-03-12 01:15:27 +00:00
import mitogen.sudo
import testlib
class ConstructorTest(testlib.RouterMixin, testlib.TestCase):
sudo_path = testlib.data_path('stubs/stub-sudo.py')
def run_sudo(self, **kwargs):
context = self.router.sudo(
sudo_path=self.sudo_path,
**kwargs
)
argv = eval(context.call(os.getenv, 'ORIGINAL_ARGV'))
return context, argv
def test_basic(self):
context, argv = self.run_sudo()
self.assertEquals(argv[:4], [
self.sudo_path,
'-u', 'root',
'--'
])
def test_selinux_type_role(self):
context, argv = self.run_sudo(
selinux_type='setype',
selinux_role='serole',
)
self.assertEquals(argv[:8], [
self.sudo_path,
'-u', 'root',
'-r', 'serole',
'-t', 'setype',
'--'
])
def test_reparse_args(self):
context, argv = self.run_sudo(
sudo_args=['--type', 'setype', '--role', 'serole', '--user', 'user']
)
self.assertEquals(argv[:8], [
self.sudo_path,
'-u', 'user',
'-r', 'serole',
'-t', 'setype',
'--'
])
2019-02-10 22:32:57 +00:00
def test_tty_preserved(self):
# issue #481
os.environ['PREHISTORIC_SUDO'] = '1'
try:
context, argv = self.run_sudo()
self.assertEquals('1', context.call(os.getenv, 'PREHISTORIC_SUDO'))
finally:
del os.environ['PREHISTORIC_SUDO']
2020-02-21 23:43:18 +00:00
# TODO: https://github.com/dw/mitogen/issues/694
# class NonEnglishPromptTest(testlib.DockerMixin, testlib.TestCase):
# # Only mitogen/debian-test has a properly configured sudo.
# mitogen_test_distro = 'debian'
# def test_password_required(self):
# ssh = self.docker_ssh(
# username='mitogen__has_sudo',
# password='has_sudo_password',
# )
# ssh.call(os.putenv, 'LANGUAGE', 'fr')
# ssh.call(os.putenv, 'LC_ALL', 'fr_FR.UTF-8')
# e = self.assertRaises(mitogen.core.StreamError,
# lambda: self.router.sudo(via=ssh)
# )
# self.assertTrue(mitogen.sudo.password_required_msg in str(e))
# def test_password_incorrect(self):
# ssh = self.docker_ssh(
# username='mitogen__has_sudo',
# password='has_sudo_password',
# )
# ssh.call(os.putenv, 'LANGUAGE', 'fr')
# ssh.call(os.putenv, 'LC_ALL', 'fr_FR.UTF-8')
# e = self.assertRaises(mitogen.core.StreamError,
# lambda: self.router.sudo(via=ssh, password='x')
# )
# self.assertTrue(mitogen.sudo.password_incorrect_msg in str(e))
# def test_password_okay(self):
# ssh = self.docker_ssh(
# username='mitogen__has_sudo',
# password='has_sudo_password',
# )
# ssh.call(os.putenv, 'LANGUAGE', 'fr')
# ssh.call(os.putenv, 'LC_ALL', 'fr_FR.UTF-8')
# e = self.assertRaises(mitogen.core.StreamError,
# lambda: self.router.sudo(via=ssh, password='rootpassword')
# )
# self.assertTrue(mitogen.sudo.password_incorrect_msg in str(e))