Lines 13-22
describe Puppet::Util::SUIDManager do
Link Here
|
13 |
|
13 |
|
14 |
before :each do |
14 |
before :each do |
15 |
Puppet::Util::SUIDManager.stubs(:convert_xid).returns(42) |
15 |
Puppet::Util::SUIDManager.stubs(:convert_xid).returns(42) |
16 |
Puppet::Util::SUIDManager.stubs(:initgroups) |
16 |
pwent = stub('pwent', :name => 'fred', :uid => 42, :gid => 42) |
|
|
17 |
Etc.stubs(:getpwuid).with(42).returns(pwent) |
17 |
|
18 |
|
18 |
[:euid, :egid, :uid, :gid, :groups].each do |id| |
19 |
[:euid, :egid, :uid, :gid, :groups].each do |id| |
19 |
Process.stubs("#{id}=").with {|value| xids[id] = value} |
20 |
Process.stubs("#{id}=").with {|value| xids[id] = value } |
|
|
21 |
end |
22 |
end |
23 |
|
24 |
describe "#initgroups" do |
25 |
it "should use the primary group of the user as the 'basegid'" do |
26 |
Process.expects(:initgroups).with('fred', 42) |
27 |
described_class.initgroups(42) |
20 |
end |
28 |
end |
21 |
end |
29 |
end |
22 |
|
30 |
|
Lines 31-75
describe Puppet::Util::SUIDManager do
Link Here
|
31 |
end |
39 |
end |
32 |
|
40 |
|
33 |
describe "#asuser" do |
41 |
describe "#asuser" do |
34 |
it "should set euid/egid when root" do |
42 |
it "should not get or set euid/egid when not root" do |
35 |
Process.stubs(:uid).returns(0) |
43 |
Process.stubs(:uid).returns(1) |
36 |
|
44 |
|
37 |
Process.stubs(:egid).returns(51) |
45 |
Process.stubs(:egid).returns(51) |
38 |
Process.stubs(:euid).returns(50) |
46 |
Process.stubs(:euid).returns(50) |
39 |
|
47 |
|
40 |
Puppet::Util::SUIDManager.stubs(:convert_xid).with(:gid, 51).returns(51) |
48 |
Puppet::Util::SUIDManager.asuser(user[:uid], user[:gid]) {} |
41 |
Puppet::Util::SUIDManager.stubs(:convert_xid).with(:uid, 50).returns(50) |
49 |
|
|
|
50 |
xids.should be_empty |
51 |
end |
42 |
|
52 |
|
43 |
yielded = false |
53 |
context "when root and not windows" do |
44 |
Puppet::Util::SUIDManager.asuser(user[:uid], user[:gid]) do |
54 |
before :each do |
45 |
xids[:egid].should == user[:gid] |
55 |
Process.stubs(:uid).returns(0) |
46 |
xids[:euid].should == user[:uid] |
56 |
Puppet.features.stubs(:microsoft_windows?).returns(false) |
47 |
yielded = true |
|
|
48 |
end |
57 |
end |
49 |
|
58 |
|
50 |
xids[:egid].should == 51 |
59 |
it "should set euid/egid when root" do |
51 |
xids[:euid].should == 50 |
60 |
Process.stubs(:uid).returns(0) |
52 |
|
61 |
|
53 |
# It's possible asuser could simply not yield, so the assertions in the |
62 |
Process.stubs(:egid).returns(51) |
54 |
# block wouldn't fail. So verify those actually got checked. |
63 |
Process.stubs(:euid).returns(50) |
55 |
yielded.should be_true |
|
|
56 |
end |
57 |
|
64 |
|
58 |
it "should not get or set euid/egid when not root" do |
65 |
Puppet::Util::SUIDManager.stubs(:convert_xid).with(:gid, 51).returns(51) |
59 |
Process.stubs(:uid).returns(1) |
66 |
Puppet::Util::SUIDManager.stubs(:convert_xid).with(:uid, 50).returns(50) |
|
|
67 |
Puppet::Util::SUIDManager.stubs(:initgroups).returns([]) |
60 |
|
68 |
|
61 |
Process.stubs(:egid).returns(51) |
69 |
yielded = false |
62 |
Process.stubs(:euid).returns(50) |
70 |
Puppet::Util::SUIDManager.asuser(user[:uid], user[:gid]) do |
|
|
71 |
xids[:egid].should == user[:gid] |
72 |
xids[:euid].should == user[:uid] |
73 |
yielded = true |
74 |
end |
63 |
|
75 |
|
64 |
Puppet::Util::SUIDManager.asuser(user[:uid], user[:gid]) {} |
76 |
xids[:egid].should == 51 |
|
|
77 |
xids[:euid].should == 50 |
65 |
|
78 |
|
66 |
xids.should be_empty |
79 |
# It's possible asuser could simply not yield, so the assertions in the |
|
|
80 |
# block wouldn't fail. So verify those actually got checked. |
81 |
yielded.should be_true |
82 |
end |
83 |
|
84 |
it "should just yield if user and group are nil" do |
85 |
yielded = false |
86 |
Puppet::Util::SUIDManager.asuser(nil, nil) { yielded = true } |
87 |
yielded.should be_true |
88 |
xids.should == {} |
89 |
end |
90 |
|
91 |
it "should just change group if only group is given" do |
92 |
yielded = false |
93 |
Puppet::Util::SUIDManager.asuser(nil, 42) { yielded = true } |
94 |
yielded.should be_true |
95 |
xids.should == { :egid => 42 } |
96 |
end |
97 |
|
98 |
it "should change gid to the primary group of uid by default" do |
99 |
Process.stubs(:initgroups) |
100 |
|
101 |
yielded = false |
102 |
Puppet::Util::SUIDManager.asuser(42) { yielded = true } |
103 |
yielded.should be_true |
104 |
xids.should == { :euid => 42, :egid => 42 } |
105 |
end |
106 |
|
107 |
it "should change both uid and gid if given" do |
108 |
# I don't like the sequence, but it is the only way to assert on the |
109 |
# internal behaviour in a reliable fashion, given we need multiple |
110 |
# sequenced calls to the same methods. --daniel 2012-02-05 |
111 |
horror = sequence('of user and group changes') |
112 |
Puppet::Util::SUIDManager.expects(:change_group).with(43, false).in_sequence(horror) |
113 |
Puppet::Util::SUIDManager.expects(:change_user).with(42, false).in_sequence(horror) |
114 |
Puppet::Util::SUIDManager.expects(:change_group). |
115 |
with(Puppet::Util::SUIDManager.egid, false).in_sequence(horror) |
116 |
Puppet::Util::SUIDManager.expects(:change_user). |
117 |
with(Puppet::Util::SUIDManager.euid, false).in_sequence(horror) |
118 |
|
119 |
yielded = false |
120 |
Puppet::Util::SUIDManager.asuser(42, 43) { yielded = true } |
121 |
yielded.should be_true |
122 |
end |
67 |
end |
123 |
end |
68 |
end |
124 |
end |
69 |
|
125 |
|
70 |
describe "#change_group" do |
126 |
describe "#change_group" do |
71 |
describe "when changing permanently" do |
127 |
describe "when changing permanently" do |
72 |
it "should try to change_privilege if it is supported" do |
128 |
it "should change_privilege" do |
73 |
Process::GID.expects(:change_privilege).with do |gid| |
129 |
Process::GID.expects(:change_privilege).with do |gid| |
74 |
Process.gid = gid |
130 |
Process.gid = gid |
75 |
Process.egid = gid |
131 |
Process.egid = gid |
Lines 80-94
describe Puppet::Util::SUIDManager do
Link Here
|
80 |
xids[:egid].should == 42 |
136 |
xids[:egid].should == 42 |
81 |
xids[:gid].should == 42 |
137 |
xids[:gid].should == 42 |
82 |
end |
138 |
end |
83 |
|
|
|
84 |
it "should change both egid and gid if change_privilege isn't supported" do |
85 |
Process::GID.stubs(:change_privilege).raises(NotImplementedError) |
86 |
|
87 |
Puppet::Util::SUIDManager.change_group(42, true) |
88 |
|
89 |
xids[:egid].should == 42 |
90 |
xids[:gid].should == 42 |
91 |
end |
92 |
end |
139 |
end |
93 |
|
140 |
|
94 |
describe "when changing temporarily" do |
141 |
describe "when changing temporarily" do |
Lines 103-123
describe Puppet::Util::SUIDManager do
Link Here
|
103 |
|
150 |
|
104 |
describe "#change_user" do |
151 |
describe "#change_user" do |
105 |
describe "when changing permanently" do |
152 |
describe "when changing permanently" do |
106 |
it "should try to change_privilege if it is supported" do |
153 |
it "should change_privilege" do |
107 |
Process::UID.expects(:change_privilege).with do |uid| |
154 |
Process::UID.expects(:change_privilege).with do |uid| |
108 |
Process.uid = uid |
155 |
Process.uid = uid |
109 |
Process.euid = uid |
156 |
Process.euid = uid |
110 |
end |
157 |
end |
111 |
|
158 |
|
112 |
Puppet::Util::SUIDManager.change_user(42, true) |
|
|
113 |
|
114 |
xids[:euid].should == 42 |
115 |
xids[:uid].should == 42 |
116 |
end |
117 |
|
118 |
it "should change euid and uid and groups if change_privilege isn't supported" do |
119 |
Process::UID.stubs(:change_privilege).raises(NotImplementedError) |
120 |
|
121 |
Puppet::Util::SUIDManager.expects(:initgroups).with(42) |
159 |
Puppet::Util::SUIDManager.expects(:initgroups).with(42) |
122 |
|
160 |
|
123 |
Puppet::Util::SUIDManager.change_user(42, true) |
161 |
Puppet::Util::SUIDManager.change_user(42, true) |
Lines 129-134
describe Puppet::Util::SUIDManager do
Link Here
|
129 |
|
167 |
|
130 |
describe "when changing temporarily" do |
168 |
describe "when changing temporarily" do |
131 |
it "should change only euid and groups" do |
169 |
it "should change only euid and groups" do |
|
|
170 |
Puppet::Util::SUIDManager.stubs(:initgroups).returns([]) |
132 |
Puppet::Util::SUIDManager.change_user(42, false) |
171 |
Puppet::Util::SUIDManager.change_user(42, false) |
133 |
|
172 |
|
134 |
xids[:euid].should == 42 |
173 |
xids[:euid].should == 42 |
Lines 165-199
describe Puppet::Util::SUIDManager do
Link Here
|
165 |
Kernel.system '' if $CHILD_STATUS.nil? |
204 |
Kernel.system '' if $CHILD_STATUS.nil? |
166 |
end |
205 |
end |
167 |
|
206 |
|
168 |
describe "with #system" do |
|
|
169 |
it "should set euid/egid when root" do |
170 |
Process.stubs(:uid).returns(0) |
171 |
Process.stubs(:egid).returns(51) |
172 |
Process.stubs(:euid).returns(50) |
173 |
|
174 |
Puppet::Util::SUIDManager.stubs(:convert_xid).with(:gid, 51).returns(51) |
175 |
Puppet::Util::SUIDManager.stubs(:convert_xid).with(:uid, 50).returns(50) |
176 |
|
177 |
Puppet::Util::SUIDManager.expects(:change_group).with(user[:uid]) |
178 |
Puppet::Util::SUIDManager.expects(:change_user).with(user[:uid]) |
179 |
|
180 |
Puppet::Util::SUIDManager.expects(:change_group).with(51) |
181 |
Puppet::Util::SUIDManager.expects(:change_user).with(50) |
182 |
|
183 |
Kernel.expects(:system).with('blah') |
184 |
Puppet::Util::SUIDManager.system('blah', user[:uid], user[:gid]) |
185 |
end |
186 |
|
187 |
it "should not get or set euid/egid when not root" do |
188 |
Process.stubs(:uid).returns(1) |
189 |
Kernel.expects(:system).with('blah') |
190 |
|
191 |
Puppet::Util::SUIDManager.system('blah', user[:uid], user[:gid]) |
192 |
|
193 |
xids.should be_empty |
194 |
end |
195 |
end |
196 |
|
197 |
describe "with #run_and_capture" do |
207 |
describe "with #run_and_capture" do |
198 |
it "should capture the output and return process status" do |
208 |
it "should capture the output and return process status" do |
199 |
Puppet::Util. |
209 |
Puppet::Util. |