Lines 13-22
describe Puppet::Util::SUIDManager do
Link Here
|
13 |
|
13 |
|
14 |
before :each do |
14 |
before :each do |
15 |
Puppet::Util::SUIDManager.stubs(:convert_xid).returns(42) |
15 |
Puppet::Util::SUIDManager.stubs(:convert_xid).returns(42) |
16 |
Puppet::Util::SUIDManager.stubs(:initgroups) |
16 |
pwent = stub('pwent', :name => 'fred', :uid => 42, :gid => 42) |
|
|
17 |
Etc.stubs(:getpwuid).with(42).returns(pwent) |
17 |
|
18 |
|
18 |
[:euid, :egid, :uid, :gid, :groups].each do |id| |
19 |
[:euid, :egid, :uid, :gid, :groups].each do |id| |
19 |
Process.stubs("#{id}=").with {|value| xids[id] = value} |
20 |
Process.stubs("#{id}=").with {|value| xids[id] = value } |
|
|
21 |
end |
22 |
end |
23 |
|
24 |
describe "#initgroups" do |
25 |
it "should use the primary group of the user as the 'basegid'" do |
26 |
Process.expects(:initgroups).with('fred', 42) |
27 |
described_class.initgroups(42) |
20 |
end |
28 |
end |
21 |
end |
29 |
end |
22 |
|
30 |
|
Lines 31-70
describe Puppet::Util::SUIDManager do
Link Here
|
31 |
end |
39 |
end |
32 |
|
40 |
|
33 |
describe "#asuser" do |
41 |
describe "#asuser" do |
34 |
it "should set euid/egid when root" do |
42 |
it "should not get or set euid/egid when not root" do |
35 |
Process.stubs(:uid).returns(0) |
|
|
36 |
Puppet.features.stubs(:microsoft_windows?).returns(false) |
43 |
Puppet.features.stubs(:microsoft_windows?).returns(false) |
|
|
44 |
Process.stubs(:uid).returns(1) |
37 |
|
45 |
|
38 |
Process.stubs(:egid).returns(51) |
46 |
Process.stubs(:egid).returns(51) |
39 |
Process.stubs(:euid).returns(50) |
47 |
Process.stubs(:euid).returns(50) |
40 |
|
48 |
|
41 |
Puppet::Util::SUIDManager.stubs(:convert_xid).with(:gid, 51).returns(51) |
49 |
Puppet::Util::SUIDManager.asuser(user[:uid], user[:gid]) {} |
42 |
Puppet::Util::SUIDManager.stubs(:convert_xid).with(:uid, 50).returns(50) |
|
|
43 |
|
50 |
|
44 |
yielded = false |
51 |
xids.should be_empty |
45 |
Puppet::Util::SUIDManager.asuser(user[:uid], user[:gid]) do |
52 |
end |
46 |
xids[:egid].should == user[:gid] |
53 |
|
47 |
xids[:euid].should == user[:uid] |
54 |
context "when root and not windows" do |
48 |
yielded = true |
55 |
before :each do |
|
|
56 |
Process.stubs(:uid).returns(0) |
57 |
Puppet.features.stubs(:microsoft_windows?).returns(false) |
49 |
end |
58 |
end |
50 |
|
59 |
|
51 |
xids[:egid].should == 51 |
60 |
it "should set euid/egid when root" do |
52 |
xids[:euid].should == 50 |
61 |
Process.stubs(:uid).returns(0) |
53 |
|
62 |
|
54 |
# It's possible asuser could simply not yield, so the assertions in the |
63 |
Process.stubs(:egid).returns(51) |
55 |
# block wouldn't fail. So verify those actually got checked. |
64 |
Process.stubs(:euid).returns(50) |
56 |
yielded.should be_true |
|
|
57 |
end |
58 |
|
65 |
|
59 |
it "should not get or set euid/egid when not root" do |
66 |
Puppet::Util::SUIDManager.stubs(:convert_xid).with(:gid, 51).returns(51) |
60 |
Process.stubs(:uid).returns(1) |
67 |
Puppet::Util::SUIDManager.stubs(:convert_xid).with(:uid, 50).returns(50) |
|
|
68 |
Puppet::Util::SUIDManager.stubs(:initgroups).returns([]) |
61 |
|
69 |
|
62 |
Process.stubs(:egid).returns(51) |
70 |
yielded = false |
63 |
Process.stubs(:euid).returns(50) |
71 |
Puppet::Util::SUIDManager.asuser(user[:uid], user[:gid]) do |
|
|
72 |
xids[:egid].should == user[:gid] |
73 |
xids[:euid].should == user[:uid] |
74 |
yielded = true |
75 |
end |
64 |
|
76 |
|
65 |
Puppet::Util::SUIDManager.asuser(user[:uid], user[:gid]) {} |
77 |
xids[:egid].should == 51 |
|
|
78 |
xids[:euid].should == 50 |
66 |
|
79 |
|
67 |
xids.should be_empty |
80 |
# It's possible asuser could simply not yield, so the assertions in the |
|
|
81 |
# block wouldn't fail. So verify those actually got checked. |
82 |
yielded.should be_true |
83 |
end |
84 |
|
85 |
it "should just yield if user and group are nil" do |
86 |
yielded = false |
87 |
Puppet::Util::SUIDManager.asuser(nil, nil) { yielded = true } |
88 |
yielded.should be_true |
89 |
xids.should == {} |
90 |
end |
91 |
|
92 |
it "should just change group if only group is given" do |
93 |
yielded = false |
94 |
Puppet::Util::SUIDManager.asuser(nil, 42) { yielded = true } |
95 |
yielded.should be_true |
96 |
xids.should == { :egid => 42 } |
97 |
end |
98 |
|
99 |
it "should change gid to the primary group of uid by default" do |
100 |
Process.stubs(:initgroups) |
101 |
|
102 |
yielded = false |
103 |
Puppet::Util::SUIDManager.asuser(42) { yielded = true } |
104 |
yielded.should be_true |
105 |
xids.should == { :euid => 42, :egid => 42 } |
106 |
end |
107 |
|
108 |
it "should change both uid and gid if given" do |
109 |
# I don't like the sequence, but it is the only way to assert on the |
110 |
# internal behaviour in a reliable fashion, given we need multiple |
111 |
# sequenced calls to the same methods. --daniel 2012-02-05 |
112 |
horror = sequence('of user and group changes') |
113 |
Puppet::Util::SUIDManager.expects(:change_group).with(43, false).in_sequence(horror) |
114 |
Puppet::Util::SUIDManager.expects(:change_user).with(42, false).in_sequence(horror) |
115 |
Puppet::Util::SUIDManager.expects(:change_group). |
116 |
with(Puppet::Util::SUIDManager.egid, false).in_sequence(horror) |
117 |
Puppet::Util::SUIDManager.expects(:change_user). |
118 |
with(Puppet::Util::SUIDManager.euid, false).in_sequence(horror) |
119 |
|
120 |
yielded = false |
121 |
Puppet::Util::SUIDManager.asuser(42, 43) { yielded = true } |
122 |
yielded.should be_true |
123 |
end |
68 |
end |
124 |
end |
69 |
|
125 |
|
70 |
it "should not get or set euid/egid on Windows" do |
126 |
it "should not get or set euid/egid on Windows" do |
Lines 78-84
describe Puppet::Util::SUIDManager do
Link Here
|
78 |
|
134 |
|
79 |
describe "#change_group" do |
135 |
describe "#change_group" do |
80 |
describe "when changing permanently" do |
136 |
describe "when changing permanently" do |
81 |
it "should try to change_privilege if it is supported" do |
137 |
it "should change_privilege" do |
82 |
Process::GID.expects(:change_privilege).with do |gid| |
138 |
Process::GID.expects(:change_privilege).with do |gid| |
83 |
Process.gid = gid |
139 |
Process.gid = gid |
84 |
Process.egid = gid |
140 |
Process.egid = gid |
Lines 89-103
describe Puppet::Util::SUIDManager do
Link Here
|
89 |
xids[:egid].should == 42 |
145 |
xids[:egid].should == 42 |
90 |
xids[:gid].should == 42 |
146 |
xids[:gid].should == 42 |
91 |
end |
147 |
end |
92 |
|
|
|
93 |
it "should change both egid and gid if change_privilege isn't supported" do |
94 |
Process::GID.stubs(:change_privilege).raises(NotImplementedError) |
95 |
|
96 |
Puppet::Util::SUIDManager.change_group(42, true) |
97 |
|
98 |
xids[:egid].should == 42 |
99 |
xids[:gid].should == 42 |
100 |
end |
101 |
end |
148 |
end |
102 |
|
149 |
|
103 |
describe "when changing temporarily" do |
150 |
describe "when changing temporarily" do |
Lines 112-132
describe Puppet::Util::SUIDManager do
Link Here
|
112 |
|
159 |
|
113 |
describe "#change_user" do |
160 |
describe "#change_user" do |
114 |
describe "when changing permanently" do |
161 |
describe "when changing permanently" do |
115 |
it "should try to change_privilege if it is supported" do |
162 |
it "should change_privilege" do |
116 |
Process::UID.expects(:change_privilege).with do |uid| |
163 |
Process::UID.expects(:change_privilege).with do |uid| |
117 |
Process.uid = uid |
164 |
Process.uid = uid |
118 |
Process.euid = uid |
165 |
Process.euid = uid |
119 |
end |
166 |
end |
120 |
|
167 |
|
121 |
Puppet::Util::SUIDManager.change_user(42, true) |
|
|
122 |
|
123 |
xids[:euid].should == 42 |
124 |
xids[:uid].should == 42 |
125 |
end |
126 |
|
127 |
it "should change euid and uid and groups if change_privilege isn't supported" do |
128 |
Process::UID.stubs(:change_privilege).raises(NotImplementedError) |
129 |
|
130 |
Puppet::Util::SUIDManager.expects(:initgroups).with(42) |
168 |
Puppet::Util::SUIDManager.expects(:initgroups).with(42) |
131 |
|
169 |
|
132 |
Puppet::Util::SUIDManager.change_user(42, true) |
170 |
Puppet::Util::SUIDManager.change_user(42, true) |
Lines 138-143
describe Puppet::Util::SUIDManager do
Link Here
|
138 |
|
176 |
|
139 |
describe "when changing temporarily" do |
177 |
describe "when changing temporarily" do |
140 |
it "should change only euid and groups" do |
178 |
it "should change only euid and groups" do |
|
|
179 |
Puppet::Util::SUIDManager.stubs(:initgroups).returns([]) |
141 |
Puppet::Util::SUIDManager.change_user(42, false) |
180 |
Puppet::Util::SUIDManager.change_user(42, false) |
142 |
|
181 |
|
143 |
xids[:euid].should == 42 |
182 |
xids[:euid].should == 42 |
Lines 174-219
describe Puppet::Util::SUIDManager do
Link Here
|
174 |
Kernel.system '' if $CHILD_STATUS.nil? |
213 |
Kernel.system '' if $CHILD_STATUS.nil? |
175 |
end |
214 |
end |
176 |
|
215 |
|
177 |
describe "with #system" do |
|
|
178 |
it "should set euid/egid when root" do |
179 |
Process.stubs(:uid).returns(0) |
180 |
Puppet.features.stubs(:microsoft_windows?).returns(false) |
181 |
|
182 |
Process.stubs(:egid).returns(51) |
183 |
Process.stubs(:euid).returns(50) |
184 |
|
185 |
Puppet::Util::SUIDManager.stubs(:convert_xid).with(:gid, 51).returns(51) |
186 |
Puppet::Util::SUIDManager.stubs(:convert_xid).with(:uid, 50).returns(50) |
187 |
|
188 |
Puppet::Util::SUIDManager.expects(:change_group).with(user[:uid]) |
189 |
Puppet::Util::SUIDManager.expects(:change_user).with(user[:uid]) |
190 |
|
191 |
Puppet::Util::SUIDManager.expects(:change_group).with(51) |
192 |
Puppet::Util::SUIDManager.expects(:change_user).with(50) |
193 |
|
194 |
Kernel.expects(:system).with('blah') |
195 |
Puppet::Util::SUIDManager.system('blah', user[:uid], user[:gid]) |
196 |
end |
197 |
|
198 |
it "should not get or set euid/egid when not root" do |
199 |
Process.stubs(:uid).returns(1) |
200 |
Kernel.expects(:system).with('blah') |
201 |
|
202 |
Puppet::Util::SUIDManager.system('blah', user[:uid], user[:gid]) |
203 |
|
204 |
xids.should be_empty |
205 |
end |
206 |
|
207 |
it "should not get or set euid/egid on Windows" do |
208 |
Puppet.features.stubs(:microsoft_windows?).returns true |
209 |
Kernel.expects(:system).with('blah') |
210 |
|
211 |
Puppet::Util::SUIDManager.system('blah', user[:uid], user[:gid]) |
212 |
|
213 |
xids.should be_empty |
214 |
end |
215 |
end |
216 |
|
217 |
describe "with #run_and_capture" do |
216 |
describe "with #run_and_capture" do |
218 |
it "should capture the output and return process status" do |
217 |
it "should capture the output and return process status" do |
219 |
Puppet::Util. |
218 |
Puppet::Util. |