|
|
|
|
|
|
|
import os
|
|
|
|
|
|
|
|
import mitogen
|
Refactor Stream, introduce quasi-asynchronous connect, much more
Split Stream into many, many classes
* mitogen.parent.Connection: Handles connection setup logic only.
* Maintain references to stdout and stderr streams.
* Manages TimerList timer to cancel connection attempt after
deadline
* Blocking setup code replaced by async equivalents running on the
broker
* mitogen.parent.Options: Tracks connection-specific options. This
keeps the connection class small, but more importantly, it is
generic to the future desire to build and execute command lines
without starting a full connection.
* mitogen.core.Protocol: Handles program behaviour relating to events
on a stream. Protocol performs no IO of its own, instead deferring
it to Stream and Side. This makes testing much easier, and means
libssh can reimplement Stream and Side to reuse MitogenProtocol
* mitogen.core.MitogenProtocol: Guts of the old Mitogen stream
implementtion
* mitogen.core.BufferedWriter: Guts of the old Mitogen buffered
transmit implementation, made generic
* mitogen.core.DelineatedProtocol: Guts of the old IoLogger, knows how
to split up input and pass it on to a
on_line_received()/on_partial_line_received() callback.
* mitogen.parent.BootstrapProtocol: Asynchronous equivalent of the old
blocking connect code. Waits for various prompts (MITO001 etc) and
writes the bootstrap using a BufferedWriter. On success, switches
the stream to MitogenProtocol.
* mitogen.core.Message: move encoding parts of MitogenProtocol out to
Message (where it belongs) and write a bunch of new tests for
pickling.
* The bizarre Stream.construct() is gone now, Option.__init__ is its
own constructor. Should fix many LGTM errors.
* Update all connection methods: Every connection method is updated to
use async logic, defining protocols as required to handle interactive
prompts like in SSH or su. Add new real integration tests for at least
doas and su.
* Eliminate manual fd management: File descriptors are trapped in file
objects at their point of origin, and Side is updated to use file
objects rather than raw descriptors. This eliminates a whole class of
bugs where unrelated FDs could be closed by the wrong component. Now
an FD's open/closed status is fused to it everywhere in the library.
* Halve file descriptor usage: now FD open/close state is tracked by
its file object, we don't need to duplicate FDs everywhere so that
receive/transmit side can be closed independently. Instead both sides
back on to the same file object. Closes #26, Closes #470.
* Remove most uses of dup/dup2: Closes #256. File descriptors are
trapped in a common file object and shared among classes. The
remaining few uses for dup/dup2 are as close to minimal as possible.
* Introduce mitogen.parent.Process: uniform interface for subprocesses
created either via mitogen.fork or the subprocess module. Remove all
the crap where we steal a pid from subprocess guts. Now we use
subprocess to manage its processes as it should be. Closes #169 by
using the new Timers facility to poll for a slow-to-exit subprocess.
* Fix su password race: Closes #363. DelineatedProtocol naturally
retries partially received lines, preventing the cause of the original
race.
* Delete old blocking IO utility functions
iter_read()/write_all()/discard_until().
Closes #26
Closes #147
Closes #169
Closes #256
Closes #363
Closes #419
Closes #470
6 years ago
|
|
|
import mitogen.sudo
|
|
|
|
|
|
|
|
import unittest2
|
|
|
|
|
|
|
|
import testlib
|
|
|
|
|
|
|
|
|
|
|
|
class ConstructorTest(testlib.RouterMixin, testlib.TestCase):
|
|
|
|
sudo_path = testlib.data_path('stubs/stub-sudo.py')
|
|
|
|
|
|
|
|
def run_sudo(self, **kwargs):
|
|
|
|
context = self.router.sudo(
|
|
|
|
sudo_path=self.sudo_path,
|
|
|
|
**kwargs
|
|
|
|
)
|
|
|
|
argv = eval(context.call(os.getenv, 'ORIGINAL_ARGV'))
|
|
|
|
return context, argv
|
|
|
|
|
|
|
|
|
|
|
|
def test_basic(self):
|
|
|
|
context, argv = self.run_sudo()
|
|
|
|
self.assertEquals(argv[:4], [
|
|
|
|
self.sudo_path,
|
|
|
|
'-u', 'root',
|
|
|
|
'--'
|
|
|
|
])
|
|
|
|
|
|
|
|
def test_selinux_type_role(self):
|
|
|
|
context, argv = self.run_sudo(
|
|
|
|
selinux_type='setype',
|
|
|
|
selinux_role='serole',
|
|
|
|
)
|
|
|
|
self.assertEquals(argv[:8], [
|
|
|
|
self.sudo_path,
|
|
|
|
'-u', 'root',
|
|
|
|
'-r', 'serole',
|
|
|
|
'-t', 'setype',
|
|
|
|
'--'
|
|
|
|
])
|
|
|
|
|
|
|
|
def test_reparse_args(self):
|
|
|
|
context, argv = self.run_sudo(
|
|
|
|
sudo_args=['--type', 'setype', '--role', 'serole', '--user', 'user']
|
|
|
|
)
|
|
|
|
self.assertEquals(argv[:8], [
|
|
|
|
self.sudo_path,
|
|
|
|
'-u', 'user',
|
|
|
|
'-r', 'serole',
|
|
|
|
'-t', 'setype',
|
|
|
|
'--'
|
|
|
|
])
|
|
|
|
|
|
|
|
def test_tty_preserved(self):
|
|
|
|
# issue #481
|
|
|
|
os.environ['PREHISTORIC_SUDO'] = '1'
|
|
|
|
try:
|
|
|
|
context, argv = self.run_sudo()
|
|
|
|
self.assertEquals('1', context.call(os.getenv, 'PREHISTORIC_SUDO'))
|
|
|
|
finally:
|
|
|
|
del os.environ['PREHISTORIC_SUDO']
|
|
|
|
|
|
|
|
|
|
|
|
# TODO: https://github.com/dw/mitogen/issues/694
|
|
|
|
# class NonEnglishPromptTest(testlib.DockerMixin, testlib.TestCase):
|
|
|
|
# # Only mitogen/debian-test has a properly configured sudo.
|
|
|
|
# mitogen_test_distro = 'debian'
|
|
|
|
|
|
|
|
# def test_password_required(self):
|
|
|
|
# ssh = self.docker_ssh(
|
|
|
|
# username='mitogen__has_sudo',
|
|
|
|
# password='has_sudo_password',
|
|
|
|
# )
|
|
|
|
# ssh.call(os.putenv, 'LANGUAGE', 'fr')
|
|
|
|
# ssh.call(os.putenv, 'LC_ALL', 'fr_FR.UTF-8')
|
|
|
|
# e = self.assertRaises(mitogen.core.StreamError,
|
|
|
|
# lambda: self.router.sudo(via=ssh)
|
|
|
|
# )
|
|
|
|
# self.assertTrue(mitogen.sudo.password_required_msg in str(e))
|
|
|
|
|
|
|
|
# def test_password_incorrect(self):
|
|
|
|
# ssh = self.docker_ssh(
|
|
|
|
# username='mitogen__has_sudo',
|
|
|
|
# password='has_sudo_password',
|
|
|
|
# )
|
|
|
|
# ssh.call(os.putenv, 'LANGUAGE', 'fr')
|
|
|
|
# ssh.call(os.putenv, 'LC_ALL', 'fr_FR.UTF-8')
|
|
|
|
# e = self.assertRaises(mitogen.core.StreamError,
|
|
|
|
# lambda: self.router.sudo(via=ssh, password='x')
|
|
|
|
# )
|
|
|
|
# self.assertTrue(mitogen.sudo.password_incorrect_msg in str(e))
|
|
|
|
|
|
|
|
# def test_password_okay(self):
|
|
|
|
# ssh = self.docker_ssh(
|
|
|
|
# username='mitogen__has_sudo',
|
|
|
|
# password='has_sudo_password',
|
|
|
|
# )
|
|
|
|
# ssh.call(os.putenv, 'LANGUAGE', 'fr')
|
|
|
|
# ssh.call(os.putenv, 'LC_ALL', 'fr_FR.UTF-8')
|
|
|
|
# e = self.assertRaises(mitogen.core.StreamError,
|
|
|
|
# lambda: self.router.sudo(via=ssh, password='rootpassword')
|
|
|
|
# )
|
|
|
|
# self.assertTrue(mitogen.sudo.password_incorrect_msg in str(e))
|
|
|
|
|
|
|
|
|
|
|
|
if __name__ == '__main__':
|
|
|
|
unittest2.main()
|