|
| 1 | +import glob |
| 2 | +import os |
| 3 | +import shutil |
| 4 | +import tempfile |
| 5 | + |
| 6 | +import pytest |
| 7 | + |
| 8 | +from leapp.exceptions import StopActorExecutionError |
| 9 | +from leapp.libraries.actor import readopensshconfig |
1 | 10 | from leapp.libraries.actor.readopensshconfig import line_empty, parse_config, produce_config
|
2 | 11 | from leapp.models import OpenSshConfig, OpenSshPermitRootLogin
|
3 | 12 |
|
@@ -143,12 +152,181 @@ def test_parse_config_deprecated():
|
143 | 152 | def test_parse_config_empty():
|
144 | 153 | output = parse_config([])
|
145 | 154 | assert isinstance(output, OpenSshConfig)
|
146 |
| - assert isinstance(output, OpenSshConfig) |
147 | 155 | assert not output.permit_root_login
|
148 | 156 | assert output.use_privilege_separation is None
|
149 | 157 | assert output.protocol is None
|
150 | 158 |
|
151 | 159 |
|
| 160 | +def test_parse_config_include(monkeypatch): |
| 161 | + """ This already require some files to touch """ |
| 162 | + |
| 163 | + config_contents = { |
| 164 | + '/etc/ssh/sshd_config': [ |
| 165 | + "Include /path/*.conf" |
| 166 | + ], |
| 167 | + '/path/my.conf': [ |
| 168 | + 'Subsystem sftp internal-sftp' |
| 169 | + ], |
| 170 | + '/path/another.conf': [ |
| 171 | + 'permitrootlogin no' |
| 172 | + ] |
| 173 | + } |
| 174 | + |
| 175 | + primary_config_path = '/etc/ssh/sshd_config' |
| 176 | + primary_config_contents = config_contents[primary_config_path] |
| 177 | + |
| 178 | + def glob_mocked(pattern): |
| 179 | + assert pattern == '/path/*.conf' |
| 180 | + return ['/path/my.conf', '/path/another.conf'] |
| 181 | + |
| 182 | + def read_config_mocked(path): |
| 183 | + return config_contents[path] |
| 184 | + |
| 185 | + monkeypatch.setattr(glob, 'glob', glob_mocked) |
| 186 | + monkeypatch.setattr(readopensshconfig, 'read_sshd_config', read_config_mocked) |
| 187 | + |
| 188 | + output = parse_config(primary_config_contents) |
| 189 | + |
| 190 | + assert isinstance(output, OpenSshConfig) |
| 191 | + assert len(output.permit_root_login) == 1 |
| 192 | + assert output.permit_root_login[0].value == 'no' |
| 193 | + assert output.permit_root_login[0].in_match is None |
| 194 | + assert output.use_privilege_separation is None |
| 195 | + assert output.protocol is None |
| 196 | + assert output.subsystem_sftp == 'internal-sftp' |
| 197 | + |
| 198 | + |
| 199 | +def test_parse_config_include_recursive(monkeypatch): |
| 200 | + """ The recursive include should gracefully fail """ |
| 201 | + |
| 202 | + config_contents = { |
| 203 | + '/etc/ssh/sshd_config': [ |
| 204 | + "Include /path/*.conf" |
| 205 | + ], |
| 206 | + '/path/recursive.conf': [ |
| 207 | + "Include /path/*.conf" |
| 208 | + ], |
| 209 | + } |
| 210 | + |
| 211 | + primary_config_path = '/etc/ssh/sshd_config' |
| 212 | + primary_config_contents = config_contents[primary_config_path] |
| 213 | + |
| 214 | + def glob_mocked(pattern): |
| 215 | + assert pattern == '/path/*.conf' |
| 216 | + return ['/path/recursive.conf'] |
| 217 | + |
| 218 | + def read_config_mocked(path): |
| 219 | + return config_contents[path] |
| 220 | + |
| 221 | + monkeypatch.setattr(glob, 'glob', glob_mocked) |
| 222 | + monkeypatch.setattr(readopensshconfig, 'read_sshd_config', read_config_mocked) |
| 223 | + |
| 224 | + with pytest.raises(StopActorExecutionError) as recursive_error: |
| 225 | + parse_config(primary_config_contents) |
| 226 | + assert 'Failed to parse sshd configuration file' in str(recursive_error) |
| 227 | + |
| 228 | + |
| 229 | +def test_parse_config_include_relative(monkeypatch): |
| 230 | + """ When the include argument is relative path, it should point into the /etc/ssh/ """ |
| 231 | + |
| 232 | + config_contents = { |
| 233 | + '/etc/ssh/sshd_config': [ |
| 234 | + "Include relative/*.conf" |
| 235 | + ], |
| 236 | + '/etc/ssh/relative/default.conf': [ |
| 237 | + 'Match address 192.168.1.42', |
| 238 | + 'PermitRootLogin yes' |
| 239 | + ], |
| 240 | + '/etc/ssh/relative/other.conf': [ |
| 241 | + 'Match all', |
| 242 | + 'PermitRootLogin prohibit-password' |
| 243 | + ], |
| 244 | + '/etc/ssh/relative/wrong.extension': [ |
| 245 | + "macs hmac-md5", |
| 246 | + ], |
| 247 | + } |
| 248 | + |
| 249 | + primary_config_path = '/etc/ssh/sshd_config' |
| 250 | + primary_config_contents = config_contents[primary_config_path] |
| 251 | + |
| 252 | + def glob_mocked(pattern): |
| 253 | + assert pattern == '/etc/ssh/relative/*.conf' |
| 254 | + return ['/etc/ssh/relative/other.conf', '/etc/ssh/relative/default.conf'] |
| 255 | + |
| 256 | + def read_config_mocked(path): |
| 257 | + return config_contents[path] |
| 258 | + |
| 259 | + monkeypatch.setattr(glob, 'glob', glob_mocked) |
| 260 | + monkeypatch.setattr(readopensshconfig, 'read_sshd_config', read_config_mocked) |
| 261 | + |
| 262 | + output = parse_config(primary_config_contents) |
| 263 | + |
| 264 | + assert isinstance(output, OpenSshConfig) |
| 265 | + assert len(output.permit_root_login) == 2 |
| 266 | + assert output.permit_root_login[0].value == 'yes' |
| 267 | + assert output.permit_root_login[0].in_match == ['address', '192.168.1.42'] |
| 268 | + assert output.permit_root_login[1].value == 'prohibit-password' |
| 269 | + assert output.permit_root_login[1].in_match == ['all'] |
| 270 | + assert output.use_privilege_separation is None |
| 271 | + assert output.ciphers is None |
| 272 | + assert output.macs is None |
| 273 | + assert output.protocol is None |
| 274 | + assert output.subsystem_sftp is None |
| 275 | + |
| 276 | + |
| 277 | +def test_parse_config_include_complex(monkeypatch): |
| 278 | + """ This already require some files to touch """ |
| 279 | + |
| 280 | + config_contents = { |
| 281 | + '/etc/ssh/sshd_config': [ |
| 282 | + "Include /path/*.conf /other/path/*.conf \"/last/path with spaces/*.conf\" " |
| 283 | + ], |
| 284 | + '/path/my.conf': [ |
| 285 | + 'permitrootlogin prohibit-password' |
| 286 | + ], |
| 287 | + '/other/path/another.conf': [ |
| 288 | + 'ciphers aes128-ctr' |
| 289 | + ], |
| 290 | + '/last/path with spaces/filename with spaces.conf': [ |
| 291 | + 'subsystem sftp other-internal' |
| 292 | + ] |
| 293 | + } |
| 294 | + glob_contents = { |
| 295 | + '/path/*.conf': [ |
| 296 | + '/path/my.conf' |
| 297 | + ], |
| 298 | + '/other/path/*.conf': [ |
| 299 | + '/other/path/another.conf' |
| 300 | + ], |
| 301 | + '/last/path with spaces/*.conf': [ |
| 302 | + '/last/path with spaces/filename with spaces.conf' |
| 303 | + ], |
| 304 | + } |
| 305 | + |
| 306 | + primary_config_path = '/etc/ssh/sshd_config' |
| 307 | + primary_config_contents = config_contents[primary_config_path] |
| 308 | + |
| 309 | + def glob_mocked(pattern): |
| 310 | + return glob_contents[pattern] |
| 311 | + |
| 312 | + def read_config_mocked(path): |
| 313 | + return config_contents[path] |
| 314 | + |
| 315 | + monkeypatch.setattr(glob, 'glob', glob_mocked) |
| 316 | + monkeypatch.setattr(readopensshconfig, 'read_sshd_config', read_config_mocked) |
| 317 | + |
| 318 | + output = parse_config(primary_config_contents) |
| 319 | + |
| 320 | + assert isinstance(output, OpenSshConfig) |
| 321 | + assert len(output.permit_root_login) == 1 |
| 322 | + assert output.permit_root_login[0].value == 'prohibit-password' |
| 323 | + assert output.permit_root_login[0].in_match is None |
| 324 | + assert output.use_privilege_separation is None |
| 325 | + assert output.ciphers == "aes128-ctr" |
| 326 | + assert output.protocol is None |
| 327 | + assert output.subsystem_sftp == 'other-internal' |
| 328 | + |
| 329 | + |
152 | 330 | def test_produce_config():
|
153 | 331 | output = []
|
154 | 332 |
|
|
0 commit comments