Reviewed-by: Daniel Barboza <danielhb@linux.vnet.ibm.com> On 04/11/2014 05:57 PM, Aline Manera wrote:
From: Aline Manera <alinefm@br.ibm.com>
The user/group validation is done on the current system.
Signed-off-by: CrÃstian Viana <vianac@linux.vnet.ibm.com> Signed-off-by: Aline Manera <alinefm@br.ibm.com> --- src/kimchi/auth.py | 22 ++++++++++++++++++++++ tests/test_authorization.py | 19 +++++++++++++++++++ 2 files changed, 41 insertions(+)
diff --git a/src/kimchi/auth.py b/src/kimchi/auth.py index dc78ded..2186987 100644 --- a/src/kimchi/auth.py +++ b/src/kimchi/auth.py @@ -25,6 +25,7 @@ import multiprocessing import os import PAM import pty +import pwd import re import termios import time @@ -96,6 +97,27 @@ class User(object): def get_user(self): return self.user
+ def exists(self): + try: + pwd.getpwnam(self.user[USER_NAME]) + except KeyError: + return False + else: + return True + + +class Group(object): + def __init__(self, groupname): + self.groupname = groupname + + def exists(self): + try: + grp.getgrnam(self.groupname) + except KeyError: + return False + else: + return True +
def authenticate(username, password, service="passwd"): '''Returns True if authenticate is OK via PAM.''' diff --git a/tests/test_authorization.py b/tests/test_authorization.py index b211e06..ab98987 100644 --- a/tests/test_authorization.py +++ b/tests/test_authorization.py @@ -17,14 +17,17 @@ # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+import grp import json import os +import pwd import unittest
from functools import partial
+import kimchi.auth import kimchi.mockmodel from utils import get_free_port, patch_auth, request from utils import run_server @@ -119,3 +122,19 @@ class AuthorizationTests(unittest.TestCase): self.assertEquals(403, resp.status) resp = self.request('/vms', '{}', 'DELETE') self.assertEquals(403, resp.status) + + +class CurrentUserGroupTests(unittest.TestCase): + def test_current_user(self): + current_user = pwd.getpwuid(os.getuid()).pw_name + self.assertTrue(kimchi.auth.User(current_user).exists()) + + invalid_user = "userdoesnotexist" + self.assertFalse(kimchi.auth.User(invalid_user).exists()) + + def test_current_group(self): + current_group = grp.getgrgid(os.getgid()).gr_name + self.assertTrue(kimchi.auth.Group(current_group).exists()) + + invalid_group = "groupdoesnotexist" + self.assertFalse(kimchi.auth.Group(invalid_group).exists())