Merge pull request #38 from altlinux/controls_with_strings_testing

Controls with strings testing tested.
2025-03-22 18:50:15 +03:00 · 2020-03-06 19:05:14 +04:00 · 2020-03-06 19:05:14 +04:00 · b519249aff
commit b519249aff
parent 056554c35c 34344d66d8
9 changed files with 178 additions and 10 deletions
--- a/gpoa/frontend/appliers/control.py
+++ b/gpoa/frontend/appliers/control.py
@ -23,6 +23,8 @@ from util.logging import slogm

 class control:
    def __init__(self, name, value):
+        if type(value) != int and type(value) != str:
+            raise Exception('Unknown type of value for control')
        self.control_name = name
        self.control_value = value
        self.possible_values = self._query_control_values()
@ -30,29 +32,65 @@ class control:
            raise Exception('Unable to query possible values')

    def _query_control_values(self):
-        proc = subprocess.Popen(['/usr/sbin/control', self.control_name, 'list'], stdout=subprocess.PIPE)
-        for line in proc.stdout:
-            values = line.split()
-            return values
+        '''
+        Query possible values from control in order to perform check of
+        parameter passed to constructor.
+        '''
+        values = list()
+
+        popen_call = ['/usr/sbin/control', self.control_name, 'list']
+        with subprocess.Popen(popen_call, stdout=subprocess.PIPE) as proc:
+            values = proc.stdout.readline().decode('utf-8').split()
+            proc.wait()
+
+        return values

    def _map_control_status(self, int_status):
-        str_status = self.possible_values[int_status].decode()
+        '''
+        Get control's string value by numeric index
+        '''
+        try:
+            str_status = self.possible_values[int_status]
+        except IndexError as exc:
+            logging.error(slogm('Error getting control ({}) value from {} by index {}'.format(self.control_name, self.possible_values, int_status)))
+            str_status = None
+
        return str_status

    def get_control_name(self):
        return self.control_name

    def get_control_status(self):
-        proc = subprocess.Popen(['/usr/sbin/control', self.control_name], stdout=subprocess.PIPE)
-        for line in proc.stdout:
-            return line.rstrip('\n\r')
+        '''
+        Get current control value
+        '''
+        line = None
+
+        popen_call = ['/usr/sbin/control', self.control_name]
+        with subprocess.Popen(popen_call, stdout=subprocess.PIPE) as proc:
+            line = proc.stdout.readline().decode('utf-8').rstrip('\n\r')
+            proc.wait()
+
+        return line

    def set_control_status(self):
-        status = self._map_control_status(self.control_value)
+        if type(self.control_value) == int:
+            status = self._map_control_status(self.control_value)
+            if status == None:
+                logging.error(slogm('\'{}\' is not in possible values for control {}'.format(self.control_value, self.control_name)))
+                return
+        elif type(self.control_value) == str:
+            if self.control_value not in self.possible_values:
+                logging.error(slogm('\'{}\' is not in possible values for control {}'.format(self.control_value, self.control_name)))
+                return
+            status = self.control_value
+
        logging.debug(slogm('Setting control {} to {}'.format(self.control_name, status)))

        try:
-            proc = subprocess.Popen(['/usr/sbin/control', self.control_name, status], stdout=subprocess.PIPE)
+            popen_call = ['/usr/sbin/control', self.control_name, status]
+            with subprocess.Popen(popen_call, stdout=subprocess.PIPE) as proc:
+                proc.wait()
        except:
            logging.error(slogm('Unable to set {} to {}'.format(self.control_name, status)))

--- a/gpoa/frontend/control_applier.py
+++ b/gpoa/frontend/control_applier.py
@ -39,6 +39,9 @@ class control_applier(applier_frontend):
            try:
                self.controls.append(control(valuename, int(setting.data)))
                logging.info(slogm('Working with control {}'.format(valuename)))
+            except ValueError as exc:
+                self.controls.append(control(valuename, setting.data))
+                logging.info(slogm('Working with control {} with string value'.format(valuename)))
            except Exception as exc:
                logging.info(slogm('Unable to work with control {}: {}'.format(valuename, exc)))
        #for e in polfile.pol_file.entries:
--- a/gpoa/test/frontend/init.py
+++ b/gpoa/test/frontend/init.py
@ -0,0 +1,18 @@
+#
+# GPOA - GPO Applier for Linux
+#
+# Copyright (C) 2019-2020 BaseALT Ltd.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
--- a/gpoa/test/frontend/appliers/init.py
+++ b/gpoa/test/frontend/appliers/init.py
@ -0,0 +1,18 @@
+#
+# GPOA - GPO Applier for Linux
+#
+# Copyright (C) 2019-2020 BaseALT Ltd.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
--- a/gpoa/test/frontend/appliers/data/control_int.pol
+++ b/gpoa/test/frontend/appliers/data/control_int.pol
--- a/gpoa/test/frontend/appliers/data/control_int.xml
+++ b/gpoa/test/frontend/appliers/data/control_int.xml
@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="utf-8"?>
+<PolFile num_entries="1" signature="PReg" version="1">
+	<Entry type="4" type_name="REG_DWORD">
+		<Key>Software\BaseALT\Policies\Control</Key>
+		<ValueName>sshd-gssapi-auth</ValueName>
+		<Value>1</Value>
+	</Entry>
+</PolFile>
+
--- a/gpoa/test/frontend/appliers/data/control_string.pol
+++ b/gpoa/test/frontend/appliers/data/control_string.pol
--- a/gpoa/test/frontend/appliers/data/control_string.xml
+++ b/gpoa/test/frontend/appliers/data/control_string.xml
@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="utf-8"?>
+<PolFile num_entries="1" signature="PReg" version="1">
+	<Entry type="1" type_name="REG_SZ">
+		<Key>Software\BaseALT\Policies\Control</Key>
+		<ValueName>dvd-ram-control</ValueName>
+		<Value>restricted</Value>
+	</Entry>
+</PolFile>
--- a/gpoa/test/frontend/appliers/test_controls.py
+++ b/gpoa/test/frontend/appliers/test_controls.py
@ -0,0 +1,74 @@
+#
+# GPOA - GPO Applier for Linux
+#
+# Copyright (C) 2019-2020 BaseALT Ltd.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import unittest
+
+from util.preg import load_preg
+from frontend.appliers.control import control
+
+class ControlTestCase(unittest.TestCase):
+    '''
+    Semi-integrational tests for control facility
+    '''
+    def test_control_with_int(self):
+        '''
+        Test procedure for control framework invocation with integer
+        value. The type of data loaded from PReg must be 'int' but
+        we're storing all values as strings inside the database. So,
+        for the test to be correct - we transform the value to string
+        first.
+        '''
+        preg_file = 'test/frontend/appliers/data/control_int.pol'
+
+        preg_data = load_preg(preg_file)
+        for entry in preg_data.entries:
+            control_name = entry.valuename
+            control_value = str(entry.data)
+
+            test_control = control(control_name, int(control_value))
+            test_control.set_control_status()
+
+    def test_control_int_out_of_range(self):
+        '''
+        Test procedure for control framework invocation with incorrect
+        integer value (out of range). The type of data loaded from PReg
+        must be 'int' but we're storing all values as strings inside the
+        database. So, for the test to be correct - we transform the
+        value to string first.
+        '''
+        control_name = 'sshd-gssapi-auth'
+        control_value = '50'
+
+        test_control = control(control_name, int(control_value))
+        test_control.set_control_status()
+
+    def test_control_with_str(self):
+        '''
+        Test procedure for control framework invocation with string
+        value. The type of data loaded from PReg must be 'str'.
+        '''
+        preg_file = 'test/frontend/appliers/data/control_string.pol'
+
+        preg_data = load_preg(preg_file)
+        for entry in preg_data.entries:
+            control_name = entry.valuename
+            control_value = entry.data
+
+            test_control = control(control_name, str(control_value))
+            test_control.set_control_status()
+