a }|äg‰jã@s4dZddlZddlZddlZddlZddlmZddlZddlmZddl m Z ddl m Z ddl m Z ddlmmZddlmZz ddlZddlZddlZd ZWney¼d ZYn0d Zd Zd ZejeddGdd„deƒƒZGdd„deƒZGdd„deƒZejeddGdd„deƒƒZGdd„dejƒZejeddGdd„dejƒƒZ Gdd„dejƒZ!Gdd „d ejƒZ"Gd!d"„d"ejƒZ#Gd#d$„d$ejƒZ$Gd%d&„d&ejƒZ%Gd'd(„d(ejƒZ&Gd)d*„d*ej'ƒZ(ej)d+d,„ƒZ*d-d.„Z+d/d0„Z,d1d2„Z-d8d4d5„Z.e/d6kr0e 0e 1ej2d7d…e3g¡¡dS)9z#Tests for certbot.compat.filesysteméN)Úmock)Úutil)Úlock)Ú filesystem)Úos)ÚTempDirTestCaseFTzS-1-1-0zS-1-5-18z S-1-5-32-544z"Tests specific to Windows security©ÚreasoncspeZdZdZ‡fdd„Zdd„Zdd„Zdd „Zd d „Zd d „Z dd„Z dd„Z dd„Z dd„Z dd„Z‡ZS)ÚWindowsChmodTestsz:Unit tests for Windows chmod function in filesystem modulecstƒ ¡t|jƒ|_dS©N©ÚsuperÚsetUpÚ _create_probeÚtempdirÚ probe_path©Úself©Ú __class__©úR/usr/lib/python3.9/site-packages/certbot/_internal/tests/compat/filesystem_test.pyr#s zWindowsChmodTests.setUpcCsbtj |jd¡}t |j|¡t|jƒ ¡}t|ƒ ¡}t  |d¡t|jƒ ¡}t|ƒ ¡}dS)NÚlinkéÀ) rÚpathÚjoinrÚsymlinkrÚ_get_security_daclÚGetSecurityDescriptorDaclrÚchmod)rÚ link_pathÚref_dacl_probeZ ref_dacl_linkÚcur_dacl_probeZ cur_dacl_linkrrrÚtest_symlink_resolution's   z)WindowsChmodTests.test_symlink_resolutioncsFt t¡‰t |jd¡t|jƒ ¡‰t |jd¡t|jƒ ¡‰dS)NriÄ)Ú win32securityÚConvertStringSidToSidÚ EVERYBODY_SIDrrrrrrr©ÚdaclZ everybodyrÚtest_world_permission6s  z'WindowsChmodTests.test_world_permissioncCs<t |jd¡t|jƒ ¡}t |jd¡t|jƒ ¡}dS)Nrià)rrrrr)rr!r"rrrÚtest_group_permissions_noopEs z-WindowsChmodTests.test_group_permissions_noopcspt t¡‰t t¡‰t |jd¡t|jƒ ¡‰‡‡fdd„t dˆ  ¡ƒDƒ}‡‡fdd„t dˆ  ¡ƒDƒ}dS)Nécs(g|] }ˆ |¡dˆkrˆ |¡‘qS©é©ZGetAce©Ú.0Úindex)r(ÚsystemrrÚ Usÿz.rcs(g|] }ˆ |¡dˆkrˆ |¡‘qSr,r.r/)Úadminsr(rrr3Wsÿ) r$r%Ú SYSTEM_SIDÚ ADMINS_SIDrrrrrÚrangeÚ GetAceCount)rZ system_acesZ admin_acesr)r4r(r2rÚtest_admin_permissionsNs  z(WindowsChmodTests.test_admin_permissionscCs| dtj¡dS)Né)Ú _test_flagÚ ntsecurityconÚFILE_GENERIC_READrrrrÚtest_read_flag`sz WindowsChmodTests.test_read_flagcCs| dtj¡dS©Né)r;r<ÚFILE_GENERIC_EXECUTErrrrÚtest_execute_flagcsz#WindowsChmodTests.test_execute_flagcCs| dtjtjAtjA¡dS)Nr-)r;r<ÚFILE_ALL_ACCESSr=rArrrrÚtest_write_flagfs  ÿþz!WindowsChmodTests.test_write_flagcCs| dtj¡dS)Né)r;r<rCrrrrÚtest_full_flagksz WindowsChmodTests.test_full_flagcsTt |jd|B¡t|jƒ ¡‰t t¡‰‡‡fdd„tdˆ  ¡ƒDƒ}|d}dS)Nrcs(g|] }ˆ |¡dˆkrˆ |¡‘qSr,r.r/r'rrr3vsÿz0WindowsChmodTests._test_flag..r) rrrrrr$r%r&r7r8)rZ everyone_modeZ windows_flagZacls_everybodyrr'rr;ns  zWindowsChmodTests._test_flagcCs„t dt ¡¡\}}}t|jƒ}t|j||ƒt |jd¡t |jƒ}t  t ¡}t|jƒ}t|j||ƒt |jd¡t |jƒ}dS)NÚr) r$ZLookupAccountNameÚwin32apiZ GetUserNameÚ_get_security_ownerrÚ _set_ownerrrrr%r6)rZauthenticated_userÚ_Úsecurity_ownerZ security_daclZ admin_userrrrÚ test_user_admin_dacl_consistencys     z2WindowsChmodTests.test_user_admin_dacl_consistency)Ú__name__Ú __module__Ú __qualname__Ú__doc__rr#r)r*r9r>rBrDrFr;rMÚ __classcell__rrrrr s  r c@s*eZdZdd„Zdd„Zed dd„ƒZdS) Ú UmaskTestc Cs†t d¡}zjtj |jd¡}t |¡t d¡tj |jd¡}t |¡tj |jd¡}tj|ddWt |¡n t |¡0dS)NéÚprobe1é?Údir2Údir3éÿ)Úmode)rÚumaskrrrrÚmkdir)rÚprevious_umaskZdir1rWrXrrrÚtest_umask_on_dir™s    zUmaskTest.test_umask_on_dirc Cs‚t d¡}zftj |jd¡}t |¡t d¡tj |jd¡}t |¡tj |jd¡}t |¡Wt |¡n t |¡0dS)NrTrUrVZprobe2Zprobe3)rr[rrrrrSÚ _create_file)rr]Zfile1Zfile2Zfile3rrrÚtest_umask_on_file­s     zUmaskTest.test_umask_on_filerYc Cs>d}z$tj|tj|d}W|r:t |¡n|r8t |¡0dS)N)ÚflagsrZ)rÚopenrÚO_CREATÚclose)rrZZ file_descrrrr_Ás ÿzUmaskTest._create_fileN)rY)rNrOrPr^r`Ú staticmethodr_rrrrrS˜srScs$eZdZ‡fdd„Zdd„Z‡ZS)ÚComputePrivateKeyModeTestcstƒ ¡t|jƒ|_dSr r rrrrrÌs zComputePrivateKeyModeTest.setUpcCs&t |jd¡t |jd¡}tr"ndS)NrYi€)rrrZcompute_private_key_modeÚ POSIX_MODE)rZnew_moderrrÚtest_compute_private_key_modeÐs z7ComputePrivateKeyModeTest.test_compute_private_key_mode)rNrOrPrrhrRrrrrrfËs rfc@s,eZdZdd„Zdd„Zdd„Zdd„Zd S) ÚWindowsOpenTestcsPtj |jd¡}t |tjtjBtjBd¡}t  |¡t |ƒ  ¡‰t   t¡‰dS)NÚfiler)rrrrrrbrcÚO_EXCLÚO_RDWRrdrrr$r%r&©rrZdescrr'rÚ!test_new_file_correct_permissionsßs    z1WindowsOpenTest.test_new_file_correct_permissionscsXtj |jd¡}t|dƒ ¡t |tjtjBd¡}t |¡t |ƒ  ¡‰t   t ¡‰dS)NrjÚwr)rrrrrbrdrrkrlrrr$r%r&rmrr'rÚ&test_existing_file_correct_permissionsës   z6WindowsOpenTest.test_existing_file_correct_permissionscCs<|jddtjtjBdt t¡(}|jddtjtjBdWdƒn1sP0Y|jddtjd|jddtjdtj |j d¡}t |d ƒ  ¡t   |¡}zHt t¡"}|jd dtjdWdƒn1sÚ0YW| ¡n | ¡0t t¡"|jd dtjdWdƒn1s.0YdS) Nr@F)Ú file_existrar-Tér:Ú5roéé)Ú_test_one_creationrrcrkÚpytestÚraisesÚOSErrorrrrrbrdrZLockFileÚreleaseÚO_RDONLY)rÚexc_inforZfilelockrrrÚtest_create_file_on_openøs 6  0 z(WindowsOpenTest.test_create_file_on_openc Cs†tj |jt|ƒ¡}|rNtj |¡sNt|dƒWdƒn1sD0Yd}zt ||¡}W|r‚t |¡n|r€t |¡0dS)Nro) rrrrÚstrÚexistsrbrrd)rZnumrqraZone_fileZhandlerrrrrvs  ÿz"WindowsOpenTest._test_one_creationN)rNrOrPrnrpr}rvrrrrriÝs  ric@s(eZdZdZdd„Zdd„Zdd„ZdS) ÚTempUmaskTestsz8Tests for using the TempUmask class in `with` statementscCst d¡}t |¡|S)Nr)rr[)rZ old_umaskrrrÚ _check_umask&s  zTempUmaskTests._check_umaskcCs8t d¡t d¡Wdƒn1s*0YdS©NrTrV)rr[Ú temp_umaskrrrrÚtest_works_normally+s  z"TempUmaskTests.test_works_normallycCsPt d¡z4t d¡tƒ‚Wdƒn1s20YWn Yn0dSr‚)rr[rƒÚ ExceptionrrrrÚ!test_resets_umask_after_exception2s   (z0TempUmaskTests.test_resets_umask_after_exceptionN)rNrOrPrQrr„r†rrrrr€$sr€ú!Test specific to Windows securityc@s(eZdZdZdd„Zdd„Zdd„ZdS) ÚWindowsMkdirTestszFUnit tests for Windows mkdir + makedirs functions in filesystem modulecs6tj |jd¡}t |d¡t t¡‰t |ƒ  ¡‰dS)NÚdirr) rrrrrr\r$r%r&rr)rrrr'rÚtest_mkdir_correct_permissions@s    z0WindowsMkdirTests.test_mkdir_correct_permissionscsDtj |jd¡}tj |d¡}t |d¡t t¡‰t |ƒ  ¡‰dS)Nr‰Úsubpathr) rrrrrÚmakedirsr$r%r&rr)rrr‹rr'rÚ!test_makedirs_correct_permissionsKs    z3WindowsMkdirTests.test_makedirs_correct_permissionscCsNtj |jd¡}ddl}|j}t |¡zt |¡WntyHYn0dS)Nr‰r)rrrrr\rrŒry)rrÚstd_osZoriginal_mkdirrrrÚtest_makedirs_switch_os_mkdirWs  z/WindowsMkdirTests.test_makedirs_switch_os_mkdirN)rNrOrPrQrŠrrrrrrrˆ=s  rˆc@seZdZdZdd„ZdS)Ú MakedirsTestsz5Unit tests for makedirs function in filesystem modulec CsTtj |jd¡}tj |d¡}t d¡}zt |d¡Wt |¡n t |¡0dS)Nr‰r‹rTr)rrrrrr[rŒ)rrr‹r]rrrrhs  z/MakedirsTests.test_makedirs_correct_permissionsN)rNrOrPrQrrrrrrfsrcsjeZdZdZ‡fdd„Zejedddd„ƒZej eddd d „ƒZ d d „Z ejeddd d„ƒZ ‡Z S)ÚCopyOwnershipAndModeTestzYTests about copy_ownership_and_apply_mode, copy_ownership_and_mode and has_same_ownershipcstƒ ¡t|jƒ|_dSr r rrrrrys zCopyOwnershipAndModeTest.setUpr‡rc sÒt t¡}t ¡j}| |d¡t d¡V}t d¡,}||_t j d|j ddddWdƒn1sh0YWdƒn1s†0Y|j d}|dd }|j d }|dd }|  ¡‰t t¡‰dS) NFúwin32security.GetFileSecurityzwin32security.SetFileSecurityÚdummyrT©Z copy_userZ copy_grouprr-r@)r$r%r5ÚSECURITY_ATTRIBUTESÚSECURITY_DESCRIPTORÚSetSecurityDescriptorOwnerrÚpatchÚ return_valuerÚcopy_ownership_and_apply_moderZcall_args_listrr&)rr2ÚsecurityÚmock_getZmock_setZ first_callZ second_callrr'rÚ*test_copy_ownership_and_apply_mode_windows}s       ÿB     zCCopyOwnershipAndModeTest.test_copy_ownership_and_apply_mode_windowsúTest specific to Linux securityc CsÆt d¡Š}t d¡`}t d¡6}d|j_d|j_tjd|jdddd Wdƒn1s^0YWdƒn1s|0YWdƒn1sš0Y| |jdd¡| |jd¡dS) Nzos.chownzos.chmodzos.staté2é3r“rTr”) rr˜r™Úst_uidÚst_gidrršrÚassert_called_once_with)rZ mock_chownZ mock_chmodZ mock_statrrrÚ(test_copy_ownership_and_apply_mode_linux—s    ÿ`zACopyOwnershipAndModeTest.test_copy_ownership_and_apply_mode_linuxcCsDtj |jd¡}tj |jd¡}t |d¡ ¡t |d¡ ¡dS)NZtest1Ztest2ro)rrrrrÚ safe_openrd)rZpath1Zpath2rrrÚtest_has_same_ownership¤s z0CopyOwnershipAndModeTest.test_has_same_ownershipcCsf|j}t|jdd}t |d¡t d¡}t ||¡Wdƒn1sL0Y| ||¡dS)NÚdst)Únamerz-certbot.compat.filesystem._copy_win_ownership) rrrrrrr˜Zcopy_ownership_and_moder£)rÚsrcr§Zmock_copy_ownerrrrÚ$test_copy_ownership_and_mode_windows­s  * z=CopyOwnershipAndModeTest.test_copy_ownership_and_mode_windows)rNrOrPrQrÚunittestÚskipIfrgrÚ skipUnlessr¤r¦rªrRrrrrr‘ws      r‘csleZdZdZ‡fdd„Zdd„Zejedddd „ƒZ ej ed dd d „ƒZ d d„Z dd„Z dd„Z‡ZS)ÚCheckPermissionsTestz-Tests relative to functions that check modes.cstƒ ¡t|jƒ|_dSr r rrrrrÂs zCheckPermissionsTest.setUpcCst |jd¡dS)Nr©rrrrrrrÚtest_check_modeÆsz$CheckPermissionsTest.test_check_moder‡rcCsTt t¡}t ¡j}| |d¡t d¡}||_Wdƒn1sF0YdS)NFr’) r$r%r5r•r–r—rr˜r™)rr2r›rœrrrÚtest_check_owner_windowsÌs     z-CheckPermissionsTest.test_check_owner_windowsržcCsHddl}| ¡}t d¡}|d|_Wdƒn1s:0YdS)Nrz os.getuidr@)rÚgetuidrr˜r™)rrŽÚuidZmock_uidrrrÚtest_check_owner_linuxØs   z+CheckPermissionsTest.test_check_owner_linuxcCsdt d¡}d|_Wdƒn1s&0Yt d¡}d|_Wdƒn1sV0YdS)Nz$certbot.compat.filesystem.check_modeFz%certbot.compat.filesystem.check_owner)rr˜r™)rZ mock_modeZ mock_ownerrrrÚtest_check_permissionsæs   z+CheckPermissionsTest.test_check_permissionscCs.t |jd¡t |jd¡t |jd¡dS)Néäriár¯rrrrÚtest_check_min_permissionsñsz/CheckPermissionsTest.test_check_min_permissionscCs t |jd¡t |jd¡dS)Nr¶rr¯rrrrÚtest_is_world_reachableûsz,CheckPermissionsTest.test_is_world_reachable)rNrOrPrQrr°r«r¬rgr±r­r´rµr·r¸rRrrrrr®Às      r®c@seZdZdZdd„ZdS)Ú OsReplaceTestz3Test to ensure consistent behavior of rename methodcCsLtj |jd¡}tj |jd¡}t|dƒ ¡t|dƒ ¡t ||¡dS)zKEnsure that replace will effectively rename src into dst for all platforms.r©r§roN)rrrrrbrdrÚreplace)rr©r§rrrÚ test_os_replace_to_existing_files  z.OsReplaceTest.test_os_replace_to_existing_fileN)rNrOrPrQr»rrrrr¹sr¹cs0eZdZdZ‡fdd„Zdd„Zdd„Z‡ZS)Ú RealpathTestzTests for realpath methodcstƒ ¡t|jƒ|_dSr r rrrrrs zRealpathTest.setUpc Cs’t |j¡|_tj |jd¡}t |j|¡t ¡}tj |jd¡}tj  |j¡}z.t  tj  |j¡¡t ||¡Wt  |¡n t  |¡0dS)NZlink_absZlink_rel) rÚrealpathrrrrrrÚgetcwdÚbasenameÚchdirÚdirname)rr ÚcurdirZ probe_namerrrr#s z$RealpathTest.test_symlink_resolutioncCstj |jd¡}tj |jd¡}tj |jd¡}t ||¡t ||¡t ||¡tjtdd}t  |¡Wdƒn1s‚0YdS)NZlink1Zlink2Zlink3zlink1 is a loop!)Úmatch) rrrrrrwrxÚ RuntimeErrorrr½)rZ link1_pathZ link2_pathZ link3_pathÚerrorrrrÚtest_symlink_loop_mitigation0s   z)RealpathTest.test_symlink_loop_mitigation)rNrOrPrQrr#rÆrRrrrrr¼s r¼c@sleZdZdZdd„Ze d¡e d¡dd„ƒƒZe d¡e d¡dd „ƒƒZe d¡e d¡d d „ƒƒZ d S) ÚIsExecutableTestzTests for is_executable methodcsxtj |jd¡}ddlm‰d ‡fdd„ }tjd|d,t t   |tj tj Bd¡¡Wdƒn1sj0YdS) NZfoor©Ú_generate_daclcs.ˆ|||ƒ}td| ¡ƒD]}| d¡q|Sr?)r7r8Z DeleteAce)Zuser_sidrZÚmaskr(rKrÈrrÚ _execute_mockKs  z;IsExecutableTest.test_not_executable.._execute_mockz(certbot.compat.filesystem._generate_dacl)Z side_effecti¶)N) rrrrZcertbot.compat.filesystemrÉrr˜rdrrbrcÚO_WRONLY)rZ file_pathrËrrÈrÚtest_not_executable>s  :z$IsExecutableTest.test_not_executablez(certbot.compat.filesystem.os.path.isfilez#certbot.compat.filesystem.os.accesscCs6tƒd|_d|_Wdƒn1s(0YdS©NT©Ú_fix_windows_runtimer™©rZ mock_accessZ mock_isfilerrrÚtest_full_pathWszIsExecutableTest.test_full_pathcCs6tƒd|_d|_Wdƒn1s(0YdSrÎrÏrÑrrrÚ test_rel_path_szIsExecutableTest.test_rel_pathcCs6tƒd|_d|_Wdƒn1s(0YdS)NTFrÏrÑrrrÚtest_not_foundgszIsExecutableTest.test_not_foundN) rNrOrPrQrÍrr˜rÒrÓrÔrrrrrÇ<s  rÇc@sleZdZejedde d¡dd„ƒƒZej edde d¡dd„ƒƒZ ej edde d¡d d „ƒƒZ d S) Ú ReadlinkTestzTests specific to Linuxrz%certbot.compat.filesystem.os.readlinkcCs d|_dS)Nz /normal/path©r™©rZ mock_readlinkrrrÚtest_path_posixqszReadlinkTest.test_path_posixzTests specific to WindowscCs d|_dS)Nz\\?\C:\short\pathrÖr×rrrÚtest_normal_path_windowswsz%ReadlinkTest.test_normal_path_windowscCsFddd|_t t¡t d¡Wdƒn1s80YdS)Nz \\?\C:\longièz\pathr“)r™rwrxÚ ValueErrorrÚreadlinkr×rrrÚtest_extended_path_windows~s z'ReadlinkTest.test_extended_path_windowsN) rNrOrPr«r­rgrr˜rØr¬rÙrÜrrrrrÕps     rÕccs^tjdkrdVnHt d¡.}|jj}|jj}tj|_dVWdƒn1sP0YdS)NÚntr’) rr¨rr˜r™rZGetEffectiveRightsFromAclr<rA)rœZ dacl_mockZ mode_mockrrrrІs  rÐcCst |tj¡Sr )r$ÚGetFileSecurityZDACL_SECURITY_INFORMATION©Útargetrrrr’srcCst |tj¡Sr )r$rÞÚOWNER_SECURITY_INFORMATIONrßrrrrI–srIcCs | |d¡t |tj|¡dS)NF)r—r$ZSetFileSecurityrá)ràrLÚuserrrrrJšs ÿrJÚprobecCs2t |d¡tj ||¡}tj|ddd ¡|S)Nr¶ro)r)rrrrrrr¥rd)rr¨rrrrr s rÚ__main__r@)rã)4rQÚ contextlibÚerrnoÚsysr«rrwZcertbotrZcertbot._internalrZcertbot.compatrrZcertbot.tests.utilZtestsZ test_utilrr<rHr$rgÚ ImportErrorr&r5r6r¬r rSrfrir€rˆrr‘r®r¹r¼rÇZTestCaserÕÚcontextmanagerrÐrrIrJrrNÚexitÚmainÚargvÚ__file__rrrrÚs\         w3 F (IC)4