summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/mailman/Utils.py114
-rw-r--r--src/mailman/queue/__init__.py1
-rw-r--r--src/mailman/tests/test_security_mgr.py241
3 files changed, 1 insertions, 355 deletions
diff --git a/src/mailman/Utils.py b/src/mailman/Utils.py
index c07888fc5..384d25702 100644
--- a/src/mailman/Utils.py
+++ b/src/mailman/Utils.py
@@ -149,120 +149,6 @@ def wrap(text, column=70, honor_leading_ws=True):
-_vowels = ('a', 'e', 'i', 'o', 'u')
-_consonants = ('b', 'c', 'd', 'f', 'g', 'h', 'k', 'm', 'n',
- 'p', 'r', 's', 't', 'v', 'w', 'x', 'z')
-_syllables = []
-
-for v in _vowels:
- for c in _consonants:
- _syllables.append(c+v)
- _syllables.append(v+c)
-del c, v
-
-def UserFriendly_MakeRandomPassword(length):
- syls = []
- while len(syls) * 2 < length:
- syls.append(random.choice(_syllables))
- return EMPTYSTRING.join(syls)[:length]
-
-
-def Secure_MakeRandomPassword(length):
- bytesread = 0
- bytes = []
- fd = None
- try:
- while bytesread < length:
- try:
- # Python 2.4 has this on available systems.
- newbytes = os.urandom(length - bytesread)
- except (AttributeError, NotImplementedError):
- if fd is None:
- try:
- fd = os.open('/dev/urandom', os.O_RDONLY)
- except OSError, e:
- if e.errno != errno.ENOENT:
- raise
- # We have no available source of cryptographically
- # secure random characters. Log an error and fallback
- # to the user friendly passwords.
- log.error(
- 'urandom not available, passwords not secure')
- return UserFriendly_MakeRandomPassword(length)
- newbytes = os.read(fd, length - bytesread)
- bytes.append(newbytes)
- bytesread += len(newbytes)
- s = base64.encodestring(EMPTYSTRING.join(bytes))
- # base64 will expand the string by 4/3rds
- return s.replace('\n', '')[:length]
- finally:
- if fd is not None:
- os.close(fd)
-
-
-def MakeRandomPassword(length=None):
- if length is None:
- length = int(config.passwords.member_password_length)
- if as_boolean(config.passwords.user_friendly_passwords):
- password = UserFriendly_MakeRandomPassword(length)
- else:
- password = Secure_MakeRandomPassword(length)
- return password.decode('ascii')
-
-
-def GetRandomSeed():
- chr1 = int(random.random() * 52)
- chr2 = int(random.random() * 52)
- def mkletter(c):
- if 0 <= c < 26:
- c += 65
- if 26 <= c < 52:
- #c = c - 26 + 97
- c += 71
- return c
- return "%c%c" % tuple(map(mkletter, (chr1, chr2)))
-
-
-
-def set_global_password(pw, siteadmin=True, scheme=None):
- if scheme is None:
- scheme = passwords.Schemes.ssha
- if siteadmin:
- filename = config.SITE_PW_FILE
- else:
- filename = config.LISTCREATOR_PW_FILE
- try:
- fp = open(filename, 'w')
- print >> fp, passwords.make_secret(pw, scheme)
- finally:
- fp.close()
-
-
-def get_global_password(siteadmin=True):
- if siteadmin:
- filename = config.SITE_PW_FILE
- else:
- filename = config.LISTCREATOR_PW_FILE
- try:
- fp = open(filename)
- challenge = fp.read()[:-1] # strip off trailing nl
- fp.close()
- except IOError, e:
- if e.errno != errno.ENOENT:
- raise
- # It's okay not to have a site admin password
- return None
- return challenge
-
-
-def check_global_password(response, siteadmin=True):
- challenge = get_global_password(siteadmin)
- if challenge is None:
- return False
- return passwords.check_response(challenge, response)
-
-
-
def websafe(s):
return cgi.escape(s, quote=True)
diff --git a/src/mailman/queue/__init__.py b/src/mailman/queue/__init__.py
index 901e99cfc..8abc5e9a6 100644
--- a/src/mailman/queue/__init__.py
+++ b/src/mailman/queue/__init__.py
@@ -462,6 +462,7 @@ class Runner:
def _clean_up(self):
"""See `IRunner`."""
+ pass
def _dispose(self, mlist, msg, msgdata):
"""See `IRunner`."""
diff --git a/src/mailman/tests/test_security_mgr.py b/src/mailman/tests/test_security_mgr.py
deleted file mode 100644
index a4f9c1cf4..000000000
--- a/src/mailman/tests/test_security_mgr.py
+++ /dev/null
@@ -1,241 +0,0 @@
-# Copyright (C) 2001-2011 by the Free Software Foundation, Inc.
-#
-# This file is part of GNU Mailman.
-#
-# GNU Mailman is free software: you can redistribute it and/or modify it under
-# the terms of the GNU General Public License as published by the Free
-# Software Foundation, either version 3 of the License, or (at your option)
-# any later version.
-#
-# GNU Mailman is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
-# more details.
-#
-# You should have received a copy of the GNU General Public License along with
-# GNU Mailman. If not, see <http://www.gnu.org/licenses/>.
-
-"""Unit tests for the SecurityManager module."""
-
-from __future__ import absolute_import, unicode_literals
-
-__metaclass__ = type
-__all__ = [
- 'test_suite',
- ]
-
-
-import os
-import errno
-import unittest
-
-# Don't use cStringIO because we're going to inherit
-from StringIO import StringIO
-
-from mailman import Utils
-from mailman import passwords
-from mailman.config import config
-
-
-
-def password(cleartext):
- return passwords.make_secret(cleartext, passwords.Schemes.ssha)
-
-
-
-class TestSecurityManager(unittest.TestCase):
- def test_init_vars(self):
- eq = self.assertEqual
- eq(self._mlist.mod_password, None)
- eq(self._mlist.passwords, {})
-
- def test_auth_context_info_authuser(self):
- mlist = self._mlist
- self.assertRaises(TypeError, mlist.AuthContextInfo, config.AuthUser)
- # Add a member
- mlist.addNewMember('aperson@dom.ain', password='xxXXxx')
- self.assertEqual(
- mlist.AuthContextInfo(config.AuthUser, 'aperson@dom.ain'),
- ('_xtest%40example.com+user+aperson--at--dom.ain', 'xxXXxx'))
-
- def test_auth_context_moderator(self):
- mlist = self._mlist
- mlist.mod_password = 'yyYYyy'
- self.assertEqual(
- mlist.AuthContextInfo(config.AuthListModerator),
- ('_xtest%40example.com+moderator', 'yyYYyy'))
-
- def test_auth_context_admin(self):
- mlist = self._mlist
- mlist.password = 'zzZZzz'
- self.assertEqual(
- mlist.AuthContextInfo(config.AuthListAdmin),
- ('_xtest%40example.com+admin', 'zzZZzz'))
-
- def test_auth_context_site(self):
- mlist = self._mlist
- mlist.password = 'aaAAaa'
- self.assertEqual(
- mlist.AuthContextInfo(config.AuthSiteAdmin),
- ('_xtest%40example.com+admin', 'aaAAaa'))
-
- def test_auth_context_huh(self):
- self.assertEqual(
- self._mlist.AuthContextInfo('foo'),
- (None, None))
-
-
-
-class TestAuthenticate(unittest.TestCase):
- def setUp(self):
- Utils.set_global_password('bbBBbb', siteadmin=True)
- Utils.set_global_password('ccCCcc', siteadmin=False)
-
- def tearDown(self):
- try:
- os.unlink(config.SITE_PW_FILE)
- except OSError, e:
- if e.errno <> errno.ENOENT:
- raise
- try:
- os.unlink(config.LISTCREATOR_PW_FILE)
- except OSError, e:
- if e.errno <> errno.ENOENT:
- raise
-
- def test_auth_creator(self):
- self.assertEqual(self._mlist.Authenticate(
- [config.AuthCreator], 'ccCCcc'), config.AuthCreator)
-
- def test_auth_creator_unauth(self):
- self.assertEqual(self._mlist.Authenticate(
- [config.AuthCreator], 'xxxxxx'), config.UnAuthorized)
-
- def test_auth_site_admin(self):
- self.assertEqual(self._mlist.Authenticate(
- [config.AuthSiteAdmin], 'bbBBbb'), config.AuthSiteAdmin)
-
- def test_auth_site_admin_unauth(self):
- self.assertEqual(self._mlist.Authenticate(
- [config.AuthSiteAdmin], 'xxxxxx'), config.UnAuthorized)
-
- def test_list_admin(self):
- self._mlist.password = password('ttTTtt')
- self.assertEqual(self._mlist.Authenticate(
- [config.AuthListAdmin], 'ttTTtt'), config.AuthListAdmin)
-
- def test_list_admin_unauth(self):
- self._mlist.password = password('ttTTtt')
- self.assertEqual(self._mlist.Authenticate(
- [config.AuthListAdmin], 'xxxxxx'), config.UnAuthorized)
-
- def test_list_moderator(self):
- self._mlist.mod_password = password('mmMMmm')
- self.assertEqual(self._mlist.Authenticate(
- [config.AuthListModerator], 'mmMMmm'), config.AuthListModerator)
-
- def test_user(self):
- mlist = self._mlist
- mlist.addNewMember('aperson@dom.ain', password=password('nosrepa'))
- self.assertEqual(mlist.Authenticate(
- [config.AuthUser], 'nosrepa', 'aperson@dom.ain'), config.AuthUser)
-
- def test_wrong_user(self):
- mlist = self._mlist
- mlist.addNewMember('aperson@dom.ain', password='nosrepa')
- self.assertEqual(
- mlist.Authenticate([config.AuthUser], 'nosrepa', 'bperson@dom.ain'),
- config.UnAuthorized)
-
- def test_no_user(self):
- mlist = self._mlist
- mlist.addNewMember('aperson@dom.ain', password='nosrepa')
- self.assertEqual(mlist.Authenticate([config.AuthUser], 'norespa'),
- config.UnAuthorized)
-
- def test_user_unauth(self):
- mlist = self._mlist
- mlist.addNewMember('aperson@dom.ain', password='nosrepa')
- self.assertEqual(mlist.Authenticate(
- [config.AuthUser], 'xxxxxx', 'aperson@dom.ain'),
- config.UnAuthorized)
-
- def test_value_error(self):
- self.assertRaises(ValueError, self._mlist.Authenticate,
- ['spooge'], 'xxxxxx', 'zperson@dom.ain')
-
-
-
-class StripperIO(StringIO):
- HEAD = 'Set-Cookie: '
- def write(self, s):
- if s.startswith(self.HEAD):
- s = s[len(self.HEAD):]
- StringIO.write(self, s)
-
-
-class TestWebAuthenticate(unittest.TestCase):
- def setUp(self):
- Utils.set_global_password('bbBBbb', siteadmin=True)
- Utils.set_global_password('ccCCcc', siteadmin=False)
- mlist = self._mlist
- mlist.mod_password = password('abcdefg')
- mlist.addNewMember('aperson@dom.ain', password='qqQQqq')
- # Set up the cookie data
- sfp = StripperIO()
- print >> sfp, mlist.MakeCookie(config.AuthSiteAdmin)
- # AuthCreator isn't handled in AuthContextInfo()
- print >> sfp, mlist.MakeCookie(config.AuthListAdmin)
- print >> sfp, mlist.MakeCookie(config.AuthListModerator)
- print >> sfp, mlist.MakeCookie(config.AuthUser, 'aperson@dom.ain')
- # Strip off the "Set-Cookie: " prefix
- cookie = sfp.getvalue()
- os.environ['HTTP_COOKIE'] = cookie
-
- def tearDown(self):
- try:
- os.unlink(config.SITE_PW_FILE)
- except OSError, e:
- if e.errno <> errno.ENOENT:
- raise
- try:
- os.unlink(config.LISTCREATOR_PW_FILE)
- except OSError, e:
- if e.errno <> errno.ENOENT:
- raise
- del os.environ['HTTP_COOKIE']
-
- def test_auth_site_admin(self):
- self.failUnless(self._mlist.WebAuthenticate(
- [config.AuthSiteAdmin], 'does not matter'))
-
- def test_list_admin(self):
- self.failUnless(self._mlist.WebAuthenticate(
- [config.AuthListAdmin], 'does not matter'))
-
- def test_list_moderator(self):
- self.failUnless(self._mlist.WebAuthenticate(
- [config.AuthListModerator], 'does not matter'))
-
- def test_user(self):
- self.failUnless(self._mlist.WebAuthenticate(
- [config.AuthUser], 'does not matter'))
-
- def test_not_a_user(self):
- self._mlist.removeMember('aperson@dom.ain')
- self.failIf(self._mlist.WebAuthenticate(
- [config.AuthUser], 'does not matter', 'aperson@dom.ain'))
-
-
-
-# TBD: Tests for MakeCookie(), ZapCookie(), CheckCookie() -- although the
-# latter is implicitly tested by testing WebAuthenticate() above.
-
-
-
-def test_suite():
- suite = unittest.TestSuite()
-## suite.addTest(unittest.makeSuite(TestSecurityManager))
-## suite.addTest(unittest.makeSuite(TestAuthenticate))
-## suite.addTest(unittest.makeSuite(TestWebAuthenticate))
- return suite
generated by cgit v1.2.3-70-g09d2 (git 2.51.2) at 2025-11-08 16:50:29 +0000