diff --git a/tests/TestScripts/test-func-launcher.py b/tests/TestScripts/test-func-launcher.py index 0e3419c..60a3deb 100644 --- a/tests/TestScripts/test-func-launcher.py +++ b/tests/TestScripts/test-func-launcher.py @@ -183,10 +183,14 @@ class launcher_tests (unittest.TestCase): #check if p.pid is same as pgrep appname #in a global dictionary, append the pid process_handle = run_app_as_user(app) + time.sleep(8) + process_id = get_pid('fala_ft_hello') pid_list = process_id.split() + self.assert_(len(pid_list) == len(LAUNCHABLE_APPS), "All Applications were not launched using launcher") + for pid in pid_list: kill_process(apppid=pid) @@ -198,25 +202,27 @@ class launcher_tests (unittest.TestCase): the launched application should die too. """ - invoker = '/usr/bin/invoker' app_path = '/usr/bin/fala_ft_hello.launch' - # Launch the app with invoker - p = subprocess.Popen(('%s --type=m --wait-term %s' % (invoker, app_path)).split(), - shell = False, - stdout = DEV_NULL, stderr = DEV_NULL) + # Launch the app with invoker using --wait-term + p = run_app_as_user('invoker --type=m --wait-term %s' % app_path) + + time.sleep(2) # Retrieve their pids invoker_pid = wait_for_app('invoker') app_pid = wait_for_app('fala_ft_hello') + print "invoker_pid '%s'" % invoker_pid + print "app_pid '%s'" % app_pid + # Make sure that both apps started self.assert_(invoker_pid != None, "invoker not executed?") self.assert_(app_pid != None, "%s not launched by invoker?" % app_path) # Send SIGTERM to invoker, the launched app should die kill_process(None, invoker_pid, 15) - + time.sleep(2) # This should be None diff --git a/tests/TestScripts/test-security.py b/tests/TestScripts/test-security.py index 765e261..0894c43 100644 --- a/tests/TestScripts/test-security.py +++ b/tests/TestScripts/test-security.py @@ -58,12 +58,22 @@ class SecurityTests(unittest.TestCase): self.assert_(creds != None, "error retrieving credentials") - # Credentials should be dropped, but uid/gid retained - req_creds = ['UID::user', 'GID::users'] + groups = get_groups_for_user() + + print "user belongs to groups: %s" % ', '.join(groups) + + def grouper(x): return 'GRP::' + x + groups = map(grouper, groups) + + # Credentials should be dropped, but uid/gid + groups retained + req_creds = ['UID::user', 'GID::users'] + groups creds.sort() req_creds.sort() + print "APP HAS: " + ', '.join(creds) + print "REQUIRED: " + ', '.join(req_creds) + self.assert_(creds == req_creds, "fala_ft_hello has different creds set!") diff --git a/tests/TestScripts/utils.py b/tests/TestScripts/utils.py index 2200277..ba86600 100644 --- a/tests/TestScripts/utils.py +++ b/tests/TestScripts/utils.py @@ -61,7 +61,7 @@ def restart_applauncherd(): stop_applauncherd() start_applauncherd() -def run_app_as_user(appname): +def run_app_as_user(appname, out = DEV_NULL, err = DEV_NULL): """ Runs the specified command as a user. """ @@ -76,7 +76,7 @@ def run_app_as_user(appname): raise TypeError("List or string expected") p = subprocess.Popen(cmd, shell = False, - stdout = DEV_NULL, stderr = DEV_NULL) + stdout = out, stderr = err) return p def get_pid(appname): @@ -87,6 +87,17 @@ def get_pid(appname): else: return None +def get_newest_pid(app): + p = subprocess.Popen(['pgrep', '-n', app], shell = False, + stdout = subprocess.PIPE, stderr = DEV_NULL) + + op = p.communicate()[0] + + if p.wait() == 0: + return op.strip() + + return None + def wait_for_app(app = None, timeout = 5, sleep = 0.5): """ Waits for an application to start. Checks periodically if @@ -100,7 +111,7 @@ def wait_for_app(app = None, timeout = 5, sleep = 0.5): start = time.time() while pid == None and time.time() < start + timeout: - pid = get_pid(app) + pid = get_newest_pid(app) if pid != None: break @@ -236,3 +247,12 @@ def get_file_descriptor(booster, type): print "The number of changed file descriptors %d" %count kill_process(apppid=pid) return count + +def get_groups_for_user(): + # get supplementary groups user belongs to (doesn't return + # the gid group) + p = run_app_as_user(['id', '-Gn'], out = subprocess.PIPE) + groups = p.communicate()[0].split()[1:] + p.wait() + + return groups