Distinguish rootwrap Authorization vs Not found errors

Rootwrap will return "not authorized" for a command
that is defined in the rootwrap filters but not
installed on the system.  Therefore return the first
matching filter for such a command so that sudo will
try to execute it and return a more appropriate error.

Change-Id: I77eeff229e73d55083a735af7a9029469132c800
This commit is contained in:
Pádraig Brady 2012-03-06 18:11:33 +00:00
parent 01dbefb085
commit 6c31605ea3
2 changed files with 12 additions and 5 deletions

View File

@ -47,13 +47,17 @@ def match_filter(filters, userargs):
returns the first matching filter, or None is none matched.
"""
found_filter = None
for f in filters:
if f.match(userargs):
# Skip if executable is absent
# Try other filters if executable is absent
if not os.access(f.exec_path, os.X_OK):
if not found_filter:
found_filter = f
continue
# Otherwise return matching filter for execution
return f
# No filter matched
return None
# No filter matched or first missing executable
return found_filter

View File

@ -47,8 +47,11 @@ class RootwrapTestCase(test.TestCase):
self.assertTrue(filtermatch is None)
def test_missing_command(self):
usercmd = ["foo_bar_not_exist"]
filtermatch = wrapper.match_filter(self.filters, usercmd)
valid_but_missing = ["foo_bar_not_exist"]
invalid = ["foo_bar_not_exist_and_not_matched"]
filtermatch = wrapper.match_filter(self.filters, valid_but_missing)
self.assertTrue(filtermatch is not None)
filtermatch = wrapper.match_filter(self.filters, invalid)
self.assertTrue(filtermatch is None)
def test_DnsmasqFilter(self):