Distinguish rootwrap Authorization vs Not found errors
Rootwrap will return "not authorized" for a command that is defined in the rootwrap filters but not installed on the system. Therefore return the first matching filter for such a command so that sudo will try to execute it and return a more appropriate error. Change-Id: I77eeff229e73d55083a735af7a9029469132c800
This commit is contained in:
parent
01dbefb085
commit
6c31605ea3
@ -47,13 +47,17 @@ def match_filter(filters, userargs):
|
||||
returns the first matching filter, or None is none matched.
|
||||
"""
|
||||
|
||||
found_filter = None
|
||||
|
||||
for f in filters:
|
||||
if f.match(userargs):
|
||||
# Skip if executable is absent
|
||||
# Try other filters if executable is absent
|
||||
if not os.access(f.exec_path, os.X_OK):
|
||||
if not found_filter:
|
||||
found_filter = f
|
||||
continue
|
||||
# Otherwise return matching filter for execution
|
||||
return f
|
||||
|
||||
# No filter matched
|
||||
return None
|
||||
# No filter matched or first missing executable
|
||||
return found_filter
|
||||
|
@ -47,8 +47,11 @@ class RootwrapTestCase(test.TestCase):
|
||||
self.assertTrue(filtermatch is None)
|
||||
|
||||
def test_missing_command(self):
|
||||
usercmd = ["foo_bar_not_exist"]
|
||||
filtermatch = wrapper.match_filter(self.filters, usercmd)
|
||||
valid_but_missing = ["foo_bar_not_exist"]
|
||||
invalid = ["foo_bar_not_exist_and_not_matched"]
|
||||
filtermatch = wrapper.match_filter(self.filters, valid_but_missing)
|
||||
self.assertTrue(filtermatch is not None)
|
||||
filtermatch = wrapper.match_filter(self.filters, invalid)
|
||||
self.assertTrue(filtermatch is None)
|
||||
|
||||
def test_DnsmasqFilter(self):
|
||||
|
Loading…
Reference in New Issue
Block a user