From 224d2b2083f7f5891b75eea478c8adb8290ad53a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?P=C3=A1draig=20Brady?= Date: Tue, 6 Mar 2012 18:11:33 +0000 Subject: [PATCH] Distinguish rootwrap Authorization vs Not found errors Rootwrap will return "not authorized" for a command that is defined in the rootwrap filters but not installed on the system. Therefore return the first matching filter for such a command so that sudo will try to execute it and return a more appropriate error. Change-Id: I77eeff229e73d55083a735af7a9029469132c800 --- nova/rootwrap/wrapper.py | 10 +++++++--- nova/tests/test_nova_rootwrap.py | 7 +++++-- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/nova/rootwrap/wrapper.py b/nova/rootwrap/wrapper.py index 52e67c5d..5a9c06d5 100755 --- a/nova/rootwrap/wrapper.py +++ b/nova/rootwrap/wrapper.py @@ -47,13 +47,17 @@ def match_filter(filters, userargs): returns the first matching filter, or None is none matched. """ + found_filter = None + for f in filters: if f.match(userargs): - # Skip if executable is absent + # Try other filters if executable is absent if not os.access(f.exec_path, os.X_OK): + if not found_filter: + found_filter = f continue # Otherwise return matching filter for execution return f - # No filter matched - return None + # No filter matched or first missing executable + return found_filter diff --git a/nova/tests/test_nova_rootwrap.py b/nova/tests/test_nova_rootwrap.py index bb2ceeb6..ee687eac 100644 --- a/nova/tests/test_nova_rootwrap.py +++ b/nova/tests/test_nova_rootwrap.py @@ -47,8 +47,11 @@ class RootwrapTestCase(test.TestCase): self.assertTrue(filtermatch is None) def test_missing_command(self): - usercmd = ["foo_bar_not_exist"] - filtermatch = wrapper.match_filter(self.filters, usercmd) + valid_but_missing = ["foo_bar_not_exist"] + invalid = ["foo_bar_not_exist_and_not_matched"] + filtermatch = wrapper.match_filter(self.filters, valid_but_missing) + self.assertTrue(filtermatch is not None) + filtermatch = wrapper.match_filter(self.filters, invalid) self.assertTrue(filtermatch is None) def test_DnsmasqFilter(self):