/ - Diff - snf-ganeti - Greek Research and Technology Network's projects

Revision 405bffe2

       hyper.PowercycleNode()
     def _VerifyRemoteCommandName(cmd):
     def _VerifyRestrictedCmdName(cmd):
       """Verifies a remote command name.
       @type cmd: string
-...
       return (True, None)
     def _CommonRemoteCommandCheck(path, owner):
     def _CommonRestrictedCmdCheck(path, owner):
       """Common checks for remote command file system directories and files.
       @type path: string
-...
       return (True, st)
     def _VerifyRemoteCommandDirectory(path, _owner=None):
     def _VerifyRestrictedCmdDirectory(path, _owner=None):
       """Verifies remote command directory.
       @type path: string
-...
         element is an error message string, otherwise it's C{None}
       """
       (status, value) = _CommonRemoteCommandCheck(path, _owner)
       (status, value) = _CommonRestrictedCmdCheck(path, _owner)
       if not status:
         return (False, value)
-...
       return (True, None)
     def _VerifyRemoteCommand(path, cmd, _owner=None):
     def _VerifyRestrictedCmd(path, cmd, _owner=None):
       """Verifies a whole remote command and returns its executable filename.
       @type path: string
-...
       """
       executable = utils.PathJoin(path, cmd)
       (status, msg) = _CommonRemoteCommandCheck(executable, _owner)
       (status, msg) = _CommonRestrictedCmdCheck(executable, _owner)
       if not status:
         return (False, msg)
-...
       return (True, executable)
     def _PrepareRemoteCommand(path, cmd,
                               _verify_dir=_VerifyRemoteCommandDirectory,
                               _verify_name=_VerifyRemoteCommandName,
                               _verify_cmd=_VerifyRemoteCommand):
     def _PrepareRestrictedCmd(path, cmd,
                               _verify_dir=_VerifyRestrictedCmdDirectory,
                               _verify_name=_VerifyRestrictedCmdName,
                               _verify_cmd=_VerifyRestrictedCmd):
       """Performs a number of tests on a remote command.
       @type path: string
       @param path: Directory containing remote commands
       @type cmd: string
       @param cmd: Command name
       @return: Same as L{_VerifyRemoteCommand}
       @return: Same as L{_VerifyRestrictedCmd}
       """
       # Verify the directory first
-...
                          _lock_file=pathutils.RESTRICTED_COMMANDS_LOCK_FILE,
                          _path=pathutils.RESTRICTED_COMMANDS_DIR,
                          _sleep_fn=time.sleep,
                          _prepare_fn=_PrepareRemoteCommand,
                          _prepare_fn=_PrepareRestrictedCmd,
                          _runcmd_fn=utils.RunCmd,
                          _enabled=constants.ENABLE_RESTRICTED_COMMANDS):
       """Executes a remote command after performing strict tests.

         tmpname = self._PrepareTest()
         os.chown(tmpname, 0, 0)
         (status, value) = backend._CommonRemoteCommandCheck(tmpname, None)
         (status, value) = backend._CommonRestrictedCmdCheck(tmpname, None)
         self.assertTrue(status)
         self.assertTrue(value)
-...
           self.assertFalse(uid == os.getuid() and gid == os.getgid())
           os.chown(tmpname, uid, gid)
           (status, errmsg) = backend._CommonRemoteCommandCheck(tmpname, None)
           (status, errmsg) = backend._CommonRestrictedCmdCheck(tmpname, None)
           self.assertFalse(status)
           self.assertTrue("foobar' is not owned by " in errmsg)

                     "Result from netutils.TcpPing corrupted")
     def _DefRemoteCommandOwner():
     def _DefRestrictedCmdOwner():
       return (os.getuid(), os.getgid())
     class TestVerifyRemoteCommandName(unittest.TestCase):
     class TestVerifyRestrictedCmdName(unittest.TestCase):
       def testAcceptableName(self):
         for i in ["foo", "bar", "z1", "000first", "hello-world"]:
           for fn in [lambda s: s, lambda s: s.upper(), lambda s: s.title()]:
             (status, msg) = backend._VerifyRemoteCommandName(fn(i))
             (status, msg) = backend._VerifyRestrictedCmdName(fn(i))
             self.assertTrue(status)
             self.assertTrue(msg is None)
       def testEmptyAndSpace(self):
         for i in ["", " ", "\t", "\n"]:
           (status, msg) = backend._VerifyRemoteCommandName(i)
           (status, msg) = backend._VerifyRestrictedCmdName(i)
           self.assertFalse(status)
           self.assertEqual(msg, "Missing command name")
       def testNameWithSlashes(self):
         for i in ["/", "./foo", "../moo", "some/name"]:
           (status, msg) = backend._VerifyRemoteCommandName(i)
           (status, msg) = backend._VerifyRestrictedCmdName(i)
           self.assertFalse(status)
           self.assertEqual(msg, "Invalid command name")
       def testForbiddenCharacters(self):
         for i in ["#", ".", "..", "bash -c ls", "'"]:
           (status, msg) = backend._VerifyRemoteCommandName(i)
           (status, msg) = backend._VerifyRestrictedCmdName(i)
           self.assertFalse(status)
           self.assertEqual(msg, "Command name contains forbidden characters")
     class TestVerifyRemoteCommandDirectory(unittest.TestCase):
     class TestVerifyRestrictedCmdDirectory(unittest.TestCase):
       def setUp(self):
         self.tmpdir = tempfile.mkdtemp()
-...
         tmpname = utils.PathJoin(self.tmpdir, "foobar")
         self.assertFalse(os.path.exists(tmpname))
         (status, msg) = \
           backend._VerifyRemoteCommandDirectory(tmpname, _owner=NotImplemented)
           backend._VerifyRestrictedCmdDirectory(tmpname, _owner=NotImplemented)
         self.assertFalse(status)
         self.assertTrue(msg.startswith("Can't stat(2) '"))
-...
           os.chmod(tmpname, mode)
           self.assertTrue(os.path.isdir(tmpname))
           (status, msg) = \
             backend._VerifyRemoteCommandDirectory(tmpname, _owner=NotImplemented)
             backend._VerifyRestrictedCmdDirectory(tmpname, _owner=NotImplemented)
           self.assertFalse(status)
           self.assertTrue(msg.startswith("Permissions on '"))
-...
         utils.WriteFile(tmpname, data="empty\n")
         self.assertTrue(os.path.isfile(tmpname))
         (status, msg) = \
           backend._VerifyRemoteCommandDirectory(tmpname,
                                                 _owner=_DefRemoteCommandOwner())
           backend._VerifyRestrictedCmdDirectory(tmpname,
                                                 _owner=_DefRestrictedCmdOwner())
         self.assertFalse(status)
         self.assertTrue(msg.endswith("is not a directory"))
-...
         os.mkdir(tmpname)
         self.assertTrue(os.path.isdir(tmpname))
         (status, msg) = \
           backend._VerifyRemoteCommandDirectory(tmpname,
                                                 _owner=_DefRemoteCommandOwner())
           backend._VerifyRestrictedCmdDirectory(tmpname,
                                                 _owner=_DefRestrictedCmdOwner())
         self.assertTrue(status)
         self.assertTrue(msg is None)
     class TestVerifyRemoteCommand(unittest.TestCase):
     class TestVerifyRestrictedCmd(unittest.TestCase):
       def setUp(self):
         self.tmpdir = tempfile.mkdtemp()
-...
         tmpname = utils.PathJoin(self.tmpdir, "helloworld")
         self.assertFalse(os.path.exists(tmpname))
         (status, msg) = \
           backend._VerifyRemoteCommand(self.tmpdir, "helloworld",
           backend._VerifyRestrictedCmd(self.tmpdir, "helloworld",
                                        _owner=NotImplemented)
         self.assertFalse(status)
         self.assertTrue(msg.startswith("Can't stat(2) '"))
-...
         tmpname = utils.PathJoin(self.tmpdir, "cmdname")
         utils.WriteFile(tmpname, data="empty\n")
         (status, msg) = \
           backend._VerifyRemoteCommand(self.tmpdir, "cmdname",
                                        _owner=_DefRemoteCommandOwner())
           backend._VerifyRestrictedCmd(self.tmpdir, "cmdname",
                                        _owner=_DefRestrictedCmdOwner())
         self.assertFalse(status)
         self.assertTrue(msg.startswith("access(2) thinks '"))
-...
         tmpname = utils.PathJoin(self.tmpdir, "cmdname")
         utils.WriteFile(tmpname, data="empty\n", mode=0700)
         (status, executable) = \
           backend._VerifyRemoteCommand(self.tmpdir, "cmdname",
                                        _owner=_DefRemoteCommandOwner())
           backend._VerifyRestrictedCmd(self.tmpdir, "cmdname",
                                        _owner=_DefRestrictedCmdOwner())
         self.assertTrue(status)
         self.assertEqual(executable, tmpname)
     class TestPrepareRemoteCommand(unittest.TestCase):
     class TestPrepareRestrictedCmd(unittest.TestCase):
       _TEST_PATH = "/tmp/some/test/path"
       def testDirFails(self):
-...
           return (False, "test error 31420")
         (status, msg) = \
           backend._PrepareRemoteCommand(self._TEST_PATH, "cmd21152",
           backend._PrepareRestrictedCmd(self._TEST_PATH, "cmd21152",
                                         _verify_dir=fn,
                                         _verify_name=NotImplemented,
                                         _verify_cmd=NotImplemented)
-...
           return (False, "test error 591")
         (status, msg) = \
           backend._PrepareRemoteCommand(self._TEST_PATH, "cmd4617",
           backend._PrepareRestrictedCmd(self._TEST_PATH, "cmd4617",
                                         _verify_dir=lambda _: (True, None),
                                         _verify_name=fn,
                                         _verify_cmd=NotImplemented)
-...
           return (False, "test error 25524")
         (status, msg) = \
           backend._PrepareRemoteCommand(self._TEST_PATH, "cmd17577",
           backend._PrepareRestrictedCmd(self._TEST_PATH, "cmd17577",
                                         _verify_dir=lambda _: (True, None),
                                         _verify_name=lambda _: (True, None),
                                         _verify_cmd=fn)
-...
           return (True, utils.PathJoin(path, cmd))
         (status, executable) = \
           backend._PrepareRemoteCommand(self._TEST_PATH, "cmd22633",
           backend._PrepareRestrictedCmd(self._TEST_PATH, "cmd22633",
                                         _verify_dir=lambda _: (True, None),
                                         _verify_name=lambda _: (True, None),
                                         _verify_cmd=fn)
-...
         self.assertEqual(executable, utils.PathJoin(self._TEST_PATH, "cmd22633"))
     def _SleepForRemoteCommand(duration):
     def _SleepForRestrictedCmd(duration):
       assert duration > 5
     def _GenericRemoteCommandError(cmd):
     def _GenericRestrictedCmdError(cmd):
       return "Executing command '%s' failed" % cmd
-...
       def testNonExistantLockDirectory(self):
         lockfile = utils.PathJoin(self.tmpdir, "does", "not", "exist")
         sleep_fn = testutils.CallCounter(_SleepForRemoteCommand)
         sleep_fn = testutils.CallCounter(_SleepForRestrictedCmd)
         self.assertFalse(os.path.exists(lockfile))
         self.assertRaises(backend.RPCFail,
                           backend.RunRestrictedCmd, "test",
-...
       @staticmethod
       def _TryLock(lockfile):
         sleep_fn = testutils.CallCounter(_SleepForRemoteCommand)
         sleep_fn = testutils.CallCounter(_SleepForRestrictedCmd)
         result = False
         try:
-...
                                    _runcmd_fn=NotImplemented,
                                    _enabled=True)
         except backend.RPCFail, err:
           assert str(err) == _GenericRemoteCommandError("test22717"), \
           assert str(err) == _GenericRestrictedCmdError("test22717"), \
                  "Did not fail with generic error message"
           result = True
-...
       def testPrepareRaisesException(self):
         lockfile = utils.PathJoin(self.tmpdir, "lock")
         sleep_fn = testutils.CallCounter(_SleepForRemoteCommand)
         sleep_fn = testutils.CallCounter(_SleepForRestrictedCmd)
         prepare_fn = testutils.CallCounter(self._PrepareRaisingException)
         try:
-...
                                    _sleep_fn=sleep_fn, _prepare_fn=prepare_fn,
                                    _enabled=True)
         except backend.RPCFail, err:
           self.assertEqual(str(err), _GenericRemoteCommandError("test23122"))
           self.assertEqual(str(err), _GenericRestrictedCmdError("test23122"))
         else:
           self.fail("Didn't fail")
-...
       def testPrepareFails(self):
         lockfile = utils.PathJoin(self.tmpdir, "lock")
         sleep_fn = testutils.CallCounter(_SleepForRemoteCommand)
         sleep_fn = testutils.CallCounter(_SleepForRestrictedCmd)
         prepare_fn = testutils.CallCounter(self._PrepareFails)
         try:
-...
                                    _sleep_fn=sleep_fn, _prepare_fn=prepare_fn,
                                    _enabled=True)
         except backend.RPCFail, err:
           self.assertEqual(str(err), _GenericRemoteCommandError("test29327"))
           self.assertEqual(str(err), _GenericRestrictedCmdError("test29327"))
         else:
           self.fail("Didn't fail")
-...
                                  utils.ShellQuoteArgs(args),
                                  NotImplemented, NotImplemented)
         sleep_fn = testutils.CallCounter(_SleepForRemoteCommand)
         sleep_fn = testutils.CallCounter(_SleepForRestrictedCmd)
         prepare_fn = testutils.CallCounter(self._SuccessfulPrepare)
         runcmd_fn = testutils.CallCounter(fn)
-...
                                  utils.ShellQuoteArgs(args),
                                  NotImplemented, NotImplemented)
         sleep_fn = testutils.CallCounter(_SleepForRemoteCommand)
         sleep_fn = testutils.CallCounter(_SleepForRestrictedCmd)
         prepare_fn = testutils.CallCounter(self._SuccessfulPrepare)
         runcmd_fn = testutils.CallCounter(fn)

Also available in: Unified diff

Synnefo » snf-ganeti

Revision 405bffe2