Revision 45bc4635 lib/backend.py
b/lib/backend.py | ||
---|---|---|
1 | 1 |
# |
2 | 2 |
# |
3 | 3 |
|
4 |
# Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012 Google Inc. |
|
4 |
# Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 Google Inc.
|
|
5 | 5 |
# |
6 | 6 |
# This program is free software; you can redistribute it and/or modify |
7 | 7 |
# it under the terms of the GNU General Public License as published by |
... | ... | |
88 | 88 |
_MASTER_START = "start" |
89 | 89 |
_MASTER_STOP = "stop" |
90 | 90 |
|
91 |
#: Maximum file permissions for remote command directory and executables
|
|
91 |
#: Maximum file permissions for restricted command directory and executables
|
|
92 | 92 |
_RCMD_MAX_MODE = (stat.S_IRWXU | |
93 | 93 |
stat.S_IRGRP | stat.S_IXGRP | |
94 | 94 |
stat.S_IROTH | stat.S_IXOTH) |
95 | 95 |
|
96 |
#: Delay before returning an error for remote commands
|
|
96 |
#: Delay before returning an error for restricted commands
|
|
97 | 97 |
_RCMD_INVALID_DELAY = 10 |
98 | 98 |
|
99 |
#: How long to wait to acquire lock for remote commands (shorter than
|
|
99 |
#: How long to wait to acquire lock for restricted commands (shorter than
|
|
100 | 100 |
#: L{_RCMD_INVALID_DELAY}) to reduce blockage of noded forks when many |
101 | 101 |
#: command requests arrive |
102 | 102 |
_RCMD_LOCK_TIMEOUT = _RCMD_INVALID_DELAY * 0.8 |
... | ... | |
3672 | 3672 |
|
3673 | 3673 |
|
3674 | 3674 |
def _VerifyRestrictedCmdName(cmd): |
3675 |
"""Verifies a remote command name.
|
|
3675 |
"""Verifies a restricted command name.
|
|
3676 | 3676 |
|
3677 | 3677 |
@type cmd: string |
3678 | 3678 |
@param cmd: Command name |
... | ... | |
3694 | 3694 |
|
3695 | 3695 |
|
3696 | 3696 |
def _CommonRestrictedCmdCheck(path, owner): |
3697 |
"""Common checks for remote command file system directories and files.
|
|
3697 |
"""Common checks for restricted command file system directories and files.
|
|
3698 | 3698 |
|
3699 | 3699 |
@type path: string |
3700 | 3700 |
@param path: Path to check |
... | ... | |
3724 | 3724 |
|
3725 | 3725 |
|
3726 | 3726 |
def _VerifyRestrictedCmdDirectory(path, _owner=None): |
3727 |
"""Verifies remote command directory.
|
|
3727 |
"""Verifies restricted command directory.
|
|
3728 | 3728 |
|
3729 | 3729 |
@type path: string |
3730 | 3730 |
@param path: Path to check |
... | ... | |
3745 | 3745 |
|
3746 | 3746 |
|
3747 | 3747 |
def _VerifyRestrictedCmd(path, cmd, _owner=None): |
3748 |
"""Verifies a whole remote command and returns its executable filename.
|
|
3748 |
"""Verifies a whole restricted command and returns its executable filename.
|
|
3749 | 3749 |
|
3750 | 3750 |
@type path: string |
3751 |
@param path: Directory containing remote commands
|
|
3751 |
@param path: Directory containing restricted commands
|
|
3752 | 3752 |
@type cmd: string |
3753 | 3753 |
@param cmd: Command name |
3754 | 3754 |
@rtype: tuple; (boolean, string) |
... | ... | |
3774 | 3774 |
_verify_dir=_VerifyRestrictedCmdDirectory, |
3775 | 3775 |
_verify_name=_VerifyRestrictedCmdName, |
3776 | 3776 |
_verify_cmd=_VerifyRestrictedCmd): |
3777 |
"""Performs a number of tests on a remote command.
|
|
3777 |
"""Performs a number of tests on a restricted command.
|
|
3778 | 3778 |
|
3779 | 3779 |
@type path: string |
3780 |
@param path: Directory containing remote commands
|
|
3780 |
@param path: Directory containing restricted commands
|
|
3781 | 3781 |
@type cmd: string |
3782 | 3782 |
@param cmd: Command name |
3783 | 3783 |
@return: Same as L{_VerifyRestrictedCmd} |
... | ... | |
3804 | 3804 |
_prepare_fn=_PrepareRestrictedCmd, |
3805 | 3805 |
_runcmd_fn=utils.RunCmd, |
3806 | 3806 |
_enabled=constants.ENABLE_RESTRICTED_COMMANDS): |
3807 |
"""Executes a remote command after performing strict tests.
|
|
3807 |
"""Executes a restricted command after performing strict tests.
|
|
3808 | 3808 |
|
3809 | 3809 |
@type cmd: string |
3810 | 3810 |
@param cmd: Command name |
... | ... | |
3813 | 3813 |
@raise RPCFail: In case of an error |
3814 | 3814 |
|
3815 | 3815 |
""" |
3816 |
logging.info("Preparing to run remote command '%s'", cmd)
|
|
3816 |
logging.info("Preparing to run restricted command '%s'", cmd)
|
|
3817 | 3817 |
|
3818 | 3818 |
if not _enabled: |
3819 |
_Fail("Remote commands disabled at configure time")
|
|
3819 |
_Fail("Restricted commands disabled at configure time")
|
|
3820 | 3820 |
|
3821 | 3821 |
lock = None |
3822 | 3822 |
try: |
... | ... | |
3844 | 3844 |
# Do not include original error message in returned error |
3845 | 3845 |
_Fail("Executing command '%s' failed" % cmd) |
3846 | 3846 |
elif cmdresult.failed or cmdresult.fail_reason: |
3847 |
_Fail("Remote command '%s' failed: %s; output: %s",
|
|
3847 |
_Fail("Restricted command '%s' failed: %s; output: %s",
|
|
3848 | 3848 |
cmd, cmdresult.fail_reason, cmdresult.output) |
3849 | 3849 |
else: |
3850 | 3850 |
return cmdresult.output |
Also available in: Unified diff