diff --git a/lib/backend.py b/lib/backend.py
index 6e3e91821d3e9ec39ce58828d6e33ef9cf9bd67c..d4c7441dce8daeba7f79ac48ddde1a7fc983fa7b 100644
--- a/lib/backend.py
+++ b/lib/backend.py
@@ -3582,7 +3582,7 @@ def PowercycleNode(hypervisor_type):
hyper.PowercycleNode()
-def _VerifyRemoteCommandName(cmd):
+def _VerifyRestrictedCmdName(cmd):
"""Verifies a remote command name.
@type cmd: string
@@ -3604,7 +3604,7 @@ def _VerifyRemoteCommandName(cmd):
return (True, None)
-def _CommonRemoteCommandCheck(path, owner):
+def _CommonRestrictedCmdCheck(path, owner):
"""Common checks for remote command file system directories and files.
@type path: string
@@ -3634,7 +3634,7 @@ def _CommonRemoteCommandCheck(path, owner):
return (True, st)
-def _VerifyRemoteCommandDirectory(path, _owner=None):
+def _VerifyRestrictedCmdDirectory(path, _owner=None):
"""Verifies remote command directory.
@type path: string
@@ -3644,7 +3644,7 @@ def _VerifyRemoteCommandDirectory(path, _owner=None):
element is an error message string, otherwise it's C{None}
"""
- (status, value) = _CommonRemoteCommandCheck(path, _owner)
+ (status, value) = _CommonRestrictedCmdCheck(path, _owner)
if not status:
return (False, value)
@@ -3655,7 +3655,7 @@ def _VerifyRemoteCommandDirectory(path, _owner=None):
return (True, None)
-def _VerifyRemoteCommand(path, cmd, _owner=None):
+def _VerifyRestrictedCmd(path, cmd, _owner=None):
"""Verifies a whole remote command and returns its executable filename.
@type path: string
@@ -3670,7 +3670,7 @@ def _VerifyRemoteCommand(path, cmd, _owner=None):
"""
executable = utils.PathJoin(path, cmd)
- (status, msg) = _CommonRemoteCommandCheck(executable, _owner)
+ (status, msg) = _CommonRestrictedCmdCheck(executable, _owner)
if not status:
return (False, msg)
@@ -3681,17 +3681,17 @@ def _VerifyRemoteCommand(path, cmd, _owner=None):
return (True, executable)
-def _PrepareRemoteCommand(path, cmd,
- _verify_dir=_VerifyRemoteCommandDirectory,
- _verify_name=_VerifyRemoteCommandName,
- _verify_cmd=_VerifyRemoteCommand):
+def _PrepareRestrictedCmd(path, cmd,
+ _verify_dir=_VerifyRestrictedCmdDirectory,
+ _verify_name=_VerifyRestrictedCmdName,
+ _verify_cmd=_VerifyRestrictedCmd):
"""Performs a number of tests on a remote command.
@type path: string
@param path: Directory containing remote commands
@type cmd: string
@param cmd: Command name
- @return: Same as L{_VerifyRemoteCommand}
+ @return: Same as L{_VerifyRestrictedCmd}
"""
# Verify the directory first
@@ -3712,7 +3712,7 @@ def RunRestrictedCmd(cmd,
_lock_file=pathutils.RESTRICTED_COMMANDS_LOCK_FILE,
_path=pathutils.RESTRICTED_COMMANDS_DIR,
_sleep_fn=time.sleep,
- _prepare_fn=_PrepareRemoteCommand,
+ _prepare_fn=_PrepareRestrictedCmd,
_runcmd_fn=utils.RunCmd,
_enabled=constants.ENABLE_RESTRICTED_COMMANDS):
"""Executes a remote command after performing strict tests.
diff --git a/test/ganeti.backend_unittest-runasroot.py b/test/ganeti.backend_unittest-runasroot.py
index 6d99d9ccf1cf65fdcb14c044167889f0fe94a5f9..75729bc9d93eb43e246440cb90ff6a0f65e3480c 100755
--- a/test/ganeti.backend_unittest-runasroot.py
+++ b/test/ganeti.backend_unittest-runasroot.py
@@ -51,7 +51,7 @@ class TestWriteFile(testutils.GanetiTestCase):
tmpname = self._PrepareTest()
os.chown(tmpname, 0, 0)
- (status, value) = backend._CommonRemoteCommandCheck(tmpname, None)
+ (status, value) = backend._CommonRestrictedCmdCheck(tmpname, None)
self.assertTrue(status)
self.assertTrue(value)
@@ -68,7 +68,7 @@ class TestWriteFile(testutils.GanetiTestCase):
self.assertFalse(uid == os.getuid() and gid == os.getgid())
os.chown(tmpname, uid, gid)
- (status, errmsg) = backend._CommonRemoteCommandCheck(tmpname, None)
+ (status, errmsg) = backend._CommonRestrictedCmdCheck(tmpname, None)
self.assertFalse(status)
self.assertTrue("foobar' is not owned by " in errmsg)
diff --git a/test/ganeti.backend_unittest.py b/test/ganeti.backend_unittest.py
index cdc052189a777f61c802ddc79abd5d9ab295e9ae..f551ac2543f897e298d0d405521409e87ace8742 100755
--- a/test/ganeti.backend_unittest.py
+++ b/test/ganeti.backend_unittest.py
@@ -96,38 +96,38 @@ class TestNodeVerify(testutils.GanetiTestCase):
"Result from netutils.TcpPing corrupted")
-def _DefRemoteCommandOwner():
+def _DefRestrictedCmdOwner():
return (os.getuid(), os.getgid())
-class TestVerifyRemoteCommandName(unittest.TestCase):
+class TestVerifyRestrictedCmdName(unittest.TestCase):
def testAcceptableName(self):
for i in ["foo", "bar", "z1", "000first", "hello-world"]:
for fn in [lambda s: s, lambda s: s.upper(), lambda s: s.title()]:
- (status, msg) = backend._VerifyRemoteCommandName(fn(i))
+ (status, msg) = backend._VerifyRestrictedCmdName(fn(i))
self.assertTrue(status)
self.assertTrue(msg is None)
def testEmptyAndSpace(self):
for i in ["", " ", "\t", "\n"]:
- (status, msg) = backend._VerifyRemoteCommandName(i)
+ (status, msg) = backend._VerifyRestrictedCmdName(i)
self.assertFalse(status)
self.assertEqual(msg, "Missing command name")
def testNameWithSlashes(self):
for i in ["/", "./foo", "../moo", "some/name"]:
- (status, msg) = backend._VerifyRemoteCommandName(i)
+ (status, msg) = backend._VerifyRestrictedCmdName(i)
self.assertFalse(status)
self.assertEqual(msg, "Invalid command name")
def testForbiddenCharacters(self):
for i in ["#", ".", "..", "bash -c ls", "'"]:
- (status, msg) = backend._VerifyRemoteCommandName(i)
+ (status, msg) = backend._VerifyRestrictedCmdName(i)
self.assertFalse(status)
self.assertEqual(msg, "Command name contains forbidden characters")
-class TestVerifyRemoteCommandDirectory(unittest.TestCase):
+class TestVerifyRestrictedCmdDirectory(unittest.TestCase):
def setUp(self):
self.tmpdir = tempfile.mkdtemp()
@@ -138,7 +138,7 @@ class TestVerifyRemoteCommandDirectory(unittest.TestCase):
tmpname = utils.PathJoin(self.tmpdir, "foobar")
self.assertFalse(os.path.exists(tmpname))
(status, msg) = \
- backend._VerifyRemoteCommandDirectory(tmpname, _owner=NotImplemented)
+ backend._VerifyRestrictedCmdDirectory(tmpname, _owner=NotImplemented)
self.assertFalse(status)
self.assertTrue(msg.startswith("Can't stat(2) '"))
@@ -150,7 +150,7 @@ class TestVerifyRemoteCommandDirectory(unittest.TestCase):
os.chmod(tmpname, mode)
self.assertTrue(os.path.isdir(tmpname))
(status, msg) = \
- backend._VerifyRemoteCommandDirectory(tmpname, _owner=NotImplemented)
+ backend._VerifyRestrictedCmdDirectory(tmpname, _owner=NotImplemented)
self.assertFalse(status)
self.assertTrue(msg.startswith("Permissions on '"))
@@ -159,8 +159,8 @@ class TestVerifyRemoteCommandDirectory(unittest.TestCase):
utils.WriteFile(tmpname, data="empty\n")
self.assertTrue(os.path.isfile(tmpname))
(status, msg) = \
- backend._VerifyRemoteCommandDirectory(tmpname,
- _owner=_DefRemoteCommandOwner())
+ backend._VerifyRestrictedCmdDirectory(tmpname,
+ _owner=_DefRestrictedCmdOwner())
self.assertFalse(status)
self.assertTrue(msg.endswith("is not a directory"))
@@ -169,13 +169,13 @@ class TestVerifyRemoteCommandDirectory(unittest.TestCase):
os.mkdir(tmpname)
self.assertTrue(os.path.isdir(tmpname))
(status, msg) = \
- backend._VerifyRemoteCommandDirectory(tmpname,
- _owner=_DefRemoteCommandOwner())
+ backend._VerifyRestrictedCmdDirectory(tmpname,
+ _owner=_DefRestrictedCmdOwner())
self.assertTrue(status)
self.assertTrue(msg is None)
-class TestVerifyRemoteCommand(unittest.TestCase):
+class TestVerifyRestrictedCmd(unittest.TestCase):
def setUp(self):
self.tmpdir = tempfile.mkdtemp()
@@ -186,7 +186,7 @@ class TestVerifyRemoteCommand(unittest.TestCase):
tmpname = utils.PathJoin(self.tmpdir, "helloworld")
self.assertFalse(os.path.exists(tmpname))
(status, msg) = \
- backend._VerifyRemoteCommand(self.tmpdir, "helloworld",
+ backend._VerifyRestrictedCmd(self.tmpdir, "helloworld",
_owner=NotImplemented)
self.assertFalse(status)
self.assertTrue(msg.startswith("Can't stat(2) '"))
@@ -195,8 +195,8 @@ class TestVerifyRemoteCommand(unittest.TestCase):
tmpname = utils.PathJoin(self.tmpdir, "cmdname")
utils.WriteFile(tmpname, data="empty\n")
(status, msg) = \
- backend._VerifyRemoteCommand(self.tmpdir, "cmdname",
- _owner=_DefRemoteCommandOwner())
+ backend._VerifyRestrictedCmd(self.tmpdir, "cmdname",
+ _owner=_DefRestrictedCmdOwner())
self.assertFalse(status)
self.assertTrue(msg.startswith("access(2) thinks '"))
@@ -204,13 +204,13 @@ class TestVerifyRemoteCommand(unittest.TestCase):
tmpname = utils.PathJoin(self.tmpdir, "cmdname")
utils.WriteFile(tmpname, data="empty\n", mode=0700)
(status, executable) = \
- backend._VerifyRemoteCommand(self.tmpdir, "cmdname",
- _owner=_DefRemoteCommandOwner())
+ backend._VerifyRestrictedCmd(self.tmpdir, "cmdname",
+ _owner=_DefRestrictedCmdOwner())
self.assertTrue(status)
self.assertEqual(executable, tmpname)
-class TestPrepareRemoteCommand(unittest.TestCase):
+class TestPrepareRestrictedCmd(unittest.TestCase):
_TEST_PATH = "/tmp/some/test/path"
def testDirFails(self):
@@ -219,7 +219,7 @@ class TestPrepareRemoteCommand(unittest.TestCase):
return (False, "test error 31420")
(status, msg) = \
- backend._PrepareRemoteCommand(self._TEST_PATH, "cmd21152",
+ backend._PrepareRestrictedCmd(self._TEST_PATH, "cmd21152",
_verify_dir=fn,
_verify_name=NotImplemented,
_verify_cmd=NotImplemented)
@@ -232,7 +232,7 @@ class TestPrepareRemoteCommand(unittest.TestCase):
return (False, "test error 591")
(status, msg) = \
- backend._PrepareRemoteCommand(self._TEST_PATH, "cmd4617",
+ backend._PrepareRestrictedCmd(self._TEST_PATH, "cmd4617",
_verify_dir=lambda _: (True, None),
_verify_name=fn,
_verify_cmd=NotImplemented)
@@ -246,7 +246,7 @@ class TestPrepareRemoteCommand(unittest.TestCase):
return (False, "test error 25524")
(status, msg) = \
- backend._PrepareRemoteCommand(self._TEST_PATH, "cmd17577",
+ backend._PrepareRestrictedCmd(self._TEST_PATH, "cmd17577",
_verify_dir=lambda _: (True, None),
_verify_name=lambda _: (True, None),
_verify_cmd=fn)
@@ -258,7 +258,7 @@ class TestPrepareRemoteCommand(unittest.TestCase):
return (True, utils.PathJoin(path, cmd))
(status, executable) = \
- backend._PrepareRemoteCommand(self._TEST_PATH, "cmd22633",
+ backend._PrepareRestrictedCmd(self._TEST_PATH, "cmd22633",
_verify_dir=lambda _: (True, None),
_verify_name=lambda _: (True, None),
_verify_cmd=fn)
@@ -266,11 +266,11 @@ class TestPrepareRemoteCommand(unittest.TestCase):
self.assertEqual(executable, utils.PathJoin(self._TEST_PATH, "cmd22633"))
-def _SleepForRemoteCommand(duration):
+def _SleepForRestrictedCmd(duration):
assert duration > 5
-def _GenericRemoteCommandError(cmd):
+def _GenericRestrictedCmdError(cmd):
return "Executing command '%s' failed" % cmd
@@ -283,7 +283,7 @@ class TestRunRestrictedCmd(unittest.TestCase):
def testNonExistantLockDirectory(self):
lockfile = utils.PathJoin(self.tmpdir, "does", "not", "exist")
- sleep_fn = testutils.CallCounter(_SleepForRemoteCommand)
+ sleep_fn = testutils.CallCounter(_SleepForRestrictedCmd)
self.assertFalse(os.path.exists(lockfile))
self.assertRaises(backend.RPCFail,
backend.RunRestrictedCmd, "test",
@@ -298,7 +298,7 @@ class TestRunRestrictedCmd(unittest.TestCase):
@staticmethod
def _TryLock(lockfile):
- sleep_fn = testutils.CallCounter(_SleepForRemoteCommand)
+ sleep_fn = testutils.CallCounter(_SleepForRestrictedCmd)
result = False
try:
@@ -311,7 +311,7 @@ class TestRunRestrictedCmd(unittest.TestCase):
_runcmd_fn=NotImplemented,
_enabled=True)
except backend.RPCFail, err:
- assert str(err) == _GenericRemoteCommandError("test22717"), \
+ assert str(err) == _GenericRestrictedCmdError("test22717"), \
"Did not fail with generic error message"
result = True
@@ -337,7 +337,7 @@ class TestRunRestrictedCmd(unittest.TestCase):
def testPrepareRaisesException(self):
lockfile = utils.PathJoin(self.tmpdir, "lock")
- sleep_fn = testutils.CallCounter(_SleepForRemoteCommand)
+ sleep_fn = testutils.CallCounter(_SleepForRestrictedCmd)
prepare_fn = testutils.CallCounter(self._PrepareRaisingException)
try:
@@ -347,7 +347,7 @@ class TestRunRestrictedCmd(unittest.TestCase):
_sleep_fn=sleep_fn, _prepare_fn=prepare_fn,
_enabled=True)
except backend.RPCFail, err:
- self.assertEqual(str(err), _GenericRemoteCommandError("test23122"))
+ self.assertEqual(str(err), _GenericRestrictedCmdError("test23122"))
else:
self.fail("Didn't fail")
@@ -362,7 +362,7 @@ class TestRunRestrictedCmd(unittest.TestCase):
def testPrepareFails(self):
lockfile = utils.PathJoin(self.tmpdir, "lock")
- sleep_fn = testutils.CallCounter(_SleepForRemoteCommand)
+ sleep_fn = testutils.CallCounter(_SleepForRestrictedCmd)
prepare_fn = testutils.CallCounter(self._PrepareFails)
try:
@@ -372,7 +372,7 @@ class TestRunRestrictedCmd(unittest.TestCase):
_sleep_fn=sleep_fn, _prepare_fn=prepare_fn,
_enabled=True)
except backend.RPCFail, err:
- self.assertEqual(str(err), _GenericRemoteCommandError("test29327"))
+ self.assertEqual(str(err), _GenericRestrictedCmdError("test29327"))
else:
self.fail("Didn't fail")
@@ -412,7 +412,7 @@ class TestRunRestrictedCmd(unittest.TestCase):
utils.ShellQuoteArgs(args),
NotImplemented, NotImplemented)
- sleep_fn = testutils.CallCounter(_SleepForRemoteCommand)
+ sleep_fn = testutils.CallCounter(_SleepForRestrictedCmd)
prepare_fn = testutils.CallCounter(self._SuccessfulPrepare)
runcmd_fn = testutils.CallCounter(fn)
@@ -450,7 +450,7 @@ class TestRunRestrictedCmd(unittest.TestCase):
utils.ShellQuoteArgs(args),
NotImplemented, NotImplemented)
- sleep_fn = testutils.CallCounter(_SleepForRemoteCommand)
+ sleep_fn = testutils.CallCounter(_SleepForRestrictedCmd)
prepare_fn = testutils.CallCounter(self._SuccessfulPrepare)
runcmd_fn = testutils.CallCounter(fn)