Rename leftovers from remote to restricted commands

As per Iustin Pop's suggestion in <20121115131730.GX824@google.com> on <ganeti-devel@googlegroups.com>. Signed-off-by: Michael Hanselmann <hansmi@google.com> Reviewed-by: Guido Trotter <ultrotter@google.com>

Rename leftovers from remote to restricted commands
As per Iustin Pop's suggestion in <20121115131730.GX824@google.com> on <ganeti-devel@googlegroups.com>. Signed-off-by: Michael Hanselmann <hansmi@google.com> Reviewed-by: Guido Trotter <ultrotter@google.com>
405bffe2 · Michael Hanselmann · 42bd26e8 · 405bffe2 · 405bffe2 · 405bffe2
Commit 405bffe2 authored 12 years ago by Michael Hanselmann
--- a/lib/backend.py
+++ b/lib/backend.py
@@ -3582,7 +3582,7 @@ def PowercycleNode(hypervisor_type):
  hyper.PowercycleNode()


-def _VerifyRemoteCommandName(cmd):
+def _VerifyRestrictedCmdName(cmd):
  """Verifies a remote command name.

  @type cmd: string
@@ -3604,7 +3604,7 @@ def _VerifyRemoteCommandName(cmd):
  return (True, None)


-def _CommonRemoteCommandCheck(path, owner):
+def _CommonRestrictedCmdCheck(path, owner):
  """Common checks for remote command file system directories and files.

  @type path: string
@@ -3634,7 +3634,7 @@ def _CommonRemoteCommandCheck(path, owner):
  return (True, st)


-def _VerifyRemoteCommandDirectory(path, _owner=None):
+def _VerifyRestrictedCmdDirectory(path, _owner=None):
  """Verifies remote command directory.

  @type path: string
@@ -3644,7 +3644,7 @@ def _VerifyRemoteCommandDirectory(path, _owner=None):
    element is an error message string, otherwise it's C{None}

  """
-  (status, value) = _CommonRemoteCommandCheck(path, _owner)
+  (status, value) = _CommonRestrictedCmdCheck(path, _owner)

  if not status:
    return (False, value)
@@ -3655,7 +3655,7 @@ def _VerifyRemoteCommandDirectory(path, _owner=None):
  return (True, None)


-def _VerifyRemoteCommand(path, cmd, _owner=None):
+def _VerifyRestrictedCmd(path, cmd, _owner=None):
  """Verifies a whole remote command and returns its executable filename.

  @type path: string
@@ -3670,7 +3670,7 @@ def _VerifyRemoteCommand(path, cmd, _owner=None):
  """
  executable = utils.PathJoin(path, cmd)

-  (status, msg) = _CommonRemoteCommandCheck(executable, _owner)
+  (status, msg) = _CommonRestrictedCmdCheck(executable, _owner)

  if not status:
    return (False, msg)
@@ -3681,17 +3681,17 @@ def _VerifyRemoteCommand(path, cmd, _owner=None):
  return (True, executable)


-def _PrepareRemoteCommand(path, cmd,
-                          _verify_dir=_VerifyRemoteCommandDirectory,
-                          _verify_name=_VerifyRemoteCommandName,
-                          _verify_cmd=_VerifyRemoteCommand):
+def _PrepareRestrictedCmd(path, cmd,
+                          _verify_dir=_VerifyRestrictedCmdDirectory,
+                          _verify_name=_VerifyRestrictedCmdName,
+                          _verify_cmd=_VerifyRestrictedCmd):
  """Performs a number of tests on a remote command.

  @type path: string
  @param path: Directory containing remote commands
  @type cmd: string
  @param cmd: Command name
-  @return: Same as L{_VerifyRemoteCommand}
+  @return: Same as L{_VerifyRestrictedCmd}

  """
  # Verify the directory first
@@ -3712,7 +3712,7 @@ def RunRestrictedCmd(cmd,
                     _lock_file=pathutils.RESTRICTED_COMMANDS_LOCK_FILE,
                     _path=pathutils.RESTRICTED_COMMANDS_DIR,
                     _sleep_fn=time.sleep,
-                     _prepare_fn=_PrepareRemoteCommand,
+                     _prepare_fn=_PrepareRestrictedCmd,
                     _runcmd_fn=utils.RunCmd,
                     _enabled=constants.ENABLE_RESTRICTED_COMMANDS):
  """Executes a remote command after performing strict tests.

--- a/test/ganeti.backend_unittest-runasroot.py
+++ b/test/ganeti.backend_unittest-runasroot.py
@@ -51,7 +51,7 @@ class TestWriteFile(testutils.GanetiTestCase):
    tmpname = self._PrepareTest()

    os.chown(tmpname, 0, 0)
-    (status, value) = backend._CommonRemoteCommandCheck(tmpname, None)
+    (status, value) = backend._CommonRestrictedCmdCheck(tmpname, None)
    self.assertTrue(status)
    self.assertTrue(value)

@@ -68,7 +68,7 @@ class TestWriteFile(testutils.GanetiTestCase):
      self.assertFalse(uid == os.getuid() and gid == os.getgid())
      os.chown(tmpname, uid, gid)

-      (status, errmsg) = backend._CommonRemoteCommandCheck(tmpname, None)
+      (status, errmsg) = backend._CommonRestrictedCmdCheck(tmpname, None)
      self.assertFalse(status)
      self.assertTrue("foobar' is not owned by " in errmsg)


--- a/test/ganeti.backend_unittest.py
+++ b/test/ganeti.backend_unittest.py
@@ -96,38 +96,38 @@ class TestNodeVerify(testutils.GanetiTestCase):
                "Result from netutils.TcpPing corrupted")


-def _DefRemoteCommandOwner():
+def _DefRestrictedCmdOwner():
  return (os.getuid(), os.getgid())


-class TestVerifyRemoteCommandName(unittest.TestCase):
+class TestVerifyRestrictedCmdName(unittest.TestCase):
  def testAcceptableName(self):
    for i in ["foo", "bar", "z1", "000first", "hello-world"]:
      for fn in [lambda s: s, lambda s: s.upper(), lambda s: s.title()]:
-        (status, msg) = backend._VerifyRemoteCommandName(fn(i))
+        (status, msg) = backend._VerifyRestrictedCmdName(fn(i))
        self.assertTrue(status)
        self.assertTrue(msg is None)

  def testEmptyAndSpace(self):
    for i in ["", " ", "\t", "\n"]:
-      (status, msg) = backend._VerifyRemoteCommandName(i)
+      (status, msg) = backend._VerifyRestrictedCmdName(i)
      self.assertFalse(status)
      self.assertEqual(msg, "Missing command name")

  def testNameWithSlashes(self):
    for i in ["/", "./foo", "../moo", "some/name"]:
-      (status, msg) = backend._VerifyRemoteCommandName(i)
+      (status, msg) = backend._VerifyRestrictedCmdName(i)
      self.assertFalse(status)
      self.assertEqual(msg, "Invalid command name")

  def testForbiddenCharacters(self):
    for i in ["#", ".", "..", "bash -c ls", "'"]:
-      (status, msg) = backend._VerifyRemoteCommandName(i)
+      (status, msg) = backend._VerifyRestrictedCmdName(i)
      self.assertFalse(status)
      self.assertEqual(msg, "Command name contains forbidden characters")


-class TestVerifyRemoteCommandDirectory(unittest.TestCase):
+class TestVerifyRestrictedCmdDirectory(unittest.TestCase):
  def setUp(self):
    self.tmpdir = tempfile.mkdtemp()

@@ -138,7 +138,7 @@ class TestVerifyRemoteCommandDirectory(unittest.TestCase):
    tmpname = utils.PathJoin(self.tmpdir, "foobar")
    self.assertFalse(os.path.exists(tmpname))
    (status, msg) = \
-      backend._VerifyRemoteCommandDirectory(tmpname, _owner=NotImplemented)
+      backend._VerifyRestrictedCmdDirectory(tmpname, _owner=NotImplemented)
    self.assertFalse(status)
    self.assertTrue(msg.startswith("Can't stat(2) '"))

@@ -150,7 +150,7 @@ class TestVerifyRemoteCommandDirectory(unittest.TestCase):
      os.chmod(tmpname, mode)
      self.assertTrue(os.path.isdir(tmpname))
      (status, msg) = \
-        backend._VerifyRemoteCommandDirectory(tmpname, _owner=NotImplemented)
+        backend._VerifyRestrictedCmdDirectory(tmpname, _owner=NotImplemented)
      self.assertFalse(status)
      self.assertTrue(msg.startswith("Permissions on '"))

@@ -159,8 +159,8 @@ class TestVerifyRemoteCommandDirectory(unittest.TestCase):
    utils.WriteFile(tmpname, data="empty\n")
    self.assertTrue(os.path.isfile(tmpname))
    (status, msg) = \
-      backend._VerifyRemoteCommandDirectory(tmpname,
-                                            _owner=_DefRemoteCommandOwner())
+      backend._VerifyRestrictedCmdDirectory(tmpname,
+                                            _owner=_DefRestrictedCmdOwner())
    self.assertFalse(status)
    self.assertTrue(msg.endswith("is not a directory"))

@@ -169,13 +169,13 @@ class TestVerifyRemoteCommandDirectory(unittest.TestCase):
    os.mkdir(tmpname)
    self.assertTrue(os.path.isdir(tmpname))
    (status, msg) = \
-      backend._VerifyRemoteCommandDirectory(tmpname,
-                                            _owner=_DefRemoteCommandOwner())
+      backend._VerifyRestrictedCmdDirectory(tmpname,
+                                            _owner=_DefRestrictedCmdOwner())
    self.assertTrue(status)
    self.assertTrue(msg is None)


-class TestVerifyRemoteCommand(unittest.TestCase):
+class TestVerifyRestrictedCmd(unittest.TestCase):
  def setUp(self):
    self.tmpdir = tempfile.mkdtemp()

@@ -186,7 +186,7 @@ class TestVerifyRemoteCommand(unittest.TestCase):
    tmpname = utils.PathJoin(self.tmpdir, "helloworld")
    self.assertFalse(os.path.exists(tmpname))
    (status, msg) = \
-      backend._VerifyRemoteCommand(self.tmpdir, "helloworld",
+      backend._VerifyRestrictedCmd(self.tmpdir, "helloworld",
                                   _owner=NotImplemented)
    self.assertFalse(status)
    self.assertTrue(msg.startswith("Can't stat(2) '"))
@@ -195,8 +195,8 @@ class TestVerifyRemoteCommand(unittest.TestCase):
    tmpname = utils.PathJoin(self.tmpdir, "cmdname")
    utils.WriteFile(tmpname, data="empty\n")
    (status, msg) = \
-      backend._VerifyRemoteCommand(self.tmpdir, "cmdname",
-                                   _owner=_DefRemoteCommandOwner())
+      backend._VerifyRestrictedCmd(self.tmpdir, "cmdname",
+                                   _owner=_DefRestrictedCmdOwner())
    self.assertFalse(status)
    self.assertTrue(msg.startswith("access(2) thinks '"))

@@ -204,13 +204,13 @@ class TestVerifyRemoteCommand(unittest.TestCase):
    tmpname = utils.PathJoin(self.tmpdir, "cmdname")
    utils.WriteFile(tmpname, data="empty\n", mode=0700)
    (status, executable) = \
-      backend._VerifyRemoteCommand(self.tmpdir, "cmdname",
-                                   _owner=_DefRemoteCommandOwner())
+      backend._VerifyRestrictedCmd(self.tmpdir, "cmdname",
+                                   _owner=_DefRestrictedCmdOwner())
    self.assertTrue(status)
    self.assertEqual(executable, tmpname)


-class TestPrepareRemoteCommand(unittest.TestCase):
+class TestPrepareRestrictedCmd(unittest.TestCase):
  _TEST_PATH = "/tmp/some/test/path"

  def testDirFails(self):
@@ -219,7 +219,7 @@ class TestPrepareRemoteCommand(unittest.TestCase):
      return (False, "test error 31420")

    (status, msg) = \
-      backend._PrepareRemoteCommand(self._TEST_PATH, "cmd21152",
+      backend._PrepareRestrictedCmd(self._TEST_PATH, "cmd21152",
                                    _verify_dir=fn,
                                    _verify_name=NotImplemented,
                                    _verify_cmd=NotImplemented)
@@ -232,7 +232,7 @@ class TestPrepareRemoteCommand(unittest.TestCase):
      return (False, "test error 591")

    (status, msg) = \
-      backend._PrepareRemoteCommand(self._TEST_PATH, "cmd4617",
+      backend._PrepareRestrictedCmd(self._TEST_PATH, "cmd4617",
                                    _verify_dir=lambda _: (True, None),
                                    _verify_name=fn,
                                    _verify_cmd=NotImplemented)
@@ -246,7 +246,7 @@ class TestPrepareRemoteCommand(unittest.TestCase):
      return (False, "test error 25524")

    (status, msg) = \
-      backend._PrepareRemoteCommand(self._TEST_PATH, "cmd17577",
+      backend._PrepareRestrictedCmd(self._TEST_PATH, "cmd17577",
                                    _verify_dir=lambda _: (True, None),
                                    _verify_name=lambda _: (True, None),
                                    _verify_cmd=fn)
@@ -258,7 +258,7 @@ class TestPrepareRemoteCommand(unittest.TestCase):
      return (True, utils.PathJoin(path, cmd))

    (status, executable) = \
-      backend._PrepareRemoteCommand(self._TEST_PATH, "cmd22633",
+      backend._PrepareRestrictedCmd(self._TEST_PATH, "cmd22633",
                                    _verify_dir=lambda _: (True, None),
                                    _verify_name=lambda _: (True, None),
                                    _verify_cmd=fn)
@@ -266,11 +266,11 @@ class TestPrepareRemoteCommand(unittest.TestCase):
    self.assertEqual(executable, utils.PathJoin(self._TEST_PATH, "cmd22633"))


-def _SleepForRemoteCommand(duration):
+def _SleepForRestrictedCmd(duration):
  assert duration > 5


-def _GenericRemoteCommandError(cmd):
+def _GenericRestrictedCmdError(cmd):
  return "Executing command '%s' failed" % cmd


@@ -283,7 +283,7 @@ class TestRunRestrictedCmd(unittest.TestCase):

  def testNonExistantLockDirectory(self):
    lockfile = utils.PathJoin(self.tmpdir, "does", "not", "exist")
-    sleep_fn = testutils.CallCounter(_SleepForRemoteCommand)
+    sleep_fn = testutils.CallCounter(_SleepForRestrictedCmd)
    self.assertFalse(os.path.exists(lockfile))
    self.assertRaises(backend.RPCFail,
                      backend.RunRestrictedCmd, "test",
@@ -298,7 +298,7 @@ class TestRunRestrictedCmd(unittest.TestCase):

  @staticmethod
  def _TryLock(lockfile):
-    sleep_fn = testutils.CallCounter(_SleepForRemoteCommand)
+    sleep_fn = testutils.CallCounter(_SleepForRestrictedCmd)

    result = False
    try:
@@ -311,7 +311,7 @@ class TestRunRestrictedCmd(unittest.TestCase):
                               _runcmd_fn=NotImplemented,
                               _enabled=True)
    except backend.RPCFail, err:
-      assert str(err) == _GenericRemoteCommandError("test22717"), \
+      assert str(err) == _GenericRestrictedCmdError("test22717"), \
             "Did not fail with generic error message"
      result = True

@@ -337,7 +337,7 @@ class TestRunRestrictedCmd(unittest.TestCase):
  def testPrepareRaisesException(self):
    lockfile = utils.PathJoin(self.tmpdir, "lock")

-    sleep_fn = testutils.CallCounter(_SleepForRemoteCommand)
+    sleep_fn = testutils.CallCounter(_SleepForRestrictedCmd)
    prepare_fn = testutils.CallCounter(self._PrepareRaisingException)

    try:
@@ -347,7 +347,7 @@ class TestRunRestrictedCmd(unittest.TestCase):
                               _sleep_fn=sleep_fn, _prepare_fn=prepare_fn,
                               _enabled=True)
    except backend.RPCFail, err:
-      self.assertEqual(str(err), _GenericRemoteCommandError("test23122"))
+      self.assertEqual(str(err), _GenericRestrictedCmdError("test23122"))
    else:
      self.fail("Didn't fail")

@@ -362,7 +362,7 @@ class TestRunRestrictedCmd(unittest.TestCase):
  def testPrepareFails(self):
    lockfile = utils.PathJoin(self.tmpdir, "lock")

-    sleep_fn = testutils.CallCounter(_SleepForRemoteCommand)
+    sleep_fn = testutils.CallCounter(_SleepForRestrictedCmd)
    prepare_fn = testutils.CallCounter(self._PrepareFails)

    try:
@@ -372,7 +372,7 @@ class TestRunRestrictedCmd(unittest.TestCase):
                               _sleep_fn=sleep_fn, _prepare_fn=prepare_fn,
                               _enabled=True)
    except backend.RPCFail, err:
-      self.assertEqual(str(err), _GenericRemoteCommandError("test29327"))
+      self.assertEqual(str(err), _GenericRestrictedCmdError("test29327"))
    else:
      self.fail("Didn't fail")

@@ -412,7 +412,7 @@ class TestRunRestrictedCmd(unittest.TestCase):
                             utils.ShellQuoteArgs(args),
                             NotImplemented, NotImplemented)

-    sleep_fn = testutils.CallCounter(_SleepForRemoteCommand)
+    sleep_fn = testutils.CallCounter(_SleepForRestrictedCmd)
    prepare_fn = testutils.CallCounter(self._SuccessfulPrepare)
    runcmd_fn = testutils.CallCounter(fn)

@@ -450,7 +450,7 @@ class TestRunRestrictedCmd(unittest.TestCase):
                             utils.ShellQuoteArgs(args),
                             NotImplemented, NotImplemented)

-    sleep_fn = testutils.CallCounter(_SleepForRemoteCommand)
+    sleep_fn = testutils.CallCounter(_SleepForRestrictedCmd)
    prepare_fn = testutils.CallCounter(self._SuccessfulPrepare)
    runcmd_fn = testutils.CallCounter(fn)