From 5e99ee2bec1139b1944284975454c716d477f3e0 Mon Sep 17 00:00:00 2001 From: Bo Maryniuk Date: Wed, 13 Apr 2016 16:15:37 +0200 Subject: [PATCH 12/12] Bugfix: salt-key crashes if tries to generate keys to the directory w/o write access (#32436) * Raise an exception if keys are tried to be written to the directory that has no write access permissions * Show an reasonable error message instead of a traceback crash. * Fix the unit tests --- salt/crypt.py | 6 ++++++ salt/scripts.py | 2 ++ tests/unit/crypt_test.py | 1 + 3 files changed, 9 insertions(+) diff --git a/salt/crypt.py b/salt/crypt.py index 573a3c1..e5f3317 100644 --- a/salt/crypt.py +++ b/salt/crypt.py @@ -15,6 +15,7 @@ import logging import traceback import binascii import weakref +import getpass from salt.ext.six.moves import zip # pylint: disable=import-error,redefined-builtin # Import third party libs @@ -94,6 +95,11 @@ def gen_keys(keydir, keyname, keysize, user=None): # Between first checking and the generation another process has made # a key! Use the winner's key return priv + + # Do not try writing anything, if directory has no permissions. + if not os.access(keydir, os.W_OK): + raise IOError('Write access denied to "{0}" for user "{1}".'.format(os.path.abspath(keydir), getpass.getuser())) + cumask = os.umask(191) with salt.utils.fopen(priv, 'wb+') as f: f.write(gen.exportKey('PEM')) diff --git a/salt/scripts.py b/salt/scripts.py index 7da79bf..38b100d 100644 --- a/salt/scripts.py +++ b/salt/scripts.py @@ -297,6 +297,8 @@ def salt_key(): SystemExit('\nExiting gracefully on Ctrl-c'), err, hardcrash, trace=trace) + except Exception as err: + sys.stderr.write("Error: {0}\n".format(err.message)) def salt_cp(): diff --git a/tests/unit/crypt_test.py b/tests/unit/crypt_test.py index 3ff3b09..f548820 100644 --- a/tests/unit/crypt_test.py +++ b/tests/unit/crypt_test.py @@ -86,6 +86,7 @@ class CryptTestCase(TestCase): @patch('os.umask', MagicMock()) @patch('os.chmod', MagicMock()) @patch('os.chown', MagicMock()) + @patch('os.access', MagicMock(return_value=True)) def test_gen_keys(self): with patch('salt.utils.fopen', mock_open()): open_priv_wb = call('/keydir/keyname.pem', 'wb+') -- 2.1.4