Fix auth_check to also work for compound commands

2024-11-08 17:33:54 +00:00 · 2012-11-21 14:54:38 -07:00 · 2012-11-21 14:54:38 -07:00 · 410a51742f
commit 410a51742f
parent 113bfaa7c3
1 changed files with 28 additions and 23 deletions
--- a/salt/utils/minions.py
+++ b/salt/utils/minions.py
@ -251,35 +251,40 @@ class CkMinions(object):
                vals.append(False)
        return all(vals)

-    def auth_check(self, auth_list, fun, tgt, tgt_type='glob'):
+    def auth_check(self, auth_list, funs, tgt, tgt_type='glob'):
        '''
        Returns a bool which defines if the requested function is authorized.
        Used to evaluate the standard structure under external master
        authentication interfaces, like eauth, peer, peer_run, etc.
        '''
-        for ind in auth_list:
-            if isinstance(ind, str):
-                # Allowed for all minions
-                if self.match_check(ind, fun):
-                    return True
-            elif isinstance(ind, dict):
-                if len(ind) != 1:
-                    # Invalid argument
-                    continue
-                valid = ind.keys()[0]
-                # Check if minions are allowed
-                if self.validate_tgt(
-                        valid,
-                        tgt,
-                        tgt_type):
-                    # Minions are allowed, verify function in allowed list
-                    if isinstance(ind[valid], str):
-                        if self.match_check(ind[valid], fun):
-                            return True
-                    elif isinstance(ind[valid], list):
-                        for regex in ind[valid]:
-                            if self.match_check(regex, fun):
+        # compound commands will come in a list so treat everything as a list
+        if not isinstance(funs, list):
+            funs = [funs]
+
+        for fun in funs:
+            for ind in auth_list:
+                if isinstance(ind, str):
+                    # Allowed for all minions
+                    if self.match_check(ind, fun):
+                        return True
+                elif isinstance(ind, dict):
+                    if len(ind) != 1:
+                        # Invalid argument
+                        continue
+                    valid = ind.keys()[0]
+                    # Check if minions are allowed
+                    if self.validate_tgt(
+                            valid,
+                            tgt,
+                            tgt_type):
+                        # Minions are allowed, verify function in allowed list
+                        if isinstance(ind[valid], str):
+                            if self.match_check(ind[valid], fun):
                                return True
+                        elif isinstance(ind[valid], list):
+                            for regex in ind[valid]:
+                                if self.match_check(regex, fun):
+                                    return True
        return False

    def wheel_check(self, auth_list, fun):