From 7420a78296371c63e61c242d75e0761eb153ffd6 Mon Sep 17 00:00:00 2001 From: Brandon Kreisel Date: Sun, 4 Oct 2015 20:08:15 -0400 Subject: [PATCH] Shrink AccessDenied error handler and inform --- .../plugins/standalone/authenticator.py | 22 ++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/letsencrypt/plugins/standalone/authenticator.py b/letsencrypt/plugins/standalone/authenticator.py index f7c24f5e5..cdf9a6f04 100644 --- a/letsencrypt/plugins/standalone/authenticator.py +++ b/letsencrypt/plugins/standalone/authenticator.py @@ -1,4 +1,5 @@ """Standalone authenticator.""" +import logging import os import psutil import signal @@ -19,6 +20,9 @@ from letsencrypt import interfaces from letsencrypt.plugins import common +logger = logging.getLogger(__name__) + + class StandaloneAuthenticator(common.Plugin): # pylint: disable=too-many-instance-attributes """Standalone authenticator. @@ -302,13 +306,21 @@ class StandaloneAuthenticator(common.Plugin): :returns: True or False.""" try: + net_connections = psutil.net_connections() + except psutil.AccessDenied as error: + logger.info("Access denied when trying to list network " + "connections: %s. Are you root?", error) + # this function is just a pre-check that often causes false + # positives and problems in testing (c.f. #680 on Mac, #255 + # generally); we will fail later in bind() anyway + return False - # net_connections() can raise AccessDenied on certain OSs - listeners = [conn.pid for conn in psutil.net_connections() - if conn.status == 'LISTEN' and - conn.type == socket.SOCK_STREAM and - conn.laddr[1] == port] + listeners = [conn.pid for conn in net_connections + if conn.status == 'LISTEN' and + conn.type == socket.SOCK_STREAM and + conn.laddr[1] == port] + try: if listeners and listeners[0] is not None: # conn.pid may be None if the current process doesn't have # permission to identify the listening process! Additionally,