[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[minion-cvs] Final changes before 0.0.4rc1, I think.
Update of /home/minion/cvsroot/src/minion/lib/mixminion
In directory moria.mit.edu:/tmp/cvs-serv19163/lib/mixminion
Modified Files:
ClientMain.py Common.py Config.py __init__.py test.py
testSupport.py
Log Message:
Final changes before 0.0.4rc1, I think.
setup.py, __init__.py, ServerList.py:
* Bump version to 0.0.4rc1
ClientMain.py:
* Fix bug that made 'mixminion list-servers' list every good server twice.
Common.py, test.py, testSupport.py, ClientMain.py, ServerMain.py, Common.py:
* Start of code to allow users to override directory warnings
Index: ClientMain.py
===================================================================
RCS file: /home/minion/cvsroot/src/minion/lib/mixminion/ClientMain.py,v
retrieving revision 1.84
retrieving revision 1.85
diff -u -d -r1.84 -r1.85
--- ClientMain.py 30 May 2003 02:07:41 -0000 1.84
+++ ClientMain.py 30 May 2003 03:07:56 -0000 1.85
@@ -414,6 +414,8 @@
for info, where in self.fullServerList:
nn = info.getNickname().lower()
+ if self.goodServerNicknames.get(nn):
+ continue
self.byNickname.setdefault(nn, []).append((info, where))
@@ -1898,6 +1900,7 @@
else:
LOG.setMinSeverity("INFO")
mixminion.Common.configureShredCommand(self.config)
+ mixminion.Common.configureTrustedUsers(self.config)
if not self.verbose:
try:
LOG.setMinSeverity("WARN")
Index: Common.py
===================================================================
RCS file: /home/minion/cvsroot/src/minion/lib/mixminion/Common.py,v
retrieving revision 1.83
retrieving revision 1.84
diff -u -d -r1.83 -r1.84
--- Common.py 28 May 2003 08:39:45 -0000 1.83
+++ Common.py 30 May 2003 03:07:56 -0000 1.84
@@ -25,6 +25,7 @@
import grp
import gzip
import os
+import pwd
import re
import signal
import stat
@@ -308,6 +309,8 @@
checkPrivateDir(d)
_WARNED_DIRECTORIES = {}
+_VALID_DIRECTORIES = {}
+_TRUSTED_UIDS = [ 0 ]
def checkPrivateDir(d, recurse=1):
"""Check whether d is a directory owned by this uid, set to mode
@@ -315,6 +318,7 @@
this uid and uid 0. If any of these conditions are unmet, raise
MixFatalErrror. Otherwise, return None."""
me = os.getuid()
+ trusted_uids = _TRUSTED_UIDS + [ me ]
if not os.path.isabs(d):
d = os.path.abspath(d)
@@ -338,6 +342,8 @@
# Check permissions on parents.
while 1:
parent = os.path.split(d)[0]
+ if _VALID_DIRECTORIES.has_key(parent):
+ return
if parent == d:
return
d = parent
@@ -345,7 +351,7 @@
st = os.stat(d)
mode = st[stat.ST_MODE]
owner = st[stat.ST_UID]
- if owner not in (0, me):
+ if owner not in trusted_uids:
raise MixFatalError("Bad owner (uid=%s) on directory %s"
% (owner, d))
if (mode & 02) and not (mode & stat.S_ISVTX):
@@ -358,6 +364,23 @@
LOG.warn("Directory %s is writable by group %s (mode %o)",
d, group, mode&0777)
_WARNED_DIRECTORIES[d] = 1
+
+def configureTrustedUsers(config):
+ #XXXX004 call this
+ users = config['Host']['TrustedUser']
+ if not users:
+ return
+
+ for u in users:
+ u = u.strip()
+ try:
+ ent = pwd.getpwnam(u)
+ except KeyError:
+ LOG.warn("TrustedUser: No such user as %s", u)
+ continue
+
+ uid = ent[2]
+ _TRUSTED_UIDS.append(uid)
#----------------------------------------------------------------------
# File helpers
Index: Config.py
===================================================================
RCS file: /home/minion/cvsroot/src/minion/lib/mixminion/Config.py,v
retrieving revision 1.44
retrieving revision 1.45
diff -u -d -r1.44 -r1.45
--- Config.py 28 May 2003 06:37:32 -0000 1.44
+++ Config.py 30 May 2003 03:07:56 -0000 1.45
@@ -706,6 +706,7 @@
'Host' : { '__SECTION__' : ('ALLOW', None, None),
'ShredCommand': ('ALLOW', _parseCommand, None),
'EntropySource': ('ALLOW', None, "/dev/urandom"),
+ 'TrustedUser': ('ALLOW*', None, None),
},
'DirectoryServers' :
{ '__SECTION__' : ('REQUIRE', None, None),
@@ -748,4 +749,6 @@
raise ConfigError if it isn't"""
# For now, we do nothing here. EntropySource and ShredCommand are checked
# in configure_trng and configureShredCommand, respectively.
- pass
+
+ # Host is checked in setupTrustedUIDs.
+
Index: __init__.py
===================================================================
RCS file: /home/minion/cvsroot/src/minion/lib/mixminion/__init__.py,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -d -r1.33 -r1.34
--- __init__.py 28 May 2003 05:31:41 -0000 1.33
+++ __init__.py 30 May 2003 03:07:56 -0000 1.34
@@ -7,7 +7,7 @@
"""
# This version string is generated from setup.py; don't edit it.
-__version__ = "0.0.4alpha3"
+__version__ = "0.0.4rc1"
# This 5-tuple encodes the version number for comparison. Don't edit it.
# The first 3 numbers are the version number; the 4th is:
# 0 for alpha
@@ -18,7 +18,7 @@
# The 4th or 5th number may be a string. If so, it is not meant to
# succeed or preceed any other sub-version with the same a.b.c version
# number.
-version_info = (0, 0, 4, 0, 3)
+version_info = (0, 0, 4, 99, 1)
__all__ = [ 'server', 'directory' ]
def version_tuple_to_string(t):
Index: test.py
===================================================================
RCS file: /home/minion/cvsroot/src/minion/lib/mixminion/test.py,v
retrieving revision 1.112
retrieving revision 1.113
diff -u -d -r1.112 -r1.113
--- test.py 29 May 2003 04:39:59 -0000 1.112
+++ test.py 30 May 2003 03:07:56 -0000 1.113
@@ -5783,6 +5783,9 @@
LOG.setMinSeverity("FATAL")
mixminion.Common.secureDelete([],1)
+ #DOCDOC
+ mixminion.Common._VALID_DIRECTORIES["/tmp"] = 1
+
# Disable TRACE and DEBUG log messages, unless somebody overrides from
# the environment.
LOG.setMinSeverity(os.environ.get('MM_TEST_LOGLEVEL', "WARN"))
Index: testSupport.py
===================================================================
RCS file: /home/minion/cvsroot/src/minion/lib/mixminion/testSupport.py,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -d -r1.15 -r1.16
--- testSupport.py 17 May 2003 00:08:44 -0000 1.15
+++ testSupport.py 30 May 2003 03:07:56 -0000 1.16
@@ -122,8 +122,6 @@
# mix_mktemp: A secure, paranoid mktemp replacement. (May be overkill
# for testing, but better safe than sorry.)
-# Constant flag: are we paranoid about permissions and uid on our tmpdir?
-_MM_TESTING_TEMPDIR_PARANOIA = 1
# Name of our temporary directory: all temporary files go under this
# directory. If None, it hasn't been created yet. If it exists,
# it must be owned by us, mode 700, and have no parents that an adversary
@@ -141,7 +139,6 @@
if _MM_TESTING_TEMPDIR is None:
# We haven't configured our temporary directory yet.
import tempfile
- paranoia = _MM_TESTING_TEMPDIR_PARANOIA
# If tempfile.mkdtemp exists, use it. This avoids warnings, and
# is harder for people to exploit.
@@ -155,7 +152,7 @@
# Otherwise, pick a dirname, make sure it doesn't exist, and try to
# create it.
temp = tempfile.mktemp()
- if paranoia and os.path.exists(temp):
+ if os.path.exists(temp):
print "I think somebody's trying to exploit mktemp."
sys.exit(1)
try:
@@ -169,33 +166,16 @@
print "Couldn't create temp dir %r" %temp
sys.exit(1)
st = os.stat(temp)
- if paranoia:
- # And be writeable only by us...
- if st[stat.ST_MODE] & 077:
- print "Couldn't make temp dir %r with secure permissions" %temp
- sys.exit(1)
- # And be owned by us...
- if st[stat.ST_UID] != os.getuid():
- print "The wrong user owns temp dir %r"%temp
- sys.exit(1)
- parent = temp
- # And if, and all of its parents, must not be group-writeable
- # unless their sticky bit is set, and must not be owned by
- # anybody except us and root.
- while 1:
- p = os.path.split(parent)[0]
- if parent == p:
- break
- parent = p
- st = os.stat(parent)
- m = st[stat.ST_MODE]
- if m & 02 and not (m & stat.S_ISVTX):
- print "Directory %s has fishy permissions %o" %(parent,m)
- sys.exit(1)
- if st[stat.ST_UID] not in (0, os.getuid()):
- print "Directory %s has bad owner %s" % (parent,
- st[stat.ST_UID])
- sys.exit(1)
+
+ # And be writeable only by us...
+ if st[stat.ST_MODE] & 077:
+ print "Couldn't make temp dir %r with secure permissions" %temp
+ sys.exit(1)
+ # And be owned by us...
+ if st[stat.ST_UID] != os.getuid():
+ print "The wrong user owns temp dir %r"%temp
+ sys.exit(1)
+ parent = temp
_MM_TESTING_TEMPDIR = temp
if _MM_TESTING_TEMPDIR_REMOVE_ON_EXIT: