[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[minion-cvs] Final changes before 0.0.4rc1, I think.



Update of /home/minion/cvsroot/src/minion/lib/mixminion
In directory moria.mit.edu:/tmp/cvs-serv19163/lib/mixminion

Modified Files:
	ClientMain.py Common.py Config.py __init__.py test.py 
	testSupport.py 
Log Message:
Final changes before 0.0.4rc1, I think.

setup.py, __init__.py, ServerList.py:
* Bump version to 0.0.4rc1

ClientMain.py:
* Fix bug that made 'mixminion list-servers' list every good server twice.

Common.py, test.py, testSupport.py, ClientMain.py, ServerMain.py, Common.py:
* Start of code to allow users to override directory warnings


Index: ClientMain.py
===================================================================
RCS file: /home/minion/cvsroot/src/minion/lib/mixminion/ClientMain.py,v
retrieving revision 1.84
retrieving revision 1.85
diff -u -d -r1.84 -r1.85
--- ClientMain.py	30 May 2003 02:07:41 -0000	1.84
+++ ClientMain.py	30 May 2003 03:07:56 -0000	1.85
@@ -414,6 +414,8 @@
 
         for info, where in self.fullServerList:
             nn = info.getNickname().lower()
+            if self.goodServerNicknames.get(nn):
+                continue
             self.byNickname.setdefault(nn, []).append((info, where))
 
 
@@ -1898,6 +1900,7 @@
                 else:
                     LOG.setMinSeverity("INFO")
             mixminion.Common.configureShredCommand(self.config)
+            mixminion.Common.configureTrustedUsers(self.config)
             if not self.verbose:
                 try:
                     LOG.setMinSeverity("WARN")

Index: Common.py
===================================================================
RCS file: /home/minion/cvsroot/src/minion/lib/mixminion/Common.py,v
retrieving revision 1.83
retrieving revision 1.84
diff -u -d -r1.83 -r1.84
--- Common.py	28 May 2003 08:39:45 -0000	1.83
+++ Common.py	30 May 2003 03:07:56 -0000	1.84
@@ -25,6 +25,7 @@
 import grp
 import gzip
 import os
+import pwd
 import re
 import signal
 import stat
@@ -308,6 +309,8 @@
     checkPrivateDir(d)
 
 _WARNED_DIRECTORIES = {}
+_VALID_DIRECTORIES = {}
+_TRUSTED_UIDS = [ 0 ]
 
 def checkPrivateDir(d, recurse=1):
     """Check whether d is a directory owned by this uid, set to mode
@@ -315,6 +318,7 @@
        this uid and uid 0.  If any of these conditions are unmet, raise
        MixFatalErrror.  Otherwise, return None."""
     me = os.getuid()
+    trusted_uids = _TRUSTED_UIDS + [ me ]
 
     if not os.path.isabs(d):
         d = os.path.abspath(d)
@@ -338,6 +342,8 @@
     # Check permissions on parents.
     while 1:
         parent = os.path.split(d)[0]
+        if _VALID_DIRECTORIES.has_key(parent):
+            return
         if parent == d:
             return
         d = parent
@@ -345,7 +351,7 @@
         st = os.stat(d)
         mode = st[stat.ST_MODE]
         owner = st[stat.ST_UID]
-        if owner not in (0, me):
+        if owner not in trusted_uids:
             raise MixFatalError("Bad owner (uid=%s) on directory %s"
                                 % (owner, d))
         if (mode & 02) and not (mode & stat.S_ISVTX):
@@ -358,6 +364,23 @@
                 LOG.warn("Directory %s is writable by group %s (mode %o)",
                          d, group, mode&0777)
             _WARNED_DIRECTORIES[d] = 1
+
+def configureTrustedUsers(config):
+    #XXXX004 call this
+    users = config['Host']['TrustedUser']
+    if not users:
+        return
+
+    for u in users:
+        u = u.strip()
+        try:
+            ent = pwd.getpwnam(u)
+        except KeyError:
+            LOG.warn("TrustedUser: No such user as %s", u)
+            continue
+
+        uid = ent[2]
+        _TRUSTED_UIDS.append(uid)
 
 #----------------------------------------------------------------------
 # File helpers

Index: Config.py
===================================================================
RCS file: /home/minion/cvsroot/src/minion/lib/mixminion/Config.py,v
retrieving revision 1.44
retrieving revision 1.45
diff -u -d -r1.44 -r1.45
--- Config.py	28 May 2003 06:37:32 -0000	1.44
+++ Config.py	30 May 2003 03:07:56 -0000	1.45
@@ -706,6 +706,7 @@
         'Host' : { '__SECTION__' : ('ALLOW', None, None),
                    'ShredCommand': ('ALLOW', _parseCommand, None),
                    'EntropySource': ('ALLOW', None, "/dev/urandom"),
+                   'TrustedUser': ('ALLOW*', None, None),
                    },
         'DirectoryServers' :
                    { '__SECTION__' : ('REQUIRE', None, None),
@@ -748,4 +749,6 @@
        raise ConfigError if it isn't"""
     # For now, we do nothing here.  EntropySource and ShredCommand are checked
     # in configure_trng and configureShredCommand, respectively.
-    pass
+
+    # Host is checked in setupTrustedUIDs.
+

Index: __init__.py
===================================================================
RCS file: /home/minion/cvsroot/src/minion/lib/mixminion/__init__.py,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -d -r1.33 -r1.34
--- __init__.py	28 May 2003 05:31:41 -0000	1.33
+++ __init__.py	30 May 2003 03:07:56 -0000	1.34
@@ -7,7 +7,7 @@
    """
 
 # This version string is generated from setup.py; don't edit it.
-__version__ = "0.0.4alpha3"
+__version__ = "0.0.4rc1"
 # This 5-tuple encodes the version number for comparison.  Don't edit it.
 # The first 3 numbers are the version number; the 4th is:
 #          0 for alpha
@@ -18,7 +18,7 @@
 # The 4th or 5th number may be a string.  If so, it is not meant to
 #   succeed or preceed any other sub-version with the same a.b.c version
 #   number.
-version_info = (0, 0, 4, 0, 3)
+version_info = (0, 0, 4, 99, 1)
 __all__ = [ 'server', 'directory' ]
 
 def version_tuple_to_string(t):

Index: test.py
===================================================================
RCS file: /home/minion/cvsroot/src/minion/lib/mixminion/test.py,v
retrieving revision 1.112
retrieving revision 1.113
diff -u -d -r1.112 -r1.113
--- test.py	29 May 2003 04:39:59 -0000	1.112
+++ test.py	30 May 2003 03:07:56 -0000	1.113
@@ -5783,6 +5783,9 @@
     LOG.setMinSeverity("FATAL")
     mixminion.Common.secureDelete([],1)
 
+    #DOCDOC
+    mixminion.Common._VALID_DIRECTORIES["/tmp"] = 1
+
     # Disable TRACE and DEBUG log messages, unless somebody overrides from
     # the environment.
     LOG.setMinSeverity(os.environ.get('MM_TEST_LOGLEVEL', "WARN"))

Index: testSupport.py
===================================================================
RCS file: /home/minion/cvsroot/src/minion/lib/mixminion/testSupport.py,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -d -r1.15 -r1.16
--- testSupport.py	17 May 2003 00:08:44 -0000	1.15
+++ testSupport.py	30 May 2003 03:07:56 -0000	1.16
@@ -122,8 +122,6 @@
 # mix_mktemp: A secure, paranoid mktemp replacement.  (May be overkill
 # for testing, but better safe than sorry.)
 
-# Constant flag: are we paranoid about permissions and uid on our tmpdir?
-_MM_TESTING_TEMPDIR_PARANOIA = 1
 # Name of our temporary directory: all temporary files go under this
 # directory.  If None, it hasn't been created yet.  If it exists,
 # it must be owned by us, mode 700, and have no parents that an adversary
@@ -141,7 +139,6 @@
     if _MM_TESTING_TEMPDIR is None:
         # We haven't configured our temporary directory yet.
         import tempfile
-        paranoia = _MM_TESTING_TEMPDIR_PARANOIA
 
         # If tempfile.mkdtemp exists, use it.  This avoids warnings, and
         # is harder for people to exploit.
@@ -155,7 +152,7 @@
         # Otherwise, pick a dirname, make sure it doesn't exist, and try to
         # create it.
             temp = tempfile.mktemp()
-            if paranoia and os.path.exists(temp):
+            if os.path.exists(temp):
                 print "I think somebody's trying to exploit mktemp."
                 sys.exit(1)
             try:
@@ -169,33 +166,16 @@
             print "Couldn't create temp dir %r" %temp
             sys.exit(1)
         st = os.stat(temp)
-        if paranoia:
-            # And be writeable only by us...
-            if st[stat.ST_MODE] & 077:
-                print "Couldn't make temp dir %r with secure permissions" %temp
-                sys.exit(1)
-            # And be owned by us...
-            if st[stat.ST_UID] != os.getuid():
-                print "The wrong user owns temp dir %r"%temp
-                sys.exit(1)
-            parent = temp
-            # And if, and all of its parents, must not be group-writeable
-            # unless their sticky bit is set, and must not be owned by
-            # anybody except us and root.
-            while 1:
-                p = os.path.split(parent)[0]
-                if parent == p:
-                    break
-                parent = p
-                st = os.stat(parent)
-                m = st[stat.ST_MODE]
-                if m & 02 and not (m & stat.S_ISVTX):
-                    print "Directory %s has fishy permissions %o" %(parent,m)
-                    sys.exit(1)
-                if st[stat.ST_UID] not in (0, os.getuid()):
-                    print "Directory %s has bad owner %s" % (parent,
-                                                             st[stat.ST_UID])
-                    sys.exit(1)
+
+        # And be writeable only by us...
+        if st[stat.ST_MODE] & 077:
+            print "Couldn't make temp dir %r with secure permissions" %temp
+            sys.exit(1)
+        # And be owned by us...
+        if st[stat.ST_UID] != os.getuid():
+            print "The wrong user owns temp dir %r"%temp
+            sys.exit(1)
+        parent = temp
 
         _MM_TESTING_TEMPDIR = temp
         if _MM_TESTING_TEMPDIR_REMOVE_ON_EXIT: