[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[minion-cvs] Usability improvements; "removeKeys" functionality for ...
Update of /home/minion/cvsroot/src/minion/lib/mixminion
In directory moria.seul.org:/tmp/cvs-serv10826/lib/mixminion
Modified Files:
Main.py ServerInfo.py ServerMain.py
Log Message:
Usability improvements; "removeKeys" functionality for server
Main.py:
- Handle bad usage exceptions
- Fix thinko on error message about bad installations
- Add server-DELKEYS function to delete *all* server keys.
ServerInfo.py:
- Give better exception on unguessable IP.
ServerMain.py:
- Add function to delete identity key
- Add argument to removeDeadKeys so we can remove keys that aren't
invalid yet.
- Add log messages to removeDeadKeys
- Fix typo on usage message in runServer
- Add 'removeKeys' entry point to clean out a server's key state.
Index: Main.py
===================================================================
RCS file: /home/minion/cvsroot/src/minion/lib/mixminion/Main.py,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -d -r1.7 -r1.8
--- Main.py 21 Nov 2002 19:46:11 -0000 1.7
+++ Main.py 22 Nov 2002 00:26:35 -0000 1.8
@@ -28,6 +28,8 @@
" You seem to be running version %s.\n")%_ver)
sys.exit(1)
+import getopt
+
def filesAreSame(f1, f2):
"Return true if f1 and f2 are exactly the same file."
if os.path.normpath(f1) == os.path.normpath(f2):
@@ -56,9 +58,9 @@
mydir = os.path.split(myself)[0]
parentdir, miniondir = os.path.split(mydir)
if not miniondir == 'mixminion':
- sys.stderr.write("Bad mixminion installation:\n"+
+ sys.stderr.write(("Bad mixminion installation:\n"+
" I resolved %s to %s, but expected to find ../mixminion/Main.py\n")%(
- orig_cmd, myself)
+ orig_cmd, myself))
# Now we check whether there's already an entry in sys.path. If not,
# we add the directory we found.
@@ -97,7 +99,8 @@
"benchmarks" : ( 'mixminion.benchmark', 'timeAll' ),
"client" : ( 'mixminion.ClientMain', 'runClient' ),
"server" : ( 'mixminion.ServerMain', 'runServer' ),
- "server-keygen" : ( 'mixminion.ServerMain', 'runKeygen')
+ "server-keygen" : ( 'mixminion.ServerMain', 'runKeygen'),
+ "server-DELKEYS" : ( 'mixminion.ServerMain', 'removeKeys'),
}
def printVersion(cmd,args):
@@ -131,7 +134,11 @@
func = getattr(mod, command_fn)
# Invoke the command.
- func(" ".join(args[0:2]), args[2:])
+ try:
+ func(" ".join(args[0:2]), args[2:])
+ except getopt.GetoptError, e:
+ print >>sys.stderr, e
+ func(" ".join(args[0:2]), ["--help"])
if __name__ == '__main__':
main(sys.argv)
Index: ServerInfo.py
===================================================================
RCS file: /home/minion/cvsroot/src/minion/lib/mixminion/ServerInfo.py,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -d -r1.18 -r1.19
--- ServerInfo.py 21 Nov 2002 16:55:49 -0000 1.18
+++ ServerInfo.py 22 Nov 2002 00:26:35 -0000 1.19
@@ -287,7 +287,7 @@
getLog().warn("No IP configured; guessing %s",fields['IP'])
except IPGuessError, e:
getLog().error("Can't guess IP: %s", str(e))
- raise MixError()
+ raise MixError("Can't guess IP: %s" % str(e))
info = """\
[Server]
Index: ServerMain.py
===================================================================
RCS file: /home/minion/cvsroot/src/minion/lib/mixminion/ServerMain.py,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -d -r1.12 -r1.13
--- ServerMain.py 21 Nov 2002 16:55:49 -0000 1.12
+++ ServerMain.py 22 Nov 2002 00:26:36 -0000 1.13
@@ -146,6 +146,22 @@
return key
+ def removeIdentityKey(self):
+ """Remove this server's identity key."""
+ fn = os.path.join(self.keyDir, "identity.key")
+ if not os.path.exists(fn):
+ getLog().info("No identity key to remove.")
+ else:
+ getLog().warn("Removing identity key in 10 seconds")
+ time.sleep(10)
+ getLog().warn("Removing identity key")
+ secureDelete([fn], blocking=1)
+
+ dhfile = os.path.join(self.homeDir, 'work', 'tls', 'dhparam')
+ if os.path.exists('dhfile'):
+ getLog().info("Removing diffie-helman parameters file")
+ secureDelete([dhfile], blocking=1)
+
def createKeys(self, num=1, startAt=None):
"""Generate 'num' public keys for this server. If startAt is provided,
make the first key become valid at'startAt'. Otherwise, make the
@@ -189,16 +205,25 @@
self.checkKeys()
- def removeDeadKeys(self):
+ def removeDeadKeys(self, now=None):
"""Remove all keys that have expired"""
- now = time.time()
+ self.checkKeys()
+
+ if now is None:
+ now = time.time()
+ expiryStr = " expired"
+ else:
+ expiryStr = ""
+
cutoff = now - self.keySloppiness
dirs = [ os.path.join(self.keyDir,"key_"+name)
for va, vu, name in self.keyIntervals if vu < cutoff ]
- for dirname in dirs:
+ for dirname, (va, vu, name) in zip(dirs, self.keyIntervals):
+ getLog().info("Removing%s key %s (valid from %s through %s)",
+ expiryStr, name, _date(va), _date(vu-3600))
files = [ os.path.join(dirname,f)
- for f in os.listdir(dirname) ]
+ for f in os.listdir(dirname) ]
secureDelete(files, blocking=1)
os.rmdir(dirname)
@@ -489,7 +514,7 @@
configFile = "/etc/mixminiond.conf"
for o,v in options:
if o in ('-h', '--help'):
- usageAndExit()
+ usageAndExit(cmd)
if o in ('-f', '--config'):
configFile = v
@@ -507,6 +532,7 @@
print >>sys.stderr, str(e)
sys.exit(1)
+#----------------------------------------------------------------------
def runServer(cmd, args):
config = configFromServerArgs(cmd, args)
try:
@@ -537,8 +563,11 @@
#----------------------------------------------------------------------
def runKeygen(cmd, args):
- options, args = getopt.getopt(args, "hf:n:", ["help", "config=", "keys="])
+ options, args = getopt.getopt(args, "hf:n:",
+ ["help", "config=", "keys="])
# FFFF password-encrypted keys
+ # FFFF Ability to fill gaps
+ # FFFF Ability to generate keys with particular start/end intervals
keys=1
usage=0
configFile = '/etc/miniond.conf'
@@ -552,11 +581,12 @@
keys = int(val)
except ValueError, _:
print >>sys.stderr,("%s requires an integer" %opt)
- sys.exit(1)
- if usage:
- print >>sys.stderr, "Usage: %s [-h] [-f configfile] [-n nKeys]"%cmd
- sys.exit(1)
- config = readConfigFile(configFile)
+ usage = 1
+ if usage:
+ print >>sys.stderr, "Usage: %s [-h] [-f configfile] [-n nKeys]"%cmd
+ sys.exit(1)
+
+ config = readConfigFile(configFile)
getLog().setMinSeverity("INFO")
mixminion.Crypto.init_crypto(config)
@@ -566,3 +596,37 @@
keyring.createKeys(1)
print >> sys.stderr, ".... (%s/%s done)" % (i+1,keys)
+#----------------------------------------------------------------------
+def removeKeys(cmd, args):
+ # FFFF Resist removing keys that have been published.
+ # FFFF Generate 'suicide note' for removing identity key.
+ options, args = getopt.getopt(args, "hf:", ["help", "config=",
+ "remove-identity"])
+ if args:
+ print >>sys.stderr, "%s takes no arguments"%cmd
+ usage = 1
+ args = options = ()
+ usage = 0
+ removeIdentity = 0
+ configFile = '/etc/miniond.conf'
+ for opt,val in options:
+ if opt in ('-h', '--help'):
+ usage=1
+ elif opt in ('-f', '--config'):
+ configFile = val
+ elif opt == '--remove-identity':
+ removeIdentity = 1
+ if usage:
+ print >>sys.stderr, \
+ "Usage: %s [-h|--help] [-f configfile] [--remove-identity]"%cmd
+ sys.exit(1)
+
+ config = readConfigFile(configFile)
+ getLog().setMinSeverity("INFO")
+ keyring = ServerKeyring(config)
+ keyring.checkKeys()
+ # This is impossibly far in the future.
+ keyring.removeDeadKeys(now=(1L << 36))
+ if removeIdentity:
+ keyring.removeIdentityKey()
+ getLog().info("Done removing keys")