Merge branch 'master' of ssh://git.fedoraproject.org/git/hosted/func

4 files changed, 12 insertions, 110 deletions

diff --git a/func/certmaster.py b/func/certmaster.py
index 557cfdb..0c1f333 100755
--- a/func/certmaster.py
+++ b/func/certmaster.py
@@ -1,6 +1,5 @@
 #!/usr/bin/python
 
-# FIXME: picky about bogus CN names ../ ../ ./ etc, etc to avoid stupid attacks
 # FIXME: more intelligent fault raises
 
 """
@@ -41,7 +40,6 @@ class CertMaster(object):
         try:
             if not os.path.exists(self.cfg.cadir):
                 os.makedirs(self.cfg.cadir)
-            # fixme - should we creating these separately?
             if not os.path.exists(self.ca_key_file) and not os.path.exists(self.ca_cert_file):
                 certs.create_ca(ca_key_file=self.ca_key_file, ca_cert_file=self.ca_cert_file)
         except (IOError, OSError), e:
@@ -71,7 +69,11 @@ class CertMaster(object):
         else:
             raise codes.InvalidMethodException
     
-
+    def _sanitize_cn(self, commonname):
+        commonname = commonname.replace('/', '')
+        commonname = commonname.replace('\\', '')       
+        return commonname
+    
     def wait_for_cert(self, csrbuf):
         """
            takes csr as a string
@@ -85,7 +87,10 @@ class CertMaster(object):
             #XXX need to raise a fault here and document it - but false is just as good
             return False, '', ''
             
-        requesting_host = csrreq.get_subject().CN
+        requesting_host = self._sanitize_cn(csrreq.get_subject().CN)
+        
+        # get rid of dodgy characters in the filename we're about to make
+        
         certfile = '%s/%s.cert' % (self.cfg.certroot, requesting_host)
         csrfile = '%s/%s.csr' % (self.cfg.csrroot, requesting_host)
 
@@ -170,7 +175,8 @@ class CertMaster(object):
                 
         else: # assume we got a bare csr req
             csrreq = csr
-        requesting_host = csrreq.get_subject().CN
+        requesting_host = self._sanitize_cn(csrreq.get_subject().CN)
+        
         certfile = '%s/%s.cert' % (self.cfg.certroot, requesting_host)
         thiscert = certs.create_slave_certificate(csrreq, self.cakey, self.cacert, self.cfg.cadir)
         destfo = open(certfile, 'w')
diff --git a/func/config_data.py b/func/config_data.py
deleted file mode 100755
index daa366a..0000000
--- a/func/config_data.py
+++ /dev/null
@@ -1,52 +0,0 @@
-#!/usr/bin/python
-
-# func
-#
-# Copyright 2006, Red Hat, Inc
-# see AUTHORS
-#
-# This software may be freely redistributed under the terms of the GNU
-# general public license.
-
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-
-import codes
-
-import os
-import ConfigParser
-
-CONFIG_FILE = "/etc/func/minion.conf"
-
-class Config:
-
-    # this class is a Borg
-    __shared_state = {}
-    has_read = False
-    ds = {}
-
-    def __init__(self):
-        self.__dict__ = self.__shared_state
-        if not self.has_read:
-            self.read()
-            Config.has_read = True
-
-    def read(self):
-
-        if not os.path.exists(CONFIG_FILE):
-            raise codes.FuncException("Missing %s" % CONFIG_FILE)
-
-        cp = ConfigParser.ConfigParser()
-
-        cp.read([CONFIG_FILE])
-        
-        self.ds["log_level"] = cp.get("general","log_level")
-        self.ds["overlord_server"] = cp.get("general","overlord_server")
-        self.ds["certmaster"] = cp.get("general", "certmaster")
-        self.ds["cert_dir"] = cp.get("general", "cert_dir")
-        
-    def get(self):
-        return self.ds
-
-
diff --git a/minion/config_data.py b/minion/config_data.py
deleted file mode 100755
index daa366a..0000000
--- a/minion/config_data.py
+++ /dev/null
@@ -1,52 +0,0 @@
-#!/usr/bin/python
-
-# func
-#
-# Copyright 2006, Red Hat, Inc
-# see AUTHORS
-#
-# This software may be freely redistributed under the terms of the GNU
-# general public license.
-
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-
-import codes
-
-import os
-import ConfigParser
-
-CONFIG_FILE = "/etc/func/minion.conf"
-
-class Config:
-
-    # this class is a Borg
-    __shared_state = {}
-    has_read = False
-    ds = {}
-
-    def __init__(self):
-        self.__dict__ = self.__shared_state
-        if not self.has_read:
-            self.read()
-            Config.has_read = True
-
-    def read(self):
-
-        if not os.path.exists(CONFIG_FILE):
-            raise codes.FuncException("Missing %s" % CONFIG_FILE)
-
-        cp = ConfigParser.ConfigParser()
-
-        cp.read([CONFIG_FILE])
-        
-        self.ds["log_level"] = cp.get("general","log_level")
-        self.ds["overlord_server"] = cp.get("general","overlord_server")
-        self.ds["certmaster"] = cp.get("general", "certmaster")
-        self.ds["cert_dir"] = cp.get("general", "cert_dir")
-        
-    def get(self):
-        return self.ds
-
-
diff --git a/overlord/client.py b/overlord/client.py
index 9196ccb..d241373 100755
--- a/overlord/client.py
+++ b/overlord/client.py
@@ -102,7 +102,7 @@ class Client():
            certs = glob.glob(actual_gloob)
            for cert in certs:
                all_certs.append(cert)
-               host = cert.replace(self.config.certroot,"")[1:-4]
+               host = cert.replace(self.config.certroot,"")[1:-5]
                all_hosts.append(host)
 
        # debug only: