From 78fe82ba9b56fac5105827b4b779015a2361116d Mon Sep 17 00:00:00 2001 From: Seth Vidal Date: Thu, 27 Sep 2007 19:18:51 -0400 Subject: remove config_data.py as it is no longer used --- func/config_data.py | 52 --------------------------------------------------- minion/config_data.py | 52 --------------------------------------------------- 2 files changed, 104 deletions(-) delete mode 100755 func/config_data.py delete mode 100755 minion/config_data.py diff --git a/func/config_data.py b/func/config_data.py deleted file mode 100755 index daa366a..0000000 --- a/func/config_data.py +++ /dev/null @@ -1,52 +0,0 @@ -#!/usr/bin/python - -# func -# -# Copyright 2006, Red Hat, Inc -# see AUTHORS -# -# This software may be freely redistributed under the terms of the GNU -# general public license. - -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - -import codes - -import os -import ConfigParser - -CONFIG_FILE = "/etc/func/minion.conf" - -class Config: - - # this class is a Borg - __shared_state = {} - has_read = False - ds = {} - - def __init__(self): - self.__dict__ = self.__shared_state - if not self.has_read: - self.read() - Config.has_read = True - - def read(self): - - if not os.path.exists(CONFIG_FILE): - raise codes.FuncException("Missing %s" % CONFIG_FILE) - - cp = ConfigParser.ConfigParser() - - cp.read([CONFIG_FILE]) - - self.ds["log_level"] = cp.get("general","log_level") - self.ds["overlord_server"] = cp.get("general","overlord_server") - self.ds["certmaster"] = cp.get("general", "certmaster") - self.ds["cert_dir"] = cp.get("general", "cert_dir") - - def get(self): - return self.ds - - diff --git a/minion/config_data.py b/minion/config_data.py deleted file mode 100755 index daa366a..0000000 --- a/minion/config_data.py +++ /dev/null @@ -1,52 +0,0 @@ -#!/usr/bin/python - -# func -# -# Copyright 2006, Red Hat, Inc -# see AUTHORS -# -# This software may be freely redistributed under the terms of the GNU -# general public license. - -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - -import codes - -import os -import ConfigParser - -CONFIG_FILE = "/etc/func/minion.conf" - -class Config: - - # this class is a Borg - __shared_state = {} - has_read = False - ds = {} - - def __init__(self): - self.__dict__ = self.__shared_state - if not self.has_read: - self.read() - Config.has_read = True - - def read(self): - - if not os.path.exists(CONFIG_FILE): - raise codes.FuncException("Missing %s" % CONFIG_FILE) - - cp = ConfigParser.ConfigParser() - - cp.read([CONFIG_FILE]) - - self.ds["log_level"] = cp.get("general","log_level") - self.ds["overlord_server"] = cp.get("general","overlord_server") - self.ds["certmaster"] = cp.get("general", "certmaster") - self.ds["cert_dir"] = cp.get("general", "cert_dir") - - def get(self): - return self.ds - - -- cgit From aa71a3021a13c4b9d1a4a5ab4623913237edaa7a Mon Sep 17 00:00:00 2001 From: Seth Vidal Date: Thu, 27 Sep 2007 19:25:06 -0400 Subject: certs are named .cert not .crt so when we remove the extension it is string[:-5] not string[:-4] --- overlord/client.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/overlord/client.py b/overlord/client.py index 9196ccb..d241373 100755 --- a/overlord/client.py +++ b/overlord/client.py @@ -102,7 +102,7 @@ class Client(): certs = glob.glob(actual_gloob) for cert in certs: all_certs.append(cert) - host = cert.replace(self.config.certroot,"")[1:-4] + host = cert.replace(self.config.certroot,"")[1:-5] all_hosts.append(host) # debug only: -- cgit From c0ccddeb7263ea4ea57a63ca984c8fac38fddfc2 Mon Sep 17 00:00:00 2001 From: Seth Vidal Date: Fri, 28 Sep 2007 10:46:31 -0400 Subject: make sure we don't end up with / or \ in filenames anywhere from a dodgy cn in a csr --- func/certmaster.py | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/func/certmaster.py b/func/certmaster.py index 557cfdb..0c1f333 100755 --- a/func/certmaster.py +++ b/func/certmaster.py @@ -1,6 +1,5 @@ #!/usr/bin/python -# FIXME: picky about bogus CN names ../ ../ ./ etc, etc to avoid stupid attacks # FIXME: more intelligent fault raises """ @@ -41,7 +40,6 @@ class CertMaster(object): try: if not os.path.exists(self.cfg.cadir): os.makedirs(self.cfg.cadir) - # fixme - should we creating these separately? if not os.path.exists(self.ca_key_file) and not os.path.exists(self.ca_cert_file): certs.create_ca(ca_key_file=self.ca_key_file, ca_cert_file=self.ca_cert_file) except (IOError, OSError), e: @@ -71,7 +69,11 @@ class CertMaster(object): else: raise codes.InvalidMethodException - + def _sanitize_cn(self, commonname): + commonname = commonname.replace('/', '') + commonname = commonname.replace('\\', '') + return commonname + def wait_for_cert(self, csrbuf): """ takes csr as a string @@ -85,7 +87,10 @@ class CertMaster(object): #XXX need to raise a fault here and document it - but false is just as good return False, '', '' - requesting_host = csrreq.get_subject().CN + requesting_host = self._sanitize_cn(csrreq.get_subject().CN) + + # get rid of dodgy characters in the filename we're about to make + certfile = '%s/%s.cert' % (self.cfg.certroot, requesting_host) csrfile = '%s/%s.csr' % (self.cfg.csrroot, requesting_host) @@ -170,7 +175,8 @@ class CertMaster(object): else: # assume we got a bare csr req csrreq = csr - requesting_host = csrreq.get_subject().CN + requesting_host = self._sanitize_cn(csrreq.get_subject().CN) + certfile = '%s/%s.cert' % (self.cfg.certroot, requesting_host) thiscert = certs.create_slave_certificate(csrreq, self.cakey, self.cacert, self.cfg.cadir) destfo = open(certfile, 'w') -- cgit