/mandos/trunk : revision 1240

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos

Committer: Teddy Hogeborn
Date: 2021-03-21 18:44:59 UTC
Revision ID: teddy@recompile.se-20210321184459-467agedq40ajs7ac

Use _FORTIFY_SOURCE=3, supported by GNU C Library version 2.33

* Makefile (FORTIFY): Changed to use "-D_FORTIFY_SOURCE=3".

Show diffs side-by-side

added added

removed removed

mandos

# "AvahiService" class, and some lines in "main".

# Everything else is

# This file is part of Mandos.

import codecs

import unittest

import random

import shlex

import dbus

import dbus.service

103

104

collections.abc = abc

104

105

del abc

105

106

107

# Add shlex.quote if it does not exist

108

try:

109

shlex.quote

110

except AttributeError:

111

shlex.quote = re.escape

112

106

113

# Show warnings by default

107

114

if not sys.warnoptions:

108

115

import warnings

136

143

if sys.version_info < (3, 2):

137

144

configparser.Configparser = configparser.SafeConfigParser

138

145

139

version = "1.8.9"

146

version = "1.8.14"

140

147

stored_state_file = "clients.pickle"

141

148

142

149

logger = logging.getLogger()

517

524

class AvahiServiceToSyslog(AvahiService):

518

525

def rename(self, *args, **kwargs):

519

526

"""Add the new name to the syslog messages"""

520

ret = super(AvahiServiceToSyslog, self).rename(*args, **kwargs)

527

ret = super(AvahiServiceToSyslog, self).rename(*args,

528

**kwargs)

521

529

syslogger.setFormatter(logging.Formatter(

522

530

'Mandos ({}) [%(process)d]: %(levelname)s: %(message)s'

523

531

.format(self.name)))

767

775

768

776

x509_crt_fmt_t = ctypes.c_int

769

777

770

# All the function declarations below are from gnutls/abstract.h

778

# All the function declarations below are from

779

# gnutls/abstract.h

771

780

pubkey_init = _library.gnutls_pubkey_init

772

781

pubkey_init.argtypes = [ctypes.POINTER(pubkey_t)]

773

782

pubkey_init.restype = _error_code

787

796

pubkey_deinit.argtypes = [pubkey_t]

788

797

pubkey_deinit.restype = None

789

798

else:

790

# All the function declarations below are from gnutls/openpgp.h

799

# All the function declarations below are from

800

# gnutls/openpgp.h

791

801

792

802

openpgp_crt_init = _library.gnutls_openpgp_crt_init

793

803

openpgp_crt_init.argtypes = [ctypes.POINTER(openpgp_crt_t)]

799

809

openpgp_crt_fmt_t]

800

810

openpgp_crt_import.restype = _error_code

801

811

802

openpgp_crt_verify_self = _library.gnutls_openpgp_crt_verify_self

803

openpgp_crt_verify_self.argtypes = [openpgp_crt_t, ctypes.c_uint,

804

ctypes.POINTER(ctypes.c_uint)]

812

openpgp_crt_verify_self = \

813

_library.gnutls_openpgp_crt_verify_self

814

openpgp_crt_verify_self.argtypes = [

815

openpgp_crt_t,

816

ctypes.c_uint,

817

ctypes.POINTER(ctypes.c_uint),

818

]

805

819

openpgp_crt_verify_self.restype = _error_code

806

820

807

821

openpgp_crt_deinit = _library.gnutls_openpgp_crt_deinit

1127

1141

if self.checker is None:

1128

1142

# Escape attributes for the shell

1129

1143

escaped_attrs = {

1130

attr: re.escape(str(getattr(self, attr)))

1144

attr: shlex.quote(str(getattr(self, attr)))

1131

1145

for attr in self.runtime_expansions}

1132

1146

try:

1133

1147

command = self.checker_command % escaped_attrs

2461

2475

buf = ctypes.create_string_buffer(32)

2462

2476

buf_len = ctypes.c_size_t(len(buf))

2463

2477

# Get the key ID from the raw public key into the buffer

2464

gnutls.pubkey_get_key_id(pubkey,

2465

gnutls.KEYID_USE_SHA256,

2466

ctypes.cast(ctypes.byref(buf),

2467

ctypes.POINTER(ctypes.c_ubyte)),

2468

ctypes.byref(buf_len))

2478

gnutls.pubkey_get_key_id(

2479

pubkey,

2480

gnutls.KEYID_USE_SHA256,

2481

ctypes.cast(ctypes.byref(buf),

2482

ctypes.POINTER(ctypes.c_ubyte)),

2483

ctypes.byref(buf_len))

2469

2484

# Deinit the certificate

2470

2485

gnutls.pubkey_deinit(pubkey)

2471

2486

2716

2731

address = request[3]

2717

2732

2718

2733

for c in self.clients.values():

2719

if key_id == "E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855":

2734

if key_id == ("E3B0C44298FC1C149AFBF4C8996FB924"

2735

"27AE41E4649B934CA495991B7852B855"):

2720

2736

continue

2721

2737

if key_id and c.key_id == key_id:

2722

2738

client = c

2774

2790

def rfc3339_duration_to_delta(duration):

2775

2791

"""Parse an RFC 3339 "duration" and return a datetime.timedelta

2776

2792

2777

>>> rfc3339_duration_to_delta("P7D") == datetime.timedelta(7)

2778

True

2779

>>> rfc3339_duration_to_delta("PT60S") == datetime.timedelta(0, 60)

2780

True

2781

>>> rfc3339_duration_to_delta("PT60M") == datetime.timedelta(0, 3600)

2782

True

2783

>>> rfc3339_duration_to_delta("PT24H") == datetime.timedelta(1)

2784

True

2785

>>> rfc3339_duration_to_delta("P1W") == datetime.timedelta(7)

2786

True

2787

>>> rfc3339_duration_to_delta("PT5M30S") == datetime.timedelta(0, 330)

2788

True

2789

>>> rfc3339_duration_to_delta("P1DT3M20S") == datetime.timedelta(1, 200)

2790

True

2793

>>> timedelta = datetime.timedelta

2794

>>> rfc3339_duration_to_delta("P7D") == timedelta(7)

2795

True

2796

>>> rfc3339_duration_to_delta("PT60S") == timedelta(0, 60)

2797

True

2798

>>> rfc3339_duration_to_delta("PT60M") == timedelta(0, 3600)

2799

True

2800

>>> rfc3339_duration_to_delta("PT24H") == timedelta(1)

2801

True

2802

>>> rfc3339_duration_to_delta("P1W") == timedelta(7)

2803

True

2804

>>> rfc3339_duration_to_delta("PT5M30S") == timedelta(0, 330)

2805

True

2806

>>> rfc3339_duration_to_delta("P1DT3M20S") == timedelta(1, 200)

2807

True

2808

>>> del timedelta

2791

2809

"""

2792

2810

2793

2811

# Parsing an RFC 3339 duration with regular expressions is not

Older »