[CalendarServer-changes] [1155]
CalendarServer/branches/users/cdaboo/security-1150/twistedcaldav/tap
.py
source_changes at macosforge.org
source_changes at macosforge.org
Fri Feb 9 12:29:20 PST 2007
Revision: 1155
http://trac.macosforge.org/projects/calendarserver/changeset/1155
Author: cdaboo at apple.com
Date: 2007-02-09 12:29:19 -0800 (Fri, 09 Feb 2007)
Log Message:
-----------
Add proper read/write access checks to key file system items (doc root, ssl cersts). Also add security check option
that will verify permissions, owner/group on those items and generate a warning if there is a problem.
Modified Paths:
--------------
CalendarServer/branches/users/cdaboo/security-1150/twistedcaldav/tap.py
Modified: CalendarServer/branches/users/cdaboo/security-1150/twistedcaldav/tap.py
===================================================================
--- CalendarServer/branches/users/cdaboo/security-1150/twistedcaldav/tap.py 2007-02-09 19:52:25 UTC (rev 1154)
+++ CalendarServer/branches/users/cdaboo/security-1150/twistedcaldav/tap.py 2007-02-09 20:29:19 UTC (rev 1155)
@@ -17,7 +17,7 @@
##
import os
-import sys
+import stat
from zope.interface import implements
@@ -153,12 +153,26 @@
self.parent['pidfile'] = config.PIDFile
# Verify that document root actually exists
- self.checkDirectory(config.DocumentRoot, "Document root")
+ self.checkDirectory(
+ config.DocumentRoot,
+ "Document root",
+ access=os.R_OK or os.W_OK,
+ permissions=0750,
+ uname=config.Username,
+ gname=config.Groupname)
# Verify that ssl certs exist if needed
if config.SSLEnable:
- self.checkFile(config.SSLPrivateKey, "SSL Private key")
- self.checkFile(config.SSLCertificate, "SSL Public key")
+ self.checkFile(
+ config.SSLPrivateKey,
+ "SSL Private key",
+ access=os.R_OK,
+ permissions=0640)
+ self.checkFile(
+ config.SSLCertificate,
+ "SSL Public key",
+ access=os.R_OK,
+ permissions=0644)
#
# Nuke the file log observer's time format.
@@ -166,19 +180,67 @@
if not config.ErrorLogFile and config.ServerType == 'slave':
log.FileLogObserver.timeFormat = ''
-
- def checkDirectory(self, dirpath, description):
+
+
+ # Check current umask and warn if changed
+ oldmask = os.umask(0027)
+ if oldmask != 0027:
+ print "WARNING: changing umask from: 0%03o to 0%03o" % (oldmask, 0027,)
+
+ def checkDirectory(self, dirpath, description, access=None, fail=False, permissions=None, uname=None, gname=None):
if not os.path.exists(dirpath):
raise ValueError("%s does not exist: %s" % (description, dirpath,))
elif not os.path.isdir(dirpath):
raise ValueError("%s is not a directory: %s" % (description, dirpath,))
+ elif access and not os.access(dirpath, access):
+ raise ValueError("Insufficient permissions for server on %s directory: %s" % (description, dirpath,))
+ self.securityCheck(dirpath, description, fail=fail, permissions=permissions, uname=uname, gname=gname)
- def checkFile(self, filepath, description):
+ def checkFile(self, filepath, description, access=None, fail=False, permissions=None, uname=None, gname=None):
if not os.path.exists(filepath):
raise ValueError("%s does not exist: %s" % (description, filepath,))
elif not os.path.isfile(filepath):
raise ValueError("%s is not a file: %s" % (description, filepath,))
+ elif access and not os.access(filepath, access):
+ raise ValueError("Insufficient permissions for server on %s directory: %s" % (description, filepath,))
+ self.securityCheck(filepath, description, fail=fail, permissions=permissions, uname=uname, gname=gname)
+ def securityCheck(self, path, description, fail=False, permissions=None, uname=None, gname=None):
+
+ def raiseOrPrint(txt):
+ if fail:
+ ValueError(txt)
+ else:
+ print "WARNING: %s" % (txt,)
+
+ pathstat = os.stat(path)
+ if permissions:
+ if stat.S_IMODE(pathstat[stat.ST_MODE]) != permissions:
+ raiseOrPrint("The permisions on %s directory %s are 0%03o and do not match expected permissions: 0%03o" % \
+ (description, path, stat.S_IMODE(pathstat[stat.ST_MODE]), permissions))
+ if uname:
+ import pwd
+ try:
+ pathuname = pwd.getpwuid(pathstat[stat.ST_UID])[0]
+ if pathuname != uname:
+ raiseOrPrint("The owner of %s directory %s is %s and does not match the expected owner: %s" % \
+ (description, path, pathuname, uname))
+ except KeyError:
+ raiseOrPrint("The owner of %s directory %s is unknown (%s) and does not match the expected owner: %s" % \
+ (description, path, pathstat[stat.ST_UID], uname))
+
+ if gname:
+ import grp
+ try:
+ pathgname = grp.getgrgid(pathstat[stat.ST_GID])[0]
+ if pathgname != gname:
+ raiseOrPrint("The group of %s directory %s is %s and does not match the expected group: %s" % \
+ (description, path, pathgname, gname))
+ except KeyError:
+ raiseOrPrint("The group of %s directory %s is unknown (%s) and does not match the expected group: %s" % \
+ (description, path, pathstat[stat.ST_GID], gname))
+
+
class CalDAVServiceMaker(object):
implements(IPlugin, service.IServiceMaker)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20070209/22fb00c7/attachment.html
More information about the calendarserver-changes
mailing list