def set_sig_pkey(self, sig_pkey): try: self._lock = WriteLock(self._lock, self._lockpath) sig_pkey.save(self._sig_pkey_file) self.sig_pkey = Key.fromFile(self._sig_pkey_file) if os.stat(self._sig_pkey_file)[stat.ST_UID] == os.getuid(): os.chmod(self._sig_pkey_file, self.wanted_mode_nx) if os.getuid() == 0: os.chown(self._sig_pkey_file, self.wanted_uid, self.wanted_gid) finally: if self._lock: self._lock.unlock()
def set_sig_skey(self, sig_skey): try: self._lock = WriteLock(self._lock, self._lockpath) sig_skey.save(self._sig_skey_file) self.sig_skey = Key.fromFile(self._sig_skey_file) # FIXME: Perhaps consider another mode for the secret # encryption key. if os.stat(self._sig_skey_file)[stat.ST_UID] == os.getuid(): os.chmod(self._sig_skey_file, self.wanted_mode_nx) if os.getuid() == 0: os.chown(self._sig_skey_file, self.wanted_uid, self.wanted_gid) finally: if self._lock: self._lock.unlock()
def delete(self): if os.path.exists(self.keys_dir): try: self._lock = WriteLock(self._lock, self._lockpath) for i in [self.sig_pkey, self.sig_skey, self.enc_pkey, self.enc_skey, self.enc_zero_skey, self.enc_zero_pkey]: if i: i.delete() finally: if self._lock: self._lock.unlock() if os.path.exists(self.keys_dir): if os.path.isdir(self.keys_dir) and not os.path.islink(self.keys_dir): os.rmdir(self.keys_dir) else: s = "Key set directory %s is not a regular directory: not deleting." % self.keys_dir raise ActivationException(s)
def __getattribute__(self, attr): if not attr in self.__dict__: return AttributeError((self, attr)) else: # This is a rather lame attempt at locking. if not attr in ["enc_zero_pkey", "enc_zero_skey", "enc_pkey", "enc_skey", "sig_pkey", "sig_skey"]: try: self._lock = ReadLock(self._lock, self._lockpath) obj = self.__dict__[attr] finally: if self._lock: self._lock.unlock() return obj else: return self.__dict__[attr]
def set_keyid_and_owner(self, newkeyid, newkeyowner): try: self._lock = WriteLock(self._lock, self._lockpath) self.enc_zero_pkey.save(self._enc_pkey_file) self.enc_zero_skey.save(self._enc_skey_file) self.enc_pkey = Key.fromFile(self._enc_pkey_file) self.enc_pkey.setkeyid(newkeyid) self.enc_pkey.setkeyname(newkeyowner) self.enc_skey = Key.fromFile(self._enc_skey_file) self.enc_skey.setkeyid(newkeyid) self.enc_skey.setkeyname(newkeyowner) for f in [self._enc_pkey_file, self._enc_skey_file]: # FIXME: Perhaps consider another mode for the secret # encryption key. if os.stat(f)[stat.ST_UID] == os.getuid(): os.chmod(f, self.wanted_mode_nx) if os.getuid() == 0: os.chown(f, self.wanted_uid, self.wanted_gid) finally: if self._lock: self._lock.unlock()
def __init__(self, basedir, keys_name, zero_pkey_data = None, zero_skey_data = None, zero_pkey_file = None, zero_skey_file = None): self.keys_name = keys_name self.enc_zero_pkey = None self.enc_zero_skey = None self.enc_pkey = None self.enc_skey = None self.sig_pkey = None self.sig_skey = None self.wanted_mode = os.stat(basedir)[stat.ST_MODE] nx = ~(stat.S_IXUSR | stat.S_IXGRP | stat.S_IXOTH) self.wanted_mode_nx = self.wanted_mode & nx self.wanted_uid = os.stat(basedir)[stat.ST_UID] self.wanted_gid = os.stat(basedir)[stat.ST_GID] self.keys_dir = os.path.join(basedir, "keys", keys_name) self._enc_zero_pkey_file = os.path.join(self.keys_dir, "email.0.enc.pkey") self._enc_zero_skey_file = os.path.join(self.keys_dir, "email.0.enc.skey") self._enc_skey_file = os.path.join(self.keys_dir, "email.enc.skey") self._enc_pkey_file = os.path.join(self.keys_dir, "email.enc.pkey") self._sig_skey_file = os.path.join(self.keys_dir, "email.sig.skey") self._sig_pkey_file = os.path.join(self.keys_dir, "email.sig.pkey") self._lockpath = os.path.join(self.keys_dir, "lock") self._lock = None if not os.path.exists(os.path.dirname(self.keys_dir)): d = os.path.dirname(self.keys_dir) os.mkdir(d) os.chmod(d, self.wanted_mode) if os.getuid() == 0: os.chown(d, self.wanted_uid, self.wanted_gid) if not os.path.exists(self.keys_dir): os.mkdir(self.keys_dir) os.chmod(self.keys_dir, self.wanted_mode) if os.getuid() == 0: os.chown(self.keys_dir, self.wanted_uid, self.wanted_gid) try: self._lock = ReadLock(self._lock, self._lockpath) if zero_pkey_data: write_file(self._enc_zero_pkey_file, zero_pkey_data) if zero_skey_data: write_file(self._enc_zero_skey_file, zero_skey_data) if zero_pkey_file: if os.path.exists(zero_pkey_file): shutil.copyfile(zero_pkey_file, self._enc_zero_pkey_file) if zero_skey_file: if os.path.exists(zero_skey_file): shutil.copyfile(zero_skey_file, self._enc_zero_skey_file) do_exists = False for i in [self._enc_zero_pkey_file, self._enc_zero_skey_file]: if os.path.exists(i): do_exists = True; break if do_exists: if os.path.exists(self._enc_zero_pkey_file): self.enc_zero_pkey = Key.fromFile(self._enc_zero_pkey_file) if os.path.exists(self._enc_zero_skey_file): self.enc_zero_skey = Key.fromFile(self._enc_zero_skey_file) if os.path.exists(self._enc_skey_file): self.enc_skey = Key.fromFile(self._enc_skey_file) if os.path.exists(self._enc_pkey_file): self.enc_pkey = Key.fromFile(self._enc_pkey_file) if os.path.exists(self._sig_pkey_file): self.sig_pkey = Key.fromFile(self._sig_pkey_file) if os.path.exists(self._sig_skey_file): self.sig_skey = Key.fromFile(self._sig_skey_file) else: (pkey, skey) = Key.newPair(Key.ENC_PAIR, 0, "") pkey.save(self._enc_zero_pkey_file) self.enc_zero_pkey = Key.fromFile(self._enc_zero_pkey_file) skey.save(self._enc_zero_skey_file) self.enc_zero_skey = Key.fromFile(self._enc_zero_skey_file) for f in [self._enc_zero_pkey_file, self._enc_zero_skey_file]: if os.stat(f)[stat.ST_UID] == os.getuid(): os.chmod(f, self.wanted_mode_nx) if os.getuid() == 0: os.chown(f, self.wanted_uid, self.wanted_gid) finally: if self._lock: self._lock.unlock()
class KeySet: """This class is used to manipulate the set of keys required during an activation. This class has no save method since it only manipulates file and has no internal state. Locking on this class is possibly flakey. To make sure you don't f**k things up, don't save references to the following attributes: enc_pkey, enc_skey, enc_zero_pkey, enc_zero_skey, sig_pkey, sig_skey. """ def exists(basedir, keys_name): d = os.path.join(basedir, "keys", keys_name) exists = os.path.exists(d) isdir = os.path.isdir(d) islink = os.path.islink(d) return exists and isdir and not islink exists = staticmethod(exists) def __init__(self, basedir, keys_name, zero_pkey_data = None, zero_skey_data = None, zero_pkey_file = None, zero_skey_file = None): self.keys_name = keys_name self.enc_zero_pkey = None self.enc_zero_skey = None self.enc_pkey = None self.enc_skey = None self.sig_pkey = None self.sig_skey = None self.wanted_mode = os.stat(basedir)[stat.ST_MODE] nx = ~(stat.S_IXUSR | stat.S_IXGRP | stat.S_IXOTH) self.wanted_mode_nx = self.wanted_mode & nx self.wanted_uid = os.stat(basedir)[stat.ST_UID] self.wanted_gid = os.stat(basedir)[stat.ST_GID] self.keys_dir = os.path.join(basedir, "keys", keys_name) self._enc_zero_pkey_file = os.path.join(self.keys_dir, "email.0.enc.pkey") self._enc_zero_skey_file = os.path.join(self.keys_dir, "email.0.enc.skey") self._enc_skey_file = os.path.join(self.keys_dir, "email.enc.skey") self._enc_pkey_file = os.path.join(self.keys_dir, "email.enc.pkey") self._sig_skey_file = os.path.join(self.keys_dir, "email.sig.skey") self._sig_pkey_file = os.path.join(self.keys_dir, "email.sig.pkey") self._lockpath = os.path.join(self.keys_dir, "lock") self._lock = None if not os.path.exists(os.path.dirname(self.keys_dir)): d = os.path.dirname(self.keys_dir) os.mkdir(d) os.chmod(d, self.wanted_mode) if os.getuid() == 0: os.chown(d, self.wanted_uid, self.wanted_gid) if not os.path.exists(self.keys_dir): os.mkdir(self.keys_dir) os.chmod(self.keys_dir, self.wanted_mode) if os.getuid() == 0: os.chown(self.keys_dir, self.wanted_uid, self.wanted_gid) try: self._lock = ReadLock(self._lock, self._lockpath) if zero_pkey_data: write_file(self._enc_zero_pkey_file, zero_pkey_data) if zero_skey_data: write_file(self._enc_zero_skey_file, zero_skey_data) if zero_pkey_file: if os.path.exists(zero_pkey_file): shutil.copyfile(zero_pkey_file, self._enc_zero_pkey_file) if zero_skey_file: if os.path.exists(zero_skey_file): shutil.copyfile(zero_skey_file, self._enc_zero_skey_file) do_exists = False for i in [self._enc_zero_pkey_file, self._enc_zero_skey_file]: if os.path.exists(i): do_exists = True; break if do_exists: if os.path.exists(self._enc_zero_pkey_file): self.enc_zero_pkey = Key.fromFile(self._enc_zero_pkey_file) if os.path.exists(self._enc_zero_skey_file): self.enc_zero_skey = Key.fromFile(self._enc_zero_skey_file) if os.path.exists(self._enc_skey_file): self.enc_skey = Key.fromFile(self._enc_skey_file) if os.path.exists(self._enc_pkey_file): self.enc_pkey = Key.fromFile(self._enc_pkey_file) if os.path.exists(self._sig_pkey_file): self.sig_pkey = Key.fromFile(self._sig_pkey_file) if os.path.exists(self._sig_skey_file): self.sig_skey = Key.fromFile(self._sig_skey_file) else: (pkey, skey) = Key.newPair(Key.ENC_PAIR, 0, "") pkey.save(self._enc_zero_pkey_file) self.enc_zero_pkey = Key.fromFile(self._enc_zero_pkey_file) skey.save(self._enc_zero_skey_file) self.enc_zero_skey = Key.fromFile(self._enc_zero_skey_file) for f in [self._enc_zero_pkey_file, self._enc_zero_skey_file]: if os.stat(f)[stat.ST_UID] == os.getuid(): os.chmod(f, self.wanted_mode_nx) if os.getuid() == 0: os.chown(f, self.wanted_uid, self.wanted_gid) finally: if self._lock: self._lock.unlock() def __getattribute__(self, attr): if not attr in self.__dict__: return AttributeError((self, attr)) else: # This is a rather lame attempt at locking. if not attr in ["enc_zero_pkey", "enc_zero_skey", "enc_pkey", "enc_skey", "sig_pkey", "sig_skey"]: try: self._lock = ReadLock(self._lock, self._lockpath) obj = self.__dict__[attr] finally: if self._lock: self._lock.unlock() return obj else: return self.__dict__[attr] def set_keyid_and_owner(self, newkeyid, newkeyowner): try: self._lock = WriteLock(self._lock, self._lockpath) self.enc_zero_pkey.save(self._enc_pkey_file) self.enc_zero_skey.save(self._enc_skey_file) self.enc_pkey = Key.fromFile(self._enc_pkey_file) self.enc_pkey.setkeyid(newkeyid) self.enc_pkey.setkeyname(newkeyowner) self.enc_skey = Key.fromFile(self._enc_skey_file) self.enc_skey.setkeyid(newkeyid) self.enc_skey.setkeyname(newkeyowner) for f in [self._enc_pkey_file, self._enc_skey_file]: # FIXME: Perhaps consider another mode for the secret # encryption key. if os.stat(f)[stat.ST_UID] == os.getuid(): os.chmod(f, self.wanted_mode_nx) if os.getuid() == 0: os.chown(f, self.wanted_uid, self.wanted_gid) finally: if self._lock: self._lock.unlock() def set_sig_skey(self, sig_skey): try: self._lock = WriteLock(self._lock, self._lockpath) sig_skey.save(self._sig_skey_file) self.sig_skey = Key.fromFile(self._sig_skey_file) # FIXME: Perhaps consider another mode for the secret # encryption key. if os.stat(self._sig_skey_file)[stat.ST_UID] == os.getuid(): os.chmod(self._sig_skey_file, self.wanted_mode_nx) if os.getuid() == 0: os.chown(self._sig_skey_file, self.wanted_uid, self.wanted_gid) finally: if self._lock: self._lock.unlock() def set_sig_pkey(self, sig_pkey): try: self._lock = WriteLock(self._lock, self._lockpath) sig_pkey.save(self._sig_pkey_file) self.sig_pkey = Key.fromFile(self._sig_pkey_file) if os.stat(self._sig_pkey_file)[stat.ST_UID] == os.getuid(): os.chmod(self._sig_pkey_file, self.wanted_mode_nx) if os.getuid() == 0: os.chown(self._sig_pkey_file, self.wanted_uid, self.wanted_gid) finally: if self._lock: self._lock.unlock() def delete(self): if os.path.exists(self.keys_dir): try: self._lock = WriteLock(self._lock, self._lockpath) for i in [self.sig_pkey, self.sig_skey, self.enc_pkey, self.enc_skey, self.enc_zero_skey, self.enc_zero_pkey]: if i: i.delete() finally: if self._lock: self._lock.unlock() if os.path.exists(self.keys_dir): if os.path.isdir(self.keys_dir) and not os.path.islink(self.keys_dir): os.rmdir(self.keys_dir) else: s = "Key set directory %s is not a regular directory: not deleting." % self.keys_dir raise ActivationException(s)