def isCorrect(self): """ Do some checking on the object fields. """ if len(self.contacts) == 0: return False if len(self.sources) == 0: return False if not self.publickey: return False if not self.signature: return False if not self.revision: return False original_sources = self.getSources(as_originals=True) if len(set(original_sources)) != len(self.sources): lg.warn('original identity sources are duplicated: %r' % original_sources) return False if len(original_sources) > settings.MaximumIdentitySources(): lg.warn('too much sources') return False if len(original_sources) < settings.MinimumIdentitySources(): lg.warn('too few sources') return False try: int(self.revision) except: lg.warn('identity revision: %s' % self.revision) return False names = set() for source in original_sources: if not source: lg.warn('found empty source') return False proto, host, port, filename = nameurl.UrlParse(source) if filename.count('/'): lg.warn("incorrect identity name: %s" % filename) return False name, justxml = filename.split('.') names.add(name) # SECURITY check that name is simple if justxml != "xml": lg.warn("incorrect identity name: %s" % filename) return False if len(name) > settings.MaximumUsernameLength(): lg.warn("incorrect identity name: %s" % filename) return False if len(name) < settings.MinimumUsernameLength(): lg.warn("incorrect identity name: %s" % filename) return False for c in name: if c not in settings.LegalUsernameChars(): lg.warn("incorrect identity name: %s" % filename) return False if len(names) > 1: lg.warn('names are not consistent: %s' % str(names)) return False return True
def isCorrect(self): """ Do some checking on the object fields. """ if len(self.contacts) == 0: return False if len(self.sources) == 0: return False if self.publickey == '': return False if self.signature == '': return False if self.revision == '': return False if len(self.sources) > settings.MaximumIdentitySources(): lg.warn('too much sources') return False if len(self.sources) < settings.MinimumIdentitySources(): lg.warn('too few sources') return False try: int(self.revision) except: lg.warn('identity revision: %s' % self.revision) return False names = set() for source in self.sources: proto, host, port, filename = nameurl.UrlParse(source) if filename.count('/'): lg.warn("identity name: %s" % filename) return False name, justxml = filename.split('.') names.add(name) # SECURITY check that name is simple if justxml != "xml": lg.warn("identity name: %s" % filename) return False if len(name) > settings.MaximumUsernameLength(): lg.warn("identity name: %s" % filename) return False if len(name) < settings.MinimumUsernameLength(): lg.warn("identity name: %s" % filename) return False for c in name: if c not in settings.LegalUsernameChars(): lg.warn("identity name: %s" % filename) return False if len(names) > 1: lg.warn('names are not consistant: %s' % str(names)) return False return True
def ValidKeyAlias(key_alias): if len(key_alias) > 50: lg.warn("key_alias is too long") return False if len(key_alias) < settings.MinimumUsernameLength(): lg.warn("key_alias is too short") return False pos = 0 for c in key_alias: if c not in settings.LegalUsernameChars(): lg.warn("key_alias has illegal character at position: %d" % pos) return False pos += 1 if key_alias[0] not in set('abcdefghijklmnopqrstuvwxyz'): lg.warn('key_alias not begins with letter') return False return True
def ValidUserName(username): """ A method to validate account name entered by user. """ if len(username) < settings.MinimumUsernameLength(): lg.warn("username is too short") return False if len(username) > settings.MaximumUsernameLength(): lg.warn("username is too long") return False pos = 0 for c in username: if c not in settings.LegalUsernameChars(): lg.warn("username has illegal character at position: %d" % pos) return False pos += 1 if username[0] not in set('abcdefghijklmnopqrstuvwxyz'): lg.warn('username not begins with letter') return False return True
def is_valid_key_id(global_key_id): """ """ parts = global_id.ParseGlobalID(global_key_id) if not parts['key_alias']: lg.warn('no key_alias found in the input') return False if not parts['idurl']: lg.warn('no idurl found in the input') return False key_alias = parts['key_alias'] if len(key_alias) > settings.MaximumUsernameLength(): lg.warn("key_alias too long: %d" % len(key_alias)) return False if len(key_alias) < settings.MinimumUsernameLength(): lg.warn("key_alias too short: %d" % len(key_alias)) return False pos = 0 for c in key_alias: if c not in settings.LegalUsernameChars(): lg.warn("key_alias has illegal character at position: %d" % pos) return False pos += 1 return True
def _save_identity(self, inputfilename): """ """ lg.out(6, "id_server._save_identity " + inputfilename) if os.path.getsize(inputfilename) > 50000: lg.warn("input file too big - ignoring ") tmpfile.erase('idsrv', inputfilename, 'input file too big') # os.remove(inputfilename) return newxml = bpio.ReadTextFile(inputfilename) if len(newxml.strip()) < 500: lg.warn("input file too small - ignoring ") tmpfile.erase('idsrv', inputfilename, 'input file too small') # os.remove(inputfilename) return try: newidentity = identity.identity(xmlsrc=newxml) except: lg.warn("input file is wrong - ignoring ") tmpfile.erase('idsrv', inputfilename, 'input file is wrong') # os.remove(inputfilename) return tmpfile.erase('idsrv', inputfilename, 'id received') if not newidentity.isCorrect(): lg.warn("has non-Correct identity") return if not newidentity.Valid(): lg.warn("has non-Valid identity") return matchid = "" for idurl in newidentity.sources: protocol, host, port, filename = nameurl.UrlParse(idurl) if host == self.hostname: lg.out(4, "id_server._save_identity found match for us") matchid = idurl break if matchid == "": lg.warn("identity is not for this nameserver") return protocol, host, port, filename = nameurl.UrlParse(matchid) name, justxml = filename.split(".") # SECURITY check that name is simple if justxml != "xml": lg.warn("identity name " + filename) return if len(name) > settings.MaximumUsernameLength(): lg.warn("identity name " + filename) return if len(name) < settings.MinimumUsernameLength(): lg.warn("identity name " + filename) return for c in name: if c not in settings.LegalUsernameChars(): lg.warn("identity name " + filename) return localfilename = os.path.join(settings.IdentityServerDir(), filename) # lg.out(8,"id_server.SaveIdentity with filename " + localfilename) oldxml = '' # need to make sure id was not already used by different key - which would mean someone trying to steal identity if os.path.exists(localfilename): lg.out( 6, "id_server._save_identity was already an identity with this name " + localfilename) oldxml = bpio.ReadTextFile(localfilename) oldidentity = identity.identity(xmlsrc=oldxml) if oldidentity.publickey != newidentity.publickey: lg.warn("new public key does not match old " + localfilename) return if newxml != oldxml: if not os.path.exists(localfilename): lg.out( 6, "id_server._save_identity will save NEW Identity: " + filename) bpio.WriteFile(localfilename, newxml)