commit 62a54a9b715c6347300600cee0629f656915572c Author: David Fifield david@bamsoftware.com Date: Thu Mar 7 00:19:36 2013 -0800
Move check_perms to fac.py. --- facilitator/fac.py | 8 ++++++++ facilitator/facilitator-email-poller | 8 +------- facilitator/facilitator-reg-daemon | 9 +-------- 3 files changed, 10 insertions(+), 15 deletions(-)
diff --git a/facilitator/fac.py b/facilitator/fac.py index 3a84ef4..9d33a3e 100644 --- a/facilitator/fac.py +++ b/facilitator/fac.py @@ -1,8 +1,16 @@ import errno +import os import re import socket +import stat import subprocess
+# Return true iff the given fd is readable, writable, and executable only by its +# owner. +def check_perms(fd): + mode = os.fstat(fd)[0] + return (mode & (stat.S_IRWXG | stat.S_IRWXO)) == 0 + # A decorator to ignore "broken pipe" errors. def catch_epipe(fn): def ret(self, *args): diff --git a/facilitator/facilitator-email-poller b/facilitator/facilitator-email-poller index f2f9466..e2a794e 100755 --- a/facilitator/facilitator-email-poller +++ b/facilitator/facilitator-email-poller @@ -148,12 +148,6 @@ if len(args) != 0: usage(sys.stderr) sys.exit(1)
-# Return true iff the given fd is readable, writable, and executable only by its -# owner. -def check_perms(fd): - mode = os.fstat(fd)[0] - return (mode & (stat.S_IRWXG | stat.S_IRWXO)) == 0 - # Load the email password. if options.password_filename is None: print >> sys.stderr, "The --pass option is required." @@ -166,7 +160,7 @@ Failed to open password file "%s": %s.\ """ % (options.password_filename, str(e)) sys.exit(1) try: - if not check_perms(password_file.fileno()): + if not fac.check_perms(password_file.fileno()): print >> sys.stderr, "Refusing to run with group- or world-readable password file. Try" print >> sys.stderr, "\tchmod 600 %s" % options.password_filename sys.exit(1) diff --git a/facilitator/facilitator-reg-daemon b/facilitator/facilitator-reg-daemon index 996c50e..e684127 100755 --- a/facilitator/facilitator-reg-daemon +++ b/facilitator/facilitator-reg-daemon @@ -4,7 +4,6 @@ import SocketServer import getopt import os import socket -import stat import sys import threading import time @@ -85,12 +84,6 @@ def find_client_addr(body): return fac.parse_addr_spec(client_spec) return None
-# Return true iff the given fd is readable, writable, and executable only by its -# owner. -def check_perms(fd): - mode = os.fstat(fd)[0] - return (mode & (stat.S_IRWXG | stat.S_IRWXO)) == 0 - class Handler(SocketServer.StreamRequestHandler): def __init__(self, *args, **kwargs): self.deadline = time.time() + CLIENT_TIMEOUT @@ -174,7 +167,7 @@ def main(): print >> sys.stderr, "Failed to open private key file "%s": %s." % (options.key_filename, str(e)) sys.exit(1) try: - if not check_perms(key_file.fileno()): + if not fac.check_perms(key_file.fileno()): print >> sys.stderr, "Refusing to run with group- or world-readable private key file. Try" print >> sys.stderr, "\tchmod 600 %s" % options.key_filename sys.exit(1)