[or-cvs] r17582: {projects} More changes from kaner: - fixed some black/whitelist errors (projects/gettor)

ioerror at seul.org ioerror at seul.org
Thu Dec 11 14:23:45 UTC 2008 

Author: ioerror
Date: 2008-12-11 09:23:45 -0500 (Thu, 11 Dec 2008)
New Revision: 17582

Modified:
   projects/gettor/gettor.py
   projects/gettor/gettor_blacklist.py
   projects/gettor/gettor_config.py
   projects/gettor/gettor_opt.py
Log:
More changes from kaner:
- fixed some black/whitelist errors
- added removeAll() in BWlist
- added lookup commandline switch for black/whitelist


Modified: projects/gettor/gettor.py
===================================================================
--- projects/gettor/gettor.py	2008-12-11 06:52:24 UTC (rev 17581)
+++ projects/gettor/gettor.py	2008-12-11 14:23:45 UTC (rev 17582)
@@ -105,8 +105,6 @@
     if not parsedMessage:
         log.error(_("No parsed message. Dropping message."))
         return False
-    # XXX: We should add a blacklist check here so that for exmaple ReplyTo 
-    # can't be our own address (DoS) (in case we have DKIM) 
     replyTo = rmail.getReplyTo()
     if not replyTo:
         log.error(_("No help dispatched. Invalid reply address for user."))
@@ -117,9 +115,15 @@
 
     # Initialize response
     srcEmail = conf.getSrcEmail()
+    # Bail out if someone tries to be funny
+    if (srcEmail == repluTo):
+        log.error(_("Won't send myself emails."))
+        return False
+
     resp = gettor_responses.gettorResponse(replyLang, logLang)
     signature = rmail.hasVerifiedSignature()
     log.info(_("Signature is: %s") % str(signature))
+    # Addresses from whitelist can pass without DKIM signature
     if not signature and not whiteList.lookupListEntry(replyTo):
         # Check to see if we've helped them to understand that they need DKIM
         # in the past
@@ -159,8 +163,12 @@
         log.error(_("Sorry, %s is not a directory.") % distDir)
         return False
     packs = gettor_packages.gettorPackages(options.mirror, conf)
-    whiteList = gettor_blacklist.BWList("/tmp/whitelist")
-    blackList = gettor_blacklist.BWList("/tmp/blacklist")
+    try:
+        whiteList = gettor_blacklist.BWList(conf.getWlStateDir())
+        blackList = gettor_blacklist.BWList(conf.getBlStateDir())
+    except IOError, e:
+        log.error(_("White/Black list error: %s") % e)
+        return False
 
     if options.fetchpackages:
         if packs.syncWithMirror() != 0:
@@ -204,17 +212,27 @@
         else:
             log.info(_("Creating blacklist entry ok."))
             success = True
+    if options.lookup:
+        if whiteList.lookupListEntry(options.lookup):
+            log.info(_("Present in whitelist."))
+            success = True
+        if blackList.lookupListEntry(options.lookup):
+            log.info(_("Present in blacklist."))
+            success = True
+        if not success:
+            log.info(_("Address neither in blacklist or whitelist."))
+            success = True
     if options.clearwl:
-        if not whiteList.clearAll():
+        if not whiteList.removeAll():
             log.error(_("Deleting whitelist failed."))
-            return false
+            return False
         else:
             log.info(_("Deleting whitelist done."))
             success = True
     if options.clearbl:
-        if not blackList.clearAll():
+        if not blackList.removeAll():
             log.error(_("Deleting blacklist failed."))
-            return false
+            return False
         else:
             log.info(_("Deleting blacklist done."))
             success = True

Modified: projects/gettor/gettor_blacklist.py
===================================================================
--- projects/gettor/gettor_blacklist.py	2008-12-11 06:52:24 UTC (rev 17581)
+++ projects/gettor/gettor_blacklist.py	2008-12-11 14:23:45 UTC (rev 17582)
@@ -1,7 +1,8 @@
 #!/usr/bin/python2.5
+"""This library implements all of the black listing features needed for gettor.
+Basically, it offers creation, removal and lookup of email addresses stored as
+SHA1 hashes in a dedicated directory on the filesystem.
 """
-This library implements all of the black listing features needed for gettor.
-"""
 
 import hashlib
 import os
@@ -18,9 +19,8 @@
     def __init__(self, listdir):
         self.listDir = listdir
         if not os.path.isdir(self.listDir):
-            log.error(_("Bad dir %s.") % self.listDir)
             # XXX Change this to something more appropriate
-            raise Exception
+            raise IOError("Bad dir: %s" % self.listDir)
 
     def lookupListEntry(self, address):
         """Check to see if we have a list entry for the given address."""
@@ -60,6 +60,15 @@
 
     def removeAll(self):
         print "Removing all entries from list!"
+        for root, dirs, files in os.walk(self.listDir):
+            for file in files:
+                try:
+                    rmfile = os.path.join(root, file)
+                    os.remove(rmfile)
+                except:
+                    log.error(_("Could not remove %s." % rmfile))
+                    return False
+        return True
 
 def blackListtests(address):
     """ This is a basic evaluation of our blacklist functionality """

Modified: projects/gettor/gettor_config.py
===================================================================
--- projects/gettor/gettor_config.py	2008-12-11 06:52:24 UTC (rev 17581)
+++ projects/gettor/gettor_config.py	2008-12-11 14:23:45 UTC (rev 17582)
@@ -31,6 +31,7 @@
  Here is what each of them is used for individually:
 
  blStateDir:    Blacklisted (hashed) email addresses go here
+ wlStateDir:    Whitelisted (hashed) email addresses go here
  distDir:       Sent-out Tor packages are found here
  srcEmail:      The email containing the Tor package will use this as 'From:'
  locale:        Choose your default mail and log locale
@@ -79,6 +80,7 @@
         #               Variable name   |  Default value           | Section
         self.useConf = {"stateDir":     ("/var/lib/gettor/",        "global"),
                         "blStateDir":   ("/var/lib/gettor/bl/",     "global"),
+                        "wlStateDir":   ("/var/lib/gettor/wl/",     "global"),
                         "srcEmail":     ("gettor at torproject.org",   "global"),
                         "distDir":      ("/var/lib/gettor/dist/",   "global"),
                         "packDir":      ("/var/lib/gettor/pkg/",    "global"),
@@ -136,6 +138,9 @@
     def getBlStateDir(self):
         return self.useConf["blStateDir"][0]
 
+    def getWlStateDir(self):
+        return self.useConf["wlStateDir"][0]
+
     def getSrcEmail(self):
         return self.useConf["srcEmail"][0]
 

Modified: projects/gettor/gettor_opt.py
===================================================================
--- projects/gettor/gettor_opt.py	2008-12-11 06:52:24 UTC (rev 17581)
+++ projects/gettor/gettor_opt.py	2008-12-11 14:23:45 UTC (rev 17582)
@@ -45,6 +45,10 @@
                          default="",
                          help="add an email address to the blacklist",
                          metavar="BLACKLIST")
+    cmdParser.add_option("-l", "--lookup", dest="lookup",
+                         default="",
+                         help="check black/white list presence of address",
+                         metavar="CHECKADDRESS")
     cmdParser.add_option("-x", "--clear-whitelist", dest="clearwl",
                         action="store_true", default=False,
                         help="clear all entrys in the whitelist")

More information about the tor-commits mailing list