[tor-commits] [flashproxy/master] Use fac.put_reg_base64 in facilitator-email-poller.

dcf at torproject.org dcf at torproject.org
Thu Mar 7 09:17:35 UTC 2013 

commit 910658c6ad2360edb36083a37593949da541afd0
Author: David Fifield <david at bamsoftware.com>
Date:   Thu Mar 7 00:17:52 2013 -0800

    Use fac.put_reg_base64 in facilitator-email-poller.
---
 facilitator/facilitator-email-poller        |   47 ++++++--------------------
 facilitator/init.d/facilitator-email-poller |    2 +-
 2 files changed, 12 insertions(+), 37 deletions(-)

diff --git a/facilitator/facilitator-email-poller b/facilitator/facilitator-email-poller
index e9c5d3a..f2f9466 100755
--- a/facilitator/facilitator-email-poller
+++ b/facilitator/facilitator-email-poller
@@ -16,7 +16,7 @@ import time
 import fac
 
 from hashlib import sha1
-from M2Crypto import BIO, RSA, X509
+from M2Crypto import X509
 
 DEFAULT_IMAP_HOST = "imap.gmail.com"
 DEFAULT_IMAP_PORT = 993
@@ -60,16 +60,11 @@ A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y
 # hashing the public key, not the entire certificate.
 PUBKEY_SHA1 = "fc54c0b2fcfcdfe4abf2f1755dfd3376f6481703".decode("hex")
 
-# Generating an RSA keypair for use by this program:
-# openssl genrsa reg-email 2048
-# chmod 600 reg-email
-
 LOG_DATE_FORMAT = "%Y-%m-%d %H:%M:%S"
 
 class options(object):
     email_addr = None
     imap_addr = None
-    key_filename = None
     password_filename = None
     log_filename = DEFAULT_LOG_FILENAME
     log_file = sys.stdout
@@ -91,7 +86,7 @@ class IMAP4_SSL_REQUIRED(imaplib.IMAP4_SSL):
 
 def usage(f = sys.stdout):
     print >> f, """\
-Usage: %(progname)s --key=KEYFILE --pass=PASSFILE
+Usage: %(progname)s --pass=PASSFILE
 Facilitator-side helper for the facilitator-reg-email rendezvous. Polls
 an IMAP server for email messages with client registrations, deletes
 them, and forwards the registrations to the facilitator.
@@ -101,7 +96,6 @@ them, and forwards the registrations to the facilitator.
   -h, --help              show this help.
   -i, --imap=HOST[:PORT]  use the given IMAP server (default "%(imap_addr)s").
       --imaplib-debug     show raw IMAP messages (will include email password).
-  -k, --key=KEYFILE       read a facilitator private key from KEYFILE.
   -l, --log FILENAME      write log to FILENAME (default \"%(log)s\").
   -p, --pass=PASSFILE     use the email password contained in PASSFILE.
       --pidfile FILENAME  write PID to FILENAME after daemonizing.
@@ -127,7 +121,7 @@ def log(msg):
 options.email_addr = DEFAULT_EMAIL_ADDRESS
 options.imap_addr = (DEFAULT_IMAP_HOST, DEFAULT_IMAP_PORT)
 
-opts, args = getopt.gnu_getopt(sys.argv[1:], "de:hi:k:l:p:", ["debug", "email=", "help", "imap=", "imaplib-debug", "key=", "log=", "pass=", "pidfile=", "unsafe-logging"])
+opts, args = getopt.gnu_getopt(sys.argv[1:], "de:hi:l:p:", ["debug", "email=", "help", "imap=", "imaplib-debug", "log=", "pass=", "pidfile=", "unsafe-logging"])
 for o, a in opts:
     if o == "-d" or o == "--debug":
         options.daemonize = False
@@ -141,8 +135,6 @@ for o, a in opts:
         options.imap_addr = fac.parse_addr_spec(a, DEFAULT_IMAP_HOST, DEFAULT_IMAP_PORT)
     if o == "--imaplib-debug":
         options.imaplib_debug = True
-    elif o == "-k" or o == "--key":
-        options.key_filename = a
     elif o == "-l" or o == "--log":
         options.log_filename = a
     elif o == "-p" or o == "--pass":
@@ -182,26 +174,6 @@ try:
 finally:
     password_file.close()
 
-# Load the private key specific to this registration method.
-if options.key_filename is None:
-    print >> sys.stderr, "The --key option is required."
-    sys.exit(1)
-try:
-    key_file = open(options.key_filename)
-except Exception, e:
-    print >> sys.stderr, """\
-Failed to open private key file "%s": %s.\
-""" % (options.key_filename, str(e))
-    sys.exit(1)
-try:
-    if not check_perms(key_file.fileno()):
-        print >> sys.stderr, "Refusing to run with group- or world-readable private key file. Try"
-        print >> sys.stderr, "\tchmod 600 %s" % options.key_filename
-        sys.exit(1)
-    rsa = RSA.load_key_string(key_file.read())
-finally:
-    key_file.close()
-
 if options.log_filename:
     options.log_file = open(options.log_filename, "a")
     # Send error tracebacks to the log.
@@ -234,11 +206,14 @@ def find_client_addr(body):
     return None
 
 def handle_message(msg):
-    ciphertext = msg.get_payload().decode("base64")
-    plaintext = rsa.private_decrypt(ciphertext, RSA.pkcs1_oaep_padding)
-    client_addr = find_client_addr(plaintext)
-    log(u"registering %s" % safe_str(fac.format_addr(client_addr)))
-    fac.put_reg(FACILITATOR_ADDR, client_addr)
+    try:
+        if fac.put_reg_base64(msg.get_payload()):
+            log(u"registered client")
+        else:
+            log(u"failed to register client")
+    except Exception, e:
+        log(u"error registering client")
+        raise
 
 def truncate_repr(s, n):
     if not isinstance(s, basestring):
diff --git a/facilitator/init.d/facilitator-email-poller b/facilitator/init.d/facilitator-email-poller
index a41f9e0..8f52845 100755
--- a/facilitator/init.d/facilitator-email-poller
+++ b/facilitator/init.d/facilitator-email-poller
@@ -21,7 +21,7 @@ PIDFILE=/var/run/$NAME.pid
 LOGFILE=/var/log/$NAME.log
 CONFDIR=/etc/flashproxy
 DAEMON=/usr/local/bin/$NAME
-DAEMON_ARGS="--pass $CONFDIR/reg-email.pass --key $CONFDIR/reg-email.key --log $LOGFILE --pidfile $PIDFILE"
+DAEMON_ARGS="--pass $CONFDIR/reg-email.pass --log $LOGFILE --pidfile $PIDFILE"
 SCRIPTNAME=/etc/init.d/$NAME
 
 # Exit if the package is not installed

More information about the tor-commits mailing list