[neatx] r48 committed - Disallow illegal commas in options...

1 view
Skip to first unread message

ne...@googlecode.com

unread,
Dec 11, 2009, 2:26:54 PM12/11/09
to ne...@googlegroups.com
Revision: 48
Author: kormat
Date: Fri Dec 11 11:26:09 2009
Log: Disallow illegal commas in options

Also treat sess.display as an int, so its value cannot contain a comma.

Reviewed-By: imsnah

http://code.google.com/p/neatx/source/detail?r=48

Modified:
/trunk/neatx/INSTALL
/trunk/neatx/extras/rpm/neatx.spec
/trunk/neatx/lib/agent.py
/trunk/neatx/lib/app/nxserver_login.py
/trunk/neatx/lib/config.py
/trunk/neatx/lib/errors.py
/trunk/neatx/lib/node.py
/trunk/neatx/lib/session.py
/trunk/neatx/lib/utils.py

=======================================
--- /trunk/neatx/INSTALL Sun Dec 6 03:22:07 2009
+++ /trunk/neatx/INSTALL Fri Dec 11 11:26:09 2009
@@ -58,9 +58,9 @@
$ rpmdev-setuptree
$ cd /path/to/neatx/tree
$ tar czf ~/rpmbuild/SOURCES/neatx-0.1.tar.gz *
-$ rpmbuild -bs extras/rpm/neatx.spec --nodeps
+$ rpmbuild -bs contrib/rpm/neatx.spec --nodeps
# yum-builddep ~<user>/rpmbuild/SRPMS/neatx-*.src.rpm
-$ rpmbuild -bb extras/rpm/neatx.spec
+$ rpmbuild -bb contrib/rpm/neatx.spec
# yum install --nogpgcheck ~<user>/rpmbuild/RPMS/<platform>/<rpmname>

Then customise /etc/neatx.conf as below.
=======================================
--- /trunk/neatx/extras/rpm/neatx.spec Sun Dec 6 04:17:55 2009
+++ /trunk/neatx/extras/rpm/neatx.spec Fri Dec 11 11:26:09 2009
@@ -33,7 +33,6 @@
Requires: nx
Requires: xauth
Requires: xrdb
-Requires: xorg-x11-fonts-misc
Requires(pre): shadow-utils
Requires(post): %__install

=======================================
--- /trunk/neatx/lib/agent.py Sun Aug 30 06:21:14 2009
+++ /trunk/neatx/lib/agent.py Fri Dec 11 11:26:09 2009
@@ -491,7 +491,7 @@
formatted = ",".join(["%s=%s" % (name, value)
for name, value in opts.iteritems()])

- return "nx/nx,%s:%s\n" % (formatted, sess.display)
+ return "nx/nx,%s:%d\n" % (formatted, sess.display)

def _GetDisplayWithOptions(self):
"""Returns the value for the DISPLAY variable for nxagent.
@@ -499,7 +499,9 @@
"""
sess = self._ctx.session

- return "nx/nx,options=%s:%s" % (sess.optionsfile, sess.display)
+ self.__CheckStrChars(sess.optionsfile, "Session options file")
+
+ return "nx/nx,options=%s:%d" % (sess.optionsfile, sess.display)

def _GetOptions(self):
"""Returns session options for nxagent.
@@ -592,7 +594,7 @@
# nxagent port).
"-nolisten", "tcp",

- ":%s" % sess.display,
+ ":%d" % sess.display,
]

if sess.type == constants.SESS_TYPE_SHADOW:
@@ -615,6 +617,7 @@
"""
sess = self._ctx.session
filename = sess.optionsfile
+ self.__CheckOptsChars(opts)
formatted = self._FormatNxAgentOptions(opts)

logging.debug("Writing session options %r to %s", formatted, filename)
@@ -622,3 +625,30 @@

def __EmitDisplayReady(self):
self.emit(self.DISPLAY_READY_SIGNAL)
+
+ def __CheckOptsChars(self, opts):
+ """Checks to make sure option name/values don't contain illegal
characters.
+
+ @type opts: dict
+ @param opts: Options
+
+ """
+
+ for name, value in opts.iteritems():
+ self.__CheckStrChars(name, "Name of option %r" % name)
+ self.__CheckStrChars(value, "Value of option %r (%r)" % (name,
value))
+
+ def __CheckStrChars(self, s, description):
+ """Checks to make sure string don't contain illegal characters.
+
+ @type s: string
+ @param s: text to test
+ @type description: string
+ @param description: description of text
+
+ """
+ illegal_chars = [","]
+ for c in illegal_chars:
+ if c in s:
+ raise errors.IllegalCharacterError("%s contains illegal
character %r" %
+ (description, c))
=======================================
--- /trunk/neatx/lib/app/nxserver_login.py Sun Dec 6 04:30:04 2009
+++ /trunk/neatx/lib/app/nxserver_login.py Fri Dec 11 11:26:09 2009
@@ -148,10 +148,7 @@

# Not writing username. If user specified a username starting
with "NX>",
# the client could interpret it as a response.
- if username.startswith('NX>'):
- server.WriteLine("")
- else:
- server.WriteLine(username)
+ server.WriteLine("")

# Read password without echo on interactive terminals
def _RequestPassword():
@@ -160,16 +157,15 @@
return server.ReadLine(hide=True)

password = server.WithoutTerminalEcho(_RequestPassword)
-
- # Not writing real password for security reasons.
- server.WriteLine(NX_DUMMY_PASSWORD)
-
if not password:
server.Write(500, ("Password cannot be in MD5 when not using the NX "
"password DB."))
server.Write(500, "Please update your NX Client")
raise protocol.NxQuitServer()

+ # Not writing real password for security reasons.
+ server.WriteLine(NX_DUMMY_PASSWORD)
+
self._TryLogin(username, password)

def _Set(self, args):
=======================================
--- /trunk/neatx/lib/config.py Mon Aug 10 06:19:38 2009
+++ /trunk/neatx/lib/config.py Fri Dec 11 11:26:09 2009
@@ -92,7 +92,7 @@

"""
if _hostname is None:
- _hostname = socket.gethostname()
+ _hostname = utils.GetHostname()

cfg = _ReadConfig(filename)

=======================================
--- /trunk/neatx/lib/errors.py Fri Jun 12 03:18:41 2009
+++ /trunk/neatx/lib/errors.py Fri Dec 11 11:26:09 2009
@@ -79,6 +79,11 @@
class SessionParameterError(GenericError):
"""Session parameter error.

+ """
+
+class IllegalCharacterError(GenericError):
+ """String contains illegal character (e.g. a comma in session options).
+
"""


=======================================
--- /trunk/neatx/lib/node.py Mon Jul 27 02:27:11 2009
+++ /trunk/neatx/lib/node.py Fri Dec 11 11:26:09 2009
@@ -61,10 +61,6 @@
PROTO_SEPARATOR = "\0"


-def GetHostname():
- return socket.getfqdn()
-
-
def _GetUserShell(username):
return pwd.getpwnam(username).pw_shell

@@ -116,7 +112,7 @@
def __init__(self, ctx, clientargs, _env=None):
self._ctx = ctx

- hostname = GetHostname()
+ hostname = utils.GetHostname()
display = FindUnusedDisplay()

session.SessionBase.__init__(self, ctx.sessid, hostname, display,
=======================================
--- /trunk/neatx/lib/session.py Fri Nov 13 02:46:55 2009
+++ /trunk/neatx/lib/session.py Fri Dec 11 11:26:09 2009
@@ -49,7 +49,7 @@

"""
if _data is None:
- _data = random.SystemRandom().getrandbits(1024)
+ _data = random.getrandbits(1024)
return md5.md5(str(_data)).hexdigest().upper()


=======================================
--- /trunk/neatx/lib/utils.py Fri Jun 12 03:18:41 2009
+++ /trunk/neatx/lib/utils.py Fri Dec 11 11:26:09 2009
@@ -32,6 +32,7 @@
import resource
import re
import signal
+import socket
import sys
import syslog
import tempfile
@@ -877,3 +878,10 @@

"""
return pwd.getpwuid(os.getuid())[0]
+
+def GetHostname():
+ """Returns hostname, minus illegal characters.
+
+ """
+ host = socket.getfqdn()
+ return host.replace(",", "")
Reply all
Reply to author
Forward
0 new messages