libsecure.patch
libsecure-good.py 2017-05-22 11:56:44.747373468 +0200 | ||
---|---|---|
4 | 4 |
from OpenSSL import crypto |
5 | 5 |
from os.path import join, dirname |
6 | 6 |
from ead2.config.config import cert_file, key_file |
7 | ||
7 |
from os import seteuid, setegid, getuid, getgid |
|
8 |
from ead2.backend.config.config import NOBODY_UID, NOBODY_GID |
|
8 | 9 | |
9 | 10 |
# transport sécurisé utilisant un certificat |
10 | 11 |
class TransportEole(xmlrpclib.SafeTransport): |
... | ... | |
26 | 27 |
cert_file = cert_file) |
27 | 28 |
return cx |
28 | 29 | |
30 |
def _gain_privileges(uid, gid): |
|
31 |
""" |
|
32 |
on donne les privileges uid, gid |
|
33 |
""" |
|
34 |
seteuid(uid) |
|
35 |
setegid(gid) |
|
36 | ||
37 |
def _drop_privileges(): |
|
38 |
""" |
|
39 |
drop de privileges vers nobody/nobody passage en root |
|
40 |
""" |
|
41 |
setegid(NOBODY_UID) |
|
42 |
seteuid(NOBODY_GID) |
|
29 | 43 | |
30 | 44 |
################################################# |
31 | 45 |
## Factory permettant de créer un contexte SSL ## |
... | ... | |
36 | 50 |
""" |
37 | 51 |
load the key and cert files in a PKey Object |
38 | 52 |
""" |
53 |
_gain_privileges(0,0) |
|
39 | 54 |
self.cert = crypto.load_certificate(crypto.FILETYPE_PEM, open(cert_file).read()) |
40 | 55 |
self.key = crypto.load_privatekey(crypto.FILETYPE_PEM, open(key_file).read()) |
56 |
_drop_privileges() |
|
41 | 57 | |
42 | 58 |
def getContext(self): |
43 | 59 |
""" |