diff options
| -rw-r--r-- | changes/bug_set-standalone-flags-for-baseconfig | 1 | ||||
| -rw-r--r-- | changes/feature_restrict-certificates-permissions | 1 | ||||
| -rw-r--r-- | src/leap/bitmask/backend/utils.py | 3 | ||||
| -rw-r--r-- | src/leap/bitmask/config/providerconfig.py | 2 | ||||
| -rw-r--r-- | src/leap/bitmask/services/eip/eipconfig.py | 2 |
5 files changed, 9 insertions, 0 deletions
diff --git a/changes/bug_set-standalone-flags-for-baseconfig b/changes/bug_set-standalone-flags-for-baseconfig new file mode 100644 index 00000000..bf84d3e8 --- /dev/null +++ b/changes/bug_set-standalone-flags-for-baseconfig @@ -0,0 +1 @@ +- Set the standalone value for BaseConfig according to the global flags. diff --git a/changes/feature_restrict-certificates-permissions b/changes/feature_restrict-certificates-permissions new file mode 100644 index 00000000..6bd6c015 --- /dev/null +++ b/changes/feature_restrict-certificates-permissions @@ -0,0 +1 @@ +- Restrict access to the zmq certificates folder. diff --git a/src/leap/bitmask/backend/utils.py b/src/leap/bitmask/backend/utils.py index 54a16fd7..65bf6753 100644 --- a/src/leap/bitmask/backend/utils.py +++ b/src/leap/bitmask/backend/utils.py @@ -19,6 +19,7 @@ Backend utilities to handle ZMQ certificates. """ import os import shutil +import stat import zmq.auth @@ -36,6 +37,8 @@ def generate_certificates(): if os.path.exists(KEYS_DIR): shutil.rmtree(KEYS_DIR) mkdir_p(KEYS_DIR) + # set permissions to: 0700 (U:rwx G:--- O:---) + os.chmod(KEYS_DIR, stat.S_IRUSR | stat.S_IWUSR | stat.S_IXUSR) # create new keys in certificates dir # public_file, secret_file = create_certificates(...) diff --git a/src/leap/bitmask/config/providerconfig.py b/src/leap/bitmask/config/providerconfig.py index 7b979e61..57bc3a98 100644 --- a/src/leap/bitmask/config/providerconfig.py +++ b/src/leap/bitmask/config/providerconfig.py @@ -22,6 +22,7 @@ import logging import os from leap.bitmask import provider +from leap.bitmask.config import flags from leap.bitmask.config.provider_spec import leap_provider_spec from leap.bitmask.services import get_service_display_name from leap.bitmask.util import get_path_prefix @@ -43,6 +44,7 @@ class ProviderConfig(BaseConfig): Provider configuration abstraction class """ def __init__(self): + self.standalone = flags.STANDALONE BaseConfig.__init__(self) def get_light_config(self, domain, lang=None): diff --git a/src/leap/bitmask/services/eip/eipconfig.py b/src/leap/bitmask/services/eip/eipconfig.py index e7419b22..37c0c8ae 100644 --- a/src/leap/bitmask/services/eip/eipconfig.py +++ b/src/leap/bitmask/services/eip/eipconfig.py @@ -24,6 +24,7 @@ import time import ipaddr +from leap.bitmask.config import flags from leap.bitmask.config.providerconfig import ProviderConfig from leap.bitmask.services import ServiceConfig from leap.bitmask.services.eip.eipspec import get_schema @@ -220,6 +221,7 @@ class EIPConfig(ServiceConfig): OPENVPN_CIPHERS_REGEX = re.compile("[A-Z0-9\-]+") def __init__(self): + self.standalone = flags.STANDALONE ServiceConfig.__init__(self) self._api_version = None |