Recent Blog Posts
here you'll find my blog, projects, pictures, my wiki, and much more. what you wont find is a strong set of design skills.
more bug hunting via google codesearch. this one is in PAM_SMB. it doesn't appear to be a security bug.
not that pam_smb is now deprecated. thanks for Andrea at ocert for helping *finally* get me in touch with the pam_smb guys.
--- pam_smb_auth.c.orig 2006-10-05 14:33:14.000000000 -0400
+++ pam_smb_auth.c 2006-10-05 14:33:21.000000000 -0400
@@ -228,7 +228,7 @@
error code for non-existant users -- alex */ if ( ( !pw->pw_passwd ) && ( !p ) )
- if ( flags && PAM_DISALLOW_NULL_AUTHTOK )
+ if ( flags & PAM_DISALLOW_NULL_AUTHTOK )
return PAM_SUCCESS;
pp = crypt(p, salt);
[link] Tuesday, Apr 15, 2008 @ 10:36am
"sandy" is a free personal inbox assistant. the goal of sandy is to bridge human readable emails to reminders. it's built on the stikkit backend.
some cool stuff, i have been using it for a bit. i recently saw that sandy should be able to take an ICS request and handle it, but it's always failed for me. so i solved the problem with a workaround, a python script that gets fed by procmail and feeds sandy.
#!/usr/bin/python# icsparse 2008 jose nazario
import email, getopt, os, smtplib, sys, time
# edit this for your sandy setup # if you don't have one, see http://iwantsandy.com/ SANDYADDR = 'FOOBAR@ME.iwantsandy.com' FROM = 'ME@arbor.net'
def notify_sandy(meeting): s = smtplib.SMTP('localhost') msg = """Subject: reminder To: %s From: %s
%s """ % (SANDYADDR, FROM, meeting) s.sendmail(FROM, (SANDYADDR, FROM,), msg) del(s)
class Event(object): def __init__(self, request): self.start=False self.end=False self.about=False self.location=False self.tags = ['@office', ] self.parse(request)
def __repr__(self): if self.location: location = 'location: %s' % self.location else: location = '' return 'remind me that %s on %s until %s %s %s' % \ (self.about, time.strftime('%D at %R', self.start), time.strftime('%D at %R', self.end), location, ' '.join(self.tags))
def valueOf(self, line): return line.split(':', 1)[-1]
def parse(self, request): # remove \r for windows ... lines = [ x.strip() for x in request.split('\n') ] if 'BEGIN:VEVENT' not in lines: return inevent = False for line in lines: if line.startswith('SUMMARY:'): line = line.strip().replace('\\N', '') about = line.split(':', 1) if len(about) != 2: self.about = '' else: self.about = about[1] if line == 'BEGIN:VEVENT': inevent = True continue if line == 'END:VEVENT': inevent = False continue if not inevent: continue if line.startswith('DTSTART'): self.start = time.strptime(self.valueOf(line), '%Y%m%dT%H%M%S') if line.startswith('DTEND'): self.end = time.strptime(self.valueOf(line), '%Y%m%dT%H%M%S') if line.startswith('LOCATION'): self.location = self.valueOf(line) if line.startswith('RRULE:FREQ='): for field in line.replace('RRULE:', '').split(';'): if field.startswith('FREQ='): f = field.split('=')[1].lower() self.tags.append('@%s' % f)
def usage(usagestr): print usagestr sys.exit(1)
def main(): usagestr = """icsparse parses ICS events into Sandy reminder
reads an RFC822 mbox message via stdin and adds them to your Sandy reminder"""
try: opts, args = getopt.getopt(sys.argv[1:], 'h') except: usage(usagestr)
for o, a in opts: if o == '-h': usage(usagestr)
try: msgfile = args[1] fp = open(msgfile) except IndexError: fp = sys.stdin msg = email.message_from_file(fp) fp.close()
for part in msg.walk(): if part.get_content_maintype() == 'multipart': continue if 'Content-Type' not in part.keys(): continue found = False # look for common meeting markers: # - meeting.ics as an attachment name # - Content-Type:text/calendar for calpart in ('name="meeting.ics"', 'text/calendar',): if calpart in part['Content-Type']: found = True if not found: continue payload = part.get_payload(decode=True) event = Event(payload) if not event.about: pass else: # print event notify_sandy(str(event))
if __name__ == '__main__': main()
and this is how i feed it via procmail on my inbox:
:0 * BEGIN:VCALENDAR|Content-Class: *urn:content-classes:calendarmessage|Content-Type: *text/calendar|name="meeting.ics":0 c |/home/jose/icsparse.py
voila, my problem is solved.
[link] Thursday, Mar 06, 2008 @ 01:34pm
today is president's day, so i took some time and, with dominic in my lap for much of it, rewrote the backend to infosec daily. it had been a while, the code i wrote before was very inefficient and long in the tooth. the rewrite was overdue.
i've kept the same output for now, but the backend now runs more reliably. i accomplished this using less code, some of which came from DuckyLib for the RSS processing. fixed a couple of bugs there, too.
all in all about 4h worth of work to do the rewrite.
[link] Monday, Feb 18, 2008 @ 07:10pm
wiki:crisp_lemon_cookies on Thursday, Jul 24, 2008 @ 07:48pm
wiki:recipes on Thursday, Jul 24, 2008 @ 07:45pm
wiki:apple_coffee_cake on Saturday, May 10, 2008 @ 11:40am
wiki:recipes on Saturday, May 10, 2008 @ 11:39am
blog:blogpages on Monday, Apr 21, 2008 @ 09:26am
start on Monday, Apr 21, 2008 @ 09:25am
blog:blogpages on Saturday, Apr 19, 2008 @ 04:03pm
start on Saturday, Apr 19, 2008 @ 04:00pm
phishingcorpus on Monday, Mar 24, 2008 @ 10:19am
wiki:rssaggregation on Friday, Mar 14, 2008 @ 06:12pm
