bug hunting: PAM SMB
more bug hunting via
google codesearch.
this one is in
PAM_SMB.
it doesn't appear to be a security bug.
not that pam_smb is now deprecated. thanks for Andrea at ocert for helping
*finally* get me in touch with the pam_smb guys.
--- pam_smb_auth.c.orig 2006-10-05 14:33:14.000000000 -0400
+++ pam_smb_auth.c 2006-10-05 14:33:21.000000000 -0400
@@ -228,7 +228,7 @@
error code for non-existant users -- alex */
if ( ( !pw->pw_passwd ) && ( !p ) )
- if ( flags && PAM_DISALLOW_NULL_AUTHTOK )
+ if ( flags & PAM_DISALLOW_NULL_AUTHTOK )
return PAM_SUCCESS;
pp = crypt(p, salt);
[link] Tuesday, Apr 15, 2008 @ 10:36am
|
sandy and ICS
"sandy" is a free personal inbox assistant. the goal of sandy is to bridge
human readable emails to reminders. it's built on the
stikkit backend.
some cool stuff, i have been using it for a bit. i recently saw that
sandy
should be able to take an ICS request and handle it, but it's always failed
for me. so i solved the problem with a workaround, a python script that gets
fed by procmail and feeds sandy.
#!/usr/bin/python
# icsparse 2008 jose nazario
import email, getopt, os, smtplib, sys, time
# edit this for your sandy setup
# if you don't have one, see http://iwantsandy.com/
SANDYADDR = 'FOOBAR@ME.iwantsandy.com'
FROM = 'ME@arbor.net'
def notify_sandy(meeting):
s = smtplib.SMTP('localhost')
msg = """Subject: reminder
To: %s
From: %s
%s
""" % (SANDYADDR, FROM, meeting)
s.sendmail(FROM, (SANDYADDR, FROM,), msg)
del(s)
class Event(object):
def __init__(self, request):
self.start=False
self.end=False
self.about=False
self.location=False
self.tags = ['@office', ]
self.parse(request)
def __repr__(self):
if self.location: location = 'location: %s' % self.location
else: location = ''
return 'remind me that %s on %s until %s %s %s' % \
(self.about, time.strftime('%D at %R', self.start),
time.strftime('%D at %R', self.end), location,
' '.join(self.tags))
def valueOf(self, line):
return line.split(':', 1)[-1]
def parse(self, request):
# remove \r for windows ...
lines = [ x.strip() for x in request.split('\n') ]
if 'BEGIN:VEVENT' not in lines: return
inevent = False
for line in lines:
if line.startswith('SUMMARY:'):
line = line.strip().replace('\\N', '')
about = line.split(':', 1)
if len(about) != 2: self.about = ''
else: self.about = about[1]
if line == 'BEGIN:VEVENT':
inevent = True
continue
if line == 'END:VEVENT':
inevent = False
continue
if not inevent: continue
if line.startswith('DTSTART'):
self.start = time.strptime(self.valueOf(line), '%Y%m%dT%H%M%S')
if line.startswith('DTEND'):
self.end = time.strptime(self.valueOf(line), '%Y%m%dT%H%M%S')
if line.startswith('LOCATION'):
self.location = self.valueOf(line)
if line.startswith('RRULE:FREQ='):
for field in line.replace('RRULE:', '').split(';'):
if field.startswith('FREQ='):
f = field.split('=')[1].lower()
self.tags.append('@%s' % f)
def usage(usagestr):
print usagestr
sys.exit(1)
def main():
usagestr = """icsparse
parses ICS events into Sandy reminder
reads an RFC822 mbox message via stdin and adds them to your Sandy reminder"""
try: opts, args = getopt.getopt(sys.argv[1:], 'h')
except: usage(usagestr)
for o, a in opts:
if o == '-h': usage(usagestr)
try:
msgfile = args[1]
fp = open(msgfile)
except IndexError: fp = sys.stdin
msg = email.message_from_file(fp)
fp.close()
for part in msg.walk():
if part.get_content_maintype() == 'multipart': continue
if 'Content-Type' not in part.keys(): continue
found = False
# look for common meeting markers:
# - meeting.ics as an attachment name
# - Content-Type:text/calendar
for calpart in ('name="meeting.ics"', 'text/calendar',):
if calpart in part['Content-Type']: found = True
if not found: continue
payload = part.get_payload(decode=True)
event = Event(payload)
if not event.about: pass
else:
# print event
notify_sandy(str(event))
if __name__ == '__main__':
main()
and this is how i feed it via procmail on my inbox:
:0
* BEGIN:VCALENDAR|Content-Class: *urn:content-classes:calendarmessage|Content-Type: *text/calendar|name="meeting.ics"
:0 c
|/home/jose/icsparse.py
voila, my problem is solved.
[link] Thursday, Mar 06, 2008 @ 01:34pm
|
ISD updated
today is president's day, so i took some time and, with dominic in my
lap for much of it, rewrote the backend to
infosec daily. it had
been a while, the code i wrote before was very inefficient and long in
the tooth. the rewrite was overdue.
i've kept the same output for now, but the backend now runs more
reliably. i accomplished this using less code, some of which came
from
DuckyLib
for the RSS processing. fixed a couple of bugs there, too.
all in all about 4h worth of work to do the rewrite.
[link] Monday, Feb 18, 2008 @ 07:10pm
|
links (4 feb 08)
today is beth's birthday.
some links:
now that i'm a dad i'll probably start blogging more about children's toys and stuff.
wanted: a way to get my os x laptop to show me a wrist yoga/stretching video every hour in leui of the
AntiRSI black square.
[link] Monday, Feb 04, 2008 @ 03:52pm
|
dominic ramon, sunday jan 27, 2008
last week, beth and i welcomed our first son, dominic ramon. mother and
baby are well! expect many more pictures in the days and years to come
in my flickr photostream.
[link] Sunday, Feb 03, 2008 @ 04:56pm
|
google charts, python
|Normal%20(1526)|Low%20(6713))
i'm not usually one to fawn over google stuff, but the chart API was
useful to me. i rolled it into some code that i wrote, and using that i
generated the above pie graph. i did the whole thing in python, and
so i translated the "simpleEncode()" routine into python.
def simpleEncode(values,maxValue):
# values is a python list of numbers
# based on simpleEncode(values,maxValue) from
# http://code.google.com/apis/chart/
simpleEncoding = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'
chartData = ['s:']
for i in values:
if str(i).isdigit() and i >= 0:
chartData.append(simpleEncoding[(len(simpleEncoding)-1) * i/maxValue ])
else:
chartData.append('_')
return ''.join(chartData)
note that the
if str(i).isdigit() bit isn't needed you pass in
a list of numbers, and in JScript you have typing done less strictly, hence
the need to ensure it's a number. this should work for any of the
chart types - bar, pie, line, etc ... just change the other URL parameters.
i would also probably cut back on the long variable names.
the chart above is of a queue counts by priority.
see
http://code.google.com/apis/chart/.
[link] Sunday, Dec 09, 2007 @ 09:00am
|
ducks, berries
we went to the farmer's market this morning to get some fresh produce. i'm
planning on making beth omething like the
Heirloom Tomato Tart with Nicoise Olive Tapenade, Mixed Field Greens, and Basil Vinaigrette.
[link] Saturday, Aug 11, 2007 @ 07:48pm
|
day in madison
flew to madison for
lockdown
2007, which was fun. travel was a pain with the weather and airline
delays. i didn't get to see any of madison, really; i did get to see a lot of
ORD.
[link] Friday, Aug 10, 2007 @ 02:06pm
|
