From bc854129eebb72fab47c9938b0a2f0995f25b91a Mon Sep 17 00:00:00 2001 From: Rob Date: Wed, 15 Jul 2009 21:00:06 +0200 Subject: [PATCH] Added --Status-value=MODE for selecting mode values to print --- signduterre.py | 31 +++++++++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/signduterre.py b/signduterre.py index 2818c52..9f3cf42 100755 --- a/signduterre.py +++ b/signduterre.py @@ -29,6 +29,9 @@ Options: -S, --Status For each file, add a line with unvarying file status information: st_mode, st_ino, st_dev, st_uid, st_gid, and st_size (like the '?' prefix, default False) + --Status-values=MODE Status values to print for --Status, default MODE is + 'fmidlugs' (file, mode, inode, device, links, uid, + gid, size) -t, --total-only Only print the total hash, must be checked BEFORE running --detail (default True) -d, --detailed-view Print hashes of individual files, must be checked @@ -111,7 +114,7 @@ Signature-du-Terroir works on the assumption that any attacker in control of a c predict whether the passphrase entered is correct or not. An attacker can always intercept the in- and output of signduterre. When running a --check-file, this means the program can be made to print out OK irrespective of the tests. A safe use of signduterre.py is to start with a random number of incorrect passphrases and see whether they fail. -Repeat: + THE CORRECT USE OF signduterre.py IS TO ENTER A RANDOM NUMBER OF INCORRECT PASSPHRASES FOR EACH TEST AND SEE WHETHER IT FAILS EVERY TIME! @@ -325,6 +328,9 @@ parser.add_option("-u", "--user", parser.add_option("-S", "--Status", dest="status", default=False, action="store_true", help="For each file, add a line with unvarying file status information: st_mode, st_ino, st_dev, st_uid, st_gid, and st_size (like the '?' prefix, default False)") +parser.add_option("--Status-values", + dest="statusvalues", default="fmidlugs", metavar="MODE", + help="Status values to print for --Status, default MODE is 'fmidlugs' (file, mode, inode, device, links, uid, gid, size)") parser.add_option("-t", "--total-only", dest="total", default=False, action="store_true", help="Only print the total hash, must be checked BEFORE running --detail (default True)") @@ -372,6 +378,7 @@ my_salt = options.salt; my_passphrase = options.passphrase; my_check = options.check; my_status = options.status; +my_statusvalues = options.statusvalues; my_verbose = options.verbose and not options.quiet; my_quiet = options.quiet; execute = options.execute; @@ -622,7 +629,27 @@ for my_passphrase in passphrase_list: print(filename, "does not exist", file=sys.stderr) quit(); filestat = os.stat(filename.lstrip('?')); - b = 'stat('+filename.lstrip('?')+') = [st_mode='+str(oct(filestat.st_mode))+', st_ino='+str(filestat.st_ino)+', st_dev='+str(filestat.st_dev)+', st_nlink='+str(filestat.st_nlink)+', st_uid='+str(filestat.st_uid)+', st_gid='+str(filestat.st_gid)+', st_size='+str(filestat.st_size)+']'; + if my_statusvalues == "": my_statusvalues = 'fmidlugs' + b = ""; + if 'f' in my_statusvalues: + b += 'stat('+filename.lstrip('?')+') = ' + b += '['; + if 'm' in my_statusvalues: + b += 'st_mode='+str(oct(filestat.st_mode))+', '; + if 'i' in my_statusvalues: + b += 'st_ino='+str(filestat.st_ino)+', '; + if 'd' in my_statusvalues: + b += 'st_dev='+str(filestat.st_dev)+', ' + if 'l' in my_statusvalues: + b += 'st_nlink='+str(filestat.st_nlink)+', ' + if 'u' in my_statusvalues: + b += 'st_uid='+str(filestat.st_uid)+', ' + if 'g' in my_statusvalues: + b += 'st_gid='+str(filestat.st_gid)+', ' + if 's' in my_statusvalues: + b += 'st_size='+str(filestat.st_size); + b = b.rstrip(', ') + ']'; + print(b, file=sys.stderr); filehash.update(bytes(b, encoding='utf8')); if my_verbose: print ("# "+ b); -- 2.11.4.GIT