[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [RFC][PATCH] Secure XML-RPC for Xend
On Thu, Jun 08, 2006 at 09:13:17PM -0500, Anthony Liguori wrote: > Add support secure XML-RPC. This is done by multiplexing multiple SSH > sessions over a single session (to avoid multiple password entries). Here are > the changes: I like the general idea, comments inline. > > 1) Add support to xmlrpclib2.ServerProxy for ssh:// protocol > 2) Add an xm serve command which proxies XML-RPC over stdio > 3) Make xm look at the XM_SERVER variable to determine which XML-RPC protocol > to use > > There are some issues that need to be addressed before inclusion. Namely: > > 1) Python moans about tempnam(). I don't think there's a better solution > though. I don't like the dependency on directly calling ssh multiplexing, as it requires a relatively modern OpenSSH (>3.9) and the above race condition is introduced. A newer feature in OpenSSH is to let the ControlPath consist of "%h,%p,%r" wildcards which fill in the host/user/port being connected to in a socket pathname, which solves that particular race. Why not just do the SSH every time, and let the user either set up connection multiplexing or ssh agent in their local environment instead? That way it will work for old OpenSSH versions and you don't have to deal with all the quirks. > 2) A command *must* be executed to cleanup the ssh session on exit. I > currently use __del__() which doesn't seem to make Python happy in certain > cases. > 3) I have done basic testing but not regression testing with xm-test > > diff -r 4f1e39ec05d6 -r 4de241a7e91a tools/python/xen/util/xmlrpclib2.py ... > + def runcmd(self, cmd, data=None): > + """Runs a command using an existing SSH connection. > + > + This function will run the passed in command on a remote > + machine and either return the output or raise an OSError > + if the command exits with a non-zero status (or some > + other failure occurs).""" > + > + cmdline = self.getcmd(cmd) > + if data: > + f = open("/tmp/stuff.txt", "w") > + f.write(data) > + f.close() > + cmdline = "cat /tmp/stuff.txt | %s" % cmdline Ouch, this bit definitely needs to be fixed at least :) -- Anil Madhavapeddy http://anil.recoil.org University of Cambridge http://www.cl.cam.ac.uk _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |