# HG changeset patch
# User emellor@xxxxxxxxxxxxxxxxxxxxxx
# Node ID faa1eb1621b9ea15969fb2b56b83e2366c48e8c5
# Parent 83a882b3d8072616f4169d6b0c858e29bb27ed87
Simplify the interface into httpserver and UnixHttpServer -- the root and
interface parameters are always used, so there's no need for them to be named
parameters with defaults.
Remove unused httpserver.getRoot and getPort, and simplify the main request
loop. This means that socket errors do not have to be squelched.
Coalesce the two identical bind methods, one in UnixHttpServer, one in
UnixListener. Fix this bind method to set the permissions on the socket
explicitly. This closes a security hole, and fixes the intermittent failure
of xm-test/06_list_nonroot.test.
Signed-off-by: Ewan Mellor <ewan@xxxxxxxxxxxxx>
diff -r 83a882b3d807 -r faa1eb1621b9 tools/python/xen/web/httpserver.py
--- a/tools/python/xen/web/httpserver.py Fri Mar 10 10:38:15 2006
+++ b/tools/python/xen/web/httpserver.py Fri Mar 10 10:44:03 2006
@@ -13,7 +13,9 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#============================================================================
# Copyright (C) 2005 Mike Wray <mike.wray@xxxxxx>
+# Copyright (C) 2006 XenSource Ltd.
#============================================================================
+
import threading
import string
@@ -28,6 +30,7 @@
from xen.xend.XendError import XendError
import http
+import unix
from resource import Resource, ErrorPage
from SrvDir import SrvDir
@@ -267,30 +270,27 @@
closed = False
- def __init__(self, interface='', port=8080, root=None):
- if root is None:
- root = SrvDir()
+ def __init__(self, root, interface, port=8080):
+ self.root = root
self.interface = interface
self.port = port
- self.root = root
# ready indicates when we are ready to begin accept connections
# it should be set after a successful bind
self.ready = False
-
- def getRoot(self):
- return self.root
-
- def getPort(self):
- return self.port
def run(self):
self.bind()
self.listen()
self.ready = True
- self.requestLoop()
+
+ while not self.closed:
+ (sock, addr) = self.accept()
+ self.processRequest(sock, addr)
+
def stop(self):
self.close()
+
def bind(self):
self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
@@ -303,23 +303,12 @@
def accept(self):
return self.socket.accept()
- def requestLoop(self):
- while not self.closed:
- self.acceptRequest()
-
def close(self):
self.closed = True
try:
self.socket.close()
except:
pass
-
- def acceptRequest(self):
- try:
- (sock, addr) = self.accept()
- self.processRequest(sock, addr)
- except socket.error:
- return
def processRequest(self, sock, addr):
try:
@@ -340,23 +329,12 @@
def getResource(self, req):
return self.root.getRequestResource(req)
+
class UnixHttpServer(HttpServer):
- def __init__(self, path=None, root=None):
- HttpServer.__init__(self, interface='localhost', root=root)
+ def __init__(self, root, path):
+ HttpServer.__init__(self, root, 'localhost')
self.path = path
def bind(self):
- pathdir = os.path.dirname(self.path)
- if not os.path.exists(pathdir):
- os.makedirs(pathdir)
- else:
- try:
- os.unlink(self.path)
- except SystemExit:
- raise
- except Exception, ex:
- pass
- self.socket = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
- #self.socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
- self.socket.bind(self.path)
+ self.socket = unix.bind(self.path)
diff -r 83a882b3d807 -r faa1eb1621b9 tools/python/xen/web/unix.py
--- a/tools/python/xen/web/unix.py Fri Mar 10 10:38:15 2006
+++ b/tools/python/xen/web/unix.py Fri Mar 10 10:44:03 2006
@@ -13,15 +13,34 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#============================================================================
# Copyright (C) 2005 Mike Wray <mike.wray@xxxxxx>
-# Copyright (C) 2005 XenSource Ltd.
+# Copyright (C) 2005-2006 XenSource Ltd.
#============================================================================
-import socket
import os
import os.path
+import socket
+import stat
import connection
+
+
+def bind(path):
+ """Create a Unix socket, and bind it to the given path. The socket is
+created such that only the current user may access it."""
+
+ parent = os.path.dirname(path)
+ if os.path.exists(parent):
+ os.chown(parent, os.geteuid(), os.getegid())
+ os.chmod(parent, stat.S_IRWXU)
+ if os.path.exists(path):
+ os.unlink(path)
+ else:
+ os.makedirs(parent, stat.S_IRWXU)
+
+ sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
+ sock.bind(self.path)
+ return sock
class UnixListener(connection.SocketListener):
@@ -31,19 +50,7 @@
def createSocket(self):
- pathdir = os.path.dirname(self.path)
- if not os.path.exists(pathdir):
- os.makedirs(pathdir)
- else:
- try:
- os.unlink(self.path)
- except SystemExit:
- raise
- except Exception, ex:
- pass
- sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
- sock.bind(self.path)
- return sock
+ return bind(self.path)
def acceptConnection(self, sock, _):
diff -r 83a882b3d807 -r faa1eb1621b9 tools/python/xen/xend/server/SrvServer.py
--- a/tools/python/xen/xend/server/SrvServer.py Fri Mar 10 10:38:15 2006
+++ b/tools/python/xen/xend/server/SrvServer.py Fri Mar 10 10:44:03 2006
@@ -13,6 +13,7 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#============================================================================
# Copyright (C) 2004, 2005 Mike Wray <mike.wray@xxxxxx>
+# Copyright (C) 2006 XenSource Ltd.
#============================================================================
"""Example xend HTTP
@@ -106,11 +107,11 @@
root.putChild('xend', SrvRoot())
servers = XendServers()
if xroot.get_xend_http_server():
- port = xroot.get_xend_port()
- interface = xroot.get_xend_address()
- servers.add(HttpServer(root=root, interface=interface, port=port))
+ servers.add(HttpServer(root,
+ xroot.get_xend_address(),
+ xroot.get_xend_port()))
if xroot.get_xend_unix_server():
path = xroot.get_xend_unix_path()
log.info('unix path=' + path)
- servers.add(UnixHttpServer(path=path, root=root))
+ servers.add(UnixHttpServer(root, path))
return servers
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|