iro.hg: iro/xmlrpc/SecureXMLRPCServer.py@7dce6c0f06fb (annotated)

0 a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	1	"""
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	2	SecureXMLRPCServer module using pyOpenSSL 0.5
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	3	Written 0907.2002
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	4	by Michal Wallace
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	5	http://www.sabren.net/
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	6
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	7	This acts exactly like SimpleXMLRPCServer
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	8	from the standard python library, but
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	9	uses secure connections. The technique
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	10	and classes should work for any SocketServer
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	11	style server. However, the code has not
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	12	been extensively tested.
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	13
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	14	This code is in the public domain.
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	15	It is provided AS-IS WITH NO WARRANTY WHATSOEVER.
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	16	"""
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	17	import SocketServer
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	18	import os, socket
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	19	import SimpleXMLRPCServer
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	20	from OpenSSL import SSL
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	21
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	22	class SSLWrapper:
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	23	"""
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	24	This whole class exists just to filter out a parameter
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	25	passed in to the shutdown() method in SimpleXMLRPC.doPOST()
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	26	"""
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	27	def __init__(self, conn):
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	28	"""
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	29	Connection is not yet a new-style class,
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	30	so I'm making a proxy instead of subclassing.
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	31	"""
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	32	self.__dict__["conn"] = conn
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	33	def __getattr__(self,name):
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	34	return getattr(self.__dict__["conn"], name)
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	35	def __setattr__(self,name, value):
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	36	setattr(self.__dict__["conn"], name, value)
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	37	def shutdown(self, how=1):
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	38	"""
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	39	SimpleXMLRpcServer.doPOST calls shutdown(1),
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	40	and Connection.shutdown() doesn't take
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	41	an argument. So we just discard the argument.
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	42	"""
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	43	self.__dict__["conn"].shutdown()
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	44	def accept(self):
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	45	"""
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	46	This is the other part of the shutdown() workaround.
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	47	Since servers create new sockets, we have to infect
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	48	them with our magic. :)
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	49	"""
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	50	c, a = self.__dict__["conn"].accept()
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	51	return (SSLWrapper(c), a)
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	52
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	53
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	54
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	55	class SecureTCPServer(SocketServer.TCPServer):
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	56	"""
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	57	Just like TCPServer, but use a socket.
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	58	This really ought to let you specify the key and certificate files.
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	59	"""
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	60	def __init__(self, server_address, RequestHandlerClass,certificate,privatekey):
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	61	SocketServer.BaseServer.__init__(self, server_address, RequestHandlerClass)
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	62
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	63	## Same as normal, but make it secure:
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	64	ctx = SSL.Context(SSL.SSLv23_METHOD)
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	65	ctx.set_options(SSL.OP_NO_SSLv2)
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	66
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	67	ctx.use_privatekey_file (privatekey)
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	68	ctx.use_certificate_file(certificate)
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	69
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	70	self.socket = SSLWrapper(SSL.Connection(ctx, socket.socket(self.address_family,
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	71	self.socket_type)))
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	72	self.server_bind()
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	73	self.server_activate()
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	74
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	75
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	76	class SecureXMLRPCRequestHandler(SimpleXMLRPCServer.SimpleXMLRPCRequestHandler):
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	77	def setup(self):
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	78	"""
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	79	We need to use socket._fileobject Because SSL.Connection
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	80	doesn't have a 'dup'. Not exactly sure WHY this is, but
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	81	this is backed up by comments in socket.py and SSL/connection.c
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	82	"""
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	83	self.connection = self.request # for doPOST
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	84	self.rfile = socket._fileobject(self.request, "rb", self.rbufsize)
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	85	self.wfile = socket._fileobject(self.request, "wb", self.wbufsize)
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	86
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	87
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	88	class SecureXMLRPCServer(SimpleXMLRPCServer.SimpleXMLRPCServer, SecureTCPServer):
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	89	def __init__(self, addr,
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	90	requestHandler=SecureXMLRPCRequestHandler,
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	91	certificate="server.cert",privatekey="server.pem",
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	92	logRequests=1):
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	93	"""
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	94	This is the exact same code as SimpleXMLRPCServer.__init__
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	95	except it calls SecureTCPServer.__init__ instead of plain
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	96	old TCPServer.__init__
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	97	"""
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	98	self.funcs = {}
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	99	self.logRequests = logRequests
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	100	self.instance = None
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	101	SimpleXMLRPCServer.SimpleXMLRPCDispatcher.__init__(self,False,None)
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	102	SecureTCPServer.__init__(self, addr, requestHandler,certificate=certificate,privatekey=privatekey)
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	103
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	104
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	105	def test():
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	106	server = SecureXMLRPCServer.SecureXMLRPCServer(("localhost", 8000),requestHandler=SecureXMLRPCRequestHandler,certificate="./certs/test.cert.pem",privatekey="./certs/test.key.pem")
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	107	server.register_introspection_functions()
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	108	server.register_function(lambda x: x*x, 'square')
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	109	server.serve_forever()
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	110
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	111	if __name__ == '__main__':
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	112	test()
a3b6e531f0d2 [svn r93] creating iro package branch Sandro Knauß <knauss@netzguerilla.net> parents: diff changeset	113

author	Sandro Knauß <knauss@netzguerilla.net>
	Sun, 18 Dec 2011 11:49:46 +0100
branch	devel
changeset 77	7dce6c0f06fb
parent 0	a3b6e531f0d2
permissions	-rw-r--r--