You are viewing a plain text version of this content. The canonical link for it is here.
Posted to tashi-commits@incubator.apache.org by st...@apache.org on 2012/02/08 20:59:21 UTC
svn commit: r1242088 - in /incubator/tashi/branches/stroucki-rpyc/src/tashi:
clustermanager/clustermanager.py nodemanager/nodemanager.py
rpycservices/rpycservices.py
Author: stroucki
Date: Wed Feb 8 20:59:21 2012
New Revision: 1242088
URL: http://svn.apache.org/viewvc?rev=1242088&view=rev
Log:
rpyc-3.2 removes tlslite, so provide an equivalent using ssl
First test.
Modified:
incubator/tashi/branches/stroucki-rpyc/src/tashi/clustermanager/clustermanager.py
incubator/tashi/branches/stroucki-rpyc/src/tashi/nodemanager/nodemanager.py
incubator/tashi/branches/stroucki-rpyc/src/tashi/rpycservices/rpycservices.py
Modified: incubator/tashi/branches/stroucki-rpyc/src/tashi/clustermanager/clustermanager.py
URL: http://svn.apache.org/viewvc/incubator/tashi/branches/stroucki-rpyc/src/tashi/clustermanager/clustermanager.py?rev=1242088&r1=1242087&r2=1242088&view=diff
==============================================================================
--- incubator/tashi/branches/stroucki-rpyc/src/tashi/clustermanager/clustermanager.py (original)
+++ incubator/tashi/branches/stroucki-rpyc/src/tashi/clustermanager/clustermanager.py Wed Feb 8 20:59:21 2012
@@ -26,7 +26,7 @@ import tashi
from tashi.rpycservices import rpycservices
from rpyc.utils.server import ThreadedServer
-from rpyc.utils.authenticators import TlsliteVdbAuthenticator
+from tashi.rpycservices import UsernamePasswordAuthenticator
log = None
@@ -45,7 +45,7 @@ def startClusterManager(config):
users[user.name] = user.passwd
users[config.get('AllowedUsers', 'nodeManagerUser')] = config.get('AllowedUsers', 'nodeManagerPassword')
users[config.get('AllowedUsers', 'agentUser')] = config.get('AllowedUsers', 'agentPassword')
- authenticator = TlsliteVdbAuthenticator.from_dict(users)
+ authenticator = UsernamePasswordAuthenticator(users)
t = ThreadedServer(service=rpycservices.ManagerService, hostname='0.0.0.0', port=int(config.get('ClusterManagerService', 'port')), auto_register=False, authenticator=authenticator)
else:
t = ThreadedServer(service=rpycservices.ManagerService, hostname='0.0.0.0', port=int(config.get('ClusterManagerService', 'port')), auto_register=False)
Modified: incubator/tashi/branches/stroucki-rpyc/src/tashi/nodemanager/nodemanager.py
URL: http://svn.apache.org/viewvc/incubator/tashi/branches/stroucki-rpyc/src/tashi/nodemanager/nodemanager.py?rev=1242088&r1=1242087&r2=1242088&view=diff
==============================================================================
--- incubator/tashi/branches/stroucki-rpyc/src/tashi/nodemanager/nodemanager.py (original)
+++ incubator/tashi/branches/stroucki-rpyc/src/tashi/nodemanager/nodemanager.py Wed Feb 8 20:59:21 2012
@@ -27,7 +27,7 @@ from tashi import boolean
from tashi.rpycservices import rpycservices
from rpyc.utils.server import ThreadedServer
-from rpyc.utils.authenticators import TlsliteVdbAuthenticator
+from tashi.rpycservices import UsernamePasswordAuthenticator
@signalHandler(signal.SIGTERM)
def handleSIGTERM(signalNumber, stackFrame):
@@ -50,7 +50,7 @@ def main():
if boolean(config.get("Security", "authAndEncrypt")):
users = {}
users[config.get('AllowedUsers', 'clusterManagerUser')] = config.get('AllowedUsers', 'clusterManagerPassword')
- authenticator = TlsliteVdbAuthenticator.from_dict(users)
+ authenticator = UsernamePasswordAuthenticator(users)
t = ThreadedServer(service=rpycservices.ManagerService, hostname='0.0.0.0', port=int(config.get('NodeManagerService', 'port')), auto_register=False, authenticator=authenticator)
else:
t = ThreadedServer(service=rpycservices.ManagerService, hostname='0.0.0.0', port=int(config.get('NodeManagerService', 'port')), auto_register=False)
Modified: incubator/tashi/branches/stroucki-rpyc/src/tashi/rpycservices/rpycservices.py
URL: http://svn.apache.org/viewvc/incubator/tashi/branches/stroucki-rpyc/src/tashi/rpycservices/rpycservices.py?rev=1242088&r1=1242087&r2=1242088&view=diff
==============================================================================
--- incubator/tashi/branches/stroucki-rpyc/src/tashi/rpycservices/rpycservices.py (original)
+++ incubator/tashi/branches/stroucki-rpyc/src/tashi/rpycservices/rpycservices.py Wed Feb 8 20:59:21 2012
@@ -43,6 +43,8 @@ def clean(args):
return args
class client:
+ import hashlib
+
def __init__(self, host, port, username=None, password=None):
"""Client for ManagerService. If username and password are provided, rpyc.tlslite_connect will be used to connect, else rpyc.connect will be used."""
self.host = host
@@ -54,7 +56,20 @@ class client:
def createConn(self):
"""Creates a rpyc connection."""
if self.username != None and self.password != None:
- return rpyc.tlslite_connect(host=self.host, port=self.port, username=self.username, password=self.password)
+ sock = rpyc.ssl_connect(host=self.host, port=self.port)
+ hello = sock.read()
+ print "XXXstroucki hello line %s" % (hello)
+ if hello != "tashi server sha1":
+ raise AuthenticationError("Wrong protocol version")
+ sock.write("%s|%s" % (self.username, hashlib.sha1(self.password)))
+ sock.flush()
+ result = sock.read()
+ print "XXXstroucki result line %s" % (result)
+ if result.startswith("200 "):
+ pass
+ else:
+ raise AuthenticationError("Wrong protocol version")
+ return sock
else:
return rpyc.connect(host=self.host, port=self.port)
@@ -77,6 +92,39 @@ class client:
return res
return connectWrap
+class UsernamePasswordAuthenticator(object):
+ import ssl
+ import hashlib
+
+ def __init__(self, userdict):
+ for username, password in userdict.iteritems():
+ self.userdict[username] = hashlib.sha1(password)
+
+ def __call__(self, sock):
+ try:
+ sock2 = ssl.wrap.socket(sock, server_side = True)
+ except: ssl.SSLError:
+ raise AuthenticationError(str(sys.exc_info()))
+
+ try:
+ sock2.write("tashi server sha1")
+ sock2.flush()
+ auth = sock2.read()
+ (username, password) = auth.split('|')
+
+ hash = self.userdict[username]
+ if (hashlib.sha1(password) == hash):
+ pass
+ else:
+ raise AuthenticationError("Authentication failed")
+ sock2.write("200 how are you gentlemen ././")
+ sock2.flush()
+ except:
+ raise AuthenticationError(str(sys.exc_info()))
+
+ return sock2, sock2.getpeercert()
+
+
class ManagerService(rpyc.Service):
"""Wrapper for rpyc service"""
# Note: self.service and self._type are set before rpyc.utils.server.ThreadedServer is started.