womax/nova
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add security and session timeout to ajaxterm

Browse Source
This commit is contained in:
root
2010-09-17 19:10:08 -07:00
parent 81f71efdcb
commit 7b74343f2b
3 changed files with 28 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tools/ajaxterm/ajaxterm.html
+1
View File
@@ -8,6 +8,7 @@
<script type="text/javascript" src="sarissa_dhtml.js"></script> <script type="text/javascript" src="sarissa_dhtml.js"></script>
<script type="text/javascript" src="ajaxterm.js"></script> <script type="text/javascript" src="ajaxterm.js"></script>
<script type="text/javascript"> <script type="text/javascript">
SESSION_ID = '$session_id';
window.onload=function() { window.onload=function() {
t=ajaxterm.Terminal("term",80,25); t=ajaxterm.Terminal("term",80,25);
}; };
tools/ajaxterm/ajaxterm.js
+1 -1
View File
@@ -3,7 +3,7 @@ ajaxterm.Terminal_ctor=function(id,width,height) {
var ie=0; var ie=0;
if(window.ActiveXObject) if(window.ActiveXObject)
ie=1; ie=1;
var sid=""+Math.round(Math.random()*1000000000); var sid=""+SESSION_ID;
var query0="s="+sid+"&w="+width+"&h="+height; var query0="s="+sid+"&w="+width+"&h="+height;
var query1=query0+"&c=1&k="; var query1=query0+"&c=1&k=";
var buf=""; var buf="";
tools/ajaxterm/ajaxterm.py
+26 -8
View File
@@ -9,6 +9,9 @@ os.chdir(os.path.normpath(os.path.dirname(__file__)))
sys.path[0:0]=glob.glob('../../python') sys.path[0:0]=glob.glob('../../python')
import qweb import qweb
import string, subprocess, uuid
global g_server
class Terminal: class Terminal:
def __init__(self,width=80,height=24): def __init__(self,width=80,height=24):
@@ -374,6 +377,7 @@ class Multiplex:
self.lock=threading.RLock() self.lock=threading.RLock()
self.thread=threading.Thread(target=self.loop) self.thread=threading.Thread(target=self.loop)
self.alive=1 self.alive=1
self.lastActivity=time.time()
# synchronize methods # synchronize methods
for name in ['create','fds','proc_read','proc_write','dump','die','run']: for name in ['create','fds','proc_read','proc_write','dump','die','run']:
orig=getattr(self,name) orig=getattr(self,name)
@@ -461,6 +465,10 @@ class Multiplex:
while self.run(): while self.run():
fds=self.fds() fds=self.fds()
i,o,e=select.select(fds, [], [], 1.0) i,o,e=select.select(fds, [], [], 1.0)
print str(time.time()) + " " + str(self.lastActivity)
if time.time() - self.lastActivity > 120:
global g_server
g_server.shutdown()
for fd in i: for fd in i:
self.proc_read(fd) self.proc_read(fd)
if len(i): if len(i):
@@ -473,8 +481,9 @@ class Multiplex:
pass pass
class AjaxTerm: class AjaxTerm:
def __init__(self,cmd=None,index_file='ajaxterm.html'): def __init__(self,cmd=None,index_file='ajaxterm.html',token=None):
self.files={} self.files={}
self.token=token
for i in ['css','html','js']: for i in ['css','html','js']:
for j in glob.glob('*.%s'%i): for j in glob.glob('*.%s'%i):
self.files[j]=file(j).read() self.files[j]=file(j).read()
@@ -494,12 +503,14 @@ class AjaxTerm:
if s in self.session: if s in self.session:
term=self.session[s] term=self.session[s]
else: else:
raise 'Not Authorized'
if not (w>2 and w<256 and h>2 and h<100): if not (w>2 and w<256 and h>2 and h<100):
w,h=80,25 w,h=80,25
term=self.session[s]=self.multi.create(w,h) term=self.session[s]=self.multi.create(w,h)
if k: if k:
self.multi.proc_write(term,k) self.multi.proc_write(term,k)
time.sleep(0.002) time.sleep(0.002)
self.multi.lastActivity = time.time();
dump=self.multi.dump(term,c) dump=self.multi.dump(term,c)
req.response_headers['Content-Type']='text/xml' req.response_headers['Content-Type']='text/xml'
if isinstance(dump,str): if isinstance(dump,str):
@@ -514,20 +525,25 @@ class AjaxTerm:
if n in self.files: if n in self.files:
req.response_headers['Content-Type'] = self.mime.get(os.path.splitext(n)[1].lower(), 'application/octet-stream') req.response_headers['Content-Type'] = self.mime.get(os.path.splitext(n)[1].lower(), 'application/octet-stream')
req.write(self.files[n]) req.write(self.files[n])
else: elif req.REQUEST['token'] == self.token:
req.response_headers['Content-Type'] = 'text/html; charset=UTF-8' req.response_headers['Content-Type'] = 'text/html; charset=UTF-8'
req.write(self.files['index']) session_id = str(uuid.uuid4())
req.write(string.Template(self.files['index']).substitute(session_id=session_id))
term=self.session[session_id]=self.multi.create(80,25)
else:
raise "Not Authorized"
return req return req
def main(): def main():
parser = optparse.OptionParser() parser = optparse.OptionParser()
parser.add_option("-p", "--port", dest="port", default="8022", help="Set the TCP port (default: 8022)") parser.add_option("-p", "--port", dest="port", default="8022", help="Set the TCP port (default: 8022)")
parser.add_option("-c", "--command", dest="cmd", default=None,help="set the command (default: /bin/login or ssh localhost)") parser.add_option("-c", "--command", dest="cmd", default=None,help="set the command (default: /bin/login or ssh 0.0.0.0)")
parser.add_option("-l", "--log", action="store_true", dest="log",default=0,help="log requests to stderr (default: quiet mode)") parser.add_option("-l", "--log", action="store_true", dest="log",default=0,help="log requests to stderr (default: quiet mode)")
parser.add_option("-d", "--daemon", action="store_true", dest="daemon", default=0, help="run as daemon in the background") parser.add_option("-d", "--daemon", action="store_true", dest="daemon", default=0, help="run as daemon in the background")
parser.add_option("-P", "--pidfile",dest="pidfile",default="/var/run/ajaxterm.pid",help="set the pidfile (default: /var/run/ajaxterm.pid)") parser.add_option("-P", "--pidfile",dest="pidfile",default="/var/run/ajaxterm.pid",help="set the pidfile (default: /var/run/ajaxterm.pid)")
parser.add_option("-i", "--index", dest="index_file", default="ajaxterm.html",help="default index file (default: ajaxterm.html)") parser.add_option("-i", "--index", dest="index_file", default="ajaxterm.html",help="default index file (default: ajaxterm.html)")
parser.add_option("-u", "--uid", dest="uid", help="Set the daemon's user id") parser.add_option("-u", "--uid", dest="uid", help="Set the daemon's user id")
parser.add_option("-t", "--token", dest="token", help="Set authorization token")
(o, a) = parser.parse_args() (o, a) = parser.parse_args()
if o.daemon: if o.daemon:
pid=os.fork() pid=os.fork()
@@ -549,15 +565,17 @@ def main():
file(o.pidfile,'w+').write(str(pid)+'\n') file(o.pidfile,'w+').write(str(pid)+'\n')
except: except:
pass pass
print 'AjaxTerm at http://localhost:%s/ pid: %d' % (o.port,pid) print 'AjaxTerm at http://0.0.0.0:%s/ pid: %d' % (o.port,pid)
sys.exit(0) sys.exit(0)
else: else:
print 'AjaxTerm at http://localhost:%s/' % o.port print 'AjaxTerm at http://0.0.0.0:%s/' % o.port
at=AjaxTerm(o.cmd,o.index_file) at=AjaxTerm(o.cmd,o.index_file,o.token)
# f=lambda:os.system('firefox http://localhost:%s/&'%o.port) # f=lambda:os.system('firefox http://localhost:%s/&'%o.port)
# qweb.qweb_wsgi_autorun(at,ip='localhost',port=int(o.port),threaded=0,log=o.log,callback_ready=None) # qweb.qweb_wsgi_autorun(at,ip='localhost',port=int(o.port),threaded=0,log=o.log,callback_ready=None)
try: try:
qweb.QWebWSGIServer(at,ip='localhost',port=int(o.port),threaded=0,log=o.log).serve_forever() global g_server
g_server = qweb.QWebWSGIServer(at,ip='0.0.0.0',port=int(o.port),threaded=0,log=o.log)
g_server.serve_forever()
except KeyboardInterrupt,e: except KeyboardInterrupt,e:
sys.excepthook(*sys.exc_info()) sys.excepthook(*sys.exc_info())
at.multi.die() at.multi.die()