Fix ajaxterm's use of shell=True, prevent vmops.py from running its own version of utils.execute

3 files changed, 11 insertions, 25 deletions

diff --git a/nova/utils.py b/nova/utils.py
index 0820a2bde..7f27c5fd5 100644
--- a/nova/utils.py
+++ b/nova/utils.py
@@ -138,8 +138,6 @@ def execute(*cmd, **kwargs):
     :delay_on_retry     True | False. Defaults to True. If set to True, wait a
                         short amount of time before retrying.
     :attempts           How many times to retry cmd.
-    :shell              True | False. Defaults to False. If set to True,
-                        Popen command is called shell=True.
     :run_as_root        True | False. Defaults to False. If set to True,
                         the command is prefixed by the command specified
                         in the sudo_helper FLAG.
@@ -153,7 +151,6 @@ def execute(*cmd, **kwargs):
     check_exit_code = kwargs.pop('check_exit_code', 0)
     delay_on_retry = kwargs.pop('delay_on_retry', True)
     attempts = kwargs.pop('attempts', 1)
-    shell = kwargs.pop('shell', False)
     run_as_root = kwargs.pop('run_as_root', False)
     if len(kwargs):
         raise exception.Error(_('Got unknown keyword args '
@@ -175,7 +172,6 @@ def execute(*cmd, **kwargs):
                                    stdin=_PIPE,
                                    stdout=_PIPE,
                                    stderr=_PIPE,
-                                   shell=shell,
                                    env=env)
             result = None
             if process_input is not None:
diff --git a/nova/virt/libvirt/connection.py b/nova/virt/libvirt/connection.py
index 5053daf8f..a01fc3317 100644
--- a/nova/virt/libvirt/connection.py
+++ b/nova/virt/libvirt/connection.py
@@ -681,10 +681,10 @@ class LibvirtConnection(driver.ComputeDriver):
         ajaxterm_cmd = 'sudo socat - %s' \
                        % get_pty_for_instance(instance['name'])
 
-        cmd = '%s/tools/ajaxterm/ajaxterm.py --command "%s" -t %s -p %s' \
-              % (utils.novadir(), ajaxterm_cmd, token, port)
+        cmd = ['%s/tools/ajaxterm/ajaxterm.py' % utils.novadir(),
+               '--command', ajaxterm_cmd, '-t', token, '-p', port]
 
-        utils.execute(cmd, shell=True)
+        utils.execute(cmd)
         return {'token': token, 'host': host, 'port': port}
 
     def get_host_ip_addr(self):
diff --git a/nova/virt/xenapi/vmops.py b/nova/virt/xenapi/vmops.py
index a78413370..230ecd560 100644
--- a/nova/virt/xenapi/vmops.py
+++ b/nova/virt/xenapi/vmops.py
@@ -1320,12 +1320,6 @@ class VMOps(object):
     ########################################################################
 
 
-def _runproc(cmd):
-    pipe = subprocess.PIPE
-    return subprocess.Popen([cmd], shell=True, stdin=pipe, stdout=pipe,
-            stderr=pipe, close_fds=True)
-
-
 class SimpleDH(object):
     """
     This class wraps all the functionality needed to implement
@@ -1382,22 +1376,18 @@ class SimpleDH(object):
         mpi = M2Crypto.m2.bn_to_mpi(bn)
         return mpi
 
-    def _run_ssl(self, text, extra_args=None):
-        if not extra_args:
-            extra_args = ''
-        cmd = 'enc -aes-128-cbc -A -a -pass pass:%s -nosalt %s' % (
-                self._shared, extra_args)
-        proc = _runproc('openssl %s' % cmd)
-        proc.stdin.write(text)
-        proc.stdin.close()
-        proc.wait()
-        err = proc.stderr.read()
+    def _run_ssl(self, text, decrypt=False):
+        cmd = ['openssl', 'aes-128-cbc', '-A', '-a', '-pass',
+              'pass:%s' % self._shared, '-nosalt']
+        if decrypt:
+            cmd.append('-d')
+        out, err = utils.execute(*cmd, process_input=text)
         if err:
             raise RuntimeError(_('OpenSSL error: %s') % err)
-        return proc.stdout.read()
+        return out
 
     def encrypt(self, text):
         return self._run_ssl(text).strip('\n')
 
     def decrypt(self, text):
-        return self._run_ssl(text, '-d')
+        return self._run_ssl(text, decrypt=True)