diff options
| author | root <root@tonbuntu> | 2010-09-17 20:36:13 -0700 |
|---|---|---|
| committer | root <root@tonbuntu> | 2010-09-17 20:36:13 -0700 |
| commit | 4f7bbaa83216dfdb298f460c771806ef1071113b (patch) | |
| tree | 0c44e019dc72286029400817bbd69a6675c8802e | |
| parent | c0c38f3c7f66232a98ba5ccd1687d4cbcc537549 (diff) | |
add in a few comments
| -rw-r--r-- | nova/endpoint/admin.py | 9 | ||||
| -rw-r--r-- | tools/ajaxterm/ajaxterm.html | 7 |
2 files changed, 11 insertions, 5 deletions
diff --git a/nova/endpoint/admin.py b/nova/endpoint/admin.py index 686e462b5..8d184f10e 100644 --- a/nova/endpoint/admin.py +++ b/nova/endpoint/admin.py @@ -220,10 +220,9 @@ class AdminController(object): def create_console(self, _context, kind, instance_id, **_kwargs): """Create a Console""" #instance = db.instance_get(_context, instance_id) - host = '127.0.0.1' def get_port(): - for i in range(0,100): # don't loop forever + for i in xrange(0,100): # don't loop forever port = int(random.uniform(10000, 12000)) cmd = "netcat 0.0.0.0 " + str(port) + " -w 2 < /dev/null" # this Popen will exit with 0 only if the port is in use, @@ -235,8 +234,10 @@ class AdminController(object): port = str(get_port()) token = str(uuid.uuid4()) + + host = '127.0.0.1' #TODO add actual host cmd = novadir() + "tools/ajaxterm//ajaxterm.py --command 'ssh root@" + host + "' -t " \ + token + " -p " + port - port_is_unused = subprocess.Popen(cmd, shell=True) - return {'url': 'http://tonbuntu:' + port + '/?token=' + token } + port_is_unused = subprocess.Popen(cmd, shell=True) #TODO error check + return {'url': 'http://tonbuntu:' + port + '/?token=' + token } #TODO - s/tonbuntu/api_server_public_ip diff --git a/tools/ajaxterm/ajaxterm.html b/tools/ajaxterm/ajaxterm.html index fdd695558..7fdef5e94 100644 --- a/tools/ajaxterm/ajaxterm.html +++ b/tools/ajaxterm/ajaxterm.html @@ -8,7 +8,12 @@ <script type="text/javascript" src="sarissa_dhtml.js"></script> <script type="text/javascript" src="ajaxterm.js"></script> <script type="text/javascript"> - SESSION_ID = '$session_id'; + /* + ajaxterm.py creates a random session_id to demultiplex multiple connections, + and to add a layer of security - in its shipping form, ajaxterm accepted any session_id + and was susceptible to an easy exploit + */ + SESSION_ID = '$session_id'; window.onload=function() { t=ajaxterm.Terminal("term",80,25); }; |