diff options
| author | root <root@tonbuntu> | 2010-09-17 19:10:08 -0700 |
|---|---|---|
| committer | root <root@tonbuntu> | 2010-09-17 19:10:08 -0700 |
| commit | 7b74343f2be9b49c0c359e00c64cf26b3da1cf44 (patch) | |
| tree | 8c12b4879e54dfb2476dc2502ee7d1e9e79a5d1a | |
| parent | 81f71efdcbeabd8a67054b6e9e432175ea47d785 (diff) | |
add security and session timeout to ajaxterm
| -rw-r--r-- | tools/ajaxterm/ajaxterm.html | 1 | ||||
| -rw-r--r-- | tools/ajaxterm/ajaxterm.js | 2 | ||||
| -rwxr-xr-x | tools/ajaxterm/ajaxterm.py | 34 |
3 files changed, 28 insertions, 9 deletions
diff --git a/tools/ajaxterm/ajaxterm.html b/tools/ajaxterm/ajaxterm.html index 9edf75967..fdd695558 100644 --- a/tools/ajaxterm/ajaxterm.html +++ b/tools/ajaxterm/ajaxterm.html @@ -8,6 +8,7 @@ <script type="text/javascript" src="sarissa_dhtml.js"></script> <script type="text/javascript" src="ajaxterm.js"></script> <script type="text/javascript"> + SESSION_ID = '$session_id'; window.onload=function() { t=ajaxterm.Terminal("term",80,25); }; diff --git a/tools/ajaxterm/ajaxterm.js b/tools/ajaxterm/ajaxterm.js index 07eca3b0b..32b401930 100644 --- a/tools/ajaxterm/ajaxterm.js +++ b/tools/ajaxterm/ajaxterm.js @@ -3,7 +3,7 @@ ajaxterm.Terminal_ctor=function(id,width,height) { var ie=0; if(window.ActiveXObject) ie=1; - var sid=""+Math.round(Math.random()*1000000000); + var sid=""+SESSION_ID; var query0="s="+sid+"&w="+width+"&h="+height; var query1=query0+"&c=1&k="; var buf=""; diff --git a/tools/ajaxterm/ajaxterm.py b/tools/ajaxterm/ajaxterm.py index 8b3af3781..b8a42f4b2 100755 --- a/tools/ajaxterm/ajaxterm.py +++ b/tools/ajaxterm/ajaxterm.py @@ -9,6 +9,9 @@ os.chdir(os.path.normpath(os.path.dirname(__file__))) sys.path[0:0]=glob.glob('../../python') import qweb +import string, subprocess, uuid + +global g_server class Terminal: def __init__(self,width=80,height=24): @@ -374,6 +377,7 @@ class Multiplex: self.lock=threading.RLock() self.thread=threading.Thread(target=self.loop) self.alive=1 + self.lastActivity=time.time() # synchronize methods for name in ['create','fds','proc_read','proc_write','dump','die','run']: orig=getattr(self,name) @@ -461,6 +465,10 @@ class Multiplex: while self.run(): fds=self.fds() i,o,e=select.select(fds, [], [], 1.0) + print str(time.time()) + " " + str(self.lastActivity) + if time.time() - self.lastActivity > 120: + global g_server + g_server.shutdown() for fd in i: self.proc_read(fd) if len(i): @@ -473,8 +481,9 @@ class Multiplex: pass class AjaxTerm: - def __init__(self,cmd=None,index_file='ajaxterm.html'): + def __init__(self,cmd=None,index_file='ajaxterm.html',token=None): self.files={} + self.token=token for i in ['css','html','js']: for j in glob.glob('*.%s'%i): self.files[j]=file(j).read() @@ -494,12 +503,14 @@ class AjaxTerm: if s in self.session: term=self.session[s] else: + raise 'Not Authorized' if not (w>2 and w<256 and h>2 and h<100): w,h=80,25 term=self.session[s]=self.multi.create(w,h) if k: self.multi.proc_write(term,k) time.sleep(0.002) + self.multi.lastActivity = time.time(); dump=self.multi.dump(term,c) req.response_headers['Content-Type']='text/xml' if isinstance(dump,str): @@ -514,20 +525,25 @@ class AjaxTerm: if n in self.files: req.response_headers['Content-Type'] = self.mime.get(os.path.splitext(n)[1].lower(), 'application/octet-stream') req.write(self.files[n]) - else: + elif req.REQUEST['token'] == self.token: req.response_headers['Content-Type'] = 'text/html; charset=UTF-8' - req.write(self.files['index']) + session_id = str(uuid.uuid4()) + req.write(string.Template(self.files['index']).substitute(session_id=session_id)) + term=self.session[session_id]=self.multi.create(80,25) + else: + raise "Not Authorized" return req def main(): parser = optparse.OptionParser() parser.add_option("-p", "--port", dest="port", default="8022", help="Set the TCP port (default: 8022)") - parser.add_option("-c", "--command", dest="cmd", default=None,help="set the command (default: /bin/login or ssh localhost)") + parser.add_option("-c", "--command", dest="cmd", default=None,help="set the command (default: /bin/login or ssh 0.0.0.0)") parser.add_option("-l", "--log", action="store_true", dest="log",default=0,help="log requests to stderr (default: quiet mode)") parser.add_option("-d", "--daemon", action="store_true", dest="daemon", default=0, help="run as daemon in the background") parser.add_option("-P", "--pidfile",dest="pidfile",default="/var/run/ajaxterm.pid",help="set the pidfile (default: /var/run/ajaxterm.pid)") parser.add_option("-i", "--index", dest="index_file", default="ajaxterm.html",help="default index file (default: ajaxterm.html)") parser.add_option("-u", "--uid", dest="uid", help="Set the daemon's user id") + parser.add_option("-t", "--token", dest="token", help="Set authorization token") (o, a) = parser.parse_args() if o.daemon: pid=os.fork() @@ -549,15 +565,17 @@ def main(): file(o.pidfile,'w+').write(str(pid)+'\n') except: pass - print 'AjaxTerm at http://localhost:%s/ pid: %d' % (o.port,pid) + print 'AjaxTerm at http://0.0.0.0:%s/ pid: %d' % (o.port,pid) sys.exit(0) else: - print 'AjaxTerm at http://localhost:%s/' % o.port - at=AjaxTerm(o.cmd,o.index_file) + print 'AjaxTerm at http://0.0.0.0:%s/' % o.port + at=AjaxTerm(o.cmd,o.index_file,o.token) # f=lambda:os.system('firefox http://localhost:%s/&'%o.port) # qweb.qweb_wsgi_autorun(at,ip='localhost',port=int(o.port),threaded=0,log=o.log,callback_ready=None) try: - qweb.QWebWSGIServer(at,ip='localhost',port=int(o.port),threaded=0,log=o.log).serve_forever() + global g_server + g_server = qweb.QWebWSGIServer(at,ip='0.0.0.0',port=int(o.port),threaded=0,log=o.log) + g_server.serve_forever() except KeyboardInterrupt,e: sys.excepthook(*sys.exc_info()) at.multi.die() |