Package: ajaxterm
Version: 0.10-10
Severity: normal
Tags: patch
User: [email protected]
Usertags: origin-ubuntu natty ubuntu-patch
OpenStack is being packaged for Debian. OpenStack ships a patched
ajaxterm. Naturally, we don't want to ship that in the OpenStack Debian
packages, so this is the first of two patches that we need in the
ajaxterm package to support OpenStack.
This patch adds a simple, token based access control system.
It is only enabled if passing a (new) CLI option, namely -t.
If passed on the command line, the given token must be used when
accessing ajaxterm (by adding a ?token=something request argument).
Thanks for considering the patch.
-- System Information:
Debian Release: squeeze/sid
APT prefers natty-updates
APT policy: (500, 'natty-updates'), (500, 'natty-security'), (500, 'natty')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.38-7-generic (SMP w/2 CPU cores)
Locale: LANG=da_DK.UTF-8, LC_CTYPE=da_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru ajaxterm-0.10/debian/patches/90_token_based_access_control.diff ajaxterm-0.10/debian/patches/90_token_based_access_control.diff
--- ajaxterm-0.10/debian/patches/90_token_based_access_control.diff 1970-01-01 01:00:00.000000000 +0100
+++ ajaxterm-0.10/debian/patches/90_token_based_access_control.diff 2011-03-23 15:16:10.000000000 +0100
@@ -0,0 +1,47 @@
+Index: ajaxterm-0.10/ajaxterm.py
+===================================================================
+--- ajaxterm-0.10.orig/ajaxterm.py 2011-03-23 14:18:54.846591114 +0100
++++ ajaxterm-0.10/ajaxterm.py 2011-03-23 15:16:06.281623963 +0100
+@@ -503,8 +503,9 @@
+ pass
+
+ class AjaxTerm:
+- def __init__(self,cmd=None,index_file='ajaxterm.html',serverport=None):
++ def __init__(self,cmd=None,index_file='ajaxterm.html',serverport=None,token=None):
+ self.files={}
++ self.token=token
+ for i in ['css','html','js']:
+ for j in glob.glob('*.%s'%i):
+ self.files[j]=file(j).read()
+@@ -576,11 +577,13 @@
+ if n in self.files:
+ req.response_headers['Content-Type'] = self.mime.get(os.path.splitext(n)[1].lower(), 'application/octet-stream')
+ req.write(self.files[n])
+- else:
++ elif (not self.token) or (req.REQUEST['token'] == self.token):
+ if self.cookie_name not in req.request_cookies:
+ self.genSidCookie(req)
+ req.response_headers['Content-Type'] = 'text/html; charset=UTF-8'
+ req.write(self.files['index'])
++ else:
++ raise Exception('Not Authorized')
+ return req
+ def genSidCookie(self, req):
+ m = sha1()
+@@ -605,6 +608,7 @@
+ parser.add_option("-i", "--index", dest="index_file", default="ajaxterm.html",help="default index file (default: ajaxterm.html)")
+ parser.add_option("-u", "--uid", dest="uid", help="Set the daemon's user id")
+ parser.add_option("-s", "--serverport", dest="serverport", help="Use a different port than 22 to connect to the ssh server")
++ parser.add_option("-t", "--token", dest="token", help="Set authorization token")
+ (o, a) = parser.parse_args()
+ if o.daemon:
+ pid=os.fork()
+@@ -630,7 +634,7 @@
+ sys.exit(0)
+ else:
+ print 'AjaxTerm at http://localhost:%s/' % o.port
+- at=AjaxTerm(o.cmd,o.index_file,o.serverport)
++ at=AjaxTerm(o.cmd,o.index_file,o.serverport,o.token)
+ # f=lambda:os.system('firefox http://localhost:%s/&;'%o.port)
+ # qweb.qweb_wsgi_autorun(at,ip='localhost',port=int(o.port),threaded=0,log=o.log,callback_ready=None)
+ try:
diff -Nru ajaxterm-0.10/debian/patches/series ajaxterm-0.10/debian/patches/series
--- ajaxterm-0.10/debian/patches/series 2011-02-13 21:32:58.000000000 +0100
+++ ajaxterm-0.10/debian/patches/series 2011-03-23 14:02:30.000000000 +0100
@@ -12,3 +12,4 @@
30_utf8-support.diff
35_fix-sarissa.diff
40_more-ctrl-catches.diff
+90_token_based_access_control.diff
