Safe Local XMLRPC

2005-03-11 Thread Michael Urman 
Hi. I'm a user of python for about 3 years now. I've written a
client-server application that uses SimpleXMLRPCServer and
xmlrpclib.ServerProxy to communicate. It's intended to be used by a
single-person as a backend and GUI frontend. I've got it running
great. Much stabler than my custom RPC I'd tried before.

I've used the default support available by these classes. Thus it will
run on a potentially public TCP/IP port. As the application backend
allows, among other things, saving files to the local filesystem, this
would be a clear security hole in the wild. Restricting it to
localhost would be a start, but not sufficient for multi-user systems.

It looks like it should be easy to modify both classes (or create
similar composite classes) that used unix-domain stream sockets. I
tried at one point and I think I got the server side, but without a
working client side it was impossible to tell. Is there a better way
to do this, or might someone point to references or sample code for
creating a unix-domain SimpleXMLRPCServer and xmlrpclib.ServerProxy?

Thanks!
-m
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Safe Local XMLRPC

2005-03-12 Thread Michael Urman 
[Sorry, I previously replied to Diez offlist, and probably to a
spam-protected address at that. Here's that reply and my followup
after reading up on pyro
]
On Sat, 12 Mar 2005 11:08:31 -0600, Michael Urman <[EMAIL PROTECTED]> wrote:
> On Sat, 12 Mar 2005 14:12:21 +0100, Diez B. Roggisch <[EMAIL PROTECTED]> 
> wrote:
> > This might not be the answer you want, but I'd personally ditch xmlrpc and
> > switch to something like pyro or even corba and implement a "real"
> > authentication theme.
> 
> I don't have a problem with switching interfaces so long as I can keep
> my (admittedly useless) feature of multiple simultaneous connections.
> I am hoping to avoid writing an authentication method, as some slight
> missteps there could lead to real trouble later; this is why I was
> hoping to do unix-domain socket transports which I could just set to
> read-write only by the owner on the filesystem itself.
> 
> > With corba/pyro, authenticate would return an object that implicitely has
> > all the state needed - nameley who created the connection - and then you
> > don't have to bother about that anymore.
> 
> If I can get the authentication that I'm looking for that cheaply,
> then this does indeed sound like the way for me to go. I'm not worried
> about supporting remote connections, or anything of that nature, so
> local identity is sufficient. I'll look into pyro; conveniently
> there's a debian package for me to try.
> 
> Thanks Diez!
> -m
> 

Hmm. On inspection, pyro seems to be really heavy, what with its
requirement of a pyro-nameserver, and using TCP as the transport. I
think I'd still prefer convincing a variant of SimpleXMLRPCServer and
xmlrpclib.ServerProxy to use unix domain sockets and using filesystem
security to limit access to the owner.

Thanks again,
-m
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Safe Local XMLRPC

2005-03-12 Thread Michael Urman 
Thanks for your time everyone; I got it XMLRPC working over unix
domain stream sockets. In case people are interested, here's the
pieces I put together. I'm sure they throw away a little flexibility,
but they work for my purpose. Any pointers to make the code more
robust, or do less total overriding of should-be-arguments
appreciated.

-m

from SocketServer import UnixStreamServer
from SimpleXMLRPCServer import SimpleXMLRPCDispatcher,
SimpleXMLRPCRequestHandler
from xmlrpclib import ServerProxy, Fault, Transport
from socket import socket, AF_UNIX, SOCK_STREAM

# Server side is pretty easy - almost a direct copy of SimpleXMLRPCServer
SOCKPATH = 'testsock'
class UnixStreamXMLRPCServer(UnixStreamServer, SimpleXMLRCPDispatcher):
def__init__(self, addr=SOCKPATH, requestHandler=SimpleXMLRPCRequestHandler):
self.logRequests = 0 # critical, as logging fails with UnixStreamServer
SimpleXMLRPCDispatcher.__init__(self)
UnixStreamserver.__Init__(self, addr, requestHandler)

# Client is a lot more complicated and feels fragile
from httplib import HTTP, HTTPConnection
class UnixStreamHTTPConnection(HTTPConnection):
def connect(self):
self.sock = socket(AF_UNIX, SOCK_STREAM)
self.sock.connect(SOCKPATH)

class UnixStreamHTTP(HTTP):
_connection_class = UnixStreamHTTPConnection

class UnixStreamTransport(Transport):
def make_connection(self, host):
return UnixStreamHTTP(SOCKPATH) # overridden, but prevents IndexError

proxy = ServerProxy('http://' + SOCKPATH, transport=UnixStreamTransport())
# proxy now works just like any xmlrpclib.ServerProxy
-- 
http://mail.python.org/mailman/listinfo/python-list