Re: [RFC][PATCH] Secure XML-RPC for Xend

[Anil Madhavapeddy <anil@recoil.org>]

On Thu, Jun 08, 2006 at 09:13:17PM -0500, Anthony Liguori wrote:
> Add support secure XML-RPC.  This is done by multiplexing multiple SSH
> sessions over a single session (to avoid multiple password entries).  Here are
> the changes:

I like the general idea, comments inline.

> 
> 1) Add support to xmlrpclib2.ServerProxy for ssh:// protocol
> 2) Add an xm serve command which proxies XML-RPC over stdio
> 3) Make xm look at the XM_SERVER variable to determine which XML-RPC protocol
>    to use
> 
> There are some issues that need to be addressed before inclusion.  Namely:
> 
> 1) Python moans about tempnam().  I don't think there's a better solution
>    though.

I don't like the dependency on directly calling ssh multiplexing,
as it requires a relatively modern OpenSSH (>3.9) and the above
race condition is introduced.  A newer feature in OpenSSH is to let
the ControlPath consist of "%h,%p,%r" wildcards which fill in the
host/user/port being connected to in a socket pathname, which solves
that particular race.

Why not just do the SSH every time, and let the user either set up
connection multiplexing or ssh agent in their local environment
instead?  That way it will work for old OpenSSH versions and you
don't have to deal with all the quirks.

> 2) A command *must* be executed to cleanup the ssh session on exit.  I
>    currently use __del__() which doesn't seem to make Python happy in certain
>    cases.
> 3) I have done basic testing but not regression testing with xm-test
> 
> diff -r 4f1e39ec05d6 -r 4de241a7e91a tools/python/xen/util/xmlrpclib2.py
...
> +    def runcmd(self, cmd, data=None):
> +        """Runs a command using an existing SSH connection.
> +
> +        This function will run the passed in command on a remote
> +        machine and either return the output or raise an OSError
> +        if the command exits with a non-zero status (or some
> +        other failure occurs)."""
> +
> +        cmdline = self.getcmd(cmd)
> +        if data:
> +            f = open("/tmp/stuff.txt", "w")
> +            f.write(data)
> +            f.close()
> +            cmdline = "cat /tmp/stuff.txt | %s" % cmdline

Ouch, this bit definitely needs to be fixed at least :)

-- 
Anil Madhavapeddy                                 http://anil.recoil.org
University of Cambridge                          http://www.cl.cam.ac.uk