Package: ajaxterm Version: 0.10-10 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu natty ubuntu-patch
OpenStack is being packaged for Debian. OpenStack ships a patched ajaxterm. Naturally, we don't want to ship that in the OpenStack Debian packages, so this is the first of two patches that we need in the ajaxterm package to support OpenStack. This patch adds a simple, token based access control system. It is only enabled if passing a (new) CLI option, namely -t. If passed on the command line, the given token must be used when accessing ajaxterm (by adding a ?token=something request argument). Thanks for considering the patch. -- System Information: Debian Release: squeeze/sid APT prefers natty-updates APT policy: (500, 'natty-updates'), (500, 'natty-security'), (500, 'natty') Architecture: amd64 (x86_64) Kernel: Linux 2.6.38-7-generic (SMP w/2 CPU cores) Locale: LANG=da_DK.UTF-8, LC_CTYPE=da_DK.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash
diff -Nru ajaxterm-0.10/debian/patches/90_token_based_access_control.diff ajaxterm-0.10/debian/patches/90_token_based_access_control.diff --- ajaxterm-0.10/debian/patches/90_token_based_access_control.diff 1970-01-01 01:00:00.000000000 +0100 +++ ajaxterm-0.10/debian/patches/90_token_based_access_control.diff 2011-03-23 15:16:10.000000000 +0100 @@ -0,0 +1,47 @@ +Index: ajaxterm-0.10/ajaxterm.py +=================================================================== +--- ajaxterm-0.10.orig/ajaxterm.py 2011-03-23 14:18:54.846591114 +0100 ++++ ajaxterm-0.10/ajaxterm.py 2011-03-23 15:16:06.281623963 +0100 +@@ -503,8 +503,9 @@ + pass + + class AjaxTerm: +- def __init__(self,cmd=None,index_file='ajaxterm.html',serverport=None): ++ def __init__(self,cmd=None,index_file='ajaxterm.html',serverport=None,token=None): + self.files={} ++ self.token=token + for i in ['css','html','js']: + for j in glob.glob('*.%s'%i): + self.files[j]=file(j).read() +@@ -576,11 +577,13 @@ + if n in self.files: + req.response_headers['Content-Type'] = self.mime.get(os.path.splitext(n)[1].lower(), 'application/octet-stream') + req.write(self.files[n]) +- else: ++ elif (not self.token) or (req.REQUEST['token'] == self.token): + if self.cookie_name not in req.request_cookies: + self.genSidCookie(req) + req.response_headers['Content-Type'] = 'text/html; charset=UTF-8' + req.write(self.files['index']) ++ else: ++ raise Exception('Not Authorized') + return req + def genSidCookie(self, req): + m = sha1() +@@ -605,6 +608,7 @@ + parser.add_option("-i", "--index", dest="index_file", default="ajaxterm.html",help="default index file (default: ajaxterm.html)") + parser.add_option("-u", "--uid", dest="uid", help="Set the daemon's user id") + parser.add_option("-s", "--serverport", dest="serverport", help="Use a different port than 22 to connect to the ssh server") ++ parser.add_option("-t", "--token", dest="token", help="Set authorization token") + (o, a) = parser.parse_args() + if o.daemon: + pid=os.fork() +@@ -630,7 +634,7 @@ + sys.exit(0) + else: + print 'AjaxTerm at http://localhost:%s/' % o.port +- at=AjaxTerm(o.cmd,o.index_file,o.serverport) ++ at=AjaxTerm(o.cmd,o.index_file,o.serverport,o.token) + # f=lambda:os.system('firefox http://localhost:%s/&'%o.port) + # qweb.qweb_wsgi_autorun(at,ip='localhost',port=int(o.port),threaded=0,log=o.log,callback_ready=None) + try: diff -Nru ajaxterm-0.10/debian/patches/series ajaxterm-0.10/debian/patches/series --- ajaxterm-0.10/debian/patches/series 2011-02-13 21:32:58.000000000 +0100 +++ ajaxterm-0.10/debian/patches/series 2011-03-23 14:02:30.000000000 +0100 @@ -12,3 +12,4 @@ 30_utf8-support.diff 35_fix-sarissa.diff 40_more-ctrl-catches.diff +90_token_based_access_control.diff