[Ganglia-developers] trusted hosts patch

Matt Ryan Tue, 22 Apr 2008 07:21:15 -0700

All,

Attached is a patch for python gmetad which should add support for the
"trusted_hosts" and "all_trusted" configuration file parameters.

--- gmetad.py   2008-04-22 08:17:00.000000000 -0600
+++ gmetad.py.new       2008-04-21 17:52:07.000000000 -0600
@@ -26,21 +26,42 @@
         logging.info('Opening query interface on %s:%d' % (host, port))
         self.bind((interface,port))
         self.listen(5)
+        
+    def _connIsAllowedFrom(self, remoteHost):
+        cfg = getConfig()
+        if '127.0.0.1' == remoteHost: return True
+        if 'localhost' == remoteHost: return True
+        if cfg[GmetadConfig.ALL_TRUSTED]: return True
+        trustedHosts = cfg[GmetadConfig.TRUSTED_HOSTS]
+        if trustedHosts.count(remoteHost): return True
+        hostname, aliases, ips = socket.gethostbyaddr(remoteHost)
+        if trustedHosts.count(hostname): return True
+        for alias in aliases:
+            if trustedHosts.count(alias): return True
+        for ip in ips:
+            if trustedHosts.count(ips): return True
+        return False
 
 class XmlSocket(GmetadListenSocket):
     def handle_accept(self):
         newsock, addr = self.accept()
-        logging.debug('Replying to XML dump query from %s' % addr[0])
-        writer = XmlWriter()
-        newsock.sendall(writer.getXml())
-        newsock.close()
+        if self._connIsAllowedFrom(addr[0]):
+            logging.debug('Replying to XML dump query from %s' % addr[0])
+            writer = XmlWriter()
+            newsock.sendall(writer.getXml())
+            newsock.close()
+        else:
+            logging.info('XML dump query from %s rejected by rule' % addr[0])
 
 
 class InteractiveSocket(GmetadListenSocket):        
     def handle_accept(self):
         newsock, addr = self.accept()
-        logging.debug('Replying to interactive query from %s' % addr[0])
-        InteractiveConnectionHandler(newsock)
+        if self._connIsAllowedFrom(addr[0]):
+            logging.debug('Replying to interactive query from %s' % addr[0])
+            InteractiveConnectionHandler(newsock)
+        else:
+            logging.info('Interactive query from %s rejected by rule' % 
addr[0])
         
 class InteractiveConnectionHandler(asyncore.dispatcher_with_send):
     def __init__(self, sock):

-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don't miss this year's exciting event. There's still time to save $100. 
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone

_______________________________________________
Ganglia-developers mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ganglia-developers

[Ganglia-developers] trusted hosts patch

Reply via email to