/usr/share/pyshared/pywbem/cim_http.py is in python-pywbem 0.7.0-4.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 | #
# (C) Copyright 2003-2005 Hewlett-Packard Development Company, L.P.
# (C) Copyright 2006-2007 Novell, Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License as
# published by the Free Software Foundation; either version 2 of the
# License.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#
# Author: Tim Potter <tpot@hp.com>
# Author: Martin Pool <mbp@hp.com>
# Author: Bart Whiteley <bwhiteley@suse.de>
'''
This module implements CIM operations over HTTP.
This module should not know anything about the fact that the data
being transferred is XML. It is up to the caller to format the input
data and interpret the result.
'''
import sys, string, re, os, socket, pwd
from stat import S_ISSOCK
import cim_obj
from types import StringTypes
class Error(Exception):
"""This exception is raised when a transport error occurs."""
pass
class AuthError(Error):
"""This exception is raised when an authentication error (401) occurs."""
pass
def parse_url(url):
"""Return a tuple of (host, port, ssl) from the URL parameter.
The returned port defaults to 5988 if not specified. SSL supports
defaults to False if not specified."""
host = url # Defaults
port = 5988
ssl = False
if re.match("https", url): # Set SSL if specified
ssl = True
port = 5989
m = re.search("^https?://", url) # Eat protocol name
if m:
host = url[len(m.group(0)):]
s = string.split(host, ":") # Set port number
if len(s) != 1:
host = s[0]
port = int(s[1])
return host, port, ssl
def wbem_request(url, data, creds, headers = [], debug = 0, x509 = None,
verify_callback = None):
"""Send XML data over HTTP to the specified url. Return the
response in XML. Uses Python's build-in httplib. x509 may be a
dictionary containing the location of the SSL certificate and key
files."""
import httplib, base64, urllib
class HTTPBaseConnection:
def send(self, str):
""" Same as httplib.HTTPConnection.send(), except we don't
check for sigpipe and close the connection. If the connection
gets closed, getresponse() fails.
"""
if self.sock is None:
if self.auto_open:
self.connect()
else:
raise httplib.NotConnected()
if self.debuglevel > 0:
print "send:", repr(str)
self.sock.sendall(str)
class HTTPConnection(HTTPBaseConnection, httplib.HTTPConnection):
def __init__(self, host, port=None, strict=None):
httplib.HTTPConnection.__init__(self, host, port, strict)
class HTTPSConnection(HTTPBaseConnection, httplib.HTTPSConnection):
def __init__(self, host, port=None, key_file=None, cert_file=None,
strict=None):
httplib.HTTPSConnection.__init__(self, host, port, key_file,
cert_file, strict)
class FileHTTPConnection(HTTPBaseConnection, httplib.HTTPConnection):
def __init__(self, uds_path):
httplib.HTTPConnection.__init__(self, 'localhost')
self.uds_path = uds_path
def connect(self):
self.sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
self.sock.connect(self.uds_path)
host, port, ssl = parse_url(url)
key_file = None
cert_file = None
if ssl:
if x509 is not None:
cert_file = x509.get('cert_file')
key_file = x509.get('key_file')
if verify_callback is not None:
try:
from OpenSSL import SSL
ctx = SSL.Context(SSL.SSLv3_METHOD)
ctx.set_verify(SSL.VERIFY_PEER, verify_callback)
# Add the key and certificate to the session
if cert_file is not None and key_file is not None:
ctx.use_certificate_file(cert_file)
ctx.use_privatekey_file(key_file)
s = SSL.Connection(ctx, socket.socket(socket.AF_INET,
socket.SOCK_STREAM))
s.connect((host, port))
s.do_handshake()
s.shutdown()
s.close()
except socket.error, arg:
raise Error("Socket error: %s" % (arg,))
except socket.sslerror, arg:
raise Error("SSL error: %s" % (arg,))
numTries = 0
localAuthHeader = None
tryLimit = 5
data = '<?xml version="1.0" encoding="utf-8" ?>\n' + data
local = False
if ssl:
h = HTTPSConnection(host, port = port, key_file = key_file,
cert_file = cert_file)
else:
if url.startswith('http'):
h = HTTPConnection(host, port = port)
else:
if url.startswith('file:'):
url = url[5:]
try:
s = os.stat(url)
if S_ISSOCK(s.st_mode):
h = FileHTTPConnection(url)
local = True
else:
raise Error('Invalid URL')
except OSError:
raise Error('Invalid URL')
locallogin = None
if host in ('localhost', '127.0.0.1'):
local = True
if local:
uid = os.getuid()
try:
locallogin = pwd.getpwuid(uid)[0]
except KeyError:
locallogin = None
while numTries < tryLimit:
numTries = numTries + 1
h.putrequest('POST', '/cimom')
h.putheader('Content-type', 'application/xml; charset="utf-8"')
h.putheader('Content-length', len(data))
if localAuthHeader is not None:
h.putheader(*localAuthHeader)
elif creds is not None:
h.putheader('Authorization', 'Basic %s' %
base64.encodestring('%s:%s' % (creds[0], creds[1])).replace('\n',''))
elif locallogin is not None:
h.putheader('PegasusAuthorization', 'Local "%s"' % locallogin)
for hdr in headers:
s = map(lambda x: string.strip(x), string.split(hdr, ":", 1))
h.putheader(urllib.quote(s[0]), urllib.quote(s[1]))
try:
# See RFC 2616 section 8.2.2
# An http server is allowed to send back an error (presumably
# a 401), and close the connection without reading the entire
# request. A server may do this to protect itself from a DoS
# attack.
#
# If the server closes the connection during our h.send(), we
# will either get a socket exception 104 (TCP RESET), or a
# socket exception 32 (broken pipe). In either case, thanks
# to our fixed HTTPConnection classes, we'll still be able to
# retrieve the response so that we can read and respond to the
# authentication challenge.
h.endheaders()
try:
h.send(data)
except socket.error, arg:
if arg[0] != 104 and arg[0] != 32:
raise
response = h.getresponse()
body = response.read()
if response.status != 200:
if response.status == 401:
if numTries >= tryLimit:
raise AuthError(response.reason)
if not local:
raise AuthError(response.reason)
authChal = response.getheader('WWW-Authenticate', '')
if 'openwbem' in response.getheader('Server', ''):
if 'OWLocal' not in authChal:
localAuthHeader = ('Authorization',
'OWLocal uid="%d"' % uid)
continue
else:
try:
nonceIdx = authChal.index('nonce=')
nonceBegin = authChal.index('"', nonceIdx)
nonceEnd = authChal.index('"', nonceBegin+1)
nonce = authChal[nonceBegin+1:nonceEnd]
cookieIdx = authChal.index('cookiefile=')
cookieBegin = authChal.index('"', cookieIdx)
cookieEnd = authChal.index('"', cookieBegin+1)
cookieFile = authChal[cookieBegin+1:cookieEnd]
f = open(cookieFile, 'r')
cookie = f.read().strip()
f.close()
localAuthHeader = ('Authorization',
'OWLocal nonce="%s", cookie="%s"' % \
(nonce, cookie))
continue
except:
localAuthHeader = None
continue
elif 'Local' in authChal:
try:
beg = authChal.index('"') + 1
end = authChal.rindex('"')
if end > beg:
file = authChal[beg:end]
fo = open(file, 'r')
cookie = fo.read().strip()
fo.close()
localAuthHeader = ('PegasusAuthorization',
'Local "%s:%s:%s"' % \
(locallogin, file, cookie))
continue
except ValueError:
pass
raise AuthError(response.reason)
if response.getheader('CIMError', None) is not None and \
response.getheader('PGErrorDetail', None) is not None:
import urllib
raise Error(
'CIMError: %s: %s' %
(response.getheader('CIMError'),
urllib.unquote(response.getheader('PGErrorDetail'))))
raise Error('HTTP error: %s' % response.reason)
except httplib.BadStatusLine, arg:
raise Error("The web server returned a bad status line: '%s'" % arg)
except socket.error, arg:
raise Error("Socket error: %s" % (arg,))
except socket.sslerror, arg:
raise Error("SSL error: %s" % (arg,))
break
return body
def get_object_header(obj):
"""Return the HTTP header required to make a CIM operation request
using the given object. Return None if the object does not need
to have a header."""
# Local namespacepath
if isinstance(obj, StringTypes):
return 'CIMObject: %s' % obj
# CIMLocalClassPath
if isinstance(obj, cim_obj.CIMClassName):
return 'CIMObject: %s:%s' % (obj.namespace, obj.classname)
# CIMInstanceName with namespace
if isinstance(obj, cim_obj.CIMInstanceName) and obj.namespace is not None:
return 'CIMObject: %s' % obj
raise TypeError('Don\'t know how to generate HTTP headers for %s' % obj)
|