[Twisted-Python] twistd and passphrase
Jean-Paul Calderone
exarkun at divmod.com
Thu Sep 7 17:40:02 EDT 2006
On Thu, 07 Sep 2006 22:39:05 +0200, Lorenzo Allegrucci <l.allegrucci at gmail.com> wrote:
>On Tue, 2006-09-05 at 13:18 -0400, Mike Pelletier wrote:
>> On Tuesday 05 September 2006 12:21, Lorenzo Allegrucci wrote:
>> > Hi,
>> >
>> > I'm using twistd to run my server as a daemon but I couldn't find a way
>> > to prompt the user for a passphrase (such passphrase is used by the
>> > server to read its SSL key). I tried getpass() but it doesn't work
>> > because /dev/stdin is already redirected to /dev/null. How can I ask
>> > for a passphrase using twistd?
>> > Thank you
>>
>> Hi, Lorenzo. I'm going to assume you are completely new to Twisted.
>
>Yes, I'm new to Twisted and I'm using it for a project of my degree
>thesis :)
>Your explanations have been very helpful and gave me some ideas, in the
>meantime I post my actual code. (non important parts taken away)
>
>---myserver.py---
>class SCF(ssl.ContextFactory):
> """Server context factory."""
> def __init__(self, passphraseCB, cacert, cert, key):
> self.passphraseCB = passphraseCB
> self.cacert = cacert
> self.cert = cert
> self.key = key
>
> def verify(self, conn, cert, errnum, depth, ok):
> """Check the certificate of an incoming connection."""
> # snip...
> return ok
>
> def getContext(self):
> """Return an SSL context."""
> context = SSL.Context(SSL.TLSv1_METHOD)
> context.set_passwd_cb(self.passphraseCB)
> # snip...
> return context
>
>class MyService(internet.SSLServer):
> def __init__(self):
> root = XMLRPCServer()
>
> key = config.getOption("SSL", "key")
> cert = config.getOption("SSL", "cert")
> cacert = config.getOption("SSL", "cacert")
> port = config.getOption("daemon", "port")
> host = config.getOption("daemon", "host")
>
> context = SCF(self.getPassphraseCB, cacert, cert, key)
> internet.SSLServer.__init__(self, port, server.Site(root),
>context,
> interface=host)
>
> def getPassphraseCB(self, repeat=False, *data):
> return "secret"
def getPassphraseCB(self, repeat=False, *data):
return passphrase
import getpass
passphrase = getpass.getpass()
>
>application = service.Application("MyApp")
>myService = MyService()
>myService.setServiceParent(application)
>---myserver.py--
>
>
>To start my daemon I use 'twistd -y myserver.py' and everything works
>fine except for the fact that I have to "hardwire" the passphrase in
>'getPassphraseCB'.
>Of course this in not what I want and I would like to rewrite
>getPassphraseCB as:
>
> def getPassphraseCB(self, repeat=False, *data):
> return self.passphrase
>
>where self.passphrase should be set (somehow) _before_ twistd makes my
>application a daemon, but I couldn't find a way to do it yet.
>
>> You are never going to be able to read a password from stdin if twisted is
>> starting up in daemon mode. As you noticed, in daemon mode stdin has been
>> closed before you have a chance to do anything with it. You would instead
>> have to start it in "foreground" mode, then read the password with your
>> Protocol, and once the password has been validated ask twistd to switch to
>> daemon mode.
>
>Exactly.
>
>> (If indeed there even exists an interface for daemonizing after
>> the fact; I've never looked.)
>
>Looking at the twistd.py source I would say no..
>
Jean-Paul
More information about the Twisted-Python
mailing list