2 new commits in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/changeset/b612d9dcca9f/ changeset: b612d9dcca9f user: jmchilton date: 2012-08-10 00:25:35 summary: Implement a mechanism to secure access to lwr. If enabled on the server, a private token must be passed along with all interactions. This token may be specified as part of the job runner url as such: wintool = lwr://https://token@host:8913/ This token will not protect the client against a rouge server that has exploited say a DNS spoofing vulnerability. It is only meant as a mechanism for the lwr to ensure the client is authorized. This feature should be used in conjunction with SSL to prevent a "man-in-middle" from intercepting this token. affected #: 1 file diff -r 3b5db939aebe61addd6f0b8d0c14267cf16c4144 -r b612d9dcca9fd75f7dc9592cd64e385d3300e0bb lib/galaxy/jobs/runners/lwr.py --- a/lib/galaxy/jobs/runners/lwr.py +++ b/lib/galaxy/jobs/runners/lwr.py @@ -112,16 +112,30 @@ class Client(object): """ """ - def __init__(self, remote_host, job_id): + """ + """ + def __init__(self, remote_host, job_id, private_key=None): if not remote_host.endswith("/"): remote_host = remote_host + "/" + ## If we don't have an explicit private_key defined, check for + ## one embedded in the URL. A URL of the form + ## https://moo@cow:8913 will try to contact https://cow:8913 + ## with a private key of moo + private_key_format = "https?://(.*)@.*/?" + private_key_match= re.match(private_key_format, remote_host) + if not private_key and private_key_match: + private_key = private_key_match.group(1) + remote_host = remote_host.replace("%s@" % private_key, '', 1) self.remote_host = remote_host self.job_id = job_id + self.private_key = private_key def url_open(self, request, data): return urllib2.urlopen(request, data) def __build_url(self, command, args): + if self.private_key: + args["private_key"] = self.private_key data = urllib.urlencode(args) url = self.remote_host + command + "?" + data return url https://bitbucket.org/galaxy/galaxy-central/changeset/b24c67866f49/ changeset: b24c67866f49 user: natefoo date: 2012-08-10 20:35:44 summary: Merged in jmchilton/galaxy-central-lwr-enhancement-1 (pull request #57) affected #: 1 file diff -r 4b0d6a9ecef858e507df4fa04fd8d8c37d542958 -r b24c67866f4942fddf50be60aa66b39f34643a55 lib/galaxy/jobs/runners/lwr.py --- a/lib/galaxy/jobs/runners/lwr.py +++ b/lib/galaxy/jobs/runners/lwr.py @@ -112,16 +112,30 @@ class Client(object): """ """ - def __init__(self, remote_host, job_id): + """ + """ + def __init__(self, remote_host, job_id, private_key=None): if not remote_host.endswith("/"): remote_host = remote_host + "/" + ## If we don't have an explicit private_key defined, check for + ## one embedded in the URL. A URL of the form + ## https://moo@cow:8913 will try to contact https://cow:8913 + ## with a private key of moo + private_key_format = "https?://(.*)@.*/?" + private_key_match= re.match(private_key_format, remote_host) + if not private_key and private_key_match: + private_key = private_key_match.group(1) + remote_host = remote_host.replace("%s@" % private_key, '', 1) self.remote_host = remote_host self.job_id = job_id + self.private_key = private_key def url_open(self, request, data): return urllib2.urlopen(request, data) def __build_url(self, command, args): + if self.private_key: + args["private_key"] = self.private_key data = urllib.urlencode(args) url = self.remote_host + command + "?" + data return url Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.