Providing an Administrative Python Shell

Example 10-1 demonstrated how to provide an interactive shell through SSH. That example implemented its own language with a small set of commands. But there's another kind of shell that you can run over SSH: the same interactive Python prompt you know and love from the command line.

10.3.1. How Do I Do That?

The twisted.conch.manhole and twisted.conch.manhole_ssh modules have classes designed to provide a remote interactive Python shell inside your running server. Create a manhole_ssh.TerminalRealm object and set its chainedProtocolFactory.protocolFactory attribute to a function that will return manhole.Manhole objects. Example 10-3 demonstrates a web server that can be modified on the fly using SSH and twisted.conch.manhole.

Example 10-3. manholeserver.py

from twisted.internet import reactor

from twisted.web import server, resource

from twisted.cred import portal, checkers

from twisted.conch import manhole, manhole_ssh



class LinksPage(resource.Resource):

 isLeaf = 1



 def _ _init_ _(self, links):

 resource.Resource._ _init_ _(self)

 self.links = links



 def render(self, request):

 return "

• " + "".join([ "
• <a href="%s">%s</a>
• " % (link, title) for title, link in self.links.items( )]) + "

" links = {'Twisted': 'http://twistedmatrix.com/', 'Python': 'http://python.org'} site = server.Site(LinksPage(links)) reactor.listenTCP(8000, site) def getManholeFactory(namespace, **passwords): realm = manhole_ssh.TerminalRealm( ) def getManhole(_): return manhole.Manhole(namespace) realm.chainedProtocolFactory.protocolFactory = getManhole p = portal.Portal(realm) p.registerChecker( checkers.InMemoryUsernamePasswordDatabaseDontUse(**passwords)) f = manhole_ssh.ConchFactory(p) return f reactor.listenTCP(2222, getManholeFactory(globals( ), admin='aaa')) reactor.run( )

manholeserver.py will start up a web server on port 8000 and an SSH server on port 2222. Figure 10-1 shows what the home page looks like when the server starts.

Figure 10-1. The default manholeserver.py web page

Now log in using SSH. You'll get a Python prompt, with full access to all the objects in the server. Try modifying the links dictionary:

 $ ssh admin@localhost -p 2222

 admin@localhost's password: aaa



 >>> dir( )

 ['LinksPage', '__builtins__', '__doc__', '__file__', '_ _name_ _', 'checkers',

 'getManholeFactory', 'links', 'manhole', 'manhole_ssh', 'portal', 'reactor',

 'resource', 'server', 'site']

 >>> links

 {'Python': 'http://python.org', 'Twisted': 'http://twistedmatrix.com/'}

 >>> links["Abe Fettig"] = "http://fettig.net"

 >>> links["O'Reilly"] = "http://oreilly.com"

 >>> links

 {'Python': 'http://python.org', "O'Reilly": 'http://oreilly.com', 'Twisted': 'http://

 twistedmatrix.com/', 'Abe Fettig': 'http://fettig.net'}

 >>>

Then refresh the home page of the web server. Figure 10-2 shows how your changes will be reflected on the web site.

Figure 10-2. The modified manholeserver.py web page

 

10.3.2. How Does That Work?

Example 10-3 defines a function called getManholeFactory that makes running a manhole SSH server trivially easy. getManholeFactory takes an argument called namespace, which is a dictionary defining which Python objects to make available, and then a number of keyword arguments representing usernames and passwords. It constructs a manhole_ssh.TerminalRealm and sets its chainedProtocolFactory.protocolFactory attribute to an anonymous function that returns manhole.Manhole objects for the requested namespace. It then sets up a portal using the realm and a dictionary of usernames and passwords, attaches the portal to a manhole_ssh.ConchFactory, and returns the factory.

Like its name implies, manhole provides a portal to something that is off-limits to the she is allowed in, she can do anything she wants. You can pass a dictionary of Python objects as namespace only for the sake of convenience (to limit the set of objects the user has to look through), not for security. Only administrative users should have permission to use the manhole server.

Example 10-3 creates a manhole factory using the built-in globals( ) function, which returns a dictionary of all the objects in the current global namespace. When you log in through SSH, you can see all the global objects in manholeserver.py, including the links dictionary. Because this dictionary is also being used to generate the home page of the web site, any changes you make through SSH are instantly reflected on the Web.

The manhole_ssh.ConchFactory class includes its own default public/private key pair. For your own projects you shouldn't rely on these built-in keys. Instead, generate your own and set the publicKeys and privateKeys attributes of the ConchFactory. See Example 10-1, earlier in this chapter, for an example of how to do this.