• Leigh Stoller's avatar
    Guts of the new ssl server implemented. The server operates more or less · 5a025f36
    Leigh Stoller authored
    like this:
    
    * Listen for connections on port 3069. The server requires client
      authentication, and will fail if a certificate is not provided by
      the client.
    
    * Once the certificate is accepted, the server forks a new child.
    
    * The child looks inside the certificate to get the CN field of the
      Distinguished Name (subject). The CN field must hold the uid of the
      user, which is checked against the DB for a matching user. We get
      the groupslist from the DB, and do a setgid,setgroups,setuid to flip
      to the user in the child.
    
    * A instance of the emulabserver class is created, and the request is
      dispatched.
    
    I added an sslxmlrpc_client.py script that mirrors the ssh version of
    the client script. I could probably roll these into one, but decided
    not to to avoid confusing people who might download it.
    5a025f36
sslxmlrpc_server.py.in 7.25 KB