连接 RPC 服务器的安全方法
这个问题与 我们如何处理 Python xmlrpclib 连接被拒绝?
当我尝试使用以下代码时,在 RPC 服务器关闭的情况下,_get_rpc() 返回 False,我可以开始了。但是,如果服务器正在运行,则会以未知的方式失败。它是否尝试在远程服务器上执行 .connect() ?当我需要使用 .connect() 来检测返回的代理是否有效时,如何解决这个问题(请参阅相关问题)?
import xmlrpclib
import socket
def _get_rpc():
try:
a = xmlrpclib.ServerProxy('http://dd:[email protected]:9001')
a.connect() # Try to connect to the server
return a.supervisor
except socket.error:
return False
if not _get_rpc():
print "Failed to connect"
问题是这样的:
ahiscox@lenovo:~/code/dd$ python xmlrpctest2.py
Failed to connect
ahiscox@lenovo:~/code/dd$ supervisord -c ~/.supervisor # start up RPC server
ahiscox@lenovo:~/code/dd$ python xmlrpctest2.py
Traceback (most recent call last):
File "xmlrpctest2.py", line 13, in <module>
if not _get_rpc():
File "xmlrpctest2.py", line 7, in _get_rpc
a.connect() # Try to connect to the server
File "/usr/lib/python2.6/xmlrpclib.py", line 1199, in __call__
return self.__send(self.__name, args)
File "/usr/lib/python2.6/xmlrpclib.py", line 1489, in __request
verbose=self.__verbose
File "/usr/lib/python2.6/xmlrpclib.py", line 1253, in request
return self._parse_response(h.getfile(), sock)
File "/usr/lib/python2.6/xmlrpclib.py", line 1392, in _parse_response
return u.close()
File "/usr/lib/python2.6/xmlrpclib.py", line 838, in close
raise Fault(**self._stack[0])
xmlrpclib.Fault: <Fault 1: 'UNKNOWN_METHOD'>
This question is related to How do we handle Python xmlrpclib Connection Refused?
When I try to use the following code, with my RPC server down, _get_rpc() returns False and I'm good to go. However if the server is running, it fails with unknown method. Is it trying to execute .connect() on the remote server? How can I get around this, when I needed to use .connect() to detect if the returned proxy worked (see related question)?
import xmlrpclib
import socket
def _get_rpc():
try:
a = xmlrpclib.ServerProxy('http://dd:[email protected]:9001')
a.connect() # Try to connect to the server
return a.supervisor
except socket.error:
return False
if not _get_rpc():
print "Failed to connect"
Here is the issue:
ahiscox@lenovo:~/code/dd$ python xmlrpctest2.py
Failed to connect
ahiscox@lenovo:~/code/dd$ supervisord -c ~/.supervisor # start up RPC server
ahiscox@lenovo:~/code/dd$ python xmlrpctest2.py
Traceback (most recent call last):
File "xmlrpctest2.py", line 13, in <module>
if not _get_rpc():
File "xmlrpctest2.py", line 7, in _get_rpc
a.connect() # Try to connect to the server
File "/usr/lib/python2.6/xmlrpclib.py", line 1199, in __call__
return self.__send(self.__name, args)
File "/usr/lib/python2.6/xmlrpclib.py", line 1489, in __request
verbose=self.__verbose
File "/usr/lib/python2.6/xmlrpclib.py", line 1253, in request
return self._parse_response(h.getfile(), sock)
File "/usr/lib/python2.6/xmlrpclib.py", line 1392, in _parse_response
return u.close()
File "/usr/lib/python2.6/xmlrpclib.py", line 838, in close
raise Fault(**self._stack[0])
xmlrpclib.Fault: <Fault 1: 'UNKNOWN_METHOD'>
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
好吧,我只是在研究它;我的旧方法很糟糕,因为
xmlrpclib.ServerProxy在调用方法时尝试连接到 XmlRPC 服务器,而不是之前!试试这个:
总结一下,我们有 3 种情况:
XmlRPC 服务器已启动,我们在其中定义了一个名为 _() 的方法:
(编辑:我确实选择了名称
_,因为它不太可能有使用此名称的方法,但这种情况仍然可能发生)在这种情况下,不会捕获异常并且代码将执行
返回 TrueXmlRPC 服务器已启动,并且其中我们没有任何方法调用
_():
这次
xmlrpclib.Fault将被引发,我们还将传递给return TrueXmlRPC 服务器已关闭:
现在将引发
socket.error异常,并且当我们调用
a._()时,我们应该返回 False我不知道是否有一种简单的方法可以做到这一点,在那之前我很乐意看到它,希望这次能解决这个问题:)
注意:当你执行
if a:时,Python 将再次搜索方法__nonzero__()来测试的布尔值>a这将失败。注意2:某些xmlrpc服务提供专门用于身份验证的rpc路径,在该路径中服务提供诸如login()之类的方法...,这种方法可以替换我们案例中的_()方法,因此只需调用login () 就足以知道服务是启动还是关闭 (socket.error),同时此 login() 方法会在服务启动时对用户进行身份验证。
Well i was just looking in to it ; my old method suck because
xmlrpclib.ServerProxytry to connect to the XmlRPC server when you call a method, not before !!!Try this instead :
To summarize this we have 3 cases :
XmlRPC server is up and in it we defined a method called _():
(EDIT : i did choose the name
_because it unlikely to have a method with this name, but this case still can happen)In this case no exception will be catch and the code will execute
the
return TrueXmlRPC server is up and in it we don't have any method methoded call
_():
This time
xmlrpclib.Faultwill be raised and we will also pass to thereturn TrueXmlRPC server is down:
Now the
socket.errorexception will be raised and thatwhen we call
a._()so we shouldreturn FalseI don't know if there is an easy way to do this and i will love to see it until then , hope this can fix thing this time :)
N.B: when you do
if a:python will again search for a method__nonzero__()to test the boolean value ofaand this will fail to.N.B 2: Some xmlrpc service offer a rpc path specialized to do an authentication , in this path the service offer methods like login() ... , this kinds of method can replace the _() method in our case, so just calling login(), will be enough to know if the service is up or down (socket.error), and in the same time this login() method authenticate the user if the service is up .