From dd2a047ced8e4e411fc008b2416bcda8741a256d 2008-09-03 23:31:20 From: Brian Granger Date: 2008-09-03 23:31:20 Subject: [PATCH] All security related files (*.furl and *.pem) are now put in a default locations of ~/.ipython/security. This directory is created with 0700 permissions. To support this, a function get_security_dir has been added to genutils. This needs to be tested on Win32 still. --- diff --git a/IPython/config/api.py b/IPython/config/api.py index f58d004..d394098 100644 --- a/IPython/config/api.py +++ b/IPython/config/api.py @@ -16,6 +16,8 @@ __docformat__ = "restructuredtext en" #------------------------------------------------------------------------------- import os +from os.path import join as pjoin + from IPython.genutils import get_home_dir, get_ipython_dir from IPython.external.configobj import ConfigObj @@ -53,7 +55,7 @@ class ConfigObjManager(object): def write_default_config_file(self): ipdir = get_ipython_dir() - fname = ipdir + '/' + self.filename + fname = pjoin(ipdir, self.filename) if not os.path.isfile(fname): print "Writing the configuration file to: " + fname self.write_config_obj_to_file(fname) @@ -87,11 +89,11 @@ class ConfigObjManager(object): # In ipythondir if it is set if ipythondir is not None: - trythis = ipythondir + '/' + filename + trythis = pjoin(ipythondir, filename) if os.path.isfile(trythis): return trythis - trythis = get_ipython_dir() + '/' + filename + trythis = pjoin(get_ipython_dir(), filename) if os.path.isfile(trythis): return trythis diff --git a/IPython/genutils.py b/IPython/genutils.py index b3e43b9..38f93ef 100644 --- a/IPython/genutils.py +++ b/IPython/genutils.py @@ -995,6 +995,22 @@ def get_ipython_dir(): os.path.join(home_dir,ipdir_def))) return ipdir +def get_security_dir(): + """Get the IPython security directory. + + This directory is the default location for all security related files, + including SSL/TLS certificates and FURL files. + + If the directory does not exist, it is created with 0700 permissions. + If it exists, permissions are set to 0700. + """ + security_dir = os.path.join(get_ipython_dir(), 'security') + if not os.path.isdir(security_dir): + os.mkdir(security_dir, 0700) + else: + os.chmod(security_dir, 0700) + return security_dir + #**************************************************************************** # strings and text diff --git a/IPython/kernel/config/__init__.py b/IPython/kernel/config/__init__.py index 25c0421..e24c5c9 100644 --- a/IPython/kernel/config/__init__.py +++ b/IPython/kernel/config/__init__.py @@ -15,17 +15,15 @@ __docformat__ = "restructuredtext en" # Imports #------------------------------------------------------------------------------- +from os.path import join as pjoin + from IPython.external.configobj import ConfigObj from IPython.config.api import ConfigObjManager -from IPython.genutils import get_ipython_dir +from IPython.genutils import get_ipython_dir, get_security_dir default_kernel_config = ConfigObj() -try: - ipython_dir = get_ipython_dir() + '/' -except: - # This will defaults to the cwd - ipython_dir = '' +security_dir = get_security_dir() #------------------------------------------------------------------------------- # Engine Configuration @@ -33,7 +31,7 @@ except: engine_config = dict( logfile = '', # Empty means log to stdout - furl_file = ipython_dir + 'ipcontroller-engine.furl' + furl_file = pjoin(security_dir, 'ipcontroller-engine.furl') ) #------------------------------------------------------------------------------- @@ -69,10 +67,10 @@ controller_config = dict( port = 0, # 0 means pick a port for me location = '', # Empty string means try to set automatically secure = True, - cert_file = ipython_dir + 'ipcontroller-engine.pem', + cert_file = pjoin(security_dir, 'ipcontroller-engine.pem'), ), engine_fc_interface = 'IPython.kernel.enginefc.IFCControllerBase', - engine_furl_file = ipython_dir + 'ipcontroller-engine.furl', + engine_furl_file = pjoin(security_dir, 'ipcontroller-engine.furl'), controller_interfaces = dict( # multiengine = dict( @@ -83,12 +81,12 @@ controller_config = dict( task = dict( controller_interface = 'IPython.kernel.task.ITaskController', fc_interface = 'IPython.kernel.taskfc.IFCTaskController', - furl_file = ipython_dir + 'ipcontroller-tc.furl' + furl_file = pjoin(security_dir, 'ipcontroller-tc.furl') ), multiengine = dict( controller_interface = 'IPython.kernel.multiengine.IMultiEngine', fc_interface = 'IPython.kernel.multienginefc.IFCSynchronousMultiEngine', - furl_file = ipython_dir + 'ipcontroller-mec.furl' + furl_file = pjoin(security_dir, 'ipcontroller-mec.furl') ) ), @@ -97,7 +95,7 @@ controller_config = dict( port = 0, # 0 means pick a port for me location = '', # Empty string means try to set automatically secure = True, - cert_file = ipython_dir + 'ipcontroller-client.pem' + cert_file = pjoin(security_dir, 'ipcontroller-client.pem') ) ) @@ -108,10 +106,10 @@ controller_config = dict( client_config = dict( client_interfaces = dict( task = dict( - furl_file = ipython_dir + 'ipcontroller-tc.furl' + furl_file = pjoin(security_dir, 'ipcontroller-tc.furl') ), multiengine = dict( - furl_file = ipython_dir + 'ipcontroller-mec.furl' + furl_file = pjoin(security_dir, 'ipcontroller-mec.furl') ) ) ) diff --git a/IPython/kernel/scripts/ipengine.py b/IPython/kernel/scripts/ipengine.py index ca5bcba..97fd2ca 100644 --- a/IPython/kernel/scripts/ipengine.py +++ b/IPython/kernel/scripts/ipengine.py @@ -105,6 +105,7 @@ def start_engine(): # register_engine to tell the controller we are ready to do work engine_connector = EngineConnector(tub_service) furl_file = kernel_config['engine']['furl_file'] + log.msg("Using furl file: %s" % furl_file) d = engine_connector.connect_to_controller(engine_service, furl_file) d.addErrback(lambda _: reactor.stop())