Revision 3062d395 src/Ganeti/UDSServer.hs
| b/src/Ganeti/UDSServer.hs | ||
|---|---|---|
| 58 | 58 |
import Control.Applicative |
| 59 | 59 |
import Control.Concurrent (forkIO) |
| 60 | 60 |
import Control.Exception (catch) |
| 61 |
import Data.IORef
|
|
| 61 |
import Control.Monad
|
|
| 62 | 62 |
import qualified Data.ByteString as B |
| 63 | 63 |
import qualified Data.ByteString.Lazy as BL |
| 64 | 64 |
import qualified Data.ByteString.UTF8 as UTF8 |
| 65 | 65 |
import qualified Data.ByteString.Lazy.UTF8 as UTF8L |
| 66 |
import Data.IORef |
|
| 67 |
import Data.List |
|
| 66 | 68 |
import Data.Word (Word8) |
| 67 |
import Control.Monad |
|
| 68 | 69 |
import qualified Network.Socket as S |
| 69 | 70 |
import System.Directory (removeFile) |
| 70 | 71 |
import System.IO (hClose, hFlush, hWaitForInput, Handle, IOMode(..)) |
| ... | ... | |
| 81 | 82 |
import Ganeti.Runtime (GanetiDaemon(..), MiscGroup(..), GanetiGroup(..)) |
| 82 | 83 |
import Ganeti.THH |
| 83 | 84 |
import Ganeti.Utils |
| 84 |
|
|
| 85 |
import Ganeti.Constants (privateParametersBlacklist) |
|
| 85 | 86 |
|
| 86 | 87 |
-- * Utility functions |
| 87 | 88 |
|
| ... | ... | |
| 350 | 351 |
let (status, response) = prepareMsg call_result_json |
| 351 | 352 |
return (close, buildResponse status response) |
| 352 | 353 |
|
| 354 |
isRisky :: RecvResult -> Bool |
|
| 355 |
isRisky msg = case msg of |
|
| 356 |
RecvOk payload -> any (`isInfixOf` payload) privateParametersBlacklist |
|
| 357 |
_ -> False |
|
| 358 |
|
|
| 353 | 359 |
-- | Reads a request, passes it to a handler and sends a response back to the |
| 354 | 360 |
-- client. |
| 355 | 361 |
handleClient |
| ... | ... | |
| 359 | 365 |
-> IO Bool |
| 360 | 366 |
handleClient handler client = do |
| 361 | 367 |
msg <- recvMsgExt client |
| 368 |
|
|
| 369 |
debugMode <- isDebugMode |
|
| 370 |
when (debugMode && isRisky msg) $ |
|
| 371 |
logAlert "POSSIBLE LEAKING OF CONFIDENTIAL PARAMETERS. \ |
|
| 372 |
\Daemon is running in debug mode. \ |
|
| 373 |
\The text of the request has been logged." |
|
| 362 | 374 |
logDebug $ "Received message: " ++ show msg |
| 375 |
|
|
| 363 | 376 |
case msg of |
| 364 | 377 |
RecvConnClosed -> logDebug "Connection closed" >> |
| 365 | 378 |
return False |
| ... | ... | |
| 370 | 383 |
sendMsg client outMsg |
| 371 | 384 |
return close |
| 372 | 385 |
|
| 386 |
|
|
| 373 | 387 |
-- | Main client loop: runs one loop of 'handleClient', and if that |
| 374 | 388 |
-- doesn't report a finished (closed) connection, restarts itself. |
| 375 | 389 |
clientLoop |
Also available in: Unified diff