/usr/lib/python2.7/dist-packages/carbon/manhole.py is in graphite-carbon 1.0.2-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 | from twisted.cred import portal, checkers
from twisted.conch.ssh import keys
from twisted.conch.checkers import SSHPublicKeyDatabase
from twisted.conch.manhole import Manhole
from twisted.conch.manhole_ssh import TerminalRealm, ConchFactory
from twisted.internet import reactor
from twisted.application.internet import TCPServer
from carbon.protocols import CarbonServerProtocol
from carbon.conf import settings
namespace = {}
class PublicKeyChecker(SSHPublicKeyDatabase):
def __init__(self, userKeys):
self.userKeys = {}
for username, keyData in userKeys.items():
self.userKeys[username] = keys.Key.fromString(data=keyData).blob()
def checkKey(self, credentials):
if credentials.username in self.userKeys:
keyBlob = self.userKeys[credentials.username]
return keyBlob == credentials.blob
def createManholeListener():
sshRealm = TerminalRealm()
sshRealm.chainedProtocolFactory.protocolFactory = lambda _: Manhole(namespace)
if settings.MANHOLE_PUBLIC_KEY == 'None':
credChecker = checkers.InMemoryUsernamePasswordDatabaseDontUse()
credChecker.addUser(settings.MANHOLE_USER, '')
else:
userKeys = {
settings.MANHOLE_USER: settings.MANHOLE_PUBLIC_KEY,
}
credChecker = PublicKeyChecker(userKeys)
sshPortal = portal.Portal(sshRealm)
sshPortal.registerChecker(credChecker)
sessionFactory = ConchFactory(sshPortal)
return sessionFactory
def start():
sessionFactory = createManholeListener()
reactor.listenTCP(settings.MANHOLE_PORT, sessionFactory, interface=settings.MANHOLE_INTERFACE)
class ManholeProtocol(CarbonServerProtocol):
plugin_name = "manhole"
@classmethod
def build(cls, root_service):
if not settings.ENABLE_MANHOLE:
return
factory = createManholeListener()
service = TCPServer(
settings.MANHOLE_PORT,
factory,
interface=settings.MANHOLE_INTERFACE)
service.setServiceParent(root_service)
|