[Twisted-Python] twistd and passphrase

[Mike Pelletier]

On Tuesday 05 September 2006 12:21, Lorenzo Allegrucci wrote:
> Hi,
>
> I'm using twistd to run my server as a daemon but I couldn't find a way
> to prompt the user for a passphrase (such passphrase is used by the
> server to read its SSL key).  I tried getpass() but it doesn't work
> because /dev/stdin is already redirected to /dev/null.  How can I ask
> for a passphrase using twistd?
> Thank you

Hi, Lorenzo.  I'm going to assume you are completely new to Twisted.  
Apologies if this is not so; just skip ahead 2-4 paragraphs.  Apologies also 
for my awkward writing.

Abstractly, the way to do this is to write a Protocol that uses a Transport to 
prompt the user and receive their response, and wire it all together with a 
Factory.  (Though in the case of stdio, the Factory is purely conceptual as 
explained below.)

A Protocol is responsible for the reading and writing of a connection, without 
concern for the exact nature of that connection.  A Transport is concerned 
with the nature of a connection without having to know anything about where 
the connection came from.  And a Factory is responsible for the creation of 
connections (either by originating or accepting them), creating the Transport 
object that will represent and manage that connection, and attaching a 
Protocol to the Transport.  Though I think that for your immediate purposes, 
you can ignore Factories, since when twisted starts up stdio is 
already "connected".

Less abstractly, what you need to do is instantiate 
twisted.internet.stdio.StandardIO, which is a Transport, passing the 
constructor an instance of your password-prompting Protocol.  In doing this, 
you are acting as the Factory by "accepting" the stdio connection, creating a 
Transport to deal with the connection, and associating the Transport with a 
Protocol.

As I said at the beginning, you will need to write the Protocol class 
yourself.  There is an example of a Protocol that uses the StandardIO 
Transport in twisted.test.process_twisted which you can use as a model.  I 
kinda think there already exists a Protocol that does what you need 
(including turning off character echoing, etc) but I cannot recall where I 
might have encountered it.  Perhaps someone else can help there.

If you want your server to be able to start up unattended (for instance, 
whenever the system is rebooted) you might want to consider using telnet or 
SSH rather than stdin for reading the password.  You should be able to re-use 
the same Protocol (except maybe for the part that turns off echoing).  You 
are never going to be able to read a password from stdin if twisted is 
starting up in daemon mode.  As you noticed, in daemon mode stdin has been 
closed before you have a chance to do anything with it.  You would instead 
have to start it in "foreground" mode, then read the password with your 
Protocol, and once the password has been validated ask twistd to switch to 
daemon mode.  (If indeed there even exists an interface for daemonizing after 
the fact; I've never looked.)  And of course, if you launch twistd in 
foreground mode from a boot script, the boot process will block until someone 
comes along and types the password, which is usually a Bad Thing.

Gosh, that was even an more awkward explanation than I'd expected.  I hope you 
manage to get something out of it.

Mike.