Method, device and system for logging in Unix-like virtual container
First Claim
Patent Images
1. A method for logging in a Unix-type virtual container, comprising:
- establishing a corresponding relationship between a Unix-type virtual container and a port on a host running the Unix-type virtual container;
establishing a pipe between the Unix-type virtual container and the host port based on the corresponding relationship, and establishing a first connection between the Unix-type virtual container and the host port based on the pipe; and
receiving a script command through the host port, and sending the script command to the Unix-type virtual container according to the first connection;
wherein after receiving the script command through the host port and before sending the script command to the Unix-type virtual container, the method further comprises;
partitioning the script command according to a preset marker and performing symbol extension to the partitioned script command to obtain a symbol-extended script command;
determining whether the symbol-extended script command is included in a preset script command whitelist; and
in response to determining that the symbol-extended script command is included in the preset script command whitelist, sending the symbol-extended script command to the Unix-type virtual container according to the first connection.
1 Assignment
0 Petitions
Accused Products
Abstract
Various embodiments of the present disclosure describe a method, apparatus and system for logging in a Unix-like virtual container. The method include establishing a corresponding relationship between a Unix-like virtual container and a port on a host running the Unix-like virtual container; establishing a transparent pipe between the Unix-like virtual container and the host port based on the corresponding relationship, establishing a first connection between the Unix-like virtual container and the host port based on the transparent pipe; receiving a script command through the host port, and sending the script command to the Unix-like virtual container according to the first connection. Employing embodiments of the present disclosure, the Unix-like virtual container can be logged in through the connection between the host port and the Unix-like virtual container, the information security of the Unix-like virtual container can be ensured, and the access efficiency can be improved through asynchronous access.
-
Citations
13 Claims
-
1. A method for logging in a Unix-type virtual container, comprising:
-
establishing a corresponding relationship between a Unix-type virtual container and a port on a host running the Unix-type virtual container; establishing a pipe between the Unix-type virtual container and the host port based on the corresponding relationship, and establishing a first connection between the Unix-type virtual container and the host port based on the pipe; and receiving a script command through the host port, and sending the script command to the Unix-type virtual container according to the first connection; wherein after receiving the script command through the host port and before sending the script command to the Unix-type virtual container, the method further comprises; partitioning the script command according to a preset marker and performing symbol extension to the partitioned script command to obtain a symbol-extended script command; determining whether the symbol-extended script command is included in a preset script command whitelist; and in response to determining that the symbol-extended script command is included in the preset script command whitelist, sending the symbol-extended script command to the Unix-type virtual container according to the first connection.
-
-
2. The method of claim 1, wherein the operation of receiving the script command through the host port comprises:
-
establishing a hypertext transfer protocol (HTTP) connection between the host port and a browser through a hypertext transfer protocol and receiving the script command through the HTTP connection; the method further comprising; preconfiguring a connection time threshold; determining whether the HTTP connection between the host port and the browser exceeds the connection time threshold; in response to determining that the HTTP connection between the host port and the browser exceeds the connection time threshold, disconnecting the HTTP connection; and in response to determining that the HTTP connection between the host port and the browser does not exceed the connection time threshold, keeping the HTTP connection.
-
-
3. The method of claim 1, further comprising:
-
establishing a first HTTP connection and a second HTTP connection between the host port and a browser through a hypertext transfer protocol; receiving, through the second HTTP connection, an operation terminating request sent from the browser, wherein an identifier (ID) of the first HTTP connection is carried in the request; and upon receiving the operation terminating request sent from the browser, finding the first HTTP connection according to the ID of the first HTTP connection carried in the request and sending an operation terminating script command to the Unix-type virtual container through the first connection between the Unix-type virtual container and the host port, so that the Unix-type virtual container executes the operation terminating script command and terminates operations associated with the first HTTP connection.
-
-
4. The method of claim 1, wherein the operation of receiving the script command through the host port comprises:
-
establishing an HTTP connection between the host port and a browser through a hypertext transfer protocol and receiving the script command through the HTTP connection; the method further comprising; determining whether the HTTP connection between the host port and the browser is disconnected; and in response to determining that the HTTP connection between the host port and the browser is disconnected, sending an operation terminating script command to the Unix-type virtual container through the first connection, so that the Unix-type virtual container executes the operation terminating script command and terminates operations associated with the HTTP connection.
-
-
5. The method of claim 1, further comprising:
-
generating a command display interface; capturing a user keyboard operating character associated with the script command received by the host port; and displaying the user keyboard operating character on the command display interface.
-
-
6. The method of claim 1, further comprising:
-
the Unix-type virtual container responding to the script command and returning a script command response to the host port in a manner of data chunking; and sending, by the host port, chunked data to an interface of a browser for synchronized displaying.
-
-
7. An apparatus for logging in a Unix-type virtual container, comprising:
-
at least one hardware processor and at least one memory, the at least one memory storing a plurality of modules comprising; a pipe establishing module, configured to establish a corresponding relationship between a Unix-type virtual container and a port on a host running the Unix-type virtual container, and establish a pipe between the Unix-type virtual container and the host port based on the corresponding relationship; a connection establishing module, configured to establish a first connection between the Unix-type virtual container and the host port based on the pipe; and a script command sending module, configured to receive a script command through the host port and send the script command to the Unix-type virtual container according to the first connection; a script command preprocessing module, configured to partition the script command according to a preset marker, perform symbol extension to the partitioned script command to obtain a symbol-extended script command, determine whether the symbol-extended script command is included in a preset script command whitelist, and in response to determining that the symbol-extended script command is included in the preset script command whitelist, enable the script command sending module to send the symbol-extended script command to the Unix-type virtual container according to the first connection.
-
-
8. The apparatus of claim 7, wherein the script command sending module is configured to establish a hypertext transfer protocol (HTTP) connection between the host port and a browser through a hypertext transfer protocol and receive the script command through the HTTP connection;
-
wherein the plurality of modules stored in the at least one memory further comprise; a connection time keeping module, configured to preconfigure a connection time threshold, determine whether the HTTP connection between the host port and the browser exceeds the connection time threshold, in response to determining that the HTTP connection exceeds the connection time threshold, disconnect the HTTP connection, and in response to determining that the HTTP connection does not exceed the connection time threshold, keep the HTTP connection.
-
-
9. The apparatus of claim 7, wherein the script command sending module is configured to establish a first HTTP connection and a second HTTP connection between a browser and the host port through a hypertext transfer protocol;
-
wherein the plurality of modules stored in the at least one memory further comprise; a connection disconnecting module, configured to receive, through the second HTTP connection, an operation terminating request sent from the browser, wherein an identifier (ID) of the first HTTP connection is carried in the request, and upon receiving the operation terminating request sent from the browser, find the first HTTP connection according to the ID of the first HTTP connection carried in the request and send an operation terminating script command to the Unix-type virtual container through the first connection between the Unix-type virtual container and the host port, so that the Unix-type virtual container executes the operation terminating script command and terminates operations associated with the first HTTP connection.
-
-
10. The apparatus of claim 7, wherein the script command sending module is configured to establish an HTTP connection between a browser and the host port through a hypertext transfer protocol and receive the script command through the HTTP connection;
-
wherein the plurality of modules stored in the at least one memory further comprise; an HTTP connection determining module, configured to determine whether the HTTP connection between the host port and the browser is disconnected, and in response to determining that the HTTP connection between the host port and the browser is disconnected, send an operation terminating script command to the Unix-type virtual container through the first connection, so that the Unix-type virtual container executes the operation terminating script command and terminates operations associated with the HTTP connection.
-
-
11. A system for logging in a Unix-type virtual container, comprising a Web browser, a Unix-type virtual container login apparatus, and a host;
- wherein the host runs a Unix-type virtual container and there is a hypertext transfer protocol (HTTP) connection between the Web browser and the Unix-type virtual container login apparatus;
wherein the Web browser is configured to receive a script command and send the script command to the Unix-type virtual container login apparatus through the HTTP connection; and the Unix-type virtual container login apparatus is configured to establish a corresponding relationship between the Unix-type virtual container and a port on the host, and establish a pipe between the Unix-type virtual container and the host port based on the corresponding relationship, establish a first connection between the Unix-type virtual container and the host port based on the pipe, receive the script command sent from the Web browser through the host port, and send the script command to the Unix-type virtual container according to the first connection; wherein the Unix-type virtual container login apparatus is further configured to partition the script command according to a preset marker, perform symbol extension to the partitioned script command to obtain a symbol-extended script command, determine whether the symbol-extended script command is included in a preset script command whitelist, and in response to determining that the symbol-extended script command is included in the preset script command whitelist, send the symbol-extended script command to the Unix-type virtual container according to the first connection.
- wherein the host runs a Unix-type virtual container and there is a hypertext transfer protocol (HTTP) connection between the Web browser and the Unix-type virtual container login apparatus;
-
12. The system of claim 11, wherein the Unix-type virtual container login apparatus is further configured to
generate a command display interface, capture a user keyboard operating character associated with the script command received by the host port, and display the user keyboard operating character on the command display interface.
-
13. The system of claim 11, wherein the Unix-type virtual container login apparatus is further configured to establish the first connection between the Unix-type virtual container and the host port through the pipe and based on a Secure Shell protocol (SSH) or a Secure Shell protocol 2 (SSH2).
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeTencent Technology Shenzhen Company Limited (Tencent Holdings Limited)
-
Original AssigneeTencent Technology Shenzhen Company Limited (Tencent Holdings Limited)
-
InventorsZhu, Baiwan, Zeng, Lifeng, Huang, Jie, Lu, Ke
-
Primary Examiner(s)Pollack, Melvin H
-
Application NumberUS14/428,755Publication NumberTime in Patent Office1,289 DaysField of Search709/228US Class Current1/1CPC Class CodesG06F 21/00 Security arrangements for p...G06F 21/53 by executing in a restricte...G06F 21/54 by adding security routines...G06F 2209/549 Remote executionG06F 2221/2101 Auditing as a secondary aspectG06F 9/00 Arrangements for program co...G06F 9/544 Buffers; Shared memory; PipesG06F 9/547 Remote procedure calls [RPC...H04L 67/02 based on web technology, e....H04L 67/141 Setup of application sessio...
