add support for Rserve object capability mode

[dckc]

I could really use this in my project; I'm struggling to figure out how to add it. Maybe with a little help, I could contribute it?

In rserve news:

Additions in version 1.7

... Another major change is the new, optional object capability mode in which all commands are disabled except for CMD_OCcall. In this mode the server does not send an ID string, but instead sends a regular QAP1 message with CMD_OCinit. This message is guaranteed to have at least 16 bytes of payload so it will satisfy the read for an ID string. The command has been chosen to correspond to "RsOC" (in little-endian) as to identify this mode. The payload is DT_SEXP which holds all initial capabilities that can be used in CMD_OCcall. Each CMD_OCcall is DT_SEXP encoding a call (i.e., LANGSXP) with an OCref object in place of the closure. Rserve will de-reference it before calling eval. The main purpose of this mode is to create a basis for a secure interface where arbitrary evaluation is not possible. Only code exposed by capabilities can be executed.

see also Move rcloud to Rserve object capabilities #73

[ralhei]

Hi Dan,
  I fear that I'm co-struggling with you ;-) Simon's explanation on
  his website about Rserve is always very sparse ... it usually
  requires me to either bug him with a lot of mail trying to get
  some understanding, or/and to read (reverse engineer) the code of
  his C of Java client to see how he actually has implemented it.
  Sorry for not providing more insight than that.
  Btw. your project looks quite interesting, haven't heard of it so
  far. I will definitely have a look at it.
  Ralph
  On 01.08.14 23:21, Dan Connolly wrote:

  I could really use this in my project; I'm struggling to figure
    out how to add it. Maybe with a little help, I could contribute
    it?
  In rserve news:

    Additions in version 1.7
    ... Another major change is the new, optional object
      capability mode in which all commands are disabled except for
      CMD_OCcall. In this mode the server does not send an ID
      string, but instead sends a regular QAP1 message with
      CMD_OCinit. This message is guaranteed to have at least 16
      bytes of payload so it will satisfy the read for an ID string.
      The command has been chosen to correspond to "RsOC" (in
      little-endian) as to identify this mode. The payload is
      DT_SEXP which holds all initial capabilities that can be used
      in CMD_OCcall. Each CMD_OCcall is DT_SEXP encoding a call
      (i.e., LANGSXP) with an OCref object in place of the closure.
      Rserve will de-reference it before calling eval. The main
      purpose of this mode is to create a basis for a secure
      interface where arbitrary evaluation is not possible. Only
      code exposed by capabilities can be executed. 

  see also Move rcloud to
      Rserve object capabilities #73
  —
    Reply to this email directly or view it on
      GitHub.

[dckc]

I pored over the Rserve C code and figured out what's going on, writing a client in rust to validate my understanding. Here's hoping I remember to share that code; it's at home and I'm at work just now. I started thinking about how it would work in python... I might have even written some code...

And then I realized I don't need to mix python and R at all in my project. I'm separating the python and R parts. Much simpler.

So I'll try to share what progress I made, but I'm not likely to pursue this further.

[ralhei]

OK, thanks for your notice. This feature is not really high up on my list, but it would be nice to get the details from you once to have time to compile them.

[dckc]

I finally got around to sharing my client in rust where I worked out the RsOC protocol: https://github.com/dckc/rust-rserve

I just now updated it to modern rust.