From f330c2a2488b6c26973f0b0fb8da5115588b7f72 Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@dotcloud.com>
Date: Tue, 12 Feb 2013 08:37:12 -0800
Subject: [PATCH] Disabled remote access to dockerd. Preferred usage is over
 ssh.

---
 docker/docker.go   | 11 +++++------
 dockerd/dockerd.go |  6 +++++-
 rcli/tcp.go        | 15 ++++++++++-----
 3 files changed, 20 insertions(+), 12 deletions(-)

diff --git a/docker/docker.go b/docker/docker.go
index e919ec14c7..7f5b363902 100644
--- a/docker/docker.go
+++ b/docker/docker.go
@@ -8,7 +8,6 @@ import (
 	"os"
 	"syscall"
 	"unsafe"
-	"fmt"
 )
 
 
@@ -161,10 +160,6 @@ func Fatal(err error) {
 
 func main() {
 	var err error
-	if os.Getenv("DOCKER") == "" {
-		fmt.Printf("Can't connect. Please set environment variable DOCKER to ip:port, eg. 'localhost:4242'.\n")
-		os.Exit(1)
-	}
 	if IsTerminal(0) && os.Getenv("NORAW") == "" {
 		oldState, err = MakeRaw(0)
 		if err != nil {
@@ -172,7 +167,11 @@ func main() {
 		}
 		defer Restore(0, oldState)
 	}
-	conn, err := rcli.CallTCP(os.Getenv("DOCKER"), os.Args[1:]...)
+	// FIXME: we want to use unix sockets here, but net.UnixConn doesn't expose
+	// CloseWrite(), which we need to cleanly signal that stdin is closed without
+	// closing the connection.
+	// See http://code.google.com/p/go/issues/detail?id=3345
+	conn, err := rcli.Call("tcp", "127.0.0.1:4242", os.Args[1:]...)
 	if err != nil {
 		Fatal(err)
 	}
diff --git a/dockerd/dockerd.go b/dockerd/dockerd.go
index 6ed99b3c39..6a02b23231 100644
--- a/dockerd/dockerd.go
+++ b/dockerd/dockerd.go
@@ -740,7 +740,11 @@ func main() {
 			log.Fatal(err)
 		}
 	}()
-	if err := rcli.ListenAndServeTCP(":4242", d); err != nil {
+	// FIXME: we want to use unix sockets here, but net.UnixConn doesn't expose
+	// CloseWrite(), which we need to cleanly signal that stdin is closed without
+	// closing the connection.
+	// See http://code.google.com/p/go/issues/detail?id=3345
+	if err := rcli.ListenAndServe("tcp", "127.0.0.1:4242", d); err != nil {
 		log.Fatal(err)
 	}
 }
diff --git a/rcli/tcp.go b/rcli/tcp.go
index 0c1fa80f41..7aa228afc9 100644
--- a/rcli/tcp.go
+++ b/rcli/tcp.go
@@ -10,12 +10,15 @@ import (
 	"bufio"
 )
 
-func CallTCP(addr string, args ...string) (*net.TCPConn, error) {
+// Connect to a remote endpoint using protocol `proto` and address `addr`,
+// issue a single call, and return the result.
+// `proto` may be "tcp", "unix", etc. See the `net` package for available protocols.
+func Call(proto, addr string, args ...string) (*net.TCPConn, error) {
 	cmd, err := json.Marshal(args)
 	if err != nil {
 		return nil, err
 	}
-	conn, err := net.Dial("tcp", addr)
+	conn, err := net.Dial(proto, addr)
 	if err != nil {
 		return nil, err
 	}
@@ -25,12 +28,14 @@ func CallTCP(addr string, args ...string) (*net.TCPConn, error) {
 	return conn.(*net.TCPConn), nil
 }
 
-func ListenAndServeTCP(addr string, service Service) error {
-	listener, err := net.Listen("tcp", addr)
+// Listen on `addr`, using protocol `proto`, for incoming rcli calls,
+// and pass them to `service`.
+func ListenAndServe(proto, addr string, service Service) error {
+	listener, err := net.Listen(proto, addr)
 	if err != nil {
 		return err
 	}
-	log.Printf("Listening for RCLI/TCP on %s\n", addr)
+	log.Printf("Listening for RCLI/%s on %s\n", proto, addr)
 	defer listener.Close()
 	for {
 		if conn, err := listener.Accept(); err != nil {