projects / invirt/packages/invirt-vnc-server.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Another silly error.
[invirt/packages/invirt-vnc-server.git] / python / vnc / extauth.py
diff --git a/python/vnc/extauth.py b/python/vnc/extauth.py
index e6d07fe..be19570 100644 (file)
--- a/python/vnc/extauth.py
+++ b/python/vnc/extauth.py
@@ -18,11 +18,12 @@ import hmac
 import base64
 import socket
 import time
 import base64
 import socket
 import time
-import get_port
 
 
-TOKEN_KEY = "0M6W0U1IXexThi5idy8mnkqPKEq1LtEnlK/pZSn0cDrN"
+def getTokenKey():
+    return file('/etc/invirt/vnc/token-key').read().strip()
 
 def getPort(name, auth_data):
 
 def getPort(name, auth_data):
+    import get_port
     if (auth_data["machine"] == name):
         port = get_port.findPort(name)
         if port is None:
     if (auth_data["machine"] == name):
         port = get_port.findPort(name)
         if port is None:
@@ -62,15 +63,13 @@ class VNCAuth(protocol.Protocol):
         self.otherConn=None
 
     def validateToken(self, token):
         self.otherConn=None
 
     def validateToken(self, token):
-        global TOKEN_KEY
         self.auth_error = "Invalid token"
         try:
         self.auth_error = "Invalid token"
         try:
-            token = base64.urlsafe_b64decode(token)
-            token = cPickle.loads(token)
-            m = hmac.new(TOKEN_KEY, digestmod=sha)
-            m.update(token['data'])
-            if (m.digest() == token['digest']):
-                data = cPickle.loads(token['data'])
+            (pickled_data, digest) = map(base64.urlsafe_b64decode, token.split("."))
+            m = hmac.new(getTokenKey(), digestmod=sha)
+            m.update(pickled_data)
+            if (m.digest() == digest):
+                data = cPickle.loads(pickled_data)
                 expires = data["expires"]
                 if (time.time() < expires):
                     self.auth = data["user"]
                 expires = data["expires"]
                 if (time.time() < expires):
                     self.auth = data["user"]
@@ -79,7 +78,7 @@ class VNCAuth(protocol.Protocol):
                     self.auth_data = data
                 else:
                     self.auth_error = "Token has expired; please try logging in again"
                     self.auth_data = data
                 else:
                     self.auth_error = "Token has expired; please try logging in again"
-        except (TypeError, cPickle.UnpicklingError):
+        except (TypeError, ValueError, cPickle.UnpicklingError):
             self.auth = None            
             print sys.exc_info()
 
             self.auth = None            
             print sys.exc_info()
 
Unnamed repository; edit this file 'description' to name the repository.