"""
-Wrapper for sipb-xen VNC proxying
+Wrapper for Invirt VNC proxying
"""
# twisted imports
import base64
import socket
import time
-import get_port
-TOKEN_KEY = "0M6W0U1IXexThi5idy8mnkqPKEq1LtEnlK/pZSn0cDrN"
+def getTokenKey():
+ return file('/etc/invirt/vnc/token-key').read().strip()
def getPort(name, auth_data):
+ import get_port
if (auth_data["machine"] == name):
port = get_port.findPort(name)
if port is None:
self.otherConn=None
def validateToken(self, token):
- global TOKEN_KEY
self.auth_error = "Invalid token"
try:
- token = base64.urlsafe_b64decode(token)
- token = cPickle.loads(token)
- m = hmac.new(TOKEN_KEY, digestmod=sha)
- m.update(token['data'])
- if (m.digest() == token['digest']):
+ (pickled_data, digest) = map(base64.urlsafe_b64decode, token.split("."))
+ m = hmac.new(getTokenKey(), digestmod=sha)
+ m.update(pickled_data)
+ if (m.digest() == digest):
data = cPickle.loads(token['data'])
expires = data["expires"]
if (time.time() < expires):
self.auth_data = data
else:
self.auth_error = "Token has expired; please try logging in again"
- except (TypeError, cPickle.UnpicklingError):
+ except (TypeError, ValueError, cPickle.UnpicklingError):
self.auth = None
print sys.exc_info()