X-Git-Url: http://xvm.mit.edu/gitweb/invirt/packages/invirt-vnc-server.git/blobdiff_plain/9947f1d2c7f3b243de5a53ebbd8980d791d68bf1..fac04d72c91d25313badd8da044c784670eed1ad:/python/vnc/extauth.py diff --git a/python/vnc/extauth.py b/python/vnc/extauth.py index 30e89e1..c986771 100644 --- a/python/vnc/extauth.py +++ b/python/vnc/extauth.py @@ -1,5 +1,5 @@ """ -Wrapper for sipb-xen VNC proxying +Wrapper for Invirt VNC proxying """ # twisted imports @@ -18,11 +18,12 @@ import hmac import base64 import socket import time -import get_port -TOKEN_KEY = "0M6W0U1IXexThi5idy8mnkqPKEq1LtEnlK/pZSn0cDrN" +def getTokenKey(): + return file('/etc/invirt/vnc/token-key').read().strip() def getPort(name, auth_data): + import get_port if (auth_data["machine"] == name): port = get_port.findPort(name) if port is None: @@ -62,14 +63,12 @@ class VNCAuth(protocol.Protocol): self.otherConn=None def validateToken(self, token): - global TOKEN_KEY self.auth_error = "Invalid token" try: - token = base64.urlsafe_b64decode(token) - token = cPickle.loads(token) - m = hmac.new(TOKEN_KEY, digestmod=sha) - m.update(token['data']) - if (m.digest() == token['digest']): + (pickled_data, digest) = map(base64.urlsafe_b64decode, token.split(".")) + m = hmac.new(getTokenKey(), digestmod=sha) + m.update(pickled_data) + if (m.digest() == digest): data = cPickle.loads(token['data']) expires = data["expires"] if (time.time() < expires): @@ -79,7 +78,7 @@ class VNCAuth(protocol.Protocol): self.auth_data = data else: self.auth_error = "Token has expired; please try logging in again" - except (TypeError, cPickle.UnpicklingError): + except (TypeError, ValueError, cPickle.UnpicklingError): self.auth = None print sys.exc_info()