X-Git-Url: http://xvm.mit.edu/gitweb/invirt/packages/invirt-vnc-server.git/blobdiff_plain/9b53a3b4c06b33ff8e0055ffdfb7059d3f79ba54..f2c5a3fea1e12d20bc2ebe2393a3a3bf84ba06bf:/python/vnc/extauth.py

diff --git a/python/vnc/extauth.py b/python/vnc/extauth.py
index b7351a3..12176ca 100644
--- a/python/vnc/extauth.py
+++ b/python/vnc/extauth.py
@@ -20,10 +20,7 @@ import socket
 import time
 
 def getTokenKey():
-    token_key = file('/etc/invirt/secrets/vnc-key').read().strip()
-    while True:
-        yield token_key
-getTokenKey = getTokenKey().next
+    return file('/etc/invirt/vnc/token-key').read().strip()
 
 def getPort(name, auth_data):
     import get_port
@@ -68,11 +65,10 @@ class VNCAuth(protocol.Protocol):
     def validateToken(self, token):
         self.auth_error = "Invalid token"
         try:
-            token = base64.urlsafe_b64decode(token)
-            token = cPickle.loads(token)
+            (pickled_data, digest) = map(base64.urlsafe_b64decode, token.split("."))
             m = hmac.new(getTokenKey(), digestmod=sha)
-            m.update(token['data'])
-            if (m.digest() == token['digest']):
+            m.update(pickled_data)
+            if (m.digest() == digest):
                 data = cPickle.loads(token['data'])
                 expires = data["expires"]
                 if (time.time() < expires):
@@ -82,7 +78,7 @@ class VNCAuth(protocol.Protocol):
                     self.auth_data = data
                 else:
                     self.auth_error = "Token has expired; please try logging in again"
-        except (TypeError, cPickle.UnpicklingError):
+        except (TypeError, ValueError, cPickle.UnpickleError):
             self.auth = None            
             print sys.exc_info()