summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
39e55d1)
of hard-coding
svn path=/trunk/packages/invirt-vnc-server/; revision=1388
invirt-vnc-server (0.0.1) unstable; urgency=low
* sipb-xen-vnc-server -> invirt-vnc-server
invirt-vnc-server (0.0.1) unstable; urgency=low
* sipb-xen-vnc-server -> invirt-vnc-server
+ * Generate the VNC token key at install-time instead of hard-coding
- -- Evan Broder <broder@mit.edu> Tue, 28 Oct 2008 15:18:42 -0400
+ -- Evan Broder <broder@mit.edu> Tue, 28 Oct 2008 19:44:04 -0400
sipb-xen-vnc-server (1.2) unstable; urgency=low
sipb-xen-vnc-server (1.2) unstable; urgency=low
if [ -z "$2" ]; then
echo "Please be sure to copy vncproxy.crt and vncproxykey.pem into /usr/share/invirt-vnc-server/"
fi
if [ -z "$2" ]; then
echo "Please be sure to copy vncproxy.crt and vncproxykey.pem into /usr/share/invirt-vnc-server/"
fi
+ mkdir -p /etc/invirt/secrets
+ if ! [ -e /etc/invirt/secrets/vnc-key ]; then
+ openssl rand -base64 33 >/etc/invirt/secrets/vnc-key
+ fi
;;
abort-upgrade|abort-remove|abort-deconfigure)
;;
abort-upgrade|abort-remove|abort-deconfigure)
import base64
import socket
import time
import base64
import socket
import time
-TOKEN_KEY = "0M6W0U1IXexThi5idy8mnkqPKEq1LtEnlK/pZSn0cDrN"
+def getTokenKey():
+ token_key = file('/etc/invirt/secrets/vnc-key').read().strip()
+ while True:
+ yield token_key
+getTokenKey = getTokenKey().next
def getPort(name, auth_data):
def getPort(name, auth_data):
if (auth_data["machine"] == name):
port = get_port.findPort(name)
if port is None:
if (auth_data["machine"] == name):
port = get_port.findPort(name)
if port is None:
self.otherConn=None
def validateToken(self, token):
self.otherConn=None
def validateToken(self, token):
self.auth_error = "Invalid token"
try:
token = base64.urlsafe_b64decode(token)
token = cPickle.loads(token)
self.auth_error = "Invalid token"
try:
token = base64.urlsafe_b64decode(token)
token = cPickle.loads(token)
- m = hmac.new(TOKEN_KEY, digestmod=sha)
+ m = hmac.new(getTokenKey(), digestmod=sha)
m.update(token['data'])
if (m.digest() == token['digest']):
data = cPickle.loads(token['data'])
m.update(token['data'])
if (m.digest() == token['digest']):
data = cPickle.loads(token['data'])