2 from twisted.internet import reactor, ssl, protocol
3 from OpenSSL import SSL
10 print """%s [-v] [-l [HOST:]PORT] {-a AUTHTOKEN|VMNAME}
11 -l, --listen [HOST:]PORT port (and optionally host) to listen on for
12 connections (default is 127.0.0.1 and a randomly
14 -a, --authtoken AUTHTOKEN Authentication token for connecting to the VNC server
15 VMNAME VM name to connect to (automatically fetches an
16 authentication token using remctl)
17 -v verbose status messages""" % (sys.argv[0])
19 class ClientContextFactory(ssl.ClientContextFactory):
21 def _verify(self, connection, x509, errnum, errdepth, ok):
22 print '_verify (ok=%d):' % ok
23 print ' subject:', x509.get_subject()
24 print ' issuer:', x509.get_issuer()
25 print ' errnum %s, errdepth %d' % (errnum, errdepth)
29 ctx = ssl.ClientContextFactory.getContext(self)
31 certFile = '/mit/xvm/vnc/servers.cert'
32 if verbose: print "Loading certificates from %s" % certFile
33 ctx.load_verify_locations(certFile)
34 ctx.set_verify(SSL.VERIFY_PEER|SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
39 class Proxy(protocol.Protocol):
42 def setPeer(self, peer):
45 def connectionLost(self, reason):
46 if self.peer is not None:
47 self.peer.transport.loseConnection()
50 def dataReceived(self, data):
51 self.peer.transport.write(data)
53 class ProxyClient(Proxy):
56 def connectionMade(self):
57 self.peer.setPeer(self)
58 data = "CONNECTVNC %s VNCProxy/1.0\r\nAuth-token: %s\r\n\r\n" % (self.factory.machine, self.factory.authtoken)
59 self.transport.write(data)
60 if verbose: print "ProxyClient: connection made"
61 def dataReceived(self, data):
63 if verbose: print 'ProxyClient: received data "%s"' % data
64 if data.startswith("VNCProxy/1.0 200 "):
67 self.peer.transport.write(data[data.find("\n")+1:])
68 self.peer.transport.resumeProducing() # Allow reading
70 print "Failed to connect: %s" % data
71 self.transport.loseConnection()
73 class ProxyClientFactory(protocol.ClientFactory):
74 protocol = ProxyClient
76 def __init__(self, authtoken, machine):
77 self.authtoken = authtoken
78 self.machine = machine
80 def setServer(self, server):
83 def buildProtocol(self, *args, **kw):
84 prot = protocol.ClientFactory.buildProtocol(self, *args, **kw)
85 prot.setPeer(self.server)
88 def clientConnectionFailed(self, connector, reason):
89 self.server.transport.loseConnection()
92 class ProxyServer(Proxy):
93 clientProtocolFactory = ProxyClientFactory
97 def connectionMade(self):
98 # Don't read anything from the connecting client until we have
99 # somewhere to send it to.
100 self.transport.pauseProducing()
102 if verbose: print "ProxyServer: connection made"
104 client = self.clientProtocolFactory(self.factory.authtoken, self.factory.machine)
105 client.setServer(self)
107 reactor.connectSSL(self.factory.host, self.factory.port, client, ClientContextFactory())
110 class ProxyFactory(protocol.Factory):
111 protocol = ProxyServer
113 def __init__(self, host, port, authtoken, machine):
116 self.authtoken = authtoken
117 self.machine = machine
122 opts, args = getopt.gnu_getopt(sys.argv[1:], "hl:a:v",
123 ["help", "listen=", "authtoken="])
124 except getopt.GetoptError, err:
125 print str(err) # will print something like "option -a not recognized"
128 listen = ["127.0.0.1", None]
133 elif o in ("-h", "--help"):
136 elif o in ("-l", "--listen"):
138 listen = a.split(":", 2)
141 elif o in ("-a", "--authtoken"):
144 assert False, "unhandled option"
146 # Get authentication token
147 if authtoken is None:
148 # User didn't give us an authentication token, so we need to get one
150 print "VMNAME not given or too many arguments"
153 from subprocess import PIPE, Popen
155 p = Popen(["remctl", "remote", "control", args[0], "vnctoken"],
158 if verbose: print "remctl not found in path. Trying remctl locker."
159 p = Popen(["athrun", "remctl", "remctl",
160 "remote", "control", args[0], "vnctoken"],
162 authtoken = p.communicate()[0]
163 if p.returncode != 0:
164 print "Unable to get authentication token"
166 if verbose: print 'Got authentication token "%s" for VM %s' % \
169 # Unpack authentication token
171 token_outer = base64.urlsafe_b64decode(authtoken)
172 token_outer = pickle.loads(token_outer)
173 token_inner = pickle.loads(token_outer["data"])
174 machine = token_inner["machine"]
175 connect_host = token_inner["connect_host"]
176 connect_port = token_inner["connect_port"]
177 token_expires = token_inner["expires"]
178 if verbose: print "Unpacked authentication token:\n%s" % \
181 print "Invalid authentication token"
184 if verbose: print "Will connect to %s:%s" % (connect_host, connect_port)
187 reactor.listenTCP(listen[1], ProxyFactory(connect_host, connect_port, authtoken, machine))
189 print "Ready to connect. Connect to %s:%s now with your VNC client. The password is 'moocow'." % (listen[0], listen[1])
193 if '__main__' == __name__: