Index: trunk/packages/sipb-xen-vnc-server/code/get_port.py =================================================================== --- trunk/packages/sipb-xen-vnc-server/code/get_port.py (revision 1384) +++ (revision ) @@ -1,25 +1,0 @@ -#!/usr/bin/python -import sys -import glob -sys.path.append('/usr/lib/xen-default/lib/python/') -import xen.xm -import xen.xm.XenAPI -import xen.xend.XendClient -import time -import xmlrpclib - -prefix = "d_" -server = xen.xm.XenAPI.Session(xen.xend.XendClient.uri) - -def findPort(name): - try: - state = server.xend.domain(prefix + name, True) - for (key,value) in state[1:]: - if key == 'device' and value[0] == 'vfb': - location=dict(value[1:]).get('location') - return location - except xmlrpclib.Fault: - return None - -if __name__ == '__main__': - print findPort(sys.argv[1]) Index: trunk/packages/sipb-xen-vnc-server/code/vncexternalauth.py =================================================================== --- trunk/packages/sipb-xen-vnc-server/code/vncexternalauth.py (revision 1384) +++ (revision ) @@ -1,206 +1,0 @@ -""" -Wrapper for sipb-xen VNC proxying -""" - -# twisted imports -from twisted.internet import reactor, protocol, defer -from twisted.python import log - -# python imports -import sys -import struct -import string -import cPickle -# Python 2.5: -#import hashlib -import sha -import hmac -import base64 -import socket -import time -import get_port - -TOKEN_KEY = "0M6W0U1IXexThi5idy8mnkqPKEq1LtEnlK/pZSn0cDrN" - -def getPort(name, auth_data): - if (auth_data["machine"] == name): - port = get_port.findPort(name) - if port is None: - return 0 - return int(port.split(':')[1]) - else: - return None - -class VNCAuthOutgoing(protocol.Protocol): - - def __init__(self,socks): - self.socks=socks - - def connectionMade(self): - peer = self.transport.getPeer() - self.socks.makeReply(200) - self.socks.otherConn=self - - def connectionLost(self, reason): - self.socks.transport.loseConnection() - - def dataReceived(self,data): - self.socks.write(data) - - def write(self,data): - self.transport.write(data) - - -class VNCAuth(protocol.Protocol): - - def __init__(self,server="localhost"): - self.server=server - self.auth=None - - def connectionMade(self): - self.buf="" - self.otherConn=None - - def validateToken(self, token): - global TOKEN_KEY - self.auth_error = "Invalid token" - try: - token = base64.urlsafe_b64decode(token) - token = cPickle.loads(token) - m = hmac.new(TOKEN_KEY, digestmod=sha) - m.update(token['data']) - if (m.digest() == token['digest']): - data = cPickle.loads(token['data']) - expires = data["expires"] - if (time.time() < expires): - self.auth = data["user"] - self.auth_error = None - self.auth_machine = data["machine"] - self.auth_data = data - else: - self.auth_error = "Token has expired; please try logging in again" - except (TypeError, cPickle.UnpicklingError): - self.auth = None - print sys.exc_info() - - def dataReceived(self,data): - if self.otherConn: - self.otherConn.write(data) - return - self.buf=self.buf+data - if ('\r\n\r\n' in self.buf) or ('\n\n' in self.buf) or ('\r\r' in self.buf): - lines = self.buf.splitlines() - args = lines.pop(0).split() - command = args.pop(0) - headers = {} - for line in lines: - try: - (header, data) = line.split(": ", 1) - headers[header] = data - except ValueError: - pass - - if command == "AUTHTOKEN": - user = args[0] - token = headers["Auth-token"] - if token == "1": #FIXME - self.auth = user - self.makeReply(200, "Authentication successful") - else: - self.makeReply(401) - elif command == "CONNECTVNC": - vmname = args[0] - if ("Auth-token" in headers): - token = headers["Auth-token"] - self.validateToken(token) - if self.auth is not None: - port = getPort(vmname, self.auth_data) - if port is not None: # FIXME - if port != 0: - d = self.connectClass(self.server, port, VNCAuthOutgoing, self) - d.addErrback(lambda result, self=self: self.makeReply(404, result.getErrorMessage())) - else: - self.makeReply(404, "Unable to find VNC for VM "+vmname) - else: - self.makeReply(401, "Unauthorized to connect to VM "+vmname) - else: - if self.auth_error: - self.makeReply(401, self.auth_error) - else: - self.makeReply(401, "Invalid token") - else: - self.makeReply(401, "Login first") - else: - self.makeReply(501, "unknown method "+command) - self.buf='' - if False and '\000' in self.buf[8:]: - head,self.buf=self.buf[:8],self.buf[8:] - try: - version,code,port=struct.unpack("!BBH",head[:4]) - except struct.error: - raise RuntimeError, "struct error with head='%s' and buf='%s'"%(repr(head),repr(self.buf)) - user,self.buf=string.split(self.buf,"\000",1) - if head[4:7]=="\000\000\000": # domain is after - server,self.buf=string.split(self.buf,'\000',1) - #server=gethostbyname(server) - else: - server=socket.inet_ntoa(head[4:8]) - assert version==4, "Bad version code: %s"%version - if not self.authorize(code,server,port,user): - self.makeReply(91) - return - if code==1: # CONNECT - d = self.connectClass(server, port, SOCKSv4Outgoing, self) - d.addErrback(lambda result, self=self: self.makeReply(91)) - else: - raise RuntimeError, "Bad Connect Code: %s" % code - assert self.buf=="","hmm, still stuff in buffer... %s" % repr(self.buf) - - def connectionLost(self, reason): - if self.otherConn: - self.otherConn.transport.loseConnection() - - def authorize(self,code,server,port,user): - log.msg("code %s connection to %s:%s (user %s) authorized" % (code,server,port,user)) - return 1 - - def connectClass(self, host, port, klass, *args): - return protocol.ClientCreator(reactor, klass, *args).connectTCP(host,port) - - def makeReply(self,reply,message=""): - self.transport.write("VNCProxy/1.0 %d %s\r\n\r\n" % (reply, message)) - if int(reply / 100)!=2: self.transport.loseConnection() - - def write(self,data): - self.transport.write(data) - - def log(self,proto,data): - peer = self.transport.getPeer() - their_peer = self.otherConn.transport.getPeer() - print "%s\t%s:%d %s %s:%d\n"%(time.ctime(), - peer.host,peer.port, - ((proto==self and '<') or '>'), - their_peer.host,their_peer.port), - while data: - p,data=data[:16],data[16:] - print string.join(map(lambda x:'%02X'%ord(x),p),' ')+' ', - print ((16-len(p))*3*' '), - for c in p: - if len(repr(c))>3: print '.', - else: print c, - print "" - print "" - - -class VNCAuthFactory(protocol.Factory): - """A factory for a VNC auth proxy. - - Constructor accepts one argument, a log file name. - """ - - def __init__(self, server): - self.server = server - - def buildProtocol(self, addr): - return VNCAuth(self.server) - Index: trunk/packages/sipb-xen-vnc-server/code/vncproxy.py =================================================================== --- trunk/packages/sipb-xen-vnc-server/code/vncproxy.py (revision 1384) +++ (revision ) @@ -1,12 +1,0 @@ -#! /usr/bin/python -from twisted.internet import reactor, ssl -import vncexternalauth - -sslContext = ssl.DefaultOpenSSLContextFactory( - '/usr/share/sipb-xen-vnc-server/vncproxykey.pem', - '/usr/share/sipb-xen-vnc-server/vncproxy.crt', -) - -if '__main__' == __name__: - reactor.listenSSL(10003,vncexternalauth.VNCAuthFactory("localhost"), contextFactory=sslContext) - reactor.run() Index: trunk/packages/sipb-xen-vnc-server/debian/changelog =================================================================== --- trunk/packages/sipb-xen-vnc-server/debian/changelog (revision 1384) +++ trunk/packages/sipb-xen-vnc-server/debian/changelog (revision 1385) @@ -2,6 +2,7 @@ * Move certificate files into /usr/share/sipb-xen-vnc-server + * Switch to distutils-based package - -- Evan Broder Tue, 28 Oct 2008 14:59:24 -0400 + -- Evan Broder Tue, 28 Oct 2008 15:07:33 -0400 sipb-xen-vnc-server (1.1) unstable; urgency=low Index: trunk/packages/sipb-xen-vnc-server/debian/control =================================================================== --- trunk/packages/sipb-xen-vnc-server/debian/control (revision 1384) +++ trunk/packages/sipb-xen-vnc-server/debian/control (revision 1385) @@ -3,9 +3,14 @@ Priority: extra Maintainer: SIPB Xen Project -Build-Depends: cdbs (>= 0.4.23-1.1), debhelper (>= 4.1.0), subversion +Build-Depends: cdbs (>= 0.4.23-1.1), debhelper (>= 4.1.0), + python-all-dev (>=2.3.5-11), python-support (>= 0.5.3), + python-setuptools, python-debian, python-apt Standards-Version: 3.7.2 Package: sipb-xen-vnc-server Architecture: all -Depends: ${misc:Depends}, daemon, python-twisted-core, python-xen-3.2 +Depends: ${python:Depends}, ${misc:Depends}, daemon, + python-twisted-core, python-xen-3.2 +Provides: ${python:Provides} +XB-Python-Version: ${python:Versions} Description: Install and enable the VNC server Index: trunk/packages/sipb-xen-vnc-server/debian/pycompat =================================================================== --- trunk/packages/sipb-xen-vnc-server/debian/pycompat (revision 1385) +++ trunk/packages/sipb-xen-vnc-server/debian/pycompat (revision 1385) @@ -0,0 +1,1 @@ +2 Index: trunk/packages/sipb-xen-vnc-server/debian/rules =================================================================== --- trunk/packages/sipb-xen-vnc-server/debian/rules (revision 1384) +++ trunk/packages/sipb-xen-vnc-server/debian/rules (revision 1385) @@ -1,6 +1,12 @@ #!/usr/bin/make -f +DEB_PYTHON_SYSTEM=pysupport + include /usr/share/cdbs/1/rules/debhelper.mk +include /usr/share/cdbs/1/class/python-distutils.mk binary-fixup/sipb-xen-vnc-server:: - svn co https://sipb-xen-dev.mit.edu:1111/trunk/packages/sipb-xen-vnc-server/code/ $(DEB_DESTDIR)/usr/local/lib/sipb-xen-vnc-server + mv $(DEB_DESTDIR)usr/bin/sipb-xen-vnc-server $(DEB_DESTDIR)usr/sbin/sipb-xen-vnc-server + +clean:: + rm -rf invirt.vnc.egg-info Index: trunk/packages/sipb-xen-vnc-server/debian/sipb-xen-vnc-server.init =================================================================== --- trunk/packages/sipb-xen-vnc-server/debian/sipb-xen-vnc-server.init (revision 1384) +++ trunk/packages/sipb-xen-vnc-server/debian/sipb-xen-vnc-server.init (revision 1385) @@ -18,5 +18,5 @@ DESC="The sipb-xen VNC Proxy Server" NAME=sipb-xen-vnc-server -DAEMON=/usr/local/lib/sipb-xen-vnc-server/vncproxy.py +DAEMON=/usr/sbin/sipb-xen-vnc-server DAEMON_ARGS="" PIDFILE=/var/run/$NAME.pid Index: trunk/packages/sipb-xen-vnc-server/debian/sipb-xen-vnc-server.install =================================================================== --- trunk/packages/sipb-xen-vnc-server/debian/sipb-xen-vnc-server.install (revision 1384) +++ (revision ) @@ -1,1 +1,0 @@ -files/* . Index: trunk/packages/sipb-xen-vnc-server/python/vnc/__init__.py =================================================================== --- trunk/packages/sipb-xen-vnc-server/python/vnc/__init__.py (revision 1385) +++ trunk/packages/sipb-xen-vnc-server/python/vnc/__init__.py (revision 1385) @@ -0,0 +1,1 @@ +from extauth import * Index: trunk/packages/sipb-xen-vnc-server/python/vnc/extauth.py =================================================================== --- trunk/packages/sipb-xen-vnc-server/python/vnc/extauth.py (revision 1385) +++ trunk/packages/sipb-xen-vnc-server/python/vnc/extauth.py (revision 1385) @@ -0,0 +1,206 @@ +""" +Wrapper for sipb-xen VNC proxying +""" + +# twisted imports +from twisted.internet import reactor, protocol, defer +from twisted.python import log + +# python imports +import sys +import struct +import string +import cPickle +# Python 2.5: +#import hashlib +import sha +import hmac +import base64 +import socket +import time +import get_port + +TOKEN_KEY = "0M6W0U1IXexThi5idy8mnkqPKEq1LtEnlK/pZSn0cDrN" + +def getPort(name, auth_data): + if (auth_data["machine"] == name): + port = get_port.findPort(name) + if port is None: + return 0 + return int(port.split(':')[1]) + else: + return None + +class VNCAuthOutgoing(protocol.Protocol): + + def __init__(self,socks): + self.socks=socks + + def connectionMade(self): + peer = self.transport.getPeer() + self.socks.makeReply(200) + self.socks.otherConn=self + + def connectionLost(self, reason): + self.socks.transport.loseConnection() + + def dataReceived(self,data): + self.socks.write(data) + + def write(self,data): + self.transport.write(data) + + +class VNCAuth(protocol.Protocol): + + def __init__(self,server="localhost"): + self.server=server + self.auth=None + + def connectionMade(self): + self.buf="" + self.otherConn=None + + def validateToken(self, token): + global TOKEN_KEY + self.auth_error = "Invalid token" + try: + token = base64.urlsafe_b64decode(token) + token = cPickle.loads(token) + m = hmac.new(TOKEN_KEY, digestmod=sha) + m.update(token['data']) + if (m.digest() == token['digest']): + data = cPickle.loads(token['data']) + expires = data["expires"] + if (time.time() < expires): + self.auth = data["user"] + self.auth_error = None + self.auth_machine = data["machine"] + self.auth_data = data + else: + self.auth_error = "Token has expired; please try logging in again" + except (TypeError, cPickle.UnpicklingError): + self.auth = None + print sys.exc_info() + + def dataReceived(self,data): + if self.otherConn: + self.otherConn.write(data) + return + self.buf=self.buf+data + if ('\r\n\r\n' in self.buf) or ('\n\n' in self.buf) or ('\r\r' in self.buf): + lines = self.buf.splitlines() + args = lines.pop(0).split() + command = args.pop(0) + headers = {} + for line in lines: + try: + (header, data) = line.split(": ", 1) + headers[header] = data + except ValueError: + pass + + if command == "AUTHTOKEN": + user = args[0] + token = headers["Auth-token"] + if token == "1": #FIXME + self.auth = user + self.makeReply(200, "Authentication successful") + else: + self.makeReply(401) + elif command == "CONNECTVNC": + vmname = args[0] + if ("Auth-token" in headers): + token = headers["Auth-token"] + self.validateToken(token) + if self.auth is not None: + port = getPort(vmname, self.auth_data) + if port is not None: # FIXME + if port != 0: + d = self.connectClass(self.server, port, VNCAuthOutgoing, self) + d.addErrback(lambda result, self=self: self.makeReply(404, result.getErrorMessage())) + else: + self.makeReply(404, "Unable to find VNC for VM "+vmname) + else: + self.makeReply(401, "Unauthorized to connect to VM "+vmname) + else: + if self.auth_error: + self.makeReply(401, self.auth_error) + else: + self.makeReply(401, "Invalid token") + else: + self.makeReply(401, "Login first") + else: + self.makeReply(501, "unknown method "+command) + self.buf='' + if False and '\000' in self.buf[8:]: + head,self.buf=self.buf[:8],self.buf[8:] + try: + version,code,port=struct.unpack("!BBH",head[:4]) + except struct.error: + raise RuntimeError, "struct error with head='%s' and buf='%s'"%(repr(head),repr(self.buf)) + user,self.buf=string.split(self.buf,"\000",1) + if head[4:7]=="\000\000\000": # domain is after + server,self.buf=string.split(self.buf,'\000',1) + #server=gethostbyname(server) + else: + server=socket.inet_ntoa(head[4:8]) + assert version==4, "Bad version code: %s"%version + if not self.authorize(code,server,port,user): + self.makeReply(91) + return + if code==1: # CONNECT + d = self.connectClass(server, port, SOCKSv4Outgoing, self) + d.addErrback(lambda result, self=self: self.makeReply(91)) + else: + raise RuntimeError, "Bad Connect Code: %s" % code + assert self.buf=="","hmm, still stuff in buffer... %s" % repr(self.buf) + + def connectionLost(self, reason): + if self.otherConn: + self.otherConn.transport.loseConnection() + + def authorize(self,code,server,port,user): + log.msg("code %s connection to %s:%s (user %s) authorized" % (code,server,port,user)) + return 1 + + def connectClass(self, host, port, klass, *args): + return protocol.ClientCreator(reactor, klass, *args).connectTCP(host,port) + + def makeReply(self,reply,message=""): + self.transport.write("VNCProxy/1.0 %d %s\r\n\r\n" % (reply, message)) + if int(reply / 100)!=2: self.transport.loseConnection() + + def write(self,data): + self.transport.write(data) + + def log(self,proto,data): + peer = self.transport.getPeer() + their_peer = self.otherConn.transport.getPeer() + print "%s\t%s:%d %s %s:%d\n"%(time.ctime(), + peer.host,peer.port, + ((proto==self and '<') or '>'), + their_peer.host,their_peer.port), + while data: + p,data=data[:16],data[16:] + print string.join(map(lambda x:'%02X'%ord(x),p),' ')+' ', + print ((16-len(p))*3*' '), + for c in p: + if len(repr(c))>3: print '.', + else: print c, + print "" + print "" + + +class VNCAuthFactory(protocol.Factory): + """A factory for a VNC auth proxy. + + Constructor accepts one argument, a log file name. + """ + + def __init__(self, server): + self.server = server + + def buildProtocol(self, addr): + return VNCAuth(self.server) + Index: trunk/packages/sipb-xen-vnc-server/python/vnc/get_port.py =================================================================== --- trunk/packages/sipb-xen-vnc-server/python/vnc/get_port.py (revision 1385) +++ trunk/packages/sipb-xen-vnc-server/python/vnc/get_port.py (revision 1385) @@ -0,0 +1,25 @@ +#!/usr/bin/python +import sys +import glob +sys.path.append('/usr/lib/xen-default/lib/python/') +import xen.xm +import xen.xm.XenAPI +import xen.xend.XendClient +import time +import xmlrpclib + +prefix = "d_" +server = xen.xm.XenAPI.Session(xen.xend.XendClient.uri) + +def findPort(name): + try: + state = server.xend.domain(prefix + name, True) + for (key,value) in state[1:]: + if key == 'device' and value[0] == 'vfb': + location=dict(value[1:]).get('location') + return location + except xmlrpclib.Fault: + return None + +if __name__ == '__main__': + print findPort(sys.argv[1]) Index: trunk/packages/sipb-xen-vnc-server/setup.py =================================================================== --- trunk/packages/sipb-xen-vnc-server/setup.py (revision 1385) +++ trunk/packages/sipb-xen-vnc-server/setup.py (revision 1385) @@ -0,0 +1,24 @@ +#!/usr/bin/python + +from os import path +from debian_bundle.changelog import Changelog +from debian_bundle.deb822 import Deb822 +from email.utils import parseaddr +from setuptools import setup + +version = Changelog(open(path.join(path.dirname(__file__), 'debian/changelog')).read()).\ + get_version().full_version + +maintainer_full = Deb822(open(path.join(path.dirname(__file__), 'debian/control')))['Maintainer'] +maintainer, maintainer_email = parseaddr(maintainer_full) + +setup( + name='invirt.vnc', + version=version, + maintainer=maintainer, + maintainer_email=maintainer_email, + + packages = ['invirt.vnc'], + package_dir = {'invirt': 'python'}, + scripts=['sipb-xen-vnc-server'] +) Index: trunk/packages/sipb-xen-vnc-server/sipb-xen-vnc-server =================================================================== --- trunk/packages/sipb-xen-vnc-server/sipb-xen-vnc-server (revision 1385) +++ trunk/packages/sipb-xen-vnc-server/sipb-xen-vnc-server (revision 1385) @@ -0,0 +1,12 @@ +#! /usr/bin/python +from twisted.internet import reactor, ssl +from invirt import vnc + +sslContext = ssl.DefaultOpenSSLContextFactory( + '/usr/share/sipb-xen-vnc-server/vncproxykey.pem', + '/usr/share/sipb-xen-vnc-server/vncproxy.crt', +) + +if '__main__' == __name__: + reactor.listenSSL(10003,vnc.VNCAuthFactory("localhost"), contextFactory=sslContext) + reactor.run()