Revision 0b74ef50 vncauthproxy/proxy.py
| b/vncauthproxy/proxy.py | ||
|---|---|---|
| 56 | 56 |
DEFAULT_MIN_PORT = 25000 |
| 57 | 57 |
DEFAULT_MAX_PORT = 30000 |
| 58 | 58 |
|
| 59 |
# SSL certificate / key files |
|
| 60 |
DEFAULT_CERT_FILE = "/etc/ssl/certs/cert.pem" |
|
| 61 |
DEFAULT_KEY_FILE = "/etc/ssl/certs/key.pem" |
|
| 62 |
|
|
| 59 | 63 |
import os |
| 60 | 64 |
import sys |
| 61 | 65 |
import logging |
| ... | ... | |
| 72 | 76 |
except ImportError: |
| 73 | 77 |
import json |
| 74 | 78 |
|
| 75 |
from gevent import socket |
|
| 79 |
from gevent import socket, ssl
|
|
| 76 | 80 |
from signal import SIGINT, SIGTERM |
| 77 | 81 |
from gevent.select import select |
| 78 | 82 |
|
| ... | ... | |
| 155 | 159 |
|
| 156 | 160 |
self.debug("Cleaning up sockets")
|
| 157 | 161 |
while self.listeners: |
| 158 |
self.listeners.pop().close() |
|
| 162 |
sock = self.listeners.pop().close() |
|
| 163 |
|
|
| 159 | 164 |
if self.server: |
| 160 | 165 |
self.server.close() |
| 166 |
|
|
| 161 | 167 |
if self.client: |
| 162 | 168 |
self.client.close() |
| 163 | 169 |
|
| ... | ... | |
| 457 | 463 |
# Close all listening sockets, we only want a one-shot |
| 458 | 464 |
# connection from a single client. |
| 459 | 465 |
while self.listeners: |
| 460 |
self.listeners.pop().close() |
|
| 466 |
sock = self.listeners.pop().close()
|
|
| 461 | 467 |
break |
| 462 | 468 |
|
| 463 | 469 |
# Perform RFB handshake with the client. |
| ... | ... | |
| 552 | 558 |
if s: |
| 553 | 559 |
s.close() |
| 554 | 560 |
while sockets: |
| 555 |
sockets.pop().close() |
|
| 561 |
sock = sockets.pop().close()
|
|
| 556 | 562 |
|
| 557 | 563 |
# Make sure we fail immediately if we cannot get a socket |
| 558 | 564 |
raise msg |
| ... | ... | |
| 619 | 625 |
help=("The maximum port number to use for automatically-"
|
| 620 | 626 |
"allocated ephemeral ports (default: %s)" % |
| 621 | 627 |
DEFAULT_MAX_PORT)) |
| 628 |
parser.add_option('--cert-file', dest="cert_file",
|
|
| 629 |
default=DEFAULT_CERT_FILE, |
|
| 630 |
metavar='CERTFILE', |
|
| 631 |
help=("SSL certificate (default: %s)" %
|
|
| 632 |
DEFAULT_CERT_FILE)) |
|
| 633 |
parser.add_option('--key-file', dest="key_file",
|
|
| 634 |
default=DEFAULT_KEY_FILE, |
|
| 635 |
metavar='KEYFILE', |
|
| 636 |
help=("SSL key (default: %s)" %
|
|
| 637 |
DEFAULT_KEY_FILE)) |
|
| 622 | 638 |
|
| 623 | 639 |
(opts, args) = parser.parse_args(args) |
| 624 | 640 |
|
| ... | ... | |
| 704 | 720 |
|
| 705 | 721 |
while True: |
| 706 | 722 |
try: |
| 723 |
client = None |
|
| 724 |
client_sock = None |
|
| 707 | 725 |
rlist, _, _ = select(sockets, [], []) |
| 708 | 726 |
for ctrl in rlist: |
| 709 |
client, _ = ctrl.accept() |
|
| 727 |
client_sock, _ = ctrl.accept() |
|
| 728 |
client = ssl.wrap_socket(client_sock, |
|
| 729 |
server_side=True, |
|
| 730 |
keyfile=opts.key_file, |
|
| 731 |
certfile=opts.cert_file, |
|
| 732 |
ssl_version=ssl.PROTOCOL_TLSv1) |
|
| 710 | 733 |
logger.info("New control connection")
|
| 711 | 734 |
|
| 712 | 735 |
VncAuthProxy.spawn(logger, client) |
| 736 |
continue |
|
| 713 | 737 |
except Exception, e: |
| 714 | 738 |
logger.exception(e) |
| 739 |
if client: |
|
| 740 |
client.close() |
|
| 741 |
elif client_sock: |
|
| 742 |
client_sock.close() |
|
| 715 | 743 |
continue |
| 716 | 744 |
except SystemExit: |
| 717 | 745 |
break |
| 718 | 746 |
|
| 719 | 747 |
logger.info("Closing control sockets")
|
| 720 | 748 |
while sockets: |
| 721 |
sockets.pop().close() |
|
| 749 |
sock = sockets.pop() |
|
| 750 |
sock.close() |
|
| 751 |
|
|
| 722 | 752 |
daemon_context.close() |
| 723 | 753 |
sys.exit(0) |
Also available in: Unified diff