Revision 0b74ef50 vncauthproxy/proxy.py
b/vncauthproxy/proxy.py | ||
---|---|---|
56 | 56 |
DEFAULT_MIN_PORT = 25000 |
57 | 57 |
DEFAULT_MAX_PORT = 30000 |
58 | 58 |
|
59 |
# SSL certificate / key files |
|
60 |
DEFAULT_CERT_FILE = "/etc/ssl/certs/cert.pem" |
|
61 |
DEFAULT_KEY_FILE = "/etc/ssl/certs/key.pem" |
|
62 |
|
|
59 | 63 |
import os |
60 | 64 |
import sys |
61 | 65 |
import logging |
... | ... | |
72 | 76 |
except ImportError: |
73 | 77 |
import json |
74 | 78 |
|
75 |
from gevent import socket |
|
79 |
from gevent import socket, ssl
|
|
76 | 80 |
from signal import SIGINT, SIGTERM |
77 | 81 |
from gevent.select import select |
78 | 82 |
|
... | ... | |
155 | 159 |
|
156 | 160 |
self.debug("Cleaning up sockets") |
157 | 161 |
while self.listeners: |
158 |
self.listeners.pop().close() |
|
162 |
sock = self.listeners.pop().close() |
|
163 |
|
|
159 | 164 |
if self.server: |
160 | 165 |
self.server.close() |
166 |
|
|
161 | 167 |
if self.client: |
162 | 168 |
self.client.close() |
163 | 169 |
|
... | ... | |
457 | 463 |
# Close all listening sockets, we only want a one-shot |
458 | 464 |
# connection from a single client. |
459 | 465 |
while self.listeners: |
460 |
self.listeners.pop().close() |
|
466 |
sock = self.listeners.pop().close()
|
|
461 | 467 |
break |
462 | 468 |
|
463 | 469 |
# Perform RFB handshake with the client. |
... | ... | |
552 | 558 |
if s: |
553 | 559 |
s.close() |
554 | 560 |
while sockets: |
555 |
sockets.pop().close() |
|
561 |
sock = sockets.pop().close()
|
|
556 | 562 |
|
557 | 563 |
# Make sure we fail immediately if we cannot get a socket |
558 | 564 |
raise msg |
... | ... | |
619 | 625 |
help=("The maximum port number to use for automatically-" |
620 | 626 |
"allocated ephemeral ports (default: %s)" % |
621 | 627 |
DEFAULT_MAX_PORT)) |
628 |
parser.add_option('--cert-file', dest="cert_file", |
|
629 |
default=DEFAULT_CERT_FILE, |
|
630 |
metavar='CERTFILE', |
|
631 |
help=("SSL certificate (default: %s)" % |
|
632 |
DEFAULT_CERT_FILE)) |
|
633 |
parser.add_option('--key-file', dest="key_file", |
|
634 |
default=DEFAULT_KEY_FILE, |
|
635 |
metavar='KEYFILE', |
|
636 |
help=("SSL key (default: %s)" % |
|
637 |
DEFAULT_KEY_FILE)) |
|
622 | 638 |
|
623 | 639 |
(opts, args) = parser.parse_args(args) |
624 | 640 |
|
... | ... | |
704 | 720 |
|
705 | 721 |
while True: |
706 | 722 |
try: |
723 |
client = None |
|
724 |
client_sock = None |
|
707 | 725 |
rlist, _, _ = select(sockets, [], []) |
708 | 726 |
for ctrl in rlist: |
709 |
client, _ = ctrl.accept() |
|
727 |
client_sock, _ = ctrl.accept() |
|
728 |
client = ssl.wrap_socket(client_sock, |
|
729 |
server_side=True, |
|
730 |
keyfile=opts.key_file, |
|
731 |
certfile=opts.cert_file, |
|
732 |
ssl_version=ssl.PROTOCOL_TLSv1) |
|
710 | 733 |
logger.info("New control connection") |
711 | 734 |
|
712 | 735 |
VncAuthProxy.spawn(logger, client) |
736 |
continue |
|
713 | 737 |
except Exception, e: |
714 | 738 |
logger.exception(e) |
739 |
if client: |
|
740 |
client.close() |
|
741 |
elif client_sock: |
|
742 |
client_sock.close() |
|
715 | 743 |
continue |
716 | 744 |
except SystemExit: |
717 | 745 |
break |
718 | 746 |
|
719 | 747 |
logger.info("Closing control sockets") |
720 | 748 |
while sockets: |
721 |
sockets.pop().close() |
|
749 |
sock = sockets.pop() |
|
750 |
sock.close() |
|
751 |
|
|
722 | 752 |
daemon_context.close() |
723 | 753 |
sys.exit(0) |
Also available in: Unified diff