| Branch: | Tag: | Revision:

root @ 4a1dd7af

# Date Author Comment
4a1dd7af 06/28/2013 09:59 pm Stratos Psomadakis

Add example users file and users file checks

Add an example users file and fail if there are no users defined in the

d49bd2fb 06/28/2013 08:34 pm Stratos Psomadakis

Add support for control connection authentication

Since vncauthproxy no longer uses Unix domain sockets for the control
connection handling, authentication handling, which was done with POSIX
file permissions, must be implemented in vncauthproxy.

The /var/lib/vncauthproxy/users file (configurable) acts as an...

0b74ef50 06/28/2013 08:21 pm Stratos Psomadakis

Use SSL/TLS for control connections

Control connections now use SSL/TLS by default. Since, vncauthproxy control
connections now use TCP/IP instead of Unix domain sockets, sensitive
information could be sent over possibly untrusted / insecure channels.

7af890c9 05/10/2013 03:40 pm Stratos Psomadakis

Set SO_REUSEADDR for the control socket

dd62f34b 04/30/2013 01:31 pm Stratos Psomadakis

Fix typos/mistakes introduced by the refactoring

310ae019 04/28/2013 12:34 am Stratos Psomadakis

Code refactoring

  • Move the connection establishment inside the VncAuthProxy greenlet /
  • Use a shared get_listening_sockets() method for both client proxy /
    forward sockets and the control socket.
  • Reorganize / comment / rephrase the default values and the cli...
cf328b06 04/24/2013 01:05 pm Stratos Psomadakis

Minor lexical fixes

b129b0c0 04/24/2013 03:33 am Stratos Psomadakis

Use TCP instead of UNIX sockets (first try)

Initial 'implementation' of vncauthproxy using TCP sockets instead of
UNIX domain sockets for control connections.

By default, it will bind to (forwarding ports start at
TCP 25000). The client was changed accordingly....

86d1202e 04/24/2013 03:27 am Stratos Psomadakis

Make control connection handling async

For every incoming control connection, accept() inside the main loop and
dispatch the connection handling/establishment to a new greenlet.

The async handling of the control connections ensures that vncauhtproxy won't...

37a236d1 04/10/2013 02:51 pm Stratos Psomadakis

Merge branch 'release-1.4' into develop

1e3d1c7d 04/10/2013 02:03 pm Vangelis Koukis

Modify default port range for port pool

The default port range used for automatic port selection
was chosen to be the ephemeral port range. This was the wrong
thing to do, because it may conflict with ports used for outgoing
connections from the host on which vncauthproxy runs,...

2c8bd68a 04/08/2013 11:53 pm Stratos Psomadakis

Bump version to rc2

98cc310e 04/08/2013 11:39 pm Stratos Psomadakis

Update version to 1.4rc1 (release branch)

4a83b4bc 04/08/2013 11:37 pm Stratos Psomadakis

Bump version for next release

6a8190a5 04/01/2013 01:59 pm Vangelis Koukis

Create a docs stub to keep the CI system happy

f0e7fc76 04/01/2013 01:08 pm Vangelis Koukis

Use single in ci/

538cf0de 04/01/2013 01:03 pm Vangelis Koukis

Use devflow-update-version in ci/

529dadc5 04/01/2013 12:02 pm Vangelis Koukis

Use /bin/sh instead of "/usr/bin/env sh" in ci/

Use /bin/sh instead of "/usr/bin/env sh" in ci/ scripts consistently.
Yes, in theory the Bourne shell may not be in /bin, but POSIX doesn't
seem to specify the location of /usr/bin/env explicitly, either.

4908cdde 04/01/2013 11:57 am Vangelis Koukis

Add CI functionality

Add various scripts under ci/, enabling support for
Continuous Integration.

Among others, there are scripts for automated: * pep8/flake8/pylint reports * installation in a virtualenv * execution of unit tests (not yet enabled) * building of docs (not yet enabled)...

f6eb1be8 03/30/2013 01:01 pm Vangelis Koukis

Fix possible race in returning source port to pool

First make sure all sockets for a connection are closed,
then return the source port number to the port pool.

This fixes a possible race where the greenlet gets preempted right after
returning a port to the pool, and the port is picked up from the pool by...

020f4a9e 03/30/2013 12:55 pm Vangelis Koukis

Improve cleanup of worker greenlets

There are two worker greenlets per direction of an established
connection. This patch improves the way they are cleaned up
by the main connection greenlet.

The workers are no longer linked together. This removes the hideous...

d5705e2c 03/30/2013 12:46 pm Vangelis Koukis

Fix a few more instances of logging

Fix a few more instances of logging, per pylint W6501,
after commit c87d99e96.

0423d976 03/30/2013 12:44 pm Vangelis Koukis

Use gevent.sleep instead of time.sleep

Use green version of sleep() from gevent,
so other greenlets get to run while a specific greenlet sleeps.

c87d99e9 03/29/2013 01:34 pm Vangelis Koukis

Make logging more consistent

Generate all logging-specific function members of VncAuthProxy
("info", "error", etc) dynamically, from a single template.

Pass arguments to format string separately, as per pylint W6501,

fe5fc466 03/29/2013 12:48 pm Vangelis Koukis

Fix minor typo

68caea79 03/29/2013 12:35 pm Vangelis Koukis

Add support for devflow

Add support for computing version numbers using devflow infrastructure.

6e40f2a8 03/28/2013 05:08 pm Vangelis Koukis

Be more verbose when waiting for client to connect

03a592b9 03/26/2013 07:36 pm Vangelis Koukis

Support argument parsing in command line client

Make the vncauthproxy client a proper command line tool,
by adding support for argument parsing. Also output debugging
information to stderr.

180a750f 03/22/2013 07:02 pm Vangelis Koukis

Work with multiple versions of python-daemon

31965126 03/22/2013 07:00 pm Vangelis Koukis

Make source PEP8-compliant

75eed2cf 07/13/2012 04:25 pm Vangelis Koukis

Minor fixes to diagnostics for pidfile handling

2c83c28c 07/13/2012 04:03 pm Vangelis Koukis

Version bump to 1.3

39840bd3 07/13/2012 03:54 pm Vangelis Koukis

Remove stale pid lockfiles on daemon invocation

da142b1f 03/22/2012 09:41 pm Stratos Psomadakis

Version bump to 1.2

7eb27319 03/22/2012 11:05 am Stratos Psomadakis

Make server connect retries and retry wait tunable

512c571e 03/16/2012 05:43 pm Stratos Psomadakis

Wait for VNC server connection establishment

Wait until the connection to the VNC server has been
established, before sending a successful response to the

Sending a response before establishing a connection to the
server could allow a malicious user to access a different...

a699949f 11/18/2011 06:31 pm Vangelis Koukis

Fix dependencies in, bump version to 1.1

Fix dependencies in (python-daemon instead of daemon)
to prevent the console script entry point from barfing on execution.

Also bump version number to 1.1.

0e02cdc8 11/18/2011 06:02 pm Vangelis Koukis

Introduce setuptools entry_points functionality

Modify, replace wrapper with a console
script generated automatically using the 'entry_points' functionality
of setuptools.

376a8634 09/06/2011 04:48 pm Vangelis Koukis

Workaround libevent-dns fd lost after daemonizing

Currently, gevent uses libevent-dns for asynchornous DNS resolution,
which opens a socket upon initialization time. This fails when
becoming a daemon, leading to all DNS queries timing out, since all file...

5a196d84 07/11/2011 05:20 pm Vangelis Koukis

Fix crash, Use self.{listeners,password} in proxy

1c241b27 06/20/2011 07:52 pm Faidon Liambotis

Adjust the control sockets umask

Add g=rwx to the control socket's umask as to allow the owning group to
control the proxy (useful e.g. when wanting to do chgrp www-data)

88420a63 06/20/2011 07:12 pm Faidon Liambotis

Fix logger crash

Commit 138d0e8 scoped the main flow to a main() function. It seems that
the variable "logger" was being set there and used in the rest of the
program implicitly global, which of course make the proxy the crash
whenever it wanted to log something :-)...

08845665 06/20/2011 06:47 pm Faidon Liambotis

Add and friends

Use setuptools and add, etc. in the package

138d0e8b 06/20/2011 06:36 pm Faidon Liambotis

Major restructuring of the directory layout

Create a proper Python package called "vncauthproxy" and move the proxy
and the client there; also create a, that imports from
the package and calls its main()

0a78eb3c 06/20/2011 06:11 pm Faidon Liambotis

Restore Python 2.5 compatibility

The 2.6 syntax for octal numbers (0oNNN) was used for umask; use 0022
which is implicitly octal instead, to restore 2.5 compatibility.

7183f55d 06/20/2011 06:10 pm Faidon Liambotis

Adjust the default location of the control socket

Move it from the (insecure) /tmp/vncproxy.sock to

8799ab6d 05/11/2011 12:46 pm Vangelis Koukis

Add RFB 3.3 support, minor fixes

Add support for RFB 3.3 handshake, along with RFB 3.8
Tested to work with RFB 3.3 and RFB 3.8 clients.

48b1400e 04/12/2011 06:18 pm Vangelis Koukis

Support dynamic port pool, encode reqs in JSON

Support dynamic allocation of client ports off a configurable port
pool, if the client so requests. The pool is initialized to the IANA
dynamic port range of 49152-65535 by default.

Use JSON encoding for requests and replies on the control channel....

035424b6 04/11/2011 02:15 am Vangelis Koukis

Handle socket errors, improve exception handling

Handle failure of socket operations (e.g., could not bind socket
due to address already in use), and inform the client accordingly.
To achieve this, the listening sockets get created by the main thread,
and passed to the greenlet that waits for client connections....

1ef76eb2 04/03/2011 02:19 am Vangelis Koukis

Make vncauthproxy a proper daemon, improve logging

Have vncauthproxy daemonize properly.
Introduce pidfile under /var/run/vncauthproxy,
logfile under /var/log/vncauthproxy.

179aa9ec 04/03/2011 12:42 am Vangelis Koukis

Add graceful SIGTERM handling

Install a signal handler for fatal signals using gevent.signal().
This allows vncauthproxy to unlink its control socket and exit
gracefully when SIGTERM is received.

5cf1d655 12/01/2010 04:25 pm Apollon Oikonomopoulos

Retry connecting to the backend server if initial connection fails

The proxy now takes turns trying to connect to all backend sockets and sleeps
for 200ms if it is unable to do so. This allows the backend server to come up
up to 10 seconds after the client has authenticated....

668a9ced 11/16/2010 09:42 pm Faidon Liambotis

Switch from Mercurial to Git

.hgignore -> .gitignore

0c251ab5 11/10/2010 11:41 am Apollon Oikonomopoulos

Fixed copyright

5da701ba 11/10/2010 11:40 am Apollon Oikonomopoulos

Rename files -> ->

eeb14dde 11/10/2010 11:36 am Apollon Oikonomopoulos

Document some TODO actions in

b9866dc8 09/10/2010 08:28 pm Apollon Oikonomopoulos

Remove obsolete struct dependency from

9c6144cb 09/10/2010 08:22 pm Apollon Oikonomopoulos

Code cleanup/refactoring

8790958b 09/10/2010 08:22 pm Apollon Oikonomopoulos

Add copyright/license to

66d17b40 09/10/2010 05:21 pm Apollon Oikonomopoulos

Initial import