docs fix
Merge branch 'feature-auth' into develop
Change the auth file format
Switch to a 'passwd'/crypt-style format for the authentication file andprovide a tool to easily add / update / delete users from the file.
Fix pylint warnings, typos and docs
Improve logging during startup and shutdown
Fix error handling in parse_auth_file
Don't check for SSL arg inside the event loop
Enable ci docs building
Add README, Changelog and docs
Add docs build dir to .gitignore
Add logging support in client
Bind to 127.0.0.1 and disable SSL by default
Various fixes from pyflakes
Parse auth file using regexp
Fix auth file parsing
Improve logging in request_forwarding
Support server SSL cert auth in client
Improve logging / exception handling
Merge branch 'feature-async-control' into develop
Fix error in auth file handling
Don't crash on an empy auth file
Don't crash on an empty auth file. Also correct a typo with the `no_ssl`opt.
Add example users file and users file checks
Add an example users file and fail if there are no users defined in thefile.
Add support for control connection authentication
Since vncauthproxy no longer uses Unix domain sockets for the controlconnection handling, authentication handling, which was done with POSIXfile permissions, must be implemented in vncauthproxy.
The /var/lib/vncauthproxy/users file (configurable) acts as an...
Use SSL/TLS for control connections
Control connections now use SSL/TLS by default. Since, vncauthproxy controlconnections now use TCP/IP instead of Unix domain sockets, sensitiveinformation could be sent over possibly untrusted / insecure channels.
Set SO_REUSEADDR for the control socket
Fix typos/mistakes introduced by the refactoring
Code refactoring
Minor lexical fixes
Use TCP instead of UNIX sockets (first try)
Initial 'implementation' of vncauthproxy using TCP sockets instead ofUNIX domain sockets for control connections.
By default, it will bind to 127.0.0.1:24999 (forwarding ports start atTCP 25000). The client was changed accordingly....
Make control connection handling async
For every incoming control connection, accept() inside the main loop anddispatch the connection handling/establishment to a new greenlet.
The async handling of the control connections ensures that vncauhtproxy won't...
Merge branch 'release-1.4' into develop
Modify default port range for port pool
The default port range used for automatic port selectionwas chosen to be the ephemeral port range. This was the wrongthing to do, because it may conflict with ports used for outgoingconnections from the host on which vncauthproxy runs,...
Bump version to rc2
Update version to 1.4rc1 (release branch)
Bump version for next release
Create a docs stub to keep the CI system happy
Use single setup.py in ci/install.sh
Use devflow-update-version in ci/install.sh
Use /bin/sh instead of "/usr/bin/env sh" in ci/
Use /bin/sh instead of "/usr/bin/env sh" in ci/ scripts consistently.Yes, in theory the Bourne shell may not be in /bin, but POSIX doesn'tseem to specify the location of /usr/bin/env explicitly, either.
Add CI functionality
Add various scripts under ci/, enabling support forContinuous Integration.
Among others, there are scripts for automated: * pep8/flake8/pylint reports * installation in a virtualenv * execution of unit tests (not yet enabled) * building of docs (not yet enabled)...
Fix possible race in returning source port to pool
First make sure all sockets for a connection are closed,then return the source port number to the port pool.
This fixes a possible race where the greenlet gets preempted right afterreturning a port to the pool, and the port is picked up from the pool by...
Improve cleanup of worker greenlets
There are two worker greenlets per direction of an establishedconnection. This patch improves the way they are cleaned upby the main connection greenlet.
The workers are no longer linked together. This removes the hideous...
Fix a few more instances of logging
Fix a few more instances of logging, per pylint W6501,after commit c87d99e96.
Use gevent.sleep instead of time.sleep
Use green version of sleep() from gevent,so other greenlets get to run while a specific greenlet sleeps.
Make logging more consistent
Generate all logging-specific function members of VncAuthProxy("info", "error", etc) dynamically, from a single template.
Pass arguments to format string separately, as per pylint W6501,PEP282.
Fix minor typo
Add support for devflow
Add support for computing version numbers using devflow infrastructure.
Be more verbose when waiting for client to connect
Support argument parsing in command line client
Make the vncauthproxy client a proper command line tool,by adding support for argument parsing. Also output debugginginformation to stderr.
Work with multiple versions of python-daemon
Make source PEP8-compliant
Minor fixes to diagnostics for pidfile handling
Version bump to 1.3
Remove stale pid lockfiles on daemon invocation
Version bump to 1.2
Make server connect retries and retry wait tunable
Wait for VNC server connection establishment
Wait until the connection to the VNC server has beenestablished, before sending a successful response to theclient.
Sending a response before establishing a connection to theserver could allow a malicious user to access a different...
Fix dependencies in setup.py, bump version to 1.1
Fix dependencies in setup.py (python-daemon instead of daemon)to prevent the console script entry point from barfing on execution.
Also bump version number to 1.1.
Introduce setuptools entry_points functionality
Modify setup.py, replace vncauthproxy.py wrapper with a consolescript generated automatically using the 'entry_points' functionalityof setuptools.
Workaround libevent-dns fd lost after daemonizing
Currently, gevent uses libevent-dns for asynchornous DNS resolution,which opens a socket upon initialization time. This fails whenbecoming a daemon, leading to all DNS queries timing out, since all file...
Fix crash, Use self.{listeners,password} in proxy
Adjust the control sockets umask
Add g=rwx to the control socket's umask as to allow the owning group tocontrol the proxy (useful e.g. when wanting to do chgrp www-data)
Fix logger crash
Commit 138d0e8 scoped the main flow to a main() function. It seems thatthe variable "logger" was being set there and used in the rest of theprogram implicitly global, which of course make the proxy the crashwhenever it wanted to log something :-)...
Add setup.py and friends
Use setuptools and add setup.py, MANIFEST.in etc. in the packagedistribution.
Major restructuring of the directory layout
Create a proper Python package called "vncauthproxy" and move the proxyand the client there; also create a vncauthproxy.py, that imports fromthe package and calls its main()
Restore Python 2.5 compatibility
The 2.6 syntax for octal numbers (0oNNN) was used for umask; use 0022which is implicitly octal instead, to restore 2.5 compatibility.
Adjust the default location of the control socket
Move it from the (insecure) /tmp/vncproxy.sock to/var/run/vncauthproxy/ctrl.sock
Add RFB 3.3 support, minor fixes
Add support for RFB 3.3 handshake, along with RFB 3.8Tested to work with RFB 3.3 and RFB 3.8 clients.
Support dynamic port pool, encode reqs in JSON
Support dynamic allocation of client ports off a configurable portpool, if the client so requests. The pool is initialized to the IANAdynamic port range of 49152-65535 by default.
Use JSON encoding for requests and replies on the control channel....
Handle socket errors, improve exception handling
Handle failure of socket operations (e.g., could not bind socketdue to address already in use), and inform the client accordingly.To achieve this, the listening sockets get created by the main thread,and passed to the greenlet that waits for client connections....
Make vncauthproxy a proper daemon, improve logging
Have vncauthproxy daemonize properly.Introduce pidfile under /var/run/vncauthproxy,logfile under /var/log/vncauthproxy.
Add graceful SIGTERM handling
Install a signal handler for fatal signals using gevent.signal().This allows vncauthproxy to unlink its control socket and exitgracefully when SIGTERM is received.
Retry connecting to the backend server if initial connection fails
The proxy now takes turns trying to connect to all backend sockets and sleepsfor 200ms if it is unable to do so. This allows the backend server to come upup to 10 seconds after the client has authenticated....
Switch from Mercurial to Git
.hgignore -> .gitignore
Fixed copyright
Rename files
vncproxy.py -> vncauthproxy.pyvncproxyclient.py -> vapclient.py
Document some TODO actions in vncproxy.py
Remove obsolete struct dependency from vncproxy.py
Code cleanup/refactoring
Add copyright/license to rfb.py
Initial import