Revision 7f8ec5bd vncauthproxy/client.py
| b/vncauthproxy/client.py | ||
|---|---|---|
| 17 | 17 |
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA |
| 18 | 18 |
# 02110-1301, USA. |
| 19 | 19 |
|
| 20 |
""" vncauthproxy client """ |
|
| 21 |
|
|
| 20 | 22 |
import sys |
| 21 | 23 |
import socket |
| 22 | 24 |
import ssl |
| ... | ... | |
| 29 | 31 |
try: |
| 30 | 32 |
from gevent import sleep |
| 31 | 33 |
except ImportError: |
| 32 |
import sleep |
|
| 34 |
from time import sleep
|
|
| 33 | 35 |
|
| 34 | 36 |
DEFAULT_SERVER_ADDRESS = '127.0.0.1' |
| 35 | 37 |
DEFAULT_SERVER_PORT = 24999 |
| ... | ... | |
| 75 | 77 |
metavar="AUTH_PASSWORD", |
| 76 | 78 |
help=("User password for the control connection "
|
| 77 | 79 |
"authentication")) |
| 78 |
parser.add_option("--no-ssl", dest="no_ssl",
|
|
| 80 |
parser.add_option("--enable-ssl", dest="enable_ssl",
|
|
| 79 | 81 |
action='store_true', default=False, |
| 80 |
help=("Disable SSL/TLS for control connecions "
|
|
| 82 |
help=("Enable SSL/TLS for control connecions "
|
|
| 81 | 83 |
"(default: %s)" % False)) |
| 82 | 84 |
parser.add_option("--ca-cert", dest="ca_cert",
|
| 83 | 85 |
default=None, |
| ... | ... | |
| 91 | 93 |
|
| 92 | 94 |
(opts, args) = parser.parse_args(args) |
| 93 | 95 |
|
| 94 |
# Mandatory arguments |
|
| 95 |
if not opts.password: |
|
| 96 |
parser.error("The -P/--password argument is mandatory.")
|
|
| 97 |
if not opts.daddr: |
|
| 98 |
parser.error("The -d/--dest argument is mandatory.")
|
|
| 99 |
if not opts.dport: |
|
| 100 |
parser.error("The -p/--dport argument is mandatory.")
|
|
| 101 |
if not opts.auth_user: |
|
| 102 |
parser.error("The --auth-user argument is mandatory.")
|
|
| 103 |
if not opts.auth_password: |
|
| 104 |
parser.error("The --auth-password argument is mandatory.")
|
|
| 105 |
|
|
| 106 |
# Sanity check |
|
| 107 |
if opts.strict and not opts.ca_cert: |
|
| 108 |
parser.error("--strict requires --ca-cert to be set")
|
|
| 109 |
if opts.no_ssl and opts.ca_cert: |
|
| 110 |
parser.error("--no-ssl and --ca-cert / --strict options "
|
|
| 111 |
"are mutually exclusive") |
|
| 112 |
|
|
| 113 | 96 |
return (opts, args) |
| 114 | 97 |
|
| 115 | 98 |
|
| 116 | 99 |
def request_forwarding(sport, daddr, dport, password, |
| 117 | 100 |
auth_user, auth_password, |
| 118 | 101 |
server_address=DEFAULT_SERVER_ADDRESS, |
| 119 |
server_port=DEFAULT_SERVER_PORT, no_ssl=False,
|
|
| 102 |
server_port=DEFAULT_SERVER_PORT, enable_ssl=False,
|
|
| 120 | 103 |
ca_cert=None, strict=False): |
| 121 | 104 |
"""Connect to vncauthproxy and request a VNC forwarding.""" |
| 105 |
|
|
| 106 |
# Mandatory arguments |
|
| 122 | 107 |
if not password: |
| 123 |
raise ValueError("You must specify a non-empty password")
|
|
| 108 |
raise Exception("The password argument is mandatory.")
|
|
| 109 |
if not daddr: |
|
| 110 |
raise Exception("The daddr argument is mandatory.")
|
|
| 111 |
if not dport: |
|
| 112 |
raise Exception("The dport argument is mandatory.")
|
|
| 113 |
if not auth_user: |
|
| 114 |
raise Exception("The auth_user argument is mandatory.")
|
|
| 115 |
if not auth_password: |
|
| 116 |
raise Exception("The auth_password argument is mandatory.")
|
|
| 117 |
|
|
| 118 |
# Sanity check |
|
| 119 |
if strict and not ca_cert: |
|
| 120 |
raise Exception("strict requires ca-cert to be set")
|
|
| 121 |
if not enable_ssl and (strict or ca_cert): |
|
| 122 |
raise Exception("strict or ca-cert set, but ssl not enabled")
|
|
| 124 | 123 |
|
| 125 | 124 |
req = {
|
| 126 | 125 |
"source_port": int(sport), |
| ... | ... | |
| 146 | 145 |
server = None |
| 147 | 146 |
continue |
| 148 | 147 |
|
| 149 |
if not no_ssl:
|
|
| 148 |
if enable_ssl:
|
|
| 150 | 149 |
reqs = ssl.CERT_NONE |
| 151 | 150 |
if strict: |
| 152 | 151 |
reqs = ssl.CERT_REQUIRED |
| 153 | 152 |
elif ca_cert: |
| 154 | 153 |
reqs = ssl.CERT_OPTIONAL |
| 155 | 154 |
|
| 156 |
server = ssl.wrap_socket( |
|
| 157 |
server, cert_reqs=reqs, ca_certs=ca_cert,
|
|
| 158 |
ssl_version=ssl.PROTOCOL_TLSv1) |
|
| 155 |
server = ssl.wrap_socket(server, cert_reqs=reqs,
|
|
| 156 |
ca_certs=ca_cert,
|
|
| 157 |
ssl_version=ssl.PROTOCOL_TLSv1)
|
|
| 159 | 158 |
|
| 160 | 159 |
server.settimeout(60.0) |
| 161 | 160 |
|
| ... | ... | |
| 191 | 190 |
dport=opts.dport, password=opts.password, |
| 192 | 191 |
auth_user=opts.auth_user, |
| 193 | 192 |
auth_password=opts.auth_password, |
| 194 |
no_ssl=opts.no_ssl, ca_cert=opts.ca_cert,
|
|
| 193 |
enable_ssl=opts.enable_ssl, ca_cert=opts.ca_cert,
|
|
| 195 | 194 |
strict=opts.strict) |
| 196 | 195 |
|
| 197 | 196 |
reason = None |
| 198 | 197 |
if 'reason' in res: |
| 199 | 198 |
reason = 'Reason: %s\n' % res['reason'] |
| 200 | 199 |
sys.stderr.write("Forwaring %s -> %s:%s: %s\n%s" % (res['source_port'],
|
| 201 |
opts.daddr, opts.dport, |
|
| 202 |
res['status'], reason)) |
|
| 200 |
opts.daddr, opts.dport,
|
|
| 201 |
res['status'], reason))
|
|
| 203 | 202 |
|
| 204 | 203 |
if res['status'] == "OK": |
| 205 | 204 |
sys.exit(0) |
Also available in: Unified diff