Revision bd377d7e

b/Changelog
3 3
Changelog for snf-vncauthproxy
4 4
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
5 5

  
6
.. _Changelog-1.4next:
6
.. _Changelog-1.5:
7 7

  
8
v1.4next
9
========
8
v1.5
9
====
10 10

  
11 11
Released: UNRELEASED
12 12

  
b/MANIFEST.in
1
include vncauthproxy.py LICENSE Changelog README
1
include LICENSE Changelog README
2 2
include distribute_setup.py
3 3

  
4 4
recursive-include vncauthproxy *
b/docs/conf.py
48 48
# built documents.
49 49
#
50 50
# The short X.Y version.
51
version = '1.4next'
51
version = '1.5'
52 52
# The full version, including alpha/beta/rc tags.
53
release = '1.4next'
53
release = '1.5'
54 54

  
55 55
# The language for content autogenerated by Sphinx. Refer to documentation
56 56
# for a list of supported languages.
b/docs/index.rst
90 90
script.
91 91

  
92 92
If you're using the init script, snf-vncauthproxy reads its paramater from its
93
default file (``DAEMON_OPTS`` parameter in ``/etc/default/snf-vncauthproxy``).
93
default file (``DAEMON_OPTS`` parameter in ``/etc/default/vncauthproxy``).
94 94

  
95 95
By default snf-vncauthproxy will listen to ``127.0.0.1:24999`` TCP, for incoming
96 96
control connections and uses the ``25000-30000`` range for the listening / data
97 97
sockets.
98 98

  
99
Version 1.4next introduced replaced Unix domain control sockets with TCP
99
Version 1.5 introduced replaced Unix domain control sockets with TCP
100 100
control sockets. This change made it necessary to also introduce an
101 101
authentication file to replace the Unix file permissions, which protected the
102 102
domain sockets.
103 103

  
104
The default path for the auth file is ``/var/lib/snf-vncauthproxy/users``
104
The default path for the auth file is ``/var/lib/vncauthproxy/users``
105 105
(configurable by the ``--auth-file`` option). Each line in the file represents
106
one user which is allowed to use the control socket and should be in the following
107
format:
106
one user which is allowed to use the control socket and should be in the
107
following format:
108 108

  
109 109
.. code-block:: console
110 110

  
......
114 114

  
115 115
The Debian package provides an example users file.
116 116

  
117
Version 1.4next introduced also support for SSL for the control socket. If you
117
Version 1.5 introduced also support for SSL for the control socket. If you
118 118
enable SSL support (``--enable-ssl`` parameter, disabled by default) you wil
119 119
have to provide a certficate and key file (``--cert-file`` and ``--key-file``
120
parameters).
120
parameters). The default values for certificate and key files are
121
``/var/lib/vncauthrpoxy/{cert,key}.pem`` respectively.
121 122

  
122 123
For detailed help on its configuration parameters, either consult its man page
123 124
or run:
......
149 150
VNC servers and access the VNC consoles of their VMs.
150 151

  
151 152
If you're running snf-vncauthproxy on the same host as snf-cyclades-app,
152
you will only need to configure two Synnefo options. Specifically,
153
``VNCAUTHPROXY_USER`` and ``VNCAUTHPROXY_PASSWORD`` in
154
``/etc/synnefo/20-snf-cyclades-app-api.conf`` should match a user defined in 
155
snf-vncauthproxy's users (auth) file.
153
you will only need to configure one Synnefo setting. Specifically,
154
the ``CYCLADES_VNCAUTHPROXY_OPTS`` dict in
155
``/etc/synnefo/20-snf-cyclades-app-api.conf`` should be edited to match
156
snf-vncauthproxy configuration (user, password, SSL support, certificate file).
156 157

  
157 158
In case you want to deploy snf-vncauthproxy on a different host than
158 159
snf-cyclades-app, you should make sure that you change the default listening
b/docs/upgrade.rst
1 1
Upgrade notes
2 2
^^^^^^^^^^^^^
3 3

  
4
v1.4next
5
========
6
Version 1.4next replaced Unix domain control sockets with TCP
4
v1.5
5
====
6
Version 1.5 replaced Unix domain control sockets with TCP
7 7
control sockets. This change made it necessary to also introduce an
8 8
authentication file to replace the POSIX file permissions, which protected the
9 9
domain sockets.
10 10

  
11
The default path for the auth file is ``/var/lib/snf-vncauthproxy/users``
11
The default path for the auth file is ``/var/lib/vncauthproxy/users``
12 12
(configurable by the ``--auth-file`` option). Each line in the file represents
13 13
one user which is allowed to use the control socket and should be in the
14 14
following format:
......
19 19
    user1 {cleartext}password
20 20
    user2 {HA1}md5hash
21 21

  
22
If you want to use a hash instead of a password, you should provide the MD5
23
digest of the string ``user:vncauthproxy:password``. It can be generated with
24
the following command:
25

  
26
.. code-block:: console
27

  
28
    $ echo -n 'user:vncauthproxy:password' | openssl md5
29

  
22 30
The Debian package provides an example users file.
23 31

  
24
Version 1.4next also introduced support for SSL for the control socket. If you
25
enable SSL support (``--enable-ssl`` parameter, disabled by default) you wil
32
Version 1.5 also introduced support for SSL for the control socket. If you
33
enable SSL support (``--enable-ssl`` parameter, disabled by default) you will
26 34
have to provide a certficate and key file (``--cert-file`` and ``--key-file``
27
parameters).
28

  
29
If you're using snf-vncauthproxy with Synnefo, you should make sure to set the
30
``VNCAUTHPROXY_USER`` and ``VNCAUTHPROXY_PASSWORD`` options in
31
``/etc/synnefo/20-snf-cyclades-app-api.conf``. They should match a user defined
32
in snf-vncauthproxy's users (auth) file. You should also make sure that the
33
node running snf-cyclades-app can connect to the snf-vncauthproxy's control
34
socket address /port (the default deployment to run snf-vncauthproxy on the
35
same host with snf-cyclades-app should work with the defaults of
36
snf-vncauthproxy, with the exception of the authentiction file).
35
parameters). The default values for certificate and key files are
36
``/var/lib/vncauthrpoxy/{cert,key}.pem`` respectively.
37

  
38
If you're using snf-vncauthproxy with Synnefo, you should make sure to edit the
39
``CYCLADES_VNCAUTHPROXY_OPTS`` setting in
40
``/etc/synnefo/20-snf-cyclades-app-api.conf``.  The
41
``CYCLADES_VNCAUTHPROXY_OPTS`` dict in
42
``/etc/synnefo/20-snf-cyclades-app-api.conf`` should be edited to match
43
snf-vncauthproxy configuration (user, password, SSL support, certificate file).
44
You should also make sure that the node running snf-cyclades-app can connect to
45
the snf-vncauthproxy's control socket address / port (the suggested deployment to
46
run snf-vncauthproxy on the same host as snf-cyclades-app should work with
47
the defaults of snf-vncauthproxy, with the exception of the authentication
48
file).
b/vncauthproxy/client.py
123 123
    if strict and not ca_cert:
124 124
        raise Exception("strict requires ca-cert to be set")
125 125
    if not enable_ssl and (strict or ca_cert):
126
        logger.warning("strict or ca-cert set, but ssl not enabled")
126
        logger.warning("strict or ca_cert set, but ssl not enabled")
127 127

  
128 128
    req = {
129 129
        "source_port": int(sport),
b/vncauthproxy/proxy.py
73 73
import hashlib
74 74
import re
75 75

  
76
import rfb
76
from vncauthproxy import rfb
77 77

  
78 78
try:
79 79
    import simplejson as json
......
144 144
        self.client = client
145 145
        # A list of worker/forwarder greenlets, one for each direction
146 146
        self.workers = []
147
        self.listeners = []
147 148
        self.sport = None
148 149
        self.pool = None
149 150
        self.daddr = None
......
619 620
def parse_auth_file(auth_file):
620 621
    supported_ciphers = ('cleartext', 'HA1', None)
621 622
    regexp = re.compile(r'^\s*(?P<user>\S+)\s+({(?P<cipher>\S+)})?'
622
                        '(?P<pass>\S+)\s*$')
623
                        r'(?P<pass>\S+)\s*$')
623 624

  
624 625
    users = {}
625 626

  
626 627
    if os.path.isfile(auth_file) is False:
627
        logger.warning("Authentication file not found. Continuing without"
628
        logger.warning("Authentication file not found. Continuing without "
628 629
                       "users")
629 630
        return users
630 631

  

Also available in: Unified diff