Statistics
| Branch: | Tag: | Revision:

root / vncauthproxy @ d49bd2fb

# Date Author Comment
d49bd2fb 06/28/2013 08:34 pm Stratos Psomadakis

Add support for control connection authentication

Since vncauthproxy no longer uses Unix domain sockets for the control
connection handling, authentication handling, which was done with POSIX
file permissions, must be implemented in vncauthproxy.

The /var/lib/vncauthproxy/users file (configurable) acts as an...
0b74ef50 06/28/2013 08:21 pm Stratos Psomadakis

Use SSL/TLS for control connections

Control connections now use SSL/TLS by default. Since, vncauthproxy control
connections now use TCP/IP instead of Unix domain sockets, sensitive
information could be sent over possibly untrusted / insecure channels.
7af890c9 05/10/2013 03:40 pm Stratos Psomadakis

Set SO_REUSEADDR for the control socket
dd62f34b 04/30/2013 01:31 pm Stratos Psomadakis

Fix typos/mistakes introduced by the refactoring
310ae019 04/28/2013 12:34 am Stratos Psomadakis

Code refactoring

  • Move the connection establishment inside the VncAuthProxy greenlet /
    class.
  • Use a shared get_listening_sockets() method for both client proxy /
    forward sockets and the control socket.
  • Reorganize / comment / rephrase the default values and the cli...
cf328b06 04/24/2013 01:05 pm Stratos Psomadakis

Minor lexical fixes
b129b0c0 04/24/2013 03:33 am Stratos Psomadakis

Use TCP instead of UNIX sockets (first try)

Initial 'implementation' of vncauthproxy using TCP sockets instead of
UNIX domain sockets for control connections.

By default, it will bind to 127.0.0.1:24999 (forwarding ports start at
TCP 25000). The client was changed accordingly....
86d1202e 04/24/2013 03:27 am Stratos Psomadakis

Make control connection handling async

For every incoming control connection, accept() inside the main loop and
dispatch the connection handling/establishment to a new greenlet.

The async handling of the control connections ensures that vncauhtproxy won't...
1e3d1c7d 04/10/2013 02:03 pm Vangelis Koukis

Modify default port range for port pool

The default port range used for automatic port selection
was chosen to be the ephemeral port range. This was the wrong
thing to do, because it may conflict with ports used for outgoing
connections from the host on which vncauthproxy runs,...
f6eb1be8 03/30/2013 01:01 pm Vangelis Koukis

Fix possible race in returning source port to pool

First make sure all sockets for a connection are closed,
then return the source port number to the port pool.

This fixes a possible race where the greenlet gets preempted right after
returning a port to the pool, and the port is picked up from the pool by...
020f4a9e 03/30/2013 12:55 pm Vangelis Koukis

Improve cleanup of worker greenlets

There are two worker greenlets per direction of an established
connection. This patch improves the way they are cleaned up
by the main connection greenlet.

The workers are no longer linked together. This removes the hideous...
d5705e2c 03/30/2013 12:46 pm Vangelis Koukis

Fix a few more instances of logging

Fix a few more instances of logging, per pylint W6501,
after commit c87d99e96.
0423d976 03/30/2013 12:44 pm Vangelis Koukis

Use gevent.sleep instead of time.sleep

Use green version of sleep() from gevent,
so other greenlets get to run while a specific greenlet sleeps.
c87d99e9 03/29/2013 01:34 pm Vangelis Koukis

Make logging more consistent

Generate all logging-specific function members of VncAuthProxy
("info", "error", etc) dynamically, from a single template.

Pass arguments to format string separately, as per pylint W6501,
PEP282.
fe5fc466 03/29/2013 12:48 pm Vangelis Koukis

Fix minor typo
6e40f2a8 03/28/2013 05:08 pm Vangelis Koukis

Be more verbose when waiting for client to connect
03a592b9 03/26/2013 07:36 pm Vangelis Koukis

Support argument parsing in command line client

Make the vncauthproxy client a proper command line tool,
by adding support for argument parsing. Also output debugging
information to stderr.
180a750f 03/22/2013 07:02 pm Vangelis Koukis

Work with multiple versions of python-daemon
31965126 03/22/2013 07:00 pm Vangelis Koukis

Make source PEP8-compliant
75eed2cf 07/13/2012 04:25 pm Vangelis Koukis

Minor fixes to diagnostics for pidfile handling
39840bd3 07/13/2012 03:54 pm Vangelis Koukis

Remove stale pid lockfiles on daemon invocation
7eb27319 03/22/2012 11:05 am Stratos Psomadakis

Make server connect retries and retry wait tunable
512c571e 03/16/2012 05:43 pm Stratos Psomadakis

Wait for VNC server connection establishment

Wait until the connection to the VNC server has been
established, before sending a successful response to the
client.

Sending a response before establishing a connection to the
server could allow a malicious user to access a different...
376a8634 09/06/2011 04:48 pm Vangelis Koukis

Workaround libevent-dns fd lost after daemonizing

Currently, gevent uses libevent-dns for asynchornous DNS resolution,
which opens a socket upon initialization time. This fails when
becoming a daemon, leading to all DNS queries timing out, since all file...
5a196d84 07/11/2011 05:20 pm Vangelis Koukis

Fix crash, Use self.{listeners,password} in proxy
1c241b27 06/20/2011 07:52 pm Faidon Liambotis

Adjust the control sockets umask

Add g=rwx to the control socket's umask as to allow the owning group to
control the proxy (useful e.g. when wanting to do chgrp www-data)
88420a63 06/20/2011 07:12 pm Faidon Liambotis

Fix logger crash

Commit 138d0e8 scoped the main flow to a main() function. It seems that
the variable "logger" was being set there and used in the rest of the
program implicitly global, which of course make the proxy the crash
whenever it wanted to log something :-)...
138d0e8b 06/20/2011 06:36 pm Faidon Liambotis

Major restructuring of the directory layout

Create a proper Python package called "vncauthproxy" and move the proxy
and the client there; also create a vncauthproxy.py, that imports from
the package and calls its main()