[Kimchi-devel] [PATCH] bug fix: Avoid equals sign in VM console URL

Sheldon shaohef at linux.vnet.ibm.com
Mon Jul 28 09:15:01 UTC 2014 

On 07/26/2014 05:01 AM, alinefm at linux.vnet.ibm.com wrote:
> From: Aline Manera <alinefm at linux.vnet.ibm.com>
>
> >From python documentation, base64.urlsafe_b64encode(s) substitutes - instead
> of + and _ instead of / in the standard Base64 alphabet, BUT the result can
> still contain = which is not safe in a URL query component.
> As token value is not decoded nowhere, replace = by A

what about other character instead of A? such as "." or "~"

This is the base64 alphabet:
'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/='

"A" is in the alphabet.


or do not pad the encode string.
some base64 variant has no pad character.
http://en.wikipedia.org/wiki/Base64#Implementations_and_history


Then in python, it can easy strip the "="
In [21]: s1 = base64.urlsafe_b64encode("abcd")
In [22]: s1.rstrip("=")
Out[22]: 'YWJjZA'

and In js add a funtion to
$ git diff
diff --git a/ui/js/src/kimchi.utils.js b/ui/js/src/kimchi.utils.js
index 480b9b5..2d252a7 100644
--- a/ui/js/src/kimchi.utils.js
+++ b/ui/js/src/kimchi.utils.js
@@ -191,3 +191,8 @@ kimchi.urlSafeB64Decode = function(str) {
kimchi.urlSafeB64Encode = function(str) {
return btoa(str).replace(/\+/g, '-').replace(/\//g, '_');
}
+
+kimchi.padBase64 = function(str) {
+ padLen = str.length % 4;
+ return str + new Array(padLen? 4 - padLen + 1 : 0).join("=");
+}


Now test this method:
in python:
In [40]: base64.urlsafe_b64encode("abcd")
Out[40]: 'YWJjZA=='

In [41]: base64.urlsafe_b64encode("abcde")
Out[41]: 'YWJjZGU='

In UI:
kimchi.padBase64("YWJjZA")
"YWJjZA=="

kimchi.padBase64("YWJjZGU")
"YWJjZGU="


>
> The problem with equals sign was only identified on Spice connections.
> noVNC can deal well with that.
>
> For reference: https://docs.python.org/2/library/base64.html
>
> Signed-off-by: Aline Manera <alinefm at linux.vnet.ibm.com>
> ---
>   src/kimchi/vnc.py       |  9 ++++++++-
>   ui/js/src/kimchi.api.js | 18 ++++++++++++++++--
>   2 files changed, 24 insertions(+), 3 deletions(-)
>
> diff --git a/src/kimchi/vnc.py b/src/kimchi/vnc.py
> index 9380e21..4159049 100644
> --- a/src/kimchi/vnc.py
> +++ b/src/kimchi/vnc.py
> @@ -54,7 +54,14 @@ def new_ws_proxy():
>
>   def add_proxy_token(name, port):
>       with open(os.path.join(WS_TOKENS_DIR, name), 'w') as f:
> -        name = base64.urlsafe_b64encode(name)
> +        """
> +        From python documentation base64.urlsafe_b64encode(s)
> +        substitutes - instead of + and _ instead of / in the
> +        standard Base64 alphabet, BUT the result can still
> +        contain = which is not safe in a URL query component.
> +        As token value is not decoded nowhere, replace = by A
> +        """
> +        name = base64.urlsafe_b64encode(name).replace('=', 'A')
>           f.write('%s: localhost:%s' % (name.encode('utf-8'), port))
>
>
> diff --git a/ui/js/src/kimchi.api.js b/ui/js/src/kimchi.api.js
> index 8f5b68f..30360c5 100644
> --- a/ui/js/src/kimchi.api.js
> +++ b/ui/js/src/kimchi.api.js
> @@ -352,7 +352,14 @@ var kimchi = {
>               }).done(function() {
>                   url = 'https://' + location.hostname + ':' + proxy_port;
>                   url += "/console.html?url=vnc_auto.html&port=" + proxy_port;
> -                url += "&path=?token=" + kimchi.urlSafeB64Encode(vm);
> +                /*
> +                 * From python documentation base64.urlsafe_b64encode(s)
> +                 * substitutes - instead of + and _ instead of / in the
> +                 * standard Base64 alphabet, BUT the result can still
> +                 * contain = which is not safe in a URL query component.
> +                 * As token value is not decoded nowhere, replace = by A
> +                 * */
> +                url += "&path=?token=" + kimchi.urlSafeB64Encode(vm).replace(/=/g, 'A');
>                   url += "&kimchi=" + location.port;
>                   url += '&encrypt=1';
>                   window.open(url);
> @@ -377,7 +384,14 @@ var kimchi = {
>                   url = 'https://' + location.hostname + ':' + proxy_port;
>                   url += "/console.html?url=spice.html&port=" + proxy_port;
>                   url += "&listen=" + location.hostname;
> -                url += "&token=" + kimchi.urlSafeB64Encode(vm);
> +                /*
> +                 * From python documentation base64.urlsafe_b64encode(s)
> +                 * substitutes - instead of + and _ instead of / in the
> +                 * standard Base64 alphabet, BUT the result can still
> +                 * contain = which is not safe in a URL query component.
> +                 * As token value is not decoded nowhere, replace = by A
> +                 * */
> +                url += "&token=" + kimchi.urlSafeB64Encode(vm).replace(/=/g, 'A');
>                   url += "&kimchi=" + location.port;
>                   url += '&encrypt=1';
>                   window.open(url);


-- 
Thanks and best regards!

Sheldon Feng(冯少合)<shaohef at linux.vnet.ibm.com>
IBM Linux Technology Center

More information about the Kimchi-devel mailing list