[Kimchi-devel] [PATCH] bug fix: Avoid equals sign in VM console URL

Sheldon shaohef at linux.vnet.ibm.com
Tue Jul 29 03:53:44 UTC 2014 

On 07/29/2014 10:22 AM, Zheng Sheng ZS Zhou wrote:
>
> Sheldon <shaohef at linux.vnet.ibm.com> wrote 2014-07-28 17:23:21:
>
> > From: Sheldon <shaohef at linux.vnet.ibm.com>
> > To: alinefm at linux.vnet.ibm.com, Kimchi Devel <kimchi-
> > devel at ovirt.org>, Zheng Sheng ZS Zhou/China/IBM at IBMCN
> > Date: 2014-07-28 17:22
> > Subject: Re: [Kimchi-devel] [PATCH] bug fix: Avoid equals sign in VM
> > console URL
> >
> > On 07/26/2014 05:01 AM, alinefm at linux.vnet.ibm.com wrote:
> > > From: Aline Manera <alinefm at linux.vnet.ibm.com>
> > >
> > > >From python documentation, base64.urlsafe_b64encode(s)
> > substitutes - instead
> > > of + and _ instead of / in the standard Base64 alphabet, BUT the
> result can
> > > still contain = which is not safe in a URL query component.
> > > As token value is not decoded nowhere, replace = by A
> > also in our kimchi I have try:
> > In [45]: base64.urlsafe_b64encode("abcd")
> > Out[45]: 'YWJjZA=='
> > In [41]: base64.urlsafe_b64encode("abcde")
> > Out[41]: 'YWJjZGU='
> >
> >
> > JS is very cool, it can decode base64 without "=" padding well
> > kimchi.urlSafeB64Decode("YWJjZA")
> > "abcd"
> > kimchi.urlSafeB64Decode("YWJjZGU")
> > "abcde"
> >
> > we just need in python:
> > In [48]: base64.urlsafe_b64encode("abcd").rstrip("=")
> > Out[48]: 'YWJjZA'
> >
> >
>
> A friendly remind: We have to make sure this trick also works in IE
> and Chome.
>
Try chrom can work. But No IE environment.
>
>
> > > The problem with equals sign was only identified on Spice connections.
> > > noVNC can deal well with that.
> > >
> > > For reference: https://docs.python.org/2/library/base64.html
> > >
> > > Signed-off-by: Aline Manera <alinefm at linux.vnet.ibm.com>
> > > ---
> > > src/kimchi/vnc.py | 9 ++++++++-
> > > ui/js/src/kimchi.api.js | 18 ++++++++++++++++--
> > > 2 files changed, 24 insertions(+), 3 deletions(-)
> > >
> > > diff --git a/src/kimchi/vnc.py b/src/kimchi/vnc.py
> > > index 9380e21..4159049 100644
> > > --- a/src/kimchi/vnc.py
> > > +++ b/src/kimchi/vnc.py
> > > @@ -54,7 +54,14 @@ def new_ws_proxy():
> > >
> > > def add_proxy_token(name, port):
> > > with open(os.path.join(WS_TOKENS_DIR, name), 'w') as f:
> > > - name = base64.urlsafe_b64encode(name)
> > > + """
> > > + From python documentation base64.urlsafe_b64encode(s)
> > > + substitutes - instead of + and _ instead of / in the
> > > + standard Base64 alphabet, BUT the result can still
> > > + contain = which is not safe in a URL query component.
> > > + As token value is not decoded nowhere, replace = by A
> > > + """
> > > + name = base64.urlsafe_b64encode(name).replace('=', 'A')
> > > f.write('%s: localhost:%s' % (name.encode('utf-8'), port))
> > >
> > >
> > > diff --git a/ui/js/src/kimchi.api.js b/ui/js/src/kimchi.api.js
> > > index 8f5b68f..30360c5 100644
> > > --- a/ui/js/src/kimchi.api.js
> > > +++ b/ui/js/src/kimchi.api.js
> > > @@ -352,7 +352,14 @@ var kimchi = {
> > > }).done(function() {
> > > url = 'https://' + location.hostname + ':' + proxy_port;
> > > url += "/console.html?url=vnc_auto.html&port=" +
> > proxy_port;
> > > - url += "&path=?token=" + kimchi.urlSafeB64Encode(vm);
> > > + /*
> > > + * From python documentation base64.urlsafe_b64encode(s)
> > > + * substitutes - instead of + and _ instead of / in the
> > > + * standard Base64 alphabet, BUT the result can still
> > > + * contain = which is not safe in a URL query component.
> > > + * As token value is not decoded nowhere, replace = by A
> > > + * */
> > > + url += "&path=?token=" + kimchi.urlSafeB64Encode
> > (vm).replace(/=/g, 'A');
> > > url += "&kimchi=" + location.port;
> > > url += '&encrypt=1';
> > > window.open(url);
> > > @@ -377,7 +384,14 @@ var kimchi = {
> > > url = 'https://' + location.hostname + ':' + proxy_port;
> > > url += "/console.html?url=spice.html&port=" + proxy_port;
> > > url += "&listen=" + location.hostname;
> > > - url += "&token=" + kimchi.urlSafeB64Encode(vm);
> > > + /*
> > > + * From python documentation base64.urlsafe_b64encode(s)
> > > + * substitutes - instead of + and _ instead of / in the
> > > + * standard Base64 alphabet, BUT the result can still
> > > + * contain = which is not safe in a URL query component.
> > > + * As token value is not decoded nowhere, replace = by A
> > > + * */
> > > + url += "&token=" + kimchi.urlSafeB64Encode
> > (vm).replace(/=/g, 'A');
> > > url += "&kimchi=" + location.port;
> > > url += '&encrypt=1';
> > > window.open(url);
> >
> >
> > --
> > Thanks and best regards!
> >
> > Sheldon Feng(冯少合)<shaohef at linux.vnet.ibm.com>
> > IBM Linux Technology Center
> >
>


-- 
Thanks and best regards!

Sheldon Feng(冯少合)<shaohef at linux.vnet.ibm.com>
IBM Linux Technology Center

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/kimchi-devel/attachments/20140729/8fc31d1e/attachment.html>

More information about the Kimchi-devel mailing list