On 05/04/2014 04:21 AM, Zhou Zheng Sheng wrote:
This is a nice idea. I tested the vnc part. A problem in previous "[v3] Enable encryption in vm VNC console connection" is that vnc_auto.html is not protected by kimchi authentication, and this patch fixes the problem. The reason why I did not implement authentication is that the port 64667 for the VNC websocket traffic itself is not protected by Kimchi authentication. Even with this patch series, one can just git clone the noVNC official git repo, then open the following link in Opera (or Chrome?).
file:///home/edward/src/noVNC/vnc_auto.html?port=64667&host=X.X.X.X&path=?token=NAME_OF_THE_VM&encrypt=1
Then you get the guest VNC console without logging in to Kimchi. So this patch does not improve anything compared to "[v3] Enable encryption in vm VNC console connection", and it involves another redirection which makes the process a bit more complicated.
I need to disagree with you. With this patch the noVNC is protected from Kimchi perspective (different from the previous patch), ie, if the user wants to get the console, he does need to get it from noVNC source code as you described above but it will not be possible through Kimchi. Even with the password parameter you mentioned below, if the user has the full URL (including the password) he will be able to get the console from noVNC source code without authentication. To the password parameter works, we need to set a random password for each VNC connection with expiration time (to reset it after connection is stabilized) So vm_connect() create a random VNC password with expiration time for 10s (just the enough time to open connection to noVNC) That way we ensure each connection has a single valid password and if someone gets the full URL it won't be valid anymore. We need to verify how much work is needed to implement this "password with expiration time" approach. Any help is welcome!
I think instead of protecting vnc_auto.html, which is purely static content and not useful to protect, we should protect the VNC payload with password. Kimchi should start the VM with a random VNC password, when the user clicks the VNC link, it should links to
https://server:64667/vnc_auto.html?password=XXX&port=XXX&token=XXX&encrypt=1&path=?
Since the password is random generated, and the traffic encrypted on HTTPs, it's actually secure.
We can also improve the security by generating a new random password every time the user opens a new VNC session.
on 2014/05/02 08:49, Aline Manera wrote:
From: Aline Manera <alinefm@br.ibm.com>
As I commented in mailing list ([v3] Enable encryption in vm VNC console connection) to enable Kimchi authentication in console pages those need to be provided by Kimchi server instead of websockify web server.
I reverted the "Enable encryption in vm VNC console connection" commit, applied "[PATCH v2] Enable encryption in vm console connection" path send by Mark and make the changes needed to redirect user from websockify web server to Kimchi. So noVNC page continues to be rendered by Kimchi.
With all that done, I was able to enable authentication to vnc_auto.html and spice.html
Aline Manera (5): Revert "Enable encryption in vm VNC console connection" Make use of the mini Web server in the websockify Enable Kimchi authentication in console pages backend: Redirect 401 error to default page UI: Redirect user to console page after logging
Mark Wu (1): Enable encryption in vm console connection
configure.ac | 9 +- contrib/kimchi.spec.fedora.in | 14 +- contrib/kimchi.spec.suse.in | 14 +- src/kimchi/config.py.in | 32 +- src/kimchi/vnc.py | 2 +- src/nginx.conf.in | 15 + tests/test_config.py.in | 32 +- ui/Makefile.am | 2 +- ui/css/Makefile.am | 2 +- ui/css/fonts/Makefile.am | 2 + ui/css/fonts/novnc/Makefile.am | 20 + ui/css/fonts/novnc/Orbitron700.ttf | Bin 0 -> 38580 bytes ui/css/fonts/novnc/Orbitron700.woff | Bin 0 -> 17472 bytes ui/css/novnc/Makefile.am | 20 + ui/css/novnc/base.css | 405 ++++++ ui/js/Makefile.am | 2 +- ui/js/novnc/Makefile.am | 22 + ui/js/novnc/base64.js | 115 ++ ui/js/novnc/des.js | 273 ++++ ui/js/novnc/display.js | 770 +++++++++++ ui/js/novnc/input.js | 1946 +++++++++++++++++++++++++++ ui/js/novnc/jsunzip.js | 676 ++++++++++ ui/js/novnc/main.js | 103 ++ ui/js/novnc/rfb.js | 1866 +++++++++++++++++++++++++ ui/js/novnc/util.js | 381 ++++++ ui/js/novnc/web-socket-js/Makefile.am | 24 + ui/js/novnc/web-socket-js/README.txt | 109 ++ ui/js/novnc/web-socket-js/WebSocketMain.swf | Bin 0 -> 177114 bytes ui/js/novnc/web-socket-js/swfobject.js | 4 + ui/js/novnc/web-socket-js/web_socket.js | 391 ++++++ ui/js/novnc/websock.js | 422 ++++++ ui/js/novnc/webutil.js | 216 +++ ui/js/src/kimchi.api.js | 7 +- ui/js/src/kimchi.login_window.js | 24 +- ui/novnc/Makefile.am | 22 - ui/novnc/css/Makefile.am | 20 - ui/novnc/css/Orbitron700.ttf | Bin 38580 -> 0 bytes ui/novnc/css/Orbitron700.woff | Bin 17472 -> 0 bytes ui/novnc/css/base.css | 405 ------ ui/novnc/js/Makefile.am | 22 - ui/novnc/js/base64.js | 115 -- ui/novnc/js/des.js | 273 ---- ui/novnc/js/display.js | 770 ----------- ui/novnc/js/input.js | 1946 --------------------------- ui/novnc/js/jsunzip.js | 676 ---------- ui/novnc/js/main.js | 103 -- ui/novnc/js/rfb.js | 1866 ------------------------- ui/novnc/js/util.js | 381 ------ ui/novnc/js/web-socket-js/Makefile.am | 24 - ui/novnc/js/web-socket-js/README.txt | 109 -- ui/novnc/js/web-socket-js/WebSocketMain.swf | Bin 177114 -> 0 bytes ui/novnc/js/web-socket-js/swfobject.js | 4 - ui/novnc/js/web-socket-js/web_socket.js | 391 ------ ui/novnc/js/websock.js | 422 ------ ui/novnc/js/webutil.js | 216 --- ui/novnc/vnc.html | 43 - ui/pages/Makefile.am | 2 +- ui/pages/novnc/Makefile.am | 20 + ui/pages/novnc/vnc_auto.html | 22 + ui/pages/vnc_auto.html.tmpl | 44 + 60 files changed, 7955 insertions(+), 7861 deletions(-) create mode 100644 ui/css/fonts/novnc/Makefile.am create mode 100644 ui/css/fonts/novnc/Orbitron700.ttf create mode 100644 ui/css/fonts/novnc/Orbitron700.woff create mode 100644 ui/css/novnc/Makefile.am create mode 100644 ui/css/novnc/base.css create mode 100644 ui/js/novnc/Makefile.am create mode 100644 ui/js/novnc/base64.js create mode 100644 ui/js/novnc/des.js create mode 100644 ui/js/novnc/display.js create mode 100644 ui/js/novnc/input.js create mode 100755 ui/js/novnc/jsunzip.js create mode 100644 ui/js/novnc/main.js create mode 100644 ui/js/novnc/rfb.js create mode 100644 ui/js/novnc/util.js create mode 100644 ui/js/novnc/web-socket-js/Makefile.am create mode 100644 ui/js/novnc/web-socket-js/README.txt create mode 100644 ui/js/novnc/web-socket-js/WebSocketMain.swf create mode 100644 ui/js/novnc/web-socket-js/swfobject.js create mode 100644 ui/js/novnc/web-socket-js/web_socket.js create mode 100644 ui/js/novnc/websock.js create mode 100644 ui/js/novnc/webutil.js delete mode 100644 ui/novnc/Makefile.am delete mode 100644 ui/novnc/css/Makefile.am delete mode 100644 ui/novnc/css/Orbitron700.ttf delete mode 100644 ui/novnc/css/Orbitron700.woff delete mode 100644 ui/novnc/css/base.css delete mode 100644 ui/novnc/js/Makefile.am delete mode 100644 ui/novnc/js/base64.js delete mode 100644 ui/novnc/js/des.js delete mode 100644 ui/novnc/js/display.js delete mode 100644 ui/novnc/js/input.js delete mode 100755 ui/novnc/js/jsunzip.js delete mode 100644 ui/novnc/js/main.js delete mode 100644 ui/novnc/js/rfb.js delete mode 100644 ui/novnc/js/util.js delete mode 100644 ui/novnc/js/web-socket-js/Makefile.am delete mode 100644 ui/novnc/js/web-socket-js/README.txt delete mode 100644 ui/novnc/js/web-socket-js/WebSocketMain.swf delete mode 100644 ui/novnc/js/web-socket-js/swfobject.js delete mode 100644 ui/novnc/js/web-socket-js/web_socket.js delete mode 100644 ui/novnc/js/websock.js delete mode 100644 ui/novnc/js/webutil.js delete mode 100644 ui/novnc/vnc.html create mode 100644 ui/pages/novnc/Makefile.am create mode 100644 ui/pages/novnc/vnc_auto.html create mode 100644 ui/pages/vnc_auto.html.tmpl