On 05/04/2014 04:21 AM, Zhou Zheng Sheng wrote:
This is a nice idea. I tested the vnc part. A problem in previous
"[v3]
Enable encryption in vm VNC console connection" is that vnc_auto.html is
not protected by kimchi authentication, and this patch fixes the
problem. The reason why I did not implement authentication is that the
port 64667 for the VNC websocket traffic itself is not protected by
Kimchi authentication. Even with this patch series, one can just git
clone the noVNC official git repo, then open the following link in Opera
(or Chrome?).
file:///home/edward/src/noVNC/vnc_auto.html?port=64667&host=X.X.X.X&path=?token=NAME_OF_THE_VM&encrypt=1
Then you get the guest VNC console without logging in to Kimchi. So this
patch does not improve anything compared to "[v3] Enable encryption in
vm VNC console connection", and it involves another redirection which
makes the process a bit more complicated.
I need to disagree with you.
With this patch the noVNC is protected from Kimchi perspective
(different from the previous patch), ie,
if the user wants to get the console, he does need to get it from noVNC
source code as you described above
but it will not be possible through Kimchi.
Even with the password parameter you mentioned below, if the user has
the full URL (including the password)
he will be able to get the console from noVNC source code without
authentication.
To the password parameter works, we need to set a random password for
each VNC connection with expiration
time (to reset it after connection is stabilized)
So vm_connect() create a random VNC password with expiration time for
10s (just the enough time to open
connection to noVNC)
That way we ensure each connection has a single valid password and if
someone gets the full URL it won't be valid
anymore.
We need to verify how much work is needed to implement this "password
with expiration time" approach.
Any help is welcome!
I think instead of protecting vnc_auto.html, which is purely static
content and not useful to protect, we should protect the VNC payload
with password. Kimchi should start the VM with a random VNC password,
when the user clicks the VNC link, it should links to
https://server:64667/vnc_auto.html?password=XXX&port=XXX&token=XX...
Since the password is random generated, and the traffic encrypted on
HTTPs, it's actually secure.
We can also improve the security by generating a new random password
every time the user opens a new VNC session.
on 2014/05/02 08:49, Aline Manera wrote:
> From: Aline Manera <alinefm(a)br.ibm.com>
>
> As I commented in mailing list ([v3] Enable encryption in vm VNC console connection)
> to enable Kimchi authentication in console pages those need to be provided by
> Kimchi server instead of websockify web server.
>
> I reverted the "Enable encryption in vm VNC console connection" commit,
applied
> "[PATCH v2] Enable encryption in vm console connection" path send by Mark
and
> make the changes needed to redirect user from websockify web server to Kimchi.
> So noVNC page continues to be rendered by Kimchi.
>
> With all that done, I was able to enable authentication to vnc_auto.html and
> spice.html
>
> Aline Manera (5):
> Revert "Enable encryption in vm VNC console connection"
> Make use of the mini Web server in the websockify
> Enable Kimchi authentication in console pages
> backend: Redirect 401 error to default page
> UI: Redirect user to console page after logging
>
> Mark Wu (1):
> Enable encryption in vm console connection
>
> configure.ac | 9 +-
> contrib/kimchi.spec.fedora.in | 14 +-
> contrib/kimchi.spec.suse.in | 14 +-
> src/kimchi/config.py.in | 32 +-
> src/kimchi/vnc.py | 2 +-
> src/nginx.conf.in | 15 +
> tests/test_config.py.in | 32 +-
> ui/Makefile.am | 2 +-
> ui/css/Makefile.am | 2 +-
> ui/css/fonts/Makefile.am | 2 +
> ui/css/fonts/novnc/Makefile.am | 20 +
> ui/css/fonts/novnc/Orbitron700.ttf | Bin 0 -> 38580 bytes
> ui/css/fonts/novnc/Orbitron700.woff | Bin 0 -> 17472 bytes
> ui/css/novnc/Makefile.am | 20 +
> ui/css/novnc/base.css | 405 ++++++
> ui/js/Makefile.am | 2 +-
> ui/js/novnc/Makefile.am | 22 +
> ui/js/novnc/base64.js | 115 ++
> ui/js/novnc/des.js | 273 ++++
> ui/js/novnc/display.js | 770 +++++++++++
> ui/js/novnc/input.js | 1946 +++++++++++++++++++++++++++
> ui/js/novnc/jsunzip.js | 676 ++++++++++
> ui/js/novnc/main.js | 103 ++
> ui/js/novnc/rfb.js | 1866 +++++++++++++++++++++++++
> ui/js/novnc/util.js | 381 ++++++
> ui/js/novnc/web-socket-js/Makefile.am | 24 +
> ui/js/novnc/web-socket-js/README.txt | 109 ++
> ui/js/novnc/web-socket-js/WebSocketMain.swf | Bin 0 -> 177114 bytes
> ui/js/novnc/web-socket-js/swfobject.js | 4 +
> ui/js/novnc/web-socket-js/web_socket.js | 391 ++++++
> ui/js/novnc/websock.js | 422 ++++++
> ui/js/novnc/webutil.js | 216 +++
> ui/js/src/kimchi.api.js | 7 +-
> ui/js/src/kimchi.login_window.js | 24 +-
> ui/novnc/Makefile.am | 22 -
> ui/novnc/css/Makefile.am | 20 -
> ui/novnc/css/Orbitron700.ttf | Bin 38580 -> 0 bytes
> ui/novnc/css/Orbitron700.woff | Bin 17472 -> 0 bytes
> ui/novnc/css/base.css | 405 ------
> ui/novnc/js/Makefile.am | 22 -
> ui/novnc/js/base64.js | 115 --
> ui/novnc/js/des.js | 273 ----
> ui/novnc/js/display.js | 770 -----------
> ui/novnc/js/input.js | 1946 ---------------------------
> ui/novnc/js/jsunzip.js | 676 ----------
> ui/novnc/js/main.js | 103 --
> ui/novnc/js/rfb.js | 1866 -------------------------
> ui/novnc/js/util.js | 381 ------
> ui/novnc/js/web-socket-js/Makefile.am | 24 -
> ui/novnc/js/web-socket-js/README.txt | 109 --
> ui/novnc/js/web-socket-js/WebSocketMain.swf | Bin 177114 -> 0 bytes
> ui/novnc/js/web-socket-js/swfobject.js | 4 -
> ui/novnc/js/web-socket-js/web_socket.js | 391 ------
> ui/novnc/js/websock.js | 422 ------
> ui/novnc/js/webutil.js | 216 ---
> ui/novnc/vnc.html | 43 -
> ui/pages/Makefile.am | 2 +-
> ui/pages/novnc/Makefile.am | 20 +
> ui/pages/novnc/vnc_auto.html | 22 +
> ui/pages/vnc_auto.html.tmpl | 44 +
> 60 files changed, 7955 insertions(+), 7861 deletions(-)
> create mode 100644 ui/css/fonts/novnc/Makefile.am
> create mode 100644 ui/css/fonts/novnc/Orbitron700.ttf
> create mode 100644 ui/css/fonts/novnc/Orbitron700.woff
> create mode 100644 ui/css/novnc/Makefile.am
> create mode 100644 ui/css/novnc/base.css
> create mode 100644 ui/js/novnc/Makefile.am
> create mode 100644 ui/js/novnc/base64.js
> create mode 100644 ui/js/novnc/des.js
> create mode 100644 ui/js/novnc/display.js
> create mode 100644 ui/js/novnc/input.js
> create mode 100755 ui/js/novnc/jsunzip.js
> create mode 100644 ui/js/novnc/main.js
> create mode 100644 ui/js/novnc/rfb.js
> create mode 100644 ui/js/novnc/util.js
> create mode 100644 ui/js/novnc/web-socket-js/Makefile.am
> create mode 100644 ui/js/novnc/web-socket-js/README.txt
> create mode 100644 ui/js/novnc/web-socket-js/WebSocketMain.swf
> create mode 100644 ui/js/novnc/web-socket-js/swfobject.js
> create mode 100644 ui/js/novnc/web-socket-js/web_socket.js
> create mode 100644 ui/js/novnc/websock.js
> create mode 100644 ui/js/novnc/webutil.js
> delete mode 100644 ui/novnc/Makefile.am
> delete mode 100644 ui/novnc/css/Makefile.am
> delete mode 100644 ui/novnc/css/Orbitron700.ttf
> delete mode 100644 ui/novnc/css/Orbitron700.woff
> delete mode 100644 ui/novnc/css/base.css
> delete mode 100644 ui/novnc/js/Makefile.am
> delete mode 100644 ui/novnc/js/base64.js
> delete mode 100644 ui/novnc/js/des.js
> delete mode 100644 ui/novnc/js/display.js
> delete mode 100644 ui/novnc/js/input.js
> delete mode 100755 ui/novnc/js/jsunzip.js
> delete mode 100644 ui/novnc/js/main.js
> delete mode 100644 ui/novnc/js/rfb.js
> delete mode 100644 ui/novnc/js/util.js
> delete mode 100644 ui/novnc/js/web-socket-js/Makefile.am
> delete mode 100644 ui/novnc/js/web-socket-js/README.txt
> delete mode 100644 ui/novnc/js/web-socket-js/WebSocketMain.swf
> delete mode 100644 ui/novnc/js/web-socket-js/swfobject.js
> delete mode 100644 ui/novnc/js/web-socket-js/web_socket.js
> delete mode 100644 ui/novnc/js/websock.js
> delete mode 100644 ui/novnc/js/webutil.js
> delete mode 100644 ui/novnc/vnc.html
> create mode 100644 ui/pages/novnc/Makefile.am
> create mode 100644 ui/pages/novnc/vnc_auto.html
> create mode 100644 ui/pages/vnc_auto.html.tmpl
>