11:42 a.m.
From: Aline Manera <alinefm(a)linux.vnet.ibm.com>
websockify.py uses urlparse.parse_qs() to parse token parameter in the
console URL
/vnc_auto.html?port=64667&path=?token=issue%2B374&encrypt=1
And even encoding the VM name using encodeURIComponent() it replaces the
plus sign for a white space,
{'token': ['issue 374']}
That way websockify will never be able to find the console port based on VM
name.
To fix it, use base64 for encoding the VM name while setting up the
console configuration and accessing it using noVNC or Spice.
Signed-off-by: Aline Manera <alinefm(a)linux.vnet.ibm.com>
---
src/kimchi/vnc.py | 2 ++
ui/js/src/kimchi.api.js | 4 ++--
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/kimchi/vnc.py b/src/kimchi/vnc.py
index 002b950..9380e21 100644
--- a/src/kimchi/vnc.py
+++ b/src/kimchi/vnc.py
@@ -18,6 +18,7 @@
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+import base64
import errno
import os
import subprocess
@@ -53,6 +54,7 @@ def new_ws_proxy():
def add_proxy_token(name, port):
with open(os.path.join(WS_TOKENS_DIR, name), 'w') as f:
+ name = base64.urlsafe_b64encode(name)
f.write('%s: localhost:%s' % (name.encode('utf-8'), port))
diff --git a/ui/js/src/kimchi.api.js b/ui/js/src/kimchi.api.js
index 021be63..99ac730 100644
--- a/ui/js/src/kimchi.api.js
+++ b/ui/js/src/kimchi.api.js
@@ -352,7 +352,7 @@ var kimchi = {
}).done(function() {
url = 'https://' + location.hostname + ':' + proxy_port;
url += "/console.html?url=vnc_auto.html&port=" +
proxy_port;
- url += "&path=?token=" + encodeURIComponent(vm);
+ url += "&path=?token=" + kimchi.urlSafeB64Encode(vm);
url += "&kimchi=" + location.port;
url += '&encrypt=1';
window.open(url);
@@ -377,7 +377,7 @@ var kimchi = {
url = 'https://' + location.hostname + ':' + proxy_port;
url += "/console.html?url=spice.html&port=" + proxy_port;
url += "&listen=" + location.hostname;
- url += "&token=" + encodeURIComponent(vm);
+ url += "&token=" + kimchi.urlSafeB64Encode(vm);
url += "&kimchi=" + location.port;
url += '&encrypt=1';
window.open(url);
--
1.9.3
9:20 p.m.
Reviewed-by: ShaoHe Feng <shaohef(a)linux.vnet.ibm.com>
On 07/23/2014 12:42 AM, alinefm(a)linux.vnet.ibm.com wrote:
From: Aline Manera <alinefm(a)linux.vnet.ibm.com>
websockify.py uses urlparse.parse_qs() to parse token parameter in the
console URL
/vnc_auto.html?port=64667&path=?token=issue%2B374&encrypt=1
And even encoding the VM name using encodeURIComponent() it replaces the
plus sign for a white space,
{'token': ['issue 374']}
That way websockify will never be able to find the console port based on VM
name.
To fix it, use base64 for encoding the VM name while setting up the
console configuration and accessing it using noVNC or Spice.
Signed-off-by: Aline Manera <alinefm(a)linux.vnet.ibm.com>
---
src/kimchi/vnc.py | 2 ++
ui/js/src/kimchi.api.js | 4 ++--
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/kimchi/vnc.py b/src/kimchi/vnc.py
index 002b950..9380e21 100644
--- a/src/kimchi/vnc.py
+++ b/src/kimchi/vnc.py
@@ -18,6 +18,7 @@
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+import base64
import errno
import os
import subprocess
@@ -53,6 +54,7 @@ def new_ws_proxy():
def add_proxy_token(name, port):
with open(os.path.join(WS_TOKENS_DIR, name), 'w') as f:
+ name = base64.urlsafe_b64encode(name)
f.write('%s: localhost:%s' % (name.encode('utf-8'), port))
diff --git a/ui/js/src/kimchi.api.js b/ui/js/src/kimchi.api.js
index 021be63..99ac730 100644
--- a/ui/js/src/kimchi.api.js
+++ b/ui/js/src/kimchi.api.js
@@ -352,7 +352,7 @@ var kimchi = {
}).done(function() {
url = 'https://' + location.hostname + ':' +
proxy_port;
url += "/console.html?url=vnc_auto.html&port=" +
proxy_port;
- url += "&path=?token=" + encodeURIComponent(vm);
+ url += "&path=?token=" + kimchi.urlSafeB64Encode(vm);
url += "&kimchi=" + location.port;
url += '&encrypt=1';
window.open(url);
@@ -377,7 +377,7 @@ var kimchi = {
url = 'https://' + location.hostname + ':' +
proxy_port;
url += "/console.html?url=spice.html&port=" +
proxy_port;
url += "&listen=" + location.hostname;
- url += "&token=" + encodeURIComponent(vm);
+ url += "&token=" + kimchi.urlSafeB64Encode(vm);
url += "&kimchi=" + location.port;
url += '&encrypt=1';
window.open(url);
--
Thanks and best regards!
Sheldon Feng(冯少合)<shaohef(a)linux.vnet.ibm.com>
IBM Linux Technology Center
7:09 a.m.
Reviewed-by: Daniel Barboza <danielhb(a)linux.vnet.ibm.com>
Tested-by: Daniel Barboza <danielhb(a)linux.vnet.ibm.com>
On 07/22/2014 01:42 PM, alinefm(a)linux.vnet.ibm.com wrote:
From: Aline Manera <alinefm(a)linux.vnet.ibm.com>
websockify.py uses urlparse.parse_qs() to parse token parameter in the
console URL
/vnc_auto.html?port=64667&path=?token=issue%2B374&encrypt=1
And even encoding the VM name using encodeURIComponent() it replaces the
plus sign for a white space,
{'token': ['issue 374']}
That way websockify will never be able to find the console port based on VM
name.
To fix it, use base64 for encoding the VM name while setting up the
console configuration and accessing it using noVNC or Spice.
Signed-off-by: Aline Manera <alinefm(a)linux.vnet.ibm.com>
---
src/kimchi/vnc.py | 2 ++
ui/js/src/kimchi.api.js | 4 ++--
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/kimchi/vnc.py b/src/kimchi/vnc.py
index 002b950..9380e21 100644
--- a/src/kimchi/vnc.py
+++ b/src/kimchi/vnc.py
@@ -18,6 +18,7 @@
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+import base64
import errno
import os
import subprocess
@@ -53,6 +54,7 @@ def new_ws_proxy():
def add_proxy_token(name, port):
with open(os.path.join(WS_TOKENS_DIR, name), 'w') as f:
+ name = base64.urlsafe_b64encode(name)
f.write('%s: localhost:%s' % (name.encode('utf-8'), port))
diff --git a/ui/js/src/kimchi.api.js b/ui/js/src/kimchi.api.js
index 021be63..99ac730 100644
--- a/ui/js/src/kimchi.api.js
+++ b/ui/js/src/kimchi.api.js
@@ -352,7 +352,7 @@ var kimchi = {
}).done(function() {
url = 'https://' + location.hostname + ':' +
proxy_port;
url += "/console.html?url=vnc_auto.html&port=" +
proxy_port;
- url += "&path=?token=" + encodeURIComponent(vm);
+ url += "&path=?token=" + kimchi.urlSafeB64Encode(vm);
url += "&kimchi=" + location.port;
url += '&encrypt=1';
window.open(url);
@@ -377,7 +377,7 @@ var kimchi = {
url = 'https://' + location.hostname + ':' +
proxy_port;
url += "/console.html?url=spice.html&port=" +
proxy_port;
url += "&listen=" + location.hostname;
- url += "&token=" + encodeURIComponent(vm);
+ url += "&token=" + kimchi.urlSafeB64Encode(vm);
url += "&kimchi=" + location.port;
url += '&encrypt=1';
window.open(url);
3804
days inactive
3806
days old
3 comments
4 participants
participants (4)
-
Aline Manera -
alinefm@linux.vnet.ibm.com
-
Daniel H Barboza -
Sheldon