
From: Aline Manera <alinefm@linux.vnet.ibm.com> When setting the listener IP to 0.0.0.0 anyone can connect to the freshly configured kimchi virtual machine manager box on port 5900, 5901, etc. and take over any virtual machine, since VNC is per default configured by kimchi to listen on all IPs. As websockets proxy connects to QEMU-VNC from 127.0.0.1 also set VNC listener IP to 127.0.0.1 Signed-off-by: Aline Manera <alinefm@linux.vnet.ibm.com> --- src/kimchi/mockmodel.py | 2 +- src/kimchi/osinfo.py | 2 +- tests/test_mockmodel.py | 2 +- tests/test_model.py | 2 +- tests/test_rest.py | 6 +++--- tests/test_vmtemplate.py | 8 ++++---- 6 files changed, 11 insertions(+), 11 deletions(-) diff --git a/src/kimchi/mockmodel.py b/src/kimchi/mockmodel.py index 1584471..ed275d5 100644 --- a/src/kimchi/mockmodel.py +++ b/src/kimchi/mockmodel.py @@ -1064,7 +1064,7 @@ def __init__(self, uuid, name, template_info): 'memory': self.memory, 'cpus': self.cpus, 'icon': None, - 'graphics': {'type': 'vnc', 'listen': '0.0.0.0', + 'graphics': {'type': 'vnc', 'listen': '127.0.0.1', 'port': None}, 'users': ['user1', 'user2', 'root'], 'groups': ['group1', 'group2', 'admin'], diff --git a/src/kimchi/osinfo.py b/src/kimchi/osinfo.py index 39c9163..d2a1c1d 100644 --- a/src/kimchi/osinfo.py +++ b/src/kimchi/osinfo.py @@ -94,7 +94,7 @@ defaults = {'networks': ['default'], 'storagepool': '/storagepools/default', 'domain': 'kvm', 'arch': os.uname()[4], - 'graphics': {'type': 'vnc', 'listen': '0.0.0.0'}} + 'graphics': {'type': 'vnc', 'listen': '127.0.0.1'}} def _get_arch(): diff --git a/tests/test_mockmodel.py b/tests/test_mockmodel.py index 223879c..97b5fdb 100644 --- a/tests/test_mockmodel.py +++ b/tests/test_mockmodel.py @@ -154,7 +154,7 @@ def test_vm_info(self): self.assertEquals('images/icon-vm.png', info['icon']) self.assertEquals(stats_keys, set(info['stats'].keys())) self.assertEquals('vnc', info['graphics']['type']) - self.assertEquals('0.0.0.0', info['graphics']['listen']) + self.assertEquals('127.0.0.1', info['graphics']['listen']) def test_packages_update(self): pkgs = model.packagesupdate_get_list() diff --git a/tests/test_model.py b/tests/test_model.py index da9dae5..cab8288 100644 --- a/tests/test_model.py +++ b/tests/test_model.py @@ -118,7 +118,7 @@ def test_vm_graphics(self): info = inst.vm_lookup('kimchi-vnc') self.assertEquals('vnc', info['graphics']['type']) - self.assertEquals('0.0.0.0', info['graphics']['listen']) + self.assertEquals('127.0.0.1', info['graphics']['listen']) graphics = {'type': 'spice', 'listen': '127.0.0.1'} params = {'name': 'kimchi-spice', 'template': '/templates/test', diff --git a/tests/test_rest.py b/tests/test_rest.py index 3ea1927..4feb298 100644 --- a/tests/test_rest.py +++ b/tests/test_rest.py @@ -370,7 +370,7 @@ def test_vm_graphics(self): self.assertEquals(201, resp.status) # Verify the VM vm = json.loads(self.request('/vms/test-vm').read()) - self.assertEquals('0.0.0.0', vm['graphics']['listen']) + self.assertEquals('127.0.0.1', vm['graphics']['listen']) self.assertEquals('vnc', vm['graphics']['type']) # Delete the VM resp = self.request('/vms/test-vm', '{}', 'DELETE') @@ -412,7 +412,7 @@ def test_vm_graphics(self): self.assertEquals(201, resp.status) # Verify the VM vm = json.loads(self.request('/vms/test-vm').read()) - self.assertEquals('0.0.0.0', vm['graphics']['listen']) + self.assertEquals('127.0.0.1', vm['graphics']['listen']) self.assertEquals('spice', vm['graphics']['type']) # Delete the VM resp = self.request('/vms/test-vm', '{}', 'DELETE') @@ -1132,7 +1132,7 @@ def verify_template(t, res): # Update the template t['os_distro'] = 'Linux.ISO' t['os_version'] = '1.1' - t['graphics'] = {'type': 'vnc', 'listen': '0.0.0.0'} + t['graphics'] = {'type': 'vnc', 'listen': '127.0.0.1'} req = json.dumps(t) resp = self.request('/templates/%s' % t['name'], req, 'PUT') self.assertEquals(200, resp.status) diff --git a/tests/test_vmtemplate.py b/tests/test_vmtemplate.py index 821ca24..acf0150 100644 --- a/tests/test_vmtemplate.py +++ b/tests/test_vmtemplate.py @@ -31,7 +31,7 @@ def test_minimal_construct(self): ('os_version', 'unknown'), ('cpus', 1), ('memory', 1024), ('cdrom', ''), ('networks', ['default']), ('disk_bus', 'ide'), ('nic_model', 'e1000'), - ('graphics', {'type': 'vnc', 'listen': '0.0.0.0'})) + ('graphics', {'type': 'vnc', 'listen': '127.0.0.1'})) args = {'name': 'test'} t = VMTemplate(args) @@ -55,7 +55,7 @@ def test_specified_graphics(self): self.assertEquals(graphics, t.info['graphics']) # Test specified type - graphics = {'type': 'spice', 'listen': '0.0.0.0'} + graphics = {'type': 'spice', 'listen': '127.0.0.1'} args['graphics'] = graphics t = VMTemplate(args) self.assertEquals(graphics, t.info['graphics']) @@ -65,10 +65,10 @@ def test_specified_graphics(self): args['graphics'] = graphics t = VMTemplate(args) self.assertEquals(graphics['type'], t.info['graphics']['type']) - self.assertEquals('0.0.0.0', t.info['graphics']['listen']) + self.assertEquals('127.0.0.1', t.info['graphics']['listen']) def test_to_xml(self): - graphics = {'type': 'spice', 'listen': '0.0.0.0'} + graphics = {'type': 'spice', 'listen': '127.0.0.1'} vm_uuid = str(uuid.uuid4()).replace('-', '') t = VMTemplate({'name': 'test-template'}) xml = t.to_vm_xml('test-vm', vm_uuid, graphics=graphics) -- 1.9.3