[Kimchi-devel] [PATCH] issue #374: Use base64 encoding to launch VM console

Wed Jul 23 02:20:22 UTC 2014

Reviewed-by: ShaoHe Feng <shaohef at linux.vnet.ibm.com>

On 07/23/2014 12:42 AM, alinefm at linux.vnet.ibm.com wrote:
> From: Aline Manera <alinefm at linux.vnet.ibm.com>
>
> websockify.py uses urlparse.parse_qs() to parse token parameter in the
> console URL
>
> /vnc_auto.html?port=64667&path=?token=issue%2B374&encrypt=1
>
> And even encoding the VM name using encodeURIComponent() it replaces the
> plus sign for a white space,
>
> {'token': ['issue 374']}
>
> That way websockify will never be able to find the console port based on VM
> name.
>
> To fix it, use base64 for encoding the VM name while setting up the
> console configuration and accessing it using noVNC or Spice.
>
> Signed-off-by: Aline Manera <alinefm at linux.vnet.ibm.com>
> ---
>   src/kimchi/vnc.py       | 2 ++
>   ui/js/src/kimchi.api.js | 4 ++--
>   2 files changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/src/kimchi/vnc.py b/src/kimchi/vnc.py
> index 002b950..9380e21 100644
> --- a/src/kimchi/vnc.py
> +++ b/src/kimchi/vnc.py
> @@ -18,6 +18,7 @@
>   # License along with this library; if not, write to the Free Software
>   # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
>
> +import base64
>   import errno
>   import os
>   import subprocess
> @@ -53,6 +54,7 @@ def new_ws_proxy():
>
>   def add_proxy_token(name, port):
>       with open(os.path.join(WS_TOKENS_DIR, name), 'w') as f:
> +        name = base64.urlsafe_b64encode(name)
>           f.write('%s: localhost:%s' % (name.encode('utf-8'), port))
>
>
> diff --git a/ui/js/src/kimchi.api.js b/ui/js/src/kimchi.api.js
> index 021be63..99ac730 100644
> --- a/ui/js/src/kimchi.api.js
> +++ b/ui/js/src/kimchi.api.js
> @@ -352,7 +352,7 @@ var kimchi = {
>               }).done(function() {
>                   url = 'https://' + location.hostname + ':' + proxy_port;
>                   url += "/console.html?url=vnc_auto.html&port=" + proxy_port;
> -                url += "&path=?token=" + encodeURIComponent(vm);
> +                url += "&path=?token=" + kimchi.urlSafeB64Encode(vm);
>                   url += "&kimchi=" + location.port;
>                   url += '&encrypt=1';
>                   window.open(url);
> @@ -377,7 +377,7 @@ var kimchi = {
>                   url = 'https://' + location.hostname + ':' + proxy_port;
>                   url += "/console.html?url=spice.html&port=" + proxy_port;
>                   url += "&listen=" + location.hostname;
> -                url += "&token=" + encodeURIComponent(vm);
> +                url += "&token=" + kimchi.urlSafeB64Encode(vm);
>                   url += "&kimchi=" + location.port;
>                   url += '&encrypt=1';
>                   window.open(url);


-- 
Thanks and best regards!

Sheldon Feng(冯少合)<shaohef at linux.vnet.ibm.com>
IBM Linux Technology Center