Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
t.start()
LibvirtConfig.set_console_enabled(True)
if LibvirtConfig.websockify_enabled() and enabled():
if Config.is_eventlet():
try:
import websockify
from websockify import ProxyRequestHandler
from cattle.plugins.libvirt.compute import LibvirtCompute
ws = WebsockifyProxy()
register_type(LIFECYCLE, ws)
register_type(REQUEST_HANDLER, ws)
class RequestHandler(ProxyRequestHandler):
def new_websocket_client(self):
if Config.is_eventlet():
from eventlet import hubs
hubs.use_hub()
return ProxyRequestHandler.new_websocket_client(self)
except:
log.exception('Not starting websocket proxy for VNC')
else:
log.error('Can only run websocket proxy for VNC with eventlets')
# happen. That part is handed back to noNVC.
#
# I got this byte by debugging a live connection to a running libvirt.
#
# It might be the case that VNC treats X509VNC as two separate security
# negotiation (1: TLS, 2: password), each acknowledged by that one
# byte, but this is only my hypothesis.
# Do a regular TLS negotiation
self.log.info(
"VeNCrypt negotiation succeeded. Setting up TLS connection")
self.sock = ssl.wrap_socket(self.sock)
self.log.info("VeNCrypt negotiation done")
class OvirtProxyRequestHandler(websockify.ProxyRequestHandler):
RFB_HANDSHAKE = 'RFB 003.008\n'
def __init__(self, retsock, address, proxy, *args, **kwargs):
self._proxy = proxy
websockify.ProxyRequestHandler.__init__(self, retsock, address, proxy,
*args, **kwargs)
def get_target(self, target_cfg, path):
"""
Parses the path, extracts a token, and looks for a valid
target for that token in the configuration file(s). Returns
target_host and target_port if successful and sets an ssl_target
flag.
"""
connection_data = json.loads(urllib.unquote(
self._proxy._ticketDecoder.decode(path[1:])))
def new_websocket_client(self):
if Config.is_eventlet():
from eventlet import hubs
hubs.use_hub()
return ProxyRequestHandler.new_websocket_client(self)
except:
try:
from websockify.token_plugins import TokenFile
tokenFile = True
except ImportError:
tokenFile = False
try:
from websockify import ProxyRequestHandler as request_proxy
except:
from websockify import WebSocketProxy as request_proxy
WS_TOKENS_DIR = os.path.join(PluginPaths('kimchi').state_dir, 'ws-tokens')
class CustomHandler(request_proxy):
def get_target(self, target_plugin, path):
if issubclass(CustomHandler, object):
target = super(CustomHandler, self).get_target(target_plugin,
path)
else:
target = request_proxy.get_target(self, target_plugin, path)
if target[0] == 'unix_socket':
try:
self.server.unix_target = target[1]
except:
self.unix_target = target[1]
else:
try:
self.server.unix_target = None
def get_target(self, target_plugin, path):
if issubclass(CustomHandler, object):
target = super(CustomHandler, self).get_target(target_plugin,
path)
else:
target = request_proxy.get_target(self, target_plugin, path)
if target[0] == 'unix_socket':
try:
self.server.unix_target = target[1]
except:
self.unix_target = target[1]
else:
try:
self.server.unix_target = None
except:
self.unix_target = None
return target
def new_websocket_client(self):
"""
Called after a new WebSocket connection has been established.
Partially copied from websockify.ProxyRequestHandler to be able to
take over RFB protocol negotiation.
"""
if not self.server.ssl_target:
# Non-SSL connections can be handled the old way
self.log_message(
"Not a SSL connection, falling back to standard Websockify"
" connection handling")
websockify.ProxyRequestHandler.new_websocket_client(self)
# Connect to the target
if self.server.wrap_cmd:
msg = "connecting to command: '{command}' (port {port})".format(
command=" ".join(self.server.wrap_cmd),
port=self.server.target_port
)
elif self.server.unix_target:
msg = "connecting to unix socket: {socket}".format(
socket=self.server.unix_target
)
else:
msg = "connecting to: {host}:{port}".format(
host=self.server.target_host,
port=self.server.target_port
)
origin = urlparse.urlparse(origin_url)
origin_hostname = origin.hostname
origin_scheme = origin.scheme
if origin_hostname == '' or origin_scheme == '':
detail = _("Origin header not valid.")
raise exception.ValidationError(detail)
if origin_hostname not in expected_origin_hostnames:
detail = _("Origin header does not match this host.")
raise exception.ValidationError(detail)
if not self.verify_origin_proto(access_url, origin_scheme):
detail = _("Origin header protocol does not match this host.")
raise exception.ValidationError(detail)
class ZunProxyRequestHandler(ZunProxyRequestHandlerBase,
websockify.ProxyRequestHandler):
def __init__(self, *args, **kwargs):
websockify.ProxyRequestHandler.__init__(self, *args, **kwargs)
def socket(self, *args, **kwargs):
return websockify.WebSocketServer.socket(*args, **kwargs)
class ZunWebSocketProxy(websockify.WebSocketProxy):
@staticmethod
def get_logger():
return LOG
# Start proxying
try:
self.do_proxy(tsock)
except Exception:
if tsock:
tsock.shutdown(socket.SHUT_RDWR)
tsock.close()
self.vmsg(_("%(host)s:%(port)s: "
"Websocket client or target closed") %
{'host': host, 'port': port})
raise
class NovaProxyRequestHandler(NovaProxyRequestHandlerBase,
websockify.ProxyRequestHandler):
def __init__(self, *args, **kwargs):
self._compute_rpcapi = None
websockify.ProxyRequestHandler.__init__(self, *args, **kwargs)
@property
def compute_rpcapi(self):
# Lazy load the rpcapi/ComputeAPI upon first use for this connection.
# This way, if we receive a TCP RST, we will not create a ComputeAPI
# object we won't use.
if not self._compute_rpcapi:
self._compute_rpcapi = compute_rpcapi.ComputeAPI()
return self._compute_rpcapi
def socket(self, *args, **kwargs):
return websockify.WebSocketServer.socket(*args, **kwargs)