1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
|
Description: Fixed broken vncproxy flush tokens patch
This review (https://review.openstack.org/22872) attempted to
resolve a critical security issue but ended up completely breaking
the vncproxy. The wrong dict keys were being used for Essex and the
API calls were incomplete. This patch makes the proxy work again.
Author: Rafi Khardalian <rafi@metacloud.com>
Origin: upstream, https://review.openstack.org/gitweb?p=openstack%2Fnova.git;a=commitdiff_plain;h=48e81f1554ce41c3d4f7445421d19f4a8128e98d
Bug-Debian: http://bugs.debian.org/703242
Bug-Ubuntu: https://launchpad.net/bugs/1125378
Date: Thu, 7 Mar 2013 00:19:08 +0000 (+0000)
diff --git a/nova/compute/api.py b/nova/compute/api.py
index a317c44..8309fbb 100644
--- a/nova/compute/api.py
+++ b/nova/compute/api.py
@@ -1561,12 +1561,14 @@ class API(BaseAPI):
return {'url': connect_info['access_url']}
@wrap_check_policy
- def validate_vnc_console(self, context, instance_id, host, port):
+ def validate_vnc_console(self, context, instance_id, host, port,
+ console_type):
"""Validate VNC Console for an instance."""
instance = self.get(context, instance_id)
output = self._call_compute_message('get_vnc_console',
- context,
- instance)
+ context,
+ instance,
+ params={"console_type": console_type})
return (port == output['port'] and host == output['host'])
@wrap_check_policy
diff --git a/nova/consoleauth/manager.py b/nova/consoleauth/manager.py
index 5690ef3..507bdc5 100644
--- a/nova/consoleauth/manager.py
+++ b/nova/consoleauth/manager.py
@@ -84,14 +84,15 @@ class ConsoleAuthManager(manager.Manager):
LOG.audit(_("Received Token: %(token)s, %(token_dict)s)"), locals())
- def _validate_console(self, token):
+ def _validate_console(self, context, token):
console_valid = False
token_dict = self.tokens[token]
try:
console_valid = self.compute_api.validate_vnc_console(context,
- token_dict['instance_uuid'],
+ token_dict['instance_id'],
token_dict['host'],
- token_dict['port'])
+ token_dict['port'],
+ token_dict['console_type'])
except exception.InstanceNotFound:
pass
return console_valid
@@ -99,7 +100,7 @@ class ConsoleAuthManager(manager.Manager):
def check_token(self, context, token):
token_valid = token in self.tokens
LOG.audit(_("Checking Token: %(token)s, %(token_valid)s)"), locals())
- if token_valid and self._validate_console(token):
+ if token_valid and self._validate_console(context, token):
return self.tokens[token]
def delete_tokens_for_instance(self, context, instance_id):
diff --git a/nova/tests/test_compute.py b/nova/tests/test_compute.py
index 7bd6fcd..bff08a4 100644
--- a/nova/tests/test_compute.py
+++ b/nova/tests/test_compute.py
@@ -767,7 +767,8 @@ class ComputeTestCase(BaseTestCase):
console_valid = self.compute_api.validate_vnc_console(self.context,
instance['uuid'],
'myhost',
- '5900')
+ '5900',
+ 'novnc')
self.assertTrue(console_valid)
self.compute.terminate_instance(self.context, instance['uuid'])
@@ -783,7 +784,8 @@ class ComputeTestCase(BaseTestCase):
console_valid = self.compute_api.validate_vnc_console(self.context,
instance['uuid'],
'myhost',
- '5900')
+ '5900',
+ 'novnc')
self.assertFalse(console_valid)
self.compute.terminate_instance(self.context, instance['uuid'])
@@ -793,7 +795,7 @@ class ComputeTestCase(BaseTestCase):
self.compute.run_instance(self.context, instance['uuid'])
self.assertRaises(exception.InstanceNotFound,
self.compute_api.validate_vnc_console,
- self.context, 5555, 'myhost', '5900')
+ self.context, 5555, 'myhost', '5900', 'novnc')
self.compute.terminate_instance(self.context, instance['uuid'])
def test_xvpvnc_vnc_console(self):
|
