GithubFollow/One-KVM
1
0
Fork 0
mirror of https://github.com/mofeng-git/One-KVM.git synced 2025-12-12 17:20:30 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

vnc option to disabled tls

Browse Source
This commit is contained in:
Devaev Maxim 2020-07-31 05:27:41 +03:00
parent 756c4195fc
commit 5953604b6b
2 changed files with 11 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
kvmd/apps/__init__.py
View File

@ -366,7 +366,7 @@ def _get_config_scheme() -> Dict:
}, },
"tls": { "tls": {
"ciphers": Option("ALL:@SECLEVEL=0", type=valid_ssl_ciphers), "ciphers": Option("ALL:@SECLEVEL=0", type=(lambda arg: valid_ssl_ciphers(arg) if arg else "")),
"timeout": Option(5.0, type=valid_float_f01), "timeout": Option(5.0, type=valid_float_f01),
}, },
}, },

22
kvmd/apps/vnc/rfb/__init__.py
View File

@ -239,24 +239,21 @@ class RfbClient(RfbClientStream): # pylint: disable=too-many-instance-attribute
await self._write_struct("B", 0) await self._write_struct("B", 0)
if self.__none_auth_only: if self.__none_auth_only:
auth_types = { auth_types = {1: ("VeNCrypt/None", False, self.__handshake_security_none)}
1: ("VeNCrypt/None", False, self.__handshake_security_none), if self.__tls_ciphers:
257: ("VeNCrypt/TLSNone", True, self.__handshake_security_none), auth_types[257] = ("VeNCrypt/TLSNone", True, self.__handshake_security_none)
}
else: else:
auth_types = { auth_types = {256: ("VeNCrypt/Plain", False, self.__handshake_security_vencrypt_userpass)}
256: ("VeNCrypt/Plain", False, self.__handshake_security_vencrypt_userpass), if self.__tls_ciphers:
259: ("VeNCrypt/TLSPlain", True, self.__handshake_security_vencrypt_userpass), auth_types[259] = ("VeNCrypt/TLSPlain", True, self.__handshake_security_vencrypt_userpass)
}
if self.__vnc_passwds: if self.__vnc_passwds:
# Vinagre не умеет работать с VNC Auth через VeNCrypt, но это его проблемы, # Vinagre не умеет работать с VNC Auth через VeNCrypt, но это его проблемы,
# так как он своеобразно трактует рекомендации VeNCrypt. # так как он своеобразно трактует рекомендации VeNCrypt.
# Подробнее: https://bugzilla.redhat.com/show_bug.cgi?id=692048 # Подробнее: https://bugzilla.redhat.com/show_bug.cgi?id=692048
# Hint: используйте любой другой нормальный VNC-клиент. # Hint: используйте любой другой нормальный VNC-клиент.
auth_types.update({ auth_types[2] = ("VeNCrypt/VNCAuth", False, self.__handshake_security_vnc_auth)
2: ("VeNCrypt/VNCAuth", False, self.__handshake_security_vnc_auth), if self.__tls_ciphers:
258: ("VeNCrypt/TLSVNCAuth", True, self.__handshake_security_vnc_auth), auth_types[258] = ("VeNCrypt/TLSVNCAuth", True, self.__handshake_security_vnc_auth)
})
await self._write_struct("B" + "L" * len(auth_types), len(auth_types), *auth_types) await self._write_struct("B" + "L" * len(auth_types), len(auth_types), *auth_types)
@ -268,6 +265,7 @@ class RfbClient(RfbClientStream): # pylint: disable=too-many-instance-attribute
get_logger(0).info("[main] %s: Using %s auth type", self._remote, auth_name) get_logger(0).info("[main] %s: Using %s auth type", self._remote, auth_name)
if tls: if tls:
assert self.__tls_ciphers, (self.__tls_ciphers, auth_name, tls, handler)
await self._write_struct("B", 1) # Ack await self._write_struct("B", 1) # Ack
ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
ssl_context.set_ciphers(self.__tls_ciphers) ssl_context.set_ciphers(self.__tls_ciphers)