diff options
| author | Alon Levy <alevy@redhat.com> | 2011-07-23 13:36:10 +0300 |
|---|---|---|
| committer | Alon Levy <alevy@redhat.com> | 2011-07-23 13:37:39 +0300 |
| commit | 7c4804541084ba8f1d11c4c86f0276235520c7be (patch) | |
| tree | 8735de8e605d8f5db74dcfa4fa7ca3e599aa1a47 | |
| parent | 432c5870104f583166234b9655628f359983bbfa (diff) | |
scripts/xspice: prevent running with missing certificates
since spice-server aborts if it is missing any of the ca-cert, server cert
or server key, when running with --tls-port, check for them ourselves first.
also add missing --x509-cert-file switch, and add --disable-ticketing
to example in --help.
| -rwxr-xr-x | scripts/xspice | 30 |
1 files changed, 26 insertions, 4 deletions
diff --git a/scripts/xspice b/scripts/xspice index edf3203..f411619 100755 --- a/scripts/xspice +++ b/scripts/xspice @@ -37,7 +37,7 @@ def add_boolean(flag, *args, **kw): wan_compression_options = ['auto', 'never', 'always'] parser = argparse.ArgumentParser("xspice", - description="X and Spice server. example usage: xspice --port 5900 :1.0", + description="X and Spice server. example usage: xspice --port 5900 --disable-ticketing :1.0", usage="xspice [xspice and Xorg options intermixed]", epilog="Any options not parsed by xspice get passed to Xorg as is.") parser.add_argument('--xorg', default=which('Xorg')) @@ -48,9 +48,10 @@ parser.add_argument('--port', type=int, help='standard spice port') parser.add_argument('--tls-port', type=int, help='spice tls port') add_boolean('--disable-ticketing', help="do not require a client password") add_boolean('--sasl', help="enable sasl") -parser.add_argument('--x509-dir', help="x509 directory for tls") +parser.add_argument('--x509-dir', help="x509 directory for tls", default='.') parser.add_argument('--cacert-file', help="ca certificate file for tls") -parser.add_argument('--x509-key-file', help="key file for tls") +parser.add_argument('--x509-cert-file', help="server certificate file for tls") +parser.add_argument('--x509-key-file', help="server key file for tls") parser.add_argument('--x509-key-password', help="key file password for tls") parser.add_argument('--tls-ciphers') parser.add_argument('--dh-file') @@ -79,6 +80,26 @@ if cgdb: args, xorg_args = parser.parse_known_args(sys.argv[1:]) +def tls_files(args): + if args.tls_port == 0: + return {} + files = {} + for k, var in [('ca-cert', 'cacert_file'), + ('server-key', 'x509_key_file'), + ('server-cert', 'x509_cert_file')]: + files[k] = os.path.join(args.x509_dir, k + '.pem') + if getattr(args, var): + files[k] = getattr(args, var) + return files + +# XXX spice-server aborts if it can't find the certificates - avoid by checking +# ourselves. This isn't exhaustive - if the server key requires a password +# and it isn't supplied spice will still abort, and Xorg with it. +for key, filename in tls_files(args).items(): + if not os.path.exists(filename): + print "missing %s - %s does not exist" % (key, filename) + sys.exit(1) + def error(msg, exit_code=1): print "xspice: %s" % msg sys.exit(exit_code) @@ -87,7 +108,8 @@ if not args.xorg: error("Xorg missing") var_args = ['port', 'tls_port', 'disable_ticketing', - 'x509_dir', 'sasl', 'cacert_file', 'x509_key_file', 'x509_key_password', + 'x509_dir', 'sasl', 'cacert_file', 'x509_cert_file', + 'x509_key_file', 'x509_key_password', 'tls_ciphers', 'dh_file', 'password', 'image_compression', 'jpeg_wan_compression', 'zlib_glz_wan_compression', 'streaming_video'] |