Add checkbox to enable SSL connection for SPICE

If in OpenNebula not enabled TLS for SPICE protocol, when
cannot connect to OpenNebula with generated virt-viewer connection
config file, because "secure-channel" options successfully work
over TLS only.
This changes allow enable or disable TLS on UDS site.

.gear/openuds-httpd-ssl.conf

@@ -0,0 +1,43 @@
+<IfModule ssl_module>
+
+#Listen 443
+
+<VirtualHost *:443>
+    SSLEngine On
+    SSLCertificateFile /etc/httpd2/ssl.crt/openuds-server.crt
+    SSLCertificateKeyFile /etc/httpd2/ssl.key/openuds-server.key
+
+    ServerName openuds.example.com
+    ServerAdmin webmaster@openuds.example.com
+
+    DocumentRoot /usr/share/openuds
+
+    Alias /favicon.ico /usr/share/openuds/uds/static/modern/img/favicon.ico
+    Alias /static/ /usr/share/openuds/uds/static/
+    Alias /uds/res/ /usr/share/openuds/uds/static/
+
+
+    LogLevel warn
+    ErrorLog /var/log/openuds/error.log
+#    CustomLog /var/log/openuds/access.log combined
+
+    WSGIScriptReloading On
+    WSGIDaemonProcess openuds processes=2 threads=10 python-path=/usr/share/openuds user=openuds group=openuds display-name=%{GROUP}
+    WSGIProcessGroup openuds
+    WSGIApplicationGroup openuds
+    WSGIPassAuthorization On
+    WSGIScriptAlias / /usr/share/openuds/server/wsgi.py
+
+
+    <Directory /usr/share/openuds/uds>
+      Require all granted
+    </Directory>
+
+    <Directory /usr/share/openuds/server>
+      <Files wsgi.py>
+      Require all granted
+      </Files>
+    </Directory>
+
+</VirtualHost>
+</IfModule>

.gear/openuds-httpd.conf

@@ -0,0 +1,34 @@
+
+#Listen 443
+
+<VirtualHost *:80>
+
+    DocumentRoot /usr/share/openuds
+
+    Alias /favicon.ico /usr/share/openuds/uds/static/modern/img/favicon.ico
+    Alias /static/ /usr/share/openuds/uds/static/
+    Alias /uds/res/ /usr/share/openuds/uds/static/
+
+    LogLevel warn
+    ErrorLog /var/log/openuds/error.log
+#    CustomLog /var/log/openuds/access.log combined
+
+    WSGIScriptReloading On
+    WSGIDaemonProcess openuds processes=2 threads=10 python-path=/usr/share/openuds user=openuds group=openuds display-name=%{GROUP}
+    WSGIProcessGroup openuds
+    WSGIApplicationGroup openuds
+    WSGIPassAuthorization On
+    WSGIScriptAlias / /usr/share/openuds/server/wsgi.py
+
+
+    <Directory /usr/share/openuds/uds>
+      Require all granted
+    </Directory>
+
+    <Directory /usr/share/openuds/server>
+      <Files wsgi.py>
+      Require all granted
+      </Files>
+    </Directory>
+
+</VirtualHost>

.gear/openuds-nginx-sites.conf

@@ -0,0 +1,79 @@
+upstream uds_server {
+    server unix:/run/openuds/socket fail_timeout=10s;
+}
+
+map $http_x_forwarded_proto $thescheme {
+    default $scheme;
+    https https;
+}
+
+server {
+    listen 80 default_server;
+    listen [::]:80 default_server;
+
+    # SSL configuration
+    #
+    listen 443 ssl http2 default_server;
+    listen [::]:443 ssl http2 default_server;
+
+    ssl_protocols TLSv1.2;
+    ssl_prefer_server_ciphers on;
+    ssl_session_timeout  10m;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_tickets off;
+    #resolver $DNS-IP-1 $DNS-IP-2 valid=300s;
+    resolver_timeout 5s;
+    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
+    add_header X-Frame-Options DENY;
+    add_header X-Content-Type-Options nosniff;
+    add_header X-XSS-Protection "1; mode=block";
+
+    ssl_certificate /var/lib/ssl/certs/nginx-openuds.cert;
+    ssl_certificate_key /var/lib/ssl/private/nginx-openuds.key;
+
+    root /usr/share/openuds/;
+
+    # Add index.php to the list if you are using PHP
+    index index.html;
+
+    server_name _;
+
+    # Activate GZIP
+    # In our app, saves around 80% or the traffic.
+    #
+    gzip on;
+    gzip_proxied any;
+    # text/html is always included
+    gzip_types
+        text/css
+        text/javascript
+        text/xml
+        text/plain
+        application/javascript
+        application/x-javascript
+        application/json;
+
+    location /favicon.ico {
+        alias /usr/share/openuds/uds/static/modern/img/favicon.ico;
+    }
+
+    location /uds/res/ {
+        autoindex off;
+        alias /usr/share/openuds/uds/static/;
+    }
+    location / {
+        # First attempt to server /maintenance (to allow easy backend maintenance) if exists
+        # if not, fallback to UDS
+        try_files /maintenance.html @proxy_to_uds;
+    }
+
+    location @proxy_to_uds {
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto $thescheme;
+      proxy_set_header Host $http_host;
+      # we don't want nginx trying to do something clever with
+      # redirects, we set the Host: header above already.
+      proxy_redirect off;
+      proxy_pass http://uds_server;
+    }
+}

.gear/openuds-server.spec

@@ -0,0 +1,218 @@
+%add_python3_lib_path %_datadir/openuds
+%allow_python3_import_path %_datadir/openuds
+%add_findreq_skiplist %_datadir/openuds/uds/transports/*/scripts/windows/* %_datadir/openuds/uds/transports/*/scripts/macosx/*
+%add_python3_req_skip uds.forward
+%add_python3_req_skip uds.tunnel
+%filter_from_provides /^python3(manage)/d
+%filter_from_provides /^python3(server)/d
+%filter_from_provides /^python3(server\.settings)/d
+%filter_from_provides /^python3(server\.urls)/d
+%filter_from_provides /^python3(server\.wsgi)/d
+
+Name: openuds-server
+Version: 3.5.0
+Release: alt2
+Summary: Universal Desktop Services (UDS) Broker
+License: BSD-3-Clause and MIT and Apache-2.0
+Group: Networking/Remote access
+URL: https://github.com/dkmstr/openuds
+AutoReqProv: yes, nopython
+Source0: %name-%version.tar
+
+Source10: openuds-httpd.conf
+Source11: openuds-httpd-ssl.conf
+Source12: openuds.logrotate
+Source13: openuds-nginx-sites.conf
+Source15: openuds-taskmanager.service
+Source16: openuds-web.service
+Source17: openuds-web.socket
+
+#Patch: %name-%version.patch
+BuildRequires(pre): rpm-macros-systemd
+Requires: python3-module-django >= 2.2
+Requires: python3-module-django-dbbackend-mysql >= 2.2
+Requires: python3-module-django-dbbackend-sqlite3 >= 2.2
+Requires: openssl
+Requires: logrotate
+Requires: openuds-installers
+
+Conflicts: openuds-tunnel openuds-guacamole-tunnel
+BuildArch: noarch
+BuildRequires(pre): rpm-build-python3
+BuildRequires(pre): webserver-common rpm-build-webserver-common rpm-macros-apache2
+BuildRequires: python3-module-django
+
+%description
+OpenUDS (Universal Desktop Services) is a multiplatform connection broker for:
+- VDI: Windows and Linux virtual desktops administration and deployment
+- App virtualization
+- Desktop services consolidation
+
+This package provides the required components
+to allow this machine to work as UDS Broker.
+
+
+%package apache2
+Group: Networking/WWW
+BuildArch: noarch
+Summary: apache2 configs for %name
+Requires: %name = %version-%release
+Requires: apache2-httpd-prefork-like
+Requires: apache2-base
+Requires: apache2-mod_wsgi-py3
+
+%description apache2
+%summary
+
+%package nginx
+Group: Networking/WWW
+BuildArch: noarch
+Summary: nginx configs for %name
+Requires: %name = %version-%release
+Requires: nginx
+Requires: python3-module-gunicorn
+Requires: cert-sh-functions
+
+%description nginx
+%summary
+
+%prep
+%setup
+#%patch -p1
+
+sed -i 's|#!/usr/bin/env python3|#!/usr/bin/python3|' \
+    $(find . -name '*.py')
+
+%build
+# Compile localization files
+django-admin compilemessages
+#find src/uds/locale -name \*.po -delete
+
+%install
+
+mkdir -p %buildroot{%_datadir,%_logdir,%_sysconfdir,%_sharedstatedir}/openuds
+cp -r src/* %buildroot%_datadir/openuds/
+mkdir -p %buildroot%_datadir/openuds/uds/static/clients
+mkdir -p %buildroot%_datadir/openuds/uds/osmanagers/WindowsOsManager/files
+mv %buildroot%_datadir/openuds/server/settings.py.sample %buildroot%_sysconfdir/openuds/settings.py
+ln -r -s %buildroot%_logdir/openuds %buildroot%_datadir/openuds/log
+ln -r -s %buildroot%_sysconfdir/openuds/settings.py %buildroot%_datadir/openuds/server/settings.py
+# drop httpd-conf snippet
+install -p -D -m 644 %SOURCE10 %buildroot%apache2_sites_available/openuds.conf
+install -p -D -m 644 %SOURCE11 %buildroot%apache2_sites_available/openuds-ssl.conf
+mkdir -p %buildroot%apache2_sites_enabled
+touch %buildroot%apache2_sites_enabled/openuds.conf
+install -p -D -m 644 %SOURCE12 %buildroot%_logrotatedir/openuds-server
+install -p -D -m 644 %SOURCE13 %buildroot%_sysconfdir/nginx/sites-available.d/openuds.conf
+mkdir -p %buildroot%_sysconfdir/nginx/sites-enabled.d
+touch %buildroot%_sysconfdir/nginx/sites-enabled.d/openuds.conf
+install -p -D -m 644 %SOURCE15 %buildroot%_unitdir/openuds-taskmanager.service
+install -p -D -m 644 %SOURCE16 %buildroot%_unitdir/openuds-web.service
+install -p -D -m 644 %SOURCE17 %buildroot%_unitdir/openuds-web.socket
+
+%pre
+%_sbindir/groupadd -r -f openuds >/dev/null 2>&1 ||:
+%_sbindir/useradd -M -r -g openuds -G _webserver -c 'OpenUDS Brocker Daemon' \
+        -s /bin/false  -d %_sharedstatedir/openuds openuds >/dev/null 2>&1 ||:
+
+%post
+if [ $1 -eq 1 ]; then
+# ugly hack to set a unique SECRET_KEY
+	sed -i "/^SECRET_KEY.*$/{N;s/^.*$/SECRET_KEY='`openssl rand -hex 10`'/}" %_sysconfdir/openuds/settings.py
+fi
+
+%post_systemd_postponed openuds-taskmanager.service
+
+%preun
+%preun_systemd openuds-taskmanager.service
+
+%post nginx
+%post_systemd_postponed openuds-web.socket openuds-web.service
+# Create SSL certificate for HTTPS server
+cert-sh generate nginx-openuds ||:
+
+%preun nginx
+%preun_systemd openuds-web.service openuds-web.socket
+
+%files
+%_datadir/openuds
+%dir %attr(0750, root, openuds) %_sysconfdir/openuds
+%config(noreplace) %attr(0640, root, openuds) %_sysconfdir/openuds/settings.py
+%dir %attr(0770, root, openuds) %_sharedstatedir/openuds
+%dir %attr(0770, root, openuds) %_logdir/openuds
+%config(noreplace) %_logrotatedir/openuds-server
+%_unitdir/openuds-taskmanager.service
+
+%files apache2
+%config(noreplace) %apache2_sites_available/*.conf
+%ghost %apache2_sites_enabled/*.conf
+
+%files nginx
+%config(noreplace) %_sysconfdir/nginx/sites-available.d/openuds.conf
+%ghost %_sysconfdir/nginx/sites-enabled.d/openuds.conf
+%_unitdir/openuds-web.service
+%_unitdir/openuds-web.socket
+
+%changelog
+* Tue Oct 04 2022 Alexey Shabalin <shaba@altlinux.org> 3.5.0-alt2
+- Build release-v3.5
+
+* Mon Aug 22 2022 Alexey Shabalin <shaba@altlinux.org> 3.5.0-alt1
+- v3.5 snapshot 83394f0d34daf18722923be8d57b35627b330121
+
+* Mon Nov 29 2021 Alexey Shabalin <shaba@altlinux.org> 3.0.0-alt13
+- Add link for download python 3.9 client.
+
+* Thu Oct 28 2021 Alexey Shabalin <shaba@altlinux.org> 3.0.0-alt12
+- Switch to use macros from rpm-build-systemd for post scripts.
+
+* Wed Oct 27 2021 Alexey Shabalin <shaba@altlinux.org> 3.0.0-alt11
+- Add requires openuds-installers (client and actor windows installers).
+- Revert "Remove download pages".
+- Fix client and actor file name on download page.
+
+* Mon Sep 06 2021 Alexey Shabalin <shaba@altlinux.org> 3.0.0-alt10
+- Updated RSA key to 4096 bit in config.
+
+* Wed Aug 18 2021 Alexey Shabalin <shaba@altlinux.org> 3.0.0-alt9
+- v3.0 snapshot 51b0cec5365698dffdb9a3a468d52bbba4656ba4
+
+* Fri Jul 09 2021 Alexey Shabalin <shaba@altlinux.org> 3.0.0-alt8
+- Fix Russian translation
+- Update SECRET_KEY config for install only in %%post
+
+* Wed Jun 23 2021 Andrey Cherepanov <cas@altlinux.org> 3.0.0-alt7.2
+- Compile l10n messages using django-admin
+- Add Russian language to server config file
+
+* Sat Jun 05 2021 Andrey Cherepanov <cas@altlinux.org> 3.0.0-alt7.1
+- NMU: package compiled localization files (ALT #40161)
+
+* Fri Apr 23 2021 Alexey Shabalin <shaba@altlinux.org> 3.0.0-alt7
+- Fix create home dir for user openuds
+
+* Thu Apr 22 2021 Alexey Shabalin <shaba@altlinux.org> 3.0.0-alt6
+- Switch to local memory from memcached by default in settings.py.
+- Fix openuds-web.service for execute gunicorn.py3 for use python3.
+- Add conflicts with openuds-tunnel,openuds-guacamole-tunnel.
+
+* Wed Apr 21 2021 Alexey Shabalin <shaba@altlinux.org> 3.0.0-alt5
+- Fix typo in nginx config (ALT #39968)
+
+* Wed Apr 14 2021 Mikhail Gordeev <obirvalger@altlinux.org> 3.0.0-alt4
+- Remove pages and buttons with downloading clients and actors
+
+* Mon Dec 07 2020 Alexey Shabalin <shaba@altlinux.org> 3.0.0-alt3
+- merge with upstream v3.0 branch (b1c43850908c5c207afa5812edc6c1ce46d8ca78)
+- update nginx config
+
+* Thu Dec 03 2020 Alexey Shabalin <shaba@altlinux.org> 3.0.0-alt2
+- move apache config to apache2 package
+- add package with nginx config and service for start django app over gunicorn
+
+* Thu Nov 05 2020 Alexey Shabalin <shaba@altlinux.org> 3.0.0-alt1
+- 3.0.0 Release
+
+* Tue Apr 14 2020 Alexey Shabalin <shaba@altlinux.org> 3.0.0-alt0.1.git.d7e30d14
+- Initial build for ALT
+

.gear/openuds-taskmanager.service

@@ -0,0 +1,16 @@
+[Unit]
+Description=OpenUDS Broker task manager
+After=network.target
+
+[Service]
+User=openuds
+Group=openuds
+RuntimeDirectory=openuds
+WorkingDirectory=/usr/share/openuds
+ExecStart=/usr/bin/python3 /usr/share/openuds/manage.py taskManager --start --foreground
+PrivateTmp=true
+Restart=always
+RestartSec=16
+
+[Install]
+WantedBy=multi-user.target

.gear/openuds-web.service

@@ -0,0 +1,21 @@
+[Unit]
+Description=OpenUDS Broker Web server daemon
+Requires=openuds-web.socket
+After=network.target
+
+[Service]
+PIDFile=/run/openuds/pid
+User=openuds
+Group=openuds
+RuntimeDirectory=openuds
+WorkingDirectory=/usr/share/openuds
+ExecStart=/usr/bin/gunicorn.py3 --pid /run/openuds/pid \
+          --bind unix:/run/openuds/socket server.wsgi \
+          --workers 5 --threads 8
+ExecReload=/bin/kill -s HUP $MAINPID
+ExecStop=/bin/kill -s TERM $MAINPID
+PrivateTmp=true
+
+[Install]
+WantedBy=multi-user.target
+Also=openuds-web.socket

.gear/openuds-web.socket

@@ -0,0 +1,10 @@
+[Unit]
+Description=OpenUDS Broker Web server socket
+
+[Socket]
+ListenStream=/run/openuds/socket
+SocketUser=openuds
+SocketGroup=_webserver
+
+[Install]
+WantedBy=sockets.target

.gear/openuds.logrotate

@@ -0,0 +1,8 @@
+/var/log/openuds/*.log {
+    weekly
+    rotate 4
+    missingok
+    compress
+    minsize 100k
+}
+

.gear/openuds_tunnel_register.py

@@ -0,0 +1,106 @@
+#!/usr/bin/python3
+
+# Copyright (C) 2022
+# Alexander Burmatov
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#   
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.  
+# * Redistributions in binary form must reproduce the above copyright notice, 
+#   this list of conditions and the following disclaimer in the documentation
+#   and/or other materials provided with the distribution.  
+# * Neither the name of the Alexander Burmatov may be used to
+#   endorse or promote products derived from this software without
+#   specific prior written permission. 
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+'''
+@author: Alexander Burmatov, thatman at altlinux dot org
+'''
+
+import argparse
+import socket
+import os
+import sys
+import secrets
+import MySQLdb
+import datetime
+
+sys.path.append('/etc/openuds/')
+from settings import DATABASES
+
+
+ip_addr = socket.gethostbyname(socket.gethostname())
+creation_datetime = datetime.datetime.today()
+
+parser = argparse.ArgumentParser(description='Register tunnel token in MySQL DB')
+parser.add_argument(
+    '-H',
+    '--host',
+    type=str,
+    default='',
+    help='Input tunnel server IP Address'
+)
+parser.add_argument(
+    '-n',
+    '--name', 
+    type=str, 
+    default='',
+    help='Input tunnel server name'
+)
+parser.add_argument(
+    '-t',
+    '--token',
+    type=str,
+    default='',
+    help='Input tunnel server token (default: "")'
+)
+parser.add_argument(
+    '-N',
+    '--generate_new_token',
+    type=bool,
+    default=False,
+    help='Input True if you want to generate a new token (default: False)'
+)
+args = parser.parse_args()
+
+empty_name = args.name == ''
+empty_ip = args.host == ''
+only_token = args.token != '' and not args.generate_new_token
+only_gen_new_token = args.token == '' and args.generate_new_token
+if empty_ip:
+    print('Empty tunnel server IP Address')
+elif empty_name:
+    print('Empty tunnel server name')
+elif args.token == '' and not args.generate_new_token:
+    print('Choose to generate a new token or enter a token')
+elif only_token != only_gen_new_token:
+    if only_gen_new_token:
+        token = secrets.token_urlsafe(36)
+    else:
+        token = args.token
+    db=MySQLdb.connect(host=DATABASES['default']['HOST'], user=DATABASES['default']['USER'],
+    passwd=DATABASES['default']['PASSWORD'], db=DATABASES['default']['NAME'])  
+    c=db.cursor()
+    c.execute("""INSERT INTO uds_tunneltoken(username, ip_from, ip, hostname, token, stamp) VALUES (%s,%s,%s,%s,%s,%s);""", 
+    (os.getlogin(), ip_addr, args.host, args.name, token, creation_datetime,))
+    db.commit()
+    c.close()
+    print(f'Tunnel token register success. (With token: {token})')
+else:
+    print('Choose to generate a new token only or only enter the token')

.gear/rules

@@ -0,0 +1,7 @@
+tar: server name=@name@-@version@ base=@name@-@version@
+spec: .gear/openuds-server.spec
+copy?: .gear/*.logrotate
+copy?: .gear/*.conf
+copy?: .gear/*.service
+copy?: .gear/*.socket
+copy?: .gear/*.patch

server/src/server/settings.py.sample

@@ -59,8 +59,9 @@ LANGUAGE_CODE = 'en'
 ugettext = lambda s: s
 
 LANGUAGES = (
-    ('es', ugettext('Spanish')),
+    ('ru', ugettext('Russian')),
     ('en', ugettext('English')),
+    ('es', ugettext('Spanish')),
     ('fr', ugettext('French')),
     ('de', ugettext('German')),
     ('pt', ugettext('Portuguese')),
@@ -130,13 +131,13 @@ CACHES = {
             'CULL_FREQUENCY': 3,  #  0 = Entire cache will be erased once MAX_ENTRIES is reached, this is faster on DB. if other value, will remove 1/this number items fromm cache
         },
     },
-    #    'memory': {
-    #        'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
-    #    }
         'memory': {
-        'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
+            'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
-        'LOCATION': '127.0.0.1:11211',
         },
+    #'memory': {
+    #    'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
+    #    'LOCATION': '127.0.0.1:11211',
+    #},
 }
 
 # Related to file uploading
@@ -147,7 +148,58 @@ FILE_UPLOAD_MAX_MEMORY_SIZE = 512 * 1024  # 512 Kb
 # Make this unique, and don't share it with anybody.
 SECRET_KEY = 's5ky!7b5f#s35!e38xv%e-+iey6yi-#630x)kk3kk5_j8rie2*'
 # This is a very long string, an RSA KEY (this can be changed, but if u loose it, all encription will be lost)
-RSA_KEY = '-----BEGIN RSA PRIVATE KEY-----\nMIICXgIBAAKBgQC0qe1GlriQbHFYdKYRPBFDSS8Ne/TEKI2mtPKJf36XZTy6rIyH\nvUpT1gMScVjHjOISLNJQqktyv0G+ZGzLDmfkCUBev6JBlFwNeX3Dv/97Q0BsEzJX\noYHiDANUkuB30ukmGvG0sg1v4ccl+xs2Su6pFSc5bGINBcQ5tO0ZI6Q1nQIDAQAB\nAoGBAKA7Octqb+T/mQOX6ZXNjY38wXOXJb44LXHWeGnEnvUNf/Aci0L0epCidfUM\nfG33oKX4BMwwTVxHDrsa/HaXn0FZtbQeBVywZqMqWpkfL/Ho8XJ8Rsq8OfElrwek\nOCPXgxMzQYxoNHw8V97k5qhfupQ+h878BseN367xSyQ8plahAkEAuPgAi6aobwZ5\nFZhx/+6rmQ8sM8FOuzzm6bclrvfuRAUFa9+kMM2K48NAneAtLPphofqI8wDPCYgQ\nTl7O96GXVQJBAPoKtWIMuBHJXKCdUNOISmeEvEzJMPKduvyqnUYv17tM0JTV0uzO\nuDpJoNIwVPq5c3LJaORKeCZnt3dBrdH1FSkCQQC3DK+1hIvhvB0uUvxWlIL7aTmM\nSny47Y9zsc04N6JzbCiuVdeueGs/9eXHl6f9gBgI7eCD48QAocfJVygphqA1AkEA\nrvzZjcIK+9+pJHqUO0XxlFrPkQloaRK77uHUaW9IEjui6dZu4+2T/q7SjubmQgWR\nZy7Pap03UuFZA2wCoqJbaQJAUG0FVrnyUORUnMQvdDjAWps2sXoPvA8sbQY1W8dh\nR2k4TCFl2wD7LutvsdgdkiH0gWdh5tc1c4dRmSX1eQ27nA==\n-----END RSA PRIVATE KEY-----'
+RSA_KEY = '''-----BEGIN RSA PRIVATE KEY-----
+MIIJKAIBAAKCAgEAu6Zr65Q6Y81W1j/tD0GrpqOmwiLhifbeY/xYbUgq/4555wrR
+nb2Z2oynF6aaSbWaaCsCJSoziGAItYUaY58vlx1RPnrr3Kb/c9zsCnWINy++LkrZ
+NzwrVzo1XyzKjMlCwXRYOCrXdyzuRhhw32gzARzHbBWtHvMQ8vOxWDM1yjkSFZ+i
+CDEXruKQ8HrcZvGvKoqMWZeihi+g+RlZvaWimM9wkbfzXsTljIwYwb8YhNLfzad6
+VEymnBeX6COlig2hOup+7HHcuuYAgURm0cvkwPKwBt9tbZ0C3hB04HH9bIJ92DLI
+eI0ljICHI2BNyafQO74MngAJYc2O0Kak4MSIeqCVf/i5W77rSsDF3rzsNzCnD2lw
+S8hIl0pp8n8kNLalyAIidnxivLFnCiz47F+We1HAVx2WcQ7x6BUQjoUPV2Ao9Nk2
+pwdXGjyHAq5cbDKQNd+Z09ohYnRnLQ7bPQqsIPUuAr/xsp1LugOQxXRrsGNKIhb9
+gIY6Xuk19VJN2HDCPb3E79fE0MRjFrPbD57tWxjZvaJ589f4HybSAFr5EDWcoq+K
+jCCEp3rl1iRNmBt6ga7MMpuWOleOIFgzas4Pqcir5Ir9JuCnTBl4WS9536p1rSRR
+KgwgWJuCmereRqznV79PXBmjWP7PzZHQKEgqQTLGx8yzSdlfr+Xn5/QY6CsCAwEA
+AQKCAgBajzpN+r8jIxnhVACH+F1qklgMIOFPv8Ab6NCUDNwTcSMLiYEX60Sw4GhT
+VafoIqhd1UO3w+IS0qXhVFcj9NL2zsNCr/fcCQwHUnrnoUkXuQbDOIQT0AnqksDn
+Kaqmvwpkak2Y7bQGY7yqP2lZp+PViZoEY4GlChEH7uuLcUtoSJqdrOh5o5eWYukn
+5WMwmzq6ARsysadRsvKwxLc2exU5QgNFj8z303YkmgfomNywXUR873Jt9IADnK9G
+7M0bDvDcigau/VRVLmLX/7bPUOMY6wZgirs4xyl3GeIN33U6RM+O4xM0eonAgNa3
+D+b6hu5LprBYIBRnCtj9gS7Y+oASONDUA2/dA81SWGxUGwtRhSMXlypM4qILMm+I
+UwpJdbnbPFo31N10B9Y/VDk2cfdnuDbkQif8DkyHxGEmyEOVWaI4Uibwg5TNX2+N
+fQOZveEXbLlsiTLMa8vxc07w/nUJ7TbZ2vxGzO5XVZmZbwoB9XE5VSTVaV660P6q
+B5T6m/KRMCcAX5mWstyWdjjbGB/IS3O7jxjl2EzbNp8SES8WY/UjEc82rwq9cjon
+3sibMwwJf1j5HSvqOBDfU/uWWleAkSgENOeC0oym38TxeWY3YD19f88KDeKNa/qJ
+ko/2/tHrworxYHk6X0/XHBF9Ylwm6FHRCcrjhGRpoOpq99WjYQKCAQEA+YDUUU1h
+3aD1jvkFAhVoIL/fi2yqiUx8O0jP2f6k5RV8AaiTqZkZQs9LUy3xfZkbXf/TeUar
+ONYd0iPiPM5cyx1tZW6rO32HY3P9AZSRpB1KlEHrFqVq5N9zuyUbiQU7iLUQ1qVG
++5eafPfifCi4pZQ14+LuxvLCiCOaGBa/XidjR82yAjZKESwJsTyS1AmLwlHQuAXr
+3TxBh8/21+RXPnV4sqCuHFiYBQYyZIODRxxoo0Maz7dXP4F/7LaJ4rNAr5VZu4xe
+UgFH5Y1lhI8orUlMN5QKUcbAdQb2+/DEz8uiiRaxdGA2fZiP366VQf2Hjg/syM9S
+ePfZEAF0EFZqtwKCAQEAwIlIlIPVdZZuqR4s+X32p50i5f7vVI5eCryNTe+eY0uW
+IDm/N4AKJtxTTw5E1klyFgR36cHI1DGQCpUJczK4XNfXMTiqBomg7gOrFMwSns70
+YJuZGLRJ8AJCJ9aaGN2Tp7cEnCkl6mEbpB3tz4lg1tdgmxyOVG/BjKuy4mskM+DX
+hmELFFGTQimamgyGLHs7F8DBBd9RoECc32LWQhebgrs6o09EHPX85qTLd6alQ2y6
+QIQBkZ4Cf8pjtQ5DEaWv5ll8TFnUroLYGk8+Z94tylXe/OPlUD9oT1efElXHawGo
+B+a4/jYg+otmZMd1h8wakxA0DaszLntYhklMeCsKLQKCAQEAkE2CfsNSpuxBGb/M
+tbfL0aUnlWvz9hTWhTNHg71TgWs7nXnybVSu14Us+57G3O2Ado1PsgS9YtHzzWYT
+ozd3U8JhUxj+0Bl6BHtBCXj0Awct6zF01lQ1zsmuFb8Qfd8Y36hZZMuSklDMeRql
+U0n6AUoHIRZPI6GkATkWFniRldMSCKVfHwhnLidaM7fk893Rh0HqhYRnNj1zaSlO
+iu71xpoKhMWJ7bsPsVg0LQ4jDy3PFx3ok9pmC8TKSA4LEaK69tJaY657ntI+0vVE
+kbZ6wD50ZnCox0M8bHLqxiwqqEQObVtCpxw+Z8Wk8Kn4iYIotHFhcYL3IB+42xj8
+F7bjYQKCAQAtFXhrXltzh2AuNaSuXzKMmRz84i9Ei3m15eTopP1fnulublc6Nb8q
+zliroFm6G8SdJzq0/+140oo6ECAAW5YUF26KVgxqL3wBf9ZlrkuF6EwM+yJkSIMv
+sjevgG7g97GFijOIJZJ9SXPhgCiZej+0zwYODCe/2dNmjyX6IsB9bV7KVprzjQ6A
+ZaGQBPK+I7T4oOgR6fMBJWAWZtxo6YI+oHzglMUMSwWHNHt4bwsvuJv8U2zSnj9T
+kR673LUTwspnk/ipIDfPDVBxCLFCPSJXyLfIW8zsd4yDV68l6fQiOGcSQpJ65E3g
+nRfC7Xm17LMkUJz/vmDjt3pJJ4zCbsGZAoIBABfQCRUEqniropccsF09FiXDvKF8
+e5jN1HybXltnjlGlas4IJdVaGMPdJC3zZGpdnbGK8y8YsXwWlEgTQuUqBgjRdmt3
+toRDTVSKc+4g2P7Vv2hG2Q2ofayXiyez1h9wwcdUyn+oeSvOTJuxL4P4Gh0psfsS
+jyoGbNL4P5ONJaknVxsv/zcbHW3BrawbpBo4Pao7hWCnyJd5f33uOW/9eAfa5gXq
+fsHnIw6EsZLMJmZgQcx6be4ZkMX00FR4+uxqouVbgdWIhjDxTdFXD4mPoa1XExTd
+7NIOhKdva4tz0Re3b5qWwNnsHLitx+YJor1JjlZ8wwlZ7LC2d/wcxQtQIpI=
+-----END RSA PRIVATE KEY-----'''
+
 
 TEMPLATES = [
     {

server/src/uds/core/__init__.py

@@ -40,5 +40,5 @@ from .serializable import Serializable
 from .module import Module
 
 
-VERSION = '3.x.x-DEVEL'
+VERSION = '3.5.0'
-VERSION_STAMP = '{}-DEVEL'.format(time.strftime("%Y%m%d"))
+VERSION_STAMP = '{}'.format(time.strftime("%Y%m%d"))

server/src/uds/osmanagers/LinuxOsManager/__init__.py

@@ -44,6 +44,7 @@ from .linux_randompass_osmanager import LinuxRandomPassManager
 OSManagersFactory.factory().insert(LinuxOsManager)
 OSManagersFactory.factory().insert(LinuxRandomPassManager)
 
+"""
 downloadsManager().registerDownloadable(
     'udsactor_{version}_all.deb'.format(version=VERSION),
     _(
@@ -103,3 +104,4 @@ downloadsManager().registerDownloadable(
     + '/files/udsactor-opensuse-legacy-2.2.1-1.noarch.rpm',
     'application/x-redhat-package-manager',
 )
+"""

server/src/uds/osmanagers/WindowsOsManager/__init__.py

@@ -48,17 +48,13 @@ osmanagers.factory().insert(WinDomainOsManager)
 osmanagers.factory().insert(WinRandomPassManager)
 
 managers.downloadsManager().registerDownloadable(
-    'UDSActorSetup-{version}.exe'.format(version=VERSION),
+    'openUDS-Managed_Installer-{version}.exe'.format(version=VERSION),
     _('UDS Actor for windows machines'),
-    os.path.dirname(sys.modules[__package__].__file__)
+    os.path.dirname(sys.modules[__package__].__file__) + '/files/openUDS-Managed_Installer-{version}.exe'.format(version=VERSION),
-    + '/files/UDSActorSetup-{version}.exe'.format(version=VERSION),
+    'application/x-msdos-program')
-    'application/x-msdos-program',
-)
 
 managers.downloadsManager().registerDownloadable(
-    'UDSActorUnmanagedSetup-{version}.exe'.format(version=VERSION),
+    'openUDS-Unmanaged_Installer-{version}.exe'.format(version=VERSION),
     _('UDS Actor for Unmanaged windows machines. Used ONLY for static machines.'),
-    os.path.dirname(sys.modules[__package__].__file__)
+    os.path.dirname(sys.modules[__package__].__file__) + '/files/openUDS-Unmanaged_Installer-{version}.exe'.format(version=VERSION),
-    + '/files/UDSActorUnmanagedSetup-{version}.exe'.format(version=VERSION),
+    'application/x-msdos-program')
-    'application/x-msdos-program',
-)

server/src/uds/transports/SPICE/remote_viewer_file.py

@@ -65,6 +65,7 @@ class RemoteViewerFile:
     usb_auto_share: bool = True
     new_usb_auto_share: bool = False
     delete_file: bool = True
+    ssl_connection: bool = False
 
     def __init__(
         self,
@@ -101,6 +102,7 @@ class RemoteViewerFile:
         delete_file = '01'[self.delete_file]
         usb_auto_share = '01'[self.usb_auto_share]
         new_usb_auto_share = '01'[self.new_usb_auto_share]
+        ssl_connection = '01'[self.ssl_connection]
 
         ca = self.ca.strip().replace(
             '\n', '\\n'
@@ -121,6 +123,6 @@ class RemoteViewerFile:
             host_subject=self.host_subject if tls_port != '-1' else '',
             ca=ca if tls_port != '-1' else '',
             secure_channel='secure-channels=main;inputs;cursor;playback;record;display;usbredir;smartcard'
-            if tls_port != '-1'
+            if ssl_connection and tls_port != '-1'
             else '',
         )

server/src/uds/transports/SPICE/spice.py

@@ -64,6 +64,7 @@ class SPICETransport(BaseSpiceTransport):
     usbShare = BaseSpiceTransport.usbShare
     autoNewUsbShare = BaseSpiceTransport.autoNewUsbShare
     smartCardRedirect = BaseSpiceTransport.smartCardRedirect
+    sslConnection = BaseSpiceTransport.SSLConnection
 
     def getUDSTransportScript(
         self,
@@ -98,6 +99,7 @@ class SPICETransport(BaseSpiceTransport):
         r.usb_auto_share = self.usbShare.isTrue()
         r.new_usb_auto_share = self.autoNewUsbShare.isTrue()
         r.smartcard = self.smartCardRedirect.isTrue()
+        r.ssl = self.sslConnection.isTrue()
 
         osName = {
             OsDetector.KnownOS.Windows: 'windows',

server/src/uds/transports/SPICE/spice_base.py

@@ -113,6 +113,12 @@ class BaseSpiceTransport(transports.Transport):
         defvalue=gui.FALSE,
         tab=gui.ADVANCED_TAB,
     )
+    SSLConnection = gui.CheckBoxField(
+        order=9,
+        label=_('SSL Connection'),
+        tooltip=_('If checked, SPICE protocol will required SSL connection.'),
+        defvalue=gui.FALSE,
+    )
 
     def isAvailableFor(self, userService: 'models.UserService', ip: str) -> bool:
         """

server/src/uds/web/util/configjs.py

@@ -213,51 +213,17 @@ def udsJs(request: 'ExtendedHttpRequest') -> str:
             'description': description,
             'name': name,
             'legacy': legacy,
-        }
+        } for url, description, name, legacy in (
-        for url, description, name, legacy in (
+            # ('UDSClientSetup-{version}.exe', gettext('Windows client'), 'Windows', False),
-            (
+            # ('UDSClient-{version}.pkg', gettext('Mac OS X client'), 'MacOS', False),
-                'UDSClientSetup-{version}.exe',
+            # ('udsclient3_{version}_all.deb', gettext('Debian based Linux client') + ' ' + gettext('(requires Python-3.6 or newer)'), 'Linux', False),
-                gettext('Windows client'),
+            # ('udsclient3-{version}-1.noarch.rpm', gettext('RPM based Linux client (Fedora, Suse, ...)') + ' ' + gettext('(requires Python-3.6 or newer)'), 'Linux', False),
-                'Windows',
+            # ('udsclient3-{version}.tar.gz', gettext('Generic .tar.gz Linux client') + ' ' + gettext('(requires Python-3.6 or newer)'), 'Linux', False),
-                False,
+            # ('udsclient_{version}_all.deb', gettext('Legacy Debian based Python 2.7 Linux client') + ' ' + gettext('(requires outdated Python-2.7)'), 'Linux', True),
-            ),
+            # ('udsclient-{version}-1.noarch.rpm', gettext('Legacy RH based Linux client (Fedora, Centos, Suse, ...)') + ' ' + gettext('(requires outdated Python-2.7)'), 'Linux', True),
-            ('UDSClient-{version}.pkg', gettext('Mac OS X client'), 'MacOS', False),
+            # ('udsclient-opensuse-{version}-1.noarch.rpm', gettext('Legacy OpenSuse based Linux client)') + ' ' + gettext('(requires outdated Python-2.7)'), 'Linux', True),
-            (
+            ('openUDS-Client_Installer-{version}.exe', gettext('Windows python 3.9 client'), 'Windows', False),
-                'udsclient3_{version}_all.deb',
+            ('openUDS-Client_Installer-{version}-py27.exe', gettext('Windows python 2.7 client'), 'Windows', False),
-                gettext('Debian based Linux client')
-                + ' '
-                + gettext('(requires Python-3.6 or newer)'),
-                'Linux',
-                False,
-            ),
-            (
-                'udsclient3-{version}-1.noarch.rpm',
-                gettext('RPM based Linux client (Fedora, Suse, ...)')
-                + ' '
-                + gettext('(requires Python-3.6 or newer)'),
-                'Linux',
-                False,
-            ),
-            (
-                'udsclient3-x86_64-{version}.tar.gz',
-                gettext('Binary appimage X86_64 Linux client'),
-                'Linux',
-                False,
-            ),
-            (
-                'udsclient3-armhf-{version}.tar.gz',
-                gettext('Binary appimage Raspberry Linux client'),
-                'Linux',
-                False,
-            ),
-            (
-                'udsclient3-{version}.tar.gz',
-                gettext('Generic .tar.gz Linux client')
-                + ' '
-                + gettext('(requires Python-3.6 or newer)'),
-                'Linux',
-                False,
-            ),
         )
     ]