mirror of
https://git.proxmox.com/git/pve-manager
synced 2025-07-27 11:20:15 +00:00
pvesubscription: add 'set-offline-key' command
and disallow updating signed offline keys via regular check/update code path. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
This commit is contained in:
Fabian Grünbichler
parent
d017de1f91
commit
d4df1b145c
@ -169,7 +169,10 @@ __PACKAGE__->register_method ({
|
|||||||
my $server_id = PVE::API2Tools::get_hwaddress();
|
my $server_id = PVE::API2Tools::get_hwaddress();
|
||||||
my $key = $info->{key};
|
my $key = $info->{key};
|
||||||
|
|
||||||
# key has been recently checked or is a valid, signed offline key
|
die "Updating offline key not possible - please remove and re-add subscription key to switch to online key.\n"
|
||||||
|
if $info->{signature};
|
||||||
|
|
||||||
|
# key has been recently checked
|
||||||
return undef
|
return undef
|
||||||
if !$param->{force}
|
if !$param->{force}
|
||||||
&& $info->{status} eq 'active'
|
&& $info->{status} eq 'active'
|
||||||
|
|||||||
@ -3,6 +3,9 @@ package PVE::CLI::pvesubscription;
|
|||||||
use strict;
|
use strict;
|
||||||
use warnings;
|
use warnings;
|
||||||
|
|
||||||
|
use MIME::Base64;
|
||||||
|
use JSON qw(decode_json);
|
||||||
|
|
||||||
use PVE::Tools;
|
use PVE::Tools;
|
||||||
use PVE::SafeSyslog;
|
use PVE::SafeSyslog;
|
||||||
use PVE::INotify;
|
use PVE::INotify;
|
||||||
@ -18,6 +21,35 @@ sub setup_environment {
|
|||||||
PVE::RPCEnvironment->setup_default_cli_env();
|
PVE::RPCEnvironment->setup_default_cli_env();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
__PACKAGE__->register_method({
|
||||||
|
name => 'set_offline_key',
|
||||||
|
path => 'set_offline_key',
|
||||||
|
method => 'POST',
|
||||||
|
description => "(Internal use only!) Set a signed subscription info blob as offline key",
|
||||||
|
parameters => {
|
||||||
|
additionalProperties => 0,
|
||||||
|
properties => {
|
||||||
|
data => {
|
||||||
|
type => "string",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
returns => { type => 'null' },
|
||||||
|
code => sub {
|
||||||
|
my ($param) = @_;
|
||||||
|
|
||||||
|
my $info = decode_json(decode_base64($param->{data}));
|
||||||
|
my $key = PVE::Tools::file_get_contents($PVE::API2::Subscription::signature_key_filename);
|
||||||
|
|
||||||
|
$info = Proxmox::RS::Subscription::check_signature($info);
|
||||||
|
$info = Proxmox::RS::Subscription::check_server_id($info);
|
||||||
|
$info = Proxmox::RS::Subscription::check_age($info, 0);
|
||||||
|
|
||||||
|
PVE::API2::Subscription::check_key($info->{key}, PVE::API2::Subscription::get_sockets());
|
||||||
|
|
||||||
|
PVE::API2::Subscription::write_etc_subscription($info);
|
||||||
|
}});
|
||||||
|
|
||||||
our $cmddef = {
|
our $cmddef = {
|
||||||
update => [ 'PVE::API2::Subscription', 'update', undef, { node => $nodename } ],
|
update => [ 'PVE::API2::Subscription', 'update', undef, { node => $nodename } ],
|
||||||
get => [ 'PVE::API2::Subscription', 'get', undef, { node => $nodename },
|
get => [ 'PVE::API2::Subscription', 'get', undef, { node => $nodename },
|
||||||
@ -28,6 +60,7 @@ our $cmddef = {
|
|||||||
}
|
}
|
||||||
}],
|
}],
|
||||||
set => [ 'PVE::API2::Subscription', 'set', ['key'], { node => $nodename } ],
|
set => [ 'PVE::API2::Subscription', 'set', ['key'], { node => $nodename } ],
|
||||||
|
"set-offline-key" => [ __PACKAGE__, 'set_offline_key', ['data'] ],
|
||||||
delete => [ 'PVE::API2::Subscription', 'delete', undef, { node => $nodename } ],
|
delete => [ 'PVE::API2::Subscription', 'delete', undef, { node => $nodename } ],
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user