proxmox-mirrors/pve-manager
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-manager synced 2025-04-29 00:27:32 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,135 Commits 6 Branches 0 Tags 12 MiB
stable-5
Commit Graph

90 Commits

Author SHA1 Message Date
Wolfgang Bumiller
af81354f07 HTTPServer: verify_ticket now returns a hash 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2019-04-08 14:14:52 +02:00
Wolfgang Bumiller
24d2ed8c27 ui: support u2f authentication and configuration 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2019-04-03 15:26:37 +02:00
Wolfgang Bumiller
7541d6a788 store u2f challenges in the rpc environment 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2019-04-03 15:26:37 +02:00
Thomas Lamprecht
46095dd4a5 Fix #1589: auth_handler: raise exception on init_request error 
cfs_* methods cann now die (rightfully so) when the IPCC endpoint is
not connected, or another grave IPCC error arised.

As we did not catch those problems in the RPCEnvironments
init_request method, which loads the user config, this got
propagated to the anyevents auth_handler call in its
unshift_read_header method where then all errors where processed in
the same way => with an unauthorized response logging an logged in
user out.

So catch this error and raise an internal server errror exception
instead. Anyevent needs some minor modifiaction in a separate patch
to handle PVE::Exceptions correctly, so this is the partial fix for
bug #1589

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
 2017-12-11 14:53:18 +01:00
Dietmar Maurer
3c54bc912b PVE::API2Tools::resolve_proxyto - new helper 
Call proxyto_callback if that method is defined.
 2017-05-31 08:23:47 +02:00
Dietmar Maurer
e9e284c26a PVE/HTTPServer: do not return cookie_name from auth_handler 
This is no longer required.

Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
 2017-01-16 11:54:34 +01:00
Dietmar Maurer
70473e51d4 HTTPServer.pm: rewrite rest_handler (simplify code) 
Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
 2017-01-16 11:54:34 +01:00
Dietmar Maurer
b84415d325 remove base_handler_class - directly use PVE::API2 instead 
Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
 2017-01-16 11:54:34 +01:00
Dietmar Maurer
a2e669fe2c HTTPServer.pm: call rpcenv->init_request earlier. 
Because we access file from /etc/pve/ in auth_handler.

Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
 2017-01-16 11:54:34 +01:00
Dietmar Maurer
9d3f059fd9 HTTPServer.pm: call $rpcenv-init() when necessary. 
This code was removed from the generic server, so we need
to add it here. cleanup follows ...

Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
 2017-01-16 11:54:34 +01:00
Dietmar Maurer
b996e6c0ec use new libpve-http-server-perl package 
Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
 2017-01-16 11:54:33 +01:00
Dietmar Maurer
7e5f7c618b HTTPServer.pm: factor out code which refers to PVE::Cluster 
This will make it easier to move HTTPServer to a separate package.

Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
 2017-01-12 13:07:00 +01:00
Fabian Grünbichler
7edaceb484 HTTPServer.pm: make split_abs_uri() private 
and rename baseuri to base_uri to be consistent

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2017-01-12 11:55:54 +01:00
Dietmar Maurer
68d2366c32 HTTPServer.pm: improve baseuri matching 
Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
 2017-01-12 11:53:19 +01:00
Dietmar Maurer
617ca1c615 PVE/API2/Formatter/HTML.pm: avoid use of PVE::REST 
Instead, pass the HTTP server as last argument to the page formater,
so that we can call $server->create_auth_cookie().

Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
 2017-01-12 11:53:18 +01:00
Dietmar Maurer
7da6575ea3 HTTPServer.pm: add missing 'use' statements 
Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
 2017-01-12 11:53:18 +01:00
Dietmar Maurer
2261f24957 HTTPServer.pm: add rest_handler method 
copied from PVE::REST. We do not need that class anymore.

Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
 2017-01-12 11:53:18 +01:00
Dietmar Maurer
3093a3e8c7 HTTPServer.pm: allow to set baseuri when creating the class 
Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
 2017-01-12 11:53:18 +01:00
Dietmar Maurer
430b554feb HTTPServer.pm: add auth_handler 
copied from PVE::REST (slightly adopted)

Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
 2017-01-12 11:53:18 +01:00
Dietmar Maurer
25de0db135 HTTPServer.pm: add cookie handling methods 
Copied from PVE::REST (I want to get rid of this PVE::REST class).

Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
 2017-01-12 11:53:18 +01:00
Dietmar Maurer
a947498513 use certificate cache from PVE::Cluster package 2016-11-25 08:54:46 +01:00
Fabian Grünbichler
e099be45b7 fix SSL verify callback for certificate chains 
ignoring parts of the chain means saying they are verified,
because the verify callback results are chained together
starting with the highest depth.
 2016-11-23 08:33:32 +01:00
Fabian Grünbichler
8c9e7c1198 enable certificate pinning for proxied requests 
when forwarding an API request to the responsible node,
only accept the certificate that this node should have
according to the contents of the cluster file system.

to limit performance issues, cache certificate fingerprint
on first request for each node, and only regenerate cache
(at most once per minute) if the actual encountered
fingerprint does not match or every 30 minutes (to clear out
old entries).
 2016-11-17 15:55:17 +01:00
Fabian Grünbichler
b51c9f454b pass proxied to node to proxy_request 
in addition to proxied to IP
 2016-11-17 15:52:53 +01:00
Jos Ewert
855689ff2e Add ECDH curves to use with modern ciphers 
This patch adds curves to use with TLS_ECDHE_* ciphers
They will automatically be used be the proxy as they are
in the HIGH ciphersuite.

This patch uses the prime256v1 curve, which should be supported
by most clients. openssl 1.0.1 only supports a single curve.

This also forces the use of new DHE and ECDHE keys on every
handshake. This does not seem to have an impact on performance.

Signed-Off-By: Jos Ewert flami@flami.net
 2016-11-08 09:32:40 +01:00
Dietmar Maurer
ccccbf3fdb simplify/optimize code 2016-05-25 09:59:25 +02:00
Dietmar Maurer
d5d08d2aca depend on pve-docs package 
and serve documentation files with pveproxy:

https://<HOST>:8006/pve-docs/index.html
 2016-05-25 09:41:46 +02:00
Dietmar Maurer
9cad08ca19 fix bug #575: fork at shutdown, so that partent starts new worker 2016-01-22 11:24:12 +01:00
Emmanuel Kasper
7a552a9e6c Add mime type for woff2 fonts, also update mime type for ttf fonts 
application/font-woff2 is still in discussion but works in main three browsers
This is needed for ExtJS6, which includes some woff2 fonts

ttf font mime type is taken from the official IANA assignment, and works as
well in main three browsers
 2016-01-22 11:24:11 +01:00
Wolfgang Bumiller
0e007a5dcf localhost instead of 127.0.0.1 makes ipv6 life easier 2015-05-27 08:28:51 +02:00
Wolfgang Bumiller
232ce26781 enclose ipv6 hosts in brackets in proxy_request() 2015-05-21 17:32:12 +02:00
Wolfgang Bumiller
09316f4c09 HTTPServer.pm: accept ip6 connections 2015-05-08 12:43:14 +02:00
Dietmar Maurer
9da32f1282 websocket_proxy: correctly close connection 2015-01-02 09:20:09 +01:00
Dietmar Maurer
8173360410 HTTPServer:: mark process in shutdown phase 
So that we can see what workers already closed the socket.
 2015-01-02 08:54:16 +01:00
Dietmar Maurer
a9acb2bad0 HTTPServer: add support for font files (content types) 2014-08-01 06:22:53 +02:00
Dietmar Maurer
a47df3e4fe use case insensitive match for websocket upgrade (make it work with IE) 2014-06-25 13:25:02 +02:00
Dietmar Maurer
1d7f84a1b7 do not call uri_unescape on whole url - only on path 
Because parameters are decoded with extract_params().
 2014-06-24 16:01:54 +02:00
Dietmar Maurer
e60b96472a HTTPServer: implement websockets 
We can avoid wss ceritificate errors this way (wsproxy.py throw certificate errors with firefox).
 2014-06-18 12:08:21 +02:00
Dietmar Maurer
657b2c277a HTTPServer: set content type for .html files 2014-06-13 11:25:52 +02:00
Dietmar Maurer
7e73c93e55 new html formatter PVE::API2::Formatter::HTML 
This one provides a login page and uses bootstrap for html.
 2014-05-02 11:36:11 +02:00
Dietmar Maurer
6fcbe87a35 fix typo 2014-05-02 07:10:29 +02:00
Dietmar Maurer
1370ec6145 move formater registration to HTTPServer 2014-05-02 07:03:12 +02:00
Dietmar Maurer
3ed610334e add generic formater support 2014-04-30 15:28:30 +02:00
Dietmar Maurer
c9c0cd346c allow to return HTTP::Response object from format_response_data() 
A formater can generate HTTP redirect now.
 2014-04-30 09:30:36 +02:00
Dietmar Maurer
9195c8f947 HTTPServer: correctly unescape url 2014-04-30 08:42:50 +02:00
Dietmar Maurer
d804d82f50 introduce base_handler_class 
To make the framework more generic. The final plan is to move the
generic server code to package pve-common.

Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
 2014-04-30 08:31:14 +02:00
Dietmar Maurer
6a123049cc remove unused code 
Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
 2014-04-30 08:28:49 +02:00
Dietmar Maurer
949118487d bump version to 3.1-44, re-add spiceconfig support 2014-02-24 12:51:07 +01:00
Dietmar Maurer
36e0802d07 remove spiceconfig format 2013-12-11 08:38:22 +01:00
Dietmar Maurer
e1bae24c4c allow to use vmid 0 in spice tickets 
VMID 0 will be used by spiceterm for task that run on the host.
 2013-12-10 06:08:25 +01:00