do not use novnc wsproxy

Instead, we use new HTTPServer features.
2025-04-28 13:30:57 +00:00 · 2014-06-18 11:02:57 +02:00 · 2014-06-18 11:02:57 +02:00 · 3e7567e05e
commit 3e7567e05e
parent 000fc0a254
2 changed files with 54 additions and 8 deletions
--- a/PVE/API2/Qemu.pm
+++ b/PVE/API2/Qemu.pm
@ -1338,17 +1338,14 @@ __PACKAGE__->register_method({
 			'-perm', 'Sys.Console', '-c', @$remcmd, @$termcmd];
 	    } else {

+		$ENV{LC_PVE_TICKET} = $ticket if $websocket; # set ticket with "qm vncproxy"
+
 		my $qmcmd = [@$remcmd, "/usr/sbin/qm", 'vncproxy', $vmid];

 		my $qmstr = join(' ', @$qmcmd);

 		# also redirect stderr (else we get RFB protocol errors)
 		$cmd = ['/bin/nc', '-l', '-p', $port, '-w', $timeout, '-c', "$qmstr 2>/dev/null"];
-
-		if ($websocket) {
-		    $ENV{LC_PVE_TICKET} = $ticket;
-		    $cmd = ["/usr/share/novnc-pve/utils/wsproxy.py", '--run-once', "--timeout=$timeout", "--idle-timeout=$timeout", '--ssl-only', '--cert', '/etc/pve/local/pve-ssl.pem', '--key', '/etc/pve/local/pve-ssl.key', $port, '--', @$cmd];
-		}
 	    }

 	    PVE::Tools::run_command($cmd);
@ -1369,6 +1366,55 @@ __PACKAGE__->register_method({
 	};
    }});

+__PACKAGE__->register_method({
+    name => 'vncwebsocket',
+    path => '{vmid}/vncwebsocket',
+    method => 'GET',
+    proxyto => 'node',
+    permissions => {
+	check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
+    },
+    description => "Opens a weksocket for VNV traffic.",
+    parameters => {
+    	additionalProperties => 0,
+	properties => {
+	    node => get_standard_option('pve-node'),
+	    vmid => get_standard_option('pve-vmid'),
+	    port => {
+		description => "Port number returned by previous vncproxy call.",
+		type => 'integer',
+		minimum => 5900,
+		maximum => 5999,
+	    },
+	},
+    },
+    returns => {
+	type => "object",
+	properties => {
+	    port => { type => 'string' },
+	},
+    },
+    code => sub {
+	my ($param) = @_;
+
+	my $rpcenv = PVE::RPCEnvironment::get();
+
+	my $authuser = $rpcenv->get_user();
+
+	my $vmid = $param->{vmid};
+	my $node = $param->{node};
+
+	my $conf = PVE::QemuServer::load_config($vmid, $node); # VM exists ?
+
+	# Note: VNC ports are acessible from outside, so we do not gain any
+	# security if we verify that $param->{port} belongs to VM $vmid. This
+	# check is done by verifying the VNC ticket (inside VNC protocol).
+
+	my $port = $param->{port};
+	
+	return { port => $port };
+    }});
+
 __PACKAGE__->register_method({
    name => 'spiceproxy',
    path => '{vmid}/spiceproxy',
@ -1399,8 +1445,8 @@ __PACKAGE__->register_method({
 	my $node = $param->{node};
 	my $proxy = $param->{proxy};

-    my $conf = PVE::QemuServer::load_config($vmid, $node);
-    my $title = "VM $vmid - $conf->{'name'}",
+	my $conf = PVE::QemuServer::load_config($vmid, $node);
+	my $title = "VM $vmid - $conf->{'name'}",

 	my $port = PVE::QemuServer::spice_port($vmid);

--- a/control.in
+++ b/control.in
@ -3,7 +3,7 @@ Version: @@VERSION@@-@@PKGRELEASE@@
 Section: admin
 Priority: optional
 Architecture: @@ARCH@@
-Depends: libc6 (>= 2.7-18), perl (>= 5.10.0-19), libterm-readline-gnu-perl, pve-qemu-kvm (>= 1.7-1), netcat-traditional, libpve-access-control, libpve-storage-perl, pve-cluster, redhat-cluster-pve, libjson-perl, libjson-xs-perl, libio-multiplex-perl, libnet-ssleay-perl, socat, pve-firewall, novnc-pve
+Depends: libc6 (>= 2.7-18), perl (>= 5.10.0-19), libterm-readline-gnu-perl, pve-qemu-kvm (>= 1.7-1), netcat-traditional, libpve-access-control, libpve-storage-perl, pve-cluster, redhat-cluster-pve, libjson-perl, libjson-xs-perl, libio-multiplex-perl, libnet-ssleay-perl, socat, pve-firewall
 Conflicts: netcat-openbsd
 Maintainer: Proxmox Support Team <support@proxmox.com>
 Description: Qemu Server Tools