[pve-devel] r5741 - pve-manager/trunk/lib/PVE

svn-commits at proxmox.com svn-commits at proxmox.com
Wed Mar 23 06:23:37 CET 2011 

Author: dietmar
Date: 2011-03-23 06:23:37 +0100 (Wed, 23 Mar 2011)
New Revision: 5741

Modified:
   pve-manager/trunk/lib/PVE/AuthCookieHandler.pm
   pve-manager/trunk/lib/PVE/Utils.pm
Log:
move ticket code to PVE::Utils


Modified: pve-manager/trunk/lib/PVE/AuthCookieHandler.pm
===================================================================
--- pve-manager/trunk/lib/PVE/AuthCookieHandler.pm	2011-03-22 08:03:26 UTC (rev 5740)
+++ pve-manager/trunk/lib/PVE/AuthCookieHandler.pm	2011-03-23 05:23:37 UTC (rev 5741)
@@ -23,18 +23,6 @@
 use base qw(Apache2::AuthCookie);
 use Encode;
 
-my $secret = (split (/\s/, `md5sum /etc/pve/pve-ssl.key`))[0];
-
-sub sign_soap_ticket {
-    my ($ticket) = @_;
-
-    my ($username, $group, $time, $mac) = split /::/, $ticket;
-
-    my $digest = Digest::SHA1::sha1_hex($username, $group, $time, $mac, $secret);
-
-    return "${ticket}::$digest";
-}
-
 sub authen_cred {
     my $self = shift;
     my $r = shift;
@@ -51,7 +39,7 @@
 	return undef;
     }
 
-    return sign_soap_ticket ($ticket);
+    return PVE::Utils::sign_soap_ticket ($ticket);
 }
 
 sub authen_ses_key {
@@ -61,7 +49,7 @@
 
     my $uri = $r->uri;
 
-    my ($username, $group, $age, $mac) = PVE::Utils::verify_web_ticket ($secret, $session_key);
+    my ($username, $group, $age, $mac) = PVE::Utils::verify_web_ticket ($session_key);
 
     if ($username && $group) {
 
@@ -74,7 +62,7 @@
 	    my $ticket;
 	    eval { 
 		$ticket = PVE::ConfigClient::update_ticket ($session_key); 
-		$session_key = sign_soap_ticket ($ticket);
+		$session_key = PVE::Utils::sign_soap_ticket ($ticket);
 		$self->send_cookie ($r, $session_key);
 	    };
 	    my $err = $@;

Modified: pve-manager/trunk/lib/PVE/Utils.pm
===================================================================
--- pve-manager/trunk/lib/PVE/Utils.pm	2011-03-22 08:03:26 UTC (rev 5740)
+++ pve-manager/trunk/lib/PVE/Utils.pm	2011-03-23 05:23:37 UTC (rev 5741)
@@ -14,6 +14,8 @@
 
 my $clock_ticks = POSIX::sysconf(&POSIX::_SC_CLK_TCK);
 
+my $soap_secret = (split (/\s/, `md5sum /etc/pve/pve-ssl.key`))[0];
+
 # access control
 
 my $accmode = {
@@ -52,6 +54,16 @@
 
 # authentication tickets
 
+sub sign_soap_ticket {
+    my ($ticket) = @_;
+
+    my ($username, $group, $time, $mac) = split(/::/, $ticket);
+
+    my $digest = Digest::SHA1::sha1_hex($username, $group, $time, $mac, $soap_secret);
+
+    return "${ticket}::$digest";
+}
+
 sub load_auth_secret {
     my $secret = (split (/\s/, `md5sum /etc/pve/pve-root-ca.key`))[0];
 
@@ -85,7 +97,7 @@
 
     my $cookie_timeout = 2400; # seconds
 
-    my ($username, $group, $time, $mac) = split /::/, $ticket;
+    my ($username, $group, $time, $mac) = split(/::/, $ticket);
 
     return undef if !verify_username($username);
 
@@ -100,18 +112,18 @@
 }
 
 sub verify_web_ticket {
-    my ($secret, $ticket) = @_;
+    my ($ticket) = @_;
 
     my $cookie_timeout = 2400; # seconds
 
-    my ($username, $group, $time, $mac, $webmac) = split /::/, $ticket;
+    my ($username, $group, $time, $mac, $webmac) = split(/::/, $ticket);
 
     return undef if !verify_username($username);
 
     my $age = time() - $time;
 
     if (($age > -300) && ($age < $cookie_timeout) && 
-	(Digest::SHA1::sha1_hex($username, $group, $time, $mac, $secret) eq $webmac)) {
+	(Digest::SHA1::sha1_hex($username, $group, $time, $mac, $soap_secret) eq $webmac)) {
 	return wantarray ? ($username, $group, $age) : $username;
     }

More information about the pve-devel mailing list