[pve-devel] Allow accessing novnc console without being logged in
Henry Spanka
henry at myvirtualserver.de
Tue Dec 29 16:36:44 CET 2015
Hey,
When using an API it's impossible to use the novnc console.
This patch introduces a new API endpoint
(https://proxmoxurl.com:8006/api2/json/websocket) where we can connect
without being logged in. Authentication is done by validating the vnc
ticket.
Tested on Proxmox VE 4.
>From 0ca59236a4cdcc6e7479b982e8baec1466ac809d Mon Sep 17 00:00:00 2001
From: Henry Spanka <henry at myvirtualserver.de>
Date: Mon, 2 Nov 2015 21:45:46 +0100
Subject: [PATCH 1/1] Allow accessing novnc console when not logged in
---
/PVE/HTTPServer.pm | 59 +++++++++++++++++++++++++++++++++++++++
1 file changed, 59 insertions(+)
diff --git a/PVE/HTTPServer.pm b/PVE/HTTPServer.pm
index 927abc0..f23d9e4 100755
--- a/PVE/HTTPServer.pm
+++ b/PVE/HTTPServer.pm
@@ -1221,6 +1221,65 @@ sub unshift_read_header {
}
$self->handle_spice_proxy_request($reqstate,
$connect_str, $vmid, $node, $port);
return;
+ } elsif ($path =~ /^\/api2\/json\/websocket$/) {
+ my $upgrade = $r->header('upgrade');
+ $upgrade = lc($upgrade) if $upgrade;
+
+ my $vncticket = extract_params($r, $method)->{vncticket};
+
+ my $vmid = extract_params($r, $method)->{vmid};
+
+ my $user = extract_params($r, $method)->{user};
+
+ my $authpath = "/vms/$vmid";
+
+ if (!$upgrade || ($upgrade ne 'websocket')) {
+ $self->error($reqstate, HTTP_INTERNAL_SERVER_ERROR, "unable
to upgrade to protocol '$upgrade'\n");
+ return;
+ }
+
+ my $wsver = $r->header('sec-websocket-version');
+ if (!$wsver || ($wsver ne '13')) {
+ $self->error($reqstate, HTTP_INTERNAL_SERVER_ERROR,
"unsupported websocket-version '$wsver'\n");
+ return;
+ }
+
+ my $wsproto_str = $r->header('sec-websocket-protocol');
+ if (!$wsproto_str) {
+ $self->error($reqstate, HTTP_INTERNAL_SERVER_ERROR,
"missing websocket-protocol header");
+ return;
+ }
+
+ my $wsproto;
+
+ foreach my $p (PVE::Tools::split_list($wsproto_str)) {
+ $wsproto = $p if !$wsproto && $p eq 'base64';
+ $wsproto = $p if $p eq 'binary';
+ }
+
+ if (!$wsproto) {
+ $self->error($reqstate, HTTP_INTERNAL_SERVER_ERROR,
"unsupported websocket-protocol protocol '$wsproto_str'\n");
+ return;
+ }
+
+ my $wskey = $r->header('sec-websocket-key');
+
+ if (!$wskey) {
+ $self->error($reqstate, HTTP_INTERNAL_SERVER_ERROR,
"missing websocket-key\n");
+ return;
+ }
+
+ # Note: Digest::SHA::sha1_base64 has wrong padding
+ my $wsaccept =
Digest::SHA::sha1_base64("${wskey}258EAFA5-E914-47DA-95CA-C5AB0DC85B11") .
"=";
+
+ if(!PVE::AccessControl::verify_vnc_ticket($vncticket, $user,
$authpath, 1 )) {
+ $self->error($reqstate, HTTP_UNAUTHORIZED, "invalid
ticket");
+ return;
+ }
+ $self->websocket_proxy($reqstate, $wsaccept, $wsproto,
extract_params($r, $method));
+
+ return;
+
} elsif ($path =~ m!$baseuri!) {
my $token = $r->header('CSRFPreventionToken');
my $cookie = $r->header('Cookie');
--
2.1.4
----------------------------------------------------------------------------
-------------
If you have any further questions, please let us know.
Mit freundlichen Grüßen / With best regards
Henry Spanka | myVirtualserver Development Team
-----Ursprüngliche Nachricht-----
Von: pve-devel [mailto:pve-devel-bounces at pve.proxmox.com] Im Auftrag von
pve-devel-request at pve.proxmox.com
Gesendet: 27 December 2015 12:00
An: pve-devel at pve.proxmox.com
Betreff: pve-devel Digest, Vol 67, Issue 43
Send pve-devel mailing list submissions to
pve-devel at pve.proxmox.com
To subscribe or unsubscribe via the World Wide Web, visit
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
or, via email, send a message with subject or body 'help' to
pve-devel-request at pve.proxmox.com
You can reach the person managing the list at
pve-devel-owner at pve.proxmox.com
When replying, please edit your Subject line so it is more specific than
"Re: Contents of pve-devel digest..."
Today's Topics:
1. vma_queue_write: write error - Broken pipe (Rick Wolthuis)
----------------------------------------------------------------------
Message: 1
Date: Sat, 26 Dec 2015 16:09:20 +0100
From: "Rick Wolthuis" <rick at rwolthuis.nl>
To: <pve-devel at pve.proxmox.com>
Subject: [pve-devel] vma_queue_write: write error - Broken pipe
Message-ID: <002501d13fef$65cca8a0$3165f9e0$@rwolthuis.nl>
Content-Type: text/plain; charset="us-ascii"
Somehow back upping is not working as is should (I think). Tried back upping
to a remote location resulting in three out of 5 with an error. Tried to
change backup location to the local disk (with enough space left), which
resulted in one or two failed out of 5.
[..]
100: Dec 25 03:13:01 INFO: status: 24% (25912344576/107374182400), sparse
18% (19691585536), duration 120, 2016/8 MB/s
100: Dec 25 03:13:18 INFO: status: 24% (26516389888/107374182400), sparse
18% (19692851200), duration 137, 35/35 MB/s
100: Dec 25 03:13:18 ERROR: vma_queue_write: write error - Broken pipe
100: Dec 25 03:13:18 INFO: aborting backup job
100: Dec 25 03:13:20 ERROR: Backup of VM 100 failed - vma_queue_write: write
error - Broken pipe
Is there anybody that can explain to me how I could fix this problem? I
prefer to backup to a remote location which is mounted to /mnt/remote with
WebDAV protocol. Remote location has more than enough storage space left
(~1TB free).
And of course, merry Christmas to everybody!
Thanks in advance!
Rick
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://pve.proxmox.com/pipermail/pve-devel/attachments/20151226/e136f415/at
tachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4801 bytes
Desc: not available
URL:
<http://pve.proxmox.com/pipermail/pve-devel/attachments/20151226/e136f415/at
tachment-0001.bin>
------------------------------
Subject: Digest Footer
_______________________________________________
pve-devel mailing list
pve-devel at pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
------------------------------
End of pve-devel Digest, Vol 67, Issue 43
*****************************************
More information about the pve-devel
mailing list