[pve-devel] [RFC 21/23] rest_handler: implement 'notoken' API endpoints

Fabian Grünbichler f.gruenbichler at proxmox.com
Thu Oct 17 15:14:16 CEST 2019


that are not available with API tokens for security reasons, such as access control related endpoints.

Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
---

Notes:
    pairs with patch in pve-common that adds this to the schema-schema. any modules
    setting that flag need a corresponding versioned depends on
    libpve-common-perl..

 PVE/HTTPServer.pm | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/PVE/HTTPServer.pm b/PVE/HTTPServer.pm
index c11b4813..b45c3262 100755
--- a/PVE/HTTPServer.pm
+++ b/PVE/HTTPServer.pm
@@ -7,7 +7,7 @@ use PVE::SafeSyslog;
 use PVE::INotify;
 use PVE::Tools;
 use PVE::APIServer::AnyEvent;
-use PVE::Exception qw(raise_param_exc raise);
+use PVE::Exception qw(raise_param_exc raise_perm_exc raise);
 
 use PVE::RPCEnvironment;
 use PVE::AccessControl;
@@ -147,6 +147,9 @@ sub rest_handler {
 	    $uri_param->{$p} = $params->{$p};
 	}
 
+	raise_perm_exc("URI '$rel_uri' not available with API token, need proper ticket.\n")
+	    if $auth->{api_token} && $info->{notoken};
+
 	# check access permissions
 	$rpcenv->check_api2_permissions($info->{permissions}, $auth->{userid}, $uri_param);
 
-- 
2.20.1





More information about the pve-devel mailing list