]>
Commit | Line | Data |
---|---|---|
1 | package PVE::Subscription; | |
2 | ||
3 | use strict; | |
4 | use warnings; | |
5 | use Digest::MD5 qw(md5_hex md5_base64); | |
6 | use MIME::Base64; | |
7 | use HTTP::Request; | |
8 | use URI; | |
9 | use LWP::UserAgent; | |
10 | use JSON; | |
11 | ||
12 | use PVE::Tools; | |
13 | use PVE::INotify; | |
14 | ||
15 | # How long the local key is valid for in between remote checks | |
16 | our $localkeydays = 15; | |
17 | # How many days to allow after local key expiry before blocking | |
18 | # access if connection cannot be made | |
19 | my $allowcheckfaildays = 5; | |
20 | ||
21 | my $shared_key_data = "kjfdlskfhiuewhfk947368"; | |
22 | ||
23 | my $saved_fields = { | |
24 | key => 1, | |
25 | checktime => 1, | |
26 | status => 1, | |
27 | message => 0, | |
28 | validdirectory => 1, | |
29 | productname => 1, | |
30 | regdate => 1, | |
31 | nextduedate => 1, | |
32 | }; | |
33 | ||
34 | sub check_fields { | |
35 | my ($info, $server_id) = @_; | |
36 | ||
37 | foreach my $f (qw(status checktime key)) { | |
38 | if (!$info->{$f}) { | |
39 | die "Missing field '$f'\n"; | |
40 | } | |
41 | } | |
42 | ||
43 | if ($info->{checktime} > time()) { | |
44 | die "Last check time in future.\n"; | |
45 | } | |
46 | ||
47 | return undef if $info->{status} ne 'Active'; | |
48 | ||
49 | foreach my $f (keys %$saved_fields) { | |
50 | next if !$saved_fields->{$f}; | |
51 | if (!$info->{$f}) { | |
52 | die "Missing field '$f'\n"; | |
53 | } | |
54 | } | |
55 | ||
56 | my $found; | |
57 | foreach my $hwid (split(/,/, $info->{validdirectory})) { | |
58 | if ($hwid eq $server_id) { | |
59 | $found = 1; | |
60 | last; | |
61 | } | |
62 | } | |
63 | die "Server ID does not match\n" if !$found; | |
64 | ||
65 | return undef; | |
66 | } | |
67 | ||
68 | sub check_subscription { | |
69 | my ($key, $server_id, $proxy) = @_; | |
70 | ||
71 | my $whmcsurl = "https://shop.maurer-it.com"; | |
72 | ||
73 | my $uri = "$whmcsurl/modules/servers/licensing/verify.php"; | |
74 | ||
75 | my $check_token = time() . md5_hex(rand(8999999999) + 1000000000) . $key; | |
76 | ||
77 | my $params = { | |
78 | licensekey => $key, | |
79 | dir => $server_id, | |
80 | domain => 'www.proxmox.com', | |
81 | ip => 'localhost', | |
82 | check_token => $check_token, | |
83 | }; | |
84 | ||
85 | my $req = HTTP::Request->new('POST' => $uri); | |
86 | $req->header('Content-Type' => 'application/x-www-form-urlencoded'); | |
87 | # We use a temporary URI object to format | |
88 | # the application/x-www-form-urlencoded content. | |
89 | my $url = URI->new('http:'); | |
90 | $url->query_form(%$params); | |
91 | my $content = $url->query; | |
92 | $req->header('Content-Length' => length($content)); | |
93 | $req->content($content); | |
94 | ||
95 | my $ua = LWP::UserAgent->new(protocols_allowed => ['https'], timeout => 30); | |
96 | ||
97 | if ($proxy) { | |
98 | $ua->proxy(['https'], $proxy); | |
99 | } else { | |
100 | $ua->env_proxy; | |
101 | } | |
102 | ||
103 | my $response = $ua->request($req); | |
104 | my $code = $response->code; | |
105 | ||
106 | if ($code != 200) { | |
107 | my $msg = $response->message || 'unknown'; | |
108 | die "Invalid response from server: $code $msg\n"; | |
109 | } | |
110 | ||
111 | my $raw = $response->decoded_content; | |
112 | ||
113 | my $subinfo = {}; | |
114 | while ($raw =~ m/<(.*?)>([^<]+)<\/\1>/g) { | |
115 | my ($k, $v) = ($1, $2); | |
116 | next if !($k eq 'md5hash' || defined($saved_fields->{$k})); | |
117 | $subinfo->{$k} = $v; | |
118 | } | |
119 | $subinfo->{checktime} = time(); | |
120 | $subinfo->{key} = $key; | |
121 | ||
122 | if ($subinfo->{message}) { | |
123 | $subinfo->{message} =~ s/^Directory Invalid$/Invalid Server ID/; | |
124 | } | |
125 | ||
126 | my $emd5sum = md5_hex($shared_key_data . $check_token); | |
127 | if ($subinfo->{status} && $subinfo->{status} eq 'Active') { | |
128 | if (!$subinfo->{md5hash} || ($subinfo->{md5hash} ne $emd5sum)) { | |
129 | die "MD5 Checksum Verification Failed\n"; | |
130 | } | |
131 | } | |
132 | ||
133 | delete $subinfo->{md5hash}; | |
134 | ||
135 | check_fields($subinfo, $server_id); | |
136 | ||
137 | return $subinfo; | |
138 | } | |
139 | ||
140 | sub read_subscription { | |
141 | my ($server_id, $filename, $fh) = @_; | |
142 | ||
143 | my $info = { status => 'Invalid' }; | |
144 | ||
145 | my $key = <$fh>; # first line is the key | |
146 | chomp $key; | |
147 | ||
148 | $info->{key} = $key; | |
149 | ||
150 | my $csum = <$fh>; # second line is a checksum | |
151 | ||
152 | my $data = ''; | |
153 | while (defined(my $line = <$fh>)) { | |
154 | $data .= $line; | |
155 | } | |
156 | ||
157 | if ($key && $csum && $data) { | |
158 | ||
159 | chomp $csum; | |
160 | ||
161 | my $localinfo = {}; | |
162 | ||
163 | eval { | |
164 | my $json_text = decode_base64($data); | |
165 | $localinfo = decode_json($json_text); | |
166 | my $newcsum = md5_base64($localinfo->{checktime} . $data . $shared_key_data); | |
167 | die "checksum failure\n" if $csum ne $newcsum; | |
168 | ||
169 | check_fields($localinfo, $server_id); | |
170 | ||
171 | my $age = time() - $localinfo->{checktime}; | |
172 | ||
173 | my $maxage = ($localkeydays + $allowcheckfaildays)*60*60*24; | |
174 | die "subscription info too old\n" | |
175 | if ($localinfo->{status} eq 'Active') && ($age > $maxage); | |
176 | }; | |
177 | if (my $err = $@) { | |
178 | chomp $err; | |
179 | $info->{message} = $err; | |
180 | } else { | |
181 | $info = $localinfo; | |
182 | } | |
183 | } | |
184 | ||
185 | return $info; | |
186 | } | |
187 | ||
188 | sub update_apt_auth { | |
189 | my ($key, $server_id) = @_; | |
190 | ||
191 | my $auth = { 'enterprise.proxmox.com' => { login => $key, password => $server_id } }; | |
192 | PVE::INotify::update_file('apt-auth', $auth); | |
193 | } | |
194 | ||
195 | sub write_subscription { | |
196 | my ($server_id, $filename, $fh, $info) = @_; | |
197 | ||
198 | if ($info->{status} eq 'New') { | |
199 | PVE::Tools::safe_print($filename, $fh, "$info->{key}\n"); | |
200 | } else { | |
201 | my $json = encode_json($info); | |
202 | my $data = encode_base64($json); | |
203 | my $csum = md5_base64($info->{checktime} . $data . $shared_key_data); | |
204 | ||
205 | my $raw = "$info->{key}\n$csum\n$data"; | |
206 | ||
207 | PVE::Tools::safe_print($filename, $fh, $raw); | |
208 | } | |
209 | ||
210 | update_apt_auth($info->{key}, $server_id); | |
211 | } | |
212 | ||
213 | 1; |