]> git.proxmox.com Git - pve-http-server.git/blob - PVE/APIServer/Utils.pm
projects / pve-http-server.git / blob
? search:


36e3ae63b1c1f126b2293d63d11e4ea8c505aa79
[pve-http-server.git] / PVE / APIServer / Utils.pm
1 package PVE::APIServer::Utils;
2
3 use strict;
4 use warnings;
5
6 use Net::IP;
7
8 # all settings are used for pveproxy and pmgproxy
9 # the ALLOW/DENY/POLICY is also used by spiceproxy
10 sub read_proxy_config {
11 my ($proxy_name) = @_;
12
13 my $conffile = "/etc/default/$proxy_name";
14
15 # Note: evaluate with bash
16 my $shcmd = ". $conffile;\n";
17 $shcmd .= 'echo \"LISTEN_IP:\$LISTEN_IP\";';
18 $shcmd .= 'echo \"ALLOW_FROM:\$ALLOW_FROM\";';
19 $shcmd .= 'echo \"DENY_FROM:\$DENY_FROM\";';
20 $shcmd .= 'echo \"POLICY:\$POLICY\";';
21 $shcmd .= 'echo \"CIPHERS:\$CIPHERS\";';
22 $shcmd .= 'echo \"DHPARAMS:\$DHPARAMS\";';
23 $shcmd .= 'echo \"HONOR_CIPHER_ORDER:\$HONOR_CIPHER_ORDER\";';
24 $shcmd .= 'echo \"COMPRESSION:\$COMPRESSION\";';
25
26 my $data = -f $conffile ? `bash -c "$shcmd"` : '';
27
28 my $res = {};
29
30 while ($data =~ s/^(.*)\n//) {
31 my ($key, $value) = split(/:/, $1, 2);
32 next if !defined($value) || $value eq '';
33 if ($key eq 'ALLOW_FROM' || $key eq 'DENY_FROM') {
34 my $ips = [];
35 foreach my $ip (split(/,/, $value)) {
36 $ip = "0/0" if $ip eq 'all';
37 push @$ips, Net::IP->new($ip) || die Net::IP::Error() . "\n";
38 }
39 $res->{$key} = $ips;
40 } elsif ($key eq 'LISTEN_IP') {
41 $res->{$key} = $value;
42 } elsif ($key eq 'POLICY') {
43 die "unknown policy '$value'\n" if $value !~ m/^(allow|deny)$/;
44 $res->{$key} = $value;
45 } elsif ($key eq 'CIPHERS') {
46 $res->{$key} = $value;
47 } elsif ($key eq 'DHPARAMS') {
48 $res->{$key} = $value;
49 } elsif ($key eq 'HONOR_CIPHER_ORDER' || $key eq 'COMPRESSION') {
50 die "unknown value '$value' - use 0 or 1\n" if $value !~ m/^(0|1)$/;
51 $res->{$key} = $value;
52 } else {
53 # silently skip everythin else?
54 }
55 }
56
57 return $res;
58 }
59
60 1;
PVE HTTP Server