bin/pveproxy

   1 #!/usr/bin/perl -T -w
   2
   3 $ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin';
   4
   5 delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
   6
   7 use lib '..'; #  fixme
   8 use strict;
   9 use Getopt::Long;
  10 use POSIX ":sys_wait_h";
  11 use Socket;
  12 use IO::Socket::INET;
  13 use PVE::SafeSyslog;
  14 # use PVE::Config; # fixme
  15 use PVE::APIDaemon;
  16 use HTTP::Response;
  17 use Encode;
  18 use URI;
  19 use URI::QueryParam;
  20 use File::Find;
  21 use Data::Dumper;
  22
  23
  24 my $pidfile = "/var/run/pveproxy.pid";
  25 my $lockfile = "/var/lock/pveproxy.lck";
  26
  27 my $opt_debug;
  28
  29 initlog ('pveproxy');
  30
  31 if (!GetOptions ('debug' => \$opt_debug)) {
  32     die "usage: $0 [--debug]\n";
  33 }
  34
  35 $SIG{'__WARN__'} = sub {
  36     my $err = $@;
  37     my $t = $_[0];
  38     chomp $t;
  39     syslog('warning', "WARNING: %s", $t);
  40     $@ = $err;
  41 };
  42
  43 $0 = "pveproxy";
  44
  45 PVE::APIDaemon::enable_debug() if $opt_debug;
  46
  47 sub add_dirs {
  48     my ($result_hash, $alias, $subdir) = @_;
  49
  50     $result_hash->{$alias} = $subdir;
  51
  52     my $wanted = sub {
  53         my $dir = $File::Find::dir;
  54         if ($dir =~m!^$subdir(.*)$!) {
  55             my $name = "$alias$1/";
  56             $result_hash->{$name} = "$dir/";
  57         }
  58     };
  59
  60     find({wanted => $wanted, follow => 0, no_chdir => 1}, $subdir);
  61 }
  62
  63 my $cpid;
  64 my $daemon;
  65 eval {
  66
  67     my $dirs = {};
  68
  69     add_dirs($dirs, '/pve2/ext4/', '/usr/share/pve-manager/ext4/');
  70     add_dirs($dirs, '/pve2/images/' => '/usr/share/pve-manager/images/');
  71     add_dirs($dirs, '/pve2/css/' => '/usr/share/pve-manager/css/');
  72     add_dirs($dirs, '/vncterm/' => '/usr/share/vncterm/');
  73
  74     $daemon = PVE::APIDaemon->new(
  75         port => 8006,
  76         keep_alive => 100,
  77         max_conn => 500,
  78         max_requests => 1000,
  79         trusted_env => 0, # not trusted, anyone can connect
  80         logfile => '/var/log/pve/access.log',
  81         lockfile => $lockfile,
  82         ssl => {
  83             key_file => '/etc/pve/local/pve-ssl.key',
  84             cert_file => '/etc/pve/local/pve-ssl.pem',
  85         },
  86         # Note: there is no authentication for those pages and dirs!
  87         pages => {
  88             '/' => \&get_index,
  89             # avoid authentication when accessing favicon
  90             '/favicon.ico' => {
  91                 file => '/usr/share/pve-manager/images/favicon.ico',
  92             },
  93         },
  94         dirs => $dirs,
  95     );
  96 };
  97
  98 my $err = $@;
  99
 100 if ($err) {
 101     syslog ('err' , "unable to start server: $err");
 102     print STDERR $err;
 103     exit (-1);
 104 }
 105
 106 if ($opt_debug || !($cpid = fork ())) {
 107
 108     $SIG{PIPE} = 'IGNORE';
 109     $SIG{INT} = 'IGNORE' if !$opt_debug;
 110
 111     $SIG{TERM} = $SIG{QUIT} = sub {
 112         syslog ('info' , "server closing");
 113
 114         $SIG{INT} = 'DEFAULT';
 115
 116         unlink "$pidfile";
 117
 118         exit (0);
 119     };
 120
 121     syslog ('info' , "starting server");
 122
 123     if (!$opt_debug) {
 124         # redirect STDIN/STDOUT/SDTERR to /dev/null
 125         open STDIN,  '</dev/null' || die "can't read /dev/null  [$!]";
 126         open STDOUT, '>/dev/null' || die "can't write /dev/null [$!]";
 127         open STDERR, '>&STDOUT' || die "can't open STDERR to STDOUT [$!]";
 128     }
 129
 130     POSIX::setsid();
 131
 132     eval {
 133         $daemon->start_server();
 134     };
 135     my $err = $@;
 136
 137     if ($err) {
 138         syslog ('err' , "unexpected server error: $err");
 139         print STDERR $err if $opt_debug;
 140         exit (-1);
 141     }
 142
 143 } else {
 144
 145     open (PIDFILE, ">$pidfile") ||
 146         die "cant write '$pidfile' - $! :ERROR";
 147     print PIDFILE "$cpid\n";
 148     close (PIDFILE) ||
 149         die "cant write '$pidfile' - $! :ERROR";
 150 }
 151
 152 exit (0);
 153
 154 # NOTE: Requests to those pages are not authenticated
 155 # so we must be very careful here
 156
 157 sub get_index {
 158     my ($server, $r, $params) = @_;
 159
 160     my $lang = 'en';
 161     my $username;
 162     my $token = 'null';
 163
 164     if (my $cookie = $r->header('Cookie')) {
 165         if (my $newlang = ($cookie =~ /(?:^|\s)PVELangCookie=([^;]*)/)[0]) {
 166             if ($newlang =~ m/^[a-z]{2,3}(_[A-Z]{2,3})?$/) {
 167                 $lang = $newlang;
 168             }
 169         }
 170         my $ticket = PVE::REST::extract_auth_cookie($cookie);
 171         if (($username = PVE::AccessControl::verify_ticket($ticket, 1))) {
 172             $token = PVE::AccessControl::assemble_csrf_prevention_token($username);
 173         }
 174     }
 175
 176     my $args = $r->url->query_form_hash();
 177
 178     my $workspace = defined($args->{console}) ?
 179         "PVE.ConsoleWorkspace" : "PVE.StdWorkspace";
 180
 181     $username = '' if !$username;
 182
 183     my $jssrc = <<_EOJS;
 184 if (!PVE) PVE = {};
 185 PVE.UserName = '$username';
 186 PVE.CSRFPreventionToken = '$token';
 187 _EOJS
 188
 189     my $langfile = "/usr/share/pve-manager/ext4/locale/ext-lang-${lang}.js";
 190     $jssrc .= PVE::Tools::file_get_contents($langfile) if -f $langfile;
 191
 192     my $i18nsrc;
 193     $langfile = "/usr/share/pve-manager/root/pve-lang-${lang}.js";
 194     if (-f $langfile) {
 195         $i18nsrc = PVE::Tools::file_get_contents($langfile);
 196     } else {
 197         $i18nsrc = 'function gettext(buf) { return buf; }';
 198     }
 199
 200     $jssrc .= <<_EOJS;
 201
 202 // we need this (the java applet ignores the zindex)
 203 Ext.useShims = true;
 204
 205 Ext.History.fieldid = 'x-history-field';
 206
 207 Ext.onReady(function() { Ext.create('$workspace');});
 208
 209 _EOJS
 210
 211     my $page = <<_EOD;
 212 <html>
 213   <head>
 214     <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
 215
 216     <title>Proxmox Virtual Environment</title>
 217
 218     <link rel="stylesheet" type="text/css" href="/pve2/ext4/resources/css/ext-all.css" />
 219     <link rel="stylesheet" type="text/css" href="/pve2/css/ext-pve.css" />
 220
 221     <script type="text/javascript">$i18nsrc</script>
 222     <script type="text/javascript" src="/pve2/ext4/ext-all-debug.js"></script>
 223     <script type="text/javascript" src="/pve2/ext4/pvemanagerlib.js"></script>
 224     <script type="text/javascript">$jssrc</script>
 225
 226   </head>
 227   <body>
 228     <!-- Fields required for history management -->
 229     <form id="history-form" class="x-hidden">
 230     <input type="hidden" id="x-history-field"/>
 231     </form>
 232   </body>
 233 </html>
 234 _EOD
 235
 236     my $resp = HTTP::Response->new(200, "OK", undef, $page);
 237
 238     return $resp;
 239 }
 240
 241 __END__
 242
 243 =head1 NAME
 244
 245 pveproxy - the PVE API proxy server
 246
 247 =head1 SYNOPSIS
 248
 249 pveproxy [--debug]
 250
 251 =head1 DESCRIPTION
 252
 253 This is the REST API proxy server, listening on port 8006.
 254
 255