use PVE::Tools;
use PVE::APIServer::AnyEvent;
use PVE::Exception qw(raise_param_exc);
-use PVE::RESTEnvironment;
+use PMG::RESTEnvironment;
use PMG::Ticket;
use PMG::Cluster;
my $self = $class->SUPER::new(%args);
- $self->{rpcenv} = PVE::RESTEnvironment->init(
- $self->{trusted_env} ? 'priv' : 'pub', atfork => sub { $self-> atfork_handler() });
+ $self->{rpcenv} = PMG::RESTEnvironment->init(
+ $self->{trusted_env} ? 'priv' : 'pub', atfork => sub { $self->atfork_handler() });
return $self;
}
# set environment variables
$rpcenv->set_user(undef);
+ $rpcenv->set_role(undef);
$rpcenv->set_language('C');
$rpcenv->set_client_ip($peer_host);
die "No ticket\n" if !$ticket;
- ($username, $age) = PMG::Ticket::verify_ticket($ticket);
+ if ($ticket =~ m/^PMGQUAR:/) {
+ ($username, $age) = PMG::Ticket::verify_quarantine_ticket($ticket);
+ $rpcenv->set_user($username);
+ $rpcenv->set_role('quser');
+ } else {
+ ($username, $age) = PMG::Ticket::verify_ticket($ticket);
+ my $role = PMG::AccessControl::check_user_enabled($self->{usercfg}, $username);
+ $rpcenv->set_user($username);
+ $rpcenv->set_role($role);
+ }
- $rpcenv->set_user($username);
+ $rpcenv->set_ticket($ticket);
my $euid = $>;
PMG::Ticket::verify_csrf_prevention_token($username, $token)
}
sub rest_handler {
- my ($self, $clientip, $method, $rel_uri, $auth, $params) = @_;
+ my ($self, $clientip, $method, $rel_uri, $auth, $params, $format) = @_;
my $rpcenv = $self->{rpcenv};
+ $rpcenv->set_format($format);
my $resp = {
status => HTTP_NOT_IMPLEMENTED,
}
# check access permissions
- $rpcenv->check_api2_permissions($info->{permissions}, $auth->{userid}, $uri_param);
+ $rpcenv->check_api2_permissions($info->{permissions}, $uri_param);
- if ($info->{proxyto}) {
- my $pn = $info->{proxyto};
+ if (my $pn = $info->{proxyto}) {
my $node;
if ($pn eq 'master') {
- $node = $self->get_master_node();
+ $node = PMG::Cluster::get_master_node();
} else {
$node = $uri_param->{$pn};
raise_param_exc({$pn => "proxy parameter '$pn' does not exists"}) if !$node;
return;
}
+ if (my $pn = $info->{proxyto}) {
+ if ($pn eq 'master') {
+ $rpcenv->check_node_is_master();
+ }
+ }
+
$resp = {
data => $handler->handle($info, $uri_param),
info => $info, # useful to format output
my $err = $@;
$rpcenv->set_user(undef); # clear after request
+ $rpcenv->set_role(undef); # clear after request
+ $rpcenv->set_format(undef); # clear after request
if ($err) {
$resp = { info => $info };
sub remote_node_ip {
my ($self, $node) = @_;
- my $remip = PMG::Cluster::remote_node_ip($node);
+ my $remip = PMG::Cluster::remote_node_ip($node);
die "unable to get remote IP address for node '$node'\n" if !$remip;
return $remip;
}
-sub get_master_node {
- my ($self) = @_;
-
- my $cinfo = PVE::INotify::read_file("cluster.conf");
-
- return $cinfo->{master}->{name} if defined($cinfo->{master});
-
- return 'localhost';
-}
-
1;