use MIME::Base64;
use HTTP::Request;
use LWP::UserAgent;
-use JSON;
+use JSON;
use PVE::Tools;
use PVE::ProcFSTools;
use PVE::JSONSchema qw(get_standard_option);
use PVE::SafeSyslog;
+use PVE::Subscription;
use PVE::API2Tools;
use PVE::RESTHandler;
\&read_etc_pve_subscription,
\&write_etc_pve_subscription);
-# How long the local key is valid for in between remote checks
-my $localkeydays = 15;
-# How many days to allow after local key expiry before blocking
-# access if connection cannot be made
-my $allowcheckfaildays = 5;
-
-my $shared_key_data = "kjfdlskfhiuewhfk947368";
+my $subscription_pattern = 'pve([124])([cbsp])-[0-9a-f]{10}';
sub get_sockets {
my $info = PVE::ProcFSTools::read_cpuinfo();
}
sub parse_key {
- my ($key) = @_;
+ my ($key, $noerr) = @_;
- if ($key =~ m/^pve([124])([cbsp])-[0-9a-f]{10}$/) {
+ if ($key =~ m/^${subscription_pattern}$/) {
return wantarray ? ($1, $2) : $1; # number of sockets, level
}
- return undef;
+ return undef if $noerr;
+
+ die "Wrong subscription key format\n";
}
-my $saved_fields = {
- key => 1,
- checktime => 1,
- status => 1,
- message => 0,
- validdirectory => 1,
- productname => 1,
- regdate => 1,
- nextduedate => 1,
-};
-
-sub check_fields {
- my ($info, $server_id, $req_sockets) = @_;
-
- foreach my $f (qw(status checktime key)) {
- if (!$info->{$f}) {
- die "Missing field '$f'\n";
- }
- }
+sub check_key {
+ my ($key, $req_sockets) = @_;
- my $sockets = parse_key($info->{key});
- if (!$sockets) {
- die "Wrong subscription key format\n";
- }
+ my ($sockets, $level) = parse_key($key);
if ($sockets < $req_sockets) {
die "wrong number of sockets ($sockets < $req_sockets)\n";
}
-
- if ($info->{checktime} > time()) {
- die "Last check time in future.\n";
- }
-
- return undef if $info->{status} ne 'Active';
-
- foreach my $f (keys %$saved_fields) {
- next if !$saved_fields->{$f};
- if (!$info->{$f}) {
- die "Missing field '$f'\n";
- }
- }
-
- my $found;
- foreach my $hwid (split(/,/, $info->{validdirectory})) {
- if ($hwid eq $server_id) {
- $found = 1;
- last;
- }
- }
- die "Server ID does not match\n" if !$found;
-
- return undef;
+ return ($sockets, $level);
}
sub read_etc_pve_subscription {
my ($filename, $fh) = @_;
- my $info = { status => 'Invalid' };
-
- my $key = <$fh>; # first line is the key
- chomp $key;
- my ($sockets, $level) = parse_key($key);
- die "Wrong subscription key format\n" if !$sockets;
-
- my $csum = <$fh>; # second line is a checksum
-
- $info->{key} = $key;
-
- my $data = '';
- while (defined(my $line = <$fh>)) {
- $data .= $line;
- }
-
- if ($csum && $data) {
-
- chomp $csum;
-
- my $localinfo = {};
-
- eval {
- my $json_text = decode_base64($data);
- $localinfo = decode_json($json_text);
- my $newcsum = md5_base64($localinfo->{checktime} . $data . $shared_key_data);
- die "checksum failure\n" if $csum ne $newcsum;
-
- my $req_sockets = get_sockets();
- my $server_id = PVE::API2Tools::get_hwaddress();
-
- check_fields($localinfo, $server_id, $req_sockets);
+ my $req_sockets = get_sockets();
+ my $server_id = PVE::API2Tools::get_hwaddress();
- my $age = time() - $localinfo->{checktime};
+ my $info = PVE::Subscription::read_subscription($server_id, $filename, $fh);
- my $maxage = ($localkeydays + $allowcheckfaildays)*60*60*24;
- if ($localinfo->{status} eq 'Active' && $age > $maxage) {
- $localinfo->{status} = 'Invalid';
- $localinfo->{message} = "subscription info too old";
- }
- };
- if (my $err = $@) {
- warn $err;
- } else {
- $info = $localinfo;
- }
- }
+ return $info if $info->{status} ne 'Active';
- if ($info->{status} eq 'Active') {
+ my ($sockets, $level);
+ eval { ($sockets, $level) = check_key($info->{key}, $req_sockets); };
+ if (my $err = $@) {
+ chomp $err;
+ $info->{status} = 'Invalid';
+ $info->{message} = $err;
+ } else {
$info->{level} = $level;
}
return $info;
}
-sub write_apt_auth {
- my $key = shift;
-
- my $server_id = PVE::API2Tools::get_hwaddress();
- my $auth = { 'enterprise.proxmox.com' => { login => $key, password => $server_id } };
- PVE::INotify::update_file('apt-auth', $auth);
-
-}
-
sub write_etc_pve_subscription {
my ($filename, $fh, $info) = @_;
- if ($info->{status} eq 'New') {
- PVE::Tools::safe_print($filename, $fh, "$info->{key}\n");
- return;
- }
-
- my $json = encode_json($info);
- my $data = encode_base64($json);
- my $csum = md5_base64($info->{checktime} . $data . $shared_key_data);
-
- my $raw = "$info->{key}\n$csum\n$data";
-
- PVE::Tools::safe_print($filename, $fh, $raw);
-
- write_apt_auth($info->{key});
-}
-
-sub check_subscription {
- my ($key) = @_;
-
- my $whmcsurl = "https://shop.maurer-it.com";
-
- my $uri = "$whmcsurl/modules/servers/licensing/verify.php";
-
my $server_id = PVE::API2Tools::get_hwaddress();
-
- my $req_sockets = get_sockets();
-
- my $check_token = time() . md5_hex(rand(8999999999) + 1000000000) . $key;
-
- my $dccfg = PVE::Cluster::cfs_read_file('datacenter.cfg');
- my $proxy = $dccfg->{http_proxy};
-
- my $params = {
- licensekey => $key,
- dir => $server_id,
- domain => 'www.proxmox.com',
- ip => 'localhost',
- check_token => $check_token,
- };
-
- my $req = HTTP::Request->new('POST' => $uri);
- $req->header('Content-Type' => 'application/x-www-form-urlencoded');
- # We use a temporary URI object to format
- # the application/x-www-form-urlencoded content.
- my $url = URI->new('http:');
- $url->query_form(%$params);
- my $content = $url->query;
- $req->header('Content-Length' => length($content));
- $req->content($content);
-
- my $ua = LWP::UserAgent->new(protocols_allowed => ['https'], timeout => 30);
-
- if ($proxy) {
- $ua->proxy(['https'], $proxy);
- } else {
- $ua->env_proxy;
- }
-
- my $response = $ua->request($req);
- my $code = $response->code;
-
- if ($code != 200) {
- my $msg = $response->message || 'unknown';
- die "Invalid response from server: $code $msg\n";
- }
-
- my $raw = $response->decoded_content;
-
- my $subinfo = {};
- while ($raw =~ m/<(.*?)>([^<]+)<\/\1>/g) {
- my ($k, $v) = ($1, $2);
- next if !($k eq 'md5hash' || defined($saved_fields->{$k}));
- $subinfo->{$k} = $v;
- }
- $subinfo->{checktime} = time();
- $subinfo->{key} = $key;
-
- if ($subinfo->{message}) {
- $subinfo->{message} =~ s/^Directory Invalid$/Invalid Server ID/;
- }
-
- my $emd5sum = md5_hex($shared_key_data . $check_token);
- if ($subinfo->{status} && $subinfo->{status} eq 'Active') {
- if (!$subinfo->{md5hash} || ($subinfo->{md5hash} ne $emd5sum)) {
- die "MD5 Checksum Verification Failed\n";
- }
- }
-
- delete $subinfo->{md5hash};
-
- check_fields($subinfo, $server_id, $req_sockets);
-
- return $subinfo;
+ PVE::Subscription::write_subscription($server_id, $filename, $fh, $info);
}
__PACKAGE__->register_method ({
- name => 'get',
- path => '',
+ name => 'get',
+ path => '',
method => 'GET',
description => "Read subscription info.",
proxyto => 'node',
my ($param) = @_;
my $server_id = PVE::API2Tools::get_hwaddress();
+ my $url = "http://www.proxmox.com/products/proxmox-ve/subscription-service-plans";
my $info = PVE::INotify::read_file('subscription');
if (!$info) {
status => "NotFound",
message => "There is no subscription key",
serverid => $server_id,
+ url => $url,
}
}
$info->{serverid} = $server_id;
$info->{sockets} = get_sockets();
+ $info->{url} = $url;
return $info
}});
__PACKAGE__->register_method ({
- name => 'update',
- path => '',
+ name => 'update',
+ path => '',
method => 'POST',
description => "Update subscription info.",
proxyto => 'node',
my $info = PVE::INotify::read_file('subscription');
return undef if !$info;
- write_apt_auth($info->{key}) if $info->{key};
+ my $server_id = PVE::API2Tools::get_hwaddress();
+ my $key = $info->{key};
+
+ if ($key) {
+ PVE::Subscription::update_apt_auth($key, $server_id);
+ }
if (!$param->{force} && $info->{status} eq 'Active') {
my $age = time() - $info->{checktime};
- return undef if $age < $localkeydays*60*60*24;
+ return undef if $age < $PVE::Subscription::localkeydays*60*60*24;
}
-
- my $key = $info->{key};
- $info = check_subscription($key);
+ my $req_sockets = get_sockets();
+ check_key($key, $req_sockets);
+
+ my $dccfg = PVE::Cluster::cfs_read_file('datacenter.cfg');
+ my $proxy = $dccfg->{http_proxy};
+
+ $info = PVE::Subscription::check_subscription($key, $server_id, $proxy);
PVE::INotify::write_file('subscription', $info);
}});
__PACKAGE__->register_method ({
- name => 'set',
- path => '',
+ name => 'set',
+ path => '',
method => 'PUT',
description => "Set subscription key.",
proxyto => 'node',
key => {
description => "Proxmox VE subscription key",
type => 'string',
+ pattern => $subscription_pattern,
+ maxLength => 32,
},
},
},
code => sub {
my ($param) = @_;
- $param->{key} = PVE::Tools::trim($param->{key});
+ my $key = PVE::Tools::trim($param->{key});
my $info = {
status => 'New',
- key => $param->{key},
+ key => $key,
checktime => time(),
};
my $req_sockets = get_sockets();
my $server_id = PVE::API2Tools::get_hwaddress();
- check_fields($info, $server_id, $req_sockets);
+ check_key($key, $req_sockets);
PVE::INotify::write_file('subscription', $info);
- $info = check_subscription($param->{key});
+ my $dccfg = PVE::Cluster::cfs_read_file('datacenter.cfg');
+ my $proxy = $dccfg->{http_proxy};
+
+ $info = PVE::Subscription::check_subscription($key, $server_id, $proxy);
PVE::INotify::write_file('subscription', $info);