add termproxy api call for nodes

and add dependency for pve-xtermjs

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>

diff --git a/PVE/API2/Nodes.pm b/PVE/API2/Nodes.pm
index a97620ef37ac43f387aed47a33d6d19087cc4180..f11fd169eddca8e4a4a6b63bb9261c7f4bd8dc64 100644 (file)
--- a/PVE/API2/Nodes.pm
+++ b/PVE/API2/Nodes.pm
@@ -155,6 +155,7 @@ __PACKAGE__->register_method ({
            { name => 'rrddata' },# fixme: remove?
            { name => 'replication' },
            { name => 'vncshell' },
+           { name => 'termproxy' },
            { name => 'spiceshell' },
            { name => 'time' },
            { name => 'dns' },
@@ -758,6 +759,102 @@ __PACKAGE__->register_method ({
        };
     }});
 
+__PACKAGE__->register_method ({
+    name => 'termproxy',
+    path => 'termproxy',
+    method => 'POST',
+    protected => 1,
+    permissions => {
+       description => "Restricted to users on realm 'pam'",
+       check => ['perm', '/nodes/{node}', [ 'Sys.Console' ]],
+    },
+    description => "Creates a VNC Shell proxy.",
+    parameters => {
+       additionalProperties => 0,
+       properties => {
+           node => get_standard_option('pve-node'),
+           upgrade => {
+               type => 'boolean',
+               description => "Run 'apt-get dist-upgrade' instead of normal shell.",
+               optional => 1,
+               default => 0,
+           },
+       },
+    },
+    returns => {
+       additionalProperties => 0,
+       properties => {
+           user => { type => 'string' },
+           ticket => { type => 'string' },
+           port => { type => 'integer' },
+           upid => { type => 'string' },
+       },
+    },
+    code => sub {
+       my ($param) = @_;
+
+       my $rpcenv = PVE::RPCEnvironment::get();
+
+       my ($user, undef, $realm) = PVE::AccessControl::verify_username($rpcenv->get_user());
+
+       raise_perm_exc("realm != pam") if $realm ne 'pam';
+
+       my $node = $param->{node};
+
+       my $authpath = "/nodes/$node";
+
+       my $ticket = PVE::AccessControl::assemble_vnc_ticket($user, $authpath);
+
+       my ($remip, $family);
+
+       if ($node ne 'localhost' && $node ne PVE::INotify::nodename()) {
+           ($remip, $family) = PVE::Cluster::remote_node_ip($node);
+       } else {
+           $family = PVE::Tools::get_host_address_family($node);
+       }
+
+       my $port = PVE::Tools::next_vnc_port($family);
+
+       my $remcmd = $remip ?
+           ['/usr/bin/ssh', '-e', 'none', '-t', $remip , '--'] : [];
+
+       my $concmd;
+
+       if ($user eq 'root@pam') {
+           if ($param->{upgrade}) {
+               my $upgradecmd = "pveupgrade --shell";
+               $concmd = [ '/bin/bash', '-c', $upgradecmd ];
+           } else {
+               $concmd = [ '/bin/login', '-f', 'root' ];
+           }
+       } else {
+           $concmd = [ '/bin/login' ];
+       }
+
+       my $realcmd = sub {
+           my $upid = shift;
+
+           syslog ('info', "starting termproxy $upid\n");
+
+           my $cmd = ['/usr/bin/termproxy', $port, '--path', $authpath,
+                      '--perm', 'Sys.Console',  '--'];
+           push  @$cmd, @$remcmd, @$concmd;
+
+           PVE::Tools::run_command($cmd);
+       };
+
+       my $upid = $rpcenv->fork_worker('vncshell', "", $user, $realcmd);
+
+       PVE::Tools::wait_for_vnc_port($port);
+
+       return {
+           user => $user,
+           ticket => $ticket,
+           port => $port,
+           upid => $upid,
+       };
+    }});
+
 __PACKAGE__->register_method({
     name => 'vncwebsocket',
     path => 'vncwebsocket',

diff --git a/debian/control b/debian/control
index 9e399edcd8177d459d25c53fb6498a88448aa346..888753427921436002df3ca9342966f83ee94bb7 100644 (file)
--- a/debian/control
+++ b/debian/control
@@ -59,6 +59,7 @@ Depends: apt-transport-https,
          pve-docs,
          pve-firewall,
          pve-ha-manager,
+         pve-xtermjs (>= 0.1-1),
          qemu-server (>= 1.1-1),
          rsync,
          spiceterm,