assemble_spice_ticket

[pve-access-control.git] / PVE / AccessControl.pm

diff --git a/PVE/AccessControl.pm b/PVE/AccessControl.pm
index a9bf2dd9a1ec522cbd2a003a608f506a1dc97252..44299ce07c634d3f407e8f74cbde2e2bd1d87228 100644 (file)
--- a/PVE/AccessControl.pm
+++ b/PVE/AccessControl.pm
@@ -5,6 +5,7 @@ use Encode;
 use Crypt::OpenSSL::Random;
 use Crypt::OpenSSL::RSA;
 use MIME::Base64;
+use MIME::Base32 qw( RFC );
 use Digest::SHA;
 use PVE::Tools qw(run_command lock_file file_get_contents split_list safe_print);
 use PVE::Cluster qw(cfs_register_file cfs_read_file cfs_write_file cfs_lock_file);
@@ -213,6 +214,23 @@ sub verify_vnc_ticket {
     return undef;
 }
 
+sub assemble_spice_ticket {
+    my ($username, $path) = @_;
+
+    my $rsa_priv = get_privkey();
+
+    my $timestamp = sprintf("%08X", time());
+
+    my $plain = "PVESPICE:$timestamp";
+
+    $path = normalize_path($path);
+
+    my $full = "$plain:$path";
+
+    my $ticket = $plain . "::" . encode_base64($rsa_priv->sign($full), '');
+    return MIME::Base32::encode($ticket."::".$full);
+}
+
 sub check_user_exist {
     my ($usercfg, $username, $noerr) = @_;