'domains.cfg' => 1,
'priv/shadow.cfg' => 1,
'priv/tfa.cfg' => 1,
+ 'priv/token.cfg' => 1,
'/qemu-server/' => 1,
'/openvz/' => 1,
'/lxc/' => 1,
return &$ipcc_send_rec(CFS_IPC_GET_CLUSTER_LOG, $bindata);
};
+my $ipcc_verify_token = sub {
+ my ($full_token) = @_;
+
+ my $bindata = pack "Z*", $full_token;
+ my $res = PVE::IPCC::ipcc_send_rec(CFS_IPC_VERIFY_TOKEN, $bindata);
+
+ return 1 if $! == 0;
+ return 0 if $! == ENOENT;
+
+ die "$!\n";
+};
+
my $ccache = {};
sub cfs_update {
return &$ipcc_get_cluster_log($user, $max);
}
+sub verify_token {
+ my ($userid, $token) = @_;
+
+ return &$ipcc_verify_token("$userid $token");
+}
+
my $file_info = {};
sub cfs_register_file {
char property[];
} cfs_guest_config_propery_get_request_header_t;
+typedef struct {
+ struct qb_ipc_request_header req_header;
+ char token[];
+} cfs_verify_token_request_header_t;
+
struct s1_context {
int32_t client_pid;
uid_t uid;
result = cfs_create_guest_conf_property_msg(outbuf, memdb, rh->property, rh->vmid);
}
+ } else if (request_id == CFS_IPC_VERIFY_TOKEN) {
+
+ cfs_verify_token_request_header_t *rh = (cfs_verify_token_request_header_t *) data;
+ int tokenlen = request_size - G_STRUCT_OFFSET(cfs_verify_token_request_header_t, token) - 1;
+
+ if (tokenlen <= 0) {
+ cfs_debug("tokenlen <= 0, %d", tokenlen);
+ result = -EINVAL;
+ } else if (memchr(rh->token, '\n', tokenlen) != NULL) {
+ cfs_debug("token contains newline");
+ result = -EINVAL;
+ } else if (rh->token[tokenlen] != '\0') {
+ cfs_debug("token not NULL-terminated");
+ result = -EINVAL;
+ } else if (strnlen(rh->token, tokenlen) != tokenlen) {
+ cfs_debug("token contains NULL-byte");
+ result = -EINVAL;
+ } else {
+ cfs_debug("cfs_verify_token: basic validity checked, reading token.cfg");
+ gpointer tmp = NULL;
+ int bytes_read = memdb_read(memdb, "priv/token.cfg", &tmp);
+ size_t remaining = bytes_read > 0 ? bytes_read : 0;
+ if (tmp != NULL && remaining >= tokenlen) {
+ char *line = (char *) tmp;
+ char *next_line;
+ const char *const end = line + remaining;
+ size_t linelen;
+
+ while (line != NULL) {
+ next_line = memchr(line, '\n', remaining);
+ linelen = next_line == NULL ? remaining : next_line - line;
+ if (linelen == tokenlen && strncmp(line, rh->token, linelen) == 0) {
+ result = 0;
+ break;
+ }
+ line = next_line;
+ if (line != NULL) {
+ line += 1;
+ remaining = end - line;
+ }
+ }
+ if (line == NULL) {
+ result = -ENOENT;
+ }
+ g_free(tmp);
+ } else {
+ cfs_debug("token: token.cfg does not exist - ENOENT");
+ result = -ENOENT;
+ }
+ }
}
cfs_debug("process result %d", result);
{ .path = "domains.cfg" },
{ .path = "priv/shadow.cfg" },
{ .path = "priv/tfa.cfg" },
+ { .path = "priv/token.cfg" },
{ .path = "datacenter.cfg" },
{ .path = "vzdump.cron" },
{ .path = "ha/crm_commands" },