From e94cd574e167b297faf410047d164d2b0ea6a530 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Fabian=20Gr=C3=BCnbichler?= Date: Tue, 13 Sep 2022 14:46:03 +0200 Subject: [PATCH] remove PVE::Subscription and friends MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit this has been taken over by Proxmox::RS::Subscription, which is now used by pve-manager and pmg-api. Signed-off-by: Fabian Grünbichler --- debian/control | 4 +- src/PVE/INotify.pm | 78 -------------- src/PVE/Subscription.pm | 229 ---------------------------------------- 3 files changed, 2 insertions(+), 309 deletions(-) delete mode 100644 src/PVE/Subscription.pm diff --git a/debian/control b/debian/control index ce6a28e..0e5a311 100644 --- a/debian/control +++ b/debian/control @@ -40,9 +40,9 @@ Depends: libclone-perl, ${misc:Depends}, ${perl:Depends}, Breaks: ifupdown2 (<< 2.0.1-1+pve5), - pmg-api (<< 6.1-7), + pmg-api (<< 7.1-5), pve-container (<< 3.0-9), - pve-manager (<< 5.2-5), + pve-manager (<< 7.2-9), qemu-server (<< 7.0-19), Description: Proxmox VE base library This package contains the base library used by other Proxmox VE components. diff --git a/src/PVE/INotify.pm b/src/PVE/INotify.pm index 5f82d7b..661eaf1 100644 --- a/src/PVE/INotify.pm +++ b/src/PVE/INotify.pm @@ -1772,82 +1772,4 @@ sub read_iscsi_initiatorname { register_file('initiatorname', "/etc/iscsi/initiatorname.iscsi", \&read_iscsi_initiatorname); -sub read_apt_auth { - my ($filename, $fd) = @_; - - local $/; - - my $raw = defined($fd) ? <$fd> : ''; - - $raw =~ s/^\s+//; - - - my @tokens = split(/\s+/, $raw); - - my $data = {}; - - my $machine; - while (defined(my $tok = shift @tokens)) { - - $machine = shift @tokens if $tok eq 'machine'; - next if !$machine; - $data->{$machine} = {} if !$data->{$machine}; - - $data->{$machine}->{login} = shift @tokens if $tok eq 'login'; - $data->{$machine}->{password} = shift @tokens if $tok eq 'password'; - }; - - return $data; -} - -my $format_apt_auth_data = sub { - my $data = shift; - - my $raw = ''; - - # sort longer entries first, so machine definitions with higher granularity are preferred - for my $machine (sort { length($b) <=> length($a) || $a cmp $b} keys %$data) { - my $d = $data->{$machine}; - next if !defined($d); # allow "deleting" set entries - - $raw .= "machine $machine\n"; - $raw .= " login $d->{login}\n" if $d->{login}; - $raw .= " password $d->{password}\n" if $d->{password}; - $raw .= "\n"; - } - - return $raw; -}; - -sub write_apt_auth { - my ($filename, $fh, $data) = @_; - - my $raw = $format_apt_auth_data->($data); - - die "write failed: $!" unless print $fh "$raw\n"; - - return $data; -} - -sub update_apt_auth { - my ($filename, $fh, $data) = @_; - - my $orig = read_apt_auth($filename, $fh); - - foreach my $machine (keys %$data) { - $orig->{$machine} = $data->{$machine}; - } - - return $format_apt_auth_data->($orig); -} - -register_file( - 'apt-auth', - "/etc/apt/auth.conf", - \&read_apt_auth, - \&write_apt_auth, - \&update_apt_auth, - perm => 0640, -); - 1; diff --git a/src/PVE/Subscription.pm b/src/PVE/Subscription.pm deleted file mode 100644 index ffd86c0..0000000 --- a/src/PVE/Subscription.pm +++ /dev/null @@ -1,229 +0,0 @@ -package PVE::Subscription; - -use strict; -use warnings; -use Digest::MD5 qw(md5_hex md5_base64); -use MIME::Base64; -use HTTP::Request; -use URI; -use LWP::UserAgent; -use JSON; - -use PVE::Tools; -use PVE::INotify; - -# How long the local key is valid for in between remote checks -our $localkeydays = 15; -# How many days to allow after local key expiry before blocking -# access if connection cannot be made -my $allowcheckfaildays = 5; - -my $shared_key_data = "kjfdlskfhiuewhfk947368"; - -my $saved_fields = { - key => 1, - checktime => 1, - status => 1, - message => 0, - validdirectory => 1, - productname => 1, - regdate => 1, - nextduedate => 1, -}; - -sub check_fields { - my ($info, $server_id) = @_; - - foreach my $f (qw(status checktime key)) { - if (!$info->{$f}) { - die "Missing field '$f'\n"; - } - } - - if ($info->{checktime} > time()) { - die "Last check time in future.\n"; - } - - return undef if $info->{status} ne 'Active'; - - foreach my $f (keys %$saved_fields) { - next if !$saved_fields->{$f}; - if (!$info->{$f}) { - die "Missing field '$f'\n"; - } - } - - my $found; - foreach my $hwid (split(/,/, $info->{validdirectory})) { - if ($hwid eq $server_id) { - $found = 1; - last; - } - } - die "Server ID does not match\n" if !$found; - - return undef; -} - -sub check_subscription { - my ($key, $server_id, $proxy) = @_; - - my $whmcsurl = "https://shop.proxmox.com"; - - my $uri = "$whmcsurl/modules/servers/licensing/verify.php"; - - my $check_token = time() . md5_hex(rand(8999999999) + 1000000000) . $key; - - my $params = { - licensekey => $key, - dir => $server_id, - domain => 'www.proxmox.com', - ip => 'localhost', - check_token => $check_token, - }; - - my $req = HTTP::Request->new('POST' => $uri); - $req->header('Content-Type' => 'application/x-www-form-urlencoded'); - # We use a temporary URI object to format - # the application/x-www-form-urlencoded content. - my $url = URI->new('http:'); - $url->query_form(%$params); - my $content = $url->query; - $req->header('Content-Length' => length($content)); - $req->content($content); - - my $ua = LWP::UserAgent->new(protocols_allowed => ['https'], timeout => 30); - - if ($proxy) { - $ua->proxy(['https'], $proxy); - } else { - $ua->env_proxy; - } - - my $response = $ua->request($req); - my $code = $response->code; - - if ($code != 200) { - my $msg = $response->message || 'unknown'; - die "Invalid response from server: $code $msg\n"; - } - - my $raw = $response->decoded_content; - - my $subinfo = {}; - while ($raw =~ m/<(.*?)>([^<]+)<\/\1>/g) { - my ($k, $v) = ($1, $2); - next if !($k eq 'md5hash' || defined($saved_fields->{$k})); - $subinfo->{$k} = $v; - } - $subinfo->{checktime} = time(); - $subinfo->{key} = $key; - - if ($subinfo->{message}) { - $subinfo->{message} =~ s/^Directory Invalid$/Invalid Server ID/; - } - - my $emd5sum = md5_hex($shared_key_data . $check_token); - if ($subinfo->{status} && $subinfo->{status} eq 'Active') { - if (!$subinfo->{md5hash} || ($subinfo->{md5hash} ne $emd5sum)) { - die "MD5 Checksum Verification Failed\n"; - } - } - - delete $subinfo->{md5hash}; - - check_fields($subinfo, $server_id); - - return $subinfo; -} - -sub read_subscription { - my ($server_id, $filename, $fh) = @_; - - my $info = { status => 'Invalid' }; - - my $key = <$fh>; # first line is the key - chomp $key; - - $info->{key} = $key; - - my $csum = <$fh>; # second line is a checksum - - my $data = ''; - while (defined(my $line = <$fh>)) { - $data .= $line; - } - - if ($key && $csum && $data) { - - chomp $csum; - - my $localinfo = {}; - - eval { - my $json_text = decode_base64($data); - $localinfo = decode_json($json_text); - my $newcsum = md5_base64($localinfo->{checktime} . $data . $shared_key_data); - die "checksum failure\n" if $csum ne $newcsum; - - check_fields($localinfo, $server_id); - - my $age = time() - $localinfo->{checktime}; - - my $maxage = ($localkeydays + $allowcheckfaildays)*60*60*24; - die "subscription info too old\n" - if ($localinfo->{status} eq 'Active') && ($age > $maxage); - }; - if (my $err = $@) { - chomp $err; - $info->{message} = $err; - } else { - $info = $localinfo; - } - } - - return $info; -} - -sub update_apt_auth { - my ($key, $server_id) = @_; - - my $repo; - if ($key =~ /^pmg/) { - $repo = 'pmg'; - } elsif ($key =~ /^pve/) { - $repo = 'pve'; - } else { - warn "unknown key format for '$key', defaulting to pve\n"; - $repo = 'pve'; - } - - my $auth = { - "enterprise.proxmox.com" => undef, # for dropping the older, to generic match - "enterprise.proxmox.com/debian/$repo" => { - login => $key, - password => $server_id, - }, - }; - PVE::INotify::update_file('apt-auth', $auth); -} - -sub write_subscription { - my ($server_id, $filename, $fh, $info) = @_; - - if ($info->{status} eq 'New') { - PVE::Tools::safe_print($filename, $fh, "$info->{key}\n"); - } else { - my $json = encode_json($info); - my $data = encode_base64($json); - my $csum = md5_base64($info->{checktime} . $data . $shared_key_data); - - my $raw = "$info->{key}\n$csum\n$data"; - - PVE::Tools::safe_print($filename, $fh, $raw); - } - - update_apt_auth($info->{key}, $server_id); -} - -1; -- 2.39.2