]>
Commit | Line | Data |
---|---|---|
c610c859 SI |
1 | package PVE::APIServer::Utils; |
2 | ||
3 | use strict; | |
4 | use warnings; | |
5 | ||
6 | use Net::IP; | |
7 | ||
7266fc2d SI |
8 | # all settings are used for pveproxy and pmgproxy |
9 | # the ALLOW/DENY/POLICY is also used by spiceproxy | |
c610c859 SI |
10 | sub read_proxy_config { |
11 | my ($proxy_name) = @_; | |
12 | ||
13 | my $conffile = "/etc/default/$proxy_name"; | |
14 | ||
15 | # Note: evaluate with bash | |
16 | my $shcmd = ". $conffile;\n"; | |
9afe1e89 | 17 | $shcmd .= 'echo \"LISTEN_IP:\$LISTEN_IP\";'; |
c610c859 SI |
18 | $shcmd .= 'echo \"ALLOW_FROM:\$ALLOW_FROM\";'; |
19 | $shcmd .= 'echo \"DENY_FROM:\$DENY_FROM\";'; | |
20 | $shcmd .= 'echo \"POLICY:\$POLICY\";'; | |
21 | $shcmd .= 'echo \"CIPHERS:\$CIPHERS\";'; | |
95fde1f7 | 22 | $shcmd .= 'echo \"CIPHERSUITES:\$CIPHERSUITES\";'; |
c610c859 | 23 | $shcmd .= 'echo \"DHPARAMS:\$DHPARAMS\";'; |
d93700f1 | 24 | $shcmd .= 'echo \"TLS_KEY_FILE:\$TLS_KEY_FILE\";'; |
c610c859 SI |
25 | $shcmd .= 'echo \"HONOR_CIPHER_ORDER:\$HONOR_CIPHER_ORDER\";'; |
26 | $shcmd .= 'echo \"COMPRESSION:\$COMPRESSION\";'; | |
27 | ||
28 | my $data = -f $conffile ? `bash -c "$shcmd"` : ''; | |
29 | ||
30 | my $res = {}; | |
31 | ||
32 | while ($data =~ s/^(.*)\n//) { | |
33 | my ($key, $value) = split(/:/, $1, 2); | |
34 | next if !defined($value) || $value eq ''; | |
35 | if ($key eq 'ALLOW_FROM' || $key eq 'DENY_FROM') { | |
36 | my $ips = []; | |
37 | foreach my $ip (split(/,/, $value)) { | |
9494318e SI |
38 | if ($ip eq 'all') { |
39 | push @$ips, Net::IP->new('0/0') || die Net::IP::Error() . "\n"; | |
40 | push @$ips, Net::IP->new('::/0') || die Net::IP::Error() . "\n"; | |
41 | next; | |
42 | } | |
c6de5b3f | 43 | push @$ips, Net::IP->new(normalize_v4_in_v6($ip)) || die Net::IP::Error() . "\n"; |
c610c859 SI |
44 | } |
45 | $res->{$key} = $ips; | |
9afe1e89 OB |
46 | } elsif ($key eq 'LISTEN_IP') { |
47 | $res->{$key} = $value; | |
c610c859 SI |
48 | } elsif ($key eq 'POLICY') { |
49 | die "unknown policy '$value'\n" if $value !~ m/^(allow|deny)$/; | |
50 | $res->{$key} = $value; | |
51 | } elsif ($key eq 'CIPHERS') { | |
52 | $res->{$key} = $value; | |
95fde1f7 FG |
53 | } elsif ($key eq 'CIPHERSUITES') { |
54 | $res->{$key} = $value; | |
c610c859 SI |
55 | } elsif ($key eq 'DHPARAMS') { |
56 | $res->{$key} = $value; | |
d93700f1 FG |
57 | } elsif ($key eq 'TLS_KEY_FILE') { |
58 | $res->{$key} = $value; | |
c610c859 SI |
59 | } elsif ($key eq 'HONOR_CIPHER_ORDER' || $key eq 'COMPRESSION') { |
60 | die "unknown value '$value' - use 0 or 1\n" if $value !~ m/^(0|1)$/; | |
61 | $res->{$key} = $value; | |
62 | } else { | |
63 | # silently skip everythin else? | |
64 | } | |
65 | } | |
66 | ||
67 | return $res; | |
68 | } | |
69 | ||
c6de5b3f SI |
70 | sub normalize_v4_in_v6 { |
71 | my ($ip_text) = @_; | |
72 | ||
73 | my $ip = Net::IP->new($ip_text) || die Net::IP::Error() . "\n"; | |
74 | my $v4_mapped_v6_prefix = Net::IP->new('::ffff:0:0/96'); | |
75 | if ($v4_mapped_v6_prefix->overlaps($ip)) { | |
76 | return Net::IP::ip_get_embedded_ipv4($ip_text); | |
77 | } | |
78 | return $ip_text; | |
79 | } | |
80 | ||
c610c859 | 81 | 1; |