From dd25eecf62703a5881cdecfa910a79da81e276d0 Mon Sep 17 00:00:00 2001
From: Dietmar Maurer <dietmar@proxmox.com>
Date: Tue, 10 Dec 2013 10:46:50 +0100
Subject: [PATCH] code cleanup

Use new helper methods.
---
 PVE/API2/Qemu.pm   | 52 ++++++++--------------------------------------
 PVE/QemuMigrate.pm |  2 +-
 PVE/QemuServer.pm  | 17 ---------------
 3 files changed, 10 insertions(+), 61 deletions(-)

diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
index 4560768..d038b06 100644
--- a/PVE/API2/Qemu.pm
+++ b/PVE/API2/Qemu.pm
@@ -1360,24 +1360,10 @@ __PACKAGE__->register_method({
 	properties => {
 	    node => get_standard_option('pve-node'),
 	    vmid => get_standard_option('pve-vmid'),
-	    proxy => {
-		description => "This can be used by the client to specify the proxy server. All nodes in a cluster runs 'spiceproxy', so it is up to the client to choose one. By default, we return the node where the VM is currently running. As resonable setting is to use same node you use to connect to the API (This is window.location.hostname for the JS GUI).",
-		type => 'string', format => 'dns-name',
-		optional => 1,
-	    },
-	},
-    },
-    returns => {
-	description => "Returned values can be directly passed to the 'remote-viewer' application.",
-    	additionalProperties => 1,
-	properties => {
-	    type => { type => 'string' },
-	    password => { type => 'string' },
-	    proxy => { type => 'string' },
-	    host => { type => 'string' },
-	    'tls-port' => { type => 'integer' },
+	    proxy => get_standard_option('spice-proxy', { optional => 1 }),
 	},
     },
+    returns => get_standard_option('remote-viewer-config'),
     code => sub {
 	my ($param) = @_;
 
@@ -1389,37 +1375,17 @@ __PACKAGE__->register_method({
 	my $node = $param->{node};
 	my $proxy = $param->{proxy};
 
-	my ($ticket, $proxyticket) = PVE::AccessControl::assemble_spice_ticket($authuser, $vmid, $node);
-
-	my $timeout = 10;
+	my $title = "VM $vmid";
 
 	my $port = PVE::QemuServer::spice_port($vmid);
+
+	my ($ticket, undef, $remote_viewer_config) = 
+	    PVE::AccessControl::remote_viewer_config($authuser, $vmid, $node, $proxy, $title, $port);
+	
 	PVE::QemuServer::vm_mon_cmd($vmid, "set_password", protocol => 'spice', password => $ticket);
 	PVE::QemuServer::vm_mon_cmd($vmid, "expire_password", protocol => 'spice', time => "+30");
-
-	if (!$proxy) {
-	    my $host = `hostname -f` || PVE::INotify::nodename();
-	    chomp $host;
-	    $proxy = $host;
-	}
-
-	my $filename = "/etc/pve/local/pve-ssl.pem";
-	my $subject = PVE::QemuServer::read_x509_subject_spice($filename);
-
-	my $cacert = PVE::Tools::file_get_contents("/etc/pve/pve-root-ca.pem", 8192);
-	$cacert =~ s/\n/\\n/g;
-
-	return {
-	    type => 'spice',
-	    title => "VM $vmid",
-	    host => $proxyticket, # this break tls hostname verification, so we need to use 'host-subject'
-	    proxy => "http://$proxy:3128",
-	    'tls-port' => $port,
-	    'host-subject' => $subject,
-	    ca => $cacert,
-	    password => $ticket,
-	    'delete-this-file' => 1,
-	};
+	
+	return $remote_viewer_config;
     }});
 
 __PACKAGE__->register_method({
diff --git a/PVE/QemuMigrate.pm b/PVE/QemuMigrate.pm
index 634c305..d980f0b 100644
--- a/PVE/QemuMigrate.pm
+++ b/PVE/QemuMigrate.pm
@@ -406,7 +406,7 @@ sub phase2 {
 	my (undef, $proxyticket) = PVE::AccessControl::assemble_spice_ticket($authuser, $vmid, $self->{node});
 
 	my $filename = "/etc/pve/nodes/$self->{node}/pve-ssl.pem";
-        my $subject = PVE::QemuServer::read_x509_subject_spice($filename);
+        my $subject =  PVE::AccessControl::read_x509_subject_spice($filename);
 
 	$self->log('info', "spice client_migrate_info");
 
diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm
index 47df049..f4f8a2c 100644
--- a/PVE/QemuServer.pm
+++ b/PVE/QemuServer.pm
@@ -4919,21 +4919,4 @@ sub get_current_qemu_machine {
     return $current || $default || 'pc';
 }
 
-sub read_x509_subject_spice {
-    my ($filename) = @_;
-
-    # read x509 subject
-    my $bio = Net::SSLeay::BIO_new_file($filename, 'r');
-    my $x509 = Net::SSLeay::PEM_read_bio_X509($bio);
-    Net::SSLeay::BIO_free($bio);
-    my $nameobj = Net::SSLeay::X509_get_subject_name($x509);
-    my $subject = Net::SSLeay::X509_NAME_oneline($nameobj);
-    Net::SSLeay::X509_free($x509);
-  
-    # remote-viewer wants comma as seperator (not '/')
-    $subject =~ s!^/!!;
-    $subject =~ s!/(\w+=)!,$1!g;
-
-    return $subject;
-}
 1;
-- 
2.39.2