Hey,
When using an API it's impossible to use the novnc console.
This patch introduces a new API endpoint
(https://proxmoxurl.com:8006/api2/json/websocket) where we can connect
without being logged in. Authentication is done by validating the vnc
ticket.
Tested on Proxmox VE 4.
>From 0ca59236a4cdcc6e7479b982e8baec1466ac809d Mon Sep 17 00:00:00 2001
From: Henry Spanka <he...@myvirtualserver.de>
Date: Mon, 2 Nov 2015 21:45:46 +0100
Subject: [PATCH 1/1] Allow accessing novnc console when not logged in
---
/PVE/HTTPServer.pm | 59 +++
1 file changed, 59 insertions(+)
diff --git a/PVE/HTTPServer.pm b/PVE/HTTPServer.pm
index 927abc0..f23d9e4 100755
--- a/PVE/HTTPServer.pm
+++ b/PVE/HTTPServer.pm
@@ -1221,6 +1221,65 @@ sub unshift_read_header {
}
$self->handle_spice_proxy_request($reqstate,
$connect_str, $vmid, $node, $port);
return;
+} elsif ($path =~ /^\/api2\/json\/websocket$/) {
+my $upgrade = $r->header('upgrade');
+$upgrade = lc($upgrade) if $upgrade;
+
+my $vncticket = extract_params($r, $method)->{vncticket};
+
+my $vmid = extract_params($r, $method)->{vmid};
+
+my $user = extract_params($r, $method)->{user};
+
+my $authpath = "/vms/$vmid";
+
+if (!$upgrade || ($upgrade ne 'websocket')) {
+$self->error($reqstate, HTTP_INTERNAL_SERVER_ERROR, "unable
to upgrade to protocol '$upgrade'\n");
+return;
+}
+
+my $wsver = $r->header('sec-websocket-version');
+if (!$wsver || ($wsver ne '13')) {
+$self->error($reqstate, HTTP_INTERNAL_SERVER_ERROR,
"unsupported websocket-version '$wsver'\n");
+return;
+}
+
+my $wsproto_str = $r->header('sec-websocket-protocol');
+if (!$wsproto_str) {
+$self->error($reqstate, HTTP_INTERNAL_SERVER_ERROR,
"missing websocket-protocol header");
+return;
+}
+
+my $wsproto;
+
+foreach my $p (PVE::Tools::split_list($wsproto_str)) {
+$wsproto = $p if !$wsproto && $p eq 'base64';
+$wsproto = $p if $p eq 'binary';
+}
+
+if (!$wsproto) {
+$self->error($reqstate, HTTP_INTERNAL_SERVER_ERROR,
"unsupported websocket-protocol protocol '$wsproto_str'\n");
+return;
+}
+
+my $wskey = $r->header('sec-websocket-key');
+
+if (!$wskey) {
+$self->error($reqstate, HTTP_INTERNAL_SERVER_ERROR,
"missing websocket-key\n");
+return;
+}
+
+# Note: Digest::SHA::sha1_base64 has wrong padding
+my $wsaccept =
Digest::SHA::sha1_base64("${wskey}258EAFA5-E914-47DA-95CA-C5AB0DC85B11") .
"=";
+
+if(!PVE::AccessControl::verify_vnc_ticket($vncticket, $user,
$authpath, 1 )) {
+$self->error($reqstate, HTTP_UNAUTHORIZED, "invalid
ticket");
+return;
+}
+$self->websocket_proxy($reqstate, $wsaccept, $wsproto,
extract_params($r, $method));
+
+return;
+
} elsif ($path =~ m!$baseuri!) {
my $token = $r->header('CSRFPreventionToken');
my $cookie = $r->header('Cookie');
--
2.1.4
--------
-
If you have any further questions, please let us know.
Mit freundlichen Grüßen / With best regards
Henry Spanka | myVirtualserver Development Team
-Ursprüngliche Nachricht-
Von: pve-devel [mailto:pve-devel-boun...@pve.proxmox.com] Im Auftrag von
pve-devel-requ...@pve.proxmox.com
Gesendet: 27 December 2015 12:00
An: pve-devel@pve.proxmox.com
Betreff: pve-devel Digest, Vol 67, Issue 43
Send pve-devel mailing list submissions to
pve-devel@pve.proxmox.com
To subscribe or unsubscribe via the World Wide Web, visit
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
or, via email, send a message with subject or body 'help' to
pve-devel-requ...@pve.proxmox.com
You can reach the person managing the list at
pve-devel-ow...@pve.proxmox.com
When replying, please edit your Subject line so it is more specific than
"Re: Contents of pve-devel digest..."
Today's Topics:
1. vma_queue_write: write error - Broken pipe (Rick Wolthuis)
--
Message: 1
Date: Sat, 26 Dec 2015 16:09:20 +0100
From: "Rick Wolthuis" <r...@rwolthuis.nl>
To: <pve-devel@pve.proxmox.com>
Subject: [pve-devel] vma_queue_write: write error - Broken pipe
Message-ID: <002501d13fef$65cca8a0$31
