13 Commits

Author SHA1 Message Date
Fabian Grünbichler
7b6f8f1d17 implement api token support
and add an example for it.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2020-02-05 11:17:18 +01:00
Oguz Bektas
f195667216 fix #2227: enable totp codes to be passed in cli
this patch enables to pass totp codes during cluster join if tfa has
been enabled for root@pam (or any other user actually, but having it enabled on
root causes problems during cluster join).

u2f support is not yet implemented.

Co-developed-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Co-developed-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
2019-09-04 16:06:53 +02:00
Thomas Lamprecht
8bc98506cb login TFA exception: also print username and use raise
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-06-27 22:04:33 +02:00
Oguz Bektas
985f120305 check for tfa during cluster join, abort if yes
momentarily, we check for tfa in the cluster join and abort if it's
enabled, since the tfa ticket is not being handled correctly atm, which
caused a '401 No ticket' error[0][1].

todo is to ask with a prompt on gui and cli to enable totp and possible
u2f in the future

[0]: https://forum.proxmox.com/threads/failed-to-add-cluster-node-401-no-ticket.54882/
[1]: https://bugzilla.proxmox.com/show_bug.cgi?id=2227

Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
2019-06-27 22:00:40 +02:00
Dietmar Maurer
d3e90048d0 add make target to copy and include files from pve-common - update Exception.pm 2018-06-14 09:59:17 +02:00
Thomas Lamprecht
ff8ba9c9d9 avoid harmful '<>' pattern, explicitly read from STDIN
Fixes problems in CLIHandler using the code pattern:

while (my $line = <>) {
    ...
}

For why this causes only _now_ problems lets first look how <>
behaves:

"The null filehandle <> is special: [...] Input from <> comes either
from standard input, or from each file listed on the command line.
Here's how it works: the first time <> is evaluated, the @ARGV array
is checked, and if it is empty, $ARGV[0] is set to "-" , which when
opened gives you standard input.  The @ARGV array is then processed
as a list of filenames." - 'perldoc perlop'

Recent changes in the CLIHandler code changed how we modfiied @ARGV
Earlier we assumed that the first argument must be the command and
thus shifted it out of @ARGV, now we can have multiple levels of
(sub)commands. This change also changed how we handle @ARGV, we do
not unshift anything but go through the arguments until we got to
the final command and copy the rest of @ARGV as we know that this
must be the commandos arguments.

For '<>' this means that ARGV was still fully populated and perl
tried to open element as a file, which naturally failed.
Thus the change in pve-common only exposed this 'dangerous' code
pattern.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-01-22 14:56:33 +01:00
Thomas Lamprecht
8153e67107 raise exception if manual fingerprint verification failed
If a fingerprint could not be verified automatically or manually
raise an exception to ensure that we do not continue with handling
the problematic or even evil response.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-01-11 12:03:44 +01:00
Thomas Lamprecht
097484f42d use new Exception.pm class to signal errors to caller
Allows a caller to acces the HTTP response code, which may be useful
to handle application logic. E.g., catching a HTTP_NOT_IMPLEMENTED
and fallback to an older method.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-01-11 12:03:44 +01:00
Thomas Lamprecht
6700b1517e add APIClient/Exception.pm class
As we do not want to depend on PVE libraries with this I forked of
the PVE::Exception class, removed all raise_* methods so that only
raise() itself was left over.

Also some minor adaptions to newer style for exporting where used.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-01-11 12:03:44 +01:00
Fabian Grünbichler
38eb3479f8 add missing if 2017-12-12 11:02:48 +01:00
Fabian Grünbichler
1d40f3c38c cleanup Net::SSLeay error handling
X509_get_fingerprint does not die - it only returns undef in case of
errors (or segfaults if the $cert pointer is invalid).
2017-11-27 10:19:02 +01:00
Dietmar Maurer
444d641911 allow to specify cookie_name 2017-04-06 11:03:41 +02:00
Dietmar Maurer
9ae947dd3e initial import
copied from pve-gui-tests
2016-12-16 08:52:37 +01:00