Commit Graph

49 Commits

Author SHA1 Message Date
Thomas Lamprecht
a1298cc2a5 cert verification: trust openssl result if hostnames are verified
If we verified that the hostname matches the cert we can also trust
the openssl verification result.

We get the openssl result as first parameter[0].

[0]: https://metacpan.org/pod/IO::Socket::SSL#SSL_verify_callback

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-12-03 16:06:33 +01:00
Thomas Lamprecht
e02e35fde3 format/code cleanup
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-12-03 16:00:33 +01:00
Thomas Lamprecht
50f793b9d1 client exception: try to avoid HTTP code duplication in error string
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-12-03 15:55:53 +01:00
Thomas Lamprecht
9518a97873 examples: add CLI like example for easier re-use with non-local host
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-12-03 15:55:11 +01:00
Thomas Lamprecht
18857a21bc bump version to 3.1-1
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-11-30 15:30:23 +01:00
Thomas Lamprecht
38fbee3cdd use two-argument bless
else we'd break "inheriting" (or whatever perl does is called) to
child modules

> Never use the one-argument form of bless.
-- Perl Best Practices, Pg. 365

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-11-30 15:27:22 +01:00
Thomas Lamprecht
935bbf68ba do not save user-agent ssl_opts in $self
one can always get it from the useragent, changing it here would not
do anything anyway, so this also avoids some possible confusion.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-11-30 15:27:22 +01:00
Thomas Lamprecht
588a2ba611 rework FP verify callback to avoid creating refcount cycle
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-11-30 15:27:22 +01:00
Thomas Lamprecht
44f9aae436 sort use statements, drop Data::Dumper
print to_json($ref, {pretty=>1,utf8=>1,canonical=>1})."\n";

is nicer anyway ;-)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-11-30 15:26:01 +01:00
Thomas Lamprecht
a3db1e77fd bump version to 3.0-3
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-02-07 07:54:35 +01:00
Fabian Grünbichler
7b6f8f1d17 implement api token support
and add an example for it.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2020-02-05 11:17:18 +01:00
Oguz Bektas
f195667216 fix #2227: enable totp codes to be passed in cli
this patch enables to pass totp codes during cluster join if tfa has
been enabled for root@pam (or any other user actually, but having it enabled on
root causes problems during cluster join).

u2f support is not yet implemented.

Co-developed-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Co-developed-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
2019-09-04 16:06:53 +02:00
Thomas Lamprecht
6d06eacaaf bump version to 3.0-2
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-07-11 19:29:54 +02:00
Thomas Lamprecht
8bc98506cb login TFA exception: also print username and use raise
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-06-27 22:04:33 +02:00
Oguz Bektas
985f120305 check for tfa during cluster join, abort if yes
momentarily, we check for tfa in the cluster join and abort if it's
enabled, since the tfa ticket is not being handled correctly atm, which
caused a '401 No ticket' error[0][1].

todo is to ask with a prompt on gui and cli to enable totp and possible
u2f in the future

[0]: https://forum.proxmox.com/threads/failed-to-add-cluster-node-401-no-ticket.54882/
[1]: https://bugzilla.proxmox.com/show_bug.cgi?id=2227

Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
2019-06-27 22:00:40 +02:00
Thomas Lamprecht
50963f829a buildsys: change upload dist to buster
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-05-21 18:34:43 +02:00
Thomas Lamprecht
70b5c2059a d/control: update standards version
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-05-21 18:33:12 +02:00
Thomas Lamprecht
9d5b94a1f6 bump version to 3.0-1
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-05-21 17:28:30 +02:00
Thomas Lamprecht
f951c7a980 d/control: add defined ${perl:Depends} to dependency list
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-05-21 16:47:49 +02:00
Thomas Lamprecht
d257cf1552 set debian source format to 1.0
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-05-21 16:46:45 +02:00
Thomas Lamprecht
782bc6b444 debian/rules should be executable
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-05-21 16:46:27 +02:00
Dietmar Maurer
3d444d933d Merge missing changelog entry 2019-04-24 11:14:19 +02:00
Rhonda D'Vine
b6ce5c2783 Get version information from changelog
The duplication of the version information both in the Makefile and in
debian/changelog is a potential error point, and an unneeded one.

Signed-off-by: Rhonda D'Vine <rhonda@proxmox.com>
2019-01-03 08:49:52 +01:00
Rhonda D'Vine
2689bc847d Add SOURCE file
This package was missing the SOURCE information from the binary package.

Signed-off-by: Rhonda D'Vine <rhonda@proxmox.com>
2019-01-03 08:49:52 +01:00
Rhonda D'Vine
2d80533629 Add "make dsc" target
This target is required to make the package build automatically.

Signed-off-by: Rhonda D'Vine <rhonda@proxmox.com>
2019-01-03 08:49:52 +01:00
Dietmar Maurer
480dcbee5f bump version to 2.0-5 2018-06-19 13:05:58 +02:00
Dietmar Maurer
d3e90048d0 add make target to copy and include files from pve-common - update Exception.pm 2018-06-14 09:59:17 +02:00
Wolfgang Bumiller
23002ffc3f bump version to 2.0-4
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2018-01-22 15:15:09 +01:00
Thomas Lamprecht
ff8ba9c9d9 avoid harmful '<>' pattern, explicitly read from STDIN
Fixes problems in CLIHandler using the code pattern:

while (my $line = <>) {
    ...
}

For why this causes only _now_ problems lets first look how <>
behaves:

"The null filehandle <> is special: [...] Input from <> comes either
from standard input, or from each file listed on the command line.
Here's how it works: the first time <> is evaluated, the @ARGV array
is checked, and if it is empty, $ARGV[0] is set to "-" , which when
opened gives you standard input.  The @ARGV array is then processed
as a list of filenames." - 'perldoc perlop'

Recent changes in the CLIHandler code changed how we modfiied @ARGV
Earlier we assumed that the first argument must be the command and
thus shifted it out of @ARGV, now we can have multiple levels of
(sub)commands. This change also changed how we handle @ARGV, we do
not unshift anything but go through the arguments until we got to
the final command and copy the rest of @ARGV as we know that this
must be the commandos arguments.

For '<>' this means that ARGV was still fully populated and perl
tried to open element as a file, which naturally failed.
Thus the change in pve-common only exposed this 'dangerous' code
pattern.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-01-22 14:56:33 +01:00
Fabian Grünbichler
3c43d96ef9 bump version to 2.0-3 2018-01-17 14:17:10 +01:00
Thomas Lamprecht
8153e67107 raise exception if manual fingerprint verification failed
If a fingerprint could not be verified automatically or manually
raise an exception to ensure that we do not continue with handling
the problematic or even evil response.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-01-11 12:03:44 +01:00
Thomas Lamprecht
097484f42d use new Exception.pm class to signal errors to caller
Allows a caller to acces the HTTP response code, which may be useful
to handle application logic. E.g., catching a HTTP_NOT_IMPLEMENTED
and fallback to an older method.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-01-11 12:03:44 +01:00
Thomas Lamprecht
6700b1517e add APIClient/Exception.pm class
As we do not want to depend on PVE libraries with this I forked of
the PVE::Exception class, removed all raise_* methods so that only
raise() itself was left over.

Also some minor adaptions to newer style for exporting where used.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-01-11 12:03:44 +01:00
Thomas Lamprecht
9c6d72b1b7 buildsys: also cleanup *.buildinfo files
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2017-12-15 12:09:44 +01:00
Fabian Grünbichler
38eb3479f8 add missing if 2017-12-12 11:02:48 +01:00
Fabian Grünbichler
1d40f3c38c cleanup Net::SSLeay error handling
X509_get_fingerprint does not die - it only returns undef in case of
errors (or segfaults if the $cert pointer is invalid).
2017-11-27 10:19:02 +01:00
Fabian Grünbichler
adbda0b73e build: reformat debian/control
using wrap-and-sort -abt
2017-10-04 11:05:33 +02:00
Dietmar Maurer
f8dc2eb6f3 bump version to 2.0-2 2017-04-06 11:04:48 +02:00
Dietmar Maurer
444d641911 allow to specify cookie_name 2017-04-06 11:03:41 +02:00
Dietmar Maurer
bf0c1ca606 bump version tp 2.0-1 for debain stretch
Makefile: use "--product pmg,pve --dist stretch" for upload target
2017-03-10 09:07:50 +01:00
Dietmar Maurer
21e68a8a33 perftest1.pl: another example 2016-12-28 11:35:30 +01:00
Dietmar Maurer
8291fb9a6e example2.pl: add a second example 2016-12-28 11:04:37 +01:00
Dietmar Maurer
ce70bf815f example1.pl: remove unnecessary perfix /api2/json/ 2016-12-28 10:52:09 +01:00
Dietmar Maurer
bc39c2840a example1.pl: use warnings instead of -w flag 2016-12-28 10:49:20 +01:00
Dietmar Maurer
d12f292e8a add simple example code, bump version to 1.0-2 2016-12-28 10:47:23 +01:00
Dietmar Maurer
90ff1ec125 add missing dependencies 2016-12-16 09:34:14 +01:00
Dietmar Maurer
2834772d27 add dintsall target 2016-12-16 09:23:14 +01:00
Dietmar Maurer
5a3b38c15d add Makefile and debian package files 2016-12-16 09:22:27 +01:00
Dietmar Maurer
9ae947dd3e initial import
copied from pve-gui-tests
2016-12-16 08:52:37 +01:00