IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
If we verified that the hostname matches the cert we can also trust
the openssl verification result.
We get the openssl result as first parameter[0].
[0]: https://metacpan.org/pod/IO::Socket::SSL#SSL_verify_callback
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
else we'd break "inheriting" (or whatever perl does is called) to
child modules
> Never use the one-argument form of bless.
-- Perl Best Practices, Pg. 365
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
one can always get it from the useragent, changing it here would not
do anything anyway, so this also avoids some possible confusion.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
this patch enables to pass totp codes during cluster join if tfa has
been enabled for root@pam (or any other user actually, but having it enabled on
root causes problems during cluster join).
u2f support is not yet implemented.
Co-developed-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Co-developed-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
Fixes problems in CLIHandler using the code pattern:
while (my $line = <>) {
...
}
For why this causes only _now_ problems lets first look how <>
behaves:
"The null filehandle <> is special: [...] Input from <> comes either
from standard input, or from each file listed on the command line.
Here's how it works: the first time <> is evaluated, the @ARGV array
is checked, and if it is empty, $ARGV[0] is set to "-" , which when
opened gives you standard input. The @ARGV array is then processed
as a list of filenames." - 'perldoc perlop'
Recent changes in the CLIHandler code changed how we modfiied @ARGV
Earlier we assumed that the first argument must be the command and
thus shifted it out of @ARGV, now we can have multiple levels of
(sub)commands. This change also changed how we handle @ARGV, we do
not unshift anything but go through the arguments until we got to
the final command and copy the rest of @ARGV as we know that this
must be the commandos arguments.
For '<>' this means that ARGV was still fully populated and perl
tried to open element as a file, which naturally failed.
Thus the change in pve-common only exposed this 'dangerous' code
pattern.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
If a fingerprint could not be verified automatically or manually
raise an exception to ensure that we do not continue with handling
the problematic or even evil response.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Allows a caller to acces the HTTP response code, which may be useful
to handle application logic. E.g., catching a HTTP_NOT_IMPLEMENTED
and fallback to an older method.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
As we do not want to depend on PVE libraries with this I forked of
the PVE::Exception class, removed all raise_* methods so that only
raise() itself was left over.
Also some minor adaptions to newer style for exporting where used.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>