pve-manager/bin/pveproxy

#!/usr/bin/perl -T

$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin';

delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};  

use strict;
use warnings;
use English;
use Getopt::Long;
use POSIX ":sys_wait_h";
use Socket;
use IO::Socket::INET;
use PVE::SafeSyslog;
use PVE::APIDaemon;
use HTTP::Response;
use Encode;
use URI;
use URI::QueryParam;
use File::Find;
use Data::Dumper;
use PVE::API2;
use PVE::API2::Formatter::Standard;
use PVE::API2::Formatter::HTML;

use PVE::ExtJSIndex;
use PVE::NoVncIndex;
use PVE::TouchIndex;

my $pidfile = "/var/run/pveproxy/pveproxy.pid";
my $lockfile = "/var/lock/pveproxy.lck";

my $opt_debug;

initlog ('pveproxy');

if (!GetOptions ('debug' => \$opt_debug)) {
    die "usage: $0 [--debug]\n";
}

$SIG{'__WARN__'} = sub {
    my $err = $@;
    my $t = $_[0];
    chomp $t;
    syslog('warning', "WARNING: %s", $t);
    $@ = $err;
};

$0 = "pveproxy";

# run as www-data
my $gid = getgrnam('www-data') || die "getgrnam failed - $!\n";
POSIX::setgid($gid) || die "setgid $gid failed - $!\n";
$EGID = "$gid $gid"; # this calls setgroups
my $uid = getpwnam('www-data') || die "getpwnam failed - $!\n";
POSIX::setuid($uid) || die "setuid $uid failed - $!\n";

# just to be sure
die "detected strange uid/gid\n" if !($UID == $uid && $EUID == $uid && $GID eq "$gid $gid" && $EGID eq "$gid $gid");

my $proxyconf = PVE::APIDaemon::read_proxy_config();

sub add_dirs {
    my ($result_hash, $alias, $subdir) = @_;

    $result_hash->{$alias} = $subdir;

    my $wanted = sub {
	my $dir = $File::Find::dir;
	if ($dir =~m!^$subdir(.*)$!) {
	    my $name = "$alias$1/";
	    $result_hash->{$name} = "$dir/";
	}
    };

    find({wanted => $wanted, follow => 0, no_chdir => 1}, $subdir);
}

my $cpid;
my $daemon;
eval {

    my $dirs = {};

    add_dirs($dirs, '/pve2/locale/', '/usr/share/pve-manager/locale/');
    add_dirs($dirs, '/pve2/touch/', '/usr/share/pve-manager/touch/');
    add_dirs($dirs, '/pve2/ext4/', '/usr/share/pve-manager/ext4/');
    add_dirs($dirs, '/pve2/images/' => '/usr/share/pve-manager/images/');
    add_dirs($dirs, '/pve2/css/' => '/usr/share/pve-manager/css/');
    add_dirs($dirs, '/pve2/js/' => '/usr/share/pve-manager/js/');
    add_dirs($dirs, '/vncterm/' => '/usr/share/vncterm/');
    add_dirs($dirs, '/novnc/' => '/usr/share/novnc-pve/');

    $daemon = PVE::APIDaemon->new(
	base_handler_class => 'PVE::API2',
	port => 8006, 
	keep_alive => 100,
	max_conn => 500,
	max_requests => 1000,
	debug => $opt_debug,
	allow_from => $proxyconf->{ALLOW_FROM},
	deny_from => $proxyconf->{DENY_FROM},
	policy => $proxyconf->{POLICY},
	trusted_env => 0, # not trusted, anyone can connect
	logfile => '/var/log/pveproxy/access.log',
	lockfile => $lockfile,
	ssl => {
	    # Note: older versions are considered insecure, for example
	    # search for "Poodle"-Attac
	    sslv2 => 0,
	    sslv3 => 0,	    
	    cipher_list => $proxyconf->{CIPHERS} || 'HIGH:MEDIUM:!aNULL:!MD5',
	    key_file => '/etc/pve/local/pve-ssl.key',
	    cert_file => '/etc/pve/local/pve-ssl.pem',
	},
	# Note: there is no authentication for those pages and dirs!
	pages => {
	    '/' => \&get_index,
	    # avoid authentication when accessing favicon
	    '/favicon.ico' => { 
		file => '/usr/share/pve-manager/images/favicon.ico',
	    },
	},
	dirs => $dirs,
    );
};

my $err = $@;

if ($err) {
    syslog ('err' , "unable to start server: $err");
    print STDERR $err;
    exit (-1);
}


if ($opt_debug || !($cpid = fork ())) {

    $SIG{PIPE} = 'IGNORE';
    $SIG{INT} = 'IGNORE' if !$opt_debug;

    $SIG{TERM} = $SIG{QUIT} = sub { 
	syslog ('info' , "server closing");

	$SIG{INT} = 'DEFAULT';

	unlink "$pidfile" if !$opt_debug;

	exit (0);
    };

    syslog ('info' , "starting server");

    if (!$opt_debug) {
	# redirect STDIN/STDOUT/SDTERR to /dev/null
	open STDIN,  '</dev/null' || die "can't read /dev/null  [$!]";
	open STDOUT, '>/dev/null' || die "can't write /dev/null [$!]";
	open STDERR, '>&STDOUT' || die "can't open STDERR to STDOUT [$!]";
    }

    POSIX::setsid(); 

    eval {
	$daemon->start_server();
    };
    my $err = $@;

    if ($err) {
	syslog ('err' , "unexpected server error: $err");
	print STDERR $err if $opt_debug;
	exit (-1);
    }

} else {

    open (PIDFILE, ">$pidfile") || 
	die "cant write '$pidfile' - $! :ERROR";
    print PIDFILE "$cpid\n";
    close (PIDFILE) || 
	die "cant write '$pidfile' - $! :ERROR";
}

exit (0);

sub is_phone {
    my ($ua) = @_;

    return 0 if !$ua;

    return 1 if $ua =~ m/(iPhone|iPod|Windows Phone)/;

    if ($ua =~ m/Mobile(\/|\s)/) {
	return 1 if $ua =~ m/(BlackBerry|BB)/;
	return 1 if ($ua =~ m/(Android)/) && ($ua !~ m/(Silk)/);
    }

    return 0;
}

# NOTE: Requests to those pages are not authenticated
# so we must be very careful here 

sub get_index {
    my ($server, $r, $args) = @_;

    my $lang = 'en';
    my $username;
    my $token = 'null';

    if (my $cookie = $r->header('Cookie')) {
	if (my $newlang = ($cookie =~ /(?:^|\s)PVELangCookie=([^;]*)/)[0]) {
	    if ($newlang =~ m/^[a-z]{2,3}(_[A-Z]{2,3})?$/) {
		$lang = $newlang;
	    }
	}
	my $ticket = PVE::REST::extract_auth_cookie($cookie);
	if (($username = PVE::AccessControl::verify_ticket($ticket, 1))) {
	    $token = PVE::AccessControl::assemble_csrf_prevention_token($username);
	}
    }

    $username = '' if !$username;

    my $mobile = is_phone($r->header('User-Agent')) ? 1 : 0;

    if (defined($args->{mobile})) {
	$mobile = $args->{mobile} ? 1 : 0;
    }

    my $page;

    if (defined($args->{console}) && $args->{novnc}) {
	$page = PVE::NoVncIndex::get_index($lang, $username, $token, $args->{console});
    } else {
	if ($mobile) {
	    $page = PVE::TouchIndex::get_index($lang, $username, $token, $args->{console});
	} else {
	    $page = PVE::ExtJSIndex::get_index($lang, $username, $token, $args->{console});
	}
    }

    my $headers = HTTP::Headers->new(Content_Type => "text/html; charset=utf-8");
    my $resp = HTTP::Response->new(200, "OK", $headers, $page); 

    return $resp;
} 

__END__

=head1 NAME
                                          
pveproxy - the PVE API proxy server

=head1 SYNOPSIS

pveproxy [--debug]

=head1 DESCRIPTION

This is the REST API proxy server, listening on port 8006. This is usually started
as service using:

 # service pveproxy start

=head1 Host based access control

It is possible to configure apache2 like access control lists. Values are read 
from file /etc/default/pveproxy. For example:

 ALLOW_FROM="10.0.0.1-10.0.0.5,192.168.0.0/22"
 DENY_FROM="all"
 POLICY="allow"

IP addresses can be specified using any syntax understoop by Net::IP. The
name 'all' is an alias for '0/0'. 

The default policy is 'allow'.

 Match                      | POLICY=deny | POLICY=allow
 ---------------------------|-------------|------------
 Match Allow only           | allow       | allow
 Match Deny only            | deny        | deny
 No match                   | deny        | allow
 Match Both Allow & Deny    | deny        | allow

=head1 SSL Cipher Suite

You can define the chiper list in /etc/default/pveproxy, for example

 CIPHERS="HIGH:MEDIUM:!aNULL:!MD5"

Above is the default. See the ciphers(1) man page from the openssl 
package for list of all available options.

=head1 FILES

 /etc/default/pveproxy

=head1 COPYRIGHT AND DISCLAIMER

 Copyright (C) 2007-2013 Proxmox Server Solutions GmbH

 This program is free software: you can redistribute it and/or modify it
 under the terms of the GNU Affero General Public License as published
 by the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.

 This program is distributed in the hope that it will be useful, but
 WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 Affero General Public License for more details.

 You should have received a copy of the GNU Affero General Public
 License along with this program.  If not, see
 <http://www.gnu.org/licenses/>.