- imported pbs-api-types/src/common_regex.rs from old proxmox crate - use hex crate to generate/parse hex digest - remove all reference to proxmox crate (use proxmox-sys and proxmox-serde instead) Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
355 lines
10 KiB
355 lines
10 KiB
//! Server/Node Configuration and Administration
use std::net::TcpListener;
use std::os::unix::io::AsRawFd;
use anyhow::{bail, format_err, Error};
use futures::future::{FutureExt, TryFutureExt};
use hyper::body::Body;
use hyper::http::request::Parts;
use hyper::upgrade::Upgraded;
use hyper::Request;
use serde_json::{json, Value};
use tokio::io::{AsyncBufReadExt, BufReader};
use proxmox_sys::{identity, sortable};
use proxmox_sys::fd::fd_change_cloexec;
use proxmox_router::{
ApiHandler, ApiMethod, ApiResponseFuture, Permission, RpcEnvironment, Router, SubdirMap,
use proxmox_schema::*;
use proxmox_router::list_subdirs_api_method;
use proxmox_http::websocket::WebSocket;
use proxmox_rest_server::WorkerTask;
use pbs_api_types::{Authid, NODE_SCHEMA, PRIV_SYS_CONSOLE};
use pbs_tools::ticket::{self, Empty, Ticket};
use crate::tools;
use crate::auth_helpers::private_auth_key;
pub mod apt;
pub mod certificates;
pub mod config;
pub mod disks;
pub mod dns;
pub mod network;
pub mod subscription;
pub mod tasks;
pub(crate) mod rrd;
mod journal;
mod report;
pub(crate) mod services;
mod status;
mod syslog;
mod time;
pub const SHELL_CMD_SCHEMA: Schema = StringSchema::new("The command to run.")
EnumEntry::new("login", "Login"),
EnumEntry::new("upgrade", "Upgrade"),
protected: true,
input: {
properties: {
node: {
schema: NODE_SCHEMA,
cmd: {
optional: true,
returns: {
type: Object,
description: "Object with the user, ticket, port and upid",
properties: {
user: {
description: "",
type: String,
ticket: {
description: "",
type: String,
port: {
description: "",
type: String,
upid: {
description: "",
type: String,
access: {
description: "Restricted to users on realm 'pam'",
permission: &Permission::Privilege(&["system"], PRIV_SYS_CONSOLE, false),
/// Call termproxy and return shell ticket
async fn termproxy(cmd: Option<String>, rpcenv: &mut dyn RpcEnvironment) -> Result<Value, Error> {
// intentionally user only for now
let auth_id: Authid = rpcenv
.ok_or_else(|| format_err!("no authid available"))?
if auth_id.is_token() {
bail!("API tokens cannot access this API endpoint");
let userid = auth_id.user();
if userid.realm() != "pam" {
bail!("only pam users can use the console");
let path = "/system";
// use port 0 and let the kernel decide which port is free
let listener = TcpListener::bind("localhost:0")?;
let port = listener.local_addr()?.port();
let ticket = Ticket::new(ticket::TERM_PREFIX, &Empty)?.sign(
Some(&tools::ticket::term_aad(&userid, &path, port)),
let mut command = Vec::new();
match cmd.as_deref() {
Some("login") | None => {
if userid == "root@pam" {
Some("upgrade") => {
if userid != "root@pam" {
bail!("only root@pam can upgrade");
// TODO: add nicer/safer wrapper like in PVE instead
command.push("apt full-upgrade; bash -l");
_ => bail!("invalid command"),
let username = userid.name().to_owned();
let upid = WorkerTask::spawn(
move |worker| async move {
// move inside the worker so that it survives and does not close the port
// remove CLOEXEC from listenere so that we can reuse it in termproxy
fd_change_cloexec(listener.as_raw_fd(), false)?;
let mut arguments: Vec<&str> = Vec::new();
let fd_string = listener.as_raw_fd().to_string();
let mut cmd = tokio::process::Command::new("/usr/bin/termproxy");
let mut child = cmd.spawn().expect("error executing termproxy");
let stdout = child.stdout.take().expect("no child stdout handle");
let stderr = child.stderr.take().expect("no child stderr handle");
let worker_stdout = worker.clone();
let stdout_fut = async move {
let mut reader = BufReader::new(stdout).lines();
while let Some(line) = reader.next_line().await? {
Ok::<(), Error>(())
let worker_stderr = worker.clone();
let stderr_fut = async move {
let mut reader = BufReader::new(stderr).lines();
while let Some(line) = reader.next_line().await? {
Ok::<(), Error>(())
let mut needs_kill = false;
let res = tokio::select! {
res = child.wait() => {
let exit_code = res?;
if !exit_code.success() {
match exit_code.code() {
Some(code) => bail!("termproxy exited with {}", code),
None => bail!("termproxy exited by signal"),
res = stdout_fut => res,
res = stderr_fut => res,
res = worker.abort_future() => {
needs_kill = true;
if needs_kill {
if res.is_ok() {
return Ok(());
if let Err(err) = child.kill().await {
worker.log_warning(format!("error killing termproxy: {}", err));
} else if let Err(err) = child.wait().await {
worker.log_warning(format!("error awaiting termproxy: {}", err));
// FIXME: We're returning the user NAME only?
"user": username,
"ticket": ticket,
"port": port,
"upid": upid,
pub const API_METHOD_WEBSOCKET: ApiMethod = ApiMethod::new(
"Upgraded to websocket",
("node", false, &NODE_SCHEMA),
&StringSchema::new("Terminal ticket").schema()
("port", false, &IntegerSchema::new("Terminal port").schema()),
Some("The user needs Sys.Console on /system."),
&Permission::Privilege(&["system"], PRIV_SYS_CONSOLE, false),
fn upgrade_to_websocket(
parts: Parts,
req_body: Body,
param: Value,
_info: &ApiMethod,
rpcenv: Box<dyn RpcEnvironment>,
) -> ApiResponseFuture {
async move {
// intentionally user only for now
let auth_id: Authid = rpcenv
.ok_or_else(|| format_err!("no authid available"))?
if auth_id.is_token() {
bail!("API tokens cannot access this API endpoint");
let userid = auth_id.user();
let ticket = pbs_tools::json::required_string_param(¶m, "vncticket")?;
let port: u16 = pbs_tools::json::required_integer_param(¶m, "port")? as u16;
// will be checked again by termproxy
Some(&tools::ticket::term_aad(&userid, "/system", port)),
let (ws, response) = WebSocket::new(parts.headers.clone())?;
proxmox_rest_server::spawn_internal_task(async move {
let conn: Upgraded = match hyper::upgrade::on(Request::from_parts(parts, req_body))
Ok(upgraded) => upgraded,
_ => bail!("error"),
let local = tokio::net::TcpStream::connect(format!("localhost:{}", port)).await?;
ws.serve_connection(conn, local).await
/// List Nodes (only for compatiblity)
fn list_nodes() -> Result<Value, Error> {
Ok(json!([ { "node": proxmox_sys::nodename().to_string() } ]))
pub const SUBDIRS: SubdirMap = &[
("apt", &apt::ROUTER),
("certificates", &certificates::ROUTER),
("config", &config::ROUTER),
("disks", &disks::ROUTER),
("dns", &dns::ROUTER),
("journal", &journal::ROUTER),
("network", &network::ROUTER),
("report", &report::ROUTER),
("rrd", &rrd::ROUTER),
("services", &services::ROUTER),
("status", &status::ROUTER),
("subscription", &subscription::ROUTER),
("syslog", &syslog::ROUTER),
("tasks", &tasks::ROUTER),
("termproxy", &Router::new().post(&API_METHOD_TERMPROXY)),
("time", &time::ROUTER),
pub const ITEM_ROUTER: Router = Router::new()
pub const ROUTER: Router = Router::new()
.match_all("node", &ITEM_ROUTER);