[pve-devel] [PATCH 1/2] add spiceproxy api2

Dietmar Maurer dietmar at proxmox.com
Tue Jun 25 08:56:15 CEST 2013


> +        my $ticket =
> + PVE::AccessControl::assemble_spice_ticket($authuser, $authpath);

Did you already send that code (patch for pve-access-control)?

> +
> +        my $remip;
> +
> +        if ($node ne 'localhost' && $node ne PVE::INotify::nodename()) {
> +            $remip = PVE::Cluster::remote_node_ip($node);
> +        }
> +
> +	my $socket = PVE::QemuServer::spice_socket($vmid);
> +        my ($proxysocket, $proxyid) =
> +PVE::Tools::next_spiceproxy_socket();
> +
> +	die "spice proxy socket is already in use\n" if -e $proxysocket;
> +
> +
> +        my $realcmd = sub {
> +            my $upid = shift;
> +
> +            syslog('info', "starting spice proxy $upid\n");
> +
> +	    my $cmd = ['/usr/bin/socat', '-d', '-d', "UNIX-
> LISTEN:$proxysocket,reuseaddr,fork"];
> +	    my $remotesocket = $remip ? "EXEC:'ssh root@$remip socat STDIO
> UNIX-CONNECT:$socket'" : "UNIX-CONNECT:$socket";
> +	    push @$cmd, $remotesocket;
> +
> +	    my $parser = sub {
> +		my $line = shift;
> +		print $line."\n";
> +		die "Client is disconnect" if ($line =~ /exiting with status 0/);
> +	    };
> +	    eval {
> +		local $SIG{INT} = $SIG{TERM} = $SIG{QUIT} = $SIG{HUP} = sub {
> die "interrupted by signal\n"; };
> +	    	#fixme : how to setup a connect wait timeout ?
> +	    	PVE::Tools::run_command($cmd, errfunc => $parser, outfunc =>
> sub{});
> +	    };
> +	    if ($@) {
> +		unlink $proxysocket if -e $proxysocket;
> +	    }
> +        };
> +
> +        my $upid = $rpcenv->fork_worker('spiceproxy', $vmid, $authuser,
> + $realcmd);
> +
> +
> +	my $proxyname = `hostname -f` || PVE::INotify::nodename();
> +	chomp $proxyname;
> +
> +	my $config = {};
> +	$config->{type} = 'spice';
> +	$config->{proxy} = "http://$proxyname:3128";
> +	$config->{host} = $ticket;
> +	$config->{port} = $proxyid;
> +	return $config;

One problem with this is that the SPICE client pass the $ticktet using an unencrypted proxy call.
That is a security problem, because somebody else can sniff/steal the ticket.




More information about the pve-devel mailing list