]>
Commit | Line | Data |
---|---|---|
e143e9d8 DM |
1 | package PVE::Tools; |
2 | ||
3 | use strict; | |
c36f332e | 4 | use warnings; |
dc4bc969 | 5 | |
2531c455 TL |
6 | use Date::Format qw(time2str); |
7 | use Digest::MD5; | |
8 | use Digest::SHA; | |
9 | use Encode; | |
10 | use Fcntl qw(:DEFAULT :flock); | |
e143e9d8 DM |
11 | use File::Basename; |
12 | use File::Path qw(make_path); | |
97c8c857 | 13 | use Filesys::Df (); # don't overwrite our df() |
7eb283fb | 14 | use IO::Dir; |
2531c455 | 15 | use IO::File; |
21c56a96 | 16 | use IO::Handle; |
2531c455 TL |
17 | use IO::Pipe; |
18 | use IO::Select; | |
19 | use IO::Socket::IP; | |
e143e9d8 | 20 | use IPC::Open3; |
f2c72fc3 | 21 | use JSON; |
2531c455 TL |
22 | use POSIX qw(EINTR EEXIST EOPNOTSUPP); |
23 | use Scalar::Util 'weaken'; | |
24 | use Socket qw(AF_INET AF_INET6 AI_ALL AI_V4MAPPED AI_CANONNAME SOCK_DGRAM IPPROTO_TCP); | |
7514b23a | 25 | use String::ShellQuote; |
2531c455 | 26 | use Text::ParseWords; |
c38cea65 | 27 | use Time::HiRes qw(usleep gettimeofday tv_interval alarm); |
2531c455 TL |
28 | use URI::Escape; |
29 | use base 'Exporter'; | |
b18826ce | 30 | |
c8e94d4b | 31 | use PVE::Syscall; |
e143e9d8 | 32 | |
57eeea0c DM |
33 | # avoid warning when parsing long hex values with hex() |
34 | no warnings 'portable'; # Support for 64-bit ints required | |
35 | ||
e143e9d8 | 36 | our @EXPORT_OK = qw( |
602ec0cd DM |
37 | $IPV6RE |
38 | $IPV4RE | |
813a5c0d | 39 | lock_file |
493004a2 | 40 | lock_file_full |
813a5c0d DC |
41 | run_command |
42 | file_set_contents | |
e143e9d8 DM |
43 | file_get_contents |
44 | file_read_firstline | |
7eb283fb DM |
45 | dir_glob_regex |
46 | dir_glob_foreach | |
e143e9d8 DM |
47 | split_list |
48 | template_replace | |
49 | safe_print | |
50 | trim | |
51 | extract_param | |
40682a69 | 52 | extract_sensitive_params |
23e0e0d7 | 53 | file_copy |
ce007e99 | 54 | get_host_arch |
c0647765 WB |
55 | O_PATH |
56 | O_TMPFILE | |
1b0bc6c0 WB |
57 | AT_EMPTY_PATH |
58 | AT_FDCWD | |
59 | CLONE_NEWNS | |
60 | CLONE_NEWUTS | |
61 | CLONE_NEWIPC | |
62 | CLONE_NEWUSER | |
63 | CLONE_NEWPID | |
64 | CLONE_NEWNET | |
e143e9d8 DM |
65 | ); |
66 | ||
67 | my $pvelogdir = "/var/log/pve"; | |
68 | my $pvetaskdir = "$pvelogdir/tasks"; | |
69 | ||
70 | mkdir $pvelogdir; | |
71 | mkdir $pvetaskdir; | |
72 | ||
cd9bd252 | 73 | my $IPV4OCTET = "(?:25[0-5]|(?:2[0-4]|1[0-9]|[1-9])?[0-9])"; |
602ec0cd DM |
74 | our $IPV4RE = "(?:(?:$IPV4OCTET\\.){3}$IPV4OCTET)"; |
75 | my $IPV6H16 = "(?:[0-9a-fA-F]{1,4})"; | |
76 | my $IPV6LS32 = "(?:(?:$IPV4RE|$IPV6H16:$IPV6H16))"; | |
77 | ||
78 | our $IPV6RE = "(?:" . | |
79 | "(?:(?:" . "(?:$IPV6H16:){6})$IPV6LS32)|" . | |
80 | "(?:(?:" . "::(?:$IPV6H16:){5})$IPV6LS32)|" . | |
81 | "(?:(?:(?:" . "$IPV6H16)?::(?:$IPV6H16:){4})$IPV6LS32)|" . | |
82 | "(?:(?:(?:(?:$IPV6H16:){0,1}$IPV6H16)?::(?:$IPV6H16:){3})$IPV6LS32)|" . | |
83 | "(?:(?:(?:(?:$IPV6H16:){0,2}$IPV6H16)?::(?:$IPV6H16:){2})$IPV6LS32)|" . | |
84 | "(?:(?:(?:(?:$IPV6H16:){0,3}$IPV6H16)?::(?:$IPV6H16:){1})$IPV6LS32)|" . | |
85 | "(?:(?:(?:(?:$IPV6H16:){0,4}$IPV6H16)?::" . ")$IPV6LS32)|" . | |
86 | "(?:(?:(?:(?:$IPV6H16:){0,5}$IPV6H16)?::" . ")$IPV6H16)|" . | |
87 | "(?:(?:(?:(?:$IPV6H16:){0,6}$IPV6H16)?::" . ")))"; | |
88 | ||
176b1186 WB |
89 | our $IPRE = "(?:$IPV4RE|$IPV6RE)"; |
90 | ||
4c4bd104 FE |
91 | our $EMAIL_USER_RE = qr/[\w\+\-\~]+(\.[\w\+\-\~]+)*/; |
92 | our $EMAIL_RE = qr/$EMAIL_USER_RE@[a-zA-Z0-9\-]+(\.[a-zA-Z0-9\-]+)*/; | |
93 | ||
be8f0477 | 94 | use constant {CLONE_NEWNS => 0x00020000, |
952fd95e WB |
95 | CLONE_NEWUTS => 0x04000000, |
96 | CLONE_NEWIPC => 0x08000000, | |
97 | CLONE_NEWUSER => 0x10000000, | |
98 | CLONE_NEWPID => 0x20000000, | |
be8f0477 | 99 | CLONE_NEWNET => 0x40000000}; |
952fd95e | 100 | |
26598a51 | 101 | use constant {O_PATH => 0x00200000, |
b260d4e3 | 102 | O_CLOEXEC => 0x00080000, |
26598a51 | 103 | O_TMPFILE => 0x00410000}; # This includes O_DIRECTORY |
44acb12c | 104 | |
1b0bc6c0 WB |
105 | use constant {AT_EMPTY_PATH => 0x1000, |
106 | AT_FDCWD => -100}; | |
6cf6b404 | 107 | |
bd9eb367 WB |
108 | # from <linux/fs.h> |
109 | use constant {RENAME_NOREPLACE => (1 << 0), | |
110 | RENAME_EXCHANGE => (1 << 1), | |
111 | RENAME_WHITEOUT => (1 << 2)}; | |
112 | ||
0f0990f1 DM |
113 | sub run_with_timeout { |
114 | my ($timeout, $code, @param) = @_; | |
e143e9d8 | 115 | |
0f0990f1 | 116 | die "got timeout\n" if $timeout <= 0; |
e143e9d8 | 117 | |
c38cea65 | 118 | my $prev_alarm = alarm 0; # suspend outer alarm early |
0f0990f1 DM |
119 | |
120 | my $sigcount = 0; | |
e143e9d8 DM |
121 | |
122 | my $res; | |
123 | ||
e143e9d8 | 124 | eval { |
0f0990f1 DM |
125 | local $SIG{ALRM} = sub { $sigcount++; die "got timeout\n"; }; |
126 | local $SIG{PIPE} = sub { $sigcount++; die "broken pipe\n" }; | |
127 | local $SIG{__DIE__}; # see SA bug 4631 | |
e143e9d8 | 128 | |
c38cea65 | 129 | alarm($timeout); |
e143e9d8 | 130 | |
c38cea65 | 131 | eval { $res = &$code(@param); }; |
0f0990f1 DM |
132 | |
133 | alarm(0); # avoid race conditions | |
c38cea65 WB |
134 | |
135 | die $@ if $@; | |
0f0990f1 DM |
136 | }; |
137 | ||
138 | my $err = $@; | |
139 | ||
c38cea65 | 140 | alarm $prev_alarm; |
0f0990f1 | 141 | |
c38cea65 | 142 | # this shouldn't happen anymore? |
0f0990f1 DM |
143 | die "unknown error" if $sigcount && !$err; # seems to happen sometimes |
144 | ||
145 | die $err if $err; | |
146 | ||
147 | return $res; | |
148 | } | |
e143e9d8 | 149 | |
0f0990f1 | 150 | # flock: we use one file handle per process, so lock file |
d9f86d0d WB |
151 | # can be nested multiple times and succeeds for the same process. |
152 | # | |
153 | # Since this is the only way we lock now and we don't have the old | |
154 | # 'lock(); code(); unlock();' pattern anymore we do not actually need to | |
155 | # count how deep we're nesting. Therefore this hash now stores a weak reference | |
156 | # to a boolean telling us whether we already have a lock. | |
0f0990f1 DM |
157 | |
158 | my $lock_handles = {}; | |
159 | ||
493004a2 DM |
160 | sub lock_file_full { |
161 | my ($filename, $timeout, $shared, $code, @param) = @_; | |
0f0990f1 DM |
162 | |
163 | $timeout = 10 if !$timeout; | |
164 | ||
493004a2 DM |
165 | my $mode = $shared ? LOCK_SH : LOCK_EX; |
166 | ||
d9f86d0d | 167 | my $lockhash = ($lock_handles->{$$} //= {}); |
e143e9d8 | 168 | |
d9f86d0d WB |
169 | # Returns a locked file handle. |
170 | my $get_locked_file = sub { | |
171 | my $fh = IO::File->new(">>$filename") | |
172 | or die "can't open file - $!\n"; | |
173 | ||
174 | if (!flock($fh, $mode|LOCK_NB)) { | |
91bae4c0 | 175 | print STDERR "trying to acquire lock...\n"; |
b5d12b08 DM |
176 | my $success; |
177 | while(1) { | |
d9f86d0d | 178 | $success = flock($fh, $mode); |
b5d12b08 DM |
179 | # try again on EINTR (see bug #273) |
180 | if ($success || ($! != EINTR)) { | |
181 | last; | |
182 | } | |
183 | } | |
d9f86d0d WB |
184 | if (!$success) { |
185 | print STDERR " failed\n"; | |
186 | die "can't acquire lock '$filename' - $!\n"; | |
187 | } | |
188 | print STDERR " OK\n"; | |
189 | } | |
190 | ||
191 | return $fh; | |
e143e9d8 DM |
192 | }; |
193 | ||
0f0990f1 | 194 | my $res; |
d9f86d0d WB |
195 | my $checkptr = $lockhash->{$filename}; |
196 | my $check = 0; # This must not go out of scope before running the code. | |
197 | my $local_fh; # This must stay local | |
198 | if (!$checkptr || !$$checkptr) { | |
199 | # We cannot create a weak reference in a single atomic step, so we first | |
200 | # create a false-value, then create a reference to it, then weaken it, | |
201 | # and after successfully locking the file we change the boolean value. | |
202 | # | |
203 | # The reason for this is that if an outer SIGALRM throws an exception | |
204 | # between creating the reference and weakening it, a subsequent call to | |
205 | # lock_file_full() will see a leftover full reference to a valid | |
206 | # variable. This variable must be 0 in order for said call to attempt to | |
207 | # lock the file anew. | |
208 | # | |
209 | # An externally triggered exception elsewhere in the code will cause the | |
210 | # weak reference to become 'undef', and since the file handle is only | |
211 | # stored in the local scope in $local_fh, the file will be closed by | |
212 | # perl's cleanup routines as well. | |
213 | # | |
214 | # This still assumes that an IO::File handle can properly deal with such | |
215 | # exceptions thrown during its own destruction, but that's up to perls | |
216 | # guts now. | |
217 | $lockhash->{$filename} = \$check; | |
218 | weaken $lockhash->{$filename}; | |
219 | $local_fh = eval { run_with_timeout($timeout, $get_locked_file) }; | |
220 | if ($@) { | |
221 | $@ = "can't lock file '$filename' - $@"; | |
222 | return undef; | |
f127adab | 223 | } |
d9f86d0d | 224 | $check = 1; |
e143e9d8 | 225 | } |
d9f86d0d WB |
226 | $res = eval { &$code(@param); }; |
227 | return undef if $@; | |
e143e9d8 DM |
228 | return $res; |
229 | } | |
230 | ||
493004a2 DM |
231 | |
232 | sub lock_file { | |
233 | my ($filename, $timeout, $code, @param) = @_; | |
234 | ||
235 | return lock_file_full($filename, $timeout, 0, $code, @param); | |
236 | } | |
237 | ||
e143e9d8 DM |
238 | sub file_set_contents { |
239 | my ($filename, $data, $perm) = @_; | |
240 | ||
241 | $perm = 0644 if !defined($perm); | |
242 | ||
243 | my $tmpname = "$filename.tmp.$$"; | |
244 | ||
245 | eval { | |
ce338f4f WB |
246 | my ($fh, $tries) = (undef, 0); |
247 | while (!$fh && $tries++ < 3) { | |
248 | $fh = IO::File->new($tmpname, O_WRONLY|O_CREAT|O_EXCL, $perm); | |
249 | if (!$fh && $! == EEXIST) { | |
250 | unlink($tmpname) or die "unable to delete old temp file: $!\n"; | |
251 | } | |
252 | } | |
e143e9d8 DM |
253 | die "unable to open file '$tmpname' - $!\n" if !$fh; |
254 | die "unable to write '$tmpname' - $!\n" unless print $fh $data; | |
255 | die "closing file '$tmpname' failed - $!\n" unless close $fh; | |
256 | }; | |
257 | my $err = $@; | |
258 | ||
259 | if ($err) { | |
260 | unlink $tmpname; | |
261 | die $err; | |
262 | } | |
263 | ||
264 | if (!rename($tmpname, $filename)) { | |
265 | my $msg = "close (rename) atomic file '$filename' failed: $!\n"; | |
266 | unlink $tmpname; | |
813a5c0d | 267 | die $msg; |
e143e9d8 DM |
268 | } |
269 | } | |
270 | ||
271 | sub file_get_contents { | |
272 | my ($filename, $max) = @_; | |
273 | ||
274 | my $fh = IO::File->new($filename, "r") || | |
275 | die "can't open '$filename' - $!\n"; | |
276 | ||
034a8181 | 277 | my $content = safe_read_from($fh, $max, 0, $filename); |
e143e9d8 DM |
278 | |
279 | close $fh; | |
280 | ||
281 | return $content; | |
282 | } | |
283 | ||
23e0e0d7 WL |
284 | sub file_copy { |
285 | my ($filename, $dst, $max, $perm) = @_; | |
286 | ||
287 | file_set_contents ($dst, file_get_contents($filename, $max), $perm); | |
288 | } | |
289 | ||
e143e9d8 DM |
290 | sub file_read_firstline { |
291 | my ($filename) = @_; | |
292 | ||
293 | my $fh = IO::File->new ($filename, "r"); | |
294 | return undef if !$fh; | |
295 | my $res = <$fh>; | |
88955a2e | 296 | chomp $res if $res; |
e143e9d8 DM |
297 | $fh->close; |
298 | return $res; | |
299 | } | |
300 | ||
301 | sub safe_read_from { | |
034a8181 | 302 | my ($fh, $max, $oneline, $filename) = @_; |
e143e9d8 | 303 | |
8fb28ab9 FG |
304 | # pmxcfs file size limit |
305 | $max = 512*1024 if !$max; | |
e143e9d8 | 306 | |
034a8181 DM |
307 | my $subject = defined($filename) ? "file '$filename'" : 'input'; |
308 | ||
e143e9d8 DM |
309 | my $br = 0; |
310 | my $input = ''; | |
311 | my $count; | |
312 | while ($count = sysread($fh, $input, 8192, $br)) { | |
313 | $br += $count; | |
034a8181 | 314 | die "$subject too long - aborting\n" if $br > $max; |
e143e9d8 DM |
315 | if ($oneline && $input =~ m/^(.*)\n/) { |
316 | $input = $1; | |
317 | last; | |
318 | } | |
813a5c0d | 319 | } |
034a8181 | 320 | die "unable to read $subject - $!\n" if !defined($count); |
e143e9d8 DM |
321 | |
322 | return $input; | |
323 | } | |
324 | ||
bd9c3a36 WB |
325 | # The $cmd parameter can be: |
326 | # -) a string | |
327 | # This is generally executed by passing it to the shell with the -c option. | |
328 | # However, it can be executed in one of two ways, depending on whether | |
329 | # there's a pipe involved: | |
330 | # *) with pipe: passed explicitly to bash -c, prefixed with: | |
331 | # set -o pipefail && | |
332 | # *) without a pipe: passed to perl's open3 which uses 'sh -c' | |
333 | # (Note that this may result in two different syntax requirements!) | |
334 | # FIXME? | |
335 | # -) an array of arguments (strings) | |
336 | # Will be executed without interference from a shell. (Parameters are passed | |
337 | # as is, no escape sequences of strings will be touched.) | |
fcdc0cfc WB |
338 | # -) an array of arrays |
339 | # Each array represents a command, and each command's output is piped into | |
340 | # the following command's standard input. | |
341 | # For this a shell command string is created with pipe symbols between each | |
342 | # command. | |
343 | # Each command is a list of strings meant to end up in the final command | |
344 | # unchanged. In order to achieve this, every argument is shell-quoted. | |
345 | # Quoting can be disabled for a particular argument by turning it into a | |
346 | # reference, this allows inserting arbitrary shell options. | |
347 | # For instance: the $cmd [ [ 'echo', 'hello', \'>/dev/null' ] ] will not | |
348 | # produce any output, while the $cmd [ [ 'echo', 'hello', '>/dev/null' ] ] | |
349 | # will literally print: hello >/dev/null | |
e143e9d8 DM |
350 | sub run_command { |
351 | my ($cmd, %param) = @_; | |
352 | ||
353 | my $old_umask; | |
ded47a61 | 354 | my $cmdstr; |
e143e9d8 | 355 | |
fcdc0cfc WB |
356 | if (my $ref = ref($cmd)) { |
357 | if (ref($cmd->[0])) { | |
358 | $cmdstr = 'set -o pipefail && '; | |
359 | my $pipe = ''; | |
360 | foreach my $command (@$cmd) { | |
361 | # concatenate quoted parameters | |
362 | # strings which are passed by reference are NOT shell quoted | |
363 | $cmdstr .= $pipe . join(' ', map { ref($_) ? $$_ : shellquote($_) } @$command); | |
364 | $pipe = ' | '; | |
365 | } | |
1a0c0103 | 366 | $cmd = [ '/bin/bash', '-c', "$cmdstr" ]; |
fcdc0cfc WB |
367 | } else { |
368 | $cmdstr = cmd2string($cmd); | |
369 | } | |
370 | } else { | |
ded47a61 | 371 | $cmdstr = $cmd; |
22d4efe6 | 372 | if ($cmd =~ m/\|/) { |
e0cabd2c DM |
373 | # see 'man bash' for option pipefail |
374 | $cmd = [ '/bin/bash', '-c', "set -o pipefail && $cmd" ]; | |
375 | } else { | |
376 | $cmd = [ $cmd ]; | |
377 | } | |
ded47a61 | 378 | } |
e143e9d8 DM |
379 | |
380 | my $errmsg; | |
381 | my $laststderr; | |
382 | my $timeout; | |
383 | my $oldtimeout; | |
384 | my $pid; | |
38d9aa12 | 385 | my $exitcode = -1; |
e143e9d8 | 386 | |
4630cb95 DM |
387 | my $outfunc; |
388 | my $errfunc; | |
389 | my $logfunc; | |
390 | my $input; | |
391 | my $output; | |
a417477c | 392 | my $afterfork; |
7e826928 | 393 | my $noerr; |
0f3f314e | 394 | my $keeplocale; |
ed61b9d6 | 395 | my $quiet; |
4630cb95 | 396 | |
e143e9d8 | 397 | eval { |
e143e9d8 DM |
398 | |
399 | foreach my $p (keys %param) { | |
400 | if ($p eq 'timeout') { | |
401 | $timeout = $param{$p}; | |
402 | } elsif ($p eq 'umask') { | |
eb9e24df | 403 | $old_umask = umask($param{$p}); |
e143e9d8 DM |
404 | } elsif ($p eq 'errmsg') { |
405 | $errmsg = $param{$p}; | |
e143e9d8 DM |
406 | } elsif ($p eq 'input') { |
407 | $input = $param{$p}; | |
1c50a24a DM |
408 | } elsif ($p eq 'output') { |
409 | $output = $param{$p}; | |
e143e9d8 DM |
410 | } elsif ($p eq 'outfunc') { |
411 | $outfunc = $param{$p}; | |
412 | } elsif ($p eq 'errfunc') { | |
413 | $errfunc = $param{$p}; | |
776fbfa8 DM |
414 | } elsif ($p eq 'logfunc') { |
415 | $logfunc = $param{$p}; | |
a417477c DM |
416 | } elsif ($p eq 'afterfork') { |
417 | $afterfork = $param{$p}; | |
7e826928 TL |
418 | } elsif ($p eq 'noerr') { |
419 | $noerr = $param{$p}; | |
0f3f314e DC |
420 | } elsif ($p eq 'keeplocale') { |
421 | $keeplocale = $param{$p}; | |
ed61b9d6 TL |
422 | } elsif ($p eq 'quiet') { |
423 | $quiet = $param{$p}; | |
e143e9d8 DM |
424 | } else { |
425 | die "got unknown parameter '$p' for run_command\n"; | |
426 | } | |
427 | } | |
428 | ||
4630cb95 DM |
429 | if ($errmsg) { |
430 | my $origerrfunc = $errfunc; | |
431 | $errfunc = sub { | |
432 | if ($laststderr) { | |
433 | if ($origerrfunc) { | |
434 | &$origerrfunc("$laststderr\n"); | |
435 | } else { | |
436 | print STDERR "$laststderr\n" if $laststderr; | |
437 | } | |
438 | } | |
813a5c0d | 439 | $laststderr = shift; |
4630cb95 DM |
440 | }; |
441 | } | |
442 | ||
1c50a24a DM |
443 | my $reader = $output && $output =~ m/^>&/ ? $output : IO::File->new(); |
444 | my $writer = $input && $input =~ m/^<&/ ? $input : IO::File->new(); | |
445 | my $error = IO::File->new(); | |
446 | ||
e143e9d8 DM |
447 | my $orig_pid = $$; |
448 | ||
449 | eval { | |
0f3f314e | 450 | local $ENV{LC_ALL} = 'C' if !$keeplocale; |
e143e9d8 DM |
451 | |
452 | # suppress LVM warnings like: "File descriptor 3 left open"; | |
453 | local $ENV{LVM_SUPPRESS_FD_WARNINGS} = "1"; | |
454 | ||
455 | $pid = open3($writer, $reader, $error, @$cmd) || die $!; | |
f38995ab DM |
456 | |
457 | # if we pipe fron STDIN, open3 closes STDIN, so we we | |
458 | # a perl warning "Filehandle STDIN reopened as GENXYZ .. " | |
459 | # as soon as we open a new file. | |
460 | # to avoid that we open /dev/null | |
461 | if (!ref($writer) && !defined(fileno(STDIN))) { | |
462 | POSIX::close(0); | |
463 | open(STDIN, "</dev/null"); | |
464 | } | |
e143e9d8 DM |
465 | }; |
466 | ||
467 | my $err = $@; | |
468 | ||
469 | # catch exec errors | |
470 | if ($orig_pid != $$) { | |
471 | warn "ERROR: $err"; | |
813a5c0d DC |
472 | POSIX::_exit (1); |
473 | kill ('KILL', $$); | |
e143e9d8 DM |
474 | } |
475 | ||
476 | die $err if $err; | |
477 | ||
478 | local $SIG{ALRM} = sub { die "got timeout\n"; } if $timeout; | |
479 | $oldtimeout = alarm($timeout) if $timeout; | |
480 | ||
a417477c DM |
481 | &$afterfork() if $afterfork; |
482 | ||
f38995ab DM |
483 | if (ref($writer)) { |
484 | print $writer $input if defined $input; | |
485 | close $writer; | |
486 | } | |
e143e9d8 DM |
487 | |
488 | my $select = new IO::Select; | |
f38995ab | 489 | $select->add($reader) if ref($reader); |
e143e9d8 DM |
490 | $select->add($error); |
491 | ||
492 | my $outlog = ''; | |
493 | my $errlog = ''; | |
494 | ||
495 | my $starttime = time(); | |
496 | ||
497 | while ($select->count) { | |
498 | my @handles = $select->can_read(1); | |
499 | ||
500 | foreach my $h (@handles) { | |
501 | my $buf = ''; | |
502 | my $count = sysread ($h, $buf, 4096); | |
503 | if (!defined ($count)) { | |
504 | my $err = $!; | |
505 | kill (9, $pid); | |
506 | waitpid ($pid, 0); | |
507 | die $err; | |
508 | } | |
509 | $select->remove ($h) if !$count; | |
510 | if ($h eq $reader) { | |
776fbfa8 | 511 | if ($outfunc || $logfunc) { |
e143e9d8 | 512 | eval { |
ba104d67 | 513 | while ($buf =~ s/^([^\010\r\n]*)(?:\n|(?:\010)+|\r\n?)//) { |
cb9db10c DC |
514 | my $line = $outlog . $1; |
515 | $outlog = ''; | |
776fbfa8 DM |
516 | &$outfunc($line) if $outfunc; |
517 | &$logfunc($line) if $logfunc; | |
e143e9d8 | 518 | } |
cb9db10c | 519 | $outlog .= $buf; |
e143e9d8 DM |
520 | }; |
521 | my $err = $@; | |
522 | if ($err) { | |
523 | kill (9, $pid); | |
524 | waitpid ($pid, 0); | |
525 | die $err; | |
526 | } | |
ed61b9d6 | 527 | } elsif (!$quiet) { |
e143e9d8 DM |
528 | print $buf; |
529 | *STDOUT->flush(); | |
530 | } | |
531 | } elsif ($h eq $error) { | |
776fbfa8 | 532 | if ($errfunc || $logfunc) { |
e143e9d8 | 533 | eval { |
ba104d67 | 534 | while ($buf =~ s/^([^\010\r\n]*)(?:\n|(?:\010)+|\r\n?)//) { |
cb9db10c DC |
535 | my $line = $errlog . $1; |
536 | $errlog = ''; | |
776fbfa8 DM |
537 | &$errfunc($line) if $errfunc; |
538 | &$logfunc($line) if $logfunc; | |
e143e9d8 | 539 | } |
cb9db10c | 540 | $errlog .= $buf; |
e143e9d8 DM |
541 | }; |
542 | my $err = $@; | |
543 | if ($err) { | |
544 | kill (9, $pid); | |
545 | waitpid ($pid, 0); | |
546 | die $err; | |
547 | } | |
ed61b9d6 | 548 | } elsif (!$quiet) { |
e143e9d8 DM |
549 | print STDERR $buf; |
550 | *STDERR->flush(); | |
551 | } | |
552 | } | |
553 | } | |
554 | } | |
555 | ||
556 | &$outfunc($outlog) if $outfunc && $outlog; | |
776fbfa8 DM |
557 | &$logfunc($outlog) if $logfunc && $outlog; |
558 | ||
e143e9d8 | 559 | &$errfunc($errlog) if $errfunc && $errlog; |
776fbfa8 | 560 | &$logfunc($errlog) if $logfunc && $errlog; |
e143e9d8 DM |
561 | |
562 | waitpid ($pid, 0); | |
813a5c0d | 563 | |
e143e9d8 DM |
564 | if ($? == -1) { |
565 | die "failed to execute\n"; | |
566 | } elsif (my $sig = ($? & 127)) { | |
567 | die "got signal $sig\n"; | |
7e826928 TL |
568 | } elsif ($exitcode = ($? >> 8)) { |
569 | if (!($exitcode == 24 && ($cmdstr =~ m|^(\S+/)?rsync\s|))) { | |
1c50a24a DM |
570 | if ($errmsg && $laststderr) { |
571 | my $lerr = $laststderr; | |
572 | $laststderr = undef; | |
573 | die "$lerr\n"; | |
574 | } | |
7e826928 | 575 | die "exit code $exitcode\n"; |
e143e9d8 | 576 | } |
e143e9d8 DM |
577 | } |
578 | ||
579 | alarm(0); | |
580 | }; | |
581 | ||
582 | my $err = $@; | |
583 | ||
584 | alarm(0); | |
585 | ||
4630cb95 DM |
586 | if ($errmsg && $laststderr) { |
587 | &$errfunc(undef); # flush laststderr | |
588 | } | |
e143e9d8 DM |
589 | |
590 | umask ($old_umask) if defined($old_umask); | |
591 | ||
592 | alarm($oldtimeout) if $oldtimeout; | |
593 | ||
594 | if ($err) { | |
595 | if ($pid && ($err eq "got timeout\n")) { | |
596 | kill (9, $pid); | |
597 | waitpid ($pid, 0); | |
598 | die "command '$cmdstr' failed: $err"; | |
599 | } | |
600 | ||
601 | if ($errmsg) { | |
adbc988d | 602 | $err =~ s/^usermod:\s*// if $cmdstr =~ m|^(\S+/)?usermod\s|; |
e143e9d8 | 603 | die "$errmsg: $err"; |
7e826928 | 604 | } elsif(!$noerr) { |
e143e9d8 DM |
605 | die "command '$cmdstr' failed: $err"; |
606 | } | |
607 | } | |
1c50a24a | 608 | |
7e826928 | 609 | return $exitcode; |
e143e9d8 DM |
610 | } |
611 | ||
2d38b8a1 TL |
612 | # Run a command with a tcp socket as standard input. |
613 | sub pipe_socket_to_command { | |
614 | my ($cmd, $ip, $port) = @_; | |
615 | ||
616 | my $params = { | |
617 | Listen => 1, | |
618 | ReuseAddr => 1, | |
619 | Proto => &Socket::IPPROTO_TCP, | |
620 | GetAddrInfoFlags => 0, | |
621 | LocalAddr => $ip, | |
622 | LocalPort => $port, | |
623 | }; | |
624 | my $socket = IO::Socket::IP->new(%$params) or die "failed to open socket: $!\n"; | |
625 | ||
626 | print "$ip\n$port\n"; # tell remote where to connect | |
627 | *STDOUT->flush(); | |
628 | ||
629 | alarm 0; | |
630 | local $SIG{ALRM} = sub { die "timed out waiting for client\n" }; | |
631 | alarm 30; | |
632 | my $client = $socket->accept; # Wait for a client | |
633 | alarm 0; | |
634 | close($socket); | |
635 | ||
636 | # We want that the command talks over the TCP socket and takes | |
637 | # ownership of it, so that when it closes it the connection is | |
638 | # terminated, so we need to be able to close the socket. So we | |
639 | # can't really use PVE::Tools::run_command(). | |
640 | my $pid = fork() // die "fork failed: $!\n"; | |
641 | if (!$pid) { | |
642 | POSIX::dup2(fileno($client), 0); | |
643 | POSIX::dup2(fileno($client), 1); | |
644 | close($client); | |
645 | exec {$cmd->[0]} @$cmd or do { | |
646 | warn "exec failed: $!\n"; | |
647 | POSIX::_exit(1); | |
648 | }; | |
649 | } | |
650 | ||
651 | close($client); | |
652 | if (waitpid($pid, 0) != $pid) { | |
653 | kill(15 => $pid); # if we got interrupted terminate the child | |
654 | my $count = 0; | |
655 | while (waitpid($pid, POSIX::WNOHANG) != $pid) { | |
656 | usleep(100000); | |
657 | $count++; | |
658 | kill(9 => $pid), last if $count > 300; # 30 second timeout | |
659 | } | |
660 | } | |
661 | if (my $sig = ($? & 127)) { | |
662 | die "got signal $sig\n"; | |
663 | } elsif (my $exitcode = ($? >> 8)) { | |
664 | die "exit code $exitcode\n"; | |
665 | } | |
666 | ||
667 | return undef; | |
668 | } | |
669 | ||
e143e9d8 | 670 | sub split_list { |
0a3de87e | 671 | my $listtxt = shift // ''; |
e143e9d8 | 672 | |
d2b0374d | 673 | return split (/\0/, $listtxt) if $listtxt =~ m/\0/; |
813a5c0d | 674 | |
d2b0374d | 675 | $listtxt =~ s/[,;]/ /g; |
e143e9d8 DM |
676 | $listtxt =~ s/^\s+//; |
677 | ||
678 | my @data = split (/\s+/, $listtxt); | |
679 | ||
680 | return @data; | |
681 | } | |
682 | ||
683 | sub trim { | |
684 | my $txt = shift; | |
685 | ||
686 | return $txt if !defined($txt); | |
687 | ||
688 | $txt =~ s/^\s+//; | |
689 | $txt =~ s/\s+$//; | |
813a5c0d | 690 | |
e143e9d8 DM |
691 | return $txt; |
692 | } | |
693 | ||
694 | # simple uri templates like "/vms/{vmid}" | |
695 | sub template_replace { | |
696 | my ($tmpl, $data) = @_; | |
697 | ||
3250f5c7 | 698 | return $tmpl if !$tmpl; |
813a5c0d | 699 | |
e143e9d8 | 700 | my $res = ''; |
14410e5f | 701 | while ($tmpl =~ m/([^{]+)?(\{([^}]+)\})?/g) { |
e143e9d8 DM |
702 | $res .= $1 if $1; |
703 | $res .= ($data->{$3} || '-') if $2; | |
704 | } | |
705 | return $res; | |
706 | } | |
707 | ||
708 | sub safe_print { | |
709 | my ($filename, $fh, $data) = @_; | |
710 | ||
711 | return if !$data; | |
712 | ||
713 | my $res = print $fh $data; | |
714 | ||
715 | die "write to '$filename' failed\n" if !$res; | |
716 | } | |
717 | ||
718 | sub debmirrors { | |
719 | ||
720 | return { | |
721 | 'at' => 'ftp.at.debian.org', | |
722 | 'au' => 'ftp.au.debian.org', | |
723 | 'be' => 'ftp.be.debian.org', | |
724 | 'bg' => 'ftp.bg.debian.org', | |
725 | 'br' => 'ftp.br.debian.org', | |
726 | 'ca' => 'ftp.ca.debian.org', | |
727 | 'ch' => 'ftp.ch.debian.org', | |
728 | 'cl' => 'ftp.cl.debian.org', | |
729 | 'cz' => 'ftp.cz.debian.org', | |
730 | 'de' => 'ftp.de.debian.org', | |
731 | 'dk' => 'ftp.dk.debian.org', | |
732 | 'ee' => 'ftp.ee.debian.org', | |
733 | 'es' => 'ftp.es.debian.org', | |
734 | 'fi' => 'ftp.fi.debian.org', | |
735 | 'fr' => 'ftp.fr.debian.org', | |
736 | 'gr' => 'ftp.gr.debian.org', | |
737 | 'hk' => 'ftp.hk.debian.org', | |
738 | 'hr' => 'ftp.hr.debian.org', | |
739 | 'hu' => 'ftp.hu.debian.org', | |
740 | 'ie' => 'ftp.ie.debian.org', | |
741 | 'is' => 'ftp.is.debian.org', | |
742 | 'it' => 'ftp.it.debian.org', | |
743 | 'jp' => 'ftp.jp.debian.org', | |
744 | 'kr' => 'ftp.kr.debian.org', | |
745 | 'mx' => 'ftp.mx.debian.org', | |
746 | 'nl' => 'ftp.nl.debian.org', | |
747 | 'no' => 'ftp.no.debian.org', | |
748 | 'nz' => 'ftp.nz.debian.org', | |
749 | 'pl' => 'ftp.pl.debian.org', | |
750 | 'pt' => 'ftp.pt.debian.org', | |
751 | 'ro' => 'ftp.ro.debian.org', | |
752 | 'ru' => 'ftp.ru.debian.org', | |
753 | 'se' => 'ftp.se.debian.org', | |
754 | 'si' => 'ftp.si.debian.org', | |
755 | 'sk' => 'ftp.sk.debian.org', | |
756 | 'tr' => 'ftp.tr.debian.org', | |
757 | 'tw' => 'ftp.tw.debian.org', | |
758 | 'gb' => 'ftp.uk.debian.org', | |
759 | 'us' => 'ftp.us.debian.org', | |
760 | }; | |
761 | } | |
762 | ||
910d57b0 DM |
763 | my $keymaphash = { |
764 | 'dk' => ['Danish', 'da', 'qwerty/dk-latin1.kmap.gz', 'dk', 'nodeadkeys'], | |
765 | 'de' => ['German', 'de', 'qwertz/de-latin1-nodeadkeys.kmap.gz', 'de', 'nodeadkeys' ], | |
813a5c0d | 766 | 'de-ch' => ['Swiss-German', 'de-ch', 'qwertz/sg-latin1.kmap.gz', 'ch', 'de_nodeadkeys' ], |
5a5ca434 DM |
767 | 'en-gb' => ['United Kingdom', 'en-gb', 'qwerty/uk.kmap.gz' , 'gb', undef], |
768 | 'en-us' => ['U.S. English', 'en-us', 'qwerty/us-latin1.kmap.gz', 'us', undef ], | |
910d57b0 DM |
769 | 'es' => ['Spanish', 'es', 'qwerty/es.kmap.gz', 'es', 'nodeadkeys'], |
770 | #'et' => [], # Ethopia or Estonia ?? | |
771 | 'fi' => ['Finnish', 'fi', 'qwerty/fi-latin1.kmap.gz', 'fi', 'nodeadkeys'], | |
772 | #'fo' => ['Faroe Islands', 'fo', ???, 'fo', 'nodeadkeys'], | |
773 | 'fr' => ['French', 'fr', 'azerty/fr-latin1.kmap.gz', 'fr', 'nodeadkeys'], | |
774 | 'fr-be' => ['Belgium-French', 'fr-be', 'azerty/be2-latin1.kmap.gz', 'be', 'nodeadkeys'], | |
775 | 'fr-ca' => ['Canada-French', 'fr-ca', 'qwerty/cf.kmap.gz', 'ca', 'fr-legacy'], | |
776 | 'fr-ch' => ['Swiss-French', 'fr-ch', 'qwertz/fr_CH-latin1.kmap.gz', 'ch', 'fr_nodeadkeys'], | |
777 | #'hr' => ['Croatia', 'hr', 'qwertz/croat.kmap.gz', 'hr', ??], # latin2? | |
778 | 'hu' => ['Hungarian', 'hu', 'qwertz/hu.kmap.gz', 'hu', undef], | |
779 | 'is' => ['Icelandic', 'is', 'qwerty/is-latin1.kmap.gz', 'is', 'nodeadkeys'], | |
780 | 'it' => ['Italian', 'it', 'qwerty/it2.kmap.gz', 'it', 'nodeadkeys'], | |
781 | 'jp' => ['Japanese', 'ja', 'qwerty/jp106.kmap.gz', 'jp', undef], | |
782 | 'lt' => ['Lithuanian', 'lt', 'qwerty/lt.kmap.gz', 'lt', 'std'], | |
783 | #'lv' => ['Latvian', 'lv', 'qwerty/lv-latin4.kmap.gz', 'lv', ??], # latin4 or latin7? | |
784 | 'mk' => ['Macedonian', 'mk', 'qwerty/mk.kmap.gz', 'mk', 'nodeadkeys'], | |
785 | 'nl' => ['Dutch', 'nl', 'qwerty/nl.kmap.gz', 'nl', undef], | |
786 | #'nl-be' => ['Belgium-Dutch', 'nl-be', ?, ?, ?], | |
813a5c0d | 787 | 'no' => ['Norwegian', 'no', 'qwerty/no-latin1.kmap.gz', 'no', 'nodeadkeys'], |
910d57b0 DM |
788 | 'pl' => ['Polish', 'pl', 'qwerty/pl.kmap.gz', 'pl', undef], |
789 | 'pt' => ['Portuguese', 'pt', 'qwerty/pt-latin1.kmap.gz', 'pt', 'nodeadkeys'], | |
790 | 'pt-br' => ['Brazil-Portuguese', 'pt-br', 'qwerty/br-latin1.kmap.gz', 'br', 'nodeadkeys'], | |
fb3a1b29 | 791 | #'ru' => ['Russian', 'ru', 'qwerty/ru.kmap.gz', 'ru', undef], # don't know? |
910d57b0 | 792 | 'si' => ['Slovenian', 'sl', 'qwertz/slovene.kmap.gz', 'si', undef], |
9934cd0b | 793 | 'se' => ['Swedish', 'sv', 'qwerty/se-latin1.kmap.gz', 'se', 'nodeadkeys'], |
910d57b0 | 794 | #'th' => [], |
c10cc112 | 795 | 'tr' => ['Turkish', 'tr', 'qwerty/trq.kmap.gz', 'tr', undef], |
910d57b0 DM |
796 | }; |
797 | ||
798 | my $kvmkeymaparray = []; | |
0a7de820 | 799 | foreach my $lc (sort keys %$keymaphash) { |
910d57b0 DM |
800 | push @$kvmkeymaparray, $keymaphash->{$lc}->[1]; |
801 | } | |
802 | ||
e143e9d8 | 803 | sub kvmkeymaps { |
910d57b0 DM |
804 | return $keymaphash; |
805 | } | |
806 | ||
807 | sub kvmkeymaplist { | |
808 | return $kvmkeymaparray; | |
e143e9d8 DM |
809 | } |
810 | ||
811 | sub extract_param { | |
812 | my ($param, $key) = @_; | |
813 | ||
814 | my $res = $param->{$key}; | |
815 | delete $param->{$key}; | |
816 | ||
817 | return $res; | |
818 | } | |
819 | ||
9d52694b | 820 | # For extracting sensitive keys (e.g. password), to avoid writing them to www-data owned configs |
40682a69 DC |
821 | sub extract_sensitive_params :prototype($$$) { |
822 | my ($param, $sensitive_list, $delete_list) = @_; | |
823 | ||
40682a69 DC |
824 | my %delete = map { $_ => 1 } ($delete_list || [])->@*; |
825 | ||
9d52694b | 826 | my $sensitive = {}; |
40682a69 | 827 | for my $opt (@$sensitive_list) { |
9d52694b TL |
828 | # handle deletions as explicitly setting `undef`, so subs which only have $param but not |
829 | # $delete_list available can recognize them. Afterwards new values may override. | |
40682a69 DC |
830 | if (exists($delete{$opt})) { |
831 | $sensitive->{$opt} = undef; | |
832 | } | |
833 | ||
834 | if (defined(my $value = extract_param($param, $opt))) { | |
835 | $sensitive->{$opt} = $value; | |
836 | } | |
837 | } | |
838 | ||
839 | return $sensitive; | |
840 | } | |
841 | ||
eb7047f6 | 842 | # Note: we use this to wait until vncterm/spiceterm is ready |
ec6d95b4 | 843 | sub wait_for_vnc_port { |
590b924e | 844 | my ($port, $family, $timeout) = @_; |
ec6d95b4 DM |
845 | |
846 | $timeout = 5 if !$timeout; | |
eb7047f6 DM |
847 | my $sleeptime = 0; |
848 | my $starttime = [gettimeofday]; | |
849 | my $elapsed; | |
ec6d95b4 | 850 | |
590b924e TL |
851 | my $cmd = ['/bin/ss', '-Htln', "sport = :$port"]; |
852 | push @$cmd, $family == AF_INET6 ? '-6' : '-4' if defined($family); | |
853 | ||
9a41a7b7 | 854 | my $found; |
eb7047f6 | 855 | while (($elapsed = tv_interval($starttime)) < $timeout) { |
9a41a7b7 | 856 | # -Htln = don't print header, tcp, listening sockets only, numeric ports |
590b924e | 857 | run_command($cmd, outfunc => sub { |
9a41a7b7 TL |
858 | my $line = shift; |
859 | if ($line =~ m/^LISTEN\s+\d+\s+\d+\s+\S+:(\d+)\s/) { | |
860 | $found = 1 if ($port == $1); | |
ec6d95b4 | 861 | } |
9a41a7b7 TL |
862 | }); |
863 | return 1 if $found; | |
eb7047f6 DM |
864 | $sleeptime += 100000 if $sleeptime < 1000000; |
865 | usleep($sleeptime); | |
ec6d95b4 DM |
866 | } |
867 | ||
8fd0d634 | 868 | die "Timeout while waiting for port '$port' to get ready!\n"; |
ec6d95b4 DM |
869 | } |
870 | ||
59b3f563 | 871 | sub next_unused_port { |
c14960cc | 872 | my ($range_start, $range_end, $family, $address) = @_; |
59b3f563 DM |
873 | |
874 | # We use a file to register allocated ports. | |
875 | # Those registrations expires after $expiretime. | |
876 | # We use this to avoid race conditions between | |
877 | # allocation and use of ports. | |
878 | ||
879 | my $filename = "/var/tmp/pve-reserved-ports"; | |
e143e9d8 | 880 | |
59b3f563 | 881 | my $code = sub { |
e143e9d8 | 882 | |
59b3f563 DM |
883 | my $expiretime = 5; |
884 | my $ctime = time(); | |
e143e9d8 | 885 | |
59b3f563 DM |
886 | my $ports = {}; |
887 | ||
888 | if (my $fh = IO::File->new ($filename, "r")) { | |
889 | while (my $line = <$fh>) { | |
890 | if ($line =~ m/^(\d+)\s(\d+)$/) { | |
891 | my ($port, $timestamp) = ($1, $2); | |
892 | if (($timestamp + $expiretime) > $ctime) { | |
893 | $ports->{$port} = $timestamp; # not expired | |
813a5c0d | 894 | } |
59b3f563 DM |
895 | } |
896 | } | |
e143e9d8 | 897 | } |
813a5c0d | 898 | |
59b3f563 | 899 | my $newport; |
c14960cc WB |
900 | my %sockargs = (Listen => 5, |
901 | ReuseAddr => 1, | |
902 | Family => $family, | |
a0ecb159 | 903 | Proto => IPPROTO_TCP, |
c14960cc WB |
904 | GetAddrInfoFlags => 0); |
905 | $sockargs{LocalAddr} = $address if defined($address); | |
59b3f563 DM |
906 | |
907 | for (my $p = $range_start; $p < $range_end; $p++) { | |
908 | next if $ports->{$p}; # reserved | |
909 | ||
c14960cc WB |
910 | $sockargs{LocalPort} = $p; |
911 | my $sock = IO::Socket::IP->new(%sockargs); | |
59b3f563 DM |
912 | |
913 | if ($sock) { | |
914 | close($sock); | |
915 | $newport = $p; | |
916 | $ports->{$p} = $ctime; | |
917 | last; | |
918 | } | |
919 | } | |
813a5c0d | 920 | |
59b3f563 DM |
921 | my $data = ""; |
922 | foreach my $p (keys %$ports) { | |
923 | $data .= "$p $ports->{$p}\n"; | |
924 | } | |
813a5c0d | 925 | |
59b3f563 | 926 | file_set_contents($filename, $data); |
e143e9d8 | 927 | |
59b3f563 DM |
928 | return $newport; |
929 | }; | |
930 | ||
3c476ed5 | 931 | my $p = lock_file('/var/lock/pve-ports.lck', 10, $code); |
59b3f563 | 932 | die $@ if $@; |
813a5c0d | 933 | |
59b3f563 DM |
934 | die "unable to find free port (${range_start}-${range_end})\n" if !$p; |
935 | ||
936 | return $p; | |
937 | } | |
938 | ||
939 | sub next_migrate_port { | |
c14960cc WB |
940 | my ($family, $address) = @_; |
941 | return next_unused_port(60000, 60050, $family, $address); | |
59b3f563 DM |
942 | } |
943 | ||
944 | sub next_vnc_port { | |
c14960cc WB |
945 | my ($family, $address) = @_; |
946 | return next_unused_port(5900, 6000, $family, $address); | |
59b3f563 | 947 | } |
e143e9d8 | 948 | |
30aeac2e DC |
949 | sub spice_port_range { |
950 | return (61000, 61999); | |
951 | } | |
952 | ||
2f13cbb5 | 953 | sub next_spice_port { |
c14960cc | 954 | my ($family, $address) = @_; |
30aeac2e | 955 | return next_unused_port(spice_port_range(), $family, $address); |
2f13cbb5 DM |
956 | } |
957 | ||
893ec6f2 WB |
958 | sub must_stringify { |
959 | my ($value) = @_; | |
960 | eval { $value = "$value" }; | |
961 | return "error turning value into a string: $@" if $@; | |
962 | return $value; | |
963 | } | |
964 | ||
72fba911 EK |
965 | # sigkill after $timeout a $sub running in a fork if it can't write a pipe |
966 | # the $sub has to return a single scalar | |
967 | sub run_fork_with_timeout { | |
968 | my ($timeout, $sub) = @_; | |
969 | ||
970 | my $res; | |
971 | my $error; | |
972 | my $pipe_out = IO::Pipe->new(); | |
72fba911 EK |
973 | |
974 | # disable pending alarms, save their remaining time | |
975 | my $prev_alarm = alarm 0; | |
976 | ||
eead1cca | 977 | # avoid leaving a zombie if the parent gets interrupted |
72fba911 | 978 | my $sig_received; |
72fba911 EK |
979 | |
980 | my $child = fork(); | |
981 | if (!defined($child)) { | |
982 | die "fork failed: $!\n"; | |
983 | return $res; | |
984 | } | |
985 | ||
986 | if (!$child) { | |
987 | $pipe_out->writer(); | |
72fba911 EK |
988 | |
989 | eval { | |
990 | $res = $sub->(); | |
f2c72fc3 | 991 | print {$pipe_out} encode_json({ result => $res }); |
72fba911 EK |
992 | $pipe_out->flush(); |
993 | }; | |
994 | if (my $err = $@) { | |
893ec6f2 | 995 | print {$pipe_out} encode_json({ error => must_stringify($err) }); |
f2c72fc3 | 996 | $pipe_out->flush(); |
72fba911 EK |
997 | POSIX::_exit(1); |
998 | } | |
999 | POSIX::_exit(0); | |
1000 | } | |
1001 | ||
2e353dfb DC |
1002 | local $SIG{INT} = sub { $sig_received++; }; |
1003 | local $SIG{TERM} = sub { | |
1004 | $error //= "interrupted by unexpected signal\n"; | |
1005 | kill('TERM', $child); | |
1006 | }; | |
1007 | ||
72fba911 | 1008 | $pipe_out->reader(); |
72fba911 EK |
1009 | |
1010 | my $readvalues = sub { | |
1011 | local $/ = undef; | |
2e353dfb | 1012 | my $child_res = decode_json(readline_nointr($pipe_out)); |
f2c72fc3 TL |
1013 | $res = $child_res->{result}; |
1014 | $error = $child_res->{error}; | |
72fba911 EK |
1015 | }; |
1016 | eval { | |
a2d049af WB |
1017 | if (defined($timeout)) { |
1018 | run_with_timeout($timeout, $readvalues); | |
1019 | } else { | |
1020 | $readvalues->(); | |
1021 | } | |
72fba911 EK |
1022 | }; |
1023 | warn $@ if $@; | |
1024 | $pipe_out->close(); | |
72fba911 EK |
1025 | kill('KILL', $child); |
1026 | waitpid($child, 0); | |
1027 | ||
1028 | alarm $prev_alarm; | |
1029 | die "interrupted by unexpected signal\n" if $sig_received; | |
1030 | ||
1031 | die $error if $error; | |
1032 | return $res; | |
1033 | } | |
1034 | ||
a2d049af WB |
1035 | sub run_fork { |
1036 | my ($code) = @_; | |
1037 | return run_fork_with_timeout(undef, $code); | |
1038 | } | |
1039 | ||
813a5c0d | 1040 | # NOTE: NFS syscall can't be interrupted, so alarm does |
e143e9d8 DM |
1041 | # not work to provide timeouts. |
1042 | # from 'man nfs': "Only SIGKILL can interrupt a pending NFS operation" | |
97c8c857 | 1043 | # So fork() before using Filesys::Df |
e143e9d8 DM |
1044 | sub df { |
1045 | my ($path, $timeout) = @_; | |
1046 | ||
4fdc9659 | 1047 | my $df = sub { return Filesys::Df::df($path, 1) }; |
97c8c857 | 1048 | |
4fdc9659 TL |
1049 | my $res = eval { run_fork_with_timeout($timeout, $df) } // {}; |
1050 | warn $@ if $@; | |
97c8c857 | 1051 | |
8bc99fda TL |
1052 | # untaint, but be flexible: PB usage can result in scientific notation |
1053 | my ($blocks, $used, $bavail) = map { defined($_) ? (/^([\d\.e\-+]+)$/) : 0 } | |
fd58bb2b DC |
1054 | $res->@{qw(blocks used bavail)}; |
1055 | ||
4fdc9659 | 1056 | return { |
fd58bb2b DC |
1057 | total => $blocks, |
1058 | used => $used, | |
1059 | avail => $bavail, | |
e143e9d8 | 1060 | }; |
e143e9d8 DM |
1061 | } |
1062 | ||
62635f92 DM |
1063 | sub du { |
1064 | my ($path, $timeout) = @_; | |
1065 | ||
1066 | my $size; | |
1067 | ||
1068 | $timeout //= 10; | |
1069 | ||
1070 | my $parser = sub { | |
1071 | my $line = shift; | |
1072 | ||
1073 | if ($line =~ m/^(\d+)\s+total$/) { | |
1074 | $size = $1; | |
1075 | } | |
1076 | }; | |
1077 | ||
1078 | run_command(['du', '-scb', $path], outfunc => $parser, timeout => $timeout); | |
1079 | ||
1080 | return $size; | |
1081 | } | |
1082 | ||
e143e9d8 DM |
1083 | # UPID helper |
1084 | # We use this to uniquely identify a process. | |
813a5c0d | 1085 | # An 'Unique Process ID' has the following format: |
e143e9d8 DM |
1086 | # "UPID:$node:$pid:$pstart:$startime:$dtype:$id:$user" |
1087 | ||
1088 | sub upid_encode { | |
1089 | my $d = shift; | |
1090 | ||
19cec230 DM |
1091 | # Note: pstart can be > 32bit if uptime > 497 days, so this can result in |
1092 | # more that 8 characters for pstart | |
813a5c0d DC |
1093 | return sprintf("UPID:%s:%08X:%08X:%08X:%s:%s:%s:", $d->{node}, $d->{pid}, |
1094 | $d->{pstart}, $d->{starttime}, $d->{type}, $d->{id}, | |
e143e9d8 DM |
1095 | $d->{user}); |
1096 | } | |
1097 | ||
1098 | sub upid_decode { | |
1099 | my ($upid, $noerr) = @_; | |
1100 | ||
1101 | my $res; | |
1102 | my $filename; | |
1103 | ||
1104 | # "UPID:$node:$pid:$pstart:$startime:$dtype:$id:$user" | |
19cec230 DM |
1105 | # Note: allow up to 9 characters for pstart (work until 20 years uptime) |
1106 | if ($upid =~ m/^UPID:([a-zA-Z0-9]([a-zA-Z0-9\-]*[a-zA-Z0-9])?):([0-9A-Fa-f]{8}):([0-9A-Fa-f]{8,9}):([0-9A-Fa-f]{8}):([^:\s]+):([^:\s]*):([^:\s]+):$/) { | |
e143e9d8 | 1107 | $res->{node} = $1; |
3702f038 DM |
1108 | $res->{pid} = hex($3); |
1109 | $res->{pstart} = hex($4); | |
1110 | $res->{starttime} = hex($5); | |
1111 | $res->{type} = $6; | |
1112 | $res->{id} = $7; | |
1113 | $res->{user} = $8; | |
1114 | ||
1115 | my $subdir = substr($5, 7, 8); | |
e143e9d8 DM |
1116 | $filename = "$pvetaskdir/$subdir/$upid"; |
1117 | ||
1118 | } else { | |
1119 | return undef if $noerr; | |
1120 | die "unable to parse worker upid '$upid'\n"; | |
1121 | } | |
1122 | ||
1123 | return wantarray ? ($res, $filename) : $res; | |
1124 | } | |
1125 | ||
1126 | sub upid_open { | |
1127 | my ($upid) = @_; | |
1128 | ||
813a5c0d | 1129 | my ($task, $filename) = upid_decode($upid); |
e143e9d8 DM |
1130 | |
1131 | my $dirname = dirname($filename); | |
1132 | make_path($dirname); | |
1133 | ||
1134 | my $wwwid = getpwnam('www-data') || | |
1135 | die "getpwnam failed"; | |
1136 | ||
1137 | my $perm = 0640; | |
813a5c0d | 1138 | |
e143e9d8 DM |
1139 | my $outfh = IO::File->new ($filename, O_WRONLY|O_CREAT|O_EXCL, $perm) || |
1140 | die "unable to create output file '$filename' - $!\n"; | |
2b8e0f12 | 1141 | chown $wwwid, -1, $outfh; |
e143e9d8 DM |
1142 | |
1143 | return $outfh; | |
1144 | }; | |
1145 | ||
1146 | sub upid_read_status { | |
1147 | my ($upid) = @_; | |
1148 | ||
1149 | my ($task, $filename) = upid_decode($upid); | |
1150 | my $fh = IO::File->new($filename, "r"); | |
1151 | return "unable to open file - $!" if !$fh; | |
cc9121d3 | 1152 | my $maxlen = 4096; |
e143e9d8 DM |
1153 | sysseek($fh, -$maxlen, 2); |
1154 | my $readbuf = ''; | |
1155 | my $br = sysread($fh, $readbuf, $maxlen); | |
1156 | close($fh); | |
1157 | if ($br) { | |
1158 | return "unable to extract last line" | |
1159 | if $readbuf !~ m/\n?(.+)$/; | |
1160 | my $line = $1; | |
1161 | if ($line =~ m/^TASK OK$/) { | |
1162 | return 'OK'; | |
1163 | } elsif ($line =~ m/^TASK ERROR: (.+)$/) { | |
1164 | return $1; | |
ff79ee65 FE |
1165 | } elsif ($line =~ m/^TASK (WARNINGS: \d+)$/) { |
1166 | return $1; | |
e143e9d8 DM |
1167 | } else { |
1168 | return "unexpected status"; | |
1169 | } | |
1170 | } | |
1171 | return "unable to read tail (got $br bytes)"; | |
1172 | } | |
1173 | ||
813a5c0d | 1174 | # useful functions to store comments in config files |
e143e9d8 DM |
1175 | sub encode_text { |
1176 | my ($text) = @_; | |
1177 | ||
1178 | # all control and hi-bit characters, and ':' | |
1179 | my $unsafe = "^\x20-\x39\x3b-\x7e"; | |
1180 | return uri_escape(Encode::encode("utf8", $text), $unsafe); | |
1181 | } | |
1182 | ||
1183 | sub decode_text { | |
1184 | my ($data) = @_; | |
1185 | ||
1186 | return Encode::decode("utf8", uri_unescape($data)); | |
1187 | } | |
1188 | ||
6d46baf6 DM |
1189 | # depreciated - do not use! |
1190 | # we now decode all parameters by default | |
815b2aba DM |
1191 | sub decode_utf8_parameters { |
1192 | my ($param) = @_; | |
1193 | ||
34ebb226 | 1194 | foreach my $p (qw(comment description firstname lastname)) { |
815b2aba DM |
1195 | $param->{$p} = decode('utf8', $param->{$p}) if $param->{$p}; |
1196 | } | |
1197 | ||
1198 | return $param; | |
1199 | } | |
1200 | ||
a413a515 | 1201 | sub random_ether_addr { |
12392173 | 1202 | my ($prefix) = @_; |
a413a515 | 1203 | |
46a11c00 DM |
1204 | my ($seconds, $microseconds) = gettimeofday; |
1205 | ||
d743b69c | 1206 | my $rand = Digest::SHA::sha1($$, rand(), $seconds, $microseconds); |
a413a515 | 1207 | |
85d5625a | 1208 | # clear multicast, set local id |
de9a267f | 1209 | vec($rand, 0, 8) = (vec($rand, 0, 8) & 0xfe) | 2; |
a413a515 | 1210 | |
12392173 WB |
1211 | my $addr = sprintf("%02X:%02X:%02X:%02X:%02X:%02X", unpack("C6", $rand)); |
1212 | if (defined($prefix)) { | |
1213 | $addr = uc($prefix) . substr($addr, length($prefix)); | |
1214 | } | |
1215 | return $addr; | |
a413a515 | 1216 | } |
e143e9d8 | 1217 | |
762e3223 DM |
1218 | sub shellquote { |
1219 | my $str = shift; | |
1220 | ||
7514b23a | 1221 | return String::ShellQuote::shell_quote($str); |
762e3223 DM |
1222 | } |
1223 | ||
65e1d3fc DM |
1224 | sub cmd2string { |
1225 | my ($cmd) = @_; | |
1226 | ||
1227 | die "no arguments" if !$cmd; | |
1228 | ||
1229 | return $cmd if !ref($cmd); | |
1230 | ||
1231 | my @qa = (); | |
1232 | foreach my $arg (@$cmd) { push @qa, shellquote($arg); } | |
1233 | ||
1234 | return join (' ', @qa); | |
1235 | } | |
1236 | ||
e38bcd35 | 1237 | # split an shell argument string into an array, |
f9125663 DM |
1238 | sub split_args { |
1239 | my ($str) = @_; | |
1240 | ||
e38bcd35 | 1241 | return $str ? [ Text::ParseWords::shellwords($str) ] : []; |
f9125663 DM |
1242 | } |
1243 | ||
804b1041 | 1244 | sub dump_logfile { |
eb7e5538 | 1245 | my ($filename, $start, $limit, $filter) = @_; |
804b1041 DM |
1246 | |
1247 | my $lines = []; | |
1248 | my $count = 0; | |
1249 | ||
1250 | my $fh = IO::File->new($filename, "r"); | |
813a5c0d | 1251 | if (!$fh) { |
804b1041 DM |
1252 | $count++; |
1253 | push @$lines, { n => $count, t => "unable to open file - $!"}; | |
1254 | return ($count, $lines); | |
1255 | } | |
1256 | ||
1257 | $start = 0 if !$start; | |
1258 | $limit = 50 if !$limit; | |
1259 | ||
1260 | my $line; | |
eb7e5538 DM |
1261 | |
1262 | if ($filter) { | |
1263 | # duplicate code, so that we do not slow down normal path | |
1264 | while (defined($line = <$fh>)) { | |
1265 | next if $line !~ m/$filter/; | |
1266 | next if $count++ < $start; | |
1267 | next if $limit <= 0; | |
1268 | chomp $line; | |
1269 | push @$lines, { n => $count, t => $line}; | |
1270 | $limit--; | |
1271 | } | |
1272 | } else { | |
1273 | while (defined($line = <$fh>)) { | |
1274 | next if $count++ < $start; | |
1275 | next if $limit <= 0; | |
1276 | chomp $line; | |
1277 | push @$lines, { n => $count, t => $line}; | |
1278 | $limit--; | |
1279 | } | |
804b1041 DM |
1280 | } |
1281 | ||
1282 | close($fh); | |
1283 | ||
6de95a66 DM |
1284 | # HACK: ExtJS store.guaranteeRange() does not like empty array |
1285 | # so we add a line | |
1286 | if (!$count) { | |
1287 | $count++; | |
1288 | push @$lines, { n => $count, t => "no content"}; | |
1289 | } | |
1290 | ||
1291 | return ($count, $lines); | |
1292 | } | |
1293 | ||
1294 | sub dump_journal { | |
ccf60d3b | 1295 | my ($start, $limit, $since, $until, $service) = @_; |
6de95a66 DM |
1296 | |
1297 | my $lines = []; | |
1298 | my $count = 0; | |
813a5c0d | 1299 | |
6de95a66 DM |
1300 | $start = 0 if !$start; |
1301 | $limit = 50 if !$limit; | |
1302 | ||
1303 | my $parser = sub { | |
1304 | my $line = shift; | |
1305 | ||
1306 | return if $count++ < $start; | |
1307 | return if $limit <= 0; | |
1308 | push @$lines, { n => int($count), t => $line}; | |
1309 | $limit--; | |
1310 | }; | |
1311 | ||
1312 | my $cmd = ['journalctl', '-o', 'short', '--no-pager']; | |
19e95cd0 | 1313 | |
ccf60d3b | 1314 | push @$cmd, '--unit', $service if $service; |
19e95cd0 TL |
1315 | push @$cmd, '--since', $since if $since; |
1316 | push @$cmd, '--until', $until if $until; | |
6de95a66 DM |
1317 | run_command($cmd, outfunc => $parser); |
1318 | ||
804b1041 DM |
1319 | # HACK: ExtJS store.guaranteeRange() does not like empty array |
1320 | # so we add a line | |
1321 | if (!$count) { | |
1322 | $count++; | |
1323 | push @$lines, { n => $count, t => "no content"}; | |
1324 | } | |
1325 | ||
1326 | return ($count, $lines); | |
1327 | } | |
1328 | ||
7eb283fb DM |
1329 | sub dir_glob_regex { |
1330 | my ($dir, $regex) = @_; | |
1331 | ||
1332 | my $dh = IO::Dir->new ($dir); | |
1333 | return wantarray ? () : undef if !$dh; | |
813a5c0d DC |
1334 | |
1335 | while (defined(my $tmp = $dh->read)) { | |
7eb283fb DM |
1336 | if (my @res = $tmp =~ m/^($regex)$/) { |
1337 | $dh->close; | |
1338 | return wantarray ? @res : $tmp; | |
1339 | } | |
1340 | } | |
1341 | $dh->close; | |
1342 | ||
1343 | return wantarray ? () : undef; | |
1344 | } | |
1345 | ||
1346 | sub dir_glob_foreach { | |
1347 | my ($dir, $regex, $func) = @_; | |
1348 | ||
1349 | my $dh = IO::Dir->new ($dir); | |
1350 | if (defined $dh) { | |
1351 | while (defined(my $tmp = $dh->read)) { | |
1352 | if (my @res = $tmp =~ m/^($regex)$/) { | |
1353 | &$func (@res); | |
1354 | } | |
1355 | } | |
813a5c0d | 1356 | } |
7eb283fb DM |
1357 | } |
1358 | ||
a345b9d5 DM |
1359 | sub assert_if_modified { |
1360 | my ($digest1, $digest2) = @_; | |
1361 | ||
1362 | if ($digest1 && $digest2 && ($digest1 ne $digest2)) { | |
212fc0b7 | 1363 | die "detected modified configuration - file changed by other user? Try again.\n"; |
a345b9d5 DM |
1364 | } |
1365 | } | |
1366 | ||
2d3bca34 DM |
1367 | # Digest for short strings |
1368 | # like FNV32a, but we only return 31 bits (positive numbers) | |
1369 | sub fnv31a { | |
1370 | my ($string) = @_; | |
1371 | ||
1372 | my $hval = 0x811c9dc5; | |
1373 | ||
1374 | foreach my $c (unpack('C*', $string)) { | |
1375 | $hval ^= $c; | |
1376 | $hval += ( | |
1377 | (($hval << 1) ) + | |
1378 | (($hval << 4) ) + | |
1379 | (($hval << 7) ) + | |
1380 | (($hval << 8) ) + | |
1381 | (($hval << 24) ) ); | |
1382 | $hval = $hval & 0xffffffff; | |
1383 | } | |
1384 | return $hval & 0x7fffffff; | |
1385 | } | |
1386 | ||
1387 | sub fnv31a_hex { return sprintf("%X", fnv31a(@_)); } | |
1388 | ||
8df6b794 WB |
1389 | sub unpack_sockaddr_in46 { |
1390 | my ($sin) = @_; | |
1391 | my $family = Socket::sockaddr_family($sin); | |
1392 | my ($port, $host) = ($family == AF_INET6 ? Socket::unpack_sockaddr_in6($sin) | |
1393 | : Socket::unpack_sockaddr_in($sin)); | |
1394 | return ($family, $port, $host); | |
1395 | } | |
1396 | ||
a0b6ef52 WB |
1397 | sub getaddrinfo_all { |
1398 | my ($hostname, @opts) = @_; | |
7a2e8ca1 TL |
1399 | my %hints = ( |
1400 | flags => AI_V4MAPPED | AI_ALL, | |
1401 | @opts, | |
1402 | ); | |
a956854f | 1403 | my ($err, @res) = Socket::getaddrinfo($hostname, '0', \%hints); |
a0b6ef52 WB |
1404 | die "failed to get address info for: $hostname: $err\n" if $err; |
1405 | return @res; | |
1406 | } | |
a956854f | 1407 | |
a0b6ef52 WB |
1408 | sub get_host_address_family { |
1409 | my ($hostname, $socktype) = @_; | |
1410 | my @res = getaddrinfo_all($hostname, socktype => $socktype); | |
1411 | return $res[0]->{family}; | |
a956854f WB |
1412 | } |
1413 | ||
d3c8f0c1 EK |
1414 | # get the fully qualified domain name of a host |
1415 | # same logic as hostname(1): The FQDN is the name getaddrinfo(3) returns, | |
1416 | # given a nodename as a parameter | |
1417 | sub get_fqdn { | |
1418 | my ($nodename) = @_; | |
1419 | ||
1420 | my $hints = { | |
1421 | flags => AI_CANONNAME, | |
1422 | socktype => SOCK_DGRAM | |
1423 | }; | |
1424 | ||
1425 | my ($err, @addrs) = Socket::getaddrinfo($nodename, undef, $hints); | |
1426 | ||
1427 | die "getaddrinfo: $err" if $err; | |
1428 | ||
1429 | return $addrs[0]->{canonname}; | |
1430 | } | |
1431 | ||
b2613777 WB |
1432 | # Parses any sane kind of host, or host+port pair: |
1433 | # The port is always optional and thus may be undef. | |
1434 | sub parse_host_and_port { | |
1435 | my ($address) = @_; | |
1436 | if ($address =~ /^($IPV4RE|[[:alnum:]\-.]+)(?::(\d+))?$/ || # ipv4 or host with optional ':port' | |
1437 | $address =~ /^\[($IPV6RE|$IPV4RE|[[:alnum:]\-.]+)\](?::(\d+))?$/ || # anything in brackets with optional ':port' | |
1438 | $address =~ /^($IPV6RE)(?:\.(\d+))?$/) # ipv6 with optional port separated by dot | |
1439 | { | |
1440 | return ($1, $2, 1); # end with 1 to support simple if(parse...) tests | |
1441 | } | |
1442 | return; # nothing | |
1443 | } | |
1444 | ||
0c078e66 SI |
1445 | sub setresuid($$$) { |
1446 | my ($ruid, $euid, $suid) = @_; | |
1447 | return 0 == syscall(PVE::Syscall::setresuid, $ruid, $euid, $suid); | |
1448 | } | |
1449 | ||
817c6be0 | 1450 | sub unshare($) { |
952fd95e | 1451 | my ($flags) = @_; |
c8e94d4b | 1452 | return 0 == syscall(PVE::Syscall::unshare, $flags); |
952fd95e WB |
1453 | } |
1454 | ||
891b224a WB |
1455 | sub setns($$) { |
1456 | my ($fileno, $nstype) = @_; | |
c8e94d4b | 1457 | return 0 == syscall(PVE::Syscall::setns, $fileno, $nstype); |
891b224a WB |
1458 | } |
1459 | ||
44acb12c WB |
1460 | sub syncfs($) { |
1461 | my ($fileno) = @_; | |
c8e94d4b | 1462 | return 0 == syscall(PVE::Syscall::syncfs, $fileno); |
44acb12c WB |
1463 | } |
1464 | ||
cee0e23a TL |
1465 | sub fsync($) { |
1466 | my ($fileno) = @_; | |
1467 | return 0 == syscall(PVE::Syscall::fsync, $fileno); | |
1468 | } | |
1469 | ||
bd9eb367 WB |
1470 | sub renameat2($$$$$) { |
1471 | my ($olddirfd, $oldpath, $newdirfd, $newpath, $flags) = @_; | |
1472 | return 0 == syscall(PVE::Syscall::renameat2, $olddirfd, $oldpath, $newdirfd, $newpath, $flags); | |
1473 | } | |
1474 | ||
44acb12c WB |
1475 | sub sync_mountpoint { |
1476 | my ($path) = @_; | |
b260d4e3 | 1477 | sysopen my $fd, $path, O_RDONLY|O_CLOEXEC or die "failed to open $path: $!\n"; |
09d47f9d TL |
1478 | my $syncfs_err; |
1479 | if (!syncfs(fileno($fd))) { | |
1480 | $syncfs_err = "$!"; | |
1481 | } | |
44acb12c | 1482 | close($fd); |
09d47f9d | 1483 | die "syncfs '$path' failed - $syncfs_err\n" if defined $syncfs_err; |
44acb12c WB |
1484 | } |
1485 | ||
b61a47db TL |
1486 | # support sending multi-part mail messages with a text and or a HTML part |
1487 | # mailto may be a single email string or an array of receivers | |
1488 | sub sendmail { | |
1489 | my ($mailto, $subject, $text, $html, $mailfrom, $author) = @_; | |
1490 | ||
5a873e6d | 1491 | $mailto = [ $mailto ] if !ref($mailto); |
b61a47db | 1492 | |
4c4bd104 | 1493 | my $mailto_quoted = []; |
a7886364 | 1494 | for my $to (@$mailto) { |
4c4bd104 FE |
1495 | die "mailto does not look like a valid email address or username\n" |
1496 | if $to !~ /^$EMAIL_RE$/ && $to !~ /^$EMAIL_USER_RE$/; | |
1497 | push @$mailto_quoted, shellquote($to); | |
b61a47db | 1498 | } |
c9c6d910 | 1499 | |
b61a47db TL |
1500 | my $rcvrtxt = join (', ', @$mailto); |
1501 | ||
1502 | $mailfrom = $mailfrom || "root"; | |
4c4bd104 FE |
1503 | die "mailfrom does not look like a valid email address or username\n" |
1504 | if $mailfrom !~ /^$EMAIL_RE$/ && $mailfrom !~ /^$EMAIL_USER_RE$/; | |
1505 | my $mailfrom_quoted = shellquote($mailfrom); | |
c9c6d910 | 1506 | |
a24d91ea | 1507 | $author = $author // 'Proxmox VE'; |
b61a47db | 1508 | |
4c4bd104 FE |
1509 | open (MAIL, "|-", "sendmail", "-B", "8BITMIME", "-f", $mailfrom_quoted, |
1510 | "--", @$mailto_quoted) || die "unable to open 'sendmail' - $!"; | |
b61a47db | 1511 | |
b18826ce SI |
1512 | my $date = time2str('%a, %d %b %Y %H:%M:%S %z', time()); |
1513 | ||
1514 | my $is_multipart = $text && $html; | |
1515 | ||
b61a47db TL |
1516 | # multipart spec see https://www.ietf.org/rfc/rfc1521.txt |
1517 | my $boundary = "----_=_NextPart_001_".int(time).$$; | |
1518 | ||
b18826ce SI |
1519 | if ($subject =~ /[^[:ascii:]]/) { |
1520 | $subject = Encode::encode('MIME-Header', $subject); | |
1521 | } | |
b61a47db | 1522 | |
b18826ce SI |
1523 | if ($subject =~ /[^[:ascii:]]/ || $is_multipart) { |
1524 | print MAIL "MIME-Version: 1.0\n"; | |
1525 | } | |
1526 | print MAIL "From: $author <$mailfrom>\n"; | |
1527 | print MAIL "To: $rcvrtxt\n"; | |
1528 | print MAIL "Date: $date\n"; | |
1529 | print MAIL "Subject: $subject\n"; | |
1530 | ||
1531 | if ($is_multipart) { | |
1532 | print MAIL "Content-Type: multipart/alternative;\n"; | |
1533 | print MAIL "\tboundary=\"$boundary\"\n"; | |
1534 | print MAIL "\n"; | |
1535 | print MAIL "This is a multi-part message in MIME format.\n\n"; | |
1536 | print MAIL "--$boundary\n"; | |
1537 | } | |
b61a47db | 1538 | |
5a873e6d | 1539 | if (defined($text)) { |
b61a47db | 1540 | print MAIL "Content-Type: text/plain;\n"; |
b18826ce | 1541 | print MAIL "\tcharset=\"UTF-8\"\n"; |
b61a47db TL |
1542 | print MAIL "Content-Transfer-Encoding: 8bit\n"; |
1543 | print MAIL "\n"; | |
1544 | ||
1545 | # avoid 'remove extra line breaks' issue (MS Outlook) | |
1546 | my $fill = ' '; | |
1547 | $text =~ s/^/$fill/gm; | |
1548 | ||
1549 | print MAIL $text; | |
1550 | ||
b18826ce | 1551 | print MAIL "\n--$boundary\n" if $is_multipart; |
b61a47db TL |
1552 | } |
1553 | ||
5a873e6d | 1554 | if (defined($html)) { |
b61a47db | 1555 | print MAIL "Content-Type: text/html;\n"; |
b18826ce | 1556 | print MAIL "\tcharset=\"UTF-8\"\n"; |
b61a47db TL |
1557 | print MAIL "Content-Transfer-Encoding: 8bit\n"; |
1558 | print MAIL "\n"; | |
1559 | ||
1560 | print MAIL $html; | |
1561 | ||
b18826ce | 1562 | print MAIL "\n--$boundary--\n" if $is_multipart; |
b61a47db TL |
1563 | } |
1564 | ||
1565 | close(MAIL); | |
b61a47db TL |
1566 | } |
1567 | ||
26598a51 WB |
1568 | sub tempfile { |
1569 | my ($perm, %opts) = @_; | |
1570 | ||
1571 | # default permissions are stricter than with file_set_contents | |
1572 | $perm = 0600 if !defined($perm); | |
1573 | ||
f0cfc20e | 1574 | my $dir = $opts{dir} // '/run'; |
26598a51 WB |
1575 | my $mode = $opts{mode} // O_RDWR; |
1576 | $mode |= O_EXCL if !$opts{allow_links}; | |
1577 | ||
7e1ee743 WB |
1578 | my $fh = IO::File->new($dir, $mode | O_TMPFILE, $perm); |
1579 | if (!$fh && $! == EOPNOTSUPP) { | |
77b2b96f | 1580 | $dir = '/tmp' if !defined($opts{dir}); |
7e1ee743 WB |
1581 | $dir .= "/.tmpfile.$$"; |
1582 | $fh = IO::File->new($dir, $mode | O_CREAT | O_EXCL, $perm); | |
1583 | unlink($dir) if $fh; | |
1584 | } | |
1585 | die "failed to create tempfile: $!\n" if !$fh; | |
26598a51 WB |
1586 | return $fh; |
1587 | } | |
1588 | ||
1589 | sub tempfile_contents { | |
1590 | my ($data, $perm, %opts) = @_; | |
1591 | ||
1592 | my $fh = tempfile($perm, %opts); | |
1593 | eval { | |
1594 | die "unable to write to tempfile: $!\n" if !print {$fh} $data; | |
1595 | die "unable to flush to tempfile: $!\n" if !defined($fh->flush()); | |
1596 | }; | |
1597 | if (my $err = $@) { | |
1598 | close $fh; | |
1599 | die $err; | |
1600 | } | |
1601 | ||
1602 | return ("/proc/$$/fd/".$fh->fileno, $fh); | |
1603 | } | |
1604 | ||
48df47a4 FG |
1605 | sub validate_ssh_public_keys { |
1606 | my ($raw) = @_; | |
1607 | my @lines = split(/\n/, $raw); | |
1608 | ||
1609 | foreach my $line (@lines) { | |
1610 | next if $line =~ m/^\s*$/; | |
1611 | eval { | |
1612 | my ($filename, $handle) = tempfile_contents($line); | |
1613 | run_command(["ssh-keygen", "-l", "-f", $filename], | |
1614 | outfunc => sub {}, errfunc => sub {}); | |
1615 | }; | |
1616 | die "SSH public key validation error\n" if $@; | |
1617 | } | |
1618 | } | |
1619 | ||
21c56a96 WB |
1620 | sub openat($$$;$) { |
1621 | my ($dirfd, $pathname, $flags, $mode) = @_; | |
c8e94d4b | 1622 | my $fd = syscall(PVE::Syscall::openat, $dirfd, $pathname, $flags, $mode//0); |
21c56a96 WB |
1623 | return undef if $fd < 0; |
1624 | # sysopen() doesn't deal with numeric file descriptors apparently | |
1625 | # so we need to convert to a mode string for IO::Handle->new_from_fd | |
1626 | my $flagstr = ($flags & O_RDWR) ? 'rw' : ($flags & O_WRONLY) ? 'w' : 'r'; | |
1627 | my $handle = IO::Handle->new_from_fd($fd, $flagstr); | |
1628 | return $handle if $handle; | |
1629 | my $err = $!; # save error before closing the raw fd | |
c8e94d4b | 1630 | syscall(PVE::Syscall::close, $fd); # close |
21c56a96 WB |
1631 | $! = $err; |
1632 | return undef; | |
1633 | } | |
1634 | ||
1635 | sub mkdirat($$$) { | |
1636 | my ($dirfd, $name, $mode) = @_; | |
c8e94d4b | 1637 | return syscall(PVE::Syscall::mkdirat, $dirfd, $name, $mode) == 0; |
21c56a96 WB |
1638 | } |
1639 | ||
6cf6b404 FG |
1640 | sub fchownat($$$$$) { |
1641 | my ($dirfd, $pathname, $owner, $group, $flags) = @_; | |
1642 | return syscall(PVE::Syscall::fchownat, $dirfd, $pathname, $owner, $group, $flags) == 0; | |
1643 | } | |
1644 | ||
9867ff7a DM |
1645 | my $salt_starter = time(); |
1646 | ||
1647 | sub encrypt_pw { | |
1648 | my ($pw) = @_; | |
1649 | ||
1650 | $salt_starter++; | |
1651 | my $salt = substr(Digest::SHA::sha1_base64(time() + $salt_starter + $$), 0, 8); | |
1652 | ||
1653 | # crypt does not want '+' in salt (see 'man crypt') | |
1654 | $salt =~ s/\+/X/g; | |
1655 | ||
1656 | return crypt(encode("utf8", $pw), "\$5\$$salt\$"); | |
1657 | } | |
1658 | ||
8e677e74 | 1659 | # intended usage: convert_size($val, "kb" => "gb") |
95386daf DC |
1660 | # we round up to the next integer by default |
1661 | # E.g. `convert_size(1023, "b" => "kb")` returns 1 | |
8e677e74 | 1662 | # use $no_round_up to switch this off, above example would then return 0 |
95386daf DC |
1663 | # this is also true for converting down e.g. 0.0005 gb to mb returns 1 |
1664 | # (0 if $no_round_up is true) | |
1665 | # allowed formats for value: | |
1666 | # 1234 | |
1667 | # 1234. | |
1668 | # 1234.1234 | |
1669 | # .1234 | |
8e677e74 TL |
1670 | sub convert_size { |
1671 | my ($value, $from, $to, $no_round_up) = @_; | |
1672 | ||
1673 | my $units = { | |
1674 | b => 0, | |
1675 | kb => 1, | |
1676 | mb => 2, | |
1677 | gb => 3, | |
1678 | tb => 4, | |
1679 | pb => 5, | |
1680 | }; | |
1681 | ||
95386daf DC |
1682 | die "no value given" |
1683 | if !defined($value) || $value eq ""; | |
1684 | ||
1685 | $from = lc($from // ''); $to = lc($to // ''); | |
8e677e74 | 1686 | die "unknown 'from' and/or 'to' units ($from => $to)" |
95386daf | 1687 | if !defined($units->{$from}) || !defined($units->{$to}); |
8e677e74 | 1688 | |
95386daf DC |
1689 | die "value '$value' is not a valid, positive number" |
1690 | if $value !~ m/^(?:[0-9]+\.?[0-9]*|[0-9]*\.[0-9]+)$/; | |
8e677e74 | 1691 | |
95386daf DC |
1692 | my $shift_amount = ($units->{$from} - $units->{$to}) * 10; |
1693 | ||
1694 | $value *= 2**$shift_amount; | |
1695 | $value++ if !$no_round_up && ($value - int($value)) > 0.0; | |
8e677e74 | 1696 | |
95386daf | 1697 | return int($value); |
8e677e74 TL |
1698 | } |
1699 | ||
e03a8365 DC |
1700 | # uninterruptible readline |
1701 | # retries on EINTR | |
1702 | sub readline_nointr { | |
1703 | my ($fh) = @_; | |
1704 | my $line; | |
1705 | while (1) { | |
1706 | $line = <$fh>; | |
1707 | last if defined($line) || ($! != EINTR); | |
1708 | } | |
1709 | return $line; | |
1710 | } | |
1711 | ||
ce007e99 | 1712 | my $host_arch; |
b8faece3 | 1713 | sub get_host_arch { |
ce007e99 SR |
1714 | $host_arch = (POSIX::uname())[4] if !$host_arch; |
1715 | return $host_arch; | |
732b693f DM |
1716 | } |
1717 | ||
243c4e58 WB |
1718 | # Devices are: [ (12 bits minor) (12 bits major) (8 bits minor) ] |
1719 | sub dev_t_major($) { | |
1720 | my ($dev_t) = @_; | |
1721 | return (int($dev_t) & 0xfff00) >> 8; | |
1722 | } | |
1723 | ||
1724 | sub dev_t_minor($) { | |
1725 | my ($dev_t) = @_; | |
1726 | $dev_t = int($dev_t); | |
1727 | return (($dev_t >> 12) & 0xfff00) | ($dev_t & 0xff); | |
1728 | } | |
1729 | ||
a59544e7 SR |
1730 | # Given an array of array refs [ \[a b c], \[a b b], \[e b a] ] |
1731 | # Returns the intersection of elements as a single array [a b] | |
1732 | sub array_intersect { | |
1733 | my ($arrays) = @_; | |
1734 | ||
3982313e TL |
1735 | if (!ref($arrays->[0])) { |
1736 | $arrays = [ grep { ref($_) eq 'ARRAY' } @_ ]; | |
1737 | } | |
1738 | ||
38586028 TL |
1739 | return [] if scalar(@$arrays) == 0; |
1740 | return $arrays->[0] if scalar(@$arrays) == 1; | |
a59544e7 | 1741 | |
4c28a8bc TL |
1742 | my $array_unique = sub { |
1743 | my %seen = (); | |
1744 | return grep { ! $seen{ $_ }++ } @_; | |
1745 | }; | |
1746 | ||
38586028 TL |
1747 | # base idea is to get all unique members from the first array, then |
1748 | # check the common elements with the next (uniquely made) one, only keep | |
1749 | # those. Repeat for every array and at the end we only have those left | |
1750 | # which exist in all arrays | |
1751 | my $return_arr = [ $array_unique->(@{$arrays->[0]}) ]; | |
a59544e7 SR |
1752 | for my $i (1 .. $#$arrays) { |
1753 | my %count = (); | |
38586028 | 1754 | # $return_arr is already unique, explicit at before the loop, implicit below. |
4c28a8bc | 1755 | foreach my $element (@$return_arr, $array_unique->(@{$arrays->[$i]})) { |
a59544e7 SR |
1756 | $count{$element}++; |
1757 | } | |
1758 | $return_arr = []; | |
1759 | foreach my $element (keys %count) { | |
1760 | push @$return_arr, $element if $count{$element} > 1; | |
1761 | } | |
26a68cf6 | 1762 | last if scalar(@$return_arr) == 0; # empty intersection, early exit |
a59544e7 SR |
1763 | } |
1764 | ||
1765 | return $return_arr; | |
1766 | } | |
1767 | ||
76c5fee8 WB |
1768 | sub open_tree($$$) { |
1769 | my ($dfd, $pathname, $flags) = @_; | |
1770 | return PVE::Syscall::file_handle_result(syscall( | |
1771 | &PVE::Syscall::open_tree, | |
1772 | $dfd, | |
1773 | $pathname, | |
1774 | $flags, | |
1775 | )); | |
1776 | } | |
1777 | ||
1778 | sub move_mount($$$$$) { | |
1779 | my ($from_dirfd, $from_pathname, $to_dirfd, $to_pathname, $flags) = @_; | |
1780 | return 0 == syscall( | |
1781 | &PVE::Syscall::move_mount, | |
1782 | $from_dirfd, | |
1783 | $from_pathname, | |
1784 | $to_dirfd, | |
1785 | $to_pathname, | |
1786 | $flags, | |
1787 | ); | |
1788 | } | |
1789 | ||
1790 | sub fsopen($$) { | |
1791 | my ($fsname, $flags) = @_; | |
1792 | return PVE::Syscall::file_handle_result(syscall(&PVE::Syscall::fsopen, $fsname, $flags)); | |
1793 | } | |
1794 | ||
1795 | sub fsmount($$$) { | |
1796 | my ($fd, $flags, $mount_attrs) = @_; | |
1797 | return PVE::Syscall::file_handle_result(syscall( | |
1798 | &PVE::Syscall::fsmount, | |
1799 | $fd, | |
1800 | $flags, | |
1801 | $mount_attrs, | |
1802 | )); | |
1803 | } | |
1804 | ||
1805 | sub fspick($$$) { | |
1806 | my ($dirfd, $pathname, $flags) = @_; | |
1807 | return PVE::Syscall::file_handle_result(syscall( | |
1808 | &PVE::Syscall::fspick, | |
1809 | $dirfd, | |
1810 | $pathname, | |
1811 | $flags, | |
1812 | )); | |
1813 | } | |
1814 | ||
1815 | sub fsconfig($$$$$) { | |
1816 | my ($fd, $command, $key, $value, $aux) = @_; | |
1817 | return 0 == syscall(&PVE::Syscall::fsconfig, $fd, $command, $key, $value, $aux); | |
1818 | } | |
1819 | ||
1820 | # "raw" mount, old api, not for generic use (as it does not invoke any helpers). | |
1821 | # use for lower level stuff such as bind/remount/... or simple tmpfs mounts | |
1822 | sub mount($$$$$) { | |
1823 | my ($source, $target, $filesystemtype, $mountflags, $data) = @_; | |
1824 | return 0 == syscall( | |
1825 | &PVE::Syscall::mount, | |
1826 | $source, | |
1827 | $target, | |
1828 | $filesystemtype, | |
1829 | $mountflags, | |
1830 | $data, | |
1831 | ); | |
1832 | } | |
a59544e7 | 1833 | |
890d25d9 FE |
1834 | sub safe_compare { |
1835 | my ($left, $right, $cmp) = @_; | |
1836 | ||
1837 | return 0 if !defined($left) && !defined($right); | |
1838 | return -1 if !defined($left); | |
1839 | return 1 if !defined($right); | |
1840 | return $cmp->($left, $right); | |
1841 | } | |
1842 | ||
a3327ea6 | 1843 | |
60fb1c26 TL |
1844 | # opts is a hash ref with the following known properties |
1845 | # hash_required - if 1, at least one checksum has to be specified otherwise an error will be thrown | |
1846 | # http_proxy | |
1847 | # https_proxy | |
1848 | # verify_certificates - if 0 (false) we tell wget to ignore untrusted TLS certs. Default to true | |
1849 | # md5sum|sha(1|224|256|384|512)sum - the respective expected checksum string | |
a3327ea6 LS |
1850 | sub download_file_from_url { |
1851 | my ($dest, $url, $opts) = @_; | |
1852 | ||
60fb1c26 | 1853 | my ($checksum_algorithm, $checksum_expected); |
a3327ea6 LS |
1854 | for ('sha512', 'sha384', 'sha256', 'sha224', 'sha1', 'md5') { |
1855 | if (defined($opts->{"${_}sum"})) { | |
60fb1c26 TL |
1856 | $checksum_algorithm = $_; |
1857 | $checksum_expected = $opts->{"${_}sum"}; | |
a3327ea6 LS |
1858 | last; |
1859 | } | |
1860 | } | |
60fb1c26 | 1861 | die "checksum required but not specified\n" if ($opts->{hash_required} && !$checksum_algorithm); |
a3327ea6 | 1862 | |
60fb1c26 | 1863 | print "downloading $url to $dest\n"; |
a3327ea6 | 1864 | |
60fb1c26 TL |
1865 | my $tmpdest = "$dest.tmp.$$"; |
1866 | eval { | |
1867 | if (-f $dest && $checksum_algorithm) { | |
1868 | print "calculating checksum of existing file..."; | |
1869 | my $checksum_got = get_file_hash($checksum_algorithm, $dest); | |
a3327ea6 | 1870 | |
60fb1c26 TL |
1871 | if (lc($checksum_got) eq lc($checksum_expected)) { |
1872 | print "OK, got correct file already, no need to download\n"; | |
1873 | return; | |
1874 | } else { | |
1875 | # we could re-download, but may not be safe so just abort for now.. | |
1876 | die "mismatch (got '$checksum_got' != expect '$checksum_expected'), aborting\n"; | |
a3327ea6 | 1877 | } |
60fb1c26 | 1878 | } |
a3327ea6 | 1879 | |
3a946485 TL |
1880 | local $SIG{INT} = sub { |
1881 | unlink $tmpdest or warn "could not cleanup temporary file: $!"; | |
1882 | die "got interrupted by signal\n"; | |
1883 | }; | |
1884 | ||
60fb1c26 | 1885 | { # limit the scope of the ENV change |
a3327ea6 LS |
1886 | local %ENV; |
1887 | if ($opts->{http_proxy}) { | |
1888 | $ENV{http_proxy} = $opts->{http_proxy}; | |
1889 | } | |
1890 | if ($opts->{https_proxy}) { | |
1891 | $ENV{https_proxy} = $opts->{https_proxy}; | |
1892 | } | |
1893 | ||
60fb1c26 | 1894 | my $cmd = ['wget', '--progress=dot:giga', '-O', $tmpdest, $url]; |
a3327ea6 | 1895 | |
60fb1c26 TL |
1896 | if (!($opts->{verify_certificates} // 1)) { # default to true |
1897 | push @$cmd, '--no-check-certificate'; | |
a3327ea6 LS |
1898 | } |
1899 | ||
60fb1c26 TL |
1900 | run_command($cmd, errmsg => "download failed"); |
1901 | } | |
1902 | ||
1903 | if ($checksum_algorithm) { | |
1904 | print "calculating checksum..."; | |
a3327ea6 | 1905 | |
60fb1c26 | 1906 | my $checksum_got = get_file_hash($checksum_algorithm, $tmpdest); |
a3327ea6 | 1907 | |
60fb1c26 TL |
1908 | if (lc($checksum_got) eq lc($checksum_expected)) { |
1909 | print "OK, checksum verified\n"; | |
a3327ea6 | 1910 | } else { |
60fb1c26 | 1911 | die "ERRROR, checksum mismatch: got '$checksum_got' != expect '$checksum_expected'\n"; |
a3327ea6 | 1912 | } |
a3327ea6 LS |
1913 | } |
1914 | ||
60fb1c26 | 1915 | rename($tmpdest, $dest) or die "unable to rename temporary file: $!\n"; |
a3327ea6 | 1916 | }; |
60fb1c26 TL |
1917 | if (my $err = $@) { |
1918 | unlink $tmpdest or warn "could not cleanup temporary file: $!"; | |
1919 | die $err; | |
1920 | } | |
a3327ea6 | 1921 | |
60fb1c26 | 1922 | print "download of '$url' to '$dest' finished\n"; |
a3327ea6 LS |
1923 | } |
1924 | ||
60fb1c26 TL |
1925 | sub get_file_hash { |
1926 | my ($algorithm, $filename) = @_; | |
a3327ea6 LS |
1927 | |
1928 | my $algorithm_map = { | |
1929 | 'md5' => sub { Digest::MD5->new }, | |
1930 | 'sha1' => sub { Digest::SHA->new(1) }, | |
1931 | 'sha224' => sub { Digest::SHA->new(224) }, | |
1932 | 'sha256' => sub { Digest::SHA->new(256) }, | |
1933 | 'sha384' => sub { Digest::SHA->new(384) }, | |
1934 | 'sha512' => sub { Digest::SHA->new(512) }, | |
1935 | }; | |
1936 | ||
1937 | my $digester = $algorithm_map->{$algorithm}->() or die "unknown algorithm '$algorithm'\n"; | |
1938 | ||
1939 | open(my $fh, '<', $filename) or die "unable to open '$filename': $!\n"; | |
1940 | binmode($fh); | |
1941 | ||
1942 | my $digest = $digester->addfile($fh)->hexdigest; | |
1943 | ||
60fb1c26 | 1944 | return lc($digest); |
a3327ea6 LS |
1945 | } |
1946 | ||
e143e9d8 | 1947 | 1; |