safe_print
trim
extract_param
+extract_sensitive_params
file_copy
get_host_arch
O_PATH
our $IPRE = "(?:$IPV4RE|$IPV6RE)";
+our $EMAIL_USER_RE = qr/[\w\+\-\~]+(\.[\w\+\-\~]+)*/;
+our $EMAIL_RE = qr/$EMAIL_USER_RE@[a-zA-Z0-9\-]+(\.[a-zA-Z0-9\-]+)*/;
+
use constant {CLONE_NEWNS => 0x00020000,
CLONE_NEWUTS => 0x04000000,
CLONE_NEWIPC => 0x08000000,
CLONE_NEWNET => 0x40000000};
use constant {O_PATH => 0x00200000,
+ O_CLOEXEC => 0x00080000,
O_TMPFILE => 0x00410000}; # This includes O_DIRECTORY
use constant {AT_EMPTY_PATH => 0x1000,
return $res;
}
+# For extracting sensitive keys (e.g. password), to avoid writing them to www-data owned configs
+sub extract_sensitive_params :prototype($$$) {
+ my ($param, $sensitive_list, $delete_list) = @_;
+
+ my %delete = map { $_ => 1 } ($delete_list || [])->@*;
+
+ my $sensitive = {};
+ for my $opt (@$sensitive_list) {
+ # handle deletions as explicitly setting `undef`, so subs which only have $param but not
+ # $delete_list available can recognize them. Afterwards new values may override.
+ if (exists($delete{$opt})) {
+ $sensitive->{$opt} = undef;
+ }
+
+ if (defined(my $value = extract_param($param, $opt))) {
+ $sensitive->{$opt} = $value;
+ }
+ }
+
+ return $sensitive;
+}
+
# Note: we use this to wait until vncterm/spiceterm is ready
sub wait_for_vnc_port {
my ($port, $family, $timeout) = @_;
sub getaddrinfo_all {
my ($hostname, @opts) = @_;
- my %hints = ( flags => AI_V4MAPPED | AI_ALL,
- @opts );
+ my %hints = (
+ flags => AI_V4MAPPED | AI_ALL,
+ @opts,
+ );
my ($err, @res) = Socket::getaddrinfo($hostname, '0', \%hints);
die "failed to get address info for: $hostname: $err\n" if $err;
return @res;
sub sync_mountpoint {
my ($path) = @_;
- sysopen my $fd, $path, O_PATH or die "failed to open $path: $!\n";
- my $result = syncfs(fileno($fd));
+ sysopen my $fd, $path, O_RDONLY|O_CLOEXEC or die "failed to open $path: $!\n";
+ my $syncfs_err;
+ if (!syncfs(fileno($fd))) {
+ $syncfs_err = "$!";
+ }
close($fd);
- return $result;
+ die "syncfs '$path' failed - $syncfs_err\n" if defined $syncfs_err;
}
# support sending multi-part mail messages with a text and or a HTML part
# mailto may be a single email string or an array of receivers
sub sendmail {
my ($mailto, $subject, $text, $html, $mailfrom, $author) = @_;
- my $mail_re = qr/[^-a-zA-Z0-9+._@]/;
$mailto = [ $mailto ] if !ref($mailto);
- foreach (@$mailto) {
- die "illegal character in mailto address\n"
- if ($_ =~ $mail_re);
+ my $mailto_quoted = [];
+ for my $to (@$mailto) {
+ die "mailto does not look like a valid email address or username\n"
+ if $to !~ /^$EMAIL_RE$/ && $to !~ /^$EMAIL_USER_RE$/;
+ push @$mailto_quoted, shellquote($to);
}
my $rcvrtxt = join (', ', @$mailto);
$mailfrom = $mailfrom || "root";
- die "illegal character in mailfrom address\n"
- if $mailfrom =~ $mail_re;
+ die "mailfrom does not look like a valid email address or username\n"
+ if $mailfrom !~ /^$EMAIL_RE$/ && $mailfrom !~ /^$EMAIL_USER_RE$/;
+ my $mailfrom_quoted = shellquote($mailfrom);
- $author = $author || 'Proxmox VE';
+ $author = $author // 'Proxmox VE';
- open (MAIL, "|-", "sendmail", "-B", "8BITMIME", "-f", $mailfrom, "--", @$mailto) ||
- die "unable to open 'sendmail' - $!";
+ open (MAIL, "|-", "sendmail", "-B", "8BITMIME", "-f", $mailfrom_quoted,
+ "--", @$mailto_quoted) || die "unable to open 'sendmail' - $!";
my $date = time2str('%a, %d %b %Y %H:%M:%S %z', time());