]> git.proxmox.com Git - pmg-api.git/blame - src/PMG/Utils.pm
projects / pmg-api.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
move postgres_admin_command into PMG::Utils
[pmg-api.git] / src / PMG / Utils.pm
CommitLineData
758c7b6b
DM		 1package PMG::Utils;
2
3use strict;
4use warnings;
758c7b6b 5use DBI;
b8ea5d5d 6use Net::Cmd;
758c7b6b 7use Net::SMTP;
26357b0a 8use IO::File;
cad3d400 9use File::stat;
d17c5265
DM		 10use POSIX qw(strftime);
11use File::stat;
ff1c5a81 12use File::Basename;
758c7b6b
DM		 13use MIME::Words;
14use MIME::Parser;
8210c7fa 15use Time::HiRes qw (gettimeofday);
2f7031b7 16use Time::Local;
26357b0a 17use Xdgmime;
d0d91cda 18use Data::Dumper;
62ebb4bc 19use Digest::SHA;
5d5af7c5 20use Digest::MD5;
f609bf7f 21use Net::IP;
9f67f5b3 22use Socket;
dff363d9
DM		 23use RRDs;
24use Filesys::Df;
8208c076 25use Encode;
00eaaf69
DM		 26use utf8;
27no utf8;
28
9a56f771 29use HTML::Entities;
758c7b6b 30
dff363d9 31use PVE::ProcFSTools;
f609bf7f 32use PVE::Network;
5953119e 33use PVE::Tools;
758c7b6b 34use PVE::SafeSyslog;
f609bf7f 35use PVE::ProcFSTools;
d0d91cda 36use PMG::AtomicFile;
8210c7fa 37use PMG::MailQueue;
c4df1b85 38use PMG::SMTPPrinter;
758c7b6b 39
6529020a
SI		 40use base 'Exporter';
41
42our @EXPORT_OK = qw(
43postgres_admin_cmd
44);
45
6c54c10a 46my $valid_pmg_realms = ['pam', 'pmg', 'quarantine'];
62ebb4bc
DM		 47
48PVE::JSONSchema::register_standard_option('realm', {
49 description => "Authentication domain ID",
6c54c10a
DM		 50 type => 'string',
51 enum => $valid_pmg_realms,
62ebb4bc
DM		 52 maxLength => 32,
53});
54
6214b5cf
DM		 55PVE::JSONSchema::register_standard_option('pmg-starttime', {
56 description => "Only consider entries newer than 'starttime' (unix epoch). Default is 'now - 1day'.",
57 type => 'integer',
58 minimum => 0,
59 optional => 1,
60});
61
62PVE::JSONSchema::register_standard_option('pmg-endtime', {
63 description => "Only consider entries older than 'endtime' (unix epoch). This is set to '<start> + 1day' by default.",
64 type => 'integer',
65 minimum => 1,
66 optional => 1,
67});
68
62ebb4bc
DM		 69PVE::JSONSchema::register_format('pmg-userid', \&verify_username);
70sub verify_username {
71 my ($username, $noerr) = @_;
72
73 $username = '' if !$username;
74 my $len = length($username);
75 if ($len < 3) {
76 die "user name '$username' is too short\n" if !$noerr;
77 return undef;
78 }
79 if ($len > 64) {
80 die "user name '$username' is too long ($len > 64)\n" if !$noerr;
81 return undef;
82 }
83
84 # we only allow a limited set of characters
85 # colon is not allowed, because we store usernames in
86 # colon separated lists)!
87 # slash is not allowed because it is used as pve API delimiter
88 # also see "man useradd"
6c54c10a
DM		 89 my $realm_list = join('|', @$valid_pmg_realms);
90 if ($username =~ m!^([^\s:/]+)\@(${realm_list})$!) {
62ebb4bc
DM		 91 return wantarray ? ($username, $1, $2) : $username;
92 }
93
94 die "value '$username' does not look like a valid user name\n" if !$noerr;
95
96 return undef;
97}
98
99PVE::JSONSchema::register_standard_option('userid', {
100 description => "User ID",
101 type => 'string', format => 'pmg-userid',
6b0180c3 102 minLength => 4,
62ebb4bc 103 maxLength => 64,
6b0180c3 104});
62ebb4bc
DM		 105
106PVE::JSONSchema::register_standard_option('username', {
107 description => "Username (without realm)",
108 type => 'string',
109 pattern => '[^\s:\/\@]{3,60}',
6b0180c3 110 minLength => 4,
62ebb4bc
DM		 111 maxLength => 64,
112});
113
01929101
DM		 114PVE::JSONSchema::register_standard_option('pmg-email-address', {
115 description => "Email Address (allow most characters).",
116 type => 'string',
9eec07fb 117 pattern => '(?:[^\s\/\\\@]+\@[^\s\/\\\@]+)',
01929101
DM		 118 maxLength => 512,
119 minLength => 3,
120});
121
1a1bde13
DC		 122PVE::JSONSchema::register_standard_option('pmg-whiteblacklist-entry-list', {
123 description => "White/Blacklist entry list (allow most characters). Can contain globs",
124 type => 'string',
125 pattern => '(?:[^\s\/\\\;\,]+)(?:\,[^\s\/\\\;\,]+)*',
126 minLength => 3,
127});
128
758c7b6b
DM		 129sub lastid {
130 my ($dbh, $seq) = @_;
131
132 return $dbh->last_insert_id(
133 undef, undef, undef, undef, { sequence => $seq});
134}
135
ab466078
DM		 136# quote all regex operators
137sub quote_regex {
138 my $val = shift;
139
140 $val =~ s/([\(\)\[\]\/\}\+\*\?\.\|\^\$\\])/\\$1/g;
141
142 return $val;
143}
144
cad3d400
DM		 145sub file_older_than {
146 my ($filename, $lasttime) = @_;
147
148 my $st = stat($filename);
149
150 return 0 if !defined($st);
151
152 return ($lasttime >= $st->ctime);
153}
154
758c7b6b
DM		 155sub extract_filename {
156 my ($head) = @_;
157
158 if (my $value = $head->recommended_filename()) {
8210c7fa 159 chomp $value;
758c7b6b
DM		 160 if (my $decvalue = MIME::Words::decode_mimewords($value)) {
161 $decvalue =~ s/\0/ /g;
5953119e 162 $decvalue = PVE::Tools::trim($decvalue);
758c7b6b
DM		 163 return $decvalue;
164 }
165 }
166
167 return undef;
168}
169
170sub remove_marks {
171 my ($entity, $add_id, $id) = @_;
172
173 $id //= 1;
174
175 foreach my $tag (grep {/^x-proxmox-tmp/i} $entity->head->tags) {
176 $entity->head->delete ($tag);
177 }
178
179 $entity->head->replace('X-Proxmox-tmp-AID', $id) if $add_id;
180
181 foreach my $part ($entity->parts) {
182 $id = remove_marks($part, $add_id, $id + 1);
183 }
184
185 return $id;
186}
187
188sub subst_values {
189 my ($body, $dh) = @_;
190
191 return if !$body;
192
193 foreach my $k (keys %$dh) {
194 my $v = $dh->{$k};
bd98f5a1
DM		 195 if (defined($v)) {
196 $body =~ s/__\Q${k}\E__/$v/gs;
758c7b6b
DM		 197 }
198 }
199
200 return $body;
201}
202
203sub reinject_mail {
204 my ($entity, $sender, $targets, $xforward, $me, $nodsn) = @_;
205
206 my $smtp;
207 my $resid;
208 my $rescode;
209 my $resmess;
210
211 eval {
212 my $smtp = Net::SMTP->new('127.0.0.1', Port => 10025, Hello => $me) ||
213 die "unable to connect to localhost at port 10025";
214
215 if (defined($xforward)) {
216 my $xfwd;
8210c7fa 217
758c7b6b
DM		 218 foreach my $attr (keys %{$xforward}) {
219 $xfwd .= " $attr=$xforward->{$attr}";
220 }
221
222 if ($xfwd && $smtp->command("XFORWARD", $xfwd)->response() != CMD_OK) {
223 syslog('err', "xforward error - got: %s %s", $smtp->code, scalar($smtp->message));
224 }
225 }
226
00eaaf69
DM		 227 my $has_utf8_targets = 0;
228 foreach my $target (@$targets) {
229 if (utf8::is_utf8($target)) {
230 $has_utf8_targets = 1;
231 last;
232 }
233 }
234
235 my $mail_opts = " BODY=8BITMIME";
236 my $sender_addr;
237 if (utf8::is_utf8($sender)) {
238 $sender_addr = encode('UTF-8', $smtp->_addr($sender));
239 $mail_opts .= " SMTPUTF8";
240 } else {
241 $sender_addr = $smtp->_addr($sender);
242 $mail_opts .= " SMTPUTF8" if $has_utf8_targets;
243 }
244
245 if (!$smtp->_MAIL("FROM:" . $sender_addr . $mail_opts)) {
758c7b6b
DM		 246 syslog('err', "smtp error - got: %s %s", $smtp->code, scalar ($smtp->message));
247 die "smtp from: ERROR";
248 }
249
00eaaf69 250 my $rcpt_opts = $nodsn ? " NOTIFY=NEVER" : "";
758c7b6b 251
00eaaf69
DM		 252 foreach my $target (@$targets) {
253 my $rcpt_addr;
254 if (utf8::is_utf8($target)) {
255 $rcpt_addr = encode('UTF-8', $smtp->_addr($target));
256 } else {
257 $rcpt_addr = $smtp->_addr($target);
258 }
259 if (!$smtp->_RCPT("TO:" . $rcpt_addr . $rcpt_opts)) {
260 syslog ('err', "smtp error - got: %s %s", $smtp->code, scalar($smtp->message));
261 die "smtp to: ERROR";
262 }
758c7b6b
DM		 263 }
264
265 # Output the head:
266 #$entity->sync_headers ();
267 $smtp->data();
268
269 my $out = PMG::SMTPPrinter->new($smtp);
270 $entity->print($out);
8210c7fa
DM		 271
272 # make sure we always have a newline at the end of the mail
758c7b6b
DM		 273 # else dataend() fails
274 $smtp->datasend("\n");
275
276 if ($smtp->dataend()) {
277 my @msgs = $smtp->message;
8210c7fa
DM		 278 $resmess = $msgs[$#msgs];
279 ($resid) = $resmess =~ m/Ok: queued as ([0-9A-Z]+)/;
758c7b6b
DM		 280 $rescode = $smtp->code;
281 if (!$resid) {
282 die sprintf("unexpected SMTP result - got: %s %s : WARNING", $smtp->code, $resmess);
8210c7fa 283 }
758c7b6b
DM		 284 } else {
285 my @msgs = $smtp->message;
8210c7fa 286 $resmess = $msgs[$#msgs];
758c7b6b
DM		 287 $rescode = $smtp->code;
288 die sprintf("sending data failed - got: %s %s : ERROR", $smtp->code, $resmess);
289 }
290 };
291 my $err = $@;
8210c7fa 292
758c7b6b 293 $smtp->quit if $smtp;
8210c7fa 294
758c7b6b
DM		 295 if ($err) {
296 syslog ('err', $err);
297 }
298
299 return wantarray ? ($resid, $rescode, $resmess) : $resid;
300}
301
89d4d155
SI		 302sub analyze_custom_check {
303 my ($queue, $dname, $pmg_cfg) = @_;
304
305 my $enable_custom_check = $pmg_cfg->get('admin', 'custom_check');
306 return undef if !$enable_custom_check;
307
308 my $timeout = 60*5;
309 my $customcheck_exe = $pmg_cfg->get('admin', 'custom_check_path');
310 my $customcheck_apiver = 'v1';
311 my ($csec, $usec) = gettimeofday();
312
313 my $vinfo;
314 my $spam_score;
315
316 eval {
317
318 my $log_err = sub {
319 my ($errmsg) = @_;
320 $errmsg =~ s/%/%%/;
321 syslog('err', $errmsg);
322 };
323
324 my $customcheck_output_apiver;
325 my $have_result;
326 my $parser = sub {
327 my ($line) = @_;
328
329 my $result_flag;
330 if ($line =~ /^v\d$/) {
331 die "api version already defined!\n" if defined($customcheck_output_apiver);
332 $customcheck_output_apiver = $line;
333 die "api version mismatch - expected $customcheck_apiver, got $customcheck_output_apiver !\n"
334 if ($customcheck_output_apiver ne $customcheck_apiver);
335 } elsif ($line =~ /^SCORE: (-?[0-9]+|.[0-9]+|[0-9]+.[0-9]+)$/) {
336 $spam_score = $1;
337 $result_flag = 1;
338 } elsif ($line =~ /^VIRUS: (.+)$/) {
339 $vinfo = $1;
340 $result_flag = 1;
341 } elsif ($line =~ /^OK$/) {
342 $result_flag = 1;
343 } else {
344 die "got unexpected output!\n";
345 }
346 die "got more than 1 result outputs\n" if ( $have_result && $result_flag);
347 $have_result = $result_flag;
348 };
349
350 PVE::Tools::run_command([$customcheck_exe, $customcheck_apiver, $dname],
351 errmsg => "$queue->{logid} custom check error",
352 errfunc => $log_err, outfunc => $parser, timeout => $timeout);
353
354 die "no api version returned\n" if !defined($customcheck_output_apiver);
355 die "no result output!\n" if !$have_result;
356 };
357 my $err = $@;
358
359 if ($vinfo) {
360 syslog('info', "$queue->{logid}: virus detected: $vinfo (custom)");
361 }
362
363 my ($csec_end, $usec_end) = gettimeofday();
364 $queue->{ptime_custom} =
365 int (($csec_end-$csec)*1000 + ($usec_end - $usec)/1000);
366
367 if ($err) {
368 syslog ('err', $err);
369 $vinfo = undef;
370 $queue->{errors} = 1;
371 }
372
373 $queue->{vinfo_custom} = $vinfo;
374 $queue->{spam_custom} = $spam_score;
375
376 return ($vinfo, $spam_score);
377}
378
8210c7fa
DM		 379sub analyze_virus_clam {
380 my ($queue, $dname, $pmg_cfg) = @_;
381
382 my $timeout = 60*5;
383 my $vinfo;
384
385 my $clamdscan_opts = "--stdout";
386
387 my ($csec, $usec) = gettimeofday();
388
389 my $previous_alarm;
390
391 eval {
392
393 $previous_alarm = alarm($timeout);
394
395 $SIG{ALRM} = sub {
396 die "$queue->{logid}: Maximum time ($timeout sec) exceeded. " .
397 "virus analyze (clamav) failed: ERROR";
398 };
399
400 open(CMD, "/usr/bin/clamdscan $clamdscan_opts '$dname'|") ||
401 die "$queue->{logid}: can't exec clamdscan: $! : ERROR";
402
403 my $ifiles;
8210c7fa 404
54eaf7df
DM		 405 my $response = '';
406 while (defined(my $line = <CMD>)) {
407 if ($line =~ m/^$dname.*:\s+([^ :]*)\s+FOUND$/) {
8210c7fa
DM		 408 # we just use the first detected virus name
409 $vinfo = $1 if !$vinfo;
54eaf7df 410 } elsif ($line =~ m/^Infected files:\s(\d*)$/i) {
8210c7fa
DM		 411 $ifiles = $1;
412 }
413
54eaf7df 414 $response .= $line;
8210c7fa
DM		 415 }
416
417 close(CMD);
418
419 alarm(0); # avoid race conditions
420
421 if (!defined($ifiles)) {
422 die "$queue->{logid}: got undefined output from " .
54eaf7df 423 "virus detector: $response : ERROR";
8210c7fa
DM		 424 }
425
426 if ($vinfo) {
54eaf7df 427 syslog('info', "$queue->{logid}: virus detected: $vinfo (clamav)");
8210c7fa
DM		 428 }
429 };
430 my $err = $@;
431
432 alarm($previous_alarm);
433
434 my ($csec_end, $usec_end) = gettimeofday();
435 $queue->{ptime_clam} =
436 int (($csec_end-$csec)*1000 + ($usec_end - $usec)/1000);
437
438 if ($err) {
439 syslog ('err', $err);
440 $vinfo = undef;
441 $queue->{errors} = 1;
442 }
443
444 $queue->{vinfo_clam} = $vinfo;
445
446 return $vinfo ? "$vinfo (clamav)" : undef;
447}
448
6ccbc37f
DM		 449sub analyze_virus_avast {
450 my ($queue, $dname, $pmg_cfg) = @_;
451
452 my $timeout = 60*5;
453 my $vinfo;
454
455 my ($csec, $usec) = gettimeofday();
456
457 my $previous_alarm;
458
459 eval {
460
461 $previous_alarm = alarm($timeout);
462
463 $SIG{ALRM} = sub {
464 die "$queue->{logid}: Maximum time ($timeout sec) exceeded. " .
465 "virus analyze (avast) failed: ERROR";
466 };
467
661d569a 468 open(my $cmd, '-|', 'scan', $dname) ||
6ccbc37f
DM		 469 die "$queue->{logid}: can't exec avast scan: $! : ERROR";
470
471 my $response = '';
472 while (defined(my $line = <$cmd>)) {
473 if ($line =~ m/^$dname\s+(.*\S)\s*$/) {
474 # we just use the first detected virus name
475 $vinfo = $1 if !$vinfo;
476 }
477
478 $response .= $line;
479 }
480
481 close($cmd);
482
483 alarm(0); # avoid race conditions
484
485 if ($vinfo) {
486 syslog('info', "$queue->{logid}: virus detected: $vinfo (avast)");
487 }
488 };
489 my $err = $@;
490
491 alarm($previous_alarm);
492
493 my ($csec_end, $usec_end) = gettimeofday();
494 $queue->{ptime_clam} =
495 int (($csec_end-$csec)*1000 + ($usec_end - $usec)/1000);
496
497 if ($err) {
498 syslog ('err', $err);
499 $vinfo = undef;
500 $queue->{errors} = 1;
501 }
502
503 return undef if !$vinfo;
504
505 $queue->{vinfo_avast} = $vinfo;
506
507 return "$vinfo (avast)";
508}
509
8210c7fa
DM		 510sub analyze_virus {
511 my ($queue, $filename, $pmg_cfg, $testmode) = @_;
512
513 # TODO: support other virus scanners?
514
6ccbc37f
DM		 515 if ($testmode) {
516 my $vinfo_clam = analyze_virus_clam($queue, $filename, $pmg_cfg);
517 my $vinfo_avast = analyze_virus_avast($queue, $filename, $pmg_cfg);
518
519 return $vinfo_avast || $vinfo_clam;
520 }
521
522 my $enable_avast = $pmg_cfg->get('admin', 'avast');
523
524 if ($enable_avast) {
525 if (my $vinfo = analyze_virus_avast($queue, $filename, $pmg_cfg)) {
526 return $vinfo;
527 }
528 }
529
9acd4d57
DM		 530 my $enable_clamav = $pmg_cfg->get('admin', 'clamav');
531
532 if ($enable_clamav) {
533 if (my $vinfo = analyze_virus_clam($queue, $filename, $pmg_cfg)) {
534 return $vinfo;
535 }
536 }
537
538 return undef;
8210c7fa
DM		 539}
540
26357b0a
DM		 541sub magic_mime_type_for_file {
542 my ($filename) = @_;
dff363d9 543
26357b0a
DM		 544 # we do not use get_mime_type_for_file, because that considers
545 # filename extensions - we only want magic type detection
546
547 my $bufsize = Xdgmime::xdg_mime_get_max_buffer_extents();
548 die "got strange value for max_buffer_extents" if $bufsize > 4096*10;
549
550 my $ct = "application/octet-stream";
551
dff363d9 552 my $fh = IO::File->new("<$filename") ||
26357b0a
DM		 553 die "unable to open file '$filename' - $!";
554
555 my ($buf, $len);
556 if (($len = $fh->read($buf, $bufsize)) > 0) {
557 $ct = xdg_mime_get_mime_type_for_data($buf, $len);
558 }
559 $fh->close();
dff363d9 560
26357b0a 561 die "unable to read file '$filename' - $!" if ($len < 0);
dff363d9 562
26357b0a
DM		 563 return $ct;
564}
758c7b6b 565
1d4193a1
DM		 566sub add_ct_marks {
567 my ($entity) = @_;
568
569 if (my $path = $entity->{PMX_decoded_path}) {
570
571 # set a reasonable default if magic does not give a result
572 $entity->{PMX_magic_ct} = $entity->head->mime_attr('content-type');
573
574 if (my $ct = magic_mime_type_for_file($path)) {
575 if ($ct ne 'application/octet-stream' || !$entity->{PMX_magic_ct}) {
576 $entity->{PMX_magic_ct} = $ct;
577 }
578 }
579
580 my $filename = $entity->head->recommended_filename;
581 $filename = basename($path) if !defined($filename) || $filename eq '';
582
583 if (my $ct = xdg_mime_get_mime_type_from_file_name($filename)) {
584 $entity->{PMX_glob_ct} = $ct;
585 }
586 }
587
588 foreach my $part ($entity->parts) {
589 add_ct_marks ($part);
590 }
591}
592
f609bf7f
DM		 593# x509 certificate utils
594
896ef634
DM		 595# only write output if something fails
596sub run_silent_cmd {
597 my ($cmd) = @_;
598
599 my $outbuf = '';
600
601 my $record_output = sub {
602 $outbuf .= shift;
603 $outbuf .= "\n";
604 };
605
606 eval {
607 PVE::Tools::run_command($cmd, outfunc => $record_output,
608 errfunc => $record_output);
609 };
610 my $err = $@;
611
612 if ($err) {
613 print STDERR $outbuf;
614 die $err;
615 }
616}
617
3278b571 618my $proxmox_tls_cert_fn = "/etc/pmg/pmg-tls.pem";
f609bf7f
DM		 619
620sub gen_proxmox_tls_cert {
bc44eb02 621 my ($force) = @_;
f609bf7f 622
bc44eb02
DM		 623 my $resolv = PVE::INotify::read_file('resolvconf');
624 my $domain = $resolv->{search};
625
626 my $company = $domain; # what else ?
627 my $cn = "*.$domain";
628
629 return if !$force && -f $proxmox_tls_cert_fn;
f609bf7f
DM		 630
631 my $sslconf = <<__EOD__;
632RANDFILE = /root/.rnd
633extensions = v3_req
634
635[ req ]
636default_bits = 4096
637distinguished_name = req_distinguished_name
638req_extensions = v3_req
639prompt = no
640string_mask = nombstr
641
642[ req_distinguished_name ]
643organizationalUnitName = Proxmox Mail Gateway
644organizationName = $company
645commonName = $cn
646
647[ v3_req ]
648basicConstraints = CA:FALSE
649nsCertType = server
650keyUsage = nonRepudiation, digitalSignature, keyEncipherment
651__EOD__
652
3278b571 653 my $cfgfn = "/tmp/pmgtlsconf-$$.tmp";
f609bf7f
DM		 654 my $fh = IO::File->new ($cfgfn, "w");
655 print $fh $sslconf;
656 close ($fh);
657
658 eval {
896ef634
DM		 659 my $cmd = ['openssl', 'req', '-batch', '-x509', '-new', '-sha256',
660 '-config', $cfgfn, '-days', 3650, '-nodes',
661 '-out', $proxmox_tls_cert_fn,
662 '-keyout', $proxmox_tls_cert_fn];
663 run_silent_cmd($cmd);
f609bf7f
DM		 664 };
665
666 if (my $err = $@) {
667 unlink $proxmox_tls_cert_fn;
668 unlink $cfgfn;
669 die "unable to generate proxmox certificate request:\n$err";
670 }
671
672 unlink $cfgfn;
673}
674
675sub find_local_network_for_ip {
1e88a529 676 my ($ip, $noerr) = @_;
f609bf7f
DM		 677
678 my $testip = Net::IP->new($ip);
679
680 my $isv6 = $testip->version == 6;
681 my $routes = $isv6 ?
682 PVE::ProcFSTools::read_proc_net_ipv6_route() :
683 PVE::ProcFSTools::read_proc_net_route();
684
685 foreach my $entry (@$routes) {
686 my $mask;
687 if ($isv6) {
688 $mask = $entry->{prefix};
689 next if !$mask; # skip the default route...
690 } else {
691 $mask = $PVE::Network::ipv4_mask_hash_localnet->{$entry->{mask}};
692 next if !defined($mask);
693 }
694 my $cidr = "$entry->{dest}/$mask";
695 my $testnet = Net::IP->new($cidr);
696 my $overlap = $testnet->overlaps($testip);
697 if ($overlap == $Net::IP::IP_B_IN_A_OVERLAP ||
698 $overlap == $Net::IP::IP_IDENTICAL)
699 {
700 return $cidr;
701 }
702 }
703
1e88a529
DM		 704 return undef if $noerr;
705
f609bf7f
DM		 706 die "unable to detect local network for ip '$ip'\n";
707}
d0d91cda 708
ef07e4d0
DM		 709my $service_aliases = {
710 'postfix' => 'postfix@-',
6c553417 711 'postgres' => 'postgresql@11-main',
ef07e4d0
DM		 712};
713
714sub lookup_real_service_name {
715 my $alias = shift;
716
717 return $service_aliases->{$alias} // $alias;
718}
719
230b4e03
DM		 720sub get_full_service_state {
721 my ($service) = @_;
722
723 my $res;
724
725 my $parser = sub {
726 my $line = shift;
727 if ($line =~ m/^([^=\s]+)=(.*)$/) {
728 $res->{$1} = $2;
729 }
730 };
731
ef07e4d0 732 $service = $service_aliases->{$service} // $service;
230b4e03
DM		 733 PVE::Tools::run_command(['systemctl', 'show', $service], outfunc => $parser);
734
735 return $res;
736}
737
00d8b7f7
DM		 738our $db_service_list = [
739 'pmgpolicy', 'pmgmirror', 'pmgtunnel', 'pmg-smtp-filter' ];
740
cfdf6608
DM		 741sub service_wait_stopped {
742 my ($timeout, $service_list) = @_;
743
744 my $starttime = time();
745
746 foreach my $service (@$service_list) {
747 PVE::Tools::run_command(['systemctl', 'stop', $service]);
748 }
749
750 while (1) {
751 my $wait = 0;
752
753 foreach my $service (@$service_list) {
754 my $ss = get_full_service_state($service);
755 my $state = $ss->{ActiveState} // 'unknown';
756
757 if ($state ne 'inactive') {
758 if ((time() - $starttime) > $timeout) {
759 syslog('err', "unable to stop services (got timeout)");
760 $wait = 0;
761 last;
762 }
763 $wait = 1;
764 }
765 }
766
767 last if !$wait;
768
769 sleep(1);
770 }
771}
772
3f85510e
DM		 773sub service_cmd {
774 my ($service, $cmd) = @_;
775
776 die "unknown service command '$cmd'\n"
f6884917 777 if $cmd !~ m/^(start|stop|restart|reload|reload-or-restart)$/;
3f85510e
DM		 778
779 if ($service eq 'pmgdaemon' || $service eq 'pmgproxy') {
f6884917 780 die "invalid service cmd '$service $cmd': ERROR" if $cmd eq 'stop';
81fa07d9
DM		 781 } elsif ($service eq 'fetchmail') {
782 # use restart instead of start - else it does not start 'exited' unit
783 # after setting START_DAEMON=yes in /etc/default/fetchmail
784 $cmd = 'restart' if $cmd eq 'start';
3f85510e
DM		 785 }
786
ef07e4d0 787 $service = $service_aliases->{$service} // $service;
3f85510e
DM		 788 PVE::Tools::run_command(['systemctl', $cmd, $service]);
789};
790
9f67f5b3
DM		 791# this is also used to get the IP of the local node
792sub lookup_node_ip {
793 my ($nodename, $noerr) = @_;
794
795 my ($family, $packed_ip);
796
797 eval {
798 my @res = PVE::Tools::getaddrinfo_all($nodename);
799 $family = $res[0]->{family};
800 $packed_ip = (PVE::Tools::unpack_sockaddr_in46($res[0]->{addr}))[2];
801 };
802
803 if ($@) {
804 die "hostname lookup failed:\n$@" if !$noerr;
805 return undef;
806 }
807
808 my $ip = Socket::inet_ntop($family, $packed_ip);
809 if ($ip =~ m/^127\.|^::1$/) {
810 die "hostname lookup failed - got local IP address ($nodename = $ip)\n" if !$noerr;
811 return undef;
812 }
813
814 return wantarray ? ($ip, $family) : $ip;
815}
816
630d1ae3
DM		 817sub run_postmap {
818 my ($filename) = @_;
819
820 # make sure the file exists (else postmap fails)
821 IO::File->new($filename, 'a', 0644);
822
1dc946d4
DM		 823 my $mtime_src = (CORE::stat($filename))[9] //
824 die "unbale to read mtime of $filename\n";
825
826 my $mtime_dst = (CORE::stat("$filename.db"))[9] // 0;
78982d93
DM		 827
828 # if not changed, do nothing
1dc946d4 829 return if $mtime_src <= $mtime_dst;
78982d93 830
630d1ae3
DM		 831 eval {
832 PVE::Tools::run_command(
833 ['/usr/sbin/postmap', $filename],
834 errmsg => "unable to update postfix table $filename");
835 };
836 my $err = $@;
837
838 warn $err if $err;
839}
840
d17c5265
DM		 841sub clamav_dbstat {
842
843 my $res = [];
844
845 my $read_cvd_info = sub {
846 my ($dbname, $dbfile) = @_;
847
848 my $header;
849 my $fh = IO::File->new("<$dbfile");
850 if (!$fh) {
851 warn "cant open ClamAV Database $dbname ($dbfile) - $!\n";
852 return;
853 }
854 $fh->read($header, 512);
855 $fh->close();
856
857 ## ClamAV-VDB:16 Mar 2016 23-17 +0000:57:4218790:60:06386f34a16ebeea2733ab037f0536be:
858 if ($header =~ m/^(ClamAV-VDB):([^:]+):(\d+):(\d+):/) {
859 my ($ftype, $btime, $version, $nsigs) = ($1, $2, $3, $4);
860 push @$res, {
861 name => $dbname,
862 type => $ftype,
863 build_time => $btime,
864 version => $version,
865 nsigs => $nsigs,
866 };
867 } else {
868 warn "unable to parse ClamAV Database $dbname ($dbfile)\n";
869 }
870 };
871
872 # main database
873 my $filename = "/var/lib/clamav/main.inc/main.info";
874 $filename = "/var/lib/clamav/main.cvd" if ! -f $filename;
875
876 $read_cvd_info->('main', $filename) if -f $filename;
877
878 # daily database
879 $filename = "/var/lib/clamav/daily.inc/daily.info";
880 $filename = "/var/lib/clamav/daily.cvd" if ! -f $filename;
881 $filename = "/var/lib/clamav/daily.cld" if ! -f $filename;
882
883 $read_cvd_info->('daily', $filename) if -f $filename;
884
885 $filename = "/var/lib/clamav/bytecode.cvd";
886 $read_cvd_info->('bytecode', $filename) if -f $filename;
887
9860e592
DM		 888 $filename = "/var/lib/clamav/safebrowsing.cvd";
889 $read_cvd_info->('safebrowsing', $filename) if -f $filename;
890
dabcd20e
DM		 891 my $ss_dbs_fn = "/var/lib/clamav-unofficial-sigs/configs/ss-include-dbs.txt";
892 my $ss_dbs_files = {};
893 if (my $ssfh = IO::File->new("<${ss_dbs_fn}")) {
894 while (defined(my $line = <$ssfh>)) {
895 chomp $line;
896 $ss_dbs_files->{$line} = 1;
897 }
898 }
d17c5265
DM		 899 my $last = 0;
900 my $nsigs = 0;
901 foreach $filename (</var/lib/clamav/*>) {
dabcd20e
DM		 902 my $fn = basename($filename);
903 next if !$ss_dbs_files->{$fn};
904
d17c5265
DM		 905 my $fh = IO::File->new("<$filename");
906 next if !defined($fh);
907 my $st = stat($fh);
908 next if !$st;
909 my $mtime = $st->mtime();
910 $last = $mtime if $mtime > $last;
911 while (defined(my $line = <$fh>)) { $nsigs++; }
912 }
913
914 if ($nsigs > 0) {
915 push @$res, {
9860e592 916 name => 'sanesecurity',
d17c5265 917 type => 'unofficial',
2d011fef 918 build_time => strftime("%d %b %Y %H-%M %z", localtime($last)),
d17c5265
DM		 919 nsigs => $nsigs,
920 };
921 }
922
923 return $res;
924}
925
dff363d9
DM		 926# RRD related code
927my $rrd_dir = "/var/lib/rrdcached/db";
928my $rrdcached_socket = "/var/run/rrdcached.sock";
929
930my $rrd_def_node = [
931 "DS:loadavg:GAUGE:120:0:U",
932 "DS:maxcpu:GAUGE:120:0:U",
933 "DS:cpu:GAUGE:120:0:U",
934 "DS:iowait:GAUGE:120:0:U",
935 "DS:memtotal:GAUGE:120:0:U",
936 "DS:memused:GAUGE:120:0:U",
937 "DS:swaptotal:GAUGE:120:0:U",
938 "DS:swapused:GAUGE:120:0:U",
939 "DS:roottotal:GAUGE:120:0:U",
940 "DS:rootused:GAUGE:120:0:U",
941 "DS:netin:DERIVE:120:0:U",
942 "DS:netout:DERIVE:120:0:U",
943
944 "RRA:AVERAGE:0.5:1:70", # 1 min avg - one hour
945 "RRA:AVERAGE:0.5:30:70", # 30 min avg - one day
946 "RRA:AVERAGE:0.5:180:70", # 3 hour avg - one week
947 "RRA:AVERAGE:0.5:720:70", # 12 hour avg - one month
948 "RRA:AVERAGE:0.5:10080:70", # 7 day avg - ony year
949
950 "RRA:MAX:0.5:1:70", # 1 min max - one hour
951 "RRA:MAX:0.5:30:70", # 30 min max - one day
952 "RRA:MAX:0.5:180:70", # 3 hour max - one week
953 "RRA:MAX:0.5:720:70", # 12 hour max - one month
954 "RRA:MAX:0.5:10080:70", # 7 day max - ony year
955];
956
957sub cond_create_rrd_file {
958 my ($filename, $rrddef) = @_;
959
960 return if -f $filename;
961
962 my @args = ($filename);
963
964 push @args, "--daemon" => "unix:${rrdcached_socket}"
965 if -S $rrdcached_socket;
966
967 push @args, '--step', 60;
968
969 push @args, @$rrddef;
970
971 # print "TEST: " . join(' ', @args) . "\n";
972
973 RRDs::create(@args);
974 my $err = RRDs::error;
975 die "RRD error: $err\n" if $err;
976}
977
978sub update_node_status_rrd {
979
980 my $filename = "$rrd_dir/pmg-node-v1.rrd";
981 cond_create_rrd_file($filename, $rrd_def_node);
982
983 my ($avg1, $avg5, $avg15) = PVE::ProcFSTools::read_loadavg();
984
985 my $stat = PVE::ProcFSTools::read_proc_stat();
986
987 my $netdev = PVE::ProcFSTools::read_proc_net_dev();
988
989 my ($uptime) = PVE::ProcFSTools::read_proc_uptime();
990
991 my $cpuinfo = PVE::ProcFSTools::read_cpuinfo();
992
993 my $maxcpu = $cpuinfo->{cpus};
994
995 # traffic from/to physical interface cards
996 my $netin = 0;
997 my $netout = 0;
998 foreach my $dev (keys %$netdev) {
170295f8 999 next if $dev !~ m/^$PVE::Network::PHYSICAL_NIC_RE$/;
dff363d9
DM		 1000 $netin += $netdev->{$dev}->{receive};
1001 $netout += $netdev->{$dev}->{transmit};
1002 }
1003
1004 my $meminfo = PVE::ProcFSTools::read_meminfo();
1005
1006 my $dinfo = df('/', 1); # output is bytes
1007
1008 my $ctime = time();
1009
1010 # everything not free is considered to be used
1011 my $dused = $dinfo->{blocks} - $dinfo->{bfree};
1012
1013 my $data = "$ctime:$avg1:$maxcpu:$stat->{cpu}:$stat->{wait}:" .
1014 "$meminfo->{memtotal}:$meminfo->{memused}:" .
1015 "$meminfo->{swaptotal}:$meminfo->{swapused}:" .
1016 "$dinfo->{blocks}:$dused:$netin:$netout";
1017
1018
1019 my @args = ($filename);
1020
1021 push @args, "--daemon" => "unix:${rrdcached_socket}"
1022 if -S $rrdcached_socket;
1023
1024 push @args, $data;
1025
1026 # print "TEST: " . join(' ', @args) . "\n";
1027
1028 RRDs::update(@args);
1029 my $err = RRDs::error;
1030 die "RRD error: $err\n" if $err;
1031}
1032
065b2986
DM		 1033sub create_rrd_data {
1034 my ($rrdname, $timeframe, $cf) = @_;
1035
1036 my $rrd = "${rrd_dir}/$rrdname";
1037
1038 my $setup = {
1039 hour => [ 60, 70 ],
1040 day => [ 60*30, 70 ],
1041 week => [ 60*180, 70 ],
1042 month => [ 60*720, 70 ],
1043 year => [ 60*10080, 70 ],
1044 };
1045
1046 my ($reso, $count) = @{$setup->{$timeframe}};
1047 my $ctime = $reso*int(time()/$reso);
1048 my $req_start = $ctime - $reso*$count;
1049
1050 $cf = "AVERAGE" if !$cf;
1051
1052 my @args = (
1053 "-s" => $req_start,
1054 "-e" => $ctime - 1,
1055 "-r" => $reso,
1056 );
1057
1058 push @args, "--daemon" => "unix:${rrdcached_socket}"
1059 if -S $rrdcached_socket;
1060
1061 my ($start, $step, $names, $data) = RRDs::fetch($rrd, $cf, @args);
1062
1063 my $err = RRDs::error;
1064 die "RRD error: $err\n" if $err;
1065
1066 die "got wrong time resolution ($step != $reso)\n"
1067 if $step != $reso;
1068
1069 my $res = [];
1070 my $fields = scalar(@$names);
1071 for my $line (@$data) {
1072 my $entry = { 'time' => $start };
1073 $start += $step;
1074 for (my $i = 0; $i < $fields; $i++) {
1075 my $name = $names->[$i];
1076 if (defined(my $val = $line->[$i])) {
1077 $entry->{$name} = $val;
1078 } else {
1079 # leave empty fields undefined
1080 # maybe make this configurable?
1081 }
1082 }
1083 push @$res, $entry;
1084 }
1085
1086 return $res;
1087}
1088
8da6f9ec
DM		 1089sub decode_to_html {
1090 my ($charset, $data) = @_;
1091
1092 my $res = $data;
1093
1094 eval { $res = encode_entities(decode($charset, $data)); };
1095
1096 return $res;
1097}
1098
46f9e9af
DM		 1099sub decode_rfc1522 {
1100 my ($enc) = @_;
1101
1102 my $res = '';
1103
1104 return '' if !$enc;
1105
1106 eval {
1107 foreach my $r (MIME::Words::decode_mimewords($enc)) {
1108 my ($d, $cs) = @$r;
1109 if ($d) {
1110 if ($cs) {
1111 $res .= decode($cs, $d);
1112 } else {
1113 $res .= $d;
1114 }
1115 }
1116 }
1117 };
1118
1119 $res = $enc if $@;
1120
1121 return $res;
1122}
1123
9a56f771
DM		 1124sub rfc1522_to_html {
1125 my ($enc) = @_;
1126
1127 my $res = '';
1128
1129 return '' if !$enc;
1130
1131 eval {
1132 foreach my $r (MIME::Words::decode_mimewords($enc)) {
1133 my ($d, $cs) = @$r;
1134 if ($d) {
1135 if ($cs) {
1136 $res .= encode_entities(decode($cs, $d));
1137 } else {
1138 $res .= encode_entities($d);
1139 }
1140 }
1141 }
1142 };
1143
1144 $res = $enc if $@;
1145
1146 return $res;
1147}
1148
9d26ab13
DM		 1149# RFC 2047 B-ENCODING http://rfc.net/rfc2047.html
1150# (Q-Encoding is complex and error prone)
1151sub bencode_header {
1152 my $txt = shift;
1153
1154 my $CRLF = "\015\012";
1155
1156 # Nonprintables (controls + x7F + 8bit):
1157 my $NONPRINT = "\\x00-\\x1F\\x7F-\\xFF";
1158
1159 # always use utf-8 (work with japanese character sets)
1160 $txt = encode("UTF-8", $txt);
1161
1162 return $txt if $txt !~ /[$NONPRINT]/o;
1163
1164 my $res = '';
1165
1166 while ($txt =~ s/^(.{1,42})//sm) {
1167 my $t = MIME::Words::encode_mimeword ($1, 'B', 'UTF-8');
1168 $res .= $res ? "\015\012\t$t" : $t;
1169 }
1170
1171 return $res;
1172}
1173
7d89adf4 1174sub load_sa_descriptions {
e325aa6f 1175 my ($additional_dirs) = @_;
7d89adf4
DM		 1176
1177 my @dirs = ('/usr/share/spamassassin',
1178 '/usr/share/spamassassin-extra');
1179
e325aa6f
DC		 1180 push @dirs, @$additional_dirs if @$additional_dirs;
1181
7d89adf4
DM		 1182 my $res = {};
1183
1184 my $parse_sa_file = sub {
1185 my ($file) = @_;
1186
1187 open(my $fh,'<', $file);
1188 return if !defined($fh);
1189
1190 while (defined(my $line = <$fh>)) {
1191 if ($line =~ m/^describe\s+(\S+)\s+(.*)\s*$/) {
1192 my ($name, $desc) = ($1, $2);
1193 next if $res->{$name};
1194 $res->{$name}->{desc} = $desc;
1195 if ($desc =~ m|[\(\s](http:\/\/\S+\.[^\s\.\)]+\.[^\s\.\)]+)|i) {
1196 $res->{$name}->{url} = $1;
1197 }
1198 }
1199 }
1200 close($fh);
1201 };
1202
1203 foreach my $dir (@dirs) {
1204 foreach my $file (<$dir/*.cf>) {
1205 $parse_sa_file->($file);
1206 }
1207 }
1208
cda67dee 1209 $res->{'ClamAVHeuristics'}->{desc} = "ClamAV heuristic tests";
0d5209bf 1210
7d89adf4
DM		 1211 return $res;
1212}
1213
8162c745
DM		 1214sub format_uptime {
1215 my ($uptime) = @_;
1216
1217 my $days = int($uptime/86400);
1218 $uptime -= $days*86400;
1219
1220 my $hours = int($uptime/3600);
1221 $uptime -= $hours*3600;
1222
1223 my $mins = $uptime/60;
1224
1225 if ($days) {
1226 my $ds = $days > 1 ? 'days' : 'day';
1227 return sprintf "%d $ds %02d:%02d", $days, $hours, $mins;
1228 } else {
1229 return sprintf "%02d:%02d", $hours, $mins;
1230 }
1231}
1232
3dfe317a
DM		 1233sub finalize_report {
1234 my ($tt, $template, $data, $mailfrom, $receiver, $debug) = @_;
1235
1236 my $html = '';
1237
1238 $tt->process($template, $data, \$html) ||
1239 die $tt->error() . "\n";
1240
1241 my $title;
1242 if ($html =~ m|^\s*<title>(.*)</title>|m) {
1243 $title = $1;
1244 } else {
1245 die "unable to extract template title\n";
1246 }
1247
1248 my $top = MIME::Entity->build(
1249 Type => "multipart/related",
1250 To => $data->{pmail},
1251 From => $mailfrom,
1252 Subject => bencode_header(decode_entities($title)));
1253
1254 $top->attach(
1255 Data => $html,
1256 Type => "text/html",
1257 Encoding => $debug ? 'binary' : 'quoted-printable');
1258
1259 if ($debug) {
1260 $top->print();
1261 return;
1262 }
1263 # we use an empty envelope sender (we dont want to receive NDRs)
1264 PMG::Utils::reinject_mail ($top, '', [$receiver], undef, $data->{fqdn});
1265}
1266
2f7031b7
DM		 1267sub lookup_timespan {
1268 my ($timespan) = @_;
1269
1270 my (undef, undef, undef, $mday, $mon, $year) = localtime(time());
1271 my $daystart = timelocal(0, 0, 0, $mday, $mon, $year);
1272
1273 my $start;
1274 my $end;
1275
1276 if ($timespan eq 'today') {
1277 $start = $daystart;
1278 $end = $start + 86400;
1279 } elsif ($timespan eq 'yesterday') {
1280 $end = $daystart;
1281 $start = $end - 86400;
1282 } elsif ($timespan eq 'week') {
1283 $end = $daystart;
1284 $start = $end - 7*86400;
1285 } else {
1286 die "internal error";
1287 }
1288
1289 return ($start, $end);
1290}
1291
17a7c6c9
DM		 1292my $rbl_scan_last_cursor;
1293my $rbl_scan_start_time = time();
1294
1295sub scan_journal_for_rbl_rejects {
1296
1297 # example postscreen log entry for RBL rejects
1298 # Aug 29 08:00:36 proxmox postfix/postscreen[11266]: NOQUEUE: reject: RCPT from [x.x.x.x]:1234: 550 5.7.1 Service unavailable; client [x.x.x.x] blocked using zen.spamhaus.org; from=<xxxx>, to=<yyyy>, proto=ESMTP, helo=<zzz>
1299
2e0e3415
DM		 1300 # example for PREGREET reject
1301 # Dec 7 06:57:11 proxmox postfix/postscreen[32084]: PREGREET 14 after 0.23 from [x.x.x.x]:63492: EHLO yyyyy\r\n
1302
17a7c6c9
DM		 1303 my $identifier = 'postfix/postscreen';
1304
2e0e3415
DM		 1305 my $rbl_count = 0;
1306 my $pregreet_count = 0;
17a7c6c9
DM		 1307
1308 my $parser = sub {
1309 my $line = shift;
1310
1311 if ($line =~ m/^--\scursor:\s(\S+)$/) {
1312 $rbl_scan_last_cursor = $1;
1313 return;
1314 }
1315
2e0e3415
DM		 1316 if ($line =~ m/\s$identifier\[\d+\]:\sNOQUEUE:\sreject:.*550 5.7.1 Service unavailable;/) {
1317 $rbl_count++;
1318 } elsif ($line =~ m/\s$identifier\[\d+\]:\sPREGREET\s\d+\safter\s/) {
1319 $pregreet_count++;
1320 }
17a7c6c9
DM		 1321 };
1322
1323 # limit to last 5000 lines to avoid long delays
1324 my $cmd = ['journalctl', '--show-cursor', '-o', 'short-unix', '--no-pager',
1325 '--identifier', $identifier, '-n', 5000];
1326
1327 if (defined($rbl_scan_last_cursor)) {
1328 push @$cmd, "--after-cursor=${rbl_scan_last_cursor}";
1329 } else {
1330 push @$cmd, "--since=@" . $rbl_scan_start_time;
1331 }
1332
1333 PVE::Tools::run_command($cmd, outfunc => $parser);
1334
2e0e3415 1335 return ($rbl_count, $pregreet_count);
17a7c6c9
DM		 1336}
1337
5d5af7c5
DM		 1338my $hwaddress;
1339
1340sub get_hwaddress {
1341
1342 return $hwaddress if defined ($hwaddress);
1343
1344 my $fn = '/etc/ssh/ssh_host_rsa_key.pub';
1345 my $sshkey = PVE::Tools::file_get_contents($fn);
1346 $hwaddress = uc(Digest::MD5::md5_hex($sshkey));
1347
1348 return $hwaddress;
1349}
1350
75ce5866
DM		 1351my $default_locale = "en_US.UTF-8 UTF-8";
1352
1353sub cond_add_default_locale {
1354
1355 my $filename = "/etc/locale.gen";
1356
1357 open(my $infh, "<", $filename) || return;
1358
1359 while (defined(my $line = <$infh>)) {
1360 if ($line =~ m/^\Q${default_locale}\E/) {
1361 # already configured
1362 return;
1363 }
1364 }
1365
1366 seek($infh, 0, 0) // return; # seek failed
1367
1368 open(my $outfh, ">", "$filename.tmp") || return;
1369
1370 my $done;
1371 while (defined(my $line = <$infh>)) {
1372 if ($line =~ m/^#\s*\Q${default_locale}\E.*/) {
1373 print $outfh "${default_locale}\n" if !$done;
1374 $done = 1;
1375 } else {
1376 print $outfh $line;
1377 }
1378 }
1379
1380 print STDERR "generation pmg default locale\n";
1381
1382 rename("$filename.tmp", $filename) || return; # rename failed
1383
1384 system("dpkg-reconfigure locales -f noninteractive");
1385}
1386
6529020a
SI		 1387sub postgres_admin_cmd {
1388 my ($cmd, $options, @params) = @_;
1389
1390 $cmd = ref($cmd) ? $cmd : [ $cmd ];
1391
1392 my $save_uid = POSIX::getuid();
1393 my $pg_uid = getpwnam('postgres') || die "getpwnam postgres failed\n";
1394
1395 PVE::Tools::setresuid(-1, $pg_uid, -1) ||
1396 die "setresuid postgres ($pg_uid) failed - $!\n";
1397
1398 PVE::Tools::run_command([@$cmd, '-U', 'postgres', @params], %$options);
1399
1400 PVE::Tools::setresuid(-1, $save_uid, -1) ||
1401 die "setresuid back failed - $!\n";
1402}
1403
758c7b6b 14041;
PMG API