10 use POSIX
qw(strftime);
15 use Time
::HiRes qw
(gettimeofday
);
47 my $valid_pmg_realms = ['pam', 'pmg', 'quarantine'];
49 PVE
::JSONSchema
::register_standard_option
('realm', {
50 description
=> "Authentication domain ID",
52 enum
=> $valid_pmg_realms,
56 PVE
::JSONSchema
::register_standard_option
('pmg-starttime', {
57 description
=> "Only consider entries newer than 'starttime' (unix epoch). Default is 'now - 1day'.",
63 PVE
::JSONSchema
::register_standard_option
('pmg-endtime', {
64 description
=> "Only consider entries older than 'endtime' (unix epoch). This is set to '<start> + 1day' by default.",
70 PVE
::JSONSchema
::register_format
('pmg-userid', \
&verify_username
);
72 my ($username, $noerr) = @_;
74 $username = '' if !$username;
75 my $len = length($username);
77 die "user name '$username' is too short\n" if !$noerr;
81 die "user name '$username' is too long ($len > 64)\n" if !$noerr;
85 # we only allow a limited set of characters
86 # colon is not allowed, because we store usernames in
87 # colon separated lists)!
88 # slash is not allowed because it is used as pve API delimiter
89 # also see "man useradd"
90 my $realm_list = join('|', @$valid_pmg_realms);
91 if ($username =~ m!^([^\s:/]+)\@(${realm_list})$!) {
92 return wantarray ?
($username, $1, $2) : $username;
95 die "value '$username' does not look like a valid user name\n" if !$noerr;
100 PVE
::JSONSchema
::register_standard_option
('userid', {
101 description
=> "User ID",
102 type
=> 'string', format
=> 'pmg-userid',
107 PVE
::JSONSchema
::register_standard_option
('username', {
108 description
=> "Username (without realm)",
110 pattern
=> '[^\s:\/\@]{3,60}',
115 PVE
::JSONSchema
::register_standard_option
('pmg-email-address', {
116 description
=> "Email Address (allow most characters).",
118 pattern
=> '(?:[^\s\/\\\@]+\@[^\s\/\\\@]+)',
123 PVE
::JSONSchema
::register_standard_option
('pmg-whiteblacklist-entry-list', {
124 description
=> "White/Blacklist entry list (allow most characters). Can contain globs",
126 pattern
=> '(?:[^\s\/\\\;\,]+)(?:\,[^\s\/\\\;\,]+)*',
131 my ($dbh, $seq) = @_;
133 return $dbh->last_insert_id(
134 undef, undef, undef, undef, { sequence
=> $seq});
137 # quote all regex operators
141 $val =~ s/([\(\)\[\]\/\}\+\*\?\.\|\^\$\\])/\\$1/g;
146 sub file_older_than
{
147 my ($filename, $lasttime) = @_;
149 my $st = stat($filename);
151 return 0 if !defined($st);
153 return ($lasttime >= $st->ctime);
156 sub extract_filename
{
159 if (my $value = $head->recommended_filename()) {
161 if (my $decvalue = MIME
::Words
::decode_mimewords
($value)) {
162 $decvalue =~ s/\0/ /g;
163 $decvalue = PVE
::Tools
::trim
($decvalue);
172 my ($entity, $add_id, $id) = @_;
176 foreach my $tag (grep {/^x-proxmox-tmp/i} $entity->head->tags) {
177 $entity->head->delete ($tag);
180 $entity->head->replace('X-Proxmox-tmp-AID', $id) if $add_id;
182 foreach my $part ($entity->parts) {
183 $id = remove_marks
($part, $add_id, $id + 1);
190 my ($body, $dh) = @_;
194 foreach my $k (keys %$dh) {
197 $body =~ s/__\Q${k}\E__/$v/gs;
205 my ($entity, $sender, $targets, $xforward, $me, $nodsn) = @_;
213 my $smtp = Net
::SMTP-
>new('127.0.0.1', Port
=> 10025, Hello
=> $me) ||
214 die "unable to connect to localhost at port 10025";
216 if (defined($xforward)) {
219 foreach my $attr (keys %{$xforward}) {
220 $xfwd .= " $attr=$xforward->{$attr}";
223 if ($xfwd && $smtp->command("XFORWARD", $xfwd)->response() != CMD_OK
) {
224 syslog
('err', "xforward error - got: %s %s", $smtp->code, scalar($smtp->message));
228 my $has_utf8_targets = 0;
229 foreach my $target (@$targets) {
230 if (utf8
::is_utf8
($target)) {
231 $has_utf8_targets = 1;
236 my $mail_opts = " BODY=8BITMIME";
238 if (utf8
::is_utf8
($sender)) {
239 $sender_addr = encode
('UTF-8', $smtp->_addr($sender));
240 $mail_opts .= " SMTPUTF8";
242 $sender_addr = $smtp->_addr($sender);
243 $mail_opts .= " SMTPUTF8" if $has_utf8_targets;
246 if (!$smtp->_MAIL("FROM:" . $sender_addr . $mail_opts)) {
247 syslog
('err', "smtp error - got: %s %s", $smtp->code, scalar ($smtp->message));
248 die "smtp from: ERROR";
251 my $rcpt_opts = $nodsn ?
" NOTIFY=NEVER" : "";
253 foreach my $target (@$targets) {
255 if (utf8
::is_utf8
($target)) {
256 $rcpt_addr = encode
('UTF-8', $smtp->_addr($target));
258 $rcpt_addr = $smtp->_addr($target);
260 if (!$smtp->_RCPT("TO:" . $rcpt_addr . $rcpt_opts)) {
261 syslog
('err', "smtp error - got: %s %s", $smtp->code, scalar($smtp->message));
262 die "smtp to: ERROR";
267 #$entity->sync_headers ();
270 my $out = PMG
::SMTPPrinter-
>new($smtp);
271 $entity->print($out);
273 # make sure we always have a newline at the end of the mail
274 # else dataend() fails
275 $smtp->datasend("\n");
277 if ($smtp->dataend()) {
278 my @msgs = $smtp->message;
279 $resmess = $msgs[$#msgs];
280 ($resid) = $resmess =~ m/Ok: queued as ([0-9A-Z]+)/;
281 $rescode = $smtp->code;
283 die sprintf("unexpected SMTP result - got: %s %s : WARNING", $smtp->code, $resmess);
286 my @msgs = $smtp->message;
287 $resmess = $msgs[$#msgs];
288 $rescode = $smtp->code;
289 die sprintf("sending data failed - got: %s %s : ERROR", $smtp->code, $resmess);
294 $smtp->quit if $smtp;
297 syslog
('err', $err);
300 return wantarray ?
($resid, $rescode, $resmess) : $resid;
303 sub analyze_custom_check
{
304 my ($queue, $dname, $pmg_cfg) = @_;
306 my $enable_custom_check = $pmg_cfg->get('admin', 'custom_check');
307 return undef if !$enable_custom_check;
310 my $customcheck_exe = $pmg_cfg->get('admin', 'custom_check_path');
311 my $customcheck_apiver = 'v1';
312 my ($csec, $usec) = gettimeofday
();
322 syslog
('err', $errmsg);
325 my $customcheck_output_apiver;
331 if ($line =~ /^v\d$/) {
332 die "api version already defined!\n" if defined($customcheck_output_apiver);
333 $customcheck_output_apiver = $line;
334 die "api version mismatch - expected $customcheck_apiver, got $customcheck_output_apiver !\n"
335 if ($customcheck_output_apiver ne $customcheck_apiver);
336 } elsif ($line =~ /^SCORE: (-?[0-9]+|.[0-9]+|[0-9]+.[0-9]+)$/) {
339 } elsif ($line =~ /^VIRUS: (.+)$/) {
342 } elsif ($line =~ /^OK$/) {
345 die "got unexpected output!\n";
347 die "got more than 1 result outputs\n" if ( $have_result && $result_flag);
348 $have_result = $result_flag;
351 PVE
::Tools
::run_command
([$customcheck_exe, $customcheck_apiver, $dname],
352 errmsg
=> "$queue->{logid} custom check error",
353 errfunc
=> $log_err, outfunc
=> $parser, timeout
=> $timeout);
355 die "no api version returned\n" if !defined($customcheck_output_apiver);
356 die "no result output!\n" if !$have_result;
361 syslog
('info', "$queue->{logid}: virus detected: $vinfo (custom)");
364 my ($csec_end, $usec_end) = gettimeofday
();
365 $queue->{ptime_custom
} =
366 int (($csec_end-$csec)*1000 + ($usec_end - $usec)/1000);
369 syslog
('err', $err);
371 $queue->{errors
} = 1;
374 $queue->{vinfo_custom
} = $vinfo;
375 $queue->{spam_custom
} = $spam_score;
377 return ($vinfo, $spam_score);
380 sub analyze_virus_clam
{
381 my ($queue, $dname, $pmg_cfg) = @_;
386 my $clamdscan_opts = "--stdout";
388 my ($csec, $usec) = gettimeofday
();
394 $previous_alarm = alarm($timeout);
397 die "$queue->{logid}: Maximum time ($timeout sec) exceeded. " .
398 "virus analyze (clamav) failed: ERROR";
401 open(CMD
, "/usr/bin/clamdscan $clamdscan_opts '$dname'|") ||
402 die "$queue->{logid}: can't exec clamdscan: $! : ERROR";
407 while (defined(my $line = <CMD
>)) {
408 if ($line =~ m/^$dname.*:\s+([^ :]*)\s+FOUND$/) {
409 # we just use the first detected virus name
410 $vinfo = $1 if !$vinfo;
411 } elsif ($line =~ m/^Infected files:\s(\d*)$/i) {
420 alarm(0); # avoid race conditions
422 if (!defined($ifiles)) {
423 die "$queue->{logid}: got undefined output from " .
424 "virus detector: $response : ERROR";
428 syslog
('info', "$queue->{logid}: virus detected: $vinfo (clamav)");
433 alarm($previous_alarm);
435 my ($csec_end, $usec_end) = gettimeofday
();
436 $queue->{ptime_clam
} =
437 int (($csec_end-$csec)*1000 + ($usec_end - $usec)/1000);
440 syslog
('err', $err);
442 $queue->{errors
} = 1;
445 $queue->{vinfo_clam
} = $vinfo;
447 return $vinfo ?
"$vinfo (clamav)" : undef;
450 sub analyze_virus_avast
{
451 my ($queue, $dname, $pmg_cfg) = @_;
456 my ($csec, $usec) = gettimeofday
();
462 $previous_alarm = alarm($timeout);
465 die "$queue->{logid}: Maximum time ($timeout sec) exceeded. " .
466 "virus analyze (avast) failed: ERROR";
469 open(my $cmd, '-|', 'scan', $dname) ||
470 die "$queue->{logid}: can't exec avast scan: $! : ERROR";
473 while (defined(my $line = <$cmd>)) {
474 if ($line =~ m/^$dname\s+(.*\S)\s*$/) {
475 # we just use the first detected virus name
476 $vinfo = $1 if !$vinfo;
484 alarm(0); # avoid race conditions
487 syslog
('info', "$queue->{logid}: virus detected: $vinfo (avast)");
492 alarm($previous_alarm);
494 my ($csec_end, $usec_end) = gettimeofday
();
495 $queue->{ptime_clam
} =
496 int (($csec_end-$csec)*1000 + ($usec_end - $usec)/1000);
499 syslog
('err', $err);
501 $queue->{errors
} = 1;
504 return undef if !$vinfo;
506 $queue->{vinfo_avast
} = $vinfo;
508 return "$vinfo (avast)";
512 my ($queue, $filename, $pmg_cfg, $testmode) = @_;
514 # TODO: support other virus scanners?
517 my $vinfo_clam = analyze_virus_clam
($queue, $filename, $pmg_cfg);
518 my $vinfo_avast = analyze_virus_avast
($queue, $filename, $pmg_cfg);
520 return $vinfo_avast || $vinfo_clam;
523 my $enable_avast = $pmg_cfg->get('admin', 'avast');
526 if (my $vinfo = analyze_virus_avast
($queue, $filename, $pmg_cfg)) {
531 my $enable_clamav = $pmg_cfg->get('admin', 'clamav');
533 if ($enable_clamav) {
534 if (my $vinfo = analyze_virus_clam
($queue, $filename, $pmg_cfg)) {
542 sub magic_mime_type_for_file
{
545 # we do not use get_mime_type_for_file, because that considers
546 # filename extensions - we only want magic type detection
548 my $bufsize = Xdgmime
::xdg_mime_get_max_buffer_extents
();
549 die "got strange value for max_buffer_extents" if $bufsize > 4096*10;
551 my $ct = "application/octet-stream";
553 my $fh = IO
::File-
>new("<$filename") ||
554 die "unable to open file '$filename' - $!";
557 if (($len = $fh->read($buf, $bufsize)) > 0) {
558 $ct = xdg_mime_get_mime_type_for_data
($buf, $len);
562 die "unable to read file '$filename' - $!" if ($len < 0);
570 if (my $path = $entity->{PMX_decoded_path
}) {
572 # set a reasonable default if magic does not give a result
573 $entity->{PMX_magic_ct
} = $entity->head->mime_attr('content-type');
575 if (my $ct = magic_mime_type_for_file
($path)) {
576 if ($ct ne 'application/octet-stream' || !$entity->{PMX_magic_ct
}) {
577 $entity->{PMX_magic_ct
} = $ct;
581 my $filename = $entity->head->recommended_filename;
582 $filename = basename
($path) if !defined($filename) || $filename eq '';
584 if (my $ct = xdg_mime_get_mime_type_from_file_name
($filename)) {
585 $entity->{PMX_glob_ct
} = $ct;
589 foreach my $part ($entity->parts) {
590 add_ct_marks
($part);
594 # x509 certificate utils
596 # only write output if something fails
602 my $record_output = sub {
608 PVE
::Tools
::run_command
($cmd, outfunc
=> $record_output,
609 errfunc
=> $record_output);
614 print STDERR
$outbuf;
619 my $proxmox_tls_cert_fn = "/etc/pmg/pmg-tls.pem";
621 sub gen_proxmox_tls_cert
{
624 my $resolv = PVE
::INotify
::read_file
('resolvconf');
625 my $domain = $resolv->{search
};
627 my $company = $domain; # what else ?
628 my $cn = "*.$domain";
630 return if !$force && -f
$proxmox_tls_cert_fn;
632 my $sslconf = <<__EOD__;
633 RANDFILE = /root/.rnd
638 distinguished_name = req_distinguished_name
639 req_extensions = v3_req
641 string_mask = nombstr
643 [ req_distinguished_name ]
644 organizationalUnitName = Proxmox Mail Gateway
645 organizationName = $company
649 basicConstraints = CA:FALSE
651 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
654 my $cfgfn = "/tmp/pmgtlsconf-$$.tmp";
655 my $fh = IO
::File-
>new ($cfgfn, "w");
660 my $cmd = ['openssl', 'req', '-batch', '-x509', '-new', '-sha256',
661 '-config', $cfgfn, '-days', 3650, '-nodes',
662 '-out', $proxmox_tls_cert_fn,
663 '-keyout', $proxmox_tls_cert_fn];
664 run_silent_cmd
($cmd);
668 unlink $proxmox_tls_cert_fn;
670 die "unable to generate proxmox certificate request:\n$err";
676 sub find_local_network_for_ip
{
677 my ($ip, $noerr) = @_;
679 my $testip = Net
::IP-
>new($ip);
681 my $isv6 = $testip->version == 6;
683 PVE
::ProcFSTools
::read_proc_net_ipv6_route
() :
684 PVE
::ProcFSTools
::read_proc_net_route
();
686 foreach my $entry (@$routes) {
689 $mask = $entry->{prefix
};
690 next if !$mask; # skip the default route...
692 $mask = $PVE::Network
::ipv4_mask_hash_localnet-
>{$entry->{mask
}};
693 next if !defined($mask);
695 my $cidr = "$entry->{dest}/$mask";
696 my $testnet = Net
::IP-
>new($cidr);
697 my $overlap = $testnet->overlaps($testip);
698 if ($overlap == $Net::IP
::IP_B_IN_A_OVERLAP
||
699 $overlap == $Net::IP
::IP_IDENTICAL
)
705 return undef if $noerr;
707 die "unable to detect local network for ip '$ip'\n";
710 my $service_aliases = {
711 'postfix' => 'postfix@-',
712 'postgres' => 'postgresql@11-main',
715 sub lookup_real_service_name
{
718 return $service_aliases->{$alias} // $alias;
721 sub get_full_service_state
{
728 if ($line =~ m/^([^=\s]+)=(.*)$/) {
733 $service = $service_aliases->{$service} // $service;
734 PVE
::Tools
::run_command
(['systemctl', 'show', $service], outfunc
=> $parser);
739 our $db_service_list = [
740 'pmgpolicy', 'pmgmirror', 'pmgtunnel', 'pmg-smtp-filter' ];
742 sub service_wait_stopped
{
743 my ($timeout, $service_list) = @_;
745 my $starttime = time();
747 foreach my $service (@$service_list) {
748 PVE
::Tools
::run_command
(['systemctl', 'stop', $service]);
754 foreach my $service (@$service_list) {
755 my $ss = get_full_service_state
($service);
756 my $state = $ss->{ActiveState
} // 'unknown';
758 if ($state ne 'inactive') {
759 if ((time() - $starttime) > $timeout) {
760 syslog
('err', "unable to stop services (got timeout)");
775 my ($service, $cmd) = @_;
777 die "unknown service command '$cmd'\n"
778 if $cmd !~ m/^(start|stop|restart|reload|reload-or-restart)$/;
780 if ($service eq 'pmgdaemon' || $service eq 'pmgproxy') {
781 die "invalid service cmd '$service $cmd': ERROR" if $cmd eq 'stop';
782 } elsif ($service eq 'fetchmail') {
783 # use restart instead of start - else it does not start 'exited' unit
784 # after setting START_DAEMON=yes in /etc/default/fetchmail
785 $cmd = 'restart' if $cmd eq 'start';
788 $service = $service_aliases->{$service} // $service;
789 PVE
::Tools
::run_command
(['systemctl', $cmd, $service]);
792 # this is also used to get the IP of the local node
794 my ($nodename, $noerr) = @_;
796 my ($family, $packed_ip);
799 my @res = PVE
::Tools
::getaddrinfo_all
($nodename);
800 $family = $res[0]->{family
};
801 $packed_ip = (PVE
::Tools
::unpack_sockaddr_in46
($res[0]->{addr
}))[2];
805 die "hostname lookup failed:\n$@" if !$noerr;
809 my $ip = Socket
::inet_ntop
($family, $packed_ip);
810 if ($ip =~ m/^127\.|^::1$/) {
811 die "hostname lookup failed - got local IP address ($nodename = $ip)\n" if !$noerr;
815 return wantarray ?
($ip, $family) : $ip;
821 # make sure the file exists (else postmap fails)
822 IO
::File-
>new($filename, 'a', 0644);
824 my $mtime_src = (CORE
::stat($filename))[9] //
825 die "unbale to read mtime of $filename\n";
827 my $mtime_dst = (CORE
::stat("$filename.db"))[9] // 0;
829 # if not changed, do nothing
830 return if $mtime_src <= $mtime_dst;
833 PVE
::Tools
::run_command
(
834 ['/usr/sbin/postmap', $filename],
835 errmsg
=> "unable to update postfix table $filename");
846 my $read_cvd_info = sub {
847 my ($dbname, $dbfile) = @_;
850 my $fh = IO
::File-
>new("<$dbfile");
852 warn "cant open ClamAV Database $dbname ($dbfile) - $!\n";
855 $fh->read($header, 512);
858 ## ClamAV-VDB:16 Mar 2016 23-17 +0000:57:4218790:60:06386f34a16ebeea2733ab037f0536be:
859 if ($header =~ m/^(ClamAV-VDB):([^:]+):(\d+):(\d+):/) {
860 my ($ftype, $btime, $version, $nsigs) = ($1, $2, $3, $4);
864 build_time
=> $btime,
869 warn "unable to parse ClamAV Database $dbname ($dbfile)\n";
874 my $filename = "/var/lib/clamav/main.inc/main.info";
875 $filename = "/var/lib/clamav/main.cvd" if ! -f
$filename;
877 $read_cvd_info->('main', $filename) if -f
$filename;
880 $filename = "/var/lib/clamav/daily.inc/daily.info";
881 $filename = "/var/lib/clamav/daily.cvd" if ! -f
$filename;
882 $filename = "/var/lib/clamav/daily.cld" if ! -f
$filename;
884 $read_cvd_info->('daily', $filename) if -f
$filename;
886 $filename = "/var/lib/clamav/bytecode.cvd";
887 $read_cvd_info->('bytecode', $filename) if -f
$filename;
889 $filename = "/var/lib/clamav/safebrowsing.cvd";
890 $read_cvd_info->('safebrowsing', $filename) if -f
$filename;
892 my $ss_dbs_fn = "/var/lib/clamav-unofficial-sigs/configs/ss-include-dbs.txt";
893 my $ss_dbs_files = {};
894 if (my $ssfh = IO
::File-
>new("<${ss_dbs_fn}")) {
895 while (defined(my $line = <$ssfh>)) {
897 $ss_dbs_files->{$line} = 1;
902 foreach $filename (</var/lib
/clamav/*>) {
903 my $fn = basename
($filename);
904 next if !$ss_dbs_files->{$fn};
906 my $fh = IO
::File-
>new("<$filename");
907 next if !defined($fh);
910 my $mtime = $st->mtime();
911 $last = $mtime if $mtime > $last;
912 while (defined(my $line = <$fh>)) { $nsigs++; }
917 name
=> 'sanesecurity',
918 type
=> 'unofficial',
919 build_time
=> strftime
("%d %b %Y %H-%M %z", localtime($last)),
928 my $rrd_dir = "/var/lib/rrdcached/db";
929 my $rrdcached_socket = "/var/run/rrdcached.sock";
932 "DS:loadavg:GAUGE:120:0:U",
933 "DS:maxcpu:GAUGE:120:0:U",
934 "DS:cpu:GAUGE:120:0:U",
935 "DS:iowait:GAUGE:120:0:U",
936 "DS:memtotal:GAUGE:120:0:U",
937 "DS:memused:GAUGE:120:0:U",
938 "DS:swaptotal:GAUGE:120:0:U",
939 "DS:swapused:GAUGE:120:0:U",
940 "DS:roottotal:GAUGE:120:0:U",
941 "DS:rootused:GAUGE:120:0:U",
942 "DS:netin:DERIVE:120:0:U",
943 "DS:netout:DERIVE:120:0:U",
945 "RRA:AVERAGE:0.5:1:70", # 1 min avg - one hour
946 "RRA:AVERAGE:0.5:30:70", # 30 min avg - one day
947 "RRA:AVERAGE:0.5:180:70", # 3 hour avg - one week
948 "RRA:AVERAGE:0.5:720:70", # 12 hour avg - one month
949 "RRA:AVERAGE:0.5:10080:70", # 7 day avg - ony year
951 "RRA:MAX:0.5:1:70", # 1 min max - one hour
952 "RRA:MAX:0.5:30:70", # 30 min max - one day
953 "RRA:MAX:0.5:180:70", # 3 hour max - one week
954 "RRA:MAX:0.5:720:70", # 12 hour max - one month
955 "RRA:MAX:0.5:10080:70", # 7 day max - ony year
958 sub cond_create_rrd_file
{
959 my ($filename, $rrddef) = @_;
961 return if -f
$filename;
963 my @args = ($filename);
965 push @args, "--daemon" => "unix:${rrdcached_socket}"
966 if -S
$rrdcached_socket;
968 push @args, '--step', 60;
970 push @args, @$rrddef;
972 # print "TEST: " . join(' ', @args) . "\n";
975 my $err = RRDs
::error
;
976 die "RRD error: $err\n" if $err;
979 sub update_node_status_rrd
{
981 my $filename = "$rrd_dir/pmg-node-v1.rrd";
982 cond_create_rrd_file
($filename, $rrd_def_node);
984 my ($avg1, $avg5, $avg15) = PVE
::ProcFSTools
::read_loadavg
();
986 my $stat = PVE
::ProcFSTools
::read_proc_stat
();
988 my $netdev = PVE
::ProcFSTools
::read_proc_net_dev
();
990 my ($uptime) = PVE
::ProcFSTools
::read_proc_uptime
();
992 my $cpuinfo = PVE
::ProcFSTools
::read_cpuinfo
();
994 my $maxcpu = $cpuinfo->{cpus
};
996 # traffic from/to physical interface cards
999 foreach my $dev (keys %$netdev) {
1000 next if $dev !~ m/^$PVE::Network::PHYSICAL_NIC_RE$/;
1001 $netin += $netdev->{$dev}->{receive
};
1002 $netout += $netdev->{$dev}->{transmit
};
1005 my $meminfo = PVE
::ProcFSTools
::read_meminfo
();
1007 my $dinfo = df
('/', 1); # output is bytes
1011 # everything not free is considered to be used
1012 my $dused = $dinfo->{blocks
} - $dinfo->{bfree
};
1014 my $data = "$ctime:$avg1:$maxcpu:$stat->{cpu}:$stat->{wait}:" .
1015 "$meminfo->{memtotal}:$meminfo->{memused}:" .
1016 "$meminfo->{swaptotal}:$meminfo->{swapused}:" .
1017 "$dinfo->{blocks}:$dused:$netin:$netout";
1020 my @args = ($filename);
1022 push @args, "--daemon" => "unix:${rrdcached_socket}"
1023 if -S
$rrdcached_socket;
1027 # print "TEST: " . join(' ', @args) . "\n";
1029 RRDs
::update
(@args);
1030 my $err = RRDs
::error
;
1031 die "RRD error: $err\n" if $err;
1034 sub create_rrd_data
{
1035 my ($rrdname, $timeframe, $cf) = @_;
1037 my $rrd = "${rrd_dir}/$rrdname";
1041 day
=> [ 60*30, 70 ],
1042 week
=> [ 60*180, 70 ],
1043 month
=> [ 60*720, 70 ],
1044 year
=> [ 60*10080, 70 ],
1047 my ($reso, $count) = @{$setup->{$timeframe}};
1048 my $ctime = $reso*int(time()/$reso);
1049 my $req_start = $ctime - $reso*$count;
1051 $cf = "AVERAGE" if !$cf;
1059 push @args, "--daemon" => "unix:${rrdcached_socket}"
1060 if -S
$rrdcached_socket;
1062 my ($start, $step, $names, $data) = RRDs
::fetch
($rrd, $cf, @args);
1064 my $err = RRDs
::error
;
1065 die "RRD error: $err\n" if $err;
1067 die "got wrong time resolution ($step != $reso)\n"
1071 my $fields = scalar(@$names);
1072 for my $line (@$data) {
1073 my $entry = { 'time' => $start };
1075 for (my $i = 0; $i < $fields; $i++) {
1076 my $name = $names->[$i];
1077 if (defined(my $val = $line->[$i])) {
1078 $entry->{$name} = $val;
1080 # leave empty fields undefined
1081 # maybe make this configurable?
1090 sub decode_to_html
{
1091 my ($charset, $data) = @_;
1095 eval { $res = encode_entities
(decode
($charset, $data)); };
1100 sub decode_rfc1522
{
1108 foreach my $r (MIME
::Words
::decode_mimewords
($enc)) {
1112 $res .= decode
($cs, $d);
1125 sub rfc1522_to_html
{
1133 foreach my $r (MIME
::Words
::decode_mimewords
($enc)) {
1137 $res .= encode_entities
(decode
($cs, $d));
1139 $res .= encode_entities
($d);
1150 # RFC 2047 B-ENCODING http://rfc.net/rfc2047.html
1151 # (Q-Encoding is complex and error prone)
1152 sub bencode_header
{
1155 my $CRLF = "\015\012";
1157 # Nonprintables (controls + x7F + 8bit):
1158 my $NONPRINT = "\\x00-\\x1F\\x7F-\\xFF";
1160 # always use utf-8 (work with japanese character sets)
1161 $txt = encode
("UTF-8", $txt);
1163 return $txt if $txt !~ /[$NONPRINT]/o;
1167 while ($txt =~ s/^(.{1,42})//sm) {
1168 my $t = MIME
::Words
::encode_mimeword
($1, 'B', 'UTF-8');
1169 $res .= $res ?
"\015\012\t$t" : $t;
1175 sub load_sa_descriptions
{
1176 my ($additional_dirs) = @_;
1178 my @dirs = ('/usr/share/spamassassin',
1179 '/usr/share/spamassassin-extra');
1181 push @dirs, @$additional_dirs if @$additional_dirs;
1185 my $parse_sa_file = sub {
1188 open(my $fh,'<', $file);
1189 return if !defined($fh);
1191 while (defined(my $line = <$fh>)) {
1192 if ($line =~ m/^describe\s+(\S+)\s+(.*)\s*$/) {
1193 my ($name, $desc) = ($1, $2);
1194 next if $res->{$name};
1195 $res->{$name}->{desc
} = $desc;
1196 if ($desc =~ m
|[\
(\s
](http
:\
/\/\S
+\
.[^\s\
.\
)]+\
.[^\s\
.\
)]+)|i
) {
1197 $res->{$name}->{url
} = $1;
1204 foreach my $dir (@dirs) {
1205 foreach my $file (<$dir/*.cf
>) {
1206 $parse_sa_file->($file);
1210 $res->{'ClamAVHeuristics'}->{desc
} = "ClamAV heuristic tests";
1218 my $days = int($uptime/86400);
1219 $uptime -= $days*86400;
1221 my $hours = int($uptime/3600);
1222 $uptime -= $hours*3600;
1224 my $mins = $uptime/60;
1227 my $ds = $days > 1 ?
'days' : 'day';
1228 return sprintf "%d $ds %02d:%02d", $days, $hours, $mins;
1230 return sprintf "%02d:%02d", $hours, $mins;
1234 sub finalize_report
{
1235 my ($tt, $template, $data, $mailfrom, $receiver, $debug) = @_;
1239 $tt->process($template, $data, \
$html) ||
1240 die $tt->error() . "\n";
1243 if ($html =~ m
|^\s
*<title
>(.*)</title
>|m
) {
1246 die "unable to extract template title\n";
1249 my $top = MIME
::Entity-
>build(
1250 Type
=> "multipart/related",
1251 To
=> $data->{pmail
},
1253 Subject
=> bencode_header
(decode_entities
($title)));
1257 Type
=> "text/html",
1258 Encoding
=> $debug ?
'binary' : 'quoted-printable');
1264 # we use an empty envelope sender (we dont want to receive NDRs)
1265 PMG
::Utils
::reinject_mail
($top, '', [$receiver], undef, $data->{fqdn
});
1268 sub lookup_timespan
{
1269 my ($timespan) = @_;
1271 my (undef, undef, undef, $mday, $mon, $year) = localtime(time());
1272 my $daystart = timelocal
(0, 0, 0, $mday, $mon, $year);
1277 if ($timespan eq 'today') {
1279 $end = $start + 86400;
1280 } elsif ($timespan eq 'yesterday') {
1282 $start = $end - 86400;
1283 } elsif ($timespan eq 'week') {
1285 $start = $end - 7*86400;
1287 die "internal error";
1290 return ($start, $end);
1293 my $rbl_scan_last_cursor;
1294 my $rbl_scan_start_time = time();
1296 sub scan_journal_for_rbl_rejects
{
1298 # example postscreen log entry for RBL rejects
1299 # Aug 29 08:00:36 proxmox postfix/postscreen[11266]: NOQUEUE: reject: RCPT from [x.x.x.x]:1234: 550 5.7.1 Service unavailable; client [x.x.x.x] blocked using zen.spamhaus.org; from=<xxxx>, to=<yyyy>, proto=ESMTP, helo=<zzz>
1301 # example for PREGREET reject
1302 # Dec 7 06:57:11 proxmox postfix/postscreen[32084]: PREGREET 14 after 0.23 from [x.x.x.x]:63492: EHLO yyyyy\r\n
1304 my $identifier = 'postfix/postscreen';
1307 my $pregreet_count = 0;
1310 my $log = decode_json
(shift);
1312 $rbl_scan_last_cursor = $log->{__CURSOR
} if defined($log->{__CURSOR
});
1314 my $message = $log->{MESSAGE
};
1315 return if !defined($message);
1317 if ($message =~ m/^NOQUEUE:\sreject:.*550 5.7.1 Service unavailable/) {
1319 } elsif ($message =~ m/^PREGREET\s\d+\safter\s/) {
1324 # limit to last 5000 lines to avoid long delays
1325 my $cmd = ['journalctl', '-o', 'json', '--output-fields', '__CURSOR,MESSAGE',
1326 '--no-pager', '--identifier', $identifier, '-n', 5000];
1328 if (defined($rbl_scan_last_cursor)) {
1329 push @$cmd, "--after-cursor=${rbl_scan_last_cursor}";
1331 push @$cmd, "--since=@" . $rbl_scan_start_time;
1334 PVE
::Tools
::run_command
($cmd, outfunc
=> $parser);
1336 return ($rbl_count, $pregreet_count);
1343 return $hwaddress if defined ($hwaddress);
1345 my $fn = '/etc/ssh/ssh_host_rsa_key.pub';
1346 my $sshkey = PVE
::Tools
::file_get_contents
($fn);
1347 $hwaddress = uc(Digest
::MD5
::md5_hex
($sshkey));
1352 my $default_locale = "en_US.UTF-8 UTF-8";
1354 sub cond_add_default_locale
{
1356 my $filename = "/etc/locale.gen";
1358 open(my $infh, "<", $filename) || return;
1360 while (defined(my $line = <$infh>)) {
1361 if ($line =~ m/^\Q${default_locale}\E/) {
1362 # already configured
1367 seek($infh, 0, 0) // return; # seek failed
1369 open(my $outfh, ">", "$filename.tmp") || return;
1372 while (defined(my $line = <$infh>)) {
1373 if ($line =~ m/^#\s*\Q${default_locale}\E.*/) {
1374 print $outfh "${default_locale}\n" if !$done;
1381 print STDERR
"generation pmg default locale\n";
1383 rename("$filename.tmp", $filename) || return; # rename failed
1385 system("dpkg-reconfigure locales -f noninteractive");
1388 sub postgres_admin_cmd
{
1389 my ($cmd, $options, @params) = @_;
1391 $cmd = ref($cmd) ?
$cmd : [ $cmd ];
1393 my $save_uid = POSIX
::getuid
();
1394 my $pg_uid = getpwnam('postgres') || die "getpwnam postgres failed\n";
1396 PVE
::Tools
::setresuid
(-1, $pg_uid, -1) ||
1397 die "setresuid postgres ($pg_uid) failed - $!\n";
1399 PVE
::Tools
::run_command
([@$cmd, '-U', 'postgres', @params], %$options);
1401 PVE
::Tools
::setresuid
(-1, $save_uid, -1) ||
1402 die "setresuid back failed - $!\n";
1405 sub get_pg_server_version
{
1411 # 11.4 (Debian 11.4-1)
1412 # see https://www.postgresql.org/support/versioning/
1413 my ($first_comp) = ($line =~ m/^\s*([0-9]+)/);
1414 if ($first_comp < 10) {
1415 ($major_ver) = ($line =~ m/^([0-9]+\.[0-9]+)\.[0-9]+/);
1417 $major_ver = $first_comp;
1422 postgres_admin_cmd
('psql', { outfunc
=> $parser }, '--quiet',
1423 '--tuples-only', '--no-align', '--command', 'show server_version;');
1426 die "Unable to determine currently running Postgresql server version\n"
1427 if ($@ || !defined($major_ver));
projects / pmg-api.git / blob