X-Git-Url: https://git.proxmox.com/?p=pve-common.git;a=blobdiff_plain;f=src%2FPVE%2FTools.pm;h=0fb7f3c0b15b6a47a4c7d33a29b2f8db60e3339b;hp=01823c28fd1cbaa1ea5ad394215b75b31007f808;hb=123921731abd556c038c746973fee1a1c87b6920;hpb=a0b6ef523a2f3ea423bd61b5257dee7c96cb1a0a diff --git a/src/PVE/Tools.pm b/src/PVE/Tools.pm index 01823c2..0fb7f3c 100644 --- a/src/PVE/Tools.pm +++ b/src/PVE/Tools.pm @@ -8,8 +8,11 @@ use Socket qw(AF_INET AF_INET6 AI_ALL AI_V4MAPPED); use IO::Select; use File::Basename; use File::Path qw(make_path); +use Filesys::Df (); # don't overwrite our df() +use IO::Pipe; use IO::File; use IO::Dir; +use IO::Handle; use IPC::Open3; use Fcntl qw(:DEFAULT :flock); use base 'Exporter'; @@ -18,7 +21,10 @@ use Encode; use Digest::SHA; use Text::ParseWords; use String::ShellQuote; -use Time::HiRes qw(usleep gettimeofday tv_interval); +use Time::HiRes qw(usleep gettimeofday tv_interval alarm); +use Net::DBus qw(dbus_uint32 dbus_uint64); +use Net::DBus::Callback; +use Net::DBus::Reactor; # avoid warning when parsing long hex values with hex() no warnings 'portable'; # Support for 64-bit ints required @@ -39,6 +45,9 @@ template_replace safe_print trim extract_param +file_copy +O_PATH +O_TMPFILE ); my $pvelogdir = "/var/log/pve"; @@ -47,7 +56,7 @@ my $pvetaskdir = "$pvelogdir/tasks"; mkdir $pvelogdir; mkdir $pvetaskdir; -my $IPV4OCTET = "(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9])"; +my $IPV4OCTET = "(?:25[0-5]|(?:2[0-4]|1[0-9]|[1-9])?[0-9])"; our $IPV4RE = "(?:(?:$IPV4OCTET\\.){3}$IPV4OCTET)"; my $IPV6H16 = "(?:[0-9a-fA-F]{1,4})"; my $IPV6LS32 = "(?:(?:$IPV4RE|$IPV6H16:$IPV6H16))"; @@ -63,35 +72,48 @@ our $IPV6RE = "(?:" . "(?:(?:(?:(?:$IPV6H16:){0,5}$IPV6H16)?::" . ")$IPV6H16)|" . "(?:(?:(?:(?:$IPV6H16:){0,6}$IPV6H16)?::" . ")))"; +our $IPRE = "(?:$IPV4RE|$IPV6RE)"; + +use constant {CLONE_NEWNS => 0x00020000, + CLONE_NEWUTS => 0x04000000, + CLONE_NEWIPC => 0x08000000, + CLONE_NEWUSER => 0x10000000, + CLONE_NEWPID => 0x20000000, + CLONE_NEWNET => 0x40000000}; + +use constant {O_PATH => 0x00200000, + O_TMPFILE => 0x00410000}; # This includes O_DIRECTORY + sub run_with_timeout { my ($timeout, $code, @param) = @_; die "got timeout\n" if $timeout <= 0; - my $prev_alarm; + my $prev_alarm = alarm 0; # suspend outer alarm early my $sigcount = 0; my $res; - local $SIG{ALRM} = sub { $sigcount++; }; # catch alarm outside eval - eval { local $SIG{ALRM} = sub { $sigcount++; die "got timeout\n"; }; local $SIG{PIPE} = sub { $sigcount++; die "broken pipe\n" }; local $SIG{__DIE__}; # see SA bug 4631 - $prev_alarm = alarm($timeout); + alarm($timeout); - $res = &$code(@param); + eval { $res = &$code(@param); }; alarm(0); # avoid race conditions + + die $@ if $@; }; my $err = $@; - alarm($prev_alarm) if defined($prev_alarm); + alarm $prev_alarm; + # this shouldn't happen anymore? die "unknown error" if $sigcount && !$err; # seems to happen sometimes die $err if $err; @@ -113,15 +135,16 @@ sub lock_file_full { my $lock_func = sub { if (!$lock_handles->{$$}->{$filename}) { - $lock_handles->{$$}->{$filename} = new IO::File (">>$filename") || - die "can't open file - $!\n"; + my $fh = new IO::File(">>$filename") || + die "can't open file - $!\n"; + $lock_handles->{$$}->{$filename} = { fh => $fh, refcount => 0}; } - if (!flock ($lock_handles->{$$}->{$filename}, $mode|LOCK_NB)) { - print STDERR "trying to aquire lock..."; + if (!flock($lock_handles->{$$}->{$filename}->{fh}, $mode|LOCK_NB)) { + print STDERR "trying to acquire lock..."; my $success; while(1) { - $success = flock($lock_handles->{$$}->{$filename}, $mode); + $success = flock($lock_handles->{$$}->{$filename}->{fh}, $mode); # try again on EINTR (see bug #273) if ($success || ($! != EINTR)) { last; @@ -129,10 +152,11 @@ sub lock_file_full { } if (!$success) { print STDERR " failed\n"; - die "can't aquire lock - $!\n"; + die "can't acquire lock '$filename' - $!\n"; } print STDERR " OK\n"; } + $lock_handles->{$$}->{$filename}->{refcount}++; }; my $res; @@ -146,9 +170,12 @@ sub lock_file_full { $err = $@; } - if (my $fh = $lock_handles->{$$}->{$filename}) { - $lock_handles->{$$}->{$filename} = undef; - close ($fh); + if (my $fh = $lock_handles->{$$}->{$filename}->{fh}) { + my $refcount = --$lock_handles->{$$}->{$filename}->{refcount}; + if ($refcount <= 0) { + $lock_handles->{$$}->{$filename} = undef; + close ($fh); + } } if ($err) { @@ -208,6 +235,12 @@ sub file_get_contents { return $content; } +sub file_copy { + my ($filename, $dst, $max, $perm) = @_; + + file_set_contents ($dst, file_get_contents($filename, $max), $perm); +} + sub file_read_firstline { my ($filename) = @_; @@ -240,22 +273,59 @@ sub safe_read_from { return $input; } +# The $cmd parameter can be: +# -) a string +# This is generally executed by passing it to the shell with the -c option. +# However, it can be executed in one of two ways, depending on whether +# there's a pipe involved: +# *) with pipe: passed explicitly to bash -c, prefixed with: +# set -o pipefail && +# *) without a pipe: passed to perl's open3 which uses 'sh -c' +# (Note that this may result in two different syntax requirements!) +# FIXME? +# -) an array of arguments (strings) +# Will be executed without interference from a shell. (Parameters are passed +# as is, no escape sequences of strings will be touched.) +# -) an array of arrays +# Each array represents a command, and each command's output is piped into +# the following command's standard input. +# For this a shell command string is created with pipe symbols between each +# command. +# Each command is a list of strings meant to end up in the final command +# unchanged. In order to achieve this, every argument is shell-quoted. +# Quoting can be disabled for a particular argument by turning it into a +# reference, this allows inserting arbitrary shell options. +# For instance: the $cmd [ [ 'echo', 'hello', \'>/dev/null' ] ] will not +# produce any output, while the $cmd [ [ 'echo', 'hello', '>/dev/null' ] ] +# will literally print: hello >/dev/null sub run_command { my ($cmd, %param) = @_; my $old_umask; my $cmdstr; - if (!ref($cmd)) { + if (my $ref = ref($cmd)) { + if (ref($cmd->[0])) { + $cmdstr = 'set -o pipefail && '; + my $pipe = ''; + foreach my $command (@$cmd) { + # concatenate quoted parameters + # strings which are passed by reference are NOT shell quoted + $cmdstr .= $pipe . join(' ', map { ref($_) ? $$_ : shellquote($_) } @$command); + $pipe = ' | '; + } + $cmd = [ '/bin/bash', '-c', "$cmdstr" ]; + } else { + $cmdstr = cmd2string($cmd); + } + } else { $cmdstr = $cmd; - if ($cmd =~ m/|/) { + if ($cmd =~ m/\|/) { # see 'man bash' for option pipefail $cmd = [ '/bin/bash', '-c', "set -o pipefail && $cmd" ]; } else { $cmd = [ $cmd ]; } - } else { - $cmdstr = cmd2string($cmd); } my $errmsg; @@ -263,6 +333,7 @@ sub run_command { my $timeout; my $oldtimeout; my $pid; + my $exitcode; my $outfunc; my $errfunc; @@ -270,6 +341,7 @@ sub run_command { my $input; my $output; my $afterfork; + my $noerr; eval { @@ -292,6 +364,8 @@ sub run_command { $logfunc = $param{$p}; } elsif ($p eq 'afterfork') { $afterfork = $param{$p}; + } elsif ($p eq 'noerr') { + $noerr = $param{$p}; } else { die "got unknown parameter '$p' for run_command\n"; } @@ -437,14 +511,14 @@ sub run_command { die "failed to execute\n"; } elsif (my $sig = ($? & 127)) { die "got signal $sig\n"; - } elsif (my $ec = ($? >> 8)) { - if (!($ec == 24 && ($cmdstr =~ m|^(\S+/)?rsync\s|))) { + } elsif ($exitcode = ($? >> 8)) { + if (!($exitcode == 24 && ($cmdstr =~ m|^(\S+/)?rsync\s|))) { if ($errmsg && $laststderr) { my $lerr = $laststderr; $laststderr = undef; die "$lerr\n"; } - die "exit code $ec\n"; + die "exit code $exitcode\n"; } } @@ -473,12 +547,12 @@ sub run_command { if ($errmsg) { $err =~ s/^usermod:\s*// if $cmdstr =~ m|^(\S+/)?usermod\s|; die "$errmsg: $err"; - } else { + } elsif(!$noerr) { die "command '$cmdstr' failed: $err"; } } - return undef; + return $exitcode; } sub split_list { @@ -610,7 +684,7 @@ my $keymaphash = { }; my $kvmkeymaparray = []; -foreach my $lc (keys %$keymaphash) { +foreach my $lc (sort keys %$keymaphash) { push @$kvmkeymaparray, $keymaphash->{$lc}->[1]; } @@ -696,7 +770,8 @@ sub next_unused_port { LocalPort => $p, ReuseAddr => 1, Family => $family, - Proto => 0); + Proto => 0, + GetAddrInfoFlags => 0); if ($sock) { close($sock); @@ -742,33 +817,51 @@ sub next_spice_port { # NOTE: NFS syscall can't be interrupted, so alarm does # not work to provide timeouts. # from 'man nfs': "Only SIGKILL can interrupt a pending NFS operation" -# So the spawn external 'df' process instead of using -# Filesys::Df (which uses statfs syscall) +# So fork() before using Filesys::Df sub df { my ($path, $timeout) = @_; - my $cmd = [ 'df', '-P', '-B', '1', $path]; - my $res = { total => 0, used => 0, avail => 0, }; - my $parser = sub { - my $line = shift; - if (my ($fsid, $total, $used, $avail) = $line =~ - m/^(\S+.*)\s+(\d+)\s+(\d+)\s+(\d+)\s+\d+%\s.*$/) { - $res = { - total => $total, - used => $used, - avail => $avail, - }; + my $pipe = IO::Pipe->new(); + my $child = fork(); + if (!defined($child)) { + warn "fork failed: $!\n"; + return $res; + } + + if (!$child) { + $pipe->writer(); + eval { + my $df = Filesys::Df::df($path, 1); + print {$pipe} "$df->{blocks}\n$df->{used}\n$df->{bavail}\n"; + $pipe->close(); + }; + if (my $err = $@) { + warn $err; + POSIX::_exit(1); } + POSIX::_exit(0); + } + + $pipe->reader(); + + my $readvalues = sub { + $res->{total} = int((<$pipe> =~ /^(\d*)$/)[0]); + $res->{used} = int((<$pipe> =~ /^(\d*)$/)[0]); + $res->{avail} = int((<$pipe> =~ /^(\d*)$/)[0]); + }; + eval { + run_with_timeout($timeout, $readvalues); }; - eval { run_command($cmd, timeout => $timeout, outfunc => $parser); }; warn $@ if $@; - + $pipe->close(); + kill('KILL', $child); + waitpid($child, 0); return $res; } @@ -887,28 +980,20 @@ sub decode_utf8_parameters { } sub random_ether_addr { + my ($prefix) = @_; my ($seconds, $microseconds) = gettimeofday; - my $rand = Digest::SHA::sha1_hex($$, rand(), $seconds, $microseconds); + my $rand = Digest::SHA::sha1($$, rand(), $seconds, $microseconds); - my $mac = ''; - for (my $i = 0; $i < 6; $i++) { - my $ss = hex(substr($rand, $i*2, 2)); - if (!$i) { - $ss &= 0xfe; # clear multicast - $ss |= 2; # set local id - } - $ss = sprintf("%02X", $ss); + # clear multicast, set local id + vec($rand, 0, 8) = (vec($rand, 0, 8) & 0xfe) | 2; - if (!$i) { - $mac .= "$ss"; - } else { - $mac .= ":$ss"; - } + my $addr = sprintf("%02X:%02X:%02X:%02X:%02X:%02X", unpack("C6", $rand)); + if (defined($prefix)) { + $addr = uc($prefix) . substr($addr, length($prefix)); } - - return $mac; + return $addr; } sub shellquote { @@ -987,6 +1072,40 @@ sub dump_logfile { return ($count, $lines); } +sub dump_journal { + my ($start, $limit, $since, $until) = @_; + + my $lines = []; + my $count = 0; + + $start = 0 if !$start; + $limit = 50 if !$limit; + + my $parser = sub { + my $line = shift; + + return if $count++ < $start; + return if $limit <= 0; + push @$lines, { n => int($count), t => $line}; + $limit--; + }; + + my $cmd = ['journalctl', '-o', 'short', '--no-pager']; + + push @$cmd, '--since', $since if $since; + push @$cmd, '--until', $until if $until; + run_command($cmd, outfunc => $parser); + + # HACK: ExtJS store.guaranteeRange() does not like empty array + # so we add a line + if (!$count) { + $count++; + push @$lines, { n => $count, t => "no content"}; + } + + return ($count, $lines); +} + sub dir_glob_regex { my ($dir, $regex) = @_; @@ -1070,4 +1189,244 @@ sub get_host_address_family { return $res[0]->{family}; } +# Parses any sane kind of host, or host+port pair: +# The port is always optional and thus may be undef. +sub parse_host_and_port { + my ($address) = @_; + if ($address =~ /^($IPV4RE|[[:alnum:]\-.]+)(?::(\d+))?$/ || # ipv4 or host with optional ':port' + $address =~ /^\[($IPV6RE|$IPV4RE|[[:alnum:]\-.]+)\](?::(\d+))?$/ || # anything in brackets with optional ':port' + $address =~ /^($IPV6RE)(?:\.(\d+))?$/) # ipv6 with optional port separated by dot + { + return ($1, $2, 1); # end with 1 to support simple if(parse...) tests + } + return; # nothing +} + +sub unshare($) { + my ($flags) = @_; + return 0 == syscall(272, $flags); +} + +sub setns($$) { + my ($fileno, $nstype) = @_; + return 0 == syscall(308, $fileno, $nstype); +} + +sub syncfs($) { + my ($fileno) = @_; + return 0 == syscall(306, $fileno); +} + +sub sync_mountpoint { + my ($path) = @_; + sysopen my $fd, $path, O_PATH or die "failed to open $path: $!\n"; + my $result = syncfs(fileno($fd)); + close($fd); + return $result; +} + +# support sending multi-part mail messages with a text and or a HTML part +# mailto may be a single email string or an array of receivers +sub sendmail { + my ($mailto, $subject, $text, $html, $mailfrom, $author) = @_; + my $mail_re = qr/[^-a-zA-Z0-9+._@]/; + + $mailto = [ $mailto ] if !ref($mailto); + + foreach (@$mailto) { + die "illegal character in mailto address\n" + if ($_ =~ $mail_re); + } + + my $rcvrtxt = join (', ', @$mailto); + + $mailfrom = $mailfrom || "root"; + die "illegal character in mailfrom address\n" + if $mailfrom =~ $mail_re; + + $author = $author || 'Proxmox VE'; + + open (MAIL, "|-", "sendmail", "-B", "8BITMIME", "-f", $mailfrom, @$mailto) || + die "unable to open 'sendmail' - $!"; + + # multipart spec see https://www.ietf.org/rfc/rfc1521.txt + my $boundary = "----_=_NextPart_001_".int(time).$$; + + print MAIL "Content-Type: multipart/alternative;\n"; + print MAIL "\tboundary=\"$boundary\"\n"; + print MAIL "MIME-Version: 1.0\n"; + + print MAIL "FROM: $author <$mailfrom>\n"; + print MAIL "TO: $rcvrtxt\n"; + print MAIL "SUBJECT: $subject\n"; + print MAIL "\n"; + print MAIL "This is a multi-part message in MIME format.\n\n"; + print MAIL "--$boundary\n"; + + if (defined($text)) { + print MAIL "Content-Type: text/plain;\n"; + print MAIL "\tcharset=\"UTF8\"\n"; + print MAIL "Content-Transfer-Encoding: 8bit\n"; + print MAIL "\n"; + + # avoid 'remove extra line breaks' issue (MS Outlook) + my $fill = ' '; + $text =~ s/^/$fill/gm; + + print MAIL $text; + + print MAIL "\n--$boundary\n"; + } + + if (defined($html)) { + print MAIL "Content-Type: text/html;\n"; + print MAIL "\tcharset=\"UTF8\"\n"; + print MAIL "Content-Transfer-Encoding: 8bit\n"; + print MAIL "\n"; + + print MAIL $html; + + print MAIL "\n--$boundary--\n"; + } + + close(MAIL); +} + +sub tempfile { + my ($perm, %opts) = @_; + + # default permissions are stricter than with file_set_contents + $perm = 0600 if !defined($perm); + + my $dir = $opts{dir} // '/tmp'; + my $mode = $opts{mode} // O_RDWR; + $mode |= O_EXCL if !$opts{allow_links}; + + my $fh = IO::File->new($dir, $mode | O_TMPFILE, $perm) + or die "failed to create tempfile: $!\n"; + return $fh; +} + +sub tempfile_contents { + my ($data, $perm, %opts) = @_; + + my $fh = tempfile($perm, %opts); + eval { + die "unable to write to tempfile: $!\n" if !print {$fh} $data; + die "unable to flush to tempfile: $!\n" if !defined($fh->flush()); + }; + if (my $err = $@) { + close $fh; + die $err; + } + + return ("/proc/$$/fd/".$fh->fileno, $fh); +} + +sub validate_ssh_public_keys { + my ($raw) = @_; + my @lines = split(/\n/, $raw); + + foreach my $line (@lines) { + next if $line =~ m/^\s*$/; + eval { + my ($filename, $handle) = tempfile_contents($line); + run_command(["ssh-keygen", "-l", "-f", $filename], + outfunc => sub {}, errfunc => sub {}); + }; + die "SSH public key validation error\n" if $@; + } +} + +sub openat($$$;$) { + my ($dirfd, $pathname, $flags, $mode) = @_; + my $fd = syscall(257, $dirfd, $pathname, $flags, $mode//0); + return undef if $fd < 0; + # sysopen() doesn't deal with numeric file descriptors apparently + # so we need to convert to a mode string for IO::Handle->new_from_fd + my $flagstr = ($flags & O_RDWR) ? 'rw' : ($flags & O_WRONLY) ? 'w' : 'r'; + my $handle = IO::Handle->new_from_fd($fd, $flagstr); + return $handle if $handle; + my $err = $!; # save error before closing the raw fd + syscall(3, $fd); # close + $! = $err; + return undef; +} + +sub mkdirat($$$) { + my ($dirfd, $name, $mode) = @_; + return syscall(258, $dirfd, $name, $mode) == 0; +} + +# NOTE: This calls the dbus main loop and must not be used when another dbus +# main loop is being used as we need to wait for the JobRemoved signal. +# Polling the job status instead doesn't work because this doesn't give us the +# distinction between success and failure. +# +# Note that the description is mandatory for security reasons. +sub enter_systemd_scope { + my ($unit, $description, %extra) = @_; + die "missing description\n" if !defined($description); + + my $timeout = delete $extra{timeout}; + + $unit .= '.scope'; + my $properties = [ [PIDs => [dbus_uint32($$)]] ]; + + foreach my $key (keys %extra) { + if ($key eq 'Slice' || $key eq 'KillMode') { + push @$properties, [$key, $extra{$key}]; + } elsif ($key eq 'CPUShares') { + push @$properties, [$key, dbus_uint64($extra{$key})]; + } elsif ($key eq 'CPUQuota') { + push @$properties, ['CPUQuotaPerSecUSec', + dbus_uint64($extra{$key} * 10000)]; + } else { + die "Don't know how to encode $key for systemd scope\n"; + } + } + + my $job; + my $done = 0; + + my $bus = Net::DBus->system(); + my $reactor = Net::DBus::Reactor->main(); + + my $service = $bus->get_service('org.freedesktop.systemd1'); + my $if = $service->get_object('/org/freedesktop/systemd1', 'org.freedesktop.systemd1.Manager'); + # Connect to the JobRemoved signal since we want to wait for it to finish + my $sigid; + my $timer; + my $cleanup = sub { + my ($no_shutdown) = @_; + $if->disconnect_from_signal('JobRemoved', $sigid) if defined($if); + $if = undef; + $sigid = undef; + $reactor->remove_timeout($timer) if defined($timer); + $timer = undef; + return if $no_shutdown; + $reactor->shutdown(); + }; + + $sigid = $if->connect_to_signal('JobRemoved', sub { + my ($id, $removed_job, $signaled_unit, $result) = @_; + return if $signaled_unit ne $unit || $removed_job ne $job; + $cleanup->(0); + die "systemd job failed\n" if $result ne 'done'; + $done = 1; + }); + + my $on_timeout = sub { + $cleanup->(0); + die "systemd job timed out\n"; + }; + + $timer = $reactor->add_timeout($timeout * 1000, Net::DBus::Callback->new(method => $on_timeout)) + if defined($timeout); + $job = $if->StartTransientUnit($unit, 'fail', $properties, []); + $reactor->run(); + $cleanup->(1); + die "systemd job never completed\n" if !$done; +} + 1;