[PATCH pmg-api v3 2/5] config: add log-tracker-base key

[Stoiko Ivanov <s.ivanov@proxmox.com>]

makes it possible to override the input-base parameter for
pmg-log-tracker - functionality there was added in:
9816d19 ("fix #3657: allow scanning a configurable rotated log series")

the option is restricted to root@pam, as suggested by Thomas, since
enabling other admin users to open arbitrary files on the system might
leak information, in case the parser in pmg-log-tracker matches
something unexpected. To err on the side of caution - restrict it to
root@pam, as we can always make it more liberal in the future, while
restricting it later could break some users workflows.

the pattern allows for a input-base with a maximal depth of 6
directories, which should cover all needs, and can be extended if
there are deployments that need that (restricting to fewer directories
would break backwards compat, hence the rather small limit).

the default in the config is /var/log/syslog and will be explicitly
provided to pmg-log-tracker if nothing is set in pmg.conf

exposing the option in pmg.conf enables users to use a different
log location for the daily work.

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
 src/PMG/Config.pm | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/src/PMG/Config.pm b/src/PMG/Config.pm
index 943ae1ea..8973c92d 100644
--- a/src/PMG/Config.pm
+++ b/src/PMG/Config.pm
@@ -56,6 +56,19 @@ use warnings;
 
 use base qw(PMG::Config::Base);
 
+PVE::JSONSchema::register_format('pmg-log-tracker-base', \&parse_log_tracker_base);
+
+sub parse_log_tracker_base {
+    my ($path, $noerr) = @_;
+
+    if ($path !~ m!^/([^/\0]+/){0,6}[^/\0]+$! || $path =~ m!(?://|/\.{1,2}(?:/|$))!) {
+        return undef if $noerr;
+        die "log-tracker-base '$path' contains illegal characters\n";
+    }
+
+    return $path;
+}
+
 sub type {
     return 'admin';
 }
@@ -161,6 +174,12 @@ EODESC
             maxLength => 64 * 1024,
             default => '',
         },
+        'log-tracker-base' => {
+            description => "Location of rotated mail logs, input-base argument for pmg-log-tracker",
+            type => 'string',
+            format => 'pmg-log-tracker-base',
+            default => '/var/log/syslog',
+        },
     };
 }
 
@@ -182,6 +201,7 @@ sub options {
         'dkim-use-domain' => { optional => 1 },
         'admin-mail-from' => { optional => 1 },
         'consent-text' => { optional => 1 },
+        'log-tracker-base' => { optional => 1, root_only => 1 },
     };
 }
 
-- 
2.47.3