From: Lukas Wagner <l.wagner@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH proxmox-mail-forward 10/11] feed forwarded mails into proxmox_notify
Date: Thu, 31 Aug 2023 13:06:20 +0200 [thread overview]
Message-ID: <20230831110621.340832-11-l.wagner@proxmox.com> (raw)
In-Reply-To: <20230831110621.340832-1-l.wagner@proxmox.com>
This allows us to send notifications for events from daemons that are
not under our control, e.g. zed, smartd, cron. etc...
For mail-based notification targets (sendmail, soon smtp) the mail is
forwarded as is, including all headers.
All other target types will try to parse the email to extra subject
and text body.
On PBS, where proxmox-notify is not yet fully integrated, we also use
proxmox-notify. There, we simply fall back to the default
target/policy (mail-to-root, which looks up root@pam's mail address).
Once notification support is built into PBS, proxmox-mail-forward
should automatically work in the same way as for PVE.
Signed-off-by: Lukas Wagner <l.wagner@proxmox.com>
---
Cargo.toml | 8 +-
src/main.rs | 348 +++++++++++++++++++++++++++++++++++-----------------
2 files changed, 238 insertions(+), 118 deletions(-)
diff --git a/Cargo.toml b/Cargo.toml
index c68e802..64f8d47 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -3,6 +3,7 @@ name = "proxmox-mail-forward"
version = "0.2.0"
authors = [
"Fiona Ebner <f.ebner@proxmox.com>",
+ "Lukas Wagner <l.wagner@proxmox.com>",
"Proxmox Support Team <support@proxmox.com>",
]
edition = "2021"
@@ -17,9 +18,10 @@ anyhow = "1.0"
log = "0.4.17"
nix = "0.26"
serde = { version = "1.0", features = ["derive"] }
-#serde_json = "1.0"
+serde_json = "1.0"
syslog = "6.0"
-proxmox-schema = "1.3"
-proxmox-section-config = "1.0.2"
+proxmox-schema = { version = "2.0", features = ["api-macro"] }
+proxmox-section-config = "2.0"
proxmox-sys = "0.5"
+proxmox-notify = {version = "0.2", features = ["mail-forwarder", "pve-context", "pbs-context"] }
diff --git a/src/main.rs b/src/main.rs
index f3d4193..d3b7b6a 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -1,39 +1,58 @@
+use std::io::Read;
use std::path::Path;
-use std::process::Command;
-use anyhow::{bail, format_err, Error};
+use anyhow::Error;
use serde::Deserialize;
-use proxmox_schema::{ObjectSchema, Schema, StringSchema};
-use proxmox_section_config::{SectionConfig, SectionConfigPlugin};
+use proxmox_notify::context::pbs::PBS_CONTEXT;
+use proxmox_notify::context::pve::PVE_CONTEXT;
+use proxmox_notify::endpoints::sendmail::SendmailConfig;
+use proxmox_notify::Config;
+use proxmox_schema::{api, ApiType};
use proxmox_sys::fs;
-const PBS_USER_CFG_FILENAME: &str = "/etc/proxmox-backup/user.cfg";
-const PBS_ROOT_USER: &str = "root@pam";
-
-// FIXME: Switch to the actual schema when possible in terms of dependency.
-// It's safe to assume that the config was written with the actual schema restrictions, so parsing
-// it with the less restrictive schema should be enough for the purpose of getting the mail address.
-const DUMMY_ID_SCHEMA: Schema = StringSchema::new("dummy ID").min_length(3).schema();
-const DUMMY_EMAIL_SCHEMA: Schema = StringSchema::new("dummy email").schema();
-const DUMMY_USER_SCHEMA: ObjectSchema = ObjectSchema {
- description: "minimal PBS user",
- properties: &[
- ("userid", false, &DUMMY_ID_SCHEMA),
- ("email", true, &DUMMY_EMAIL_SCHEMA),
- ],
- additional_properties: true,
- default_key: None,
-};
+const PVE_CFG_PATH: &str = "/etc/pve";
+const PVE_DATACENTER_CFG_FILENAME: &str = "/etc/pve/datacenter.cfg";
+const PVE_PUB_NOTIFICATION_CFG_FILENAME: &str = "/etc/pve/notifications.cfg";
+const PVE_PRIV_NOTIFICATION_CFG_FILENAME: &str = "/etc/pve/priv/notifications.cfg";
+
+const PBS_CFG_PATH: &str = "/etc/proxmox-backup";
+const PBS_NODE_CFG_FILENAME: &str = "/etc/proxmox-backup/node.cfg";
+const PBS_PUB_NOTIFICATION_CFG_FILENAME: &str = "/etc/proxmox-backup/notifications.cfg";
+const PBS_PRIV_NOTIFICATION_CFG_FILENAME: &str = "/etc/proxmox-backup/notifications-priv.cfg";
-#[derive(Deserialize)]
-struct DummyPbsUser {
- pub email: Option<String>,
+#[api]
+#[derive(Deserialize, Default, Debug, PartialEq)]
+#[serde(rename_all = "kebab-case")]
+enum Policy {
+ #[default]
+ /// Always send a notification.
+ Always,
+ /// Never send a notification.
+ Never,
}
-const PVE_USER_CFG_FILENAME: &str = "/etc/pve/user.cfg";
-const PVE_DATACENTER_CFG_FILENAME: &str = "/etc/pve/datacenter.cfg";
-const PVE_ROOT_USER: &str = "root@pam";
+#[api(
+ properties: {},
+ additional_properties: true,
+)]
+#[derive(Deserialize, Default, Debug)]
+#[serde(rename_all = "kebab-case")]
+/// Parsed property string for the `notify` key in `datacenter.cfg`
+struct NotifyPropertyString {
+ /// Target for redirected system mails.
+ target_system_mail: Option<String>,
+ /// Notification policy for system mails
+ system_mail: Option<Policy>,
+}
+
+/// Forwarding policy for system mail
+struct NotificationPolicy {
+ /// Target for redirected system mails.
+ target: String,
+ /// Notification policy for system mails
+ policy: Policy,
+}
/// Convenience helper to get the trimmed contents of an optional &str, mapping blank ones to `None`
/// and creating a String from it for returning.
@@ -44,89 +63,143 @@ fn normalize_for_return(s: Option<&str>) -> Option<String> {
}
}
-/// Extract the root user's email address from the PBS user config.
-fn get_pbs_mail_to(content: &str) -> Option<String> {
- let mut config = SectionConfig::new(&DUMMY_ID_SCHEMA).allow_unknown_sections(true);
- let user_plugin = SectionConfigPlugin::new(
- "user".to_string(),
- Some("userid".to_string()),
- &DUMMY_USER_SCHEMA,
- );
- config.register_plugin(user_plugin);
-
- match config.parse(PBS_USER_CFG_FILENAME, content) {
- Ok(parsed) => {
- parsed.sections.get(PBS_ROOT_USER)?;
- match parsed.lookup::<DummyPbsUser>("user", PBS_ROOT_USER) {
- Ok(user) => normalize_for_return(user.email.as_deref()),
- Err(err) => {
- log::error!("unable to parse {} - {}", PBS_USER_CFG_FILENAME, err);
- None
- }
- }
- }
+/// Wrapper around `proxmox_sys::fs::file_read_optional_string` which also returns `None` upon error
+/// after logging it.
+fn attempt_file_read<P: AsRef<Path>>(path: P) -> Option<String> {
+ match fs::file_read_optional_string(path) {
+ Ok(contents) => contents,
Err(err) => {
- log::error!("unable to parse {} - {}", PBS_USER_CFG_FILENAME, err);
+ log::error!("{}", err);
None
}
}
}
-/// Extract the root user's email address from the PVE user config.
-fn get_pve_mail_to(content: &str) -> Option<String> {
- normalize_for_return(content.lines().find_map(|line| {
- let fields: Vec<&str> = line.split(':').collect();
- #[allow(clippy::get_first)] // to keep expression style consistent
- match fields.get(0)?.trim() == "user" && fields.get(1)?.trim() == PVE_ROOT_USER {
- true => fields.get(6).copied(),
- false => None,
- }
- }))
-}
-
-/// Extract the From-address configured in the PVE datacenter config.
-fn get_pve_mail_from(content: &str) -> Option<String> {
+/// Look up a the value of a given key in PVE datacenter config
+fn lookup_datacenter_config_key(content: &str, key: &str) -> Option<String> {
+ let key_prefix = format!("{key}:");
normalize_for_return(
content
.lines()
- .find_map(|line| line.strip_prefix("email_from:")),
+ .find_map(|line| line.strip_prefix(&key_prefix)),
)
}
-/// Executes sendmail as a child process with the specified From/To-addresses, expecting the mail
-/// contents to be passed via stdin inherited from this program.
-fn forward_mail(mail_from: String, mail_to: Vec<String>) -> Result<(), Error> {
- if mail_to.is_empty() {
- bail!("user 'root@pam' does not have an email address");
+/// Read data from stdin, until EOF is encountered.
+fn read_stdin() -> Result<Vec<u8>, Error> {
+ let mut input = Vec::new();
+ let stdin = std::io::stdin();
+ let mut handle = stdin.lock();
+
+ handle.read_to_end(&mut input)?;
+ Ok(input)
+}
+
+/// Parse node.cfg/datacenter.cfg and extract system mail target/policy.
+fn system_mail_target_policy(datacenter_config: Option<&str>) -> NotificationPolicy {
+ let cfg: Result<_, Error> = datacenter_config
+ .and_then(|cfg| lookup_datacenter_config_key(cfg, "notify"))
+ .map(|val| {
+ let val = NotifyPropertyString::API_SCHEMA.parse_property_string(&val)?;
+ let config: NotifyPropertyString = serde_json::from_value(val)?;
+ Ok(config)
+ })
+ .transpose();
+
+ let cfg = match cfg {
+ Ok(cfg) => cfg.unwrap_or_default(),
+ Err(err) => {
+ log::error!(
+ "could not read system mail notification settings from datacenter.cfg: {err}"
+ );
+
+ Default::default()
+ }
+ };
+
+ NotificationPolicy {
+ target: cfg
+ .target_system_mail
+ .unwrap_or_else(|| String::from("mail-to-root")),
+ policy: cfg.system_mail.unwrap_or_default(),
}
+}
- log::info!("forward mail to <{}>", mail_to.join(","));
+fn forward_common(
+ mail: &[u8],
+ config: &mut Config,
+ target: &NotificationPolicy,
+) -> Result<(), Error> {
+ let real_uid = nix::unistd::getuid();
+ // The uid is passed so that `sendmail` can be called as the a correct user.
+ let notification =
+ proxmox_notify::Notification::new_forwarded_mail(mail, Some(real_uid.as_raw()))?;
- let mut cmd = Command::new("sendmail");
- cmd.args([
- "-bm", "-N", "never", // never send DSN (avoid mail loops)
- "-f", &mail_from, "--",
- ]);
- cmd.args(mail_to);
- cmd.env("PATH", "/sbin:/bin:/usr/sbin:/usr/bin");
+ // TODO: mail-to-root should *always* be always available, but right now that is only ensured
+ // in PVE::Notify - maybe we should move that to proxmox_notify? So that we don't have to
+ // add it here?
+ proxmox_notify::api::sendmail::add_endpoint(
+ config,
+ &SendmailConfig {
+ name: "mail-to-root".to_string(),
+ mailto_user: Some(vec!["root@pam".to_string()]),
+ ..Default::default()
+ },
+ )?;
- // with status(), child inherits stdin
- cmd.status()
- .map_err(|err| format_err!("command {:?} failed - {}", cmd, err))?;
+ if matches!(target.policy, Policy::Always) {
+ let target = &target.target;
+ log::info!("attempting to forward mail via target {target}");
+ proxmox_notify::api::common::send(config, target, ¬ification)?;
+ } else {
+ log::info!(
+ "'notify: system-mail=never' set in datacenter.cfg/node.cfg, mail is not forwarded"
+ );
+ }
Ok(())
}
-/// Wrapper around `proxmox_sys::fs::file_read_optional_string` which also returns `None` upon error
-/// after logging it.
-fn attempt_file_read<P: AsRef<Path>>(path: P) -> Option<String> {
- match fs::file_read_optional_string(path) {
- Ok(contents) => contents,
- Err(err) => {
- log::error!("{}", err);
- None
- }
- }
+/// Forward the mail to root@pam for a PVE installation. If no mail address is configured or
+/// if the user.cfg file does not exist (e.g. if PBS is not actually installed), nothing will
+/// happen.
+fn forward_for_pve(mail: &[u8]) -> Result<(), Error> {
+ let mut config = notification_config(
+ PVE_PUB_NOTIFICATION_CFG_FILENAME,
+ PVE_PRIV_NOTIFICATION_CFG_FILENAME,
+ )?;
+ let datacenter_config = attempt_file_read(PVE_DATACENTER_CFG_FILENAME);
+ let target = system_mail_target_policy(datacenter_config.as_deref());
+
+ proxmox_notify::context::set_context(&PVE_CONTEXT);
+
+ forward_common(mail, &mut config, &target)
+}
+
+/// Forward the mail to root@pam for a PBS installation. If no mail address is configured or
+/// if the user.cfg file does not exist (e.g. if PBS is not actually installed), nothing will
+/// happen.
+fn forward_for_pbs(mail: &[u8]) -> Result<(), Error> {
+ let mut config = notification_config(
+ PBS_PUB_NOTIFICATION_CFG_FILENAME,
+ PBS_PRIV_NOTIFICATION_CFG_FILENAME,
+ )?;
+ let node_config = attempt_file_read(PBS_NODE_CFG_FILENAME);
+ let target = system_mail_target_policy(node_config.as_deref());
+
+ proxmox_notify::context::set_context(&PBS_CONTEXT);
+
+ forward_common(mail, &mut config, &target)
+}
+
+/// Parse notification config.
+///
+/// If the configuration file does not exist, this will return an empty configuration.
+fn notification_config(public_path: &str, private_path: &str) -> Result<Config, Error> {
+ let public_contents = attempt_file_read(public_path).unwrap_or_default();
+ let private_contents = attempt_file_read(private_path).unwrap_or_default();
+
+ Config::new(&public_contents, &private_contents).map_err(Into::into)
}
fn main() {
@@ -135,40 +208,85 @@ fn main() {
log::LevelFilter::Info,
Some("proxmox-mail-forward"),
) {
- eprintln!("unable to inititialize syslog - {}", err);
+ eprintln!("unable to initialize syslog - {}", err);
}
- let pbs_user_cfg_content = attempt_file_read(PBS_USER_CFG_FILENAME);
- let pve_user_cfg_content = attempt_file_read(PVE_USER_CFG_FILENAME);
- let pve_datacenter_cfg_content = attempt_file_read(PVE_DATACENTER_CFG_FILENAME);
+ // Read the mail that is to be forwarded from stdin
+ match read_stdin() {
+ Ok(mail) => {
+ // Detect if we are on a PVE system. False positives, e.g. from
+ // left-overs of a co-installation with PBS might lead to a mail
+ // being forwarded twice or error messages in the system logs (e.g.
+ // if we fall back to 'mail-to-root' but root@pam has no email address
+ // configured, then the sendmail target will complain about a missing recipient)
+ if Path::new(PVE_CFG_PATH).exists() {
+ if let Err(err) = forward_for_pve(&mail) {
+ log::error!("could not forward mail for Proxmox VE: {err}");
+ }
+ }
- let real_uid = nix::unistd::getuid();
- if let Err(err) = nix::unistd::setresuid(real_uid, real_uid, real_uid) {
- log::error!(
- "mail forward failed: unable to set effective uid to {}: {}",
- real_uid,
- err
- );
- return;
+ // Same as above...
+ if Path::new(PBS_CFG_PATH).exists() {
+ if let Err(err) = forward_for_pbs(&mail) {
+ log::error!("could not forward mail for Proxmox Backup Server: {err}");
+ }
+ }
+ }
+ Err(err) => {
+ log::error!("could not read mail from STDIN: {err}")
+ }
}
+}
- let pbs_mail_to = pbs_user_cfg_content.and_then(|content| get_pbs_mail_to(&content));
- let pve_mail_to = pve_user_cfg_content.and_then(|content| get_pve_mail_to(&content));
- let pve_mail_from = pve_datacenter_cfg_content.and_then(|content| get_pve_mail_from(&content));
+#[cfg(test)]
+mod tests {
+ use super::*;
+
+ #[test]
+ fn test_notify_all_set() {
+ let config = Some(
+ "
+email_from: root@example.com
+notify: target-system-mail=foobar,system-mail=always
+keyboard: en-us
+ ",
+ );
- let mail_from = pve_mail_from.unwrap_or_else(|| "root".to_string());
+ let policy = system_mail_target_policy(config);
- let mut mail_to = vec![];
- if let Some(pve_mail_to) = pve_mail_to {
- mail_to.push(pve_mail_to);
+ assert_eq!(policy.target, "foobar");
+ assert_eq!(policy.policy, Policy::Always);
}
- if let Some(pbs_mail_to) = pbs_mail_to {
- if !mail_to.contains(&pbs_mail_to) {
- mail_to.push(pbs_mail_to);
- }
+
+ #[test]
+ fn test_correct_defaults() {
+ let config = Some(
+ "
+email_from: root@example.com
+keyboard: en-us
+ ",
+ );
+
+ let policy = system_mail_target_policy(config);
+
+ assert_eq!(policy.target, "mail-to-root");
+ assert_eq!(policy.policy, Policy::Always);
}
- if let Err(err) = forward_mail(mail_from, mail_to) {
- log::error!("mail forward failed: {}", err);
+ #[test]
+ fn test_invalid_policy() {
+ let config = Some(
+ "
+email_from: root@example.com
+notify: system-mail=invalid
+keyboard: en-us
+ ",
+ );
+
+ let policy = system_mail_target_policy(config);
+
+ assert_eq!(policy.target, "mail-to-root");
+ // Fall back to always if the policy is invalid
+ assert_eq!(policy.policy, Policy::Always);
}
}
--
2.39.2
next prev parent reply other threads:[~2023-08-31 11:06 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-31 11:06 [pve-devel] [PATCH many 00/11] notifications: feed system " Lukas Wagner
2023-08-31 11:06 ` [pve-devel] [PATCH debcargo-conf 01/11] package mail-parser 0.8.2 Lukas Wagner
2023-08-31 11:06 ` [pve-devel] [PATCH proxmox 02/11] sys: email: add `forward` Lukas Wagner
2023-08-31 11:06 ` [pve-devel] [PATCH proxmox 03/11] notify: introduce Error::Generic Lukas Wagner
2023-08-31 11:06 ` [pve-devel] [PATCH proxmox 04/11] notify: add mechanisms for email message forwarding Lukas Wagner
2023-08-31 11:06 ` [pve-devel] [PATCH proxmox 05/11] notify: add PVE/PBS context Lukas Wagner
2023-08-31 11:06 ` [pve-devel] [PATCH proxmox-perl-rs 06/11] notify: construct Notification via constructor Lukas Wagner
2023-08-31 11:06 ` [pve-devel] [PATCH proxmox-perl-rs 07/11] pve-rs: notify: remove notify_context for PVE Lukas Wagner
2023-08-31 11:06 ` [pve-devel] [PATCH pve-cluster 08/11] datacenter config: add new parameters for system mail forwarding Lukas Wagner
2023-08-31 11:06 ` [pve-devel] [PATCH pve-manager 09/11] ui: notify: add system-mail settings, configuring " Lukas Wagner
2023-08-31 11:06 ` Lukas Wagner [this message]
2023-08-31 11:06 ` [pve-devel] [PATCH pve-docs 11/11] notification: add docs for system " Lukas Wagner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230831110621.340832-11-l.wagner@proxmox.com \
--to=l.wagner@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox