John,
Thanks for debugging it.
You are right, we should accept all characters for an email address.
I committed the attached patch.
It set $dest and untaint it.
It execute the mailer without using a shell.
Jean-Louis
On 07/09/2014 01:06 PM, John Hein wrote:
Stefan G. Weichinger sgw-at-amanda.org |amusersj-ml0| wrote at 16:38 +0200 on
Jul 9, 2014:
> Am 09.07.2014 16:17, schrieb Stefan G. Weichinger:
> >
> > Would anyone mind sharing some real world scripts he uses with amanda?
> >
> > I think of stopping/starting DBs or something like that.
> >
> > I would appreciate some good templates ;-)
>
> I started playing with the email examples from the docs but they fail
> straight away:
>
>
> define script-tool sc-email {
> comment "email me before this DLE is backed up"
> plugin "script-email"
> execute-on pre-dle-backup
> execute-where server
> property "mailto" "[email protected]"
> }
>
>
>
> .... gives me
>
> Jul 09 16:37:11 amanda Script_email[20663]: Use of uninitialized value
> in concatenation (.) or string at
> /usr/libexec/amanda/application/script-email line 181.
> Jul 09 16:37:11 amanda Script_email[20663]: Use of uninitialized value
> $args[2] in join or string at
> /usr/libexec/amanda/application/script-email line 182.
> Jul 09 16:37:11 amanda Script_email[20664]: Use of uninitialized value
> $args[2] in open at /usr/libexec/amanda/application/script-email line 185.
> Jul 09 16:37:11 amanda Script_email[20663]: Use of uninitialized value
> in concatenation (.) or string at
> /usr/libexec/amanda/application/script-email line 186.
>
>
> Does that work for anyone else?
> Does it need anymore properties set?
>
> Thanks, Stefan
I'm not sure about the exact cause of the errors you're seeing, but it
looks like the mailto check will not accept '@' or '.' (or dashes or
underscores or numbers).
To address that, maybe try this patch:
--- libexec/amanda/application/script-email.orig 2009-11-06
10:27:46.000000000 -0700
+++ libexec/amanda/application/script-email 2014-07-09
10:02:06.000000000 -0600
@@ -154,7 +154,7 @@
my $dest;
if ($self->{mailto}) {
my $destcheck = join ',', @{$self->{mailto}};
- $destcheck =~ /^([a-zA-Z,]*)$/;
+ $destcheck =~ /^([-_[:alnum:],@.]*)$/;
$dest = $1;
} else {
$dest = "root";
Or don't try to do the mailer's job and just skip the whole destcheck
part - let the mailer catch any errors:
--- libexec/amanda/application/script-email.orig 2009-11-06
10:27:46.000000000 -0700
+++ libexec/amanda/application/script-email 2014-07-09
11:02:18.000000000 -0600
@@ -153,9 +153,7 @@
my($function) = @_;
my $dest;
if ($self->{mailto}) {
- my $destcheck = join ',', @{$self->{mailto}};
- $destcheck =~ /^([a-zA-Z,]*)$/;
- $dest = $1;
+ $dest = join ',', @{$self->{mailto}};
} else {
$dest = "root";
}
diff --git a/application-src/script-email.pl b/application-src/script-email.pl
index 2cb5e8e..0e86e77 100644
--- a/application-src/script-email.pl
+++ b/application-src/script-email.pl
@@ -173,16 +173,18 @@ sub sendmail {
my $dest;
if ($self->{mailto}) {
my $destcheck = join ',', @{$self->{mailto}};
- $destcheck =~ /^([a-zA-Z,]*)$/;
+ $destcheck =~ /^(.*)$/;
$dest = $1;
} else {
$dest = "root";
}
+
+ my $subject = "$self->{config} $function $self->{host} $self->{disk} $self->{device} " . join (" ", @{$self->{level}});
my @args = ( "-s", "$self->{config} $function $self->{host} $self->{disk} $self->{device} " . join (" ", @{$self->{level}}), $dest );
my $args = join(" ", @args);
- debug("cmd: $Amanda::Constants::MAILER $args\n");
+ debug("cmd: $Amanda::Constants::MAILER -s \"$subject\" " . $dest);
my $mail;
- open $mail, '|-', $Amanda::Constants::MAILER, @args;
+ open $mail, '|-', $Amanda::Constants::MAILER, '-s', $subject, $dest;
print $mail "$self->{action} $self->{config} $function $self->{host} $self->{disk} $self->{device} ", join (" ", @{$self->{level}}), "\n";
close $mail;
}
