From: "Fabian Grünbichler" <f.gruenbichler@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [pbs-devel] [PATCH proxmox-backup 2/2] reader: actually allow users to downlod their own backups
Date: Fri, 9 Oct 2020 11:21:02 +0200 [thread overview]
Message-ID: <20201009092102.1959849-2-f.gruenbichler@proxmox.com> (raw)
In-Reply-To: <20201009092102.1959849-1-f.gruenbichler@proxmox.com>
via HTTP2/backup reader protocol. they already could do so via the plain
HTTP download-file/.. API calls that the GUI uses, but the reader
environment required READ permission on the whole datastore instead of
just BACKUP on the backup group itself.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
src/api2/reader.rs | 19 +++++++++++++++++--
1 file changed, 17 insertions(+), 2 deletions(-)
diff --git a/src/api2/reader.rs b/src/api2/reader.rs
index 5bdd81b7..4c870eda 100644
--- a/src/api2/reader.rs
+++ b/src/api2/reader.rs
@@ -14,7 +14,7 @@ use crate::api2::types::*;
use crate::backup::*;
use crate::server::{WorkerTask, H2Service};
use crate::tools;
-use crate::config::acl::PRIV_DATASTORE_READ;
+use crate::config::acl::{PRIV_DATASTORE_READ, PRIV_DATASTORE_BACKUP};
use crate::config::cached_user_info::CachedUserInfo;
use crate::api2::helpers;
@@ -58,7 +58,15 @@ fn upgrade_to_backup_reader_protocol(
let store = tools::required_string_param(¶m, "store")?.to_owned();
let user_info = CachedUserInfo::new()?;
- user_info.check_privs(&userid, &["datastore", &store], PRIV_DATASTORE_READ, false)?;
+ let privs = user_info.lookup_privs(&userid, &["datastore", &store]);
+
+ let priv_read = privs & PRIV_DATASTORE_READ != 0;
+ let priv_backup = privs & PRIV_DATASTORE_BACKUP != 0;
+
+ // priv_backup needs owner check further down below!
+ if !priv_read && !priv_backup {
+ bail!("no permissions on /datastore/{}", store);
+ }
let datastore = DataStore::lookup_datastore(&store)?;
@@ -83,6 +91,13 @@ fn upgrade_to_backup_reader_protocol(
let env_type = rpcenv.env_type();
let backup_dir = BackupDir::new(backup_type, backup_id, backup_time)?;
+ if !priv_read {
+ let owner = datastore.get_owner(backup_dir.group())?;
+ if owner != userid {
+ bail!("backup owner check failed!");
+ }
+ }
+
let path = datastore.base_path();
//let files = BackupInfo::list_files(&path, &backup_dir)?;
--
2.20.1
next prev parent reply other threads:[~2020-10-09 9:21 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-09 9:21 [pbs-devel] [PATCH proxmox-backup 1/2] reader: track index chunks and limit access Fabian Grünbichler
2020-10-09 9:21 ` Fabian Grünbichler [this message]
2020-10-09 10:54 ` [pbs-devel] applied: " Dietmar Maurer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201009092102.1959849-2-f.gruenbichler@proxmox.com \
--to=f.gruenbichler@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.