[pve-devel] [PATCH guest-common v3 1/5] guest helpers: add helper to abort active guest tasks of a certain type

[Friedrich Weber <f.weber@proxmox.com>]

Given a `(type, user, vmid)` tuple, the helper aborts all tasks of the
given `type` for guest `vmid` that `user` is allowed to abort:

- If `user` has `Sys.Modify` on the node, they can abort any task
- If `user` is an API token, it can abort any task it started itself
- If `user` is a user, they can abort any task started by themselves
  or one of their API tokens.

The helper is used to overrule any active qmshutdown/vzshutdown tasks
when attempting to stop a VM/CT (if requested).

Signed-off-by: Friedrich Weber <f.weber@proxmox.com>
---

Notes:
    As the computation of `$can_abort_task` essentially duplicates logic
    from PVE/API2/Tasks.pm, I considered reusing that, but this would have
    required moving it to one of the dependencies of pve-guest-common
    (Thomas suggested pve-access-control off-list). Seeing that the logic
    boils down to 4 lines in `abort_guest_tasks`, I didn't consider it
    worth the trouble in the end. Happy to reconsider, though.
    
    changes v2 -> v3:
    - improved readability: renamed subroutine to describe what it does,
      renamed return value, added comment, clarified commit message (thx
      Thomas)
    - better align logic with current permission model for stopping tasks:
      - allow users with Sys.Modify to abort *any* task (thx Thomas)
      - allow users to abort tasks of their tokens
    
    no changes v1 -> v2

 src/PVE/GuestHelpers.pm | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/src/PVE/GuestHelpers.pm b/src/PVE/GuestHelpers.pm
index 961a7b8..c9fe147 100644
--- a/src/PVE/GuestHelpers.pm
+++ b/src/PVE/GuestHelpers.pm
@@ -416,4 +416,39 @@ sub check_vnet_access {
 	if !($tag || $trunks);
 }
 
+sub abort_guest_tasks {
+    my ($rpcenv, $type, $vmid) = @_;
+
+    my $authuser = $rpcenv->get_user();
+    my $node = PVE::INotify::nodename();
+    my $can_abort_all = $rpcenv->check($authuser, "/nodes/$node", [ 'Sys.Modify' ], 1);
+
+    my $active_tasks = PVE::INotify::read_file('active');
+    my $aborted_tasks = [];
+    for my $task (@$active_tasks) {
+	if (!$task->{saved}
+	    && $task->{type} eq $type
+	    && $task->{id} eq $vmid
+	) {
+	    my $can_abort_task;
+	    # tasks started by a token can be aborted by the token or token owner,
+	    # tasks started by a user can be aborted by the user
+	    if (PVE::AccessControl::pve_verify_tokenid($task->{user}, 1)) {
+		my $full_tokenid = $task->{user};
+		my ($task_username, undef) = PVE::AccessControl::split_tokenid($full_tokenid);
+		$can_abort_task = $authuser eq $task_username || $authuser eq $full_tokenid;
+	    } else {
+		$can_abort_task = $authuser eq $task->{user};
+	    }
+
+	    if ($can_abort_all || $can_abort_task) {
+	       # passing `1` for parameter $killit aborts the task
+	       PVE::RPCEnvironment->check_worker($task->{upid}, 1);
+	       push @$aborted_tasks, $task->{upid};
+	   }
+	}
+    }
+    return $aborted_tasks;
+}
+
 1;
-- 
2.39.2