From: Christian Ebner <c.ebner@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [pbs-devel] [PATCH v4 proxmox 16/31] api: config: extend read access check by sync direction
Date: Thu, 17 Oct 2024 15:27:01 +0200 [thread overview]
Message-ID: <20241017132716.385234-17-c.ebner@proxmox.com> (raw)
In-Reply-To: <20241017132716.385234-1-c.ebner@proxmox.com>
Add the sync direction as additional parameter for the priv helper to
check for the required permissions in pull and push direction.
Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
---
changes since version 3:
- not present in previous version
src/api2/admin/sync.rs | 4 ++-
src/api2/config/sync.rs | 80 +++++++++++++++++++++++++++++++++--------
2 files changed, 68 insertions(+), 16 deletions(-)
diff --git a/src/api2/admin/sync.rs b/src/api2/admin/sync.rs
index 1afe9fec2..7a4e38942 100644
--- a/src/api2/admin/sync.rs
+++ b/src/api2/admin/sync.rs
@@ -68,7 +68,9 @@ pub fn list_config_sync_jobs(
true
}
})
- .filter(|job: &SyncJobConfig| check_sync_job_read_access(&user_info, &auth_id, job));
+ .filter(|job: &SyncJobConfig| {
+ check_sync_job_read_access(&user_info, &auth_id, job, sync_direction)
+ });
let mut list = Vec::new();
diff --git a/src/api2/config/sync.rs b/src/api2/config/sync.rs
index aed46aeb0..e0d96afe5 100644
--- a/src/api2/config/sync.rs
+++ b/src/api2/config/sync.rs
@@ -20,18 +20,35 @@ pub fn check_sync_job_read_access(
user_info: &CachedUserInfo,
auth_id: &Authid,
job: &SyncJobConfig,
+ sync_direction: SyncDirection,
) -> bool {
+ // check for audit access on datastore/namespace, applies for pull and push direction
let ns_anchor_privs = user_info.lookup_privs(auth_id, &job.acl_path());
if ns_anchor_privs & PRIV_DATASTORE_AUDIT == 0 {
return false;
}
- if let Some(remote) = &job.remote {
- let remote_privs = user_info.lookup_privs(auth_id, &["remote", remote]);
- remote_privs & PRIV_REMOTE_AUDIT != 0
- } else {
- let source_ds_privs = user_info.lookup_privs(auth_id, &["datastore", &job.remote_store]);
- source_ds_privs & PRIV_DATASTORE_AUDIT != 0
+ match sync_direction {
+ SyncDirection::Pull => {
+ if let Some(remote) = &job.remote {
+ let remote_privs = user_info.lookup_privs(auth_id, &["remote", remote]);
+ remote_privs & PRIV_REMOTE_AUDIT != 0
+ } else {
+ let source_ds_privs =
+ user_info.lookup_privs(auth_id, &["datastore", &job.remote_store]);
+ source_ds_privs & PRIV_DATASTORE_AUDIT != 0
+ }
+ }
+ SyncDirection::Push => {
+ // check for audit access on remote/datastore/namespace
+ if let Some(target_acl_path) = job.remote_acl_path() {
+ let remote_privs = user_info.lookup_privs(auth_id, &target_acl_path);
+ remote_privs & PRIV_REMOTE_AUDIT != 0
+ } else {
+ // Remote must always be present for sync in push direction, fail otherwise
+ false
+ }
+ }
}
}
@@ -115,7 +132,9 @@ pub fn list_sync_jobs(
let list = list
.into_iter()
- .filter(|sync_job| check_sync_job_read_access(&user_info, &auth_id, sync_job))
+ .filter(|sync_job| {
+ check_sync_job_read_access(&user_info, &auth_id, sync_job, sync_direction)
+ })
.collect();
Ok(list)
}
@@ -214,7 +233,7 @@ pub fn read_sync_job(
let sync_direction = sync_direction.unwrap_or_default();
let sync_job = config.lookup(sync_direction.as_config_type_str(), &id)?;
- if !check_sync_job_read_access(&user_info, &auth_id, &sync_job) {
+ if !check_sync_job_read_access(&user_info, &auth_id, &sync_job, sync_direction) {
bail!("permission check failed");
}
@@ -573,14 +592,20 @@ acl:1:/remote/remote1/remotestore1:write@pbs:RemoteSyncOperator
};
// should work without ACLs
- assert!(check_sync_job_read_access(&user_info, root_auth_id, &job));
+ assert!(check_sync_job_read_access(
+ &user_info,
+ root_auth_id,
+ &job,
+ SyncDirection::Pull,
+ ));
assert!(check_sync_job_modify_access(&user_info, root_auth_id, &job));
// user without permissions must fail
assert!(!check_sync_job_read_access(
&user_info,
&no_perm_auth_id,
- &job
+ &job,
+ SyncDirection::Pull,
));
assert!(!check_sync_job_modify_access(
&user_info,
@@ -589,16 +614,31 @@ acl:1:/remote/remote1/remotestore1:write@pbs:RemoteSyncOperator
));
// reading without proper read permissions on either remote or local must fail
- assert!(!check_sync_job_read_access(&user_info, &read_auth_id, &job));
+ assert!(!check_sync_job_read_access(
+ &user_info,
+ &read_auth_id,
+ &job,
+ SyncDirection::Pull,
+ ));
// reading without proper read permissions on local end must fail
job.remote = Some("remote1".to_string());
- assert!(!check_sync_job_read_access(&user_info, &read_auth_id, &job));
+ assert!(!check_sync_job_read_access(
+ &user_info,
+ &read_auth_id,
+ &job,
+ SyncDirection::Pull,
+ ));
// reading without proper read permissions on remote end must fail
job.remote = Some("remote0".to_string());
job.store = "localstore1".to_string();
- assert!(!check_sync_job_read_access(&user_info, &read_auth_id, &job));
+ assert!(!check_sync_job_read_access(
+ &user_info,
+ &read_auth_id,
+ &job,
+ SyncDirection::Pull,
+ ));
// writing without proper write permissions on either end must fail
job.store = "localstore0".to_string();
@@ -624,7 +664,12 @@ acl:1:/remote/remote1/remotestore1:write@pbs:RemoteSyncOperator
job.remote = Some("remote1".to_string());
// user with read permission can only read, but not modify/run
- assert!(check_sync_job_read_access(&user_info, &read_auth_id, &job));
+ assert!(check_sync_job_read_access(
+ &user_info,
+ &read_auth_id,
+ &job,
+ SyncDirection::Pull,
+ ));
job.owner = Some(read_auth_id.clone());
assert!(!check_sync_job_modify_access(
&user_info,
@@ -645,7 +690,12 @@ acl:1:/remote/remote1/remotestore1:write@pbs:RemoteSyncOperator
));
// user with simple write permission can modify/run
- assert!(check_sync_job_read_access(&user_info, &write_auth_id, &job));
+ assert!(check_sync_job_read_access(
+ &user_info,
+ &write_auth_id,
+ &job,
+ SyncDirection::Pull,
+ ));
assert!(check_sync_job_modify_access(
&user_info,
&write_auth_id,
--
2.39.5
_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
next prev parent reply other threads:[~2024-10-17 13:28 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-17 13:26 [pbs-devel] [PATCH v4 proxmox 00/31] fix #3044: push datastore to remote target Christian Ebner
2024-10-17 13:26 ` [pbs-devel] [PATCH v4 proxmox 01/31] client: backup writer: refactor backup and upload stats counters Christian Ebner
2024-10-17 13:26 ` [pbs-devel] [PATCH v4 proxmox 02/31] client: backup writer: factor out merged chunk stream upload Christian Ebner
2024-10-17 13:26 ` [pbs-devel] [PATCH v4 proxmox 03/31] client: backup writer: allow push uploading index and chunks Christian Ebner
2024-10-17 13:26 ` [pbs-devel] [PATCH v4 proxmox 04/31] config: acl: refactor acl path component check for datastore Christian Ebner
2024-10-17 13:26 ` [pbs-devel] [PATCH v4 proxmox 05/31] config: acl: allow namespace components for remote datastores Christian Ebner
2024-10-17 13:26 ` [pbs-devel] [PATCH v4 proxmox 06/31] api types: implement remote acl path method for sync job Christian Ebner
2024-10-17 13:26 ` [pbs-devel] [PATCH v4 proxmox 07/31] api types: define remote permissions and roles for push sync Christian Ebner
2024-10-17 13:26 ` [pbs-devel] [PATCH v4 proxmox 08/31] fix #3044: server: implement push support for sync operations Christian Ebner
2024-10-17 13:26 ` [pbs-devel] [PATCH v4 proxmox 09/31] api types/config: add `sync-push` config type for push sync jobs Christian Ebner
2024-10-17 13:26 ` [pbs-devel] [PATCH v4 proxmox 10/31] api: push: implement endpoint for sync in push direction Christian Ebner
2024-10-17 13:26 ` [pbs-devel] [PATCH v4 proxmox 11/31] api: sync: move sync job invocation to server sync module Christian Ebner
2024-10-17 13:26 ` [pbs-devel] [PATCH v4 proxmox 12/31] api: sync jobs: expose optional `sync-direction` parameter Christian Ebner
2024-10-17 13:26 ` [pbs-devel] [PATCH v4 proxmox 13/31] api: admin: avoid duplicate name for list sync jobs api method Christian Ebner
2024-10-17 13:26 ` [pbs-devel] [PATCH v4 proxmox 14/31] api: config: Require PRIV_DATASTORE_AUDIT to modify sync job Christian Ebner
2024-10-17 13:27 ` [pbs-devel] [PATCH v4 proxmox 15/31] api: config: factor out sync job owner check Christian Ebner
2024-10-17 13:27 ` Christian Ebner [this message]
2024-10-17 13:27 ` [pbs-devel] [PATCH v4 proxmox 17/31] api: config: extend modify access check by sync direction Christian Ebner
2024-10-17 13:27 ` [pbs-devel] [PATCH v4 proxmox 18/31] bin: manager: add datastore push cli command Christian Ebner
2024-10-17 13:27 ` [pbs-devel] [PATCH v4 proxmox 19/31] ui: group filter: allow to set namespace for local datastore Christian Ebner
2024-10-17 13:27 ` [pbs-devel] [PATCH v4 proxmox 20/31] ui: sync edit: source group filters based on sync direction Christian Ebner
2024-10-17 13:27 ` [pbs-devel] [PATCH v4 proxmox 21/31] ui: add view with separate grids for pull and push sync jobs Christian Ebner
2024-10-17 13:27 ` [pbs-devel] [PATCH v4 proxmox 22/31] ui: sync job: adapt edit window to be used for pull and push Christian Ebner
2024-10-17 13:27 ` [pbs-devel] [PATCH v4 proxmox 23/31] ui: sync: pass sync-direction to allow removing push jobs Christian Ebner
2024-10-17 13:27 ` [pbs-devel] [PATCH v4 proxmox 24/31] ui: sync view: do not use data model proxy for store Christian Ebner
2024-10-17 13:27 ` [pbs-devel] [PATCH v4 proxmox 25/31] ui: sync view: set sync direction when invoking run task via api Christian Ebner
2024-10-17 13:27 ` [pbs-devel] [PATCH v4 proxmox 26/31] datastore: move `BackupGroupDeleteStats` to api types Christian Ebner
2024-10-17 13:27 ` [pbs-devel] [PATCH v4 proxmox 27/31] api types: implement api type for `BackupGroupDeleteStats` Christian Ebner
2024-10-17 13:27 ` [pbs-devel] [PATCH v4 proxmox 28/31] api/api-types: refactor api endpoint version, add api types Christian Ebner
2024-10-17 13:27 ` [pbs-devel] [PATCH v4 proxmox 29/31] datastore: increment deleted group counter when removing group Christian Ebner
2024-10-17 13:27 ` [pbs-devel] [PATCH v4 proxmox 30/31] api: datastore/namespace: return backup groups delete stats on remove Christian Ebner
2024-10-17 13:27 ` [pbs-devel] [PATCH v4 proxmox 31/31] server: sync job: use delete stats provided by the api Christian Ebner
2024-10-18 6:55 ` [pbs-devel] [PATCH v4 proxmox 00/31] fix #3044: push datastore to remote target Christian Ebner
2024-10-18 8:44 ` Christian Ebner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241017132716.385234-17-c.ebner@proxmox.com \
--to=c.ebner@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal