From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id A4BD81FF163 for ; Thu, 10 Oct 2024 16:49:20 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 3FC621CA2E; Thu, 10 Oct 2024 16:49:49 +0200 (CEST) Date: Thu, 10 Oct 2024 16:49:09 +0200 From: Fabian =?iso-8859-1?q?Gr=FCnbichler?= To: Proxmox Backup Server development discussion References: <20240912143322.548839-1-c.ebner@proxmox.com> <20240912143322.548839-14-c.ebner@proxmox.com> In-Reply-To: <20240912143322.548839-14-c.ebner@proxmox.com> MIME-Version: 1.0 User-Agent: astroid/0.16.0 (https://github.com/astroidmail/astroid) Message-Id: <1728551819.y9zbgh1662.astroid@yuna.none> X-SPAM-LEVEL: Spam detection results: 0 AWL -0.101 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment POISEN_SPAM_PILL 0.1 Meta: its spam POISEN_SPAM_PILL_1 0.1 random spam to be learned in bayes POISEN_SPAM_PILL_3 0.1 random spam to be learned in bayes SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pbs-devel] [PATCH v3 proxmox-backup 13/33] config: acl: allow namespace components for remote datastores X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox Backup Server development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pbs-devel-bounces@lists.proxmox.com Sender: "pbs-devel" On September 12, 2024 4:33 pm, Christian Ebner wrote: > Extend the component limit for ACL paths of `remote` to include > possible namespace components. > > This allows to limit the permissions for sync jobs in push direction > to a namespace subset on the remote datastore. > > Signed-off-by: Christian Ebner > --- > changes since version 2: > - not present in previous version > > pbs-config/src/acl.rs | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/pbs-config/src/acl.rs b/pbs-config/src/acl.rs > index 6b6500f34..5177e22f0 100644 > --- a/pbs-config/src/acl.rs > +++ b/pbs-config/src/acl.rs > @@ -89,10 +89,13 @@ pub fn check_acl_path(path: &str) -> Result<(), Error> { > } > } > "remote" => { > - // /remote/{remote}/{store} > + // /remote/{remote}/{store}/{namespace} > if components_len <= 3 { > return Ok(()); > } > + if components_len > 3 && components_len <= 3 + pbs_api_types::MAX_NAMESPACE_DEPTH { > + return Ok(()); > + } these two ifs can just be combined into a single one with components_len <= 3 + pbs_api_types::MAX_NAMESPACE_DEPTH as condition. the same applies to the corresponding variant shifted by 1 for local datastores/namespaces. > } > "system" => { > if components_len == 1 { > -- > 2.39.2 > > > > _______________________________________________ > pbs-devel mailing list > pbs-devel@lists.proxmox.com > https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel > > > _______________________________________________ pbs-devel mailing list pbs-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel