From: Thomas Lamprecht <t.lamprecht@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [pbs-devel] [PATCH backup] REST server: avoid hard coding world readable API endpoints
Date: Fri, 2 Oct 2020 13:17:12 +0200 [thread overview]
Message-ID: <20201002111712.7135-1-t.lamprecht@proxmox.com> (raw)
while we probably do not add much more to them, it still looks ugly.
If this was made so that adding a World readable API call is "hard"
and not done by accident, it rather should be done as a test on build
time. But, IMO, the API permission schema definitions are easy to
review, and not often changed/added - so any wrong World readable API
call will normally still caught.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
the need to method.clone() to make the borrow checker happy isn't to nice,
but figured it isn't to expensive, maybe there's a nicer way..
src/server/rest.rs | 18 +++++++++++-------
1 file changed, 11 insertions(+), 7 deletions(-)
diff --git a/src/server/rest.rs b/src/server/rest.rs
index feb0b462..4cfdd6c0 100644
--- a/src/server/rest.rs
+++ b/src/server/rest.rs
@@ -22,6 +22,7 @@ use proxmox::api::{
ApiHandler,
ApiMethod,
HttpError,
+ Permission,
RpcEnvironment,
RpcEnvironmentType,
check_api_permission,
@@ -546,13 +547,16 @@ pub async fn handle_request(api: Arc<ApiConfig>, req: Request<Body>) -> Result<R
};
let mut uri_param = HashMap::new();
+ let api_method = api.find_method(&components[2..], method.clone(), &mut uri_param);
- if comp_len == 4 && components[2] == "access" && (
- (components[3] == "ticket" && method == hyper::Method::POST) ||
- (components[3] == "domains" && method == hyper::Method::GET)
- ) {
- // explicitly allow those calls without auth
- } else {
+ let mut auth_required = true;
+ if let Some(api_method) = api_method {
+ if let Permission::World = *api_method.access.permission {
+ auth_required = false; // no auth for endpoints with World permission
+ }
+ }
+
+ if auth_required {
let (ticket, token, _) = extract_auth_data(&parts.headers);
match check_auth(&method, &ticket, &token, &user_info) {
Ok(userid) => rpcenv.set_user(Some(userid.to_string())),
@@ -565,7 +569,7 @@ pub async fn handle_request(api: Arc<ApiConfig>, req: Request<Body>) -> Result<R
}
}
- match api.find_method(&components[2..], method, &mut uri_param) {
+ match api_method {
None => {
let err = http_err!(NOT_FOUND, "Path '{}' not found.", path);
return Ok((formatter.format_error)(err));
--
2.27.0
next reply other threads:[~2020-10-02 11:17 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-02 11:17 Thomas Lamprecht [this message]
2020-10-05 6:33 ` [pbs-devel] applied: " Dietmar Maurer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201002111712.7135-1-t.lamprecht@proxmox.com \
--to=t.lamprecht@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox