From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 3F0D467C24 for ; Tue, 10 Nov 2020 13:53:25 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 39C8320D41 for ; Tue, 10 Nov 2020 13:52:55 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [212.186.127.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id A71D920D37 for ; Tue, 10 Nov 2020 13:52:54 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 71FD846024 for ; Tue, 10 Nov 2020 13:52:54 +0100 (CET) From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= To: pbs-devel@lists.proxmox.com Date: Tue, 10 Nov 2020 13:52:49 +0100 Message-Id: <20201110125250.3750178-1-f.gruenbichler@proxmox.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.024 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [datastore.rs, verify.rs] Subject: [pbs-devel] [PATCH proxmox-backup 1/2] verify: log/warn on invalid owner X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Nov 2020 12:53:25 -0000 in order to trigger a notification/make the problem more visible than just in syslog. Signed-off-by: Fabian Grünbichler --- Notes: not filtering in case we don't have an explicit owner passed in to keep backwards compat - we could also skip verification for them even in the privileged case.. ? -w --patience makes this easier to read src/api2/admin/datastore.rs | 2 +- src/backup/verify.rs | 42 ++++++++++++++++++++++--------------- 2 files changed, 26 insertions(+), 18 deletions(-) diff --git a/src/api2/admin/datastore.rs b/src/api2/admin/datastore.rs index 8256f02f..e76867c7 100644 --- a/src/api2/admin/datastore.rs +++ b/src/api2/admin/datastore.rs @@ -648,7 +648,7 @@ pub fn verify( verify_all_backups(datastore, worker.clone(), worker.upid(), owner, None)? }; if failed_dirs.len() > 0 { - worker.log("Failed to verify following snapshots:"); + worker.log("Failed to verify following snapshots/groups:"); for dir in failed_dirs { worker.log(format!("\t{}", dir)); } diff --git a/src/backup/verify.rs b/src/backup/verify.rs index b5bb85fc..512a3805 100644 --- a/src/backup/verify.rs +++ b/src/backup/verify.rs @@ -508,23 +508,31 @@ pub fn verify_all_backups( } let filter_by_owner = |group: &BackupGroup| { - if let Some(owner) = &owner { - match datastore.get_owner(group) { - Ok(ref group_owner) => { - group_owner == owner - || (group_owner.is_token() - && !owner.is_token() - && group_owner.user() == owner.user()) - }, - Err(err) => { - // intentionally not in task log - // the task user might not be allowed to see this group! - println!("Failed to get owner of group '{}' - {}", group, err); - false - }, - } - } else { - true + match (datastore.get_owner(group), &owner) { + (Ok(ref group_owner), Some(owner)) => { + group_owner == owner + || (group_owner.is_token() + && !owner.is_token() + && group_owner.user() == owner.user()) + }, + (Ok(_), None) => true, + (Err(err), Some(_)) => { + // intentionally not in task log + // the task user might not be allowed to see this group! + println!("Failed to get owner of group '{}' - {}", group, err); + false + }, + (Err(err), None) => { + // we don't filter by owner, but we want to log the error + task_log!( + worker, + "Failed to get owner of group '{} - {}", + group, + err, + ); + errors.push(group.to_string()); + true + }, } }; -- 2.20.1