From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <f.gruenbichler@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id 142CD68DF4
 for <pbs-devel@lists.proxmox.com>; Fri, 15 Jan 2021 11:49:22 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id 0879223A68
 for <pbs-devel@lists.proxmox.com>; Fri, 15 Jan 2021 11:49:22 +0100 (CET)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
 [212.186.127.180])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS id D3DE723A5C
 for <pbs-devel@lists.proxmox.com>; Fri, 15 Jan 2021 11:49:20 +0100 (CET)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
 by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 9EAFD44993
 for <pbs-devel@lists.proxmox.com>; Fri, 15 Jan 2021 11:49:20 +0100 (CET)
From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com>
To: pbs-devel@lists.proxmox.com
Date: Fri, 15 Jan 2021 11:48:55 +0100
Message-Id: <20210115104855.3992674-3-f.gruenbichler@proxmox.com>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20210115104855.3992674-1-f.gruenbichler@proxmox.com>
References: <20210115104855.3992674-1-f.gruenbichler@proxmox.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.027 Adjusted score from AWL reputation of From: address
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 RCVD_IN_DNSWL_MED        -2.3 Sender listed at https://www.dnswl.org/,
 medium trust
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
 URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See
 http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more
 information. [pull.rs]
Subject: [pbs-devel] [PATCH proxmox-backup 3/3] pull: only remove owned
 groups
X-BeenThere: pbs-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox Backup Server development discussion
 <pbs-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pbs-devel>, 
 <mailto:pbs-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pbs-devel/>
List-Post: <mailto:pbs-devel@lists.proxmox.com>
List-Help: <mailto:pbs-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel>, 
 <mailto:pbs-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Fri, 15 Jan 2021 10:49:22 -0000

we also only create/add snapshots to owned groups when syncing, so
removing groups with different ownership is a rather confusing
side-effect..

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---

Notes:
    came up in the forum, the restricted behaviour is better for mixed usage as
    sync target and regular datastore, or sync target for multiple sources with
    different owners..
    
    datastores just used as sync target for a single job should still behave the
    same (they have a single owner), datastores used as sync target for multiple
    jobs with the same owner should still not use remove_vanished.. we'd need to
    keep track of the sync origin inside the group for that to work..

 src/client/pull.rs | 23 +++++++++++++++++------
 1 file changed, 17 insertions(+), 6 deletions(-)

diff --git a/src/client/pull.rs b/src/client/pull.rs
index 15514374..33a6c0f1 100644
--- a/src/client/pull.rs
+++ b/src/client/pull.rs
@@ -590,11 +590,15 @@ pub async fn pull_store(
 
     let mut errors = false;
 
-    let mut new_groups = std::collections::HashSet::new();
+    let mut remote_groups = std::collections::HashSet::new();
     for item in list.iter() {
-        new_groups.insert(BackupGroup::new(&item.backup_type, &item.backup_id));
+        remote_groups.insert(BackupGroup::new(&item.backup_type, &item.backup_id));
     }
 
+    let correct_owner = |owner: &Authid, auth_id: &Authid| -> bool {
+        owner == auth_id || (owner.is_token() && &Authid::from(owner.user().clone()) == auth_id)
+    };
+
     let mut progress = StoreProgress::new(list.len() as u64);
 
     for (done, item) in list.into_iter().enumerate() {
@@ -617,7 +621,7 @@ pub async fn pull_store(
         };
 
         // permission check
-        if auth_id != owner {
+        if !correct_owner(&owner, &auth_id) {
             // only the owner is allowed to create additional snapshots
             worker.log(format!(
                 "sync group {}/{} failed - owner check failed ({} != {})",
@@ -645,9 +649,16 @@ pub async fn pull_store(
 
     if delete {
         let result: Result<(), Error> = proxmox::try_block!({
-            let local_groups = BackupInfo::list_backup_groups(&tgt_store.base_path())?;
-            for local_group in local_groups {
-                if new_groups.contains(&local_group) {
+            let local_owned_groups: Vec<BackupGroup> =
+                BackupInfo::list_backup_groups(&tgt_store.base_path())?
+                    .into_iter()
+                    .filter(|group| match tgt_store.get_owner(&group) {
+                        Ok(owner) => correct_owner(&owner, &auth_id),
+                        Err(_) => false,
+                    })
+                    .collect();
+            for local_group in local_owned_groups {
+                if remote_groups.contains(&local_group) {
                     continue;
                 }
                 worker.log(format!(
-- 
2.20.1