From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 290006B8FC for ; Wed, 27 Jan 2021 11:34:34 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 23860211CE for ; Wed, 27 Jan 2021 11:34:11 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [212.186.127.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 1A4D92106C for ; Wed, 27 Jan 2021 11:34:06 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id DBB5846127 for ; Wed, 27 Jan 2021 11:34:05 +0100 (CET) From: Dominik Csapak To: pbs-devel@lists.proxmox.com Date: Wed, 27 Jan 2021 11:33:50 +0100 Message-Id: <20210127103401.32535-5-d.csapak@proxmox.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210127103401.32535-1-d.csapak@proxmox.com> References: <20210127103401.32535-1-d.csapak@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.252 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [backup.rs, drive.rs, changer.rs, media.rs] Subject: [pbs-devel] [PATCH proxmox-backup 04/15] api2/tape: add missing protected to some api calls X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Jan 2021 10:34:34 -0000 they need root permission either to access the changer/drive or to modify the config Signed-off-by: Dominik Csapak --- src/api2/config/media_pool.rs | 3 +++ src/api2/tape/backup.rs | 1 + src/api2/tape/changer.rs | 2 ++ src/api2/tape/drive.rs | 11 ++++++++++- src/api2/tape/media.rs | 2 ++ 5 files changed, 18 insertions(+), 1 deletion(-) diff --git a/src/api2/config/media_pool.rs b/src/api2/config/media_pool.rs index d155f268..33e4993e 100644 --- a/src/api2/config/media_pool.rs +++ b/src/api2/config/media_pool.rs @@ -28,6 +28,7 @@ use crate::{ }; #[api( + protected: true, input: { properties: { name: { @@ -153,6 +154,7 @@ pub enum DeletableProperty { } #[api( + protected: true, input: { properties: { name: { @@ -231,6 +233,7 @@ pub fn update_pool( } #[api( + protected: true, input: { properties: { name: { diff --git a/src/api2/tape/backup.rs b/src/api2/tape/backup.rs index 6aa12d56..ea05e6a3 100644 --- a/src/api2/tape/backup.rs +++ b/src/api2/tape/backup.rs @@ -43,6 +43,7 @@ use crate::{ }; #[api( + protected: true, input: { properties: { store: { diff --git a/src/api2/tape/changer.rs b/src/api2/tape/changer.rs index 232f0127..f79a7ee0 100644 --- a/src/api2/tape/changer.rs +++ b/src/api2/tape/changer.rs @@ -33,6 +33,7 @@ use crate::{ #[api( + protected: true, input: { properties: { name: { @@ -106,6 +107,7 @@ pub async fn get_status(name: String) -> Result, Error> { } #[api( + protected: true, input: { properties: { name: { diff --git a/src/api2/tape/drive.rs b/src/api2/tape/drive.rs index a88ef827..936bc528 100644 --- a/src/api2/tape/drive.rs +++ b/src/api2/tape/drive.rs @@ -68,6 +68,7 @@ use crate::{ }; #[api( + protected: true, input: { properties: { drive: { @@ -150,6 +151,7 @@ pub async fn export_media(drive: String, label_text: String) -> Result Result<(), Error> { } #[api( + protected: true, input: { properties: { drive: { @@ -497,7 +500,8 @@ pub async fn restore_key( }).await? } - #[api( +#[api( + protected: true, input: { properties: { drive: { @@ -575,6 +579,7 @@ pub async fn read_label( } #[api( + protected: true, input: { properties: { drive: { @@ -793,6 +798,7 @@ pub fn update_inventory( #[api( + protected: true, input: { properties: { drive: { @@ -911,6 +917,7 @@ fn barcode_label_media_worker( } #[api( + protected: true, input: { properties: { drive: { @@ -938,6 +945,7 @@ pub fn cartridge_memory(drive: String) -> Result, Error> { } #[api( + protected: true, input: { properties: { drive: { @@ -961,6 +969,7 @@ pub fn volume_statistics(drive: String) -> Result { } #[api( + protected: true, input: { properties: { drive: { diff --git a/src/api2/tape/media.rs b/src/api2/tape/media.rs index 70af454c..d520288f 100644 --- a/src/api2/tape/media.rs +++ b/src/api2/tape/media.rs @@ -38,6 +38,7 @@ use crate::{ }; #[api( + protected: true, input: { properties: { pool: { @@ -244,6 +245,7 @@ pub struct MediaContentListFilter { } #[api( + protected: true, input: { properties: { "filter": { -- 2.20.1