From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <d.csapak@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id 8C04D767F6
 for <pbs-devel@lists.proxmox.com>; Fri, 16 Jul 2021 10:53:34 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id 9EC3AE2A1
 for <pbs-devel@lists.proxmox.com>; Fri, 16 Jul 2021 10:53:33 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
 [94.136.29.106])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS id CAE85E1AE
 for <pbs-devel@lists.proxmox.com>; Fri, 16 Jul 2021 10:53:29 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
 by proxmox-new.maurer-it.com (Proxmox) with ESMTP id A3CF642116
 for <pbs-devel@lists.proxmox.com>; Fri, 16 Jul 2021 10:53:29 +0200 (CEST)
From: Dominik Csapak <d.csapak@proxmox.com>
To: pbs-devel@lists.proxmox.com
Date: Fri, 16 Jul 2021 10:53:25 +0200
Message-Id: <20210716085328.3731574-9-d.csapak@proxmox.com>
X-Mailer: git-send-email 2.30.2
In-Reply-To: <20210716085328.3731574-1-d.csapak@proxmox.com>
References: <20210716085328.3731574-1-d.csapak@proxmox.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.583 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: [pbs-devel] [PATCH proxmox-backup 08/11] server/prune_job: add
 proper permission checks to 'prune_datastore'
X-BeenThere: pbs-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox Backup Server development discussion
 <pbs-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pbs-devel>, 
 <mailto:pbs-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pbs-devel/>
List-Post: <mailto:pbs-devel@lists.proxmox.com>
List-Help: <mailto:pbs-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel>, 
 <mailto:pbs-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Fri, 16 Jul 2021 08:53:34 -0000

checks for PRIV_DATASTORE_MODIFY, or else if the auth_id is the backup
owner, and skips the group if not.

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
---
 src/backup/datastore.rs |  2 +-
 src/server/prune_job.rs | 15 ++++++++++++++-
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/src/backup/datastore.rs b/src/backup/datastore.rs
index 29700846..0a5a52d1 100644
--- a/src/backup/datastore.rs
+++ b/src/backup/datastore.rs
@@ -355,7 +355,7 @@ impl DataStore {
     pub fn owns_backup(&self, backup_group: &BackupGroup, auth_id: &Authid) -> Result<bool, Error> {
         let owner = self.get_owner(backup_group)?;
 
-        Ok(check_backup_owner(owner, auth_id).is_ok())
+        Ok(check_backup_owner(&owner, auth_id).is_ok())
     }
 
     /// Set the backup owner.
diff --git a/src/server/prune_job.rs b/src/server/prune_job.rs
index 40ed555f..bbf53ade 100644
--- a/src/server/prune_job.rs
+++ b/src/server/prune_job.rs
@@ -6,6 +6,8 @@ use pbs_datastore::{task_log, task_warn};
 
 use crate::{
     api2::types::*,
+    config::acl::PRIV_DATASTORE_MODIFY,
+    config::cached_user_info::CachedUserInfo,
     backup::{compute_prune_info, BackupInfo, DataStore, PruneOptions},
     server::jobstate::Job,
     server::WorkerTask,
@@ -13,6 +15,7 @@ use crate::{
 
 pub fn prune_datastore(
     worker: Arc<WorkerTask>,
+    auth_id: Authid,
     prune_options: PruneOptions,
     store: &str,
     datastore: Arc<DataStore>,
@@ -31,11 +34,20 @@ pub fn prune_datastore(
         );
     }
 
+    let user_info = CachedUserInfo::new()?;
+    let privs = user_info.lookup_privs(&auth_id, &["datastore", store]);
+    let has_privs = privs & PRIV_DATASTORE_MODIFY != 0;
+
     let base_path = datastore.base_path();
 
     let groups = BackupInfo::list_backup_groups(&base_path)?;
     for group in groups {
         let list = group.list_backups(&base_path)?;
+
+        if !has_privs && !datastore.owns_backup(&group, &auth_id)? {
+            continue;
+        }
+
         let mut prune_info = compute_prune_info(list, &prune_options)?;
         prune_info.reverse(); // delete older snapshots first
 
@@ -83,6 +95,7 @@ pub fn do_prune_job(
     let datastore = DataStore::lookup_datastore(&store)?;
 
     let worker_type = job.jobtype().to_string();
+    let auth_id = auth_id.clone();
     let upid_str = WorkerTask::new_thread(
         &worker_type,
         Some(job.jobname().to_string()),
@@ -95,7 +108,7 @@ pub fn do_prune_job(
                 task_log!(worker, "task triggered by schedule '{}'", event_str);
             }
 
-            let result = prune_datastore(worker.clone(), prune_options, &store, datastore);
+            let result = prune_datastore(worker.clone(), auth_id, prune_options, &store, datastore);
 
             let status = worker.create_state(&result);
 
-- 
2.30.2