From: Lukas Wagner <l.wagner@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [pbs-devel] [PATCH proxmox-backup] api: metrics: check permissions before reading any data from the cache
Date: Tue, 15 Oct 2024 15:50:28 +0200 [thread overview]
Message-ID: <20241015135028.214111-1-l.wagner@proxmox.com> (raw)
Reading from the metric cache is somewhat expensive, so validate as many
of the required permissions as possible. For host metrics, we can
do the full check in advance. For datastores, we check if we have
audit permissions for *any* datastore. If we do not have privs for
either of those, we return early and avoid reading from the
cache altogether.
Signed-off-by: Lukas Wagner <l.wagner@proxmox.com>
Suggested-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
---
src/api2/status/metrics.rs | 24 +++++++++++++++++++++---
1 file changed, 21 insertions(+), 3 deletions(-)
diff --git a/src/api2/status/metrics.rs b/src/api2/status/metrics.rs
index b8aaceeb..a0004ef9 100644
--- a/src/api2/status/metrics.rs
+++ b/src/api2/status/metrics.rs
@@ -37,6 +37,25 @@ pub fn get_metrics(
let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
let user_info = CachedUserInfo::new()?;
+ let has_any_datastore_audit_privs =
+ user_info.any_privs_below(&auth_id, &["datastore"], PRIV_DATASTORE_AUDIT)?;
+
+ let has_host_audit_privs =
+ (CachedUserInfo::lookup_privs(&user_info, &auth_id, &["system", "status"])
+ & PRIV_SYS_AUDIT)
+ != 0;
+
+ if !has_any_datastore_audit_privs && !has_host_audit_privs {
+ // The `pull_metrics::get_*` calls are expensive, so
+ // check early if the current user has sufficient privileges to read *any*
+ // metric data.
+ // For datastores, we do not yet know for which individual datastores
+ // we have metrics in the cache, so we just check if we have
+ // audit permissions for *any* datastore and filter after
+ // reading the data.
+ return Ok(Metrics { data: Vec::new() });
+ }
+
let metrics = if history {
pull_metrics::get_all_metrics(start_time)?
} else {
@@ -46,11 +65,10 @@ pub fn get_metrics(
let filter_by_privs = |point: &MetricDataPoint| {
let id = point.id.as_str();
if id == "host" {
- let user_privs =
- CachedUserInfo::lookup_privs(&user_info, &auth_id, &["system", "status"]);
- return (user_privs & PRIV_SYS_AUDIT) != 0;
+ return has_host_audit_privs;
} else if let Some(datastore_id) = id.strip_prefix("datastore/") {
if !datastore_id.contains('/') {
+ // Now, check whether we have permissions for the individual datastore
let user_privs = CachedUserInfo::lookup_privs(
&user_info,
&auth_id,
--
2.39.5
_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
next reply other threads:[~2024-10-15 13:50 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-15 13:50 Lukas Wagner [this message]
2024-10-15 14:04 ` [pbs-devel] applied: " Wolfgang Bumiller
2024-10-16 7:26 ` [pbs-devel] " Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241015135028.214111-1-l.wagner@proxmox.com \
--to=l.wagner@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox