[pbs-devel] [PATCH proxmox 1/3] tools: change constnamemap to a more automatic constnamedbitmap

[pbs-devel] [PATCH proxmox 1/3] tools: change constnamemap to a more automatic constnamedbitmap

[Thomas Lamprecht]

We only used this for the privileges for now, and there it's a
nuisance to alter all bit definitions manually if something is added.

This change makes it count the bits up automatically.

Rename the macro to indicate that this is not a generic name map but
a more specific named bit mapping.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---

thanks to Wolfgang for his help here!

 .../{constnamemap.rs => constnamedbitmap.rs}  | 51 +++++++++++--------
 proxmox/src/tools/mod.rs                      |  2 +-
 2 files changed, 31 insertions(+), 22 deletions(-)
 rename proxmox/src/tools/{constnamemap.rs => constnamedbitmap.rs} (50%)

diff --git a/proxmox/src/tools/constnamemap.rs b/proxmox/src/tools/constnamedbitmap.rs
similarity index 50%
rename from proxmox/src/tools/constnamemap.rs
rename to proxmox/src/tools/constnamedbitmap.rs
index 5a774e0..eb1ba87 100644
--- a/proxmox/src/tools/constnamemap.rs
+++ b/proxmox/src/tools/constnamedbitmap.rs
@@ -1,19 +1,23 @@
-/// A macro to generate a list of pub const variabales and
-/// an accompaning static array of a given name + value
-/// (with doc comments)
+/// A macro to generate a list of pub const variabales, and
+/// an accompaning static array of a given name, the values are automatically
+/// assigned to a bit (with doc comments)
 ///
 /// Example:
 /// ```
-/// # use proxmox::constnamemap;
+/// # use proxmox::constnamedbitmap;
 ///
-/// constnamemap! {
+/// constnamedbitmap! {
 ///     /// A list of privileges
 ///     PRIVS: u64 => {
 ///         /// Some comment for Priv1
-///         PRIV1("Priv1") = 1;
-///         PRIV2("Priv2") = 2;
+///         PRIV1("Priv1");
+///         PRIV2("Priv2");
+///         PRIV3("Priv3");
 ///     }
 /// }
+/// # assert!(PRIV1 == 1<<0);
+/// # assert!(PRIV2 == 1<<1);
+/// # assert!(PRIV3 == 1<<2);
 /// ```
 ///
 /// this will generate the following variables:
@@ -21,15 +25,17 @@
 /// /// Some comment for Priv1
 /// pub const PRIV1: u64 = 1;
 /// pub const PRIV2: u64 = 2;
+/// pub const PRIV3: u64 = 4;
 ///
 /// /// A list of privileges
 /// pub const PRIVS: &[(&str, u64)] = &[
-///     ("Priv1", 1),
-///     ("Priv2", 2),
+///     ("Priv1", PRIV1),
+///     ("Priv2", PRIV2),
+///     ("Priv3", PRIV3),
 /// ];
 /// ```
 #[macro_export(local_inner_macros)]
-macro_rules! constnamemap {
+macro_rules! constnamedbitmap {
     (
         $(#[$outer:meta])*
         $name:ident : $type:ty => {
@@ -37,7 +43,7 @@ macro_rules! constnamemap {
         }
     ) => {
         __constnamemap_consts! {
-            $type => $($content)+
+            ($type) (0) => $($content)+
         }
 
         $(#[$outer])*
@@ -51,17 +57,20 @@ macro_rules! constnamemap {
 #[doc(hidden)]
 #[macro_export(local_inner_macros)]
 macro_rules! __constnamemap_consts {
+    (($type:ty) ($counter:expr) => ) => {};
     (
-        $type:ty =>
+        ($type:ty) ($counter:expr) =>
+        $(#[$outer:meta])*
+        $name:ident($text:expr);
         $(
-            $(#[$outer:meta])*
-            $name:ident($text:expr) = $value:expr;
-        )+
+            $content:tt
+        )*
     ) => {
-        $(
-            $(#[$outer])*
-            pub const $name: $type = $value;
-        )+
+        $(#[$outer])*
+        pub const $name: $type = 1 << ($counter);
+        __constnamemap_consts! {
+                ($type) (1+$counter) => $($content)*
+        }
     }
 }
 
@@ -71,11 +80,11 @@ macro_rules! __constnamemap_entries {
     (
         $(
             $(#[$outer:meta])*
-            $name:ident($text:expr) = $value:expr;
+            $name:ident($text:expr);
         )*
     ) => {
         &[
-            $(($text,$value),)*
+            $(($text,$name),)*
         ]
     }
 }
diff --git a/proxmox/src/tools/mod.rs b/proxmox/src/tools/mod.rs
index df6c429..a158372 100644
--- a/proxmox/src/tools/mod.rs
+++ b/proxmox/src/tools/mod.rs
@@ -9,7 +9,7 @@ pub mod as_any;
 pub mod borrow;
 pub mod byte_buffer;
 pub mod common_regex;
-pub mod constnamemap;
+pub mod constnamedbitmap;
 pub mod email;
 pub mod fd;
 pub mod fs;

[pbs-devel] [PATCH backup 2/3] acl: use modified constnamedbitmap macro

[Thomas Lamprecht]

avoiding the need for reshuffling all bits when a new privilege is
added at the start or in the middle of this definition.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---

NOTE: depends on the proxmox crate macro 1/3 patch

 src/config/acl.rs | 32 ++++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/src/config/acl.rs b/src/config/acl.rs
index d31c7a85..67f61976 100644
--- a/src/config/acl.rs
+++ b/src/config/acl.rs
@@ -12,37 +12,37 @@ use ::serde::{Deserialize, Serialize};
 use serde::de::{value, IntoDeserializer};
 
 use proxmox::tools::{fs::replace_file, fs::CreateOptions};
-use proxmox::constnamemap;
+use proxmox::constnamedbitmap;
 use proxmox::api::{api, schema::*};
 
 use crate::api2::types::Userid;
 
 // define Privilege bitfield
 
-constnamemap! {
+constnamedbitmap! {
     /// Contains a list of Privileges
     PRIVILEGES: u64 => {
-        PRIV_SYS_AUDIT("Sys.Audit")                         = 1 << 0;
-        PRIV_SYS_MODIFY("Sys.Modify")                       = 1 << 1;
-        PRIV_SYS_POWER_MANAGEMENT("Sys.PowerManagement")    = 1 << 2;
+        PRIV_SYS_AUDIT("Sys.Audit");
+        PRIV_SYS_MODIFY("Sys.Modify");
+        PRIV_SYS_POWER_MANAGEMENT("Sys.PowerManagement");
 
-        PRIV_DATASTORE_AUDIT("Datastore.Audit")             = 1 << 3;
-        PRIV_DATASTORE_MODIFY("Datastore.Modify")           = 1 << 4;
-        PRIV_DATASTORE_READ("Datastore.Read")               = 1 << 5;
+        PRIV_DATASTORE_AUDIT("Datastore.Audit");
+        PRIV_DATASTORE_MODIFY("Datastore.Modify");
+        PRIV_DATASTORE_READ("Datastore.Read");
 
         /// Datastore.Backup also requires backup ownership
-        PRIV_DATASTORE_BACKUP("Datastore.Backup")           = 1 << 6;
+        PRIV_DATASTORE_BACKUP("Datastore.Backup");
         /// Datastore.Prune also requires backup ownership
-        PRIV_DATASTORE_PRUNE("Datastore.Prune")             = 1 << 7;
+        PRIV_DATASTORE_PRUNE("Datastore.Prune");
 
-        PRIV_PERMISSIONS_MODIFY("Permissions.Modify")       = 1 << 8;
+        PRIV_PERMISSIONS_MODIFY("Permissions.Modify");
 
-        PRIV_REMOTE_AUDIT("Remote.Audit")                   = 1 << 9;
-        PRIV_REMOTE_MODIFY("Remote.Modify")                 = 1 << 10;
-        PRIV_REMOTE_READ("Remote.Read")                     = 1 << 11;
-        PRIV_REMOTE_PRUNE("Remote.Prune")                   = 1 << 12;
+        PRIV_REMOTE_AUDIT("Remote.Audit");
+        PRIV_REMOTE_MODIFY("Remote.Modify");
+        PRIV_REMOTE_READ("Remote.Read");
+        PRIV_REMOTE_PRUNE("Remote.Prune");
 
-        PRIV_SYS_CONSOLE("Sys.Console")                     = 1 << 13;
+        PRIV_SYS_CONSOLE("Sys.Console");
     }
 }
 

[pbs-devel] [PATCH backup 3/3] server: add Datastore.Allocate privilege

[Thomas Lamprecht]

Previously only Datastore.Modify was required for creating a new
datastore.

But, that endpoint allows one to pass an arbitrary path, of which all
parent directories will be created, this can allow any user with the
"Datastore Admin" role on "/datastores" to do some damage to the
system. Further, it is effectively a side channel for revealing the
systems directory structure through educated guessing and error
handling.

Add a new privilege "Datastore.Allocate" which, for now, is used
specifically for the create datastore API endpoint.

Add it only to the "Admin" role.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
 src/api2/config/datastore.rs | 4 ++--
 src/config/acl.rs            | 1 +
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/api2/config/datastore.rs b/src/api2/config/datastore.rs
index 07ca4ab8..140af833 100644
--- a/src/api2/config/datastore.rs
+++ b/src/api2/config/datastore.rs
@@ -11,7 +11,7 @@ use crate::api2::types::*;
 use crate::backup::*;
 use crate::config::cached_user_info::CachedUserInfo;
 use crate::config::datastore::{self, DataStoreConfig, DIR_NAME_SCHEMA};
-use crate::config::acl::{PRIV_DATASTORE_AUDIT, PRIV_DATASTORE_MODIFY};
+use crate::config::acl::{PRIV_DATASTORE_ALLOCATE, PRIV_DATASTORE_AUDIT, PRIV_DATASTORE_MODIFY};
 
 #[api(
     input: {
@@ -106,7 +106,7 @@ pub fn list_datastores(
         },
     },
     access: {
-        permission: &Permission::Privilege(&["datastore"], PRIV_DATASTORE_MODIFY, false),
+        permission: &Permission::Privilege(&["datastore"], PRIV_DATASTORE_ALLOCATE, false),
     },
 )]
 /// Create new datastore config.
diff --git a/src/config/acl.rs b/src/config/acl.rs
index 67f61976..39f9d030 100644
--- a/src/config/acl.rs
+++ b/src/config/acl.rs
@@ -27,6 +27,7 @@ constnamedbitmap! {
         PRIV_SYS_POWER_MANAGEMENT("Sys.PowerManagement");
 
         PRIV_DATASTORE_AUDIT("Datastore.Audit");
+        PRIV_DATASTORE_ALLOCATE("Datastore.Allocate");
         PRIV_DATASTORE_MODIFY("Datastore.Modify");
         PRIV_DATASTORE_READ("Datastore.Read");
 

[pbs-devel] applied: [PATCH proxmox 1/3] tools: change constnamemap to a more automatic constnamedbitmap

[Dietmar Maurer]

applied all 3 patches