From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id CA4118A852 for ; Wed, 27 Jul 2022 11:10:58 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id BD0613806 for ; Wed, 27 Jul 2022 11:10:28 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Wed, 27 Jul 2022 11:10:27 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 7327E42C7B for ; Wed, 27 Jul 2022 11:10:27 +0200 (CEST) Date: Wed, 27 Jul 2022 11:10:20 +0200 From: Fabian =?iso-8859-1?q?Gr=FCnbichler?= To: Proxmox VE development discussion References: <20220602072450.55209-1-o.bektas@proxmox.com> In-Reply-To: <<20220602072450.55209-1-o.bektas@proxmox.com> MIME-Version: 1.0 User-Agent: astroid/0.15.0 (https://github.com/astroidmail/astroid) Message-Id: <1658908014.zeyifvlr1o.astroid@nora.none> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-SPAM-LEVEL: Spam detection results: 0 AWL 0.162 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pve-devel] [PATCH v4 access-control++ 00/18] SuperUser privilege X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Jul 2022 09:10:58 -0000 On June 2, 2022 9:24 am, Oguz Bektas wrote: > big thanks to Fabian G. for the earlier reviews :) >=20 > v3 was not reviewed but i thought i should rebase it to make it easier. > i also noticed some things that weren't addressed or were > incorrect, so those are hopefully fixed now. sorry for the long delay! > please note that the privilege columns of the role selector in widget-too= lkit > is broken (reverting commit 49275c6726e7bf40f6d79e7b62eb4ad490a75119 fixe= s > that, the custom renderer broke the view but i wasn't able to come up wit= h a > fix besides that -- extjs is pretty weird) is this fixed nowadays? >=20 > v3->v4 > * rebased to latest commits > * fix incorrect check for login prompt in pve-manager for termproxy and f= riends > * slightly changed warning message when checking propagate > * show warning to user via raise_perm_exc() when changing passwords > * mark shortcut in parse_backup_hints >=20 >=20 > v2->v3: > * fixed some incorrect checks in qemu-server > * further restrict changing passwords and tfa settings for superusers > * gui fix for lxc features > * slight improvements to docs, added some notes >=20 > see the separate patches for further details :) >=20 > intentionally left out ceph and cluster-related endpoints for checking SU > privileges: >=20 > * addnode > * copy > * create > * delnode > * index > * join >=20 I can guess that addnode,delnode,create and join are the respective=20 cluster endpoints (although for them the full API path or module would=20 obviously make sense as well!) copy and index could be anything? > * destroyosd > * createosd >=20 couldn't these also move to Sys.Modify like the rest of disk-management? > and some other endpoints: > * register_account > * deactivate_account >=20 these are ACME I guess? why would they need to be SU only? > i left these endpoints alone since we have plans to introduce separate > privileges for cluster-related actions in the future. some indication which parts you actively tested would be nice as well. please don't forget to re-check the API tree and other code for any=20 root@pam-only stuff that might have been added in the meantime! > access-control: Oguz Bektas (5): > add "SuperAdministrator" role with the new "SuperUser" privilege > RPC env: add SuperUser API permission for GUI capabilities > api: acl: only allow granting SU privilege if user already has it > api: roles: only allow modifying roles to add/remove SU if user has SU > themselves > api: allow superusers to edit tfa and password settings >=20 > src/PVE/API2/ACL.pm | 16 ++++++++++++++++ > src/PVE/API2/AccessControl.pm | 24 ++++++++++++++---------- > src/PVE/API2/Role.pm | 21 +++++++++++++++++++++ > src/PVE/API2/TFA.pm | 16 +++++++++++++++- > src/PVE/AccessControl.pm | 9 ++++++--- > src/PVE/RPCEnvironment.pm | 29 ++++++++++++++++++++++------- > 6 files changed, 94 insertions(+), 21 deletions(-) >=20 > qemu-server: Oguz Bektas (4): > api: allow SU privileged users to edit root-only options for VM > configs > migration tests: mock $rpcenv->check subroutine > api: allow superusers to use 'skiplock' option > parse_backup_hints: add comment for root shortcut and fix typos >=20 > PVE/API2/Qemu.pm | 133 +++++++++++++++++++++-------------- > PVE/QemuServer.pm | 6 +- > test/MigrationTest/QmMock.pm | 5 ++ > 3 files changed, 87 insertions(+), 57 deletions(-) >=20 > manager: Oguz Bektas (6): > api: backup: allow SUs to use 'tmpdir', 'dumpdir' and 'script' options > api: vzdump: allow SUs to use 'bwlimit' and 'ionice' parameters > api: always drop to login prompt for non-root users on terminal proxy > calls > ui: include "SuperUser" in privilege selector > ui: lxc features: check for SU instead of 'root@pam' > ui: adapt sensible 'root@pam' checks to SU >=20 > PVE/API2/Backup.pm | 11 +++++++---- > PVE/API2/Nodes.pm | 11 ++++++++--- > PVE/API2/VZDump.pm | 8 +++++--- > www/manager6/form/PrivilegesSelector.js | 2 +- > www/manager6/lxc/Options.js | 8 ++++++-- > www/manager6/lxc/Resources.js | 6 +++--- > www/manager6/window/Migrate.js | 4 ++-- > 7 files changed, 32 insertions(+), 18 deletions(-) >=20 > container: Oguz Bektas (1): > fix #2582: api: add checks for 'SuperUser' privilege for root-only > options >=20 > src/PVE/API2/LXC.pm | 19 +++++++++---------- > src/PVE/API2/LXC/Config.pm | 2 +- > src/PVE/API2/LXC/Status.pm | 12 ++++++++---- > src/PVE/LXC.pm | 21 ++++++++++++--------- > src/PVE/LXC/Create.pm | 2 +- > 5 files changed, 31 insertions(+), 25 deletions(-) >=20 > storage: Oguz Bektas (1): > check_volume_access: allow superusers to pass arbitrary fs paths >=20 > PVE/Storage.pm | 9 +++++++-- > 1 file changed, 7 insertions(+), 2 deletions(-) >=20 > docs: Oguz Bektas (1): > pveum: add SU privilege and SA role >=20 > pveum.adoc | 14 +++++++++++++- > 1 file changed, 13 insertions(+), 1 deletion(-) >=20 > --=20 > 2.30.2 >=20 >=20 > _______________________________________________ > pve-devel mailing list > pve-devel@lists.proxmox.com > https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel >=20 >=20 >=20