* [pve-devel] [PATCH qemu-server manager] Properly check cloud-init drive permissions @ 2022-11-03 13:04 Leo Nunner 2022-11-03 13:04 ` [pve-devel] [PATCH qemu-server 1/1] fix #4321: properly " Leo Nunner 2022-11-03 13:04 ` [pve-devel] [PATCH manager " Leo Nunner 0 siblings, 2 replies; 5+ messages in thread From: Leo Nunner @ 2022-11-03 13:04 UTC (permalink / raw) To: pve-devel The "Add CloudInit Drive" button in the UI was only enabled when the user had Sys.Console permissions, even if the other correct permissions were set. The backend check for these permissions also needed to be revamped to be more consistent. Leo Nunner (1): fix #4321: properly check cloud-init drive permissions PVE/API2/Qemu.pm | 6 ++++-- PVE/QemuServer/Drive.pm | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) Leo Nunner (1): fix #4321: properly check cloud-init drive permissions www/manager6/qemu/HardwareView.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) -- 2.30.2 ^ permalink raw reply [flat|nested] 5+ messages in thread
* [pve-devel] [PATCH qemu-server 1/1] fix #4321: properly check cloud-init drive permissions 2022-11-03 13:04 [pve-devel] [PATCH qemu-server manager] Properly check cloud-init drive permissions Leo Nunner @ 2022-11-03 13:04 ` Leo Nunner 2022-11-16 12:15 ` Thomas Lamprecht 2022-11-03 13:04 ` [pve-devel] [PATCH manager " Leo Nunner 1 sibling, 1 reply; 5+ messages in thread From: Leo Nunner @ 2022-11-03 13:04 UTC (permalink / raw) To: pve-devel The process for editing cloud-init drives checked for inconsistent permissions: for adding, the VM.Config.Disk permission was needed, while the VM.Config.CDROM permission was needed to remove a drive. The regex in drive_is_cloudinit needed to be adapted since the drive names have different formats before/after they are actually generated. Furthermore, the VM.Config.Cloudinit permission should be required to edit cloud-init drives. Signed-off-by: Leo Nunner <l.nunner@proxmox.com> --- PVE/API2/Qemu.pm | 6 ++++-- PVE/QemuServer/Drive.pm | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm index 3ec31c2..cacd233 100644 --- a/PVE/API2/Qemu.pm +++ b/PVE/API2/Qemu.pm @@ -1512,11 +1512,13 @@ my $update_vm_api = sub { my $check_drive_perms = sub { my ($opt, $val) = @_; my $drive = PVE::QemuServer::parse_drive($opt, $val, 1); - # FIXME: cloudinit: CDROM or Disk? - if (PVE::QemuServer::drive_is_cdrom($drive)) { # CDROM + if(PVE::QemuServer::drive_is_cloudinit($drive)) { + $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Cloudinit', 'VM.Config.Disk']); + } elsif (PVE::QemuServer::drive_is_cdrom($drive, 1)) { # CDROM $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.CDROM']); } else { $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']); + } }; diff --git a/PVE/QemuServer/Drive.pm b/PVE/QemuServer/Drive.pm index 1dc6171..12a1fbe 100644 --- a/PVE/QemuServer/Drive.pm +++ b/PVE/QemuServer/Drive.pm @@ -540,7 +540,7 @@ sub verify_bootdisk { sub drive_is_cloudinit { my ($drive) = @_; - return $drive->{file} =~ m@[:/]vm-\d+-cloudinit(?:\.$QEMU_FORMAT_RE)?$@; + return $drive->{file} =~ m@[:/](?:vm-\d+-)?cloudinit(?:\.$QEMU_FORMAT_RE)?$@; } sub drive_is_cdrom { -- 2.30.2 ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [pve-devel] [PATCH qemu-server 1/1] fix #4321: properly check cloud-init drive permissions 2022-11-03 13:04 ` [pve-devel] [PATCH qemu-server 1/1] fix #4321: properly " Leo Nunner @ 2022-11-16 12:15 ` Thomas Lamprecht 2022-11-16 14:17 ` Leo Nunner 0 siblings, 1 reply; 5+ messages in thread From: Thomas Lamprecht @ 2022-11-16 12:15 UTC (permalink / raw) To: Proxmox VE development discussion, Leo Nunner Am 03/11/2022 um 14:04 schrieb Leo Nunner: > The process for editing cloud-init drives checked for inconsistent > permissions: for adding, the VM.Config.Disk permission was needed, while > the VM.Config.CDROM permission was needed to remove a drive. The regex > in drive_is_cloudinit needed to be adapted since the drive names have > different formats before/after they are actually generated. Furthermore, > the VM.Config.Cloudinit permission should be required to edit > cloud-init drives. > > Signed-off-by: Leo Nunner <l.nunner@proxmox.com> > --- > PVE/API2/Qemu.pm | 6 ++++-- > PVE/QemuServer/Drive.pm | 2 +- > 2 files changed, 5 insertions(+), 3 deletions(-) > > diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm > index 3ec31c2..cacd233 100644 > --- a/PVE/API2/Qemu.pm > +++ b/PVE/API2/Qemu.pm > @@ -1512,11 +1512,13 @@ my $update_vm_api = sub { > my $check_drive_perms = sub { > my ($opt, $val) = @_; > my $drive = PVE::QemuServer::parse_drive($opt, $val, 1); > - # FIXME: cloudinit: CDROM or Disk? > - if (PVE::QemuServer::drive_is_cdrom($drive)) { # CDROM > + if(PVE::QemuServer::drive_is_cloudinit($drive)) { missing white after `if` > + $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Cloudinit', 'VM.Config.Disk']); while I don't think that the perm change is problematic w.r.t. backward compat in practice, it seems a bit odd to argue for disk only, maybe we need to also check for CDROM, as cloudinit *adds* a cdrom drive, so it may required that too. But, to decide that I wanted to check our privilege docs, only to notice that we do not mention the cloudinit one there at all, not great... https://pve.proxmox.com/pve-docs/chapter-pveum.html#_privileges Please check the dev history to see if Cloudinit is deemed enough to add the CDROM or if we should add that priv to the check too, then re-send this with updated commit message, the whitespace fixes and a docs patch. ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [pve-devel] [PATCH qemu-server 1/1] fix #4321: properly check cloud-init drive permissions 2022-11-16 12:15 ` Thomas Lamprecht @ 2022-11-16 14:17 ` Leo Nunner 0 siblings, 0 replies; 5+ messages in thread From: Leo Nunner @ 2022-11-16 14:17 UTC (permalink / raw) To: Thomas Lamprecht, Proxmox VE development discussion On 2022-11-16 13:15, Thomas Lamprecht wrote: > Am 03/11/2022 um 14:04 schrieb Leo Nunner: >> The process for editing cloud-init drives checked for inconsistent >> permissions: for adding, the VM.Config.Disk permission was needed, while >> the VM.Config.CDROM permission was needed to remove a drive. The regex >> in drive_is_cloudinit needed to be adapted since the drive names have >> different formats before/after they are actually generated. Furthermore, >> the VM.Config.Cloudinit permission should be required to edit >> cloud-init drives. >> >> Signed-off-by: Leo Nunner <l.nunner@proxmox.com> >> --- >> PVE/API2/Qemu.pm | 6 ++++-- >> PVE/QemuServer/Drive.pm | 2 +- >> 2 files changed, 5 insertions(+), 3 deletions(-) >> >> diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm >> index 3ec31c2..cacd233 100644 >> --- a/PVE/API2/Qemu.pm >> +++ b/PVE/API2/Qemu.pm >> @@ -1512,11 +1512,13 @@ my $update_vm_api = sub { >> my $check_drive_perms = sub { >> my ($opt, $val) = @_; >> my $drive = PVE::QemuServer::parse_drive($opt, $val, 1); >> - # FIXME: cloudinit: CDROM or Disk? >> - if (PVE::QemuServer::drive_is_cdrom($drive)) { # CDROM >> + if(PVE::QemuServer::drive_is_cloudinit($drive)) { > missing white after `if` > >> + $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Cloudinit', 'VM.Config.Disk']); > while I don't think that the perm change is problematic w.r.t. backward compat > in practice, it seems a bit odd to argue for disk only, maybe we need to also > check for CDROM, as cloudinit *adds* a cdrom drive, so it may required that too. > > But, to decide that I wanted to check our privilege docs, only to notice that we > do not mention the cloudinit one there at all, not great... > > https://pve.proxmox.com/pve-docs/chapter-pveum.html#_privileges > > Please check the dev history to see if Cloudinit is deemed enough to add the CDROM > or if we should add that priv to the check too, then re-send this with updated > commit message, the whitespace fixes and a docs patch. > AFAICT, VM.Config.Cloudinit seems to have been introduced solely to set cloudinit options in the config itself [1], so I don't think it should be the only requirement for adding cloudinit drives. I agree though, now that I think about it, solely checking for VM.Config.Disk as an added requirement doesn't make much sense; the only reason why it checked for this permission in the first place was that the string for cloudinit drives fell through the regex in drive_is_cdrom before being generated, and was thus being seen as a disk, not a CDROM drive. So, for backwards-compatibility purposes, I guess VM.Config.Cloudinit && (VM.Config.Disk || VM.Config.CDROM) would make the most sense. [1] https://git.proxmox.com/?p=qemu-server.git;a=commit;h=fc701af7406336d18e4f20d61010c7de69fdd9f1 ^ permalink raw reply [flat|nested] 5+ messages in thread
* [pve-devel] [PATCH manager 1/1] fix #4321: properly check cloud-init drive permissions 2022-11-03 13:04 [pve-devel] [PATCH qemu-server manager] Properly check cloud-init drive permissions Leo Nunner 2022-11-03 13:04 ` [pve-devel] [PATCH qemu-server 1/1] fix #4321: properly " Leo Nunner @ 2022-11-03 13:04 ` Leo Nunner 1 sibling, 0 replies; 5+ messages in thread From: Leo Nunner @ 2022-11-03 13:04 UTC (permalink / raw) To: pve-devel Checking for only Sys.Console prevents users who actually have the correct permissions (VM.Config.Disk, VM.Config.Cloudinit) from adding a new cloud-init drive. Signed-off-by: Leo Nunner <l.nunner@proxmox.com> --- www/manager6/qemu/HardwareView.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/www/manager6/qemu/HardwareView.js b/www/manager6/qemu/HardwareView.js index 6e9d03b4..c7843b82 100644 --- a/www/manager6/qemu/HardwareView.js +++ b/www/manager6/qemu/HardwareView.js @@ -569,6 +569,7 @@ Ext.define('PVE.qemu.HardwareView', { const noVMConfigHWTypePerm = !caps.vms['VM.Config.HWType']; const noVMConfigNetPerm = !caps.vms['VM.Config.Network']; const noVMConfigDiskPerm = !caps.vms['VM.Config.Disk']; + const noVMConfigCloudinitPerm = !caps.vms['VM.Config.Cloudinit']; me.down('#addUsb').setDisabled(noSysConsolePerm || isAtLimit('usb')); me.down('#addPci').setDisabled(noSysConsolePerm || isAtLimit('hostpci')); @@ -578,7 +579,7 @@ Ext.define('PVE.qemu.HardwareView', { me.down('#addRng').setDisabled(noSysConsolePerm || isAtLimit('rng')); efidisk_menuitem.setDisabled(noVMConfigDiskPerm || isAtLimit('efidisk')); me.down('#addTpmState').setDisabled(noSysConsolePerm || isAtLimit('tpmstate')); - me.down('#addCloudinitDrive').setDisabled(noSysConsolePerm || hasCloudInit); + me.down('#addCloudinitDrive').setDisabled(noVMConfigDiskPerm || noVMConfigCloudinitPerm || hasCloudInit); if (!rec) { remove_btn.disable(); @@ -701,7 +702,7 @@ Ext.define('PVE.qemu.HardwareView', { text: gettext('CloudInit Drive'), itemId: 'addCloudinitDrive', iconCls: 'fa fa-fw fa-cloud black', - disabled: !caps.nodes['Sys.Console'], + disabled: !caps.vms['Vm.Config.Disk'] || !caps.vms['Vm.Config.Cloudinit'], handler: editorFactory('CIDriveEdit'), }, { -- 2.30.2 ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2022-11-16 14:18 UTC | newest] Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2022-11-03 13:04 [pve-devel] [PATCH qemu-server manager] Properly check cloud-init drive permissions Leo Nunner 2022-11-03 13:04 ` [pve-devel] [PATCH qemu-server 1/1] fix #4321: properly " Leo Nunner 2022-11-16 12:15 ` Thomas Lamprecht 2022-11-16 14:17 ` Leo Nunner 2022-11-03 13:04 ` [pve-devel] [PATCH manager " Leo Nunner
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox