From: Fiona Ebner <f.ebner@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH manager 5/6] api: backup: require Datastore.Allocate on storage
Date: Wed, 16 Nov 2022 15:04:34 +0100 [thread overview]
Message-ID: <20221116140435.93067-6-f.ebner@proxmox.com> (raw)
In-Reply-To: <20221116140435.93067-1-f.ebner@proxmox.com>
In particular this ensures that the user is allowed to remove data on
the storage, because configuring low retention results in removed
older backups. Of course setting the storage itself also needs to
require the same privilege then.
This is a breaking API change, but it seems sensible to require
permissions on the affected storage too.
Jobs with a dumpdir setting can be configured by root only.
Suggested-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
Not sure about the dumpdir jobs, should those rather require
Sys.Modify on /? The dumpdir setting itself is still root-only.
PVE/API2/Backup.pm | 33 +++++++++++++++++++++++++++++++--
1 file changed, 31 insertions(+), 2 deletions(-)
diff --git a/PVE/API2/Backup.pm b/PVE/API2/Backup.pm
index 684a078e..74bf95ca 100644
--- a/PVE/API2/Backup.pm
+++ b/PVE/API2/Backup.pm
@@ -54,12 +54,39 @@ sub assert_param_permission_common {
}
}
+my sub assert_param_permission_create {
+ my ($rpcenv, $user, $param) = @_;
+ return if $user eq 'root@pam'; # always OK
+
+ assert_param_permission_common($rpcenv, $user, $param);
+
+ if (!$param->{dumpdir}) {
+ my $storeid = $param->{storage} || 'local';
+ $rpcenv->check($user, "/storage/$storeid", [ 'Datastore.Allocate' ]);
+ } # no else branch, because dumpdir is root-only
+}
+
my sub assert_param_permission_update {
- my ($rpcenv, $user, $update, $delete) = @_;
+ my ($rpcenv, $user, $update, $delete, $current) = @_;
return if $user eq 'root@pam'; # always OK
assert_param_permission_common($rpcenv, $user, $update);
assert_param_permission_common($rpcenv, $user, $delete);
+
+ if ($update->{storage}) {
+ $rpcenv->check($user, "/storage/$update->{storage}", [ 'Datastore.Allocate' ])
+ } elsif ($delete->{storage}) {
+ $rpcenv->check($user, "/storage/local", [ 'Datastore.Allocate' ]);
+ }
+
+ return if !$current; # early check done
+
+ if ($current->{dumpdir}) {
+ die "only root\@pam may edit jobs with a 'dumpdir' option.";
+ } else {
+ my $storeid = $current->{storage} || 'local';
+ $rpcenv->check($user, "/storage/$storeid", [ 'Datastore.Allocate' ]);
+ }
}
my $convert_to_schedule = sub {
@@ -220,7 +247,7 @@ __PACKAGE__->register_method({
my $rpcenv = PVE::RPCEnvironment::get();
my $user = $rpcenv->get_user();
- assert_param_permission_common($rpcenv, $user, $param);
+ assert_param_permission_create($rpcenv, $user, $param);
if (my $pool = $param->{pool}) {
$rpcenv->check_pool_exist($pool);
@@ -473,6 +500,8 @@ __PACKAGE__->register_method({
die "no such vzdump job\n" if !$job || $job->{type} ne 'vzdump';
}
+ assert_param_permission_update($rpcenv, $user, $param, $delete, $job);
+
my $deletable = {
comment => 1,
'repeat-missed' => 1,
--
2.30.2
next prev parent reply other threads:[~2022-11-16 14:05 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-16 14:04 [pve-devel] [PATCH-SERIES manager] backup permission improvements Fiona Ebner
2022-11-16 14:04 ` [pve-devel] [PATCH manager 1/6] api: vzdump: soften parameter permission checks Fiona Ebner
2022-11-21 14:58 ` [pve-devel] applied: " Thomas Lamprecht
2022-11-16 14:04 ` [pve-devel] [PATCH manager 2/6] api: backup: update: turn delete into a hash Fiona Ebner
2022-11-16 14:04 ` [pve-devel] [PATCH manager 3/6] api: backup: update: allow only deleting Fiona Ebner
2022-11-16 14:04 ` [pve-devel] [PATCH manager 4/6] api: backup: update: check permissions of delete params too Fiona Ebner
2022-11-16 14:04 ` Fiona Ebner [this message]
2022-11-16 14:04 ` [pve-devel] [PATCH manager 6/6] api: backup/vzdump: add get_storage_param helper Fiona Ebner
2023-04-05 7:43 ` [pve-devel] [PATCH-SERIES manager] backup permission improvements Fiona Ebner
2023-06-06 6:33 ` Fiona Ebner
2023-06-07 14:58 ` [pve-devel] applied: " Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221116140435.93067-6-f.ebner@proxmox.com \
--to=f.ebner@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox