From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id B158197EF for ; Thu, 3 Aug 2023 14:23:54 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 924CF3178 for ; Thu, 3 Aug 2023 14:23:24 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Thu, 3 Aug 2023 14:23:23 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id F14E24260A for ; Thu, 3 Aug 2023 14:17:35 +0200 (CEST) From: Lukas Wagner To: pve-devel@lists.proxmox.com Date: Thu, 3 Aug 2023 14:17:13 +0200 Message-Id: <20230803121719.519207-25-l.wagner@proxmox.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230803121719.519207-1-l.wagner@proxmox.com> References: <20230803121719.519207-1-l.wagner@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL -0.049 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - Subject: [pve-devel] [PATCH v6 pve-manager 24/30] api: notification: make the 'mail-to-root' target visible to any user X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Aug 2023 12:23:54 -0000 Since the target does not require Mapping.Use, it should also be visible and testable by all users. Short explanation why the 'mail-to-root' is exempt from priv checks: To ensure backwards compatibility, the 'mail-to-root' target does not require the `Mapping.Use` privs. This is needed due to the fact that this target is used as a fallback in case no other target is configured for an event. For instance, the /node//apt/update API call only requires Sys.Modify for the node, but it can also send a notification. If we were to require Mapping.Use, we could break the apt/update API compat in the case that a notification shall be sent, but without any configured notification target (which will then default to 'mail-to-root'). Signed-off-by: Lukas Wagner --- Notes: Changes since v5: - Fix bug in permission check PVE/API2/Cluster/Notifications.pm | 31 ++++++++++++++++++++++--------- 1 file changed, 22 insertions(+), 9 deletions(-) diff --git a/PVE/API2/Cluster/Notifications.pm b/PVE/API2/Cluster/Notifications.pm index 9c9e8243..ec666903 100644 --- a/PVE/API2/Cluster/Notifications.pm +++ b/PVE/API2/Cluster/Notifications.pm @@ -68,7 +68,7 @@ sub filter_entities_by_privs { "/mapping/notification/$_->{name}", $can_see_mapping_privs, 1 - ) + ) || $_->{name} eq PVE::Notify::default_target(); } @$entities]; return $filtered; @@ -165,7 +165,8 @@ __PACKAGE__->register_method ({ ' (endpoints and groups).', permissions => { description => "Only lists entries where you have 'Mapping.Modify', 'Mapping.Use' or" - . " 'Mapping.Audit' permissions on '/mapping/notification/'.", + . " 'Mapping.Audit' permissions on '/mapping/notification/'." + . " The special 'mail-to-root' target is available to all users.", user => 'all', }, protected => 1, @@ -244,11 +245,10 @@ __PACKAGE__->register_method ({ method => 'POST', description => 'Send a test notification to a provided target.', permissions => { - check => ['or', - ['perm', '/mapping/notification/{name}', ['Mapping.Use']], - ['perm', '/mapping/notification/{name}', ['Mapping.Modify']], - ['perm', '/mapping/notification/{name}', ['Mapping.Audit']], - ], + description => "The user requires 'Mapping.Modify', 'Mapping.Use' or" + . " 'Mapping.Audit' permissions on '/mapping/notification/'." + . " The special 'mail-to-root' target can be accessed by all users.", + user => 'all', }, parameters => { additionalProperties => 0, @@ -264,10 +264,23 @@ __PACKAGE__->register_method ({ code => sub { my ($param) = @_; my $name = extract_param($param, 'name'); - - my $config = PVE::Notify::read_config(); + my $rpcenv = PVE::RPCEnvironment::get(); + my $authuser = $rpcenv->get_user(); + + my $privs = ['Mapping.Modify', 'Mapping.Use', 'Mapping.Audit']; + + if ($name ne PVE::Notify::default_target()) { + # Due to backwards compatibility reasons the 'mail-to-root' + # target must be accessible for any user + $rpcenv->check_any( + $authuser, + "/mapping/notification/$name", + $privs, + ); + } eval { + my $config = PVE::Notify::read_config(); $config->test_target($name); }; -- 2.39.2