From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 0FDA094CFD for ; Thu, 11 Apr 2024 11:38:59 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id E41591E80F for ; Thu, 11 Apr 2024 11:38:58 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Thu, 11 Apr 2024 11:38:58 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 8E09D44A5A for ; Thu, 11 Apr 2024 11:33:16 +0200 (CEST) From: Fiona Ebner To: pve-devel@lists.proxmox.com Date: Thu, 11 Apr 2024 11:29:35 +0200 Message-Id: <20240411092943.57377-15-f.ebner@proxmox.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20240411092943.57377-1-f.ebner@proxmox.com> References: <20240411092943.57377-1-f.ebner@proxmox.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL -0.072 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [backup.pm, vzdump.pm] Subject: [pve-devel] [PATCH manager v3 14/22] api: backup/vzdump: add permission check for fleecing storage X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Apr 2024 09:38:59 -0000 Similar to how Datastore.AllocateSpace is required for the backup storage, it should also be required for the fleecing storage. Removing a fleecing storage from a job does not require more permissions than for modifying the job. Suggested-by: Fabian Grünbichler Signed-off-by: Fiona Ebner --- Changes in v3: * avoid potential access of $fleecing=undef as a hash (for future-proofing, should not happen in practice). PVE/API2/Backup.pm | 10 ++++++++-- PVE/API2/VZDump.pm | 9 +++++---- PVE/VZDump.pm | 2 +- 3 files changed, 14 insertions(+), 7 deletions(-) diff --git a/PVE/API2/Backup.pm b/PVE/API2/Backup.pm index 70753c2e..88140323 100644 --- a/PVE/API2/Backup.pm +++ b/PVE/API2/Backup.pm @@ -42,7 +42,7 @@ my $vzdump_job_id_prop = { # NOTE: also used by the vzdump API call. sub assert_param_permission_common { - my ($rpcenv, $user, $param) = @_; + my ($rpcenv, $user, $param, $is_delete) = @_; return if $user eq 'root@pam'; # always OK for my $key (qw(tmpdir dumpdir script)) { @@ -52,6 +52,12 @@ sub assert_param_permission_common { if (grep { defined($param->{$_}) } qw(bwlimit ionice performance)) { $rpcenv->check($user, "/", [ 'Sys.Modify' ]); } + + if ($param->{fleecing} && !$is_delete) { + my $fleecing = PVE::VZDump::parse_fleecing($param) // {}; + $rpcenv->check($user, "/storage/$fleecing->{storage}", [ 'Datastore.AllocateSpace' ]) + if $fleecing->{storage}; + } } my sub assert_param_permission_create { @@ -70,7 +76,7 @@ my sub assert_param_permission_update { return if $user eq 'root@pam'; # always OK assert_param_permission_common($rpcenv, $user, $update); - assert_param_permission_common($rpcenv, $user, $delete); + assert_param_permission_common($rpcenv, $user, $delete, 1); if ($update->{storage}) { $rpcenv->check($user, "/storage/$update->{storage}", [ 'Datastore.Allocate' ]) diff --git a/PVE/API2/VZDump.pm b/PVE/API2/VZDump.pm index f66fc740..7f92e7ec 100644 --- a/PVE/API2/VZDump.pm +++ b/PVE/API2/VZDump.pm @@ -41,10 +41,11 @@ __PACKAGE__->register_method ({ description => "Create backup.", permissions => { description => "The user needs 'VM.Backup' permissions on any VM, and " - ."'Datastore.AllocateSpace' on the backup storage. The 'tmpdir', 'dumpdir' and " - ."'script' parameters are restricted to the 'root\@pam' user. The 'maxfiles' and " - ."'prune-backups' settings require 'Datastore.Allocate' on the backup storage. The " - ."'bwlimit', 'performance' and 'ionice' parameters require 'Sys.Modify' on '/'. ", + ."'Datastore.AllocateSpace' on the backup storage (and fleecing storage when fleecing " + ."is used). The 'tmpdir', 'dumpdir' and 'script' parameters are restricted to the " + ."'root\@pam' user. The 'maxfiles' and 'prune-backups' settings require " + ."'Datastore.Allocate' on the backup storage. The 'bwlimit', 'performance' and " + ."'ionice' parameters require 'Sys.Modify' on '/'.", user => 'all', }, protected => 1, diff --git a/PVE/VZDump.pm b/PVE/VZDump.pm index 812357bd..cde20624 100644 --- a/PVE/VZDump.pm +++ b/PVE/VZDump.pm @@ -130,7 +130,7 @@ my $generate_notes = sub { return $notes_template; }; -my sub parse_fleecing { +sub parse_fleecing { my ($param) = @_; if (defined(my $fleecing = $param->{fleecing})) { -- 2.39.2