From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <o.bektas@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id 11FA06A067
 for <pve-devel@lists.proxmox.com>; Tue, 15 Mar 2022 12:21:30 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id 050B91D80E
 for <pve-devel@lists.proxmox.com>; Tue, 15 Mar 2022 12:21:30 +0100 (CET)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
 [94.136.29.106])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS id 4E41D1D804
 for <pve-devel@lists.proxmox.com>; Tue, 15 Mar 2022 12:21:29 +0100 (CET)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
 by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 0D0D2427B3
 for <pve-devel@lists.proxmox.com>; Tue, 15 Mar 2022 12:21:29 +0100 (CET)
Date: Tue, 15 Mar 2022 12:21:26 +0100
From: Oguz Bektas <o.bektas@proxmox.com>
To: Thomas Lamprecht <t.lamprecht@proxmox.com>
Cc: Proxmox VE development discussion <pve-devel@lists.proxmox.com>,
 Fabian Ebner <f.ebner@proxmox.com>
Message-ID: <YjB2tiRLzHit2bm6@gaia>
Mail-Followup-To: Oguz Bektas <o.bektas@proxmox.com>,
 Thomas Lamprecht <t.lamprecht@proxmox.com>,
 Proxmox VE development discussion <pve-devel@lists.proxmox.com>,
 Fabian Ebner <f.ebner@proxmox.com>
References: <20220314135042.1210842-1-o.bektas@proxmox.com>
 <937a66e6-aa1f-5ef7-5f84-7814f8b6469f@proxmox.com>
 <c116dfb2-0e34-a1de-b3dc-a5f3e48c64b5@proxmox.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <c116dfb2-0e34-a1de-b3dc-a5f3e48c64b5@proxmox.com>
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.572 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
 T_SCC_BODY_TEXT_LINE    -0.01 -
 URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See
 http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more
 information. [restenvironment.pm]
Subject: Re: [pve-devel] [PATCH v2 common] REST environment: default to
 root@pam in forked workers if no user was specified
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Tue, 15 Mar 2022 11:21:30 -0000

hi,

On Tue, Mar 15, 2022 at 09:57:34AM +0100, Thomas Lamprecht wrote:
> On 15.03.22 08:31, Fabian Ebner wrote:
> > Am 14.03.22 um 14:50 schrieb Oguz Bektas:
> >> first call $rpcenv->get_user() if user was 'undef'. if that doesn't
> >> return then we set it to root@pam.
> 
> this is just the "whats done" description, that's not really interesting for
> such a short patch, as it can be read from the code change directly without
> much effort. A sentence about why (original code reason, change reason to the
> new behavior) and impact (what are the call sites that could be affected)
> would be more helpful.

those were all in the v1 patch for pve-container (which had the only call
sites that i could find where user was undefined, namely push_file and
pull_file) but got dropped with the v2 according to fabi's
recommendation. i can send that back if needed :)

> 
> >>
> >> Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
> >> ---
> >> v1->v2:
> >> * do get_user() first, set to 'root@pam' as fallback
> >> * drop first patch for pve-container (not needed anymore)
> >>
> >>  src/PVE/RESTEnvironment.pm | 7 ++++++-
> >>  1 file changed, 6 insertions(+), 1 deletion(-)
> >>
> >> diff --git a/src/PVE/RESTEnvironment.pm b/src/PVE/RESTEnvironment.pm
> >> index 1b2af08..bc5b8b5 100644
> >> --- a/src/PVE/RESTEnvironment.pm
> >> +++ b/src/PVE/RESTEnvironment.pm
> >> @@ -492,7 +492,12 @@ sub fork_worker {
> >>      $dtype = 'unknown' if !defined ($dtype);
> >>      $id = '' if !defined ($id);
> >>  
> >> -    $user = 'root@pve' if !defined ($user);
> >> +    $user = $self->get_user() if !defined($user);
> > 
> > If you don't set $noerr when calling get_user(), the below if block is
> > dead code.


oops, you're right ^^

> > 
> >> +
> >> +    if (!defined($user)) {
> >> +	warn 'internal error: Worker user was not specified, defaulting to "root@pam"!';
> 
> missing newline at the ends means spamming the log more with internal perl module
> file/line location and I don't really get the warning in the first place, either
> it's OK to fallback or not.
> 
> The REST-env should have a valid user for most (all?) API/CLI-handler derived use
> cases, as only the public API calls have no user set but there we don't use fork_worker
> at all.
> 
> So, I'd examine possible call sites that won't have a user passed nor available via
> get_user(), and dependening from if they even exist I'd
> 
> * check if we could set a sensible user-id, if possible, there already
> * make this either a no-warn or just drop the if-block and avoid passing the $noerr
>   to $self->get_user(), making this a usage error. The latter would be cleaner, but
>   has some theoretic breakage potential. As call-site evaluation should be done in any
>   case, as neither breakage nor defaulting to root@pam is something that should be done
>   "blindly" (I mean, root fallback was probably intended originally, just avoided due
>    to the realm typo, but still).

see the v1 patch for pve-container. i didn't find any other call sites, the
warning was in case we forgot any other call sites somewhere.

defaulting to 'root@pam' in this case actually has no effect but it's
only in the logging for tasks.

i talked to dietmar about this off-list before sending the v1, since
this bit of code was originally imported from the svn repositories way
back, and he told me that it was intended for the log.