From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 144266A003 for ; Tue, 15 Mar 2022 09:58:13 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 01EE81BE31 for ; Tue, 15 Mar 2022 09:57:43 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 5B85A1BE26 for ; Tue, 15 Mar 2022 09:57:42 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 2A2B3463EE for ; Tue, 15 Mar 2022 09:57:36 +0100 (CET) Message-ID: Date: Tue, 15 Mar 2022 09:57:34 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:99.0) Gecko/20100101 Thunderbird/99.0 Content-Language: en-US To: Proxmox VE development discussion , Fabian Ebner , Oguz Bektas References: <20220314135042.1210842-1-o.bektas@proxmox.com> <937a66e6-aa1f-5ef7-5f84-7814f8b6469f@proxmox.com> From: Thomas Lamprecht In-Reply-To: <937a66e6-aa1f-5ef7-5f84-7814f8b6469f@proxmox.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.058 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment NICE_REPLY_A -0.001 Looks like a legit reply (A) SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [restenvironment.pm] Subject: Re: [pve-devel] [PATCH v2 common] REST environment: default to root@pam in forked workers if no user was specified X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Mar 2022 08:58:13 -0000 On 15.03.22 08:31, Fabian Ebner wrote: > Am 14.03.22 um 14:50 schrieb Oguz Bektas: >> first call $rpcenv->get_user() if user was 'undef'. if that doesn't >> return then we set it to root@pam. this is just the "whats done" description, that's not really interesting for such a short patch, as it can be read from the code change directly without much effort. A sentence about why (original code reason, change reason to the new behavior) and impact (what are the call sites that could be affected) would be more helpful. >> >> Signed-off-by: Oguz Bektas >> --- >> v1->v2: >> * do get_user() first, set to 'root@pam' as fallback >> * drop first patch for pve-container (not needed anymore) >> >> src/PVE/RESTEnvironment.pm | 7 ++++++- >> 1 file changed, 6 insertions(+), 1 deletion(-) >> >> diff --git a/src/PVE/RESTEnvironment.pm b/src/PVE/RESTEnvironment.pm >> index 1b2af08..bc5b8b5 100644 >> --- a/src/PVE/RESTEnvironment.pm >> +++ b/src/PVE/RESTEnvironment.pm >> @@ -492,7 +492,12 @@ sub fork_worker { >> $dtype = 'unknown' if !defined ($dtype); >> $id = '' if !defined ($id); >> >> - $user = 'root@pve' if !defined ($user); >> + $user = $self->get_user() if !defined($user); > > If you don't set $noerr when calling get_user(), the below if block is > dead code. > >> + >> + if (!defined($user)) { >> + warn 'internal error: Worker user was not specified, defaulting to "root@pam"!'; missing newline at the ends means spamming the log more with internal perl module file/line location and I don't really get the warning in the first place, either it's OK to fallback or not. The REST-env should have a valid user for most (all?) API/CLI-handler derived use cases, as only the public API calls have no user set but there we don't use fork_worker at all. So, I'd examine possible call sites that won't have a user passed nor available via get_user(), and dependening from if they even exist I'd * check if we could set a sensible user-id, if possible, there already * make this either a no-warn or just drop the if-block and avoid passing the $noerr to $self->get_user(), making this a usage error. The latter would be cleaner, but has some theoretic breakage potential. As call-site evaluation should be done in any case, as neither breakage nor defaulting to root@pam is something that should be done "blindly" (I mean, root fallback was probably intended originally, just avoided due to the realm typo, but still).