* [pve-devel] [PATCH manager 1/2] pve7to8: refactor user.cfg loop
@ 2023-06-13 11:50 Fabian Grünbichler
2023-06-13 11:50 ` [pve-devel] [PATCH manager 2/2] pve7to8: add check for dropped Permissions.Modify Fabian Grünbichler
2023-06-16 12:39 ` [pve-devel] applied-series: [PATCH manager 1/2] pve7to8: refactor user.cfg loop Thomas Lamprecht
0 siblings, 2 replies; 3+ messages in thread
From: Fabian Grünbichler @ 2023-06-13 11:50 UTC (permalink / raw)
To: pve-devel
next patch adds acl-related checks
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
PVE/CLI/pve7to8.pm | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/PVE/CLI/pve7to8.pm b/PVE/CLI/pve7to8.pm
index 6b51e98eb..7dc66499a 100644
--- a/PVE/CLI/pve7to8.pm
+++ b/PVE/CLI/pve7to8.pm
@@ -720,17 +720,17 @@ sub check_custom_pool_roles {
}
my $et = shift @data;
- next if $et ne 'role';
-
- my ($role, $privlist) = @data;
- if (!PVE::AccessControl::verify_rolename($role, 1)) {
- warn "user config - ignore role '$role' - invalid characters in role name\n";
- next;
- }
+ if ($et eq 'role') {
+ my ($role, $privlist) = @data;
+ if (!PVE::AccessControl::verify_rolename($role, 1)) {
+ warn "user config - ignore role '$role' - invalid characters in role name\n";
+ next;
+ }
- $roles->{$role} = {} if !$roles->{$role};
- foreach my $priv (split_list($privlist)) {
- $roles->{$role}->{$priv} = 1;
+ $roles->{$role} = {} if !$roles->{$role};
+ foreach my $priv (split_list($privlist)) {
+ $roles->{$role}->{$priv} = 1;
+ }
}
}
--
2.39.2
^ permalink raw reply [flat|nested] 3+ messages in thread
* [pve-devel] [PATCH manager 2/2] pve7to8: add check for dropped Permissions.Modify
2023-06-13 11:50 [pve-devel] [PATCH manager 1/2] pve7to8: refactor user.cfg loop Fabian Grünbichler
@ 2023-06-13 11:50 ` Fabian Grünbichler
2023-06-16 12:39 ` [pve-devel] applied-series: [PATCH manager 1/2] pve7to8: refactor user.cfg loop Thomas Lamprecht
1 sibling, 0 replies; 3+ messages in thread
From: Fabian Grünbichler @ 2023-06-13 11:50 UTC (permalink / raw)
To: pve-devel
as a warning only - depending on desired privileges, no action might be
necessary.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
PVE/CLI/pve7to8.pm | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/PVE/CLI/pve7to8.pm b/PVE/CLI/pve7to8.pm
index 7dc66499a..82441b0f8 100644
--- a/PVE/CLI/pve7to8.pm
+++ b/PVE/CLI/pve7to8.pm
@@ -695,7 +695,7 @@ sub check_cifs_credential_location {
}
sub check_custom_pool_roles {
- log_info("Checking custom role IDs for clashes with new 'PVE' namespace..");
+ log_info("Checking permission system changes..");
if (! -f "/etc/pve/user.cfg") {
log_skip("user.cfg does not exist");
@@ -731,9 +731,17 @@ sub check_custom_pool_roles {
foreach my $priv (split_list($privlist)) {
$roles->{$role}->{$priv} = 1;
}
+ } elsif ($et eq 'acl') {
+ my ($propagate, $pathtxt, $uglist, $rolelist) = @data;
+ foreach my $role (split_list($rolelist)) {
+ if ($role eq 'PVESysAdmin' || $role eq 'PVEAdmin') {
+ log_warn("found ACL entry on '$pathtxt' for '$uglist' with role '$role' - this role will no longer have 'Permissions.Modify' after the upgrade!");
+ }
+ }
}
}
+ log_info("Checking custom role IDs for clashes with new 'PVE' namespace..");
my ($custom_roles, $pve_namespace_clashes) = (0, 0);
for my $role (sort keys %{$roles}) {
next if PVE::AccessControl::role_is_special($role);
--
2.39.2
^ permalink raw reply [flat|nested] 3+ messages in thread
* [pve-devel] applied-series: [PATCH manager 1/2] pve7to8: refactor user.cfg loop
2023-06-13 11:50 [pve-devel] [PATCH manager 1/2] pve7to8: refactor user.cfg loop Fabian Grünbichler
2023-06-13 11:50 ` [pve-devel] [PATCH manager 2/2] pve7to8: add check for dropped Permissions.Modify Fabian Grünbichler
@ 2023-06-16 12:39 ` Thomas Lamprecht
1 sibling, 0 replies; 3+ messages in thread
From: Thomas Lamprecht @ 2023-06-16 12:39 UTC (permalink / raw)
To: Proxmox VE development discussion, Fabian Grünbichler
Am 13/06/2023 um 13:50 schrieb Fabian Grünbichler:
> next patch adds acl-related checks
>
> Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
> ---
> PVE/CLI/pve7to8.pm | 20 ++++++++++----------
> 1 file changed, 10 insertions(+), 10 deletions(-)
>
>
seems I forgot to reply on those two, so:
applied both patches, thanks!
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-06-16 12:39 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-06-13 11:50 [pve-devel] [PATCH manager 1/2] pve7to8: refactor user.cfg loop Fabian Grünbichler
2023-06-13 11:50 ` [pve-devel] [PATCH manager 2/2] pve7to8: add check for dropped Permissions.Modify Fabian Grünbichler
2023-06-16 12:39 ` [pve-devel] applied-series: [PATCH manager 1/2] pve7to8: refactor user.cfg loop Thomas Lamprecht
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox