]> git.proxmox.com Git - proxmox-backup.git/log
proxmox-backup.git
2 years agodatastore: make unsafe fn public again, useful for example/test
Thomas Lamprecht [Fri, 3 Jun 2022 15:10:17 +0000 (17:10 +0200)]
datastore: make unsafe fn public again, useful for example/test

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agodatastore: make unsafe functions only visible in their own crate
Thomas Lamprecht [Fri, 3 Jun 2022 11:42:42 +0000 (13:42 +0200)]
datastore: make unsafe functions only visible in their own crate

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agoapi: list datastores: avoid unsafe datastore open
Thomas Lamprecht [Fri, 3 Jun 2022 11:31:26 +0000 (13:31 +0200)]
api: list datastores: avoid unsafe datastore open

to avoid the problematic open fresh datastore with fresh chunkstore
with, and that's the actual problematic part, fresh process locker.
As the latter uses posix record locks which are pretty dangreous as
they operate on a path level (not FD level) and thus closing any file
opened (even if it wasn't opened for locking at all) drops all active
locks on the same file on completely unrelated file descriptors -.-

Also, no operation wasn't exactly correct for this thing in the first
place, but we cannot use Operation::Lookup either, as we're currently
indeed using a rather stupid-simple way and *are* reading.

So until we optimize this to allow querying the AclTree if there's
any priv XYZ below a path, use the Operation::Read.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agodatastore: add safety doc comment for unsafe opens
Thomas Lamprecht [Fri, 3 Jun 2022 08:58:33 +0000 (10:58 +0200)]
datastore: add safety doc comment for unsafe opens

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agodatastore: reduce chunk store open visibility and comment pitfalls
Thomas Lamprecht [Fri, 3 Jun 2022 08:15:41 +0000 (10:15 +0200)]
datastore: reduce chunk store open visibility and comment pitfalls

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agodatastore: rename non-telling `map` to `datastore_cache`
Thomas Lamprecht [Fri, 3 Jun 2022 08:11:09 +0000 (10:11 +0200)]
datastore: rename non-telling `map` to `datastore_cache`

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agodatastore: drop bogus last_update stale-cache mechanism
Thomas Lamprecht [Fri, 3 Jun 2022 08:04:16 +0000 (10:04 +0200)]
datastore: drop bogus last_update stale-cache mechanism

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agoconfig: version cache: fix ordering of datastore generation increase
Thomas Lamprecht [Fri, 3 Jun 2022 07:06:23 +0000 (09:06 +0200)]
config: version cache: fix ordering of datastore generation increase

Fixes: 118deb4d (pbs-datastore: use ConfigVersionCache for datastore)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agodatastore: more concise comment
Thomas Lamprecht [Thu, 2 Jun 2022 15:48:08 +0000 (17:48 +0200)]
datastore: more concise comment

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agobump version to 2.2.2-3
Thomas Lamprecht [Thu, 2 Jun 2022 15:25:05 +0000 (17:25 +0200)]
bump version to 2.2.2-3

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agodocs: faq: more specific eol date
Thomas Lamprecht [Thu, 2 Jun 2022 15:38:44 +0000 (17:38 +0200)]
docs: faq: more specific eol date

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agodatastore: lookup: reuse ChunkStore on stale datastore re-open
Dominik Csapak [Thu, 2 Jun 2022 14:27:44 +0000 (16:27 +0200)]
datastore: lookup: reuse ChunkStore on stale datastore re-open

When re-opening a datastore due to the cached entry being stale
(config change) but also if the last re-open was >60s ago). On
datastore open the chunk store was also re-opened, which in turn
creates a new ProcessLocker, loosing any existing shared lock which
can cause conflicts between long running (24h+) backups  and GC.

To fix this, reuse the existing ChunkStore, and thus  its
ProcessLocker, when creating a up-to-date datastore instance on
lookup, since only the datastore config should be reloaded. This is
fine as the ChunkStore path is not updatable over our API.

This was always a potential issue but got exposed in practice by
commit 118deb4db8e709b02704bc66c0551bfa7e4369ed which introduced the
unconditional "re-open after 60s" mechanism.

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
 [ T: reword commit message a bit and reference commit that made the
   issue much more likely ]
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agotree wide: clippy lint fixes
Thomas Lamprecht [Thu, 2 Jun 2022 13:59:53 +0000 (15:59 +0200)]
tree wide: clippy lint fixes

most (not all) where done automatically

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agoclient: clippy lints
Thomas Lamprecht [Thu, 2 Jun 2022 13:57:33 +0000 (15:57 +0200)]
client: clippy lints

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agoapi types: clippy lints
Thomas Lamprecht [Thu, 2 Jun 2022 13:57:07 +0000 (15:57 +0200)]
api types: clippy lints

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agoupdate to nix 0.24 / rustyline 9 / proxmox-sys 0.3
Fabian Grünbichler [Thu, 2 Jun 2022 11:10:33 +0000 (13:10 +0200)]
update to nix 0.24 / rustyline 9 / proxmox-sys 0.3

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2 years agobump tokio-util to 0.7
Fabian Grünbichler [Thu, 2 Jun 2022 07:40:54 +0000 (09:40 +0200)]
bump tokio-util to 0.7

along with the rest of tokio/futures/hyper/openssl being updated - this
is the only one we explicitly depend on that had a non-compatible
version number.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2 years agobump version to 2.2.2-2
Thomas Lamprecht [Wed, 1 Jun 2022 15:00:02 +0000 (17:00 +0200)]
bump version to 2.2.2-2

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agoserver: remove jobstate: ignore removal error due to file not found
Thomas Lamprecht [Wed, 1 Jun 2022 14:40:06 +0000 (16:40 +0200)]
server: remove jobstate: ignore removal error due to file not found

we want to remove lock and state file anyway, so not found is all
right

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agobump version to 2.2.2-1
Thomas Lamprecht [Wed, 1 Jun 2022 13:09:40 +0000 (15:09 +0200)]
bump version to 2.2.2-1

same story as last time

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agomanager cli: output more info when transforming prune jobs
Thomas Lamprecht [Wed, 1 Jun 2022 13:09:20 +0000 (15:09 +0200)]
manager cli: output more info when transforming prune jobs

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agobump version to 2.2.2-1
Thomas Lamprecht [Wed, 1 Jun 2022 12:34:01 +0000 (14:34 +0200)]
bump version to 2.2.2-1

re-bump for small fixes discovered before any upload

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agomanager cli: output more info when skipping prune tranforms
Thomas Lamprecht [Wed, 1 Jun 2022 12:31:53 +0000 (14:31 +0200)]
manager cli: output more info when skipping prune tranforms

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agoapi types: prune keep options: also check weekly in keeps_something
Thomas Lamprecht [Wed, 1 Jun 2022 12:30:24 +0000 (14:30 +0200)]
api types: prune keep options: also check weekly in keeps_something

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agobump version to 2.2.2-1
Thomas Lamprecht [Wed, 1 Jun 2022 11:04:34 +0000 (13:04 +0200)]
bump version to 2.2.2-1

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agoCargo.toml: add missing patch sections
Fabian Grünbichler [Wed, 1 Jun 2022 09:01:23 +0000 (11:01 +0200)]
Cargo.toml: add missing patch sections

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2 years agoui: add prune job worker task description and renderer
Thomas Lamprecht [Tue, 31 May 2022 11:11:23 +0000 (13:11 +0200)]
ui: add prune job worker task description and renderer

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agoui: prune & gc: relay activate/deactivate events to sub panels
Thomas Lamprecht [Tue, 31 May 2022 08:02:10 +0000 (10:02 +0200)]
ui: prune & gc: relay activate/deactivate events to sub panels

which allows us also to drop the initial manual load in the init,
which would also trigger if the tab isn't visible.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agoui: system config: improve bottom margins and scroll behavior
Thomas Lamprecht [Tue, 31 May 2022 05:03:29 +0000 (07:03 +0200)]
ui: system config: improve bottom margins and scroll behavior

setting scrollable on the parent tab panel makes not much sense and
will always add a scroll bar that can scroll a few pixels, even if
there's enough space.
Rather set it to true (= auto) in the actual panels that hold the
content.

Also set a bottom margin so that users can see the "end" of the panel
at the bottom, otherwise it looked like it had a start and sides, but
no bottom.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agoui: prune jobs: avoid duplicate params through nested input panels
Thomas Lamprecht [Mon, 30 May 2022 13:15:39 +0000 (15:15 +0200)]
ui: prune jobs: avoid duplicate params through nested input panels

input panel collect all form fields below them, so nesting two
input panels needs a bit of special care to avoid that each of the
panels adds the data of the deeper nested ones, resulting in
duplicate parameters that the backend then chokes one.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agoui: prune & gc: disallow collapse and add bottom margin
Thomas Lamprecht [Mon, 30 May 2022 13:02:05 +0000 (15:02 +0200)]
ui: prune & gc: disallow collapse and add bottom margin

the intra-panel margin is still the same (10 + 0 == 7 + 3) but one
can now see the bottom border.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agoapi: disable setting prune options in datastore.cfg
Wolfgang Bumiller [Mon, 30 May 2022 12:48:13 +0000 (14:48 +0200)]
api: disable setting prune options in datastore.cfg

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2 years agostop executing datastore prune job
Wolfgang Bumiller [Mon, 30 May 2022 12:41:34 +0000 (14:41 +0200)]
stop executing datastore prune job

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2 years agoapi: don't use PRUNE perms for prune jobs
Wolfgang Bumiller [Mon, 30 May 2022 12:33:05 +0000 (14:33 +0200)]
api: don't use PRUNE perms for prune jobs

just stick to MODIFY so we don't need to give the prune jobs
an owner for now

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2 years agodrop unused import
Wolfgang Bumiller [Mon, 30 May 2022 12:01:22 +0000 (14:01 +0200)]
drop unused import

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2 years agod/postinst: transform prune tasks from datastore cfg to new prune job
Thomas Lamprecht [Mon, 30 May 2022 11:36:59 +0000 (13:36 +0200)]
d/postinst: transform prune tasks from datastore cfg to new prune job

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agomanager: hidden command to move datastore prune opts into jobs
Wolfgang Bumiller [Tue, 24 May 2022 10:54:42 +0000 (12:54 +0200)]
manager: hidden command to move datastore prune opts into jobs

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2 years agoui: rework prune job view/edit
Thomas Lamprecht [Mon, 30 May 2022 09:11:56 +0000 (11:11 +0200)]
ui: rework prune job view/edit

Fix missing load on initial view, re-use the prune input panel for
editing and avoid using a tab panel for a single tab, rework also
some columns widths and various other small parts-

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agoui: re-integrate prune into prune & GC panel
Thomas Lamprecht [Mon, 30 May 2022 08:44:58 +0000 (10:44 +0200)]
ui: re-integrate prune into prune & GC panel

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agoui: add ui for prune jobs
Wolfgang Bumiller [Mon, 23 May 2022 09:00:55 +0000 (11:00 +0200)]
ui: add ui for prune jobs

similar to verification/sync jobs, the prune settings on the
datastore are deprecated

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2 years agotests: switch to PruneJobOptions
Wolfgang Bumiller [Tue, 24 May 2022 09:20:55 +0000 (11:20 +0200)]
tests: switch to PruneJobOptions

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2 years agoclient: switch to PruneJobsOptions
Wolfgang Bumiller [Tue, 24 May 2022 09:18:06 +0000 (11:18 +0200)]
client: switch to PruneJobsOptions

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2 years agoadd prune jobs api
Wolfgang Bumiller [Thu, 19 May 2022 09:02:01 +0000 (11:02 +0200)]
add prune jobs api

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2 years agoadd prune job config
Wolfgang Bumiller [Thu, 19 May 2022 07:42:53 +0000 (09:42 +0200)]
add prune job config

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2 years agoapi-types: add PruneJobConfig
Wolfgang Bumiller [Thu, 19 May 2022 07:43:09 +0000 (09:43 +0200)]
api-types: add PruneJobConfig

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2 years agoapi: add some missing sorted macro calls
Wolfgang Bumiller [Thu, 19 May 2022 07:57:20 +0000 (09:57 +0200)]
api: add some missing sorted macro calls

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2 years agod/postinst: fix upper version for applying sync.cfg remove-vanished default
Thomas Lamprecht [Mon, 30 May 2022 11:36:03 +0000 (13:36 +0200)]
d/postinst: fix upper version for applying sync.cfg remove-vanished default

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agoui: datastore content: better cope with restricted privs on parent namespaces
Thomas Lamprecht [Fri, 27 May 2022 14:09:48 +0000 (16:09 +0200)]
ui: datastore content: better cope with restricted privs on parent namespaces

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agoui: datastore content: only mask the treeview, not the top bar
Thomas Lamprecht [Fri, 27 May 2022 14:05:07 +0000 (16:05 +0200)]
ui: datastore content: only mask the treeview, not the top bar

so that an user can try to reload again easily for non-persistent
errors

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agoui: datastore content: avoid duplicate masking on load error
Thomas Lamprecht [Fri, 27 May 2022 14:02:42 +0000 (16:02 +0200)]
ui: datastore content: avoid duplicate masking on load error

we already handle that manually in the onLoad and want to further
extend that, so drop the more generic monStoreError

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agoapi: namespace list: fix restrictive priv checking
Thomas Lamprecht [Fri, 27 May 2022 09:13:43 +0000 (11:13 +0200)]
api: namespace list: fix restrictive priv checking

This endpoint only lists all accessible namespace, and one doesn't
necessarily needs to have permissions on the parent itself just to
have OK ACLs on deeper down NS.

So, drop the upfront check on parent but explicitly avoid leaking if
a NS exists or not, i.e., only do so if they got access on the parent
NS.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agoui: datastore options: avoid breakage if rrd store cannot be queried
Thomas Lamprecht [Fri, 27 May 2022 08:59:42 +0000 (10:59 +0200)]
ui: datastore options: avoid breakage if rrd store cannot be queried

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agoui: datastore options: avoid breakage if active-ops cannot be queried
Thomas Lamprecht [Fri, 27 May 2022 08:59:25 +0000 (10:59 +0200)]
ui: datastore options: avoid breakage if active-ops cannot be queried

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agoui: datastore summary: cope with optional gc-stats
Thomas Lamprecht [Fri, 27 May 2022 08:58:38 +0000 (10:58 +0200)]
ui: datastore summary: cope with optional gc-stats

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agoapi: status: include empty entry for stores with ns-only privs
Thomas Lamprecht [Thu, 26 May 2022 11:36:12 +0000 (13:36 +0200)]
api: status: include empty entry for stores with ns-only privs

I.e., for those that only got permissions on a sub namespace and
those that onlöy got BACKUP_READ, as both they could just list and
count themselves too after all, so not exactly secret info.

The UI needs some adaptions to cope with gc-stats and usage being
optional, will be done in a next commit.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agoapi: move can_access_any_namespace helper to hierarchy
Thomas Lamprecht [Thu, 26 May 2022 11:35:24 +0000 (13:35 +0200)]
api: move can_access_any_namespace helper to hierarchy

to prepare for reuse

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agodatastore status: impl empty-status constructor for item type
Thomas Lamprecht [Thu, 26 May 2022 11:33:58 +0000 (13:33 +0200)]
datastore status: impl empty-status constructor for item type

we can now use it for the error case and will further use it for the
can access namespace but not datastore case in a future patch

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agodocs: fix yet another typo
Thomas Lamprecht [Thu, 26 May 2022 11:26:56 +0000 (13:26 +0200)]
docs: fix yet another typo

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agodocs: fix some typos
Thomas Lamprecht [Thu, 26 May 2022 11:08:51 +0000 (13:08 +0200)]
docs: fix some typos

The s/Namesapce/Namespace/ one was reported in the forum [0] and so I
figured I do a quick scan for others too using codespell.

[0]: https://forum.proxmox.com/threads/109724/post-472744

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agopbs-config: clippy fixes
Thomas Lamprecht [Wed, 25 May 2022 16:26:52 +0000 (18:26 +0200)]
pbs-config: clippy fixes

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agodatastore: avoid unsafe transmute, use to_ne_bytes
Thomas Lamprecht [Wed, 25 May 2022 16:02:00 +0000 (18:02 +0200)]
datastore: avoid unsafe transmute, use to_ne_bytes

which is stable since rustc 1.32 but wasn't available in out
toolchain when this was originally written in commit 7bc1d7277

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agodatastore: clippy fixes
Thomas Lamprecht [Wed, 25 May 2022 16:01:23 +0000 (18:01 +0200)]
datastore: clippy fixes

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agotree-wide: remove DatastoreWithNamespace
Fabian Grünbichler [Wed, 25 May 2022 13:14:56 +0000 (15:14 +0200)]
tree-wide: remove DatastoreWithNamespace

instead move the acl_path helper to BackupNamespace, and introduce a new
helper for printing a store+ns when logging/generating error messages.

Suggested-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2 years agoapi: datastore: cleanup store/ns handling
Fabian Grünbichler [Wed, 25 May 2022 09:11:12 +0000 (11:11 +0200)]
api: datastore: cleanup store/ns handling

this should just avoid some clones, no semantic changes intended.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2 years agomove and unify namespace priv helpers
Fabian Grünbichler [Wed, 25 May 2022 08:07:54 +0000 (10:07 +0200)]
move and unify namespace priv helpers

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2 years agosync/pull: cleanup priv checks and logging
Fabian Grünbichler [Tue, 24 May 2022 11:51:27 +0000 (13:51 +0200)]
sync/pull: cleanup priv checks and logging

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2 years agoinclude privilege names in check_privs error
Fabian Grünbichler [Tue, 24 May 2022 10:13:29 +0000 (12:13 +0200)]
include privilege names in check_privs error

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2 years agoapi: tape: use check_privs instead of manual lookup
Fabian Grünbichler [Tue, 24 May 2022 09:46:20 +0000 (11:46 +0200)]
api: tape: use check_privs instead of manual lookup

these all contain the path in the error message already, so no (new)
potential for leakage..

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2 years agoapi: backup env: use check_privs
Fabian Grünbichler [Tue, 24 May 2022 09:12:16 +0000 (11:12 +0200)]
api: backup env: use check_privs

it includes the path, which might be helpful when users are switching to
using namespaces. datastore and namespace lookup happens after, so this
doesn't leak anything.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2 years agoapi: namespace: check privs directly
Fabian Grünbichler [Tue, 24 May 2022 09:02:51 +0000 (11:02 +0200)]
api: namespace: check privs directly

instead of doing a manual lookup and check - this changes the returned
error slightly since check_privs will include the checked ACL path, but
that is okay here, checks are before we even lookup the namespace/store,
so no chance to leak anything.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2 years agopriv checks: use priv_to_priv_names and include path
Fabian Grünbichler [Tue, 24 May 2022 09:00:27 +0000 (11:00 +0200)]
priv checks: use priv_to_priv_names and include path

where appropriate. these should never leak anything sensitive, as we
check privs before checking existence or existence is already known at
that point via other privileges.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2 years agoapi: add new priv to priv name helper
Fabian Grünbichler [Tue, 24 May 2022 08:31:54 +0000 (10:31 +0200)]
api: add new priv to priv name helper

for usage in permission check error messages, to allow easily indicating
which privs are missing.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2 years agopriv handling: use DatastoreWithNamespace
Fabian Grünbichler [Tue, 24 May 2022 08:46:37 +0000 (10:46 +0200)]
priv handling: use DatastoreWithNamespace

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2 years agoapi: tape: restore: improve permission checks
Fabian Grünbichler [Tue, 24 May 2022 09:47:07 +0000 (11:47 +0200)]
api: tape: restore: improve permission checks

no redundant store+namespace mapping, and synchronize namespace creation
check with that of manual creation and creation as part of sync.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2 years agoverify_job: fix priv check
Fabian Grünbichler [Tue, 24 May 2022 10:07:07 +0000 (12:07 +0200)]
verify_job: fix priv check

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2 years agoapi2: reader env: fix priv checks
Fabian Grünbichler [Tue, 24 May 2022 09:13:04 +0000 (11:13 +0200)]
api2: reader env: fix priv checks

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2 years agoacl: fix handling of sub-components containing '/'
Fabian Grünbichler [Tue, 24 May 2022 12:37:22 +0000 (14:37 +0200)]
acl: fix handling of sub-components containing '/'

previously with an ACL for the path "/foo/bar" without propagation and a
check for `&["foo", "bar/baz"] this code would return the ACL (roles)
for "/foo/bar" for the path "/foo/bar/baz".

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2 years agosync job: don't require privs on datastore
Fabian Grünbichler [Tue, 24 May 2022 12:58:47 +0000 (14:58 +0200)]
sync job: don't require privs on datastore

syncing to a namespace only requires privileges on the namespace (and
potentially its children during execution).

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2 years agoapi: list snapshots: fix log param order
Fabian Grünbichler [Wed, 25 May 2022 08:51:02 +0000 (10:51 +0200)]
api: list snapshots: fix log param order

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2 years agosync job: fix worker ID parsing
Fabian Grünbichler [Tue, 24 May 2022 09:03:57 +0000 (11:03 +0200)]
sync job: fix worker ID parsing

the namespace is optional, but should be captured to allow ACL checks
for unprivileged non-job-owners.

also add FIXME for other job types and workers that (might) need
updating.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2 years agodebug: recover: allow overriding output-path
Fabian Grünbichler [Mon, 23 May 2022 14:11:35 +0000 (16:11 +0200)]
debug: recover: allow overriding output-path

including to STDOUT.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Tested-by: Hannes Laimer <h.laimer@proxmox.com>
2 years agodebug: move outfile_or_stdout to module for reuse
Fabian Grünbichler [Mon, 23 May 2022 14:11:34 +0000 (16:11 +0200)]
debug: move outfile_or_stdout to module for reuse

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Tested-by: Hannes Laimer <h.laimer@proxmox.com>
2 years agodebug: recover: allow ignoring missing/corrupt chunks
Fabian Grünbichler [Mon, 23 May 2022 14:11:33 +0000 (16:11 +0200)]
debug: recover: allow ignoring missing/corrupt chunks

replacing them with chunks of zero bytes.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Tested-by: Hannes Laimer <h.laimer@proxmox.com>
2 years agotape/pool_writer: give proper types to 'contains_snapshot'
Dominik Csapak [Mon, 16 May 2022 11:36:09 +0000 (13:36 +0200)]
tape/pool_writer: give proper types to 'contains_snapshot'

instead of a string. The underlying catalog implementation has to
care about how this is formatted, not the external caller

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2 years agoproxmox-tape: use correct api call for 'load-media-from-slot'
Dominik Csapak [Mon, 23 May 2022 09:41:16 +0000 (11:41 +0200)]
proxmox-tape: use correct api call for 'load-media-from-slot'

it's a 'post' api call, not 'put'

reported here:
https://forum.proxmox.com/threads/lto8.109946/
and here:
https://forum.proxmox.com/threads/cant-clear-tape.86454/

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2 years agocargo fmt
Fabian Grünbichler [Mon, 23 May 2022 14:12:22 +0000 (16:12 +0200)]
cargo fmt

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2 years agofix typo
Fabian Grünbichler [Thu, 19 May 2022 14:32:02 +0000 (16:32 +0200)]
fix typo

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2 years agoui: datastore content: enable recursive/depth selector for prune all
Thomas Lamprecht [Thu, 19 May 2022 11:35:01 +0000 (13:35 +0200)]
ui: datastore content: enable recursive/depth selector for prune all

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agoui: prune input: support opt-in recursive/max-depth field
Thomas Lamprecht [Thu, 19 May 2022 11:34:07 +0000 (13:34 +0200)]
ui: prune input: support opt-in recursive/max-depth field

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agoprune datastore: add depth info to tak log
Thomas Lamprecht [Thu, 19 May 2022 11:32:45 +0000 (13:32 +0200)]
prune datastore: add depth info to tak log

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agoprune datastore: support max-depth and improve priv checks
Thomas Lamprecht [Thu, 19 May 2022 11:31:06 +0000 (13:31 +0200)]
prune datastore: support max-depth and improve priv checks

use the relatively new variant of ListAccessibleBackupGroups to also
allow pruning the groups that one doesn't own but has the respective
privileges on their namespace level.

This was previously handled by the API endpoint itself, which was ok
as long as only one level was looked at.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agoprune datastore: rework tak log
Thomas Lamprecht [Thu, 19 May 2022 11:23:24 +0000 (13:23 +0200)]
prune datastore: rework tak log

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agoverify filter: improve comment
Thomas Lamprecht [Thu, 19 May 2022 10:36:51 +0000 (12:36 +0200)]
verify filter: improve comment

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agoverify all: adhere to NS privs for non-owned groups
Thomas Lamprecht [Thu, 19 May 2022 10:36:06 +0000 (12:36 +0200)]
verify all: adhere to NS privs for non-owned groups

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agoaccessible group iter: rename "new" to "new_owned"
Thomas Lamprecht [Thu, 19 May 2022 10:34:04 +0000 (12:34 +0200)]
accessible group iter: rename "new" to "new_owned"

to clarify that it's only returning owned backups that way.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agoapi: datastore status: adhere to NS privs for non-owner
Thomas Lamprecht [Thu, 19 May 2022 10:32:27 +0000 (12:32 +0200)]
api: datastore status: adhere to NS privs for non-owner

Not only check all owned backup groups, but also all that an auth_id
has DATASTORE_AUDIT or DATASTORE_READ on the whole namespace.

best viewed with whitespace change ignore (-w)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agoaccessible group iter: add owner override and owner + extra priv handling
Thomas Lamprecht [Thu, 19 May 2022 10:27:55 +0000 (12:27 +0200)]
accessible group iter: add owner override and owner + extra priv handling

The "owner override" privs will skip the owner check completely if
the authid has a permission for any of the bitwise OR'd privs
requested on the namespace level.

The "owner and privs" are for the case where being the owner is not
enough, e.g., pruning, if set they need to match all, not just any,
on the namespace, otherwise we don't even look at the groups from the
current NS level.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agoaccessible group iter: allow NS descending with DATASTORE_READ
Thomas Lamprecht [Thu, 19 May 2022 10:26:48 +0000 (12:26 +0200)]
accessible group iter: allow NS descending with DATASTORE_READ

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agoui: datastore content: add icons to top bar prune/verify buttons
Thomas Lamprecht [Wed, 18 May 2022 16:37:20 +0000 (18:37 +0200)]
ui: datastore content: add icons to top bar prune/verify buttons

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agoui: acl view: make path column flex, but enforce minWidth
Thomas Lamprecht [Wed, 18 May 2022 16:22:16 +0000 (18:22 +0200)]
ui: acl view: make path column flex, but enforce minWidth

with namespaces the paths can get pretty complex, so make the path
column take some flex space too, but not too much to avoid making it
look odd for the short paths we have otherwise

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>