From 77266e2961a09a337a395faec191773403cc87d7 Mon Sep 17 00:00:00 2001 From: Fiona Ebner Date: Wed, 13 Mar 2024 14:26:01 +0100 Subject: [PATCH] api: backup/vzdump: add permission check for fleecing storage MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Similar to how Datastore.AllocateSpace is required for the backup storage, it should also be required for the fleecing storage. Removing a fleecing storage from a job does not require more permissions than for modifying the job. Suggested-by: Fabian Grünbichler Signed-off-by: Fiona Ebner --- PVE/API2/Backup.pm | 10 ++++++++-- PVE/API2/VZDump.pm | 9 +++++---- PVE/VZDump.pm | 2 +- 3 files changed, 14 insertions(+), 7 deletions(-) diff --git a/PVE/API2/Backup.pm b/PVE/API2/Backup.pm index 70753c2e..88140323 100644 --- a/PVE/API2/Backup.pm +++ b/PVE/API2/Backup.pm @@ -42,7 +42,7 @@ my $vzdump_job_id_prop = { # NOTE: also used by the vzdump API call. sub assert_param_permission_common { - my ($rpcenv, $user, $param) = @_; + my ($rpcenv, $user, $param, $is_delete) = @_; return if $user eq 'root@pam'; # always OK for my $key (qw(tmpdir dumpdir script)) { @@ -52,6 +52,12 @@ sub assert_param_permission_common { if (grep { defined($param->{$_}) } qw(bwlimit ionice performance)) { $rpcenv->check($user, "/", [ 'Sys.Modify' ]); } + + if ($param->{fleecing} && !$is_delete) { + my $fleecing = PVE::VZDump::parse_fleecing($param) // {}; + $rpcenv->check($user, "/storage/$fleecing->{storage}", [ 'Datastore.AllocateSpace' ]) + if $fleecing->{storage}; + } } my sub assert_param_permission_create { @@ -70,7 +76,7 @@ my sub assert_param_permission_update { return if $user eq 'root@pam'; # always OK assert_param_permission_common($rpcenv, $user, $update); - assert_param_permission_common($rpcenv, $user, $delete); + assert_param_permission_common($rpcenv, $user, $delete, 1); if ($update->{storage}) { $rpcenv->check($user, "/storage/$update->{storage}", [ 'Datastore.Allocate' ]) diff --git a/PVE/API2/VZDump.pm b/PVE/API2/VZDump.pm index f66fc740..7f92e7ec 100644 --- a/PVE/API2/VZDump.pm +++ b/PVE/API2/VZDump.pm @@ -41,10 +41,11 @@ __PACKAGE__->register_method ({ description => "Create backup.", permissions => { description => "The user needs 'VM.Backup' permissions on any VM, and " - ."'Datastore.AllocateSpace' on the backup storage. The 'tmpdir', 'dumpdir' and " - ."'script' parameters are restricted to the 'root\@pam' user. The 'maxfiles' and " - ."'prune-backups' settings require 'Datastore.Allocate' on the backup storage. The " - ."'bwlimit', 'performance' and 'ionice' parameters require 'Sys.Modify' on '/'. ", + ."'Datastore.AllocateSpace' on the backup storage (and fleecing storage when fleecing " + ."is used). The 'tmpdir', 'dumpdir' and 'script' parameters are restricted to the " + ."'root\@pam' user. The 'maxfiles' and 'prune-backups' settings require " + ."'Datastore.Allocate' on the backup storage. The 'bwlimit', 'performance' and " + ."'ionice' parameters require 'Sys.Modify' on '/'.", user => 'all', }, protected => 1, diff --git a/PVE/VZDump.pm b/PVE/VZDump.pm index 2b2da3c3..8b6acda6 100644 --- a/PVE/VZDump.pm +++ b/PVE/VZDump.pm @@ -130,7 +130,7 @@ my $generate_notes = sub { return $notes_template; }; -my sub parse_fleecing { +sub parse_fleecing { my ($param) = @_; if (defined(my $fleecing = $param->{fleecing})) { -- 2.39.5