use proxmox::api::{
api, ApiResponseFuture, ApiHandler, ApiMethod, Router,
- RpcEnvironment, RpcEnvironmentType, Permission};
+ RpcEnvironment, RpcEnvironmentType, Permission, UserInformation};
use proxmox::api::router::SubdirMap;
use proxmox::api::schema::*;
use proxmox::tools::fs::{file_get_contents, replace_file, CreateOptions};
use crate::api2::types::*;
use crate::backup::*;
use crate::config::datastore;
+use crate::config::cached_user_info::CachedUserInfo;
+
use crate::server::WorkerTask;
use crate::tools;
use crate::config::acl::{
PRIV_DATASTORE_AUDIT,
+ PRIV_DATASTORE_MODIFY,
PRIV_DATASTORE_READ,
PRIV_DATASTORE_PRUNE,
- PRIV_DATASTORE_CREATE_BACKUP,
+ PRIV_DATASTORE_BACKUP,
};
+fn check_backup_owner(store: &DataStore, group: &BackupGroup, userid: &str) -> Result<(), Error> {
+ let owner = store.get_owner(group)?;
+ if &owner != userid {
+ bail!("backup owner check failed ({} != {})", userid, owner);
+ }
+ Ok(())
+}
+
fn read_backup_index(store: &DataStore, backup_dir: &BackupDir) -> Result<Vec<BackupContent>, Error> {
let mut path = store.base_path();
}
},
access: {
- permission: &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT, false),
+ permission: &Permission::Privilege(
+ &["datastore", "{store}"],
+ PRIV_DATASTORE_AUDIT | PRIV_DATASTORE_BACKUP,
+ true),
},
)]
/// List backup groups.
fn list_groups(
store: String,
+ rpcenv: &mut dyn RpcEnvironment,
) -> Result<Vec<GroupListItem>, Error> {
+ let username = rpcenv.get_user().unwrap();
+ let user_info = CachedUserInfo::new()?;
+ let user_privs = user_info.lookup_privs(&username, &["datastore", &store]);
+
let datastore = DataStore::lookup_datastore(&store)?;
let backup_list = BackupInfo::list_backups(&datastore.base_path())?;
BackupInfo::sort_list(&mut list, false);
let info = &list[0];
+
let group = info.backup_dir.group();
+ let list_all = (user_privs & PRIV_DATASTORE_AUDIT) != 0;
+ if !list_all {
+ let owner = datastore.get_owner(group)?;
+ if owner != username { continue; }
+ }
+
let result_item = GroupListItem {
backup_type: group.backup_type().to_string(),
backup_id: group.backup_id().to_string(),
}
},
access: {
- permission: &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT, false),
+ permission: &Permission::Privilege(
+ &["datastore", "{store}"],
+ PRIV_DATASTORE_AUDIT | PRIV_DATASTORE_READ | PRIV_DATASTORE_BACKUP,
+ true),
},
)]
/// List snapshot files.
backup_id: String,
backup_time: i64,
_info: &ApiMethod,
- _rpcenv: &mut dyn RpcEnvironment,
+ rpcenv: &mut dyn RpcEnvironment,
) -> Result<Vec<BackupContent>, Error> {
+ let username = rpcenv.get_user().unwrap();
+ let user_info = CachedUserInfo::new()?;
+ let user_privs = user_info.lookup_privs(&username, &["datastore", &store]);
+
let datastore = DataStore::lookup_datastore(&store)?;
+
let snapshot = BackupDir::new(backup_type, backup_id, backup_time);
+ let allowed = (user_privs & (PRIV_DATASTORE_AUDIT | PRIV_DATASTORE_READ)) != 0;
+ if !allowed { check_backup_owner(&datastore, snapshot.group(), &username)?; }
+
let mut files = read_backup_index(&datastore, &snapshot)?;
let info = BackupInfo::new(&datastore.base_path(), snapshot)?;
},
},
access: {
- permission: &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_PRUNE, false),
+ permission: &Permission::Privilege(
+ &["datastore", "{store}"],
+ PRIV_DATASTORE_MODIFY| PRIV_DATASTORE_PRUNE,
+ true),
},
)]
/// Delete backup snapshot.
backup_id: String,
backup_time: i64,
_info: &ApiMethod,
- _rpcenv: &mut dyn RpcEnvironment,
+ rpcenv: &mut dyn RpcEnvironment,
) -> Result<Value, Error> {
+ let username = rpcenv.get_user().unwrap();
+ let user_info = CachedUserInfo::new()?;
+ let user_privs = user_info.lookup_privs(&username, &["datastore", &store]);
+
let snapshot = BackupDir::new(backup_type, backup_id, backup_time);
let datastore = DataStore::lookup_datastore(&store)?;
+ let allowed = (user_privs & PRIV_DATASTORE_MODIFY) != 0;
+ if !allowed { check_backup_owner(&datastore, snapshot.group(), &username)?; }
+
datastore.remove_backup_dir(&snapshot)?;
Ok(Value::Null)
}
},
access: {
- permission: &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT, false),
+ permission: &Permission::Privilege(
+ &["datastore", "{store}"],
+ PRIV_DATASTORE_AUDIT | PRIV_DATASTORE_BACKUP,
+ true),
},
)]
/// List backup snapshots.
pub fn list_snapshots (
- param: Value,
+ store: String,
+ backup_type: Option<String>,
+ backup_id: Option<String>,
+ _param: Value,
_info: &ApiMethod,
- _rpcenv: &mut dyn RpcEnvironment,
+ rpcenv: &mut dyn RpcEnvironment,
) -> Result<Vec<SnapshotListItem>, Error> {
- let store = tools::required_string_param(¶m, "store")?;
- let backup_type = param["backup-type"].as_str();
- let backup_id = param["backup-id"].as_str();
+ let username = rpcenv.get_user().unwrap();
+ let user_info = CachedUserInfo::new()?;
+ let user_privs = user_info.lookup_privs(&username, &["datastore", &store]);
- let datastore = DataStore::lookup_datastore(store)?;
+ let datastore = DataStore::lookup_datastore(&store)?;
let base_path = datastore.base_path();
for info in backup_list {
let group = info.backup_dir.group();
- if let Some(backup_type) = backup_type {
+ if let Some(ref backup_type) = backup_type {
if backup_type != group.backup_type() { continue; }
}
- if let Some(backup_id) = backup_id {
+ if let Some(ref backup_id) = backup_id {
if backup_id != group.backup_id() { continue; }
}
+ let list_all = (user_privs & PRIV_DATASTORE_AUDIT) != 0;
+ if !list_all {
+ let owner = datastore.get_owner(group)?;
+ if owner != username { continue; }
+ }
+
let mut result_item = SnapshotListItem {
backup_type: group.backup_type().to_string(),
backup_id: group.backup_id().to_string(),
type: StorageStatus,
},
access: {
- permission: &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT, false),
+ permission: &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT | PRIV_DATASTORE_BACKUP, true),
},
)]
/// Get datastore status.
("store", false, &DATASTORE_SCHEMA),
])
)
-).access(None, &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_PRUNE, false));
+).access(None, &Permission::Privilege(
+ &["datastore", "{store}"],
+ PRIV_DATASTORE_MODIFY | PRIV_DATASTORE_PRUNE,
+ true)
+);
fn prune(
param: Value,
_info: &ApiMethod,
- _rpcenv: &mut dyn RpcEnvironment,
+ rpcenv: &mut dyn RpcEnvironment,
) -> Result<Value, Error> {
- let store = param["store"].as_str().unwrap();
-
+ let store = tools::required_string_param(¶m, "store")?;
let backup_type = tools::required_string_param(¶m, "backup-type")?;
let backup_id = tools::required_string_param(¶m, "backup-id")?;
+ let username = rpcenv.get_user().unwrap();
+ let user_info = CachedUserInfo::new()?;
+ let user_privs = user_info.lookup_privs(&username, &["datastore", &store]);
+
let dry_run = param["dry-run"].as_bool().unwrap_or(false);
let group = BackupGroup::new(backup_type, backup_id);
- let datastore = DataStore::lookup_datastore(store)?;
+ let datastore = DataStore::lookup_datastore(&store)?;
+
+ let allowed = (user_privs & PRIV_DATASTORE_MODIFY) != 0;
+ if !allowed { check_backup_owner(&datastore, &group, &username)?; }
let prune_options = PruneOptions {
keep_last: param["keep-last"].as_u64(),
schema: UPID_SCHEMA,
},
access: {
- permission: &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_PRUNE, false),
+ permission: &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_MODIFY, false),
},
)]
/// Start garbage collection.
#[api(
access: {
- permission: &Permission::Privilege(&["datastore"], PRIV_DATASTORE_AUDIT, false),
+ permission: &Permission::Anybody,
},
)]
/// Datastore list
fn get_datastore_list(
_param: Value,
_info: &ApiMethod,
- _rpcenv: &mut dyn RpcEnvironment,
+ rpcenv: &mut dyn RpcEnvironment,
) -> Result<Value, Error> {
let (config, _digest) = datastore::config()?;
- Ok(config.convert_to_array("store", None, &[]))
+ let username = rpcenv.get_user().unwrap();
+ let user_info = CachedUserInfo::new()?;
+
+ let mut skip: Vec<&str> = Vec::new();
+
+ for (store, _) in &config.sections {
+ let user_privs = user_info.lookup_privs(&username, &["datastore", &store]);
+ let allowed = (user_privs & (PRIV_DATASTORE_AUDIT| PRIV_DATASTORE_BACKUP)) != 0;
+ if !allowed { skip.push(store); }
+ }
+
+ Ok(config.convert_to_array("store", None, &skip))
}
#[sortable]
("file-name", false, &BACKUP_ARCHIVE_NAME_SCHEMA),
]),
)
-).access(None, &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_READ, false));
+).access(None, &Permission::Privilege(
+ &["datastore", "{store}"],
+ PRIV_DATASTORE_READ | PRIV_DATASTORE_BACKUP,
+ true)
+);
fn download_file(
_parts: Parts,
_req_body: Body,
param: Value,
_info: &ApiMethod,
- _rpcenv: Box<dyn RpcEnvironment>,
+ rpcenv: Box<dyn RpcEnvironment>,
) -> ApiResponseFuture {
async move {
let store = tools::required_string_param(¶m, "store")?;
-
let datastore = DataStore::lookup_datastore(store)?;
+ let username = rpcenv.get_user().unwrap();
+ let user_info = CachedUserInfo::new()?;
+ let user_privs = user_info.lookup_privs(&username, &["datastore", &store]);
+
let file_name = tools::required_string_param(¶m, "file-name")?.to_owned();
let backup_type = tools::required_string_param(¶m, "backup-type")?;
let backup_id = tools::required_string_param(¶m, "backup-id")?;
let backup_time = tools::required_integer_param(¶m, "backup-time")?;
+ let backup_dir = BackupDir::new(backup_type, backup_id, backup_time);
+
+ let allowed = (user_privs & PRIV_DATASTORE_READ) != 0;
+ if !allowed { check_backup_owner(&datastore, backup_dir.group(), &username)?; }
+
println!("Download {} from {} ({}/{}/{}/{})", file_name, store,
backup_type, backup_id, Local.timestamp(backup_time, 0), file_name);
- let backup_dir = BackupDir::new(backup_type, backup_id, backup_time);
-
let mut path = datastore.base_path();
path.push(backup_dir.relative_path());
path.push(&file_name);
pub const API_METHOD_UPLOAD_BACKUP_LOG: ApiMethod = ApiMethod::new(
&ApiHandler::AsyncHttp(&upload_backup_log),
&ObjectSchema::new(
- "Download single raw file from backup snapshot.",
+ "Upload the client backup log file into a backup snapshot ('client.log.blob').",
&sorted!([
("store", false, &DATASTORE_SCHEMA),
("backup-type", false, &BACKUP_TYPE_SCHEMA),
("backup-time", false, &BACKUP_TIME_SCHEMA),
]),
)
-).access(None, &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_CREATE_BACKUP, false));
+).access(
+ Some("Only the backup creator/owner is allowed to do this."),
+ &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_BACKUP, false)
+);
fn upload_backup_log(
_parts: Parts,
req_body: Body,
param: Value,
_info: &ApiMethod,
- _rpcenv: Box<dyn RpcEnvironment>,
+ rpcenv: Box<dyn RpcEnvironment>,
) -> ApiResponseFuture {
async move {
let store = tools::required_string_param(¶m, "store")?;
-
let datastore = DataStore::lookup_datastore(store)?;
let file_name = "client.log.blob";
let backup_dir = BackupDir::new(backup_type, backup_id, backup_time);
+ let username = rpcenv.get_user().unwrap();
+ check_backup_owner(&datastore, backup_dir.group(), &username)?;
+
let mut path = datastore.base_path();
path.push(backup_dir.relative_path());
path.push(&file_name);
use crate::client::*;
use crate::config::remote;
use crate::api2::types::*;
-use crate::config::acl::{PRIV_DATASTORE_CREATE_BACKUP, PRIV_DATASTORE_READ};
+use crate::config::acl::{PRIV_DATASTORE_BACKUP, PRIV_DATASTORE_READ};
use crate::config::cached_user_info::CachedUserInfo;
// fixme: implement filters
src_repo: &BackupRepository,
tgt_store: Arc<DataStore>,
delete: bool,
+ username: String,
) -> Result<(), Error> {
let path = format!("api2/json/admin/datastore/{}/groups", src_repo.store());
let mut errors = false;
let mut new_groups = std::collections::HashSet::new();
+ for item in list.iter() {
+ new_groups.insert(BackupGroup::new(&item.backup_type, &item.backup_id));
+ }
for item in list {
let group = BackupGroup::new(&item.backup_type, &item.backup_id);
+
+ let owner = tgt_store.create_backup_group(&group, &username)?;
+ // permission check
+ if owner != username { // only the owner is allowed to create additional snapshots
+ worker.log(format!("sync group {}/{} failed - owner check failed ({} != {})",
+ item.backup_type, item.backup_id, username, owner));
+ errors = true;
+ continue; // do not stop here, instead continue
+ }
+
if let Err(err) = pull_group(worker, client, src_repo, tgt_store.clone(), &group, delete).await {
worker.log(format!("sync group {}/{} failed - {}", item.backup_type, item.backup_id, err));
errors = true;
- // do not stop here, instead continue
+ continue; // do not stop here, instead continue
}
- new_groups.insert(group);
}
if delete {
},
access: {
// Note: used parameters are no uri parameters, so we need to test inside function body
- description: "The user needs Datastore.CreateBackup privilege on '/datastore/{store}' and Datastore.Read on '/remote/{remote}/{remote-store}'.",
+ description: r###"The user needs Datastore.Backup privilege on '/datastore/{store}',
+and needs to own the backup group. Datastore.Read is required on '/remote/{remote}/{remote-store}'.
+"###,
permission: &Permission::Anybody,
},
)]
let user_info = CachedUserInfo::new()?;
let username = rpcenv.get_user().unwrap();
- user_info.check_privs(&username, &["datastore", &store], PRIV_DATASTORE_CREATE_BACKUP, false)?;
+ user_info.check_privs(&username, &["datastore", &store], PRIV_DATASTORE_BACKUP, false)?;
user_info.check_privs(&username, &["remote", &remote, &remote_store], PRIV_DATASTORE_READ, false)?;
let delete = delete.unwrap_or(true);
// explicit create shared lock to prevent GC on newly created chunks
let _shared_store_lock = tgt_store.try_shared_chunk_store_lock()?;
- pull_store(&worker, &client, &src_repo, tgt_store.clone(), delete).await?;
+ pull_store(&worker, &client, &src_repo, tgt_store.clone(), delete, username).await?;
worker.log(format!("sync datastore '{}' end", store));
use std::collections::{HashSet, HashMap};
-use std::io;
+use std::io::{self, Write};
use std::path::{Path, PathBuf};
use std::sync::{Arc, Mutex};
}
}
- pub fn create_backup_dir(&self, backup_dir: &BackupDir) -> Result<(PathBuf, bool), io::Error> {
+ /// Returns the backup owner.
+ ///
+ /// The backup owner is the user who first created the backup group.
+ pub fn get_owner(&self, backup_group: &BackupGroup) -> Result<String, Error> {
+ let mut full_path = self.base_path();
+ full_path.push(backup_group.group_path());
+ full_path.push("owner");
+ let owner = proxmox::tools::fs::file_read_firstline(full_path)?;
+ Ok(owner.trim_end().to_string()) // remove trailing newline
+ }
+
+ /// Set the backup owner.
+ pub fn set_owner(&self, backup_group: &BackupGroup, userid: &str, force: bool) -> Result<(), Error> {
+ let mut path = self.base_path();
+ path.push(backup_group.group_path());
+ path.push("owner");
+
+ let mut open_options = std::fs::OpenOptions::new();
+ open_options.write(true);
+ open_options.truncate(true);
+
+ if force {
+ open_options.create(true);
+ } else {
+ open_options.create_new(true);
+ }
+
+ let mut file = open_options.open(&path)
+ .map_err(|err| format_err!("unable to create owner file {:?} - {}", path, err))?;
+
+ write!(file, "{}\n", userid)
+ .map_err(|err| format_err!("unable to write owner file {:?} - {}", path, err))?;
+
+ Ok(())
+ }
+
+ /// Create a backup group if it does not already exists.
+ ///
+ /// And set the owner to 'userid'. If the group already exists, it returns the
+ /// current owner (instead of setting the owner).
+ pub fn create_backup_group(&self, backup_group: &BackupGroup, userid: &str) -> Result<String, Error> {
// create intermediate path first:
- let mut full_path = self.base_path();
- full_path.push(backup_dir.group().group_path());
+ let base_path = self.base_path();
+
+ let mut full_path = base_path.clone();
+ full_path.push(backup_group.backup_type());
std::fs::create_dir_all(&full_path)?;
+ full_path.push(backup_group.backup_id());
+
+ // create the last component now
+ match std::fs::create_dir(&full_path) {
+ Ok(_) => {
+ self.set_owner(backup_group, userid, false)?;
+ let owner = self.get_owner(backup_group)?; // just to be sure
+ Ok(owner)
+ }
+ Err(ref err) if err.kind() == io::ErrorKind::AlreadyExists => {
+ let owner = self.get_owner(backup_group)?; // just to be sure
+ Ok(owner)
+ }
+ Err(err) => bail!("unable to create backup group {:?} - {}", full_path, err),
+ }
+ }
+
+ /// Creates a new backup snapshot inside a BackupGroup
+ ///
+ /// The BackupGroup directory needs to exist.
+ pub fn create_backup_dir(&self, backup_dir: &BackupDir) -> Result<(PathBuf, bool), io::Error> {
let relative_path = backup_dir.relative_path();
let mut full_path = self.base_path();
full_path.push(&relative_path);
- // create the last component now
match std::fs::create_dir(&full_path) {
Ok(_) => Ok((relative_path, true)),
Err(ref e) if e.kind() == io::ErrorKind::AlreadyExists => Ok((relative_path, false)),