From: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Date: Thu, 25 Jul 2019 12:40:42 +0000 (+0200)
Subject: restore: correctly handle fw config from archive
X-Git-Url: https://git.proxmox.com/?p=pve-container.git;a=commitdiff_plain;h=2bf0815308252bd98b526c998f859b591b634b3c

restore: correctly handle fw config from archive

and skip restoring it if the user only has VM.Backup permissions, the
contained config file is a symlink, or if it is empty.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
(cherry picked from commit 391706445abd30f8f33d80baf58977016632bd19)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---

diff --git a/src/PVE/API2/LXC.pm b/src/PVE/API2/LXC.pm
index cf14d75..26c4f88 100644
--- a/src/PVE/API2/LXC.pm
+++ b/src/PVE/API2/LXC.pm
@@ -206,6 +206,9 @@ __PACKAGE__->register_method({
 	my $restore = extract_param($param, 'restore');
 	my $unique = extract_param($param, 'unique');
 
+	# used to skip firewall config restore if user lacks permission
+	my $skip_fw_config_restore = 0;
+
 	if ($restore) {
 	    # fixme: limit allowed parameters
 	}
@@ -237,6 +240,10 @@ __PACKAGE__->register_method({
 	} elsif ($restore && $force && $same_container_exists &&
 		 $rpcenv->check($authuser, "/vms/$vmid", ['VM.Backup'], 1)) {
 	    # OK: user has VM.Backup permissions, and want to restore an existing VM
+
+	    # we don't want to restore a container-provided FW conf in this case
+	    # since the user is lacking permission to configure the container's FW
+	    $skip_fw_config_restore = 1;
 	} else {
 	    raise_perm_exc();
 	}
@@ -407,7 +414,7 @@ __PACKAGE__->register_method({
 		    PVE::LXC::Create::restore_archive($archive, $rootdir, $conf, $ignore_unpack_errors, $bwlimit);
 
 		    if ($restore) {
-			PVE::LXC::Create::restore_configuration($vmid, $rootdir, $conf, !$is_root, $unique);
+			PVE::LXC::Create::restore_configuration($vmid, $rootdir, $conf, !$is_root, $unique, $skip_fw_config_restore);
 		    } else {
 			my $lxc_setup = PVE::LXC::Setup->new($conf, $rootdir); # detect OS
 			PVE::LXC::Config->write_config($vmid, $conf); # safe config (after OS detection)
diff --git a/src/PVE/LXC/Create.pm b/src/PVE/LXC/Create.pm
index 029c940..8a4c80a 100644
--- a/src/PVE/LXC/Create.pm
+++ b/src/PVE/LXC/Create.pm
@@ -157,7 +157,7 @@ sub recover_config {
 }
 
 sub restore_configuration {
-    my ($vmid, $rootdir, $conf, $restricted, $unique) = @_;
+    my ($vmid, $rootdir, $conf, $restricted, $unique, $skip_fw) = @_;
 
     # restore: try to extract configuration from archive
 
@@ -196,10 +196,21 @@ sub restore_configuration {
 	}
 	unlink($pct_cfg_fn);
 
-	if (-f $pct_fwcfg_fn) {
+	# note: this file is possibly from the container itself in backups
+	# created prior to pve-container 2.0-40 (PVE 5.x) / 3.0-5 (PVE 6.x)
+	# only copy non-empty, non-symlink files, and only if the user is
+	# allowed to modify the firewall config anyways
+	if (-f $pct_fwcfg_fn && ! -l $pct_fwcfg_fn && -s $pct_fwcfg_fn) {
 	    my $pve_firewall_dir = '/etc/pve/firewall';
-	    mkdir $pve_firewall_dir; # make sure the directory exists
-	    PVE::Tools::file_copy($pct_fwcfg_fn, "${pve_firewall_dir}/$vmid.fw");
+	    my $pct_fwcfg_target = "${pve_firewall_dir}/${vmid}.fw";
+	    if ($skip_fw) {
+		warn "ignoring firewall config from backup archive's '$pct_fwcfg_fn', lacking API permission to modify firewall.\n";
+		warn "old firewall configuration in '$pct_fwcfg_target' left in place!\n"
+		    if -e $pct_fwcfg_target;
+	    } else {
+		mkdir $pve_firewall_dir; # make sure the directory exists
+		PVE::Tools::file_copy($pct_fwcfg_fn, $pct_fwcfg_target);
+	    }
 	    unlink $pct_fwcfg_fn;
 	}