api: vzdump: soften parameter permission checks

Allows sufficiently privileged users to pass-in retention and
performance parameters for manual backup, but keeps tmpdir, dumpdir
and script root-only. Such users could already edit the job
accordingly, so essentially not granting anything new.

Suggested-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>

diff --git a/PVE/API2/Backup.pm b/PVE/API2/Backup.pm
index 3a079874e12c71987c4b08480fb56d8bc4d92640..6aef5bb78cebaba23b73e778842b92b5db663cc0 100644 (file)
--- a/PVE/API2/Backup.pm
+++ b/PVE/API2/Backup.pm
@@ -40,14 +40,19 @@ my $vzdump_job_id_prop = {
     maxLength => 50
 };
 
-my $assert_param_permission = sub {
-    my ($param, $user) = @_;
+# NOTE: also used by the vzdump API call.
+sub assert_param_permission_common {
+    my ($rpcenv, $user, $param) = @_;
     return if $user eq 'root@pam'; # always OK
 
     for my $key (qw(tmpdir dumpdir script)) {
        raise_param_exc({ $key => "Only root may set this option."}) if exists $param->{$key};
     }
-};
+
+    if (defined($param->{bwlimit}) || defined($param->{ionice}) || defined($param->{performance})) {
+       $rpcenv->check($user, "/", [ 'Sys.Modify' ]);
+    }
+}
 
 my $convert_to_schedule = sub {
     my ($job) = @_;
@@ -207,7 +212,7 @@ __PACKAGE__->register_method({
        my $rpcenv = PVE::RPCEnvironment::get();
        my $user = $rpcenv->get_user();
 
-       $assert_param_permission->($param, $user);
+       assert_param_permission_common($rpcenv, $user, $param);
 
        if (my $pool = $param->{pool}) {
            $rpcenv->check_pool_exist($pool);
@@ -419,7 +424,7 @@ __PACKAGE__->register_method({
        my $rpcenv = PVE::RPCEnvironment::get();
        my $user = $rpcenv->get_user();
 
-       $assert_param_permission->($param, $user);
+       assert_param_permission_common($rpcenv, $user, $param);
 
        if (my $pool = $param->{pool}) {
            $rpcenv->check_pool_exist($pool);

diff --git a/PVE/API2/VZDump.pm b/PVE/API2/VZDump.pm
index 30d47825a7d80abb53ff18d23ed2a4a5f3a53649..8e873c0525c31f44b9615782b0ecc526b1721739 100644 (file)
--- a/PVE/API2/VZDump.pm
+++ b/PVE/API2/VZDump.pm
@@ -14,12 +14,25 @@ use PVE::Tools qw(extract_param);
 use PVE::VZDump::Common;
 use PVE::VZDump;
 
+use PVE::API2::Backup;
 use PVE::API2Tools;
 
 use Data::Dumper; # fixme: remove
 
 use base qw(PVE::RESTHandler);
 
+my sub assert_param_permission_vzdump {
+    my ($rpcenv, $user, $param) = @_;
+    return if $user eq 'root@pam'; # always OK
+
+    PVE::API2::Backup::assert_param_permission_common($rpcenv, $user, $param);
+
+    if (!$param->{dumpdir} && (defined($param->{maxfiles}) || defined($param->{'prune-backups'}))) {
+       my $storeid = $param->{storage} || 'local';
+       $rpcenv->check($user, "/storage/$storeid", [ 'Datastore.Allocate' ]);
+    } # no else branch, because dumpdir is root-only
+}
+
 __PACKAGE__->register_method ({
     name => 'vzdump',
     path => '',
@@ -27,9 +40,10 @@ __PACKAGE__->register_method ({
     description => "Create backup.",
     permissions => {
        description => "The user needs 'VM.Backup' permissions on any VM, and "
-           ."'Datastore.AllocateSpace' on the backup storage. The 'maxfiles', 'prune-backups', "
-           ."'tmpdir', 'dumpdir', 'script', 'bwlimit', 'performance' and 'ionice' parameters are "
-           ."restricted to the 'root\@pam' user.",
+           ."'Datastore.AllocateSpace' on the backup storage. The 'tmpdir', 'dumpdir' and "
+           ."'script' parameters are restricted to the 'root\@pam' user. The 'maxfiles' and "
+           ."'prune-backups' settings require 'Datastore.Allocate' on the backup storage. The "
+           ."'bwlimit', 'performance' and 'ionice' parameters require 'Sys.Modify' on '/'.",
        user => 'all',
     },
     protected => 1,
@@ -62,10 +76,7 @@ __PACKAGE__->register_method ({
                if $param->{stdout};
        }
 
-       for my $key (qw(maxfiles prune-backups tmpdir dumpdir script bwlimit performance ionice)) {
-           raise_param_exc({ $key => "Only root may set this option."})
-               if defined($param->{$key}) && ($user ne 'root@pam');
-       }
+       assert_param_permission_vzdump($rpcenv, $user, $param);
 
        PVE::VZDump::verify_vzdump_parameters($param, 1);