restore: extend permissions checks

to allow early checking of the merged config, if the backup archive
passed in is a proper volume where extraction is possible.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>

diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
index b7832d8821a8eeabaa662d53d78af75693a71a98..593071331b82880fbb1bace2c2c37dae6c395ad9 100644 (file)
--- a/PVE/API2/Qemu.pm
+++ b/PVE/API2/Qemu.pm
@@ -958,6 +958,19 @@ __PACKAGE__->register_method({
                    live => $live_restore,
                    override_conf => $param,
                };
+               if (my $volid = $archive->{volid}) {
+                   # best effort, real check is after restoring!
+                   my $merged = eval {
+                       my $old_conf = PVE::Storage::extract_vzdump_config($storecfg, $volid);
+                       PVE::QemuServer::restore_merge_config("backup/qemu-server/$vmid.conf", $old_conf, $param);
+                   };
+                   if ($@) {
+                       warn "Could not extract backed up config: $@\n";
+                       warn "Skipping early checks!\n";
+                   } else {
+                       PVE::QemuServer::check_restore_permissions($rpcenv, $authuser, $merged);
+                   }
+               }
                if ($archive->{type} eq 'file' || $archive->{type} eq 'pipe') {
                    die "live-restore is only compatible with backup images from a Proxmox Backup Server\n"
                        if $live_restore;

diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm
index 940cdacd1e3e737defeb9b377ba25db69b165afa..0fa43a74c71d737b8a0e1ff84fb134212e584eb0 100644 (file)
--- a/PVE/QemuServer.pm
+++ b/PVE/QemuServer.pm
@@ -6542,10 +6542,9 @@ sub check_mapping_access {
    }
 };
 
-# FIXME: improve checks on restore by checking before actually extracing and
-# merging the new config
 sub check_restore_permissions {
     my ($rpcenv, $user, $conf) = @_;
+
     check_bridge_access($rpcenv, $user, $conf);
     check_mapping_access($rpcenv, $user, $conf);
 }
@@ -6865,7 +6864,7 @@ my $restore_destroy_volumes = sub {
     }
 };
 
-my $restore_merge_config = sub {
+sub restore_merge_config {
     my ($filename, $backup_conf_raw, $override_conf) = @_;
 
     my $backup_conf = parse_vm_config($filename, $backup_conf_raw);
@@ -6874,7 +6873,7 @@ my $restore_merge_config = sub {
     }
 
     return $backup_conf;
-};
+}
 
 sub scan_volids {
     my ($cfg, $vmid) = @_;
@@ -7192,7 +7191,7 @@ sub restore_proxmox_backup_archive {
        $new_conf_raw .= "\nlock: create";
     }
 
-    my $new_conf = $restore_merge_config->($conffile, $new_conf_raw, $options->{override_conf});
+    my $new_conf = restore_merge_config($conffile, $new_conf_raw, $options->{override_conf});
     check_restore_permissions($rpcenv, $user, $new_conf);
     PVE::QemuConfig->write_config($vmid, $new_conf);
 
@@ -7506,7 +7505,7 @@ sub restore_vma_archive {
        die $err;
     }
 
-    my $new_conf = $restore_merge_config->($conffile, $new_conf_raw, $opts->{override_conf});
+    my $new_conf = restore_merge_config($conffile, $new_conf_raw, $opts->{override_conf});
     check_restore_permissions($rpcenv, $user, $new_conf);
     PVE::QemuConfig->write_config($vmid, $new_conf);