From 1909ece2295207303aff74962242682d9250de22 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com>
Date: Mon, 9 May 2022 18:03:32 +0200
Subject: [PATCH] api: datastore: lookup after checking privs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

else this could leak existence of datastore.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
 src/api2/admin/datastore.rs | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/api2/admin/datastore.rs b/src/api2/admin/datastore.rs
index bc75da56..0a9936d9 100644
--- a/src/api2/admin/datastore.rs
+++ b/src/api2/admin/datastore.rs
@@ -2152,8 +2152,6 @@ pub fn set_backup_owner(
     new_owner: Authid,
     rpcenv: &mut dyn RpcEnvironment,
 ) -> Result<(), Error> {
-    let datastore = DataStore::lookup_datastore(&store, Some(Operation::Write))?;
-
     let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
     let backup_ns = backup_ns.unwrap_or_default();
     let owner_check_required = check_ns_privs(
@@ -2163,6 +2161,9 @@ pub fn set_backup_owner(
         PRIV_DATASTORE_MODIFY,
         PRIV_DATASTORE_BACKUP,
     )?;
+
+    let datastore = DataStore::lookup_datastore(&store, Some(Operation::Write))?;
+
     let backup_group = datastore.backup_group(backup_ns, backup_group);
 
     if owner_check_required {