fix #3060:: improve get_owner error handling
log invalid owners to system log, and continue with next group just as if permission checks fail for the following operations: - verify store with limited permissions - list store groups - list store snapshots all other call sites either handle it correctly already (sync/pull), or operate on a single group/snapshot and can bubble up the error. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
This commit is contained in:
parent
c5608cf86c
commit
414c23facb
@ -187,7 +187,13 @@ fn list_groups(
|
||||
let group = info.backup_dir.group();
|
||||
|
||||
let list_all = (user_privs & PRIV_DATASTORE_AUDIT) != 0;
|
||||
let owner = datastore.get_owner(group)?;
|
||||
let owner = match datastore.get_owner(group) {
|
||||
Ok(auth_id) => auth_id,
|
||||
Err(err) => {
|
||||
println!("Failed to get owner of group '{}' - {}", group, err);
|
||||
continue;
|
||||
},
|
||||
};
|
||||
if !list_all && check_backup_owner(&owner, &auth_id).is_err() {
|
||||
continue;
|
||||
}
|
||||
@ -369,7 +375,13 @@ pub fn list_snapshots (
|
||||
}
|
||||
|
||||
let list_all = (user_privs & PRIV_DATASTORE_AUDIT) != 0;
|
||||
let owner = datastore.get_owner(group)?;
|
||||
let owner = match datastore.get_owner(group) {
|
||||
Ok(auth_id) => auth_id,
|
||||
Err(err) => {
|
||||
println!("Failed to get owner of group '{}' - {}", group, err);
|
||||
continue;
|
||||
},
|
||||
};
|
||||
|
||||
if !list_all && check_backup_owner(&owner, &auth_id).is_err() {
|
||||
continue;
|
||||
|
@ -516,7 +516,12 @@ pub fn verify_all_backups(
|
||||
&& !owner.is_token()
|
||||
&& group_owner.user() == owner.user())
|
||||
},
|
||||
Err(_) => false,
|
||||
Err(err) => {
|
||||
// intentionally not in task log
|
||||
// the task user might not be allowed to see this group!
|
||||
println!("Failed to get owner of group '{}' - {}", group, err);
|
||||
false
|
||||
},
|
||||
}
|
||||
} else {
|
||||
true
|
||||
|
Loading…
Reference in New Issue
Block a user