server: add Datastore.Allocate privilege
Previously only Datastore.Modify was required for creating a new datastore. But, that endpoint allows one to pass an arbitrary path, of which all parent directories will be created, this can allow any user with the "Datastore Admin" role on "/datastores" to do some damage to the system. Further, it is effectively a side channel for revealing the systems directory structure through educated guessing and error handling. Add a new privilege "Datastore.Allocate" which, for now, is used specifically for the create datastore API endpoint. Add it only to the "Admin" role. Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This commit is contained in:
parent
fddc8aa410
commit
41bfd24919
@ -11,7 +11,7 @@ use crate::api2::types::*;
|
||||
use crate::backup::*;
|
||||
use crate::config::cached_user_info::CachedUserInfo;
|
||||
use crate::config::datastore::{self, DataStoreConfig, DIR_NAME_SCHEMA};
|
||||
use crate::config::acl::{PRIV_DATASTORE_AUDIT, PRIV_DATASTORE_MODIFY};
|
||||
use crate::config::acl::{PRIV_DATASTORE_ALLOCATE, PRIV_DATASTORE_AUDIT, PRIV_DATASTORE_MODIFY};
|
||||
|
||||
#[api(
|
||||
input: {
|
||||
@ -106,7 +106,7 @@ pub fn list_datastores(
|
||||
},
|
||||
},
|
||||
access: {
|
||||
permission: &Permission::Privilege(&["datastore"], PRIV_DATASTORE_MODIFY, false),
|
||||
permission: &Permission::Privilege(&["datastore"], PRIV_DATASTORE_ALLOCATE, false),
|
||||
},
|
||||
)]
|
||||
/// Create new datastore config.
|
||||
|
@ -27,6 +27,7 @@ constnamedbitmap! {
|
||||
PRIV_SYS_POWER_MANAGEMENT("Sys.PowerManagement");
|
||||
|
||||
PRIV_DATASTORE_AUDIT("Datastore.Audit");
|
||||
PRIV_DATASTORE_ALLOCATE("Datastore.Allocate");
|
||||
PRIV_DATASTORE_MODIFY("Datastore.Modify");
|
||||
PRIV_DATASTORE_READ("Datastore.Read");
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user