priv checks: use priv_to_priv_names and include path
where appropriate. these should never leak anything sensitive, as we check privs before checking existence or existence is already known at that point via other privileges. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
This commit is contained in:
parent
efa62d44d4
commit
7d0dbaa013
@ -32,14 +32,14 @@ use pxar::accessor::aio::Accessor;
|
||||
use pxar::EntryKind;
|
||||
|
||||
use pbs_api_types::{
|
||||
print_ns_and_snapshot, Authid, BackupContent, BackupNamespace, BackupType, Counts, CryptMode,
|
||||
DataStoreListItem, DataStoreStatus, DatastoreWithNamespace, GarbageCollectionStatus,
|
||||
GroupListItem, Operation, PruneOptions, RRDMode, RRDTimeFrame, SnapshotListItem,
|
||||
SnapshotVerifyState, BACKUP_ARCHIVE_NAME_SCHEMA, BACKUP_ID_SCHEMA, BACKUP_NAMESPACE_SCHEMA,
|
||||
BACKUP_TIME_SCHEMA, BACKUP_TYPE_SCHEMA, DATASTORE_SCHEMA, IGNORE_VERIFIED_BACKUPS_SCHEMA,
|
||||
MAX_NAMESPACE_DEPTH, NS_MAX_DEPTH_SCHEMA, PRIV_DATASTORE_AUDIT, PRIV_DATASTORE_BACKUP,
|
||||
PRIV_DATASTORE_MODIFY, PRIV_DATASTORE_PRUNE, PRIV_DATASTORE_READ, PRIV_DATASTORE_VERIFY,
|
||||
UPID_SCHEMA, VERIFICATION_OUTDATED_AFTER_SCHEMA,
|
||||
print_ns_and_snapshot, privs_to_priv_names, Authid, BackupContent, BackupNamespace, BackupType,
|
||||
Counts, CryptMode, DataStoreListItem, DataStoreStatus, DatastoreWithNamespace,
|
||||
GarbageCollectionStatus, GroupListItem, Operation, PruneOptions, RRDMode, RRDTimeFrame,
|
||||
SnapshotListItem, SnapshotVerifyState, BACKUP_ARCHIVE_NAME_SCHEMA, BACKUP_ID_SCHEMA,
|
||||
BACKUP_NAMESPACE_SCHEMA, BACKUP_TIME_SCHEMA, BACKUP_TYPE_SCHEMA, DATASTORE_SCHEMA,
|
||||
IGNORE_VERIFIED_BACKUPS_SCHEMA, MAX_NAMESPACE_DEPTH, NS_MAX_DEPTH_SCHEMA, PRIV_DATASTORE_AUDIT,
|
||||
PRIV_DATASTORE_BACKUP, PRIV_DATASTORE_MODIFY, PRIV_DATASTORE_PRUNE, PRIV_DATASTORE_READ,
|
||||
PRIV_DATASTORE_VERIFY, UPID_SCHEMA, VERIFICATION_OUTDATED_AFTER_SCHEMA,
|
||||
};
|
||||
use pbs_client::pxar::{create_tar, create_zip};
|
||||
use pbs_config::CachedUserInfo;
|
||||
@ -110,7 +110,13 @@ fn check_ns_privs(
|
||||
return Ok(true);
|
||||
}
|
||||
|
||||
proxmox_router::http_bail!(FORBIDDEN, "permission check failed");
|
||||
let priv_names = privs_to_priv_names(full_access_privs | partial_access_privs).join("|");
|
||||
let path = format!("/{}", store_with_ns.acl_path().join("/"));
|
||||
|
||||
proxmox_router::http_bail!(
|
||||
FORBIDDEN,
|
||||
"permission check failed - missing {priv_names} on {path}"
|
||||
);
|
||||
}
|
||||
|
||||
// helper to unify common sequence of checks:
|
||||
|
@ -16,9 +16,9 @@ use proxmox_router::HttpError;
|
||||
use proxmox_sys::task_log;
|
||||
|
||||
use pbs_api_types::{
|
||||
Authid, BackupNamespace, DatastoreWithNamespace, GroupFilter, GroupListItem, NamespaceListItem,
|
||||
Operation, RateLimitConfig, Remote, SnapshotListItem, MAX_NAMESPACE_DEPTH,
|
||||
PRIV_DATASTORE_AUDIT, PRIV_DATASTORE_BACKUP, PRIV_DATASTORE_MODIFY,
|
||||
privs_to_priv_names, Authid, BackupNamespace, DatastoreWithNamespace, GroupFilter,
|
||||
GroupListItem, NamespaceListItem, Operation, RateLimitConfig, Remote, SnapshotListItem,
|
||||
MAX_NAMESPACE_DEPTH, PRIV_DATASTORE_AUDIT, PRIV_DATASTORE_BACKUP, PRIV_DATASTORE_MODIFY,
|
||||
};
|
||||
|
||||
use pbs_client::{
|
||||
@ -800,10 +800,13 @@ fn check_ns_privs(
|
||||
|
||||
// TODO re-sync with API, maybe find common place?
|
||||
|
||||
let user_privs = user_info.lookup_privs(owner, &store_with_ns.acl_path());
|
||||
let path = &store_with_ns.acl_path();
|
||||
let user_privs = user_info.lookup_privs(owner, path);
|
||||
|
||||
if (user_privs & privs) == 0 {
|
||||
bail!("no permission to modify parent/datastore.");
|
||||
let priv_names = privs_to_priv_names(privs).join("|");
|
||||
let path = path.join("/");
|
||||
bail!("privilege(s) {priv_names} missing on /{path}");
|
||||
}
|
||||
Ok(())
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user