tyler/proxmox-backup
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

server/prune_job: add proper permission checks to 'prune_datastore'

Browse Source 
checks for PRIV_DATASTORE_MODIFY, or else if the auth_id is the backup
owner, and skips the group if not.

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
This commit is contained in:
Dominik Csapak 2021-07-16 10:53:25 +02:00 committed by Dietmar Maurer
parent 0052dc6d28
commit 8e0b852f24
2 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/backup/datastore.rs
View File

@ -355,7 +355,7 @@ impl DataStore {
pub fn owns_backup(&self, backup_group: &BackupGroup, auth_id: &Authid) -> Result<bool, Error> { pub fn owns_backup(&self, backup_group: &BackupGroup, auth_id: &Authid) -> Result<bool, Error> {
let owner = self.get_owner(backup_group)?; let owner = self.get_owner(backup_group)?;
Ok(check_backup_owner(owner, auth_id).is_ok()) Ok(check_backup_owner(&owner, auth_id).is_ok())
} }
/// Set the backup owner. /// Set the backup owner.

15
src/server/prune_job.rs
View File

@ -6,6 +6,8 @@ use pbs_datastore::{task_log, task_warn};
use crate::{ use crate::{
api2::types::*, api2::types::*,
config::acl::PRIV_DATASTORE_MODIFY,
config::cached_user_info::CachedUserInfo,
backup::{compute_prune_info, BackupInfo, DataStore, PruneOptions}, backup::{compute_prune_info, BackupInfo, DataStore, PruneOptions},
server::jobstate::Job, server::jobstate::Job,
server::WorkerTask, server::WorkerTask,
@ -13,6 +15,7 @@ use crate::{
pub fn prune_datastore( pub fn prune_datastore(
worker: Arc<WorkerTask>, worker: Arc<WorkerTask>,
auth_id: Authid,
prune_options: PruneOptions, prune_options: PruneOptions,
store: &str, store: &str,
datastore: Arc<DataStore>, datastore: Arc<DataStore>,
@ -31,11 +34,20 @@ pub fn prune_datastore(
); );
} }
let user_info = CachedUserInfo::new()?;
let privs = user_info.lookup_privs(&auth_id, &["datastore", store]);
let has_privs = privs & PRIV_DATASTORE_MODIFY != 0;
let base_path = datastore.base_path(); let base_path = datastore.base_path();
let groups = BackupInfo::list_backup_groups(&base_path)?; let groups = BackupInfo::list_backup_groups(&base_path)?;
for group in groups { for group in groups {
let list = group.list_backups(&base_path)?; let list = group.list_backups(&base_path)?;
if !has_privs && !datastore.owns_backup(&group, &auth_id)? {
continue;
}
let mut prune_info = compute_prune_info(list, &prune_options)?; let mut prune_info = compute_prune_info(list, &prune_options)?;
prune_info.reverse(); // delete older snapshots first prune_info.reverse(); // delete older snapshots first
@ -83,6 +95,7 @@ pub fn do_prune_job(
let datastore = DataStore::lookup_datastore(&store)?; let datastore = DataStore::lookup_datastore(&store)?;
let worker_type = job.jobtype().to_string(); let worker_type = job.jobtype().to_string();
let auth_id = auth_id.clone();
let upid_str = WorkerTask::new_thread( let upid_str = WorkerTask::new_thread(
&worker_type, &worker_type,
Some(job.jobname().to_string()), Some(job.jobname().to_string()),
@ -95,7 +108,7 @@ pub fn do_prune_job(
task_log!(worker, "task triggered by schedule '{}'", event_str); task_log!(worker, "task triggered by schedule '{}'", event_str);
} }
let result = prune_datastore(worker.clone(), prune_options, &store, datastore); let result = prune_datastore(worker.clone(), auth_id, prune_options, &store, datastore);
let status = worker.create_state(&result); let status = worker.create_state(&result);