tyler
/
proxmox-backup
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

acl: fix handling of sub-components containing '/' 

previously with an ACL for the path "/foo/bar" without propagation and a
check for `&["foo", "bar/baz"] this code would return the ACL (roles)
for "/foo/bar" for the path "/foo/bar/baz".

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
This commit is contained in:
Fabian Grünbichler 2022-05-24 14:37:22 +02:00 committed by Thomas Lamprecht
parent 83e3000349
commit ebfcf75e14
1 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
pbs-config/src/acl.rs
View File

@ -603,15 +603,22 @@ impl AclTree {
let mut node = &self.root; let mut node = &self.root;
let mut role_map = node.extract_roles(auth_id, path.is_empty()); let mut role_map = node.extract_roles(auth_id, path.is_empty());
for (pos, comp) in path.iter().enumerate() { let mut comp_iter = path.iter().peekable();
let last_comp = (pos + 1) == path.len();
for scomp in comp.split('/') { while let Some(comp) = comp_iter.next() {
node = match node.children.get(scomp) { let last_comp = comp_iter.peek().is_none();
let mut sub_comp_iter = comp.split('/').peekable();
while let Some(sub_comp) = sub_comp_iter.next() {
let last_sub_comp = last_comp && sub_comp_iter.peek().is_none();
node = match node.children.get(sub_comp) {
Some(n) => n, Some(n) => n,
None => return role_map, // path not found None => return role_map, // path not found
}; };
let new_map = node.extract_roles(auth_id, last_comp); let new_map = node.extract_roles(auth_id, last_sub_comp);
if !new_map.is_empty() { if !new_map.is_empty() {
// overwrite previous mappings // overwrite previous mappings
role_map = new_map; role_map = new_map;