api: list datastores: avoid unsafe datastore open

to avoid the problematic open fresh datastore with fresh chunkstore with, and that's the actual problematic part, fresh process locker. As the latter uses posix record locks which are pretty dangreous as they operate on a path level (not FD level) and thus closing any file opened (even if it wasn't opened for locking at all) drops all active locks on the same file on completely unrelated file descriptors -.- Also, no operation wasn't exactly correct for this thing in the first place, but we cannot use Operation::Lookup either, as we're currently indeed using a rather stupid-simple way and *are* reading. So until we optimize this to allow querying the AclTree if there's any priv XYZ below a path, use the Operation::Read. Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2022-06-03 13:31:26 +02:00 · 2022-06-03 13:31:26 +02:00 · f418f4e48b
parent c66fa32c08
commit f418f4e48b
1 changed files with 3 additions and 3 deletions
--- a/src/api2/admin/datastore.rs
+++ b/src/api2/admin/datastore.rs
@ -1193,11 +1193,11 @@ pub fn get_datastore_list(

        let mut allow_id = false;
        if !allowed {
-            let scfg: pbs_api_types::DataStoreConfig = serde_json::from_value(data.to_owned())?;
-            // safety: we just cannot go through lookup as we must avoid an operation check
-            if let Ok(datastore) = unsafe { DataStore::open_from_config(scfg, None) } {
+            if let Ok(datastore) = DataStore::lookup_datastore(store, Some(Operation::Read)) {
                allow_id = can_access_any_namespace(datastore, &auth_id, &user_info);
            }
+            // FIXME: check for any ACL on the datastore below in the error case, otherwise offline
+            // datastore will disappear for users that can only access a specific namespace
        }

        if allowed || allow_id {