api: list datastores: avoid unsafe datastore open

to avoid the problematic open fresh datastore with fresh chunkstore
with, and that's the actual problematic part, fresh process locker.
As the latter uses posix record locks which are pretty dangreous as
they operate on a path level (not FD level) and thus closing any file
opened (even if it wasn't opened for locking at all) drops all active
locks on the same file on completely unrelated file descriptors -.-

Also, no operation wasn't exactly correct for this thing in the first
place, but we cannot use Operation::Lookup either, as we're currently
indeed using a rather stupid-simple way and *are* reading.

So until we optimize this to allow querying the AclTree if there's
any priv XYZ below a path, use the Operation::Read.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This commit is contained in:
Thomas Lamprecht 2022-06-03 13:31:26 +02:00
parent c66fa32c08
commit f418f4e48b
1 changed files with 3 additions and 3 deletions

View File

@ -1193,11 +1193,11 @@ pub fn get_datastore_list(
let mut allow_id = false; let mut allow_id = false;
if !allowed { if !allowed {
let scfg: pbs_api_types::DataStoreConfig = serde_json::from_value(data.to_owned())?; if let Ok(datastore) = DataStore::lookup_datastore(store, Some(Operation::Read)) {
// safety: we just cannot go through lookup as we must avoid an operation check
if let Ok(datastore) = unsafe { DataStore::open_from_config(scfg, None) } {
allow_id = can_access_any_namespace(datastore, &auth_id, &user_info); allow_id = can_access_any_namespace(datastore, &auth_id, &user_info);
} }
// FIXME: check for any ACL on the datastore below in the error case, otherwise offline
// datastore will disappear for users that can only access a specific namespace
} }
if allowed || allow_id { if allowed || allow_id {