api: list datastores: avoid unsafe datastore open
to avoid the problematic open fresh datastore with fresh chunkstore with, and that's the actual problematic part, fresh process locker. As the latter uses posix record locks which are pretty dangreous as they operate on a path level (not FD level) and thus closing any file opened (even if it wasn't opened for locking at all) drops all active locks on the same file on completely unrelated file descriptors -.- Also, no operation wasn't exactly correct for this thing in the first place, but we cannot use Operation::Lookup either, as we're currently indeed using a rather stupid-simple way and *are* reading. So until we optimize this to allow querying the AclTree if there's any priv XYZ below a path, use the Operation::Read. Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This commit is contained in:
parent
c66fa32c08
commit
f418f4e48b
|
@ -1193,11 +1193,11 @@ pub fn get_datastore_list(
|
||||||
|
|
||||||
let mut allow_id = false;
|
let mut allow_id = false;
|
||||||
if !allowed {
|
if !allowed {
|
||||||
let scfg: pbs_api_types::DataStoreConfig = serde_json::from_value(data.to_owned())?;
|
if let Ok(datastore) = DataStore::lookup_datastore(store, Some(Operation::Read)) {
|
||||||
// safety: we just cannot go through lookup as we must avoid an operation check
|
|
||||||
if let Ok(datastore) = unsafe { DataStore::open_from_config(scfg, None) } {
|
|
||||||
allow_id = can_access_any_namespace(datastore, &auth_id, &user_info);
|
allow_id = can_access_any_namespace(datastore, &auth_id, &user_info);
|
||||||
}
|
}
|
||||||
|
// FIXME: check for any ACL on the datastore below in the error case, otherwise offline
|
||||||
|
// datastore will disappear for users that can only access a specific namespace
|
||||||
}
|
}
|
||||||
|
|
||||||
if allowed || allow_id {
|
if allowed || allow_id {
|
||||||
|
|
Loading…
Reference in New Issue