api: vzdump: soften parameter permission checks

Allows sufficiently privileged users to pass-in retention and performance parameters for manual backup, but keeps tmpdir, dumpdir and script root-only. Such users could already edit the job accordingly, so essentially not granting anything new. Suggested-by: Thomas Lamprecht <t.lamprecht@proxmox.com> Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
2025-08-16 19:17:50 +00:00 · 2022-11-16 15:04:30 +01:00 · 2022-11-16 15:04:30 +01:00 · 2b233ecc08
commit 2b233ecc08
parent f64fa68d8c
2 changed files with 28 additions and 12 deletions
--- a/PVE/API2/Backup.pm
+++ b/PVE/API2/Backup.pm
@ -40,14 +40,19 @@ my $vzdump_job_id_prop = {
    maxLength => 50
 };
-my $assert_param_permission = sub {
+# NOTE: also used by the vzdump API call.
-    my ($param, $user) = @_;
+sub assert_param_permission_common {
    my ($rpcenv, $user, $param) = @_;
    return if $user eq 'root@pam'; # always OK
    for my $key (qw(tmpdir dumpdir script)) {
 	raise_param_exc({ $key => "Only root may set this option."}) if exists $param->{$key};
    }
-};
+
    if (defined($param->{bwlimit}) || defined($param->{ionice}) || defined($param->{performance})) {
 	$rpcenv->check($user, "/", [ 'Sys.Modify' ]);
    }
 }
 my $convert_to_schedule = sub {
    my ($job) = @_;
@ -207,7 +212,7 @@ __PACKAGE__->register_method({
 	my $rpcenv = PVE::RPCEnvironment::get();
 	my $user = $rpcenv->get_user();
-	$assert_param_permission->($param, $user);
+	assert_param_permission_common($rpcenv, $user, $param);
 	if (my $pool = $param->{pool}) {
 	    $rpcenv->check_pool_exist($pool);
@ -419,7 +424,7 @@ __PACKAGE__->register_method({
 	my $rpcenv = PVE::RPCEnvironment::get();
 	my $user = $rpcenv->get_user();
-	$assert_param_permission->($param, $user);
+	assert_param_permission_common($rpcenv, $user, $param);
 	if (my $pool = $param->{pool}) {
 	    $rpcenv->check_pool_exist($pool);
--- a/PVE/API2/VZDump.pm
+++ b/PVE/API2/VZDump.pm
@ -14,12 +14,25 @@ use PVE::Tools qw(extract_param);
 use PVE::VZDump::Common;
 use PVE::VZDump;
 use PVE::API2::Backup;
 use PVE::API2Tools;
 use Data::Dumper; # fixme: remove
 use base qw(PVE::RESTHandler);
 my sub assert_param_permission_vzdump {
    my ($rpcenv, $user, $param) = @_;
    return if $user eq 'root@pam'; # always OK
    PVE::API2::Backup::assert_param_permission_common($rpcenv, $user, $param);
    if (!$param->{dumpdir} && (defined($param->{maxfiles}) || defined($param->{'prune-backups'}))) {
 	my $storeid = $param->{storage} || 'local';
 	$rpcenv->check($user, "/storage/$storeid", [ 'Datastore.Allocate' ]);
    } # no else branch, because dumpdir is root-only
 }
 __PACKAGE__->register_method ({
    name => 'vzdump',
    path => '',
@ -27,9 +40,10 @@ __PACKAGE__->register_method ({
    description => "Create backup.",
    permissions => {
 	description => "The user needs 'VM.Backup' permissions on any VM, and "
-	    ."'Datastore.AllocateSpace' on the backup storage. The 'maxfiles', 'prune-backups', "
+	    ."'Datastore.AllocateSpace' on the backup storage. The 'tmpdir', 'dumpdir' and "
-	    ."'tmpdir', 'dumpdir', 'script', 'bwlimit', 'performance' and 'ionice' parameters are "
+	    ."'script' parameters are restricted to the 'root\@pam' user. The 'maxfiles' and "
-	    ."restricted to the 'root\@pam' user.",
+	    ."'prune-backups' settings require 'Datastore.Allocate' on the backup storage. The "
 	    ."'bwlimit', 'performance' and 'ionice' parameters require 'Sys.Modify' on '/'.",
 	user => 'all',
    },
    protected => 1,
@ -62,10 +76,7 @@ __PACKAGE__->register_method ({
 		if $param->{stdout};
 	}
-	for my $key (qw(maxfiles prune-backups tmpdir dumpdir script bwlimit performance ionice)) {
+	assert_param_permission_vzdump($rpcenv, $user, $param);
 	    raise_param_exc({ $key => "Only root may set this option."})
 		if defined($param->{$key}) && ($user ne 'root@pam');
 	}
 	PVE::VZDump::verify_vzdump_parameters($param, 1);