From 621edb2b65d90afcd37eba56af63d5a0f93c97d3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com>
Date: Tue, 20 Jun 2023 09:41:49 +0200
Subject: [PATCH] restore: extend permissions checks
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

to allow early checking of the merged config, if the backup archive
passed in is a proper volume where extraction is possible.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
 PVE/API2/Qemu.pm  | 13 +++++++++++++
 PVE/QemuServer.pm | 11 +++++------
 2 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
index b7832d88..59307133 100644
--- a/PVE/API2/Qemu.pm
+++ b/PVE/API2/Qemu.pm
@@ -958,6 +958,19 @@ __PACKAGE__->register_method({
 		    live => $live_restore,
 		    override_conf => $param,
 		};
+		if (my $volid = $archive->{volid}) {
+		    # best effort, real check is after restoring!
+		    my $merged = eval {
+			my $old_conf = PVE::Storage::extract_vzdump_config($storecfg, $volid);
+			PVE::QemuServer::restore_merge_config("backup/qemu-server/$vmid.conf", $old_conf, $param);
+		    };
+		    if ($@) {
+			warn "Could not extract backed up config: $@\n";
+			warn "Skipping early checks!\n";
+		    } else {
+			PVE::QemuServer::check_restore_permissions($rpcenv, $authuser, $merged);
+		    }
+		}
 		if ($archive->{type} eq 'file' || $archive->{type} eq 'pipe') {
 		    die "live-restore is only compatible with backup images from a Proxmox Backup Server\n"
 			if $live_restore;
diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm
index 940cdacd..0fa43a74 100644
--- a/PVE/QemuServer.pm
+++ b/PVE/QemuServer.pm
@@ -6542,10 +6542,9 @@ sub check_mapping_access {
    }
 };
 
-# FIXME: improve checks on restore by checking before actually extracing and
-# merging the new config
 sub check_restore_permissions {
     my ($rpcenv, $user, $conf) = @_;
+
     check_bridge_access($rpcenv, $user, $conf);
     check_mapping_access($rpcenv, $user, $conf);
 }
@@ -6865,7 +6864,7 @@ my $restore_destroy_volumes = sub {
     }
 };
 
-my $restore_merge_config = sub {
+sub restore_merge_config {
     my ($filename, $backup_conf_raw, $override_conf) = @_;
 
     my $backup_conf = parse_vm_config($filename, $backup_conf_raw);
@@ -6874,7 +6873,7 @@ my $restore_merge_config = sub {
     }
 
     return $backup_conf;
-};
+}
 
 sub scan_volids {
     my ($cfg, $vmid) = @_;
@@ -7192,7 +7191,7 @@ sub restore_proxmox_backup_archive {
 	$new_conf_raw .= "\nlock: create";
     }
 
-    my $new_conf = $restore_merge_config->($conffile, $new_conf_raw, $options->{override_conf});
+    my $new_conf = restore_merge_config($conffile, $new_conf_raw, $options->{override_conf});
     check_restore_permissions($rpcenv, $user, $new_conf);
     PVE::QemuConfig->write_config($vmid, $new_conf);
 
@@ -7506,7 +7505,7 @@ sub restore_vma_archive {
 	die $err;
     }
 
-    my $new_conf = $restore_merge_config->($conffile, $new_conf_raw, $opts->{override_conf});
+    my $new_conf = restore_merge_config($conffile, $new_conf_raw, $opts->{override_conf});
     check_restore_permissions($rpcenv, $user, $new_conf);
     PVE::QemuConfig->write_config($vmid, $new_conf);