Another idea would be to introduce two new permissions:
Sys.RetrieveLocal - only local/private ip addresses allowed
Sys.RetrieveGlobal - all other ip addresses allowed (means only non-private)
> On 29.04.21 15:22 Thomas Lamprecht <t.lampre...@proxmox.com> wrote:
>
>
> On 29.04.21 13:54, Dominik Csapak wrote:
> > On 4/28/21 16:13, Lorenz Stechauner wrote:
> >> +__PACKAGE__->register_method({
> >> + name => 'retrieve',
> >> + path => '{storage}/retrieve',
> >> + method => 'POST',
> >> + description => "Download templates and ISO images by using an URL.",
> >> + permissions => {
> >> + check => ['perm', '/storage/{storage}',
> >> ['Datastore.AllocateTemplate']],
> >> + },
> >> + protected => 1,
> >> + parameters => {
> >> + additionalProperties => 0,
> >> + properties => {
> >> + node => get_standard_option('pve-node'),
> >> + storage => get_standard_option('pve-storage-id'),
> >> + url => {
> >> + description => "The URL to retrieve the file from.",
> >> + type => 'string',
> >> + },
> >
> > i am not quite sure if it is a good idea to have this feature
> > unrestricted for everybody who can download a template
> >
> > it possibly gives access to an internal network to which
> > the users does not have access otherwise...
> >
> > maybe we want to give the admin control over allow- and/or blocklists ?
>
> I do not want such lists, PITA to manage for everybody.
>
> Maybe we can just allow it only for users with Sys.Modify + Sys.Audit on / ?
>
> We could also enforce that it needs to be a hostname (no IP) and/or resolve
> to something out of the priv. network ranges, at least if the aforementioned
> privs are not set.
>
> Another idea would be enforcing the URL to match something like
> /\.(iso|img)$/
> and being not to informative on errors to avoid allowing to see which hsot are
> on/off line in a network. With that one could make this pretty safe I think.
>
>
> >
> >> + insecure => {
> >> + description => "Allow TLS certificates to be invalid.",
> >> + type => 'boolean',
> >> + optional => 1,
> >> + } > + },
> >> + },
> >> + returns => {
> >> + type => "object",
> >> + properties => {
> >> + filename => { type => 'string' },
> >> + upid => { type => 'string' },
> >> + size => {
> >> + type => 'integer',
> >> + renderer => 'bytes',
> >> + },
> >> + },
> >> + },
> >> + code => sub {
> >> + my ($param) = @_;
> >> +
> >> + my @hash_algs = ['md5', 'sha1', 'sha224', 'sha256', 'sha384',
> >> 'sha512'];
> >
> > as written above, can be handled by api
>
> and could be actually auto-detected too, at least optionally? All those are
> pretty
> much unique already in length, IIRC.
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
