Given a `(type, user, vmid)` tuple, the helper aborts all tasks of the
given `type` for guest `vmid` that `user` is allowed to abort:
- If `user` has `Sys.Modify` on the node, they can abort any task
- If `user` is an API token, it can abort any task it started itself
- If `user` is a user, they can abort any task started by themselves
or one of their API tokens.
The helper is used to overrule any active qmshutdown/vzshutdown tasks
when attempting to stop a VM/CT (if requested).
Signed-off-by: Friedrich Weber <f.we...@proxmox.com>
---
Notes:
As the computation of `$can_abort_task` essentially duplicates logic
from PVE/API2/Tasks.pm, I considered reusing that, but this would have
required moving it to one of the dependencies of pve-guest-common
(Thomas suggested pve-access-control off-list). Seeing that the logic
boils down to 4 lines in `abort_guest_tasks`, I didn't consider it
worth the trouble in the end. Happy to reconsider, though.
changes v2 -> v3:
- improved readability: renamed subroutine to describe what it does,
renamed return value, added comment, clarified commit message (thx
Thomas)
- better align logic with current permission model for stopping tasks:
- allow users with Sys.Modify to abort *any* task (thx Thomas)
- allow users to abort tasks of their tokens
no changes v1 -> v2
src/PVE/GuestHelpers.pm | 35 +++++++++++++++++++++++++++++++++++
1 file changed, 35 insertions(+)
diff --git a/src/PVE/GuestHelpers.pm b/src/PVE/GuestHelpers.pm
index 961a7b8..c9fe147 100644
--- a/src/PVE/GuestHelpers.pm
+++ b/src/PVE/GuestHelpers.pm
@@ -416,4 +416,39 @@ sub check_vnet_access {
if !($tag || $trunks);
}
+sub abort_guest_tasks {
+ my ($rpcenv, $type, $vmid) = @_;
+
+ my $authuser = $rpcenv->get_user();
+ my $node = PVE::INotify::nodename();
+ my $can_abort_all = $rpcenv->check($authuser, "/nodes/$node", [
'Sys.Modify' ], 1);
+
+ my $active_tasks = PVE::INotify::read_file('active');
+ my $aborted_tasks = [];
+ for my $task (@$active_tasks) {
+ if (!$task->{saved}
+ && $task->{type} eq $type
+ && $task->{id} eq $vmid
+ ) {
+ my $can_abort_task;
+ # tasks started by a token can be aborted by the token or token
owner,
+ # tasks started by a user can be aborted by the user
+ if (PVE::AccessControl::pve_verify_tokenid($task->{user}, 1)) {
+ my $full_tokenid = $task->{user};
+ my ($task_username, undef) =
PVE::AccessControl::split_tokenid($full_tokenid);
+ $can_abort_task = $authuser eq $task_username || $authuser eq
$full_tokenid;
+ } else {
+ $can_abort_task = $authuser eq $task->{user};
+ }
+
+ if ($can_abort_all || $can_abort_task) {
+ # passing `1` for parameter $killit aborts the task
+ PVE::RPCEnvironment->check_worker($task->{upid}, 1);
+ push @$aborted_tasks, $task->{upid};
+ }
+ }
+ }
+ return $aborted_tasks;
+}
+
1;
--
2.39.2
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
