Checks ACL paths for logical validity before application. Checks of
the various IDs are done by the existing format checkers to avoid code
duplication.
Also introduces a distinction between malformed (syntactically
incorrect) and invalid (syntactically correct, but contextually wrong)
paths.
---
PVE/API2/ACL.pm | 4 +++-
PVE/AccessControl.pm | 13 +++++++++++++
2 files changed, 16 insertions(+), 1 deletion(-)
diff --git a/PVE/API2/ACL.pm b/PVE/API2/ACL.pm
index d37771b..20d3d2a 100644
--- a/PVE/API2/ACL.pm
+++ b/PVE/API2/ACL.pm
@@ -132,7 +132,9 @@ __PACKAGE__->register_method ({
}
my $path = PVE::AccessControl::normalize_path($param->{path});
- raise_param_exc({ path => "invalid ACL path '$param->{path}'" }) if
!$path;
+ raise_param_exc({ path => "malformed ACL path '$param->{path}'" }) if
!$path;
+ raise_param_exc({ path => "invalid ACL path '$param->{path}'" })
+ if !PVE::AccessControl::validate_path($path);
PVE::AccessControl::lock_user_config(
sub {
diff --git a/PVE/AccessControl.pm b/PVE/AccessControl.pm
index f0fb7dc..183bf21 100644
--- a/PVE/AccessControl.pm
+++ b/PVE/AccessControl.pm
@@ -591,6 +591,19 @@ sub verify_privname {
return $priv;
}
+sub validate_path {
+ my $path = shift;
+ return 0 if $path !~
m'^/(vms|nodes|storage|pool|access/(?:groups|realms))(?:/([[:alnum:]\.\-\_]+))?$';
+
+ if ($1 eq 'vms') {PVE::JSONSchema::pve_verify_vmid($2) if $2;}
+ elsif ($1 eq 'nodes') {PVE::JSONSchema::pve_verify_node_name($2) if $2;}
+ elsif ($1 eq 'storage') {PVE::JSONSchema::parse_storage_id($2) if $2;}
+ elsif ($1 eq 'pool') {verify_poolname($2) if $2;}
+ elsif ($1 eq 'access/realms') {PVE::Auth::Plugin::pve_verify_realm($2) if
$2;}
+
+ return 1;
+}
+
sub userconfig_force_defaults {
my ($cfg) = @_;
--
2.11.0
_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
