Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
P
pve-manager
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Administrator
pve-manager
Commits
dc2765d7
Commit
dc2765d7
authored
Jan 24, 2012
by
Dietmar Maurer
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
better userid-group test (allow groups passed as parameter)
parent
612ec0a5
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
23 additions
and
12 deletions
+23
-12
REST.pm
PVE/REST.pm
+23
-12
No files found.
PVE/REST.pm
View file @
dc2765d7
...
@@ -274,22 +274,25 @@ sub proxy_handler {
...
@@ -274,22 +274,25 @@ sub proxy_handler {
sub
exec_perm_check
{
sub
exec_perm_check
{
my
(
$rpcenv
,
$check
,
$username
,
$param
,
$noerr
)
=
@_
;
my
(
$rpcenv
,
$check
,
$username
,
$param
,
$noerr
)
=
@_
;
my
$test
=
shift
@$check
;
# syslog("info", "CHECK " . join(', ', @$check));
my
$ind
=
0
;
my
$test
=
$check
->
[
$ind
++
];
die
"
no permission test specified
"
if
!
$test
;
die
"
no permission test specified
"
if
!
$test
;
if
(
$test
eq
'
and
')
{
if
(
$test
eq
'
and
')
{
while
(
my
$subcheck
=
shift
@$check
)
{
while
(
my
$subcheck
=
$check
->
[
$ind
++
]
)
{
exec_perm_check
(
$rpcenv
,
$subcheck
,
$username
,
$param
);
exec_perm_check
(
$rpcenv
,
$subcheck
,
$username
,
$param
);
}
}
return
1
;
return
1
;
}
elsif
(
$test
eq
'
or
')
{
}
elsif
(
$test
eq
'
or
')
{
while
(
my
$subcheck
=
shift
@$check
)
{
while
(
my
$subcheck
=
$check
->
[
$ind
++
]
)
{
return
1
if
exec_perm_check
(
$rpcenv
,
$subcheck
,
$username
,
$param
,
1
);
return
1
if
exec_perm_check
(
$rpcenv
,
$subcheck
,
$username
,
$param
,
1
);
}
}
return
0
if
$noerr
;
return
0
if
$noerr
;
raise_perm_exc
();
raise_perm_exc
();
}
elsif
(
$test
eq
'
perm
')
{
}
elsif
(
$test
eq
'
perm
')
{
my
(
$tmplpath
,
$privs
,
%
options
)
=
@$check
;
my
(
$t
,
$t
mplpath
,
$privs
,
%
options
)
=
@$check
;
my
$any
=
$options
{
any
};
my
$any
=
$options
{
any
};
die
"
missing parameters
"
if
!
(
$tmplpath
&&
$privs
);
die
"
missing parameters
"
if
!
(
$tmplpath
&&
$privs
);
my
$path
=
PVE::Tools::
template_replace
(
$tmplpath
,
$param
);
my
$path
=
PVE::Tools::
template_replace
(
$tmplpath
,
$param
);
...
@@ -300,24 +303,32 @@ sub exec_perm_check {
...
@@ -300,24 +303,32 @@ sub exec_perm_check {
}
}
}
elsif
(
$test
eq
'
userid-group
')
{
}
elsif
(
$test
eq
'
userid-group
')
{
my
$userid
=
$param
->
{
userid
};
my
$userid
=
$param
->
{
userid
};
return
if
!
$rpcenv
->
check_user_exist
(
$userid
,
$noerr
)
;
my
(
$t
,
$privs
,
%
options
)
=
@$check
;
my
(
$privs
,
%
options
)
=
@$check
;
return
if
!
$options
{
groups_param
}
&&
!
$rpcenv
->
check_user_exist
(
$userid
,
$noerr
)
;
if
(
!
$rpcenv
->
check_any
(
$username
,
"
/access
",
$privs
,
1
))
{
if
(
!
$rpcenv
->
check_any
(
$username
,
"
/access
",
$privs
,
1
))
{
my
$groups
=
$rpcenv
->
filter_groups
(
$username
,
$privs
,
1
);
my
$groups
=
$rpcenv
->
filter_groups
(
$username
,
$privs
,
1
);
if
(
$options
{
groups_param
})
{
my
@group_param
=
PVE::Tools::
split_list
(
$param
->
{
groups
});
raise_perm_exc
("
/access,
"
.
join
("
|
",
@$privs
))
if
!
scalar
(
@group_param
);
foreach
my
$pg
(
@group_param
)
{
raise_perm_exc
("
/access/groups/
$pg
,
"
.
join
("
|
",
@$privs
))
if
!
$groups
->
{
$pg
};
}
}
else
{
my
$allowed_users
=
$rpcenv
->
group_member_join
([
keys
%
$groups
]);
my
$allowed_users
=
$rpcenv
->
group_member_join
([
keys
%
$groups
]);
if
(
!
$allowed_users
->
{
$userid
})
{
if
(
!
$allowed_users
->
{
$userid
})
{
return
0
if
$noerr
;
return
0
if
$noerr
;
raise_perm_exc
();
raise_perm_exc
();
}
}
}
}
}
return
1
;
return
1
;
}
elsif
(
$test
eq
'
userid-param
')
{
}
elsif
(
$test
eq
'
userid-param
')
{
my
$userid
=
$param
->
{
userid
};
my
$userid
=
$param
->
{
userid
};
return
if
!
$rpcenv
->
check_user_exist
(
$userid
,
$noerr
);
return
if
!
$rpcenv
->
check_user_exist
(
$userid
,
$noerr
);
my
(
$subtest
)
=
@$check
;
my
(
$
t
,
$
subtest
)
=
@$check
;
die
"
missing parameters
"
if
!
$subtest
;
die
"
missing parameters
"
if
!
$subtest
;
if
(
$subtest
eq
'
self
')
{
if
(
$subtest
eq
'
self
')
{
syslog
("
info
",
"
TESTASQAS
");
return
1
if
$username
eq
'
userid
';
return
1
if
$username
eq
'
userid
';
return
0
if
$noerr
;
return
0
if
$noerr
;
raise_perm_exc
();
raise_perm_exc
();
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment