[pve-devel] [PATCH v2 common] REST environment: default to root at pam in forked workers if no user was specified

Thomas Lamprecht t.lamprecht at proxmox.com
Tue Mar 15 09:57:34 CET 2022


On 15.03.22 08:31, Fabian Ebner wrote:
> Am 14.03.22 um 14:50 schrieb Oguz Bektas:
>> first call $rpcenv->get_user() if user was 'undef'. if that doesn't
>> return then we set it to root at pam.

this is just the "whats done" description, that's not really interesting for
such a short patch, as it can be read from the code change directly without
much effort. A sentence about why (original code reason, change reason to the
new behavior) and impact (what are the call sites that could be affected)
would be more helpful.

>>
>> Signed-off-by: Oguz Bektas <o.bektas at proxmox.com>
>> ---
>> v1->v2:
>> * do get_user() first, set to 'root at pam' as fallback
>> * drop first patch for pve-container (not needed anymore)
>>
>>  src/PVE/RESTEnvironment.pm | 7 ++++++-
>>  1 file changed, 6 insertions(+), 1 deletion(-)
>>
>> diff --git a/src/PVE/RESTEnvironment.pm b/src/PVE/RESTEnvironment.pm
>> index 1b2af08..bc5b8b5 100644
>> --- a/src/PVE/RESTEnvironment.pm
>> +++ b/src/PVE/RESTEnvironment.pm
>> @@ -492,7 +492,12 @@ sub fork_worker {
>>      $dtype = 'unknown' if !defined ($dtype);
>>      $id = '' if !defined ($id);
>>  
>> -    $user = 'root at pve' if !defined ($user);
>> +    $user = $self->get_user() if !defined($user);
> 
> If you don't set $noerr when calling get_user(), the below if block is
> dead code.
> 
>> +
>> +    if (!defined($user)) {
>> +	warn 'internal error: Worker user was not specified, defaulting to "root at pam"!';

missing newline at the ends means spamming the log more with internal perl module
file/line location and I don't really get the warning in the first place, either
it's OK to fallback or not.

The REST-env should have a valid user for most (all?) API/CLI-handler derived use
cases, as only the public API calls have no user set but there we don't use fork_worker
at all.

So, I'd examine possible call sites that won't have a user passed nor available via
get_user(), and dependening from if they even exist I'd

* check if we could set a sensible user-id, if possible, there already
* make this either a no-warn or just drop the if-block and avoid passing the $noerr
  to $self->get_user(), making this a usage error. The latter would be cleaner, but
  has some theoretic breakage potential. As call-site evaluation should be done in any
  case, as neither breakage nor defaulting to root at pam is something that should be done
  "blindly" (I mean, root fallback was probably intended originally, just avoided due
   to the realm typo, but still).





More information about the pve-devel mailing list