Proxmox/qemu-server
5
0
Fork 0
mirror of git://git.proxmox.com/git/qemu-server.git synced 2025-03-09 08:58:25 +03:00
Code Releases Activity

move vmstate check to check_vm_modify_config_perm

Browse Source 
so that it gets checked before the special case of removing the vmstate

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
This commit is contained in:
Dominik Csapak 2019-12-09 15:27:00 +01:00 committed by Thomas Lamprecht
parent 75c24bba0a
commit 5661a68106
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
PVE/API2/Qemu.pm
View File

@ -315,7 +315,6 @@ my $check_vm_modify_config_perm = sub {
# some checks (e.g., disk, serial port, usb) need to be done somewhere # some checks (e.g., disk, serial port, usb) need to be done somewhere
# else, as there the permission can be value dependend # else, as there the permission can be value dependend
next if PVE::QemuServer::is_valid_drivename($opt); next if PVE::QemuServer::is_valid_drivename($opt);
next if $opt eq 'vmstate';
next if $opt eq 'cdrom'; next if $opt eq 'cdrom';
next if $opt =~ m/^(?:unused|serial|usb)\d+$/; next if $opt =~ m/^(?:unused|serial|usb)\d+$/;
@ -338,6 +337,10 @@ my $check_vm_modify_config_perm = sub {
$rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Disk']); $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Disk']);
} elsif ($cloudinitoptions->{$opt} || ($opt =~ m/^(?:net|ipconfig)\d+$/)) { } elsif ($cloudinitoptions->{$opt} || ($opt =~ m/^(?:net|ipconfig)\d+$/)) {
$rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Network']); $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Network']);
} elsif ($opt eq 'vmstate') {
# the user needs Disk and PowerMgmt privileges to change the vmstate
# also needs privileges on the storage, that will be checked later
$rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Disk', 'VM.PowerMgmt' ]);
} else { } else {
# catches hostpci\d+, args, lock, etc. # catches hostpci\d+, args, lock, etc.
# new options will be checked here # new options will be checked here
@ -1152,8 +1155,6 @@ my $update_vm_api = sub {
} }
} elsif ($opt eq 'vmstate') { } elsif ($opt eq 'vmstate') {
PVE::QemuConfig->check_protection($conf, "can't remove vmstate '$val'"); PVE::QemuConfig->check_protection($conf, "can't remove vmstate '$val'");
# the user needs Disk and PowerMgmt privileges to remove the vmstate
$rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk', 'VM.PowerMgmt' ]);
if (PVE::QemuServer::try_deallocate_drive($storecfg, $vmid, $conf, $opt, { file => $val }, $rpcenv, $authuser, 1)) { if (PVE::QemuServer::try_deallocate_drive($storecfg, $vmid, $conf, $opt, { file => $val }, $rpcenv, $authuser, 1)) {
delete $conf->{$opt}; delete $conf->{$opt};
PVE::QemuConfig->write_config($vmid, $conf); PVE::QemuConfig->write_config($vmid, $conf);