Refuse to change permissions on legacy API paths that don't start with /mnt

Description

Legacy API endpoint for permissions doesn't perform path validation. Add some rudimentary path checking. Users shouldn't be changing permissions on paths that aren't under /mnt and so this should no impact end-users.

Problem/Justification

None

Impact

None

Linked issues

relates to

NAS-104050

UI returning a 404 error on 11.2

SmartDraw Connector

Katalon Manual Tests (BETA)

Activity

Show:

Bug Clerk December 4, 2019 at 6:31 PM

11.2 PR: https://github.com/freenas/freenas/pull/3843

Andrew Walker November 26, 2019 at 8:19 PM
Edited

Test cases. The following should fail (following can be done from shell in interactive python session on 11.2):

They will fail as follows:
>>> Client().call('notifier.mp_change_permission', '/', True, 'UNIX', '770')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/local/lib/python3.6/site-packages/middlewared/client/client.py", line 454, in call
raise ClientException(c.error, c.errno, c.trace, c.extra)
middlewared.client.client.ClientException: [MiddlewareError: mp_change_permissions - path not permitted: /]

>>> Client().call('pool.dataset.permission', 'freenas-boot/ROOT/default', {'mode': '770', 'acl': 'UNIX', 'recursive': True})
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/local/lib/python3.6/site-packages/middlewared/client/client.py", line 454, in call
raise ClientException(c.error, c.errno, c.trace, c.extra)
middlewared.client.client.ClientException: [MiddlewareError: mp_change_permissions - path not permitted: /]

Complete

Pinned fields

Click on the next to a field label to start pinning.

Details

Assignee

Andrew Walker

Reporter

Andrew Walker

Components

Middleware

Fix versions

TrueNAS 11.2-U8

11.2-U8

Priority

Low

More fields

Katalon Platform

Created November 26, 2019 at 8:16 PM

Updated July 1, 2022 at 4:47 PM

Resolved December 4, 2019 at 6:31 PM

Configure