fix bug #85: allow root@pam to generate tickets for other users

author Dietmar Maurer <dietmar@proxmox.com>

Tue, 17 Jan 2012 05:44:30 +0000 (06:44 +0100)

committer Dietmar Maurer <dietmar@proxmox.com>

Tue, 17 Jan 2012 06:01:34 +0000 (07:01 +0100)
author Dietmar Maurer <dietmar@proxmox.com>
Tue, 17 Jan 2012 05:44:30 +0000 (06:44 +0100)
committer Dietmar Maurer <dietmar@proxmox.com>
Tue, 17 Jan 2012 06:01:34 +0000 (07:01 +0100)
diff --git a/PVE/APIDaemon.pm b/PVE/APIDaemon.pm

index 17dd38d0519281b657898f41409ba6e03f04aec2..b9798c6ffff86f1b3d2786c330b229de35cc2ab6 100755 (executable)
--- a/PVE/APIDaemon.pm
+++ b/PVE/APIDaemon.pm
@@ -317,10 +317,6 @@ sub handle_requests {
                             $response->header("Content-Type" => $ct);
                             $response->header("Pragma", "no-cache");
  
-                           if ($res->{ticket}) {
-                               my $cookie = PVE::REST::create_auth_cookie($res->{ticket});
-                               $response->header("Set-Cookie" => $cookie);
-                           }
                             $response->content($raw);
  
                             $c->send_response($response);
diff --git a/PVE/REST.pm b/PVE/REST.pm

index b54c3c6f67aef05e7a620d00f0fe8bf860120cda..cf50e20307b1f8e37274cd3d2f5a9662df473960 100644 (file)
--- a/PVE/REST.pm
+++ b/PVE/REST.pm
@@ -268,6 +268,8 @@ my $check_permissions = sub {
  
      return 1 if !$username && $perm->{user} eq 'world';
  
+    return 0 if !$username;
+
      return 1 if $username eq 'root@pam';
  
      die "permission check failed (user != root)\n" if !$perm;
@@ -447,13 +449,6 @@ sub rest_handler {
  
      $rpcenv->set_user(undef);
  
-    if ($rel_uri eq '/access/ticket') {
-       $resp->{ticket} = $resp->{data}->{ticket};
-    }
-
-    # fixme: update ticket if too old
-    # $resp->{ticket} = update_ticket($ticket);
-
      return $resp;
  }
  
@@ -529,11 +524,6 @@ sub handler {
  
       prepare_response_data($format, $res);
  
-     if ($res->{ticket}) {
-        my $cookie = create_auth_cookie($res->{ticket});
-        $r->err_headers_out()->add("Set-Cookie" => $cookie);
-     }
-
       $r->status($res->{status} || HTTP_OK);
   
       if ($res->{message}) {
diff --git a/debian/changelog.Debian b/debian/changelog.Debian

index 44d8056bd9f06c66fa688144c9487dad51f50d14..380256f553352b72f46e8022484ebdf17cc3a6bd 100644 (file)
--- a/debian/changelog.Debian
+++ b/debian/changelog.Debian
@@ -1,3 +1,9 @@
+pve-manager (2.0-20) unstable; urgency=low
+
+  * fix bug #85: allow root@pam to generate tickets for other users
+
+ -- Proxmox Support Team <support@proxmox.com>  Tue, 17 Jan 2012 06:36:23 +0100
+
  pve-manager (2.0-19) unstable; urgency=low
  
    * depend on resource-agents-pve
diff --git a/defines.mk b/defines.mk

index 2602a8d8d6773a8c31635a00be9960b8b0222edb..c2af052e9701b55d7afbfde84f8ae787ba3a4c81 100644 (file)
--- a/defines.mk
+++ b/defines.mk
@@ -2,7 +2,7 @@ RELEASE=2.0
  
  VERSION=2.0
  PACKAGE=pve-manager
-PACKAGERELEASE=19
+PACKAGERELEASE=20
  
  BINDIR=${DESTDIR}/usr/bin
  PERLLIBDIR=${DESTDIR}/usr/share/perl5
author	Dietmar Maurer <dietmar@proxmox.com>
	Tue, 17 Jan 2012 05:44:30 +0000 (06:44 +0100)
committer	Dietmar Maurer <dietmar@proxmox.com>
	Tue, 17 Jan 2012 06:01:34 +0000 (07:01 +0100)
PVE/APIDaemon.pm		patch \| blob \| blame \| history
PVE/REST.pm		patch \| blob \| blame \| history
debian/changelog.Debian		patch \| blob \| blame \| history
defines.mk		patch \| blob \| blame \| history