From: Dietmar Maurer <dietmar@proxmox.com>
Date: Tue, 17 Jan 2012 05:44:30 +0000 (+0100)
Subject: fix bug #85: allow root@pam to generate tickets for other users
X-Git-Url: https://git.proxmox.com/?a=commitdiff_plain;h=56ecfafd030ecbc2e8643838c28adda027c296f7;p=pve-manager.git

fix bug #85: allow root@pam to generate tickets for other users

We cannot automatically set the auth cookie any longer - the client need
to do that now.
---

diff --git a/PVE/APIDaemon.pm b/PVE/APIDaemon.pm
index 17dd38d0..b9798c6f 100755
--- a/PVE/APIDaemon.pm
+++ b/PVE/APIDaemon.pm
@@ -317,10 +317,6 @@ sub handle_requests {
 			    $response->header("Content-Type" => $ct);
 			    $response->header("Pragma", "no-cache");
 
-			    if ($res->{ticket}) {
-				my $cookie = PVE::REST::create_auth_cookie($res->{ticket});
-				$response->header("Set-Cookie" => $cookie);
-			    }
 			    $response->content($raw);
 
 			    $c->send_response($response);
diff --git a/PVE/REST.pm b/PVE/REST.pm
index b54c3c6f..cf50e203 100644
--- a/PVE/REST.pm
+++ b/PVE/REST.pm
@@ -268,6 +268,8 @@ my $check_permissions = sub {
 
     return 1 if !$username && $perm->{user} eq 'world';
 
+    return 0 if !$username;
+
     return 1 if $username eq 'root@pam';
 
     die "permission check failed (user != root)\n" if !$perm;
@@ -447,13 +449,6 @@ sub rest_handler {
 
     $rpcenv->set_user(undef);
 
-    if ($rel_uri eq '/access/ticket') {
-	$resp->{ticket} = $resp->{data}->{ticket};
-    }
-
-    # fixme: update ticket if too old
-    # $resp->{ticket} = update_ticket($ticket);
-
     return $resp;
 }
 
@@ -529,11 +524,6 @@ sub handler {
 
      prepare_response_data($format, $res);
 
-     if ($res->{ticket}) {
-	 my $cookie = create_auth_cookie($res->{ticket});
-	 $r->err_headers_out()->add("Set-Cookie" => $cookie);
-     }
-
      $r->status($res->{status} || HTTP_OK);
  
      if ($res->{message}) {
diff --git a/debian/changelog.Debian b/debian/changelog.Debian
index 44d8056b..380256f5 100644
--- a/debian/changelog.Debian
+++ b/debian/changelog.Debian
@@ -1,3 +1,9 @@
+pve-manager (2.0-20) unstable; urgency=low
+
+  * fix bug #85: allow root@pam to generate tickets for other users
+
+ -- Proxmox Support Team <support@proxmox.com>  Tue, 17 Jan 2012 06:36:23 +0100
+
 pve-manager (2.0-19) unstable; urgency=low
 
   * depend on resource-agents-pve
diff --git a/defines.mk b/defines.mk
index 2602a8d8..c2af052e 100644
--- a/defines.mk
+++ b/defines.mk
@@ -2,7 +2,7 @@ RELEASE=2.0
 
 VERSION=2.0
 PACKAGE=pve-manager
-PACKAGERELEASE=19
+PACKAGERELEASE=20
 
 BINDIR=${DESTDIR}/usr/bin
 PERLLIBDIR=${DESTDIR}/usr/share/perl5