fix bug #85: allow root@pam to generate tickets for other users
authorDietmar Maurer <dietmar@proxmox.com>
Tue, 17 Jan 2012 05:42:42 +0000 (06:42 +0100)
committerDietmar Maurer <dietmar@proxmox.com>
Tue, 17 Jan 2012 05:42:42 +0000 (06:42 +0100)
Makefile
PVE/API2/AccessControl.pm
changelog.Debian

index 9b4c4d0..bf294ca 100644 (file)
--- a/Makefile
+++ b/Makefile
@@ -2,7 +2,7 @@ RELEASE=2.0
 
 VERSION=1.0
 PACKAGE=libpve-access-control
-PKGREL=6
+PKGREL=7
 
 DESTDIR=
 PREFIX=/usr
index 10b6161..3d7c80d 100644 (file)
@@ -150,8 +150,9 @@ __PACKAGE__->register_method ({
 
            my $tmp;
            if (($tmp = PVE::AccessControl::verify_ticket($param->{password}, 1)) &&
-               ($tmp eq $username)) {
+               ($tmp eq 'root@pam' || $tmp eq $username)) {
                # got valid ticket
+               # Note: root@pam can create tickets for other users
            } else {
                $username = PVE::AccessControl::authenticate_user($username, $param->{password});
            }
index bc7426c..54bb9b8 100644 (file)
@@ -1,3 +1,9 @@
+libpve-access-control (1.0-7) unstable; urgency=low
+
+  * fix bug #85: allow root@pam to generate tickets for other users
+
+ -- Proxmox Support Team <support@proxmox.com>  Tue, 17 Jan 2012 06:40:18 +0100
+
 libpve-access-control (1.0-6) unstable; urgency=low
 
   * API change: allow to filter enabled/disabled users.