# HG changeset patch
# User Marcus Granado <marcus.granado@xxxxxxxxxx>
# Date 1257526015 0
# Node ID 0a45055b867ad44d3e3f7c26e29ffe9dc1ee3c9f
# Parent  719d8f6c6d8cfe94cf612ddf26cc11af24fd99d5
CA-34203: only root can call slave-local-login-with-password

Signed-off-by: Marcus Granado <marcus.granado@xxxxxxxxxxxxx>

diff -r 719d8f6c6d8c -r 0a45055b867a ocaml/idl/datamodel.ml
--- a/ocaml/idl/datamodel.ml	Fri Nov 06 16:12:03 2009 +0000
+++ b/ocaml/idl/datamodel.ml	Fri Nov 06 16:46:55 2009 +0000
@@ -960,7 +960,7 @@
 	  ]
   ~in_oss_since:None
   ~secret:true
-  ~allowed_roles:_R_POOL_ADMIN (*only root can do an emergency slave login*)
+  ~allowed_roles:_R_LOCAL_ROOT_ONLY (*only root can do an emergency slave login*)
   ()
 
 let local_logout = call ~flags:[`Session]
diff -r 719d8f6c6d8c -r 0a45055b867a ocaml/xapi/xapi_session.ml
--- a/ocaml/xapi/xapi_session.ml	Fri Nov 06 16:12:03 2009 +0000
+++ b/ocaml/xapi/xapi_session.ml	Fri Nov 06 16:46:55 2009 +0000
@@ -323,6 +323,12 @@
 let slave_local_login_with_password ~__context ~uname ~pwd = wipe_params_after_fn [pwd] (fun () ->
   if not (Context.preauth ~__context)
   then
+    if uname <> local_superuser
+    then (* CA-34203: never authenticate external users as local_login *)
+      raise (Api_errors.Server_error
+        (Api_errors.rbac_permission_denied,
+        [local_superuser; "No permission in local login"]))
+    else
     (try
 	(* CP696 - only tries to authenticate against LOCAL superuser account *)
 	do_local_auth uname pwd;