# HG changeset patch # User Marcus Granado # Date 1259774775 0 # Node ID 938c7defdf34865e1b6885268f63ba12a8f471b1 # Parent 27bf2365d9e208039b1f663f82a4cc46b89305a1 CA-34203: revert only root can call slave-local-login-with-password Signed-off-by: Marcus Granado The testcase was modified so that the patch is not needed anymore. diff -r 27bf2365d9e2 -r 938c7defdf34 ocaml/idl/datamodel.ml --- a/ocaml/idl/datamodel.ml Wed Dec 02 13:21:43 2009 +0000 +++ b/ocaml/idl/datamodel.ml Wed Dec 02 17:26:15 2009 +0000 @@ -962,7 +962,7 @@ ] ~in_oss_since:None ~secret:true - ~allowed_roles:_R_LOCAL_ROOT_ONLY (*only root can do an emergency slave login*) + ~allowed_roles:_R_POOL_ADMIN (*only root can do an emergency slave login*) () let local_logout = call ~flags:[`Session] diff -r 27bf2365d9e2 -r 938c7defdf34 ocaml/xapi/xapi_session.ml --- a/ocaml/xapi/xapi_session.ml Wed Dec 02 13:21:43 2009 +0000 +++ b/ocaml/xapi/xapi_session.ml Wed Dec 02 17:26:15 2009 +0000 @@ -325,12 +325,6 @@ let slave_local_login_with_password ~__context ~uname ~pwd = wipe_params_after_fn [pwd] (fun () -> if not (Context.preauth ~__context) then - if uname <> local_superuser - then (* CA-34203: never authenticate external users as local_login *) - raise (Api_errors.Server_error - (Api_errors.rbac_permission_denied, - [local_superuser; "No permission in local login"])) - else (try (* CP696 - only tries to authenticate against LOCAL superuser account *) do_local_auth uname pwd;