# HG changeset patch
# User Thomas Gazagnaire <thomas.gazagnaire@xxxxxxxxxx>
CA-36294: Fix performance issues when credentials are given using the pool secret.

Previously, to check whether the received pool-secret was valid or not, RBAC was trying to do a proper login using Session.slave_login and check whether that call succeed or not; This makes DB calls on slave to pass from around 2ms (before RBAC changes) to around 10ms (now). When doing a VM.start, slaves are doing hundreds of DB access, so VM.start were becoming very slow (up to 5 times slower!).

This patch simply compare the pool secret given in the request with the one stored inside xapi memory which improve greatly the performance of slaves' calls.

Issue found with Jonathan Davies' great help.

Signed-off-by: Thomas Gazagnaire <thomas.gazagnaire@xxxxxxxxxx>

diff -r d062b05c7867 ocaml/xapi/xapi_http.ml
--- a/ocaml/xapi/xapi_http.ml	Tue Jan 19 15:17:14 2010 +0000
+++ b/ocaml/xapi/xapi_http.ml	Wed Jan 20 19:09:56 2010 +0000
@@ -125,13 +125,10 @@
   else
   if List.mem_assoc "pool_secret" all
   then begin
-    let session_id = try
-      Client.Session.slave_login inet_rpc (Helpers.get_localhost ()) (List.assoc "pool_secret" all)
-    with _ -> raise (Http.Unauthorised realm)
-    in
-    Pervasiveext.finally
-      (fun ()-> rbac_check session_id)
-      (fun ()->(try Client.Session.logout inet_rpc session_id with _ -> ()))
+		if List.assoc "pool_secret" all = !Xapi_globs.pool_secret then
+			fn ()
+		else
+			raise (Http.Unauthorised realm)
   end
   else
     begin