Bug 1141541
Summary: | logon command via REST, try logon to RHEV-M Authentication and not to original user | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Retired] oVirt | Reporter: | Artyom <alukiano> | ||||||||
Component: | ovirt-engine-core | Assignee: | Yair Zaslavsky <yzaslavs> | ||||||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Artyom <alukiano> | ||||||||
Severity: | urgent | Docs Contact: | |||||||||
Priority: | unspecified | ||||||||||
Version: | 3.5 | CC: | alonbl, alukiano, ecohen, gklein, iheim, lpeer, lsurette, mavital, michal.skrivanek, oourfali, rbalakri, Rhev-m-bugs, vfeenstr, yeylon, yzaslavs | ||||||||
Target Milestone: | --- | Keywords: | Triaged | ||||||||
Target Release: | 3.5.1 | ||||||||||
Hardware: | x86_64 | ||||||||||
OS: | Linux | ||||||||||
Whiteboard: | infra | ||||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||||
Doc Text: | Story Points: | --- | |||||||||
Clone Of: | Environment: | ||||||||||
Last Closed: | 2015-01-21 16:04:31 UTC | Type: | Bug | ||||||||
Regression: | --- | Mount Type: | --- | ||||||||
Documentation: | --- | CRM: | |||||||||
Verified Versions: | Category: | --- | |||||||||
oVirt Team: | Infra | RHEL 7.3 requirements from Atomic Host: | |||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||
Embargoed: | |||||||||||
Bug Depends On: | |||||||||||
Bug Blocks: | 996512, 1076964 | ||||||||||
Attachments: |
|
Description
Artyom
2014-09-14 14:41:53 UTC
What do you mean "RHEV-M Authentication instead of admin"? What actual user/password is used to login into guest? Log files? I attach screenshot of my login screen I not really what "RHEV-M Authentication" user, because I can't see this user in user management(maybe it created but agent), I also attach agent, engine and vdsm logs. I create two new user on vm admin from internal domain with the same password and vdcadmin from some external domain also with the same password(that used to enter to webadmin). Created attachment 937458 [details]
logs
Created attachment 937460 [details]
screenshot
vfeenstr: can you please help in problem determination? I cannot understand what the actual problem is. if the engine is sending wrong credentials we should fix it but I am unsure this is the case. RHEVM-Authentication is just a fake entry in GDM for the guest agent plugin. This entry in the user list is used when logging in via SSO. The user/password combination is retrieved via the virtio serial channel and then passed down the pam stack. I can see that admin@internal and a password (which is of course not in the logs) is passed down to the guest agent, if the user 'admin' and the 'password' combination work on the guest OS then the login should have succeeded at least that's what I can tell from the logs. Without the secure.log file it's hard to tell. But I can see that the pam plugin connected to the guest agent SO_CREDPASS UNIX Domain socket and requested the credentials, so from my POV it looks like that it works how it is supposed to be and there's no issue visible from the logs. From my PoV I do not see any bug here. It is working as defined. I can give you engine and vm where it happening, or attach secure.log, what you prefer? (In reply to Artyom from comment #7) > I can give you engine and vm where it happening, or attach secure.log, what > you prefer? are you sure that admin@internal user is available for you at system level of VM? Anyway, future problem determination is via Vinzenz, unless there is infra issue in which the credentials sent by engine are incorrect. Created attachment 940724 [details]
secure.log
Anyway I will attach secure log from guest, you can start look from Sep 24 12:08:43, first I have success login from userportal and after I try to login vi webadmin via logon command.
Sep 24 12:12:58 localhost pam: gdm-ovirtcred: pam_unix(gdm-ovirtcred:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost= user=admin Sep 24 12:12:58 localhost pam: gdm-ovirtcred: pam_sss(gdm-ovirtcred:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost= user=admin Sep 24 12:12:58 localhost pam: gdm-ovirtcred: pam_sss(gdm-ovirtcred:auth): received for user admin: 10 (User not known to the underlying authentication module) This seems to me like the password of your admin user on the VM is different from the admin user in the admin-portal. Are you sure they have the same password? So as it turns out, the password was a 1 character password which never got passed to vdsm. VDSM retrieved an empty password and passed that on to the guest agent. So the issue resides on the engine side. When calling vdsClient -s 0 <VMID> internal admin <PASSWORD> with the one character password on the host the login works as expected. There is a misusage of CommandContext in VmLogonCommand. See how the user is set at - this.context = cmdContext; _parameters = parameters; DbUser user = SessionDataContainer.getInstance().getUser(cmdContext.getEngineContext().getSessionId(), true); if (user != null) { setCurrentUser(user); } And see how the password is being obtained at VmLogonCommand. If you find there is an issue with the context infra and not the command, feel free to assign back to infra. Sorry, I Might have given a wrong analysis here, I will take back the bug. Verified on rhevm-3.5.0-0.21.el6ev.noarch Work with internal and also with ActiveDirectory domain. oVirt 3.5.1 has been released. If problems still persist, please make note of it in this bug report. |