Bug 540974

Summary: backend API s.up2date.unsubscribeChannels will fail with ISE
Product: [Retired] Red Hat Network Reporter: Miroslav Suchý <msuchy>
Component: RHN/BackendAssignee: Stephen Herr <sherr>
Status: CLOSED CURRENTRELEASE QA Contact: Red Hat Network Quality Assurance <rhn-qa-list>
Severity: medium Docs Contact:
Priority: medium    
Version: RHN DevelCC: acarter, cperry, dhughes, rhn-bugs, xdmoon
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: Rally US3398
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 540544 Environment:
Last Closed: 2010-09-13 16:04:58 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 540544    
Bug Blocks: 616792    

Description Miroslav Suchý 2009-11-24 16:02:39 UTC 
Please cherry pick my changes to your code. This should be fixed before RHEL5.5 is released.

+++ This bug was initially created as a clone of Bug #540544 +++

Description of problem:
backend API call up2date.(un)subscribeChannels do not authenticate properly.
It call method rhnChannel.__auth_user() which compare crypted password with uncrypted password, which always fail. 

Version-Release number of selected component (if applicable):
sat530

How reproducible:
always

Steps to Reproduce:
1. PYTHONPATH=/usr/share/rhn python
import rhnserver
import up2dateAuth

s = rhnserver.RhnServer()
s.up2date.subscribeChannels(up2dateAuth.getSystemId(), 'foo', 'username',
        'password')

  
Actual results:
Error Class Code: 2
Error Class Info: Invalid username and password combination.

Expected results:
correct username and password, and error about unknown channel.

--- Additional comment from msuchy on 2009-11-24 07:43:43 EDT ---

rhnUser.check_user_password check if password is correct
but we want rather call auth_username_password, which return object rhnUser. There is no need for additional checks.
And they even did not worked, becouse we usually have in db crypted
password, but password given as param is not crypted!

Commited to Spacewalk git as:
22bddd07e3ba11ee5b70f8e205ab04e729634f05
ee4f1d0d44bbf90a1396532c83b9b4a0da646c74

--- Additional comment from cperry on 2009-11-24 10:58:14 EDT ---

Approved and moving to 531. 

We will need to collect this bug as part of an Errata. 

Server side fix being made in prep to support the proposed RFE to allow for the RHEL 5 client, with right username/password access to change child channels using the client, vs having to login to RHN or Satellite. 

Mirek will also clone to track for RHN fix. 

Cliff