Bug 838502

Summary: With "spacewalk-channel" "redhat-rhn-proxy*" channels can be manipulated.
Product: Red Hat Satellite 5 Reporter: Dimitar Yordanov <dyordano>
Component: ClientAssignee: Michael Mráka <mmraka>
Status: CLOSED CURRENTRELEASE QA Contact: Dimitar Yordanov <dyordano>
Severity: low Docs Contact:
Priority: low    
Version: 550CC: cperry, jpazdziora
Target Milestone: ---Keywords: Patch
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: spacewalk-backend-1.7.38-28-sat Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-09-21 09:33:25 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 819081    
Attachments:
Description Flags
"spacewalk-channel" should not manipulate rhn-proxy channels. none

Description Dimitar Yordanov 2012-07-09 09:32:40 UTC 
Description of problem:
With"spacewalk-channel"  "redhat-rhn-proxy*" channels can be manipulated.

Version-Release number of selected component (if applicable):
rhn-setup-1.0.0-73.el6.noarch

How reproducible:
100%

Steps to Reproduce:
1. Sync the following channels to Satellite.
   satellite-sync -c rhel-x86_64-server-6  -c redhat-rhn-proxy-5.4-server-x86_64-6

2. Register EL6 system to Satellite.
3. On the EL6 system execute:
  #spacewalk-channel  --list
  rhel-x86_64-server-6
  #spacewalk-channel  -L
  Username: xxxxx
  Password: 
  redhat-rhn-proxy-5.4-server-x86_64-6
  # spacewalk-channel --add -c redhat-rhn-proxy-5.4-server-x86_64-6
  # spacewalk-channel  --list


Actual results:
redhat-rhn-proxy-5.4-server-x86_64-6
rhel-x86_64-server-6

Expected results:
Channel "redhat-rhn-proxy*" should be assigned to a system only if the system is a RHN-Proxy.
Command "spacewalk channel -L" should not list "redhat-rhn-proxy*" channels.

Additional info:
Possible fix  in /usr/sbin/spacewalk-channel.
(See attachment)
...

if args:
        systemExit(1, "ERROR: these arguments make no sense in this context (try --help)")
    if OPTIONS.channel:
      for chann in OPTIONS.channel:
        if  re.match("^redhat-rhn-proxy.*$",chann):
           systemExit(1, "ERROR: RHN-Proxy channels can not be manipulated via spacewalk-channel tool!")




...
 elif OPTIONS.available_channels:
        channels = get_available_channels(OPTIONS.user, OPTIONS.password)
        channels.sort()
        for chann in channels:
          if not re.match("^redhat-rhn-proxy.*$",chann):
            print chann
        #print '\n'.join(channels)
Comment 1 Dimitar Yordanov 2012-07-09 09:34:51 UTC 
Created attachment 597031 [details]
"spacewalk-channel" should not manipulate  rhn-proxy channels.
Comment 3 Stephen Herr 2012-07-09 15:43:04 UTC 
Hmm, technically we probably should make the changes in the API methods that spacewalk-channel calls, not in spacewalk-channel itself. Although that really only helps us in the event that
1) a different client tool is calling the same API methods.
2) a user who is does not have write access to the Satellite code is attempting to hack the system.

I find those two situations to be unlikely, so the proposed patch is probably fine.
Comment 4 Jan Pazdziora 2012-07-27 13:47:04 UTC 
I believe we have to start with the API side -- if the redhat-rhn-proxy* channel subscription should not be allowed, it has to be disabled in the API first. Only then we can start polishing the "list" operation of spacewalk-channel.
Comment 6 Michael Mráka 2012-07-31 10:04:33 UTC 
API fix has been committed to spacewalk master as
commit 6812a5aa43f7a6cebbf46d0057ee4d85a5ae072d
    838502 - block subscription to satellite and proxy channels
    they need to be activated properly
Comment 9 Michael Mráka 2012-07-31 11:53:54 UTC 
Backported to SATELLITE-5.5 as
commit c5fe88d106bf8457eae29be08624384ae0dc23ca
    838502 - block subscription to satellite and proxy channels
    they need to be activated properly
Comment 13 Jan Pazdziora 2012-08-15 12:01:45 UTC 
What does

rpm -qf /usr/sbin/spacewalk-channel

return?
Comment 15 Jan Pazdziora 2012-08-15 12:19:53 UTC 
Moving back ON_QA for Michael.

Please use stock (latest) rhn-setup on the client.
Comment 20 Clifford Perry 2012-09-21 09:33:25 UTC 
This issue is resolved with the release of RHN Satellite 5.5. 

As of September 20th 2012, RHN Satellite 5.5 has been generally available. 

Release Notes and other 5.5 documentation can be found here:

 https://access.redhat.com/knowledge/docs/Red_Hat_Network_Satellite/

The associated Errata for the 5.5 release are:

5.5 Satellite GA Errata
 - http://rhn.redhat.com/errata/RHEA-2012-1296.html

5.5 Upgrade Errata
 - http://rhn.redhat.com/errata/RHEA-2012-1298.html

5.5 RHN Proxy GA Errata
 - http://rhn.redhat.com/errata/RHEA-2012-1297.html

5.5 RHN Tools GA Errata
 - http://rhn.redhat.com/errata/RHEA-2012-1299.html

Regards,
Clifford
- Engineering Manager, Satellite