Bug 892631

Summary: When user log in to UserPortal(or UserLevelAPI) then user_name of this user is changed.
Product: Red Hat Enterprise Virtualization Manager Reporter: Ondra Machacek <omachace>
Component: ovirt-engineAssignee: Ravi Nori <rnori>
Status: CLOSED CURRENTRELEASE QA Contact: Ondra Machacek <omachace>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 3.1.0CC: dyasny, iheim, ipilcher, lpeer, pstehlik, Rhev-m-bugs, sgrinber, yeylon, ykaul, yzaslavs
Target Milestone: ---   
Target Release: 3.2.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: infra
Fixed In Version: sf4 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 915537    
Attachments:
Description Flags
Backport upstream patch to RHEV 3.1 none

Description Ondra Machacek 2013-01-07 13:23:08 UTC 
Description of problem:
When user log in to UserPortal(or UserLevelAPI) then user_name of this user is changed to it's previous name without domain.(user@domain => user)

Version-Release number of selected component (if applicable):
3.1.0-38.el6ev

How reproducible:
always

Steps to Reproduce:
1. Add user.
2. Give user login permissions.
3. Login as user.
  
Actual results:
User_name is changed after login.

Expected results:
User_name shouldn't be changed.

Additional info:

2013-01-07 14:15:21,314 INFO  [org.ovirt.engine.core.bll.RemoveUserCommand] (pool-4-thread-47) [581200e8] Running command: RemoveUserCommand internal: false. Entities affected :  ID: aaa00000-0000-0000-0000-123456789aaa Type: System
2013-01-07 14:15:37,955 INFO  [org.ovirt.engine.core.bll.AddUserCommand] (pool-4-thread-47) [494bb769] Running command: AddUserCommand internal: false. Entities affected :  ID: aaa00000-0000-0000-0000-123456789aaa Type: System
2013-01-07 14:16:01,675 INFO  [org.ovirt.engine.core.bll.AddPermissionCommand] (pool-4-thread-47) [205b515a] Running command: AddPermissionCommand internal: false. Entities affected :  ID: 5f88fda2-5d86-4010-a704-7fbcc3cf4137 Type: Storage
2013-01-07 14:16:20,653 INFO  [org.ovirt.engine.core.bll.LoginUserCommand] (ajp-/127.0.0.1:8702-18) [39109076] Checking if user portaluser2 is an admin, result false
2013-01-07 14:16:20,654 INFO  [org.ovirt.engine.core.bll.LoginUserCommand] (ajp-/127.0.0.1:8702-18) [39109076] Running command: LoginUserCommand internal: false.

[BEFORE login]
<user>
<name>portaluser2</name>
<link .../> <domain .../>
<user_name>portaluser2.eng.brq.redhat.com</user_name>
</user>

[AFTER login]
<user>
<name>portaluser2</name>
<link .../> <domain .../>
<user_name>portaluser2</user_name>
</user>
Comment 1 Ravi Nori 2013-01-10 15:17:08 UTC 
link : http://gerrit.ovirt.org/#/c/10869/

change id : I072f9aa8dc706533682b53d8b5a56e9b2dc09b82
Comment 2 Yair Zaslavsky 2013-01-14 16:52:02 UTC 
http://gerrit.ovirt.org/gitweb?p=ovirt-engine.git;a=commit;h=bfb32d58dfada193d3dd58382f38ede37a6f3e6a
Comment 4 Ian Pilcher 2013-02-06 00:30:10 UTC 
Created attachment 693596 [details]
Backport upstream patch to RHEV 3.1
Comment 5 Ian Pilcher 2013-02-06 01:50:16 UTC 
One thing to note is that my backported patch (and presumably the upstream patch) will cause the case of the domain portion of the username to change to lower case -- i.e. rhevadmin becomes rhevadmin.

The use of upper case seems to be fairly traditional with Kerberos realms and Active Directory domains, so it seems like it might be a good idea to upper-case the domain (and possibly even "fix" any usernames that have somehow been lower-cased).  For example:

  private String getFullUserName(AdUser adUser) {
      String userName = adUser.getUserName();
      int i = userName.indexOf('@');
      if (i >= 0) {
          userName = userName.substring(0, i);
      }
      return userName + "@" + adUser.getDomainControler().toUpperCase();
  }
Comment 6 Ian Pilcher 2013-02-07 07:21:41 UTC 
(In reply to comment #5)
> One thing to note is that my backported patch (and presumably the upstream
> patch) will cause the case of the domain portion of the username to change
> to lower case -- i.e. rhevadmin becomes rhevadmin.

After rebuilding with the patch from comment #4 and running for a while, I've noticed that *something* has upper-cased the domain portion of my usernames -- both in the database and as returned by the REST API.  So it doesn't look like any additional jiggery pokery is necessary on that front.
Comment 7 Itamar Heim 2013-06-11 09:49:11 UTC 
3.2 has been released
Comment 8 Itamar Heim 2013-06-11 09:49:22 UTC 
3.2 has been released
Comment 9 Itamar Heim 2013-06-11 09:57:36 UTC 
3.2 has been released