Bug 1028431 - [ovirt-guest-agent] The following users are allowed to connect: [0] is blurry message
Summary: [ovirt-guest-agent] The following users are allowed to connect: [0] is blurry...
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-guest-agent
Version: 3.3.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: 3.5.0
Assignee: Vinzenz Feenstra [evilissimo]
QA Contact: Pavel Stehlik
URL:
Whiteboard: virt
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-11-08 12:38 UTC by Jiri Belka
Modified: 2014-02-28 09:33 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-02-28 09:33:17 UTC
oVirt Team: ---
Target Upstream Version:

Attachments (Terms of Use)
ovirt-guest-agent.log (3.37 KB, application/x-gzip)
2013-11-08 12:38 UTC, Jiri Belka 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Description Jiri Belka 2013-11-08 12:38:52 UTC 
Created attachment 821588 [details]
ovirt-guest-agent.log

Description of problem:

logging is sooooo blurry... I'm unable to see in agent's log why SSO did not work for a disabled account.

* OK account:

-%-
Dummy-1::DEBUG::2013-11-08 13:28:07,802::OVirtAgentLogic::201::root::User log-in (credentials = '\x00\x00\x00(vdcadmin.lab.eng.brq.redhat.com********\
x00')
Dummy-1::INFO::2013-11-08 13:28:07,802::CredServer::207::root::The following users are allowed to connect: [0]
Dummy-1::DEBUG::2013-11-08 13:28:07,802::CredServer::272::root::Token: 141319
Dummy-1::INFO::2013-11-08 13:28:07,802::CredServer::273::root::Opening credentials channel...
Dummy-1::INFO::2013-11-08 13:28:07,803::CredServer::132::root::Emitting user authenticated signal (141319).
CredChannel::DEBUG::2013-11-08 13:28:07,931::CredServer::166::root::Receiving user's credential ret = 2 errno = 0
CredChannel::DEBUG::2013-11-08 13:28:07,931::CredServer::177::root::cmsgp: len=28 level=1 type=2
CredChannel::INFO::2013-11-08 13:28:07,931::CredServer::225::root::Incomming connection from user: 0 process: 2756
CredChannel::INFO::2013-11-08 13:28:07,931::CredServer::232::root::Sending user's credential (token: 141319)
Dummy-1::INFO::2013-11-08 13:28:07,931::CredServer::277::root::Credentials channel was closed.
-%-

So what is the meaning of:

-%-
  The following users are allowed to connect: [0]
-%-

Should it be something like this?

-%-
  The following users are allowed to connect: vdcadmin.lab.eng.brq.redhat.com
-%-

How did I discover this? I have a user which got its account disabled after he logged into User Portal. He cannot do SSO (good!) but I could not find any difference in agent's log.

* For 'disabled' user:

-%-
Dummy-1::DEBUG::2013-11-08 13:28:44,236::OVirtAgentLogic::201::root::User log-in (credentials = '\x00\x00\x00(disabled.lab.eng.brq.redhat.com********\x00')
Dummy-1::INFO::2013-11-08 13:28:44,236::CredServer::207::root::The following users are allowed to connect: [0]
Dummy-1::DEBUG::2013-11-08 13:28:44,237::CredServer::272::root::Token: 410829
Dummy-1::INFO::2013-11-08 13:28:44,237::CredServer::273::root::Opening credentials channel...
Dummy-1::INFO::2013-11-08 13:28:44,237::CredServer::132::root::Emitting user authenticated signal (410829).
CredChannel::DEBUG::2013-11-08 13:28:44,368::CredServer::166::root::Receiving user's credential ret = 2 errno = 0
CredChannel::DEBUG::2013-11-08 13:28:44,368::CredServer::177::root::cmsgp: len=28 level=1 type=2
CredChannel::INFO::2013-11-08 13:28:44,368::CredServer::225::root::Incomming connection from user: 0 process: 3090
CredChannel::INFO::2013-11-08 13:28:44,368::CredServer::232::root::Sending user's credential (token: 410829)
Dummy-1::INFO::2013-11-08 13:28:44,368::CredServer::277::root::Credentials channel was closed.
-%-

Version-Release number of selected component (if applicable):
is21

How reproducible:
100%

Steps to Reproduce:
1. login into User Portal
2. make the user disabled in AD
3. try SSO opening console

Actual results:
user is not logged (OK!) but log is blurry

Expected results:
there should be a msg in the log which would state why the username/account could not do 'log-in'. Maybe - Failed log-in for disabled user $user... ??

Additional info:
Comment 1 Vinzenz Feenstra [evilissimo] 2014-02-28 09:33:17 UTC 
(In reply to Jiri Belka from comment #0)
> Created attachment 821588 [details]
> ovirt-guest-agent.log
> 
> Description of problem:
> 
> logging is sooooo blurry... I'm unable to see in agent's log why SSO did not
> work for a disabled account.
> 
> * OK account:
> 
> -%-
> Dummy-1::DEBUG::2013-11-08 13:28:07,802::OVirtAgentLogic::201::root::User
> log-in (credentials =
> '\x00\x00\x00(vdcadmin.lab.eng.brq.redhat.com********\
> x00')
> Dummy-1::INFO::2013-11-08 13:28:07,802::CredServer::207::root::The following
> users are allowed to connect: [0]
> Dummy-1::DEBUG::2013-11-08 13:28:07,802::CredServer::272::root::Token: 141319
> Dummy-1::INFO::2013-11-08 13:28:07,802::CredServer::273::root::Opening
> credentials channel...
> Dummy-1::INFO::2013-11-08 13:28:07,803::CredServer::132::root::Emitting user
> authenticated signal (141319).
> CredChannel::DEBUG::2013-11-08
> 13:28:07,931::CredServer::166::root::Receiving user's credential ret = 2
> errno = 0
> CredChannel::DEBUG::2013-11-08 13:28:07,931::CredServer::177::root::cmsgp:
> len=28 level=1 type=2
> CredChannel::INFO::2013-11-08 13:28:07,931::CredServer::225::root::Incomming
> connection from user: 0 process: 2756
> CredChannel::INFO::2013-11-08 13:28:07,931::CredServer::232::root::Sending
> user's credential (token: 141319)
> Dummy-1::INFO::2013-11-08 13:28:07,931::CredServer::277::root::Credentials
> channel was closed.
> -%-
> 
> So what is the meaning of:
> 
> -%-
>   The following users are allowed to connect: [0]
> -%-
> 
> Should it be something like this?
> 
> -%-
>   The following users are allowed to connect:
> vdcadmin.lab.eng.brq.redhat.com
> -%-
> 
> How did I discover this? I have a user which got its account disabled after
> he logged into User Portal. He cannot do SSO (good!) but I could not find
> any difference in agent's log.
> 
> * For 'disabled' user:
> 
> -%-
> Dummy-1::DEBUG::2013-11-08 13:28:44,236::OVirtAgentLogic::201::root::User
> log-in (credentials =
> '\x00\x00\x00(disabled.lab.eng.brq.redhat.com********\x00')
> Dummy-1::INFO::2013-11-08 13:28:44,236::CredServer::207::root::The following
> users are allowed to connect: [0]
> Dummy-1::DEBUG::2013-11-08 13:28:44,237::CredServer::272::root::Token: 410829
> Dummy-1::INFO::2013-11-08 13:28:44,237::CredServer::273::root::Opening
> credentials channel...
> Dummy-1::INFO::2013-11-08 13:28:44,237::CredServer::132::root::Emitting user
> authenticated signal (410829).
> CredChannel::DEBUG::2013-11-08
> 13:28:44,368::CredServer::166::root::Receiving user's credential ret = 2
> errno = 0
> CredChannel::DEBUG::2013-11-08 13:28:44,368::CredServer::177::root::cmsgp:
> len=28 level=1 type=2
> CredChannel::INFO::2013-11-08 13:28:44,368::CredServer::225::root::Incomming
> connection from user: 0 process: 3090
> CredChannel::INFO::2013-11-08 13:28:44,368::CredServer::232::root::Sending
> user's credential (token: 410829)
> Dummy-1::INFO::2013-11-08 13:28:44,368::CredServer::277::root::Credentials
> channel was closed.
> -%-
> 
> Version-Release number of selected component (if applicable):
> is21
> 
> How reproducible:
> 100%
> 
> Steps to Reproduce:
> 1. login into User Portal
> 2. make the user disabled in AD
> 3. try SSO opening console
> 
> Actual results:
> user is not logged (OK!) but log is blurry
> 
> Expected results:
> there should be a msg in the log which would state why the username/account
> could not do 'log-in'. Maybe - Failed log-in for disabled user $user... ??
> 
> Additional info:

Actually the 0 is the UID and only root is allowed to connect to the UNIX Domain socket. This has nothing to do with the 'user' which is trying to connect to the machine.
Note You need to log in before you can comment on or make changes to this bug.