Bug 1028431 - [ovirt-guest-agent] The following users are allowed to connect: [0] is blurry message
[ovirt-guest-agent] The following users are allowed to connect: [0] is blurry...
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-guest-agent (Show other bugs)
3.3.0
Unspecified Unspecified
unspecified Severity high
: ---
: 3.5.0
Assigned To: Vinzenz Feenstra [evilissimo]
Pavel Stehlik
virt
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-11-08 07:38 EST by Jiri Belka
Modified: 2014-02-28 04:33 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-02-28 04:33:17 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
ovirt-guest-agent.log (3.37 KB, application/x-gzip)
2013-11-08 07:38 EST, Jiri Belka
no flags Details

  None (edit)
Description Jiri Belka 2013-11-08 07:38:52 EST
Created attachment 821588 [details]
ovirt-guest-agent.log

Description of problem:

logging is sooooo blurry... I'm unable to see in agent's log why SSO did not work for a disabled account.

* OK account:

-%-
Dummy-1::DEBUG::2013-11-08 13:28:07,802::OVirtAgentLogic::201::root::User log-in (credentials = '\x00\x00\x00(vdcadmin@ad2.rhev.lab.eng.brq.redhat.com********\
x00')
Dummy-1::INFO::2013-11-08 13:28:07,802::CredServer::207::root::The following users are allowed to connect: [0]
Dummy-1::DEBUG::2013-11-08 13:28:07,802::CredServer::272::root::Token: 141319
Dummy-1::INFO::2013-11-08 13:28:07,802::CredServer::273::root::Opening credentials channel...
Dummy-1::INFO::2013-11-08 13:28:07,803::CredServer::132::root::Emitting user authenticated signal (141319).
CredChannel::DEBUG::2013-11-08 13:28:07,931::CredServer::166::root::Receiving user's credential ret = 2 errno = 0
CredChannel::DEBUG::2013-11-08 13:28:07,931::CredServer::177::root::cmsgp: len=28 level=1 type=2
CredChannel::INFO::2013-11-08 13:28:07,931::CredServer::225::root::Incomming connection from user: 0 process: 2756
CredChannel::INFO::2013-11-08 13:28:07,931::CredServer::232::root::Sending user's credential (token: 141319)
Dummy-1::INFO::2013-11-08 13:28:07,931::CredServer::277::root::Credentials channel was closed.
-%-

So what is the meaning of:

-%-
  The following users are allowed to connect: [0]
-%-

Should it be something like this?

-%-
  The following users are allowed to connect: vdcadmin@ad2.rhev.lab.eng.brq.redhat.com
-%-

How did I discover this? I have a user which got its account disabled after he logged into User Portal. He cannot do SSO (good!) but I could not find any difference in agent's log.

* For 'disabled' user:

-%-
Dummy-1::DEBUG::2013-11-08 13:28:44,236::OVirtAgentLogic::201::root::User log-in (credentials = '\x00\x00\x00(disabled@ad2.rhev.lab.eng.brq.redhat.com********\x00')
Dummy-1::INFO::2013-11-08 13:28:44,236::CredServer::207::root::The following users are allowed to connect: [0]
Dummy-1::DEBUG::2013-11-08 13:28:44,237::CredServer::272::root::Token: 410829
Dummy-1::INFO::2013-11-08 13:28:44,237::CredServer::273::root::Opening credentials channel...
Dummy-1::INFO::2013-11-08 13:28:44,237::CredServer::132::root::Emitting user authenticated signal (410829).
CredChannel::DEBUG::2013-11-08 13:28:44,368::CredServer::166::root::Receiving user's credential ret = 2 errno = 0
CredChannel::DEBUG::2013-11-08 13:28:44,368::CredServer::177::root::cmsgp: len=28 level=1 type=2
CredChannel::INFO::2013-11-08 13:28:44,368::CredServer::225::root::Incomming connection from user: 0 process: 3090
CredChannel::INFO::2013-11-08 13:28:44,368::CredServer::232::root::Sending user's credential (token: 410829)
Dummy-1::INFO::2013-11-08 13:28:44,368::CredServer::277::root::Credentials channel was closed.
-%-

Version-Release number of selected component (if applicable):
is21

How reproducible:
100%

Steps to Reproduce:
1. login into User Portal
2. make the user disabled in AD
3. try SSO opening console

Actual results:
user is not logged (OK!) but log is blurry

Expected results:
there should be a msg in the log which would state why the username/account could not do 'log-in'. Maybe - Failed log-in for disabled user $user... ??

Additional info:
Comment 1 Vinzenz Feenstra [evilissimo] 2014-02-28 04:33:17 EST
(In reply to Jiri Belka from comment #0)
> Created attachment 821588 [details]
> ovirt-guest-agent.log
> 
> Description of problem:
> 
> logging is sooooo blurry... I'm unable to see in agent's log why SSO did not
> work for a disabled account.
> 
> * OK account:
> 
> -%-
> Dummy-1::DEBUG::2013-11-08 13:28:07,802::OVirtAgentLogic::201::root::User
> log-in (credentials =
> '\x00\x00\x00(vdcadmin@ad2.rhev.lab.eng.brq.redhat.com********\
> x00')
> Dummy-1::INFO::2013-11-08 13:28:07,802::CredServer::207::root::The following
> users are allowed to connect: [0]
> Dummy-1::DEBUG::2013-11-08 13:28:07,802::CredServer::272::root::Token: 141319
> Dummy-1::INFO::2013-11-08 13:28:07,802::CredServer::273::root::Opening
> credentials channel...
> Dummy-1::INFO::2013-11-08 13:28:07,803::CredServer::132::root::Emitting user
> authenticated signal (141319).
> CredChannel::DEBUG::2013-11-08
> 13:28:07,931::CredServer::166::root::Receiving user's credential ret = 2
> errno = 0
> CredChannel::DEBUG::2013-11-08 13:28:07,931::CredServer::177::root::cmsgp:
> len=28 level=1 type=2
> CredChannel::INFO::2013-11-08 13:28:07,931::CredServer::225::root::Incomming
> connection from user: 0 process: 2756
> CredChannel::INFO::2013-11-08 13:28:07,931::CredServer::232::root::Sending
> user's credential (token: 141319)
> Dummy-1::INFO::2013-11-08 13:28:07,931::CredServer::277::root::Credentials
> channel was closed.
> -%-
> 
> So what is the meaning of:
> 
> -%-
>   The following users are allowed to connect: [0]
> -%-
> 
> Should it be something like this?
> 
> -%-
>   The following users are allowed to connect:
> vdcadmin@ad2.rhev.lab.eng.brq.redhat.com
> -%-
> 
> How did I discover this? I have a user which got its account disabled after
> he logged into User Portal. He cannot do SSO (good!) but I could not find
> any difference in agent's log.
> 
> * For 'disabled' user:
> 
> -%-
> Dummy-1::DEBUG::2013-11-08 13:28:44,236::OVirtAgentLogic::201::root::User
> log-in (credentials =
> '\x00\x00\x00(disabled@ad2.rhev.lab.eng.brq.redhat.com********\x00')
> Dummy-1::INFO::2013-11-08 13:28:44,236::CredServer::207::root::The following
> users are allowed to connect: [0]
> Dummy-1::DEBUG::2013-11-08 13:28:44,237::CredServer::272::root::Token: 410829
> Dummy-1::INFO::2013-11-08 13:28:44,237::CredServer::273::root::Opening
> credentials channel...
> Dummy-1::INFO::2013-11-08 13:28:44,237::CredServer::132::root::Emitting user
> authenticated signal (410829).
> CredChannel::DEBUG::2013-11-08
> 13:28:44,368::CredServer::166::root::Receiving user's credential ret = 2
> errno = 0
> CredChannel::DEBUG::2013-11-08 13:28:44,368::CredServer::177::root::cmsgp:
> len=28 level=1 type=2
> CredChannel::INFO::2013-11-08 13:28:44,368::CredServer::225::root::Incomming
> connection from user: 0 process: 3090
> CredChannel::INFO::2013-11-08 13:28:44,368::CredServer::232::root::Sending
> user's credential (token: 410829)
> Dummy-1::INFO::2013-11-08 13:28:44,368::CredServer::277::root::Credentials
> channel was closed.
> -%-
> 
> Version-Release number of selected component (if applicable):
> is21
> 
> How reproducible:
> 100%
> 
> Steps to Reproduce:
> 1. login into User Portal
> 2. make the user disabled in AD
> 3. try SSO opening console
> 
> Actual results:
> user is not logged (OK!) but log is blurry
> 
> Expected results:
> there should be a msg in the log which would state why the username/account
> could not do 'log-in'. Maybe - Failed log-in for disabled user $user... ??
> 
> Additional info:

Actually the 0 is the UID and only root is allowed to connect to the UNIX Domain socket. This has nothing to do with the 'user' which is trying to connect to the machine.

Note You need to log in before you can comment on or make changes to this bug.