Red Hat Bugzilla – Bug 733420
User permission check missing for CryptoKeysHandler
Last modified: 2016-07-03 20:56:42 EDT
Description of problem:
Nowadays any user may create or delete keys using the kickstart.keys APIs.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Create a simple satellite user.
2. Try to create and delete a GPG a/o SSL key using kickstart.keys API
Only an org or config admin shall be able to modify GPG/SSL keys (at least there's such restriction in WebUI)
Tomas, please fix also cases, when specifying invalid description for delete and getDetails (NoSuchCryptoKeyException)
fixed in spacewalk master 1dae339f2c4ef314436bddc3bf9364dbf526bacd
Satellite 5.6 has been released. This bug was tracked under the release.
This bug was either VERIFIED or RELEASE_PENDING (re-verified prior shortly
Moving to CLOSED CURRENT_RELEASE.
Text from Upgrade Erratum follows:
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.