Bug 760148 - Unprivileged user unable to use the CLI in any way
Unprivileged user unable to use the CLI in any way
Status: CLOSED CURRENTRELEASE
Product: RHQ Project
Classification: Other
Component: CLI (Show other bugs)
4.3
Unspecified Unspecified
urgent Severity urgent (vote)
: ---
: JON 3.0.0,RHQ 4.3.0
Assigned To: Lukas Krejci
Mike Foley
:
Depends On:
Blocks: 783869
  Show dependency treegraph
 
Reported: 2011-12-05 09:20 EST by Lukas Krejci
Modified: 2012-02-07 14:30 EST (History)
3 users (show)

See Also:
Fixed In Version: 4.3.0
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 783869 (view as bug list)
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Lukas Krejci 2011-12-05 09:20:15 EST
Description of problem:

A user without MANAGE_SETTINGS is unable to log in in the CLI.  This holds true for both the interactive console as well as the scripts.

Version-Release number of selected component (if applicable):
4.2.0.JON300.GA

How reproducible:
always

Steps to Reproduce:
1. $ bin/rhq-cli.sh
2. unconnected> login <limited-user> <password>

or

1. $ bin/rhq-cli.sh --host <RHQ-hostname> --user <limited-user> --password <password>

or

1. $ bin/rhq-cli.sh --host <RHQ-hostname> --user <limited-user> --password <password> -f any-script.js
  
or

a script test.js with contents:

rhq.login("<limite-user>", "<password>");

and 

1. $ bin/rhq-cli.sh -f test.js

Actual results:
All of the above give an error about the user not having MANAGE_SETTINGS and give up on logging in.

Expected results:
The user logs in and everything works as expected.

Additional info:
Comment 1 Lukas Krejci 2011-12-05 09:29:38 EST
Note that the failure is purely because of the fact that the CLI wants to print out the version of the server it has connected to and fails, because the method it uses to find that out requires MANAGE_SETTINGS.
Comment 2 Mike Foley 2011-12-05 09:37:47 EST
lukas reports regression from JON 2.4.1
Comment 3 Lukas Krejci 2011-12-05 09:40:21 EST
This got introduced by commit 0bdeb3eb1c3bfa742697f6cdac57b0c80d80af36
Comment 4 Lukas Krejci 2011-12-05 10:55:26 EST
master: http://git.fedorahosted.org/git/?p=rhq/rhq.git;a=commitdiff;h=bfb46035204786e3e1297a41cdb1eede7e901e77

release_jon3.x: http://git.fedorahosted.org/git/?p=rhq/rhq.git;a=commitdiff;h=b990a6435cb882c765fbe6e5c9dfc16e6ba54395

Author: Lukas Krejci <lkrejci@redhat.com>
Date:   Mon Dec 5 16:43:27 2011 +0100

    [BZ 760148] - Use the unprivileged method introduced by the commit
    0589b9ee8488bd1 for BZ 694892 for obtaining the version info upon
    the CLI login.
Comment 5 Charles Crouch 2011-12-05 11:46:32 EST
(10:43:21 AM) ccrouch: jshaughn: so can you confirm http://git.fedorahosted.org/git/?p=rhq/rhq.git;a=commitdiff;h=0bdeb3eb1c3bfa742697f6cdac57b0c80d80af36 is the change that originally introduced the problem?
(10:44:09 AM) jshaughn: yep, looks like that's the one
Comment 6 Jay Shaughnessy 2011-12-05 11:48:37 EST
This is the same problem as bug 694892.  The fix looks good.
Comment 7 Sunil Kondkar 2011-12-06 05:49:08 EST
Verified in Jon3GA-2 build.

Created a user 'testuser' without MANAGE_SETTINGS.

Tried below commands in CLI and verified that testuser is able to login successfully:

1. [root@suniltest rhq-remoting-cli-4.2.0.JON300.GA]# bin/rhq-cli.sh
RHQ - RHQ Enterprise Remote CLI 4.2.0.JON300.GA
unconnected$ login testuser redhat
Remote server version is: 3.0.0.GA (e23441b:1ca6ad9)
Login successful

testuser@localhost:7080$
-------------------------------------------------------------
2. [root@suniltest rhq-remoting-cli-4.2.0.JON300.GA]# bin/rhq-cli.sh --host suniltest.usersys.redhat.com --user testuser --password redhat
RHQ - RHQ Enterprise Remote CLI 4.2.0.JON300.GA
Remote server version is: 3.0.0.GA (e23441b:1ca6ad9)
Login successful
testuser@suniltest.usersys.redhat.com:7080$
--------------------------------------------------------------

3. Executed a script as below:
[root@suniltest rhq-remoting-cli-4.2.0.JON300.GA]# bin/rhq-cli.sh --host suniltest.usersys.redhat.com --user testuser --password redhat -f testscript.js 
Remote server version is: 3.0.0.GA (e23441b:1ca6ad9)
Login successful
Test Output from script execution!
[root@suniltest rhq-remoting-cli-4.2.0.JON300.GA]#
-----------------------------------------------------------------

4. Created a test.js file with below content:

rhq.login("testuser", "redhat");
println(subject);

Executed as below:

[root@suniltest rhq-remoting-cli-4.2.0.JON300.GA]# bin/rhq-cli.sh -f test.js 
Remote server version is: 3.0.0.GA (e23441b:1ca6ad9)
Subject[id=10001,name=testuser]
[root@suniltest rhq-remoting-cli-4.2.0.JON300.GA]# 
------------------------------------------------------------------

Marking verified as it is working as expected.
Comment 8 Mike Foley 2011-12-06 10:42:37 EST
verified JON GA #2
Comment 9 Mike Foley 2012-02-07 14:25:43 EST
marking VERIFIED JON 3 bugs to CLOSED/CURRENTRELEASE
Comment 10 Mike Foley 2012-02-07 14:30:19 EST
changing status of VERIFIED BZs for JON 2.4.2 and JON 3.0 to CLOSED/CURRENTRELEASE

Note You need to log in before you can comment on or make changes to this bug.