Bug 760148 - Unprivileged user unable to use the CLI in any way
Summary: Unprivileged user unable to use the CLI in any way
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: RHQ Project
Classification: Other
Component: CLI
Version: 4.3
Hardware: Unspecified
OS: Unspecified
urgent
urgent
Target Milestone: ---
: JON 3.0.0,RHQ 4.3.0
Assignee: Lukas Krejci
QA Contact: Mike Foley
URL:
Whiteboard:
Depends On:
Blocks: 783869
TreeView+ depends on / blocked
 
Reported: 2011-12-05 14:20 UTC by Lukas Krejci
Modified: 2012-02-07 19:30 UTC (History)
3 users (show)

Fixed In Version: 4.3.0
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 783869 (view as bug list)
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 694892 0 medium CLOSED Non-Perm user error loading about box 2021-02-22 00:41:40 UTC

Internal Links: 694892

Description Lukas Krejci 2011-12-05 14:20:15 UTC
Description of problem:

A user without MANAGE_SETTINGS is unable to log in in the CLI.  This holds true for both the interactive console as well as the scripts.

Version-Release number of selected component (if applicable):
4.2.0.JON300.GA

How reproducible:
always

Steps to Reproduce:
1. $ bin/rhq-cli.sh
2. unconnected> login <limited-user> <password>

or

1. $ bin/rhq-cli.sh --host <RHQ-hostname> --user <limited-user> --password <password>

or

1. $ bin/rhq-cli.sh --host <RHQ-hostname> --user <limited-user> --password <password> -f any-script.js
  
or

a script test.js with contents:

rhq.login("<limite-user>", "<password>");

and 

1. $ bin/rhq-cli.sh -f test.js

Actual results:
All of the above give an error about the user not having MANAGE_SETTINGS and give up on logging in.

Expected results:
The user logs in and everything works as expected.

Additional info:

Comment 1 Lukas Krejci 2011-12-05 14:29:38 UTC
Note that the failure is purely because of the fact that the CLI wants to print out the version of the server it has connected to and fails, because the method it uses to find that out requires MANAGE_SETTINGS.

Comment 2 Mike Foley 2011-12-05 14:37:47 UTC
lukas reports regression from JON 2.4.1

Comment 3 Lukas Krejci 2011-12-05 14:40:21 UTC
This got introduced by commit 0bdeb3eb1c3bfa742697f6cdac57b0c80d80af36

Comment 4 Lukas Krejci 2011-12-05 15:55:26 UTC
master: http://git.fedorahosted.org/git/?p=rhq/rhq.git;a=commitdiff;h=bfb46035204786e3e1297a41cdb1eede7e901e77

release_jon3.x: http://git.fedorahosted.org/git/?p=rhq/rhq.git;a=commitdiff;h=b990a6435cb882c765fbe6e5c9dfc16e6ba54395

Author: Lukas Krejci <lkrejci>
Date:   Mon Dec 5 16:43:27 2011 +0100

    [BZ 760148] - Use the unprivileged method introduced by the commit
    0589b9ee8488bd1 for BZ 694892 for obtaining the version info upon
    the CLI login.

Comment 5 Charles Crouch 2011-12-05 16:46:32 UTC
(10:43:21 AM) ccrouch: jshaughn: so can you confirm http://git.fedorahosted.org/git/?p=rhq/rhq.git;a=commitdiff;h=0bdeb3eb1c3bfa742697f6cdac57b0c80d80af36 is the change that originally introduced the problem?
(10:44:09 AM) jshaughn: yep, looks like that's the one

Comment 6 Jay Shaughnessy 2011-12-05 16:48:37 UTC
This is the same problem as bug 694892.  The fix looks good.

Comment 7 Sunil Kondkar 2011-12-06 10:49:08 UTC
Verified in Jon3GA-2 build.

Created a user 'testuser' without MANAGE_SETTINGS.

Tried below commands in CLI and verified that testuser is able to login successfully:

1. [root@suniltest rhq-remoting-cli-4.2.0.JON300.GA]# bin/rhq-cli.sh
RHQ - RHQ Enterprise Remote CLI 4.2.0.JON300.GA
unconnected$ login testuser redhat
Remote server version is: 3.0.0.GA (e23441b:1ca6ad9)
Login successful

testuser@localhost:7080$
-------------------------------------------------------------
2. [root@suniltest rhq-remoting-cli-4.2.0.JON300.GA]# bin/rhq-cli.sh --host suniltest.usersys.redhat.com --user testuser --password redhat
RHQ - RHQ Enterprise Remote CLI 4.2.0.JON300.GA
Remote server version is: 3.0.0.GA (e23441b:1ca6ad9)
Login successful
testuser.redhat.com:7080$
--------------------------------------------------------------

3. Executed a script as below:
[root@suniltest rhq-remoting-cli-4.2.0.JON300.GA]# bin/rhq-cli.sh --host suniltest.usersys.redhat.com --user testuser --password redhat -f testscript.js 
Remote server version is: 3.0.0.GA (e23441b:1ca6ad9)
Login successful
Test Output from script execution!
[root@suniltest rhq-remoting-cli-4.2.0.JON300.GA]#
-----------------------------------------------------------------

4. Created a test.js file with below content:

rhq.login("testuser", "redhat");
println(subject);

Executed as below:

[root@suniltest rhq-remoting-cli-4.2.0.JON300.GA]# bin/rhq-cli.sh -f test.js 
Remote server version is: 3.0.0.GA (e23441b:1ca6ad9)
Subject[id=10001,name=testuser]
[root@suniltest rhq-remoting-cli-4.2.0.JON300.GA]# 
------------------------------------------------------------------

Marking verified as it is working as expected.

Comment 8 Mike Foley 2011-12-06 15:42:37 UTC
verified JON GA #2

Comment 9 Mike Foley 2012-02-07 19:25:43 UTC
marking VERIFIED JON 3 bugs to CLOSED/CURRENTRELEASE

Comment 10 Mike Foley 2012-02-07 19:30:19 UTC
changing status of VERIFIED BZs for JON 2.4.2 and JON 3.0 to CLOSED/CURRENTRELEASE


Note You need to log in before you can comment on or make changes to this bug.