Bug 838502 - With "spacewalk-channel" "redhat-rhn-proxy*" channels can be manipulated.
With "spacewalk-channel" "redhat-rhn-proxy*" channels can be manipulated.
Status: CLOSED CURRENTRELEASE
Product: Red Hat Satellite 5
Classification: Red Hat
Component: Client (Show other bugs)
550
Unspecified Unspecified
low Severity low
: ---
: ---
Assigned To: Michael Mráka
Dimitar Yordanov
: Patch
Depends On:
Blocks: sat550-lowbug
  Show dependency treegraph
 
Reported: 2012-07-09 05:32 EDT by Dimitar Yordanov
Modified: 2012-09-21 05:33 EDT (History)
2 users (show)

See Also:
Fixed In Version: spacewalk-backend-1.7.38-28-sat
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-09-21 05:33:25 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
"spacewalk-channel" should not manipulate rhn-proxy channels. (6.30 KB, text/plain)
2012-07-09 05:34 EDT, Dimitar Yordanov
no flags Details

  None (edit)
Description Dimitar Yordanov 2012-07-09 05:32:40 EDT
Description of problem:
With"spacewalk-channel"  "redhat-rhn-proxy*" channels can be manipulated.

Version-Release number of selected component (if applicable):
rhn-setup-1.0.0-73.el6.noarch

How reproducible:
100%

Steps to Reproduce:
1. Sync the following channels to Satellite.
   satellite-sync -c rhel-x86_64-server-6  -c redhat-rhn-proxy-5.4-server-x86_64-6

2. Register EL6 system to Satellite.
3. On the EL6 system execute:
  #spacewalk-channel  --list
  rhel-x86_64-server-6
  #spacewalk-channel  -L
  Username: xxxxx
  Password: 
  redhat-rhn-proxy-5.4-server-x86_64-6
  # spacewalk-channel --add -c redhat-rhn-proxy-5.4-server-x86_64-6
  # spacewalk-channel  --list


Actual results:
redhat-rhn-proxy-5.4-server-x86_64-6
rhel-x86_64-server-6

Expected results:
Channel "redhat-rhn-proxy*" should be assigned to a system only if the system is a RHN-Proxy.
Command "spacewalk channel -L" should not list "redhat-rhn-proxy*" channels.

Additional info:
Possible fix  in /usr/sbin/spacewalk-channel.
(See attachment)
...

if args:
        systemExit(1, "ERROR: these arguments make no sense in this context (try --help)")
    if OPTIONS.channel:
      for chann in OPTIONS.channel:
        if  re.match("^redhat-rhn-proxy.*$",chann):
           systemExit(1, "ERROR: RHN-Proxy channels can not be manipulated via spacewalk-channel tool!")




...
 elif OPTIONS.available_channels:
        channels = get_available_channels(OPTIONS.user, OPTIONS.password)
        channels.sort()
        for chann in channels:
          if not re.match("^redhat-rhn-proxy.*$",chann):
            print chann
        #print '\n'.join(channels)
Comment 1 Dimitar Yordanov 2012-07-09 05:34:51 EDT
Created attachment 597031 [details]
"spacewalk-channel" should not manipulate  rhn-proxy channels.
Comment 3 Stephen Herr 2012-07-09 11:43:04 EDT
Hmm, technically we probably should make the changes in the API methods that spacewalk-channel calls, not in spacewalk-channel itself. Although that really only helps us in the event that
1) a different client tool is calling the same API methods.
2) a user who is does not have write access to the Satellite code is attempting to hack the system.

I find those two situations to be unlikely, so the proposed patch is probably fine.
Comment 4 Jan Pazdziora 2012-07-27 09:47:04 EDT
I believe we have to start with the API side -- if the redhat-rhn-proxy* channel subscription should not be allowed, it has to be disabled in the API first. Only then we can start polishing the "list" operation of spacewalk-channel.
Comment 6 Michael Mráka 2012-07-31 06:04:33 EDT
API fix has been committed to spacewalk master as
commit 6812a5aa43f7a6cebbf46d0057ee4d85a5ae072d
    838502 - block subscription to satellite and proxy channels
    they need to be activated properly
Comment 9 Michael Mráka 2012-07-31 07:53:54 EDT
Backported to SATELLITE-5.5 as
commit c5fe88d106bf8457eae29be08624384ae0dc23ca
    838502 - block subscription to satellite and proxy channels
    they need to be activated properly
Comment 13 Jan Pazdziora 2012-08-15 08:01:45 EDT
What does

rpm -qf /usr/sbin/spacewalk-channel

return?
Comment 15 Jan Pazdziora 2012-08-15 08:19:53 EDT
Moving back ON_QA for Michael.

Please use stock (latest) rhn-setup on the client.
Comment 20 Clifford Perry 2012-09-21 05:33:25 EDT
This issue is resolved with the release of RHN Satellite 5.5. 

As of September 20th 2012, RHN Satellite 5.5 has been generally available. 

Release Notes and other 5.5 documentation can be found here:

 https://access.redhat.com/knowledge/docs/Red_Hat_Network_Satellite/

The associated Errata for the 5.5 release are:

5.5 Satellite GA Errata
 - http://rhn.redhat.com/errata/RHEA-2012-1296.html

5.5 Upgrade Errata
 - http://rhn.redhat.com/errata/RHEA-2012-1298.html

5.5 RHN Proxy GA Errata
 - http://rhn.redhat.com/errata/RHEA-2012-1297.html

5.5 RHN Tools GA Errata
 - http://rhn.redhat.com/errata/RHEA-2012-1299.html

Regards,
Clifford
- Engineering Manager, Satellite

Note You need to log in before you can comment on or make changes to this bug.