Bug 892631 - When user log in to UserPortal(or UserLevelAPI) then user_name of this user is changed.
Summary: When user log in to UserPortal(or UserLevelAPI) then user_name of this user i...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine
Version: 3.1.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: 3.2.0
Assignee: Ravi Nori
QA Contact: Ondra Machacek
URL:
Whiteboard: infra
Depends On:
Blocks: 915537
TreeView+ depends on / blocked
 
Reported: 2013-01-07 13:23 UTC by Ondra Machacek
Modified: 2016-02-10 19:40 UTC (History)
10 users (show)

Fixed In Version: sf4
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:
oVirt Team: Infra
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
Backport upstream patch to RHEV 3.1 (1.33 KB, patch)
2013-02-06 00:30 UTC, Ian Pilcher 		no flags Details | Diff
View All


Links
System ID Private Priority Status Summary Last Updated
oVirt gerrit 10869 0 None None None Never

Description Ondra Machacek 2013-01-07 13:23:08 UTC 
Description of problem:
When user log in to UserPortal(or UserLevelAPI) then user_name of this user is changed to it's previous name without domain.(user@domain => user)

Version-Release number of selected component (if applicable):
3.1.0-38.el6ev

How reproducible:
always

Steps to Reproduce:
1. Add user.
2. Give user login permissions.
3. Login as user.
  
Actual results:
User_name is changed after login.

Expected results:
User_name shouldn't be changed.

Additional info:

2013-01-07 14:15:21,314 INFO  [org.ovirt.engine.core.bll.RemoveUserCommand] (pool-4-thread-47) [581200e8] Running command: RemoveUserCommand internal: false. Entities affected :  ID: aaa00000-0000-0000-0000-123456789aaa Type: System
2013-01-07 14:15:37,955 INFO  [org.ovirt.engine.core.bll.AddUserCommand] (pool-4-thread-47) [494bb769] Running command: AddUserCommand internal: false. Entities affected :  ID: aaa00000-0000-0000-0000-123456789aaa Type: System
2013-01-07 14:16:01,675 INFO  [org.ovirt.engine.core.bll.AddPermissionCommand] (pool-4-thread-47) [205b515a] Running command: AddPermissionCommand internal: false. Entities affected :  ID: 5f88fda2-5d86-4010-a704-7fbcc3cf4137 Type: Storage
2013-01-07 14:16:20,653 INFO  [org.ovirt.engine.core.bll.LoginUserCommand] (ajp-/127.0.0.1:8702-18) [39109076] Checking if user portaluser2 is an admin, result false
2013-01-07 14:16:20,654 INFO  [org.ovirt.engine.core.bll.LoginUserCommand] (ajp-/127.0.0.1:8702-18) [39109076] Running command: LoginUserCommand internal: false.

[BEFORE login]
<user>
<name>portaluser2</name>
<link .../> <domain .../>
<user_name>portaluser2.eng.brq.redhat.com</user_name>
</user>

[AFTER login]
<user>
<name>portaluser2</name>
<link .../> <domain .../>
<user_name>portaluser2</user_name>
</user>
Comment 1 Ravi Nori 2013-01-10 15:17:08 UTC 
link : http://gerrit.ovirt.org/#/c/10869/

change id : I072f9aa8dc706533682b53d8b5a56e9b2dc09b82
Comment 2 Yair Zaslavsky 2013-01-14 16:52:02 UTC 
http://gerrit.ovirt.org/gitweb?p=ovirt-engine.git;a=commit;h=bfb32d58dfada193d3dd58382f38ede37a6f3e6a
Comment 4 Ian Pilcher 2013-02-06 00:30:10 UTC 
Created attachment 693596 [details]
Backport upstream patch to RHEV 3.1
Comment 5 Ian Pilcher 2013-02-06 01:50:16 UTC 
One thing to note is that my backported patch (and presumably the upstream patch) will cause the case of the domain portion of the username to change to lower case -- i.e. rhevadmin becomes rhevadmin.

The use of upper case seems to be fairly traditional with Kerberos realms and Active Directory domains, so it seems like it might be a good idea to upper-case the domain (and possibly even "fix" any usernames that have somehow been lower-cased).  For example:

  private String getFullUserName(AdUser adUser) {
      String userName = adUser.getUserName();
      int i = userName.indexOf('@');
      if (i >= 0) {
          userName = userName.substring(0, i);
      }
      return userName + "@" + adUser.getDomainControler().toUpperCase();
  }
Comment 6 Ian Pilcher 2013-02-07 07:21:41 UTC 
(In reply to comment #5)
> One thing to note is that my backported patch (and presumably the upstream
> patch) will cause the case of the domain portion of the username to change
> to lower case -- i.e. rhevadmin becomes rhevadmin.

After rebuilding with the patch from comment #4 and running for a while, I've noticed that *something* has upper-cased the domain portion of my usernames -- both in the database and as returned by the REST API.  So it doesn't look like any additional jiggery pokery is necessary on that front.
Comment 7 Itamar Heim 2013-06-11 09:49:11 UTC 
3.2 has been released
Comment 8 Itamar Heim 2013-06-11 09:49:22 UTC 
3.2 has been released
Comment 9 Itamar Heim 2013-06-11 09:57:36 UTC 
3.2 has been released
Note You need to log in before you can comment on or make changes to this bug.