From d6cab8b9f17662f9266e4e149de1d1f21dea09e6 Mon Sep 17 00:00:00 2001
From: jaymode <jay.modi@elasticsearch.com>
Date: Thu, 31 Mar 2016 14:42:34 -0400
Subject: [PATCH] security: read correct file when listing users

Original commit: elastic/x-pack-elasticsearch@dca906abba2966b2b237010a5c933b79ecc3b549
---
 .../elasticsearch/shield/authc/file/tool/UsersTool.java  | 5 ++++-
 .../shield/authc/file/tool/UsersToolTests.java           | 9 +++++++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/file/tool/UsersTool.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/file/tool/UsersTool.java
index c394efdd2f3..1a64826210c 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/file/tool/UsersTool.java
+++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/file/tool/UsersTool.java
@@ -320,11 +320,14 @@ public class UsersTool extends MultiCommand {
     static void listUsersAndRoles(Terminal terminal, Environment env, String username) throws Exception {
         Settings esusersSettings = Realms.fileRealmSettings(env.settings());
         Path userRolesFilePath = FileUserRolesStore.resolveFile(esusersSettings, env);
-        Set<String> knownRoles = FileRolesStore.parseFileForRoleNames(userRolesFilePath, null);
         Map<String, String[]> userRoles = FileUserRolesStore.parseFile(userRolesFilePath, null);
+
         Path userFilePath = FileUserPasswdStore.resolveFile(esusersSettings, env);
         Set<String> users = FileUserPasswdStore.parseFile(userFilePath, null).keySet();
 
+        Path rolesFilePath = FileRolesStore.resolveFile(env.settings(), env);
+        Set<String> knownRoles = FileRolesStore.parseFileForRoleNames(rolesFilePath, null);
+
         if (username != null) {
             if (!users.contains(username)) {
                 throw new UserError(ExitCodes.NO_USER, "User [" + username + "] doesn't exist");
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/file/tool/UsersToolTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/file/tool/UsersToolTests.java
index 9cfa53152d7..5ce65a328cc 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/file/tool/UsersToolTests.java
+++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/file/tool/UsersToolTests.java
@@ -351,6 +351,9 @@ public class UsersToolTests extends CommandTestCase {
         assertTrue(output, output.contains("test_admin"));
         assertTrue(output, output.contains("existing_user2"));
         assertTrue(output, output.contains("test_r1"));
+
+        // output should not contain '*' which indicates unknown role
+        assertFalse(output, output.contains("*"));
     }
 
     public void testListSingleUser() throws Exception {
@@ -359,6 +362,9 @@ public class UsersToolTests extends CommandTestCase {
         assertTrue(output, output.contains("test_admin"));
         assertFalse(output, output.contains("existing_user2"));
         assertFalse(output, output.contains("test_r1"));
+
+        // output should not contain '*' which indicates unknown role
+        assertFalse(output, output.contains("*"));
     }
 
     public void testListUnknownRoles() throws Exception {
@@ -382,5 +388,8 @@ public class UsersToolTests extends CommandTestCase {
         assertTrue(output, output.contains("existing_user3"));
         output = execute("list");
         assertTrue(output, output.contains("existing_user3"));
+
+        // output should not contain '*' which indicates unknown role
+        assertFalse(output, output.contains("*"));
     }
 }