Bug 1161607

Summary: virt-who not able to decrypt encrypted password
Product: Red Hat Enterprise Linux 7 Reporter: Radek Novacek <rnovacek>
Component: virt-whoAssignee: Radek Novacek <rnovacek>
Status: CLOSED ERRATA QA Contact: John Sefler <jsefler>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.1CC: kmurugad, liliu, ovasik, rbalakri, rnovacek, sgao, shihliu
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: virt-who-0.11-4.el7 Doc Type: Bug Fix
Doc Text:
Cause: virt-who did not decode hexadecimal representation of the password before decrypting. Consequence: Decrypted password did not match the original password, so connecting with the password failed. Fix: Properly decode encrypted password. Result: Encrypted passwords can be used for storing credentials.
 Story Points: ---
Clone Of: 1161604 Environment:
Last Closed: 2015-03-05 10:23:52 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1161604    
Bug Blocks:    

Description Radek Novacek 2014-11-07 13:18:04 UTC 
+++ This bug was initially created as a clone of Bug #1161604 +++

Description of problem:
It seems, virt-who is not able to decrypt encrypted passwords. Getting the following error while using encrypted password in virt-who.

Error: ('/var/log/rhsm/rhsm.log')

2014-11-07 17:49:49,387 [ERROR]  @virtwho.py:118 - Error in communication with virtualization backend, trying to recover:
Traceback (most recent call last):
  File "/usr/share/virt-who/virtwho.py", line 111, in _send
    virtualGuests = self._readGuests(config)
  File "/usr/share/virt-who/virtwho.py", line 147, in _readGuests
    return virt.getHostGuestMapping()
  File "/usr/share/virt-who/virt/esx/esx.py", line 302, in getHostGuestMapping
    self.scan()
  File "/usr/share/virt-who/virt/esx/esx.py", line 153, in scan
    self.client.service.Login(_this=self.sc.sessionManager, userName=self.username, password=self.password)
  File "/usr/lib/python2.6/site-packages/suds/client.py", line 542, in __call__
    return client.invoke(args, kwargs)
  File "/usr/lib/python2.6/site-packages/suds/client.py", line 595, in invoke
    soapenv = binding.get_message(self.method, args, kwargs)
  File "/usr/lib/python2.6/site-packages/suds/bindings/binding.py", line 120, in get_message
    content = self.bodycontent(method, args, kwargs)
  File "/usr/lib/python2.6/site-packages/suds/bindings/document.py", line 63, in bodycontent
    p = self.mkparam(method, pd, value)
  File "/usr/lib/python2.6/site-packages/suds/bindings/document.py", line 105, in mkparam
    return Binding.mkparam(self, method, pdef, object)
  File "/usr/lib/python2.6/site-packages/suds/bindings/binding.py", line 287, in mkparam
    return marshaller.process(content)
  File "/usr/lib/python2.6/site-packages/suds/mx/core.py", line 62, in process
    self.append(document, content)
  File "/usr/lib/python2.6/site-packages/suds/mx/core.py", line 75, in append
    self.appender.append(parent, content)
  File "/usr/lib/python2.6/site-packages/suds/mx/appender.py", line 102, in append
    appender.append(parent, content)
  File "/usr/lib/python2.6/site-packages/suds/mx/appender.py", line 198, in append
    child.setText(tostr(content.value))
  File "/usr/lib/python2.6/site-packages/suds/sax/element.py", line 251, in setText
    self.text = Text(value)
  File "/usr/lib/python2.6/site-packages/suds/sax/text.py", line 43, in __new__
    result = super(Text, cls).__new__(cls, *args, **kwargs)
UnicodeDecodeError: 'ascii' codec can't decode byte 0xf8 in position 2: ordinal not in range(128)

Version-Release number of selected component (if applicable):
virt-who-0.10-8.el6.noarch
subscription-manager-1.12.14-7.el6.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Configure virt-who under /etc/virt-who.d/ with encrypted password (virt-who-password) i.e man virt-who-config for configuration.

[VMWare]
type=esx
server=lab-esx5.gsslab.pnq.redhat.com
username=root
encrypted_password=ae5eb492f7dfa570eff8714753a18131
owner=System_Management
env=Library

2. Restart virt-who services.
# service virt-who restart

3. Look for the error message in '/var/log/rhsm/rhsm.log'.

2014-11-07 17:49:49,387 [ERROR]  @virtwho.py:118 - Error in communication with virtualization backend, trying to recover:
Traceback (most recent call last):
  File "/usr/share/virt-who/virtwho.py", line 111, in _send
    virtualGuests = self._readGuests(config)
  File "/usr/share/virt-who/virtwho.py", line 147, in _readGuests
    return virt.getHostGuestMapping()
  File "/usr/share/virt-who/virt/esx/esx.py", line 302, in getHostGuestMapping
    self.scan()
  File "/usr/share/virt-who/virt/esx/esx.py", line 153, in scan
    self.client.service.Login(_this=self.sc.sessionManager, userName=self.username, password=self.password)
  File "/usr/lib/python2.6/site-packages/suds/client.py", line 542, in __call__
    return client.invoke(args, kwargs)
  File "/usr/lib/python2.6/site-packages/suds/client.py", line 595, in invoke
    soapenv = binding.get_message(self.method, args, kwargs)
  File "/usr/lib/python2.6/site-packages/suds/bindings/binding.py", line 120, in get_message
    content = self.bodycontent(method, args, kwargs)
  File "/usr/lib/python2.6/site-packages/suds/bindings/document.py", line 63, in bodycontent
    p = self.mkparam(method, pd, value)
  File "/usr/lib/python2.6/site-packages/suds/bindings/document.py", line 105, in mkparam
    return Binding.mkparam(self, method, pdef, object)
  File "/usr/lib/python2.6/site-packages/suds/bindings/binding.py", line 287, in mkparam
    return marshaller.process(content)
  File "/usr/lib/python2.6/site-packages/suds/mx/core.py", line 62, in process
    self.append(document, content)
  File "/usr/lib/python2.6/site-packages/suds/mx/core.py", line 75, in append
    self.appender.append(parent, content)
  File "/usr/lib/python2.6/site-packages/suds/mx/appender.py", line 102, in append
    appender.append(parent, content)
  File "/usr/lib/python2.6/site-packages/suds/mx/appender.py", line 198, in append
    child.setText(tostr(content.value))
  File "/usr/lib/python2.6/site-packages/suds/sax/element.py", line 251, in setText
    self.text = Text(value)
  File "/usr/lib/python2.6/site-packages/suds/sax/text.py", line 43, in __new__
    result = super(Text, cls).__new__(cls, *args, **kwargs)
UnicodeDecodeError: 'ascii' codec can't decode byte 0xf8 in position 2: ordinal not in range(128)


Actual results:
virt-who is not decrypting passwords.

Expected results:
virt-who decrypts encrypted passwords.

Additional info:

--- Additional comment from Radek Novacek on 2014-11-07 14:17:24 CET ---

Patch available upstream:

https://git.fedorahosted.org/cgit/virt-who.git/commit/?id=f759f0fde748cfb88e0451dd19715794a5ca1e53
Comment 2 Radek Novacek 2014-11-13 11:27:11 UTC 
Fixed in virt-who-0.11-4.el7.
Comment 4 Liushihui 2014-11-24 07:08:11 UTC 
The latest RHEL7.1 build with virt-who-0.11-3.el7.noarch, need to wait for a new rhel7.1 build with virt-who-0.11-4.el7 to verify this bug.
Comment 5 Liushihui 2014-11-28 08:57:46 UTC 
Verified it on virt-who-0.11-4.el7.noarch.

Version-Release number of selected component (if applicable):
subscription-manager-1.13.9-1.el7.x86_64
python-rhsm-1.13.8-1.el7.x86_64
virt-who-0.11-4.el7.noarch
katello-headpin-1.4.3.28-1.el6sam_splice.noarch
candlepin-0.9.6.5-1.el6sam.noarch

Verified process:
1.Register system to SAM server 
[root@hp-z220-05 libvirt-test-API]# subscription-manager register --username=admin --password=admin
The system has been registered with ID: e3abf301-1772-4e9c-b4f2-b24a7acef326 
2.Configure virt-who run at esx mode and with encrypted password
[root@hp-z220-05 system]# virt-who-password 
Password: 
Use following as value for encrypted_password key in the configuration file:
43f282d679adb816f2bb1cf9c18949ec
# cat /etc/virt-who.d/virt-who
[test-esx1]
type=esx
server=10.66.79.89
username=Administrator
encrypted_password=43f282d679adb816f2bb1cf9c18949ec
owner=ACME_Corporation
env=Library
3. Restart virt-who service, virt-who can send host/guest associate to SAM server.
2014-11-28 16:51:14,806 [DEBUG]  @virtwho.py:83 - Using config named 'test-esx1'
2014-11-28 16:51:14,807 [INFO]  @virtwho.py:460 - Using configuration "test-esx1" ("esx" mode)
2014-11-28 16:51:14,807 [DEBUG]  @virtwho.py:170 - Starting infinite loop with 5 seconds interval
2014-11-28 16:51:20,233 [INFO]  @subscriptionmanager.py:116 - Sending update in hosts-to-guests mapping: {aee4ff00-8c33-11e2-994a-6c3be51d959a: [4229e196-30de-9b6b-d31b-f22b22166548, 564d30c2-464f-81ad-1db6-6ec620dd7465], 44454c4c-4200-1034-8039-b8c04f503258: [422929f3-8ade-7dcc-6119-4904c7e1b8eb]}
Comment 8 errata-xmlrpc 2015-03-05 10:23:52 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0430.html