Bug 1123283 - [rhevm-dwh-setup] username "user" is allowed which will crash the install process
Summary: [rhevm-dwh-setup] username "user" is allowed which will crash the install pro...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine-dwh
Version: 3.3.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: 3.5.0
Assignee: Yedidyah Bar David
QA Contact: Pavel Stehlik
URL:
Whiteboard: integration
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-07-25 08:48 UTC by Evgheni Dereveanchin
Modified: 2019-04-28 10:45 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-07-30 04:01:51 UTC
oVirt Team: ---


Attachments (Terms of Use)

Description Evgheni Dereveanchin 2014-07-25 08:48:25 UTC
Description of problem:
It is currently possible to specify username "user" as a read only user during "rhevm-dwh-setup" step. It may also be accepted in other places. This results in an incorrect SQL query which results in a failed install.

Version-Release number of selected component (if applicable):
3.3.2

How reproducible:
Always

Steps to Reproduce:
1. install rhev and reports-setup
2. start rhevm-dwh-setup
3. use "user" in this step:

This utility can configure a read only user for DB access. Would you like to do so? (yes|no): yes
Provide a username for read-only user: user

Actual results:
username is accepted, setup fails

Expected results:
username is rejected

Additional info:

resulting SQL query which fails:

engine=# CREATE ROLE user with  login encrypted password 'test';
ERROR:  syntax error at or near "user"
LINE 1: CREATE ROLE user with  login encrypted password 'test';
                    ^
sample of different username which works:

engine=# CREATE ROLE user123123 with  login encrypted password 'test';
CREATE ROLE

Other SQL words which may also need blacklisting (I tested "with" and it also fails)

Comment 2 Shirly Radco 2014-07-27 09:47:04 UTC
Barak, should this be fixed for 3.3.z? 
IIRC we removed the option of adding the read-only user for 3.4 and above.

Comment 3 Barak 2014-07-29 14:35:41 UTC
No we do not release 3.3.z any more,
This issue is minor (and obselete in 3.4).

And should have an easy workaround in the form of KB.

Comment 4 Yedidyah Bar David 2014-07-30 04:01:51 UTC
(In reply to Barak from comment #3)
> No we do not release 3.3.z any more,
> This issue is minor (and obselete in 3.4).
> 
> And should have an easy workaround in the form of KB.

Agreed. Closing.


Note You need to log in before you can comment on or make changes to this bug.