1267698 – Internal DB Password Configuration breaks when password contains non-alphanum characters

Bug 1267698 - Internal DB Password Configuration breaks when password contains non-alphanum characters

Summary: Internal DB Password Configuration breaks when password contains non-alphanum...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat CloudForms Management Engine
Classification:	Red Hat
Component:	Appliance
Sub Component:
Version:	5.3.0
Hardware:	All
OS:	All
Priority:	medium
Severity:	medium
Target Milestone:	GA
Target Release:	5.5.0
Assignee:	Nick Carboni
QA Contact:	Pete Savage
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1268905
TreeView+	depends on / blocked

Reported:	2015-09-30 17:27 UTC by Alex Smith
Modified:	2015-12-08 13:33 UTC (History)
CC List:	8 users (show)
Fixed In Version:	5.5.0.5
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Clones:	1268905 (view as bug list)
Environment:
Last Closed:	2015-12-08 13:33:58 UTC
Category:	---
Cloudforms Team:	---
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
Screenshot showing result of password containing spaces. (80.62 KB, image/png) 2015-09-30 17:27 UTC, Alex Smith	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2015:2551	0	normal	SHIPPED_LIVE	Moderate: CFME 5.5.0 bug fixes and enhancement update	2015-12-08 17:58:09 UTC

Description Alex Smith 2015-09-30 17:27:46 UTC

Created attachment 1078752 [details]
Screenshot showing result of password containing spaces.

Description of problem:

  When configuring the CFME appliance with an internal database with a password, passwords which contain non-alphanum characters ([^a-zA-Z0-9]) may cause DB configuration to fail.

Version-Release number of selected component (if applicable):

  Verified on CFME 5.3.4 for VMware, but may affect other releases.

How reproducible: 100%

Steps to Reproduce:
1. Deploy appliance
2. In the console, select option 8 to configure the DB.
3. Configure an internal DB with the following password content (without the quotes) "a passphrase with spaces"

Actual results:

  DB fails to configure, reporting the following postgres error: role "root" does not exist.

Expected results:

  Option 1: The DB is configured successfully.

  Option 2: Alternatively, if "special" characters are not allowed in the password, an input validation error should be reported before attempting to configure the DB.

Additional info:

  Screenshot attached which shows the error.

Comment 3 CFME Bot 2015-10-01 18:41:54 UTC

https://github.com/ManageIQ/manageiq/pull/4625

Comment 4 CFME Bot 2015-10-02 01:25:25 UTC

New commit detected on ManageIQ/manageiq/master:
https://github.com/ManageIQ/manageiq/commit/f06ff61a002383912c17e01091f026b9f7576de7

commit f06ff61a002383912c17e01091f026b9f7576de7
Author:     Nick Carboni <ncarboni>
AuthorDate: Thu Oct 1 14:31:27 2015 -0400
Commit:     Nick Carboni <ncarboni>
CommitDate: Thu Oct 1 14:31:27 2015 -0400

    Use PG utility to create the postgres role
    
    This allows us to avoid nasty quoting and escaping issues
    associated with shelling out to run commands using psql.
    This also allow us to use PG's built in string escape method
    so passwords can now contain all manner of special characters.
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1267698

 gems/pending/appliance_console/internal_database_configuration.rb | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

Comment 5 Pete Savage 2015-11-20 14:39:44 UTC

Verified in 5.5.0.11 with password "  !!££%%&&(("

Comment 7 errata-xmlrpc 2015-12-08 13:33:58 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2015:2551

Note You need to log in before you can comment on or make changes to this bug.