Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 612090 - Missing colon in wallaby-load password demand
Missing colon in wallaby-load password demand
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: cyrus-sasl (Show other bugs)
5.4
All Linux
low Severity low
: rc
: ---
Assigned To: Petr Lautrbach
BaseOS QE Security Team
: Reopened
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-07-07 06:02 EDT by Lubos Trilety
Modified: 2012-03-06 12:26 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-03-06 12:26:01 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Lubos Trilety 2010-07-07 06:02:04 EDT
Description of problem:
If the wallaby tool wallaby-load is run without given password, the tool requires password from user, it prints 'Please enter your password'. The prompt is not ended by colon, moreover it's not clear which password is required. It will be better if the tool prints the prompt such like this 'Please enter qpid password:'

Version-Release number of selected component (if applicable):
wallaby-utils-0.6.1-2

How reproducible:
100%

Steps to Reproduce:
1. Run wallaby-load with some valid snapshot as parameter e.g. with '/var/lib/condor-wallaby-base-db/condor-base-db.snapshot'

  
Actual results:
The tool ask for qpid password with this prompt 'Please enter your password'

Expected results:
The tool ask for password with some prompt ended by colon
Comment 1 Will Benton 2010-07-07 11:26:27 EDT
This prompt comes from SASL, and the issue is present in cyrus-sasl-plain-2.1.22.el5.  I am reassigning this bug to cyrus-sasl.
Comment 5 Jan F. Chadima 2011-08-22 06:29:25 EDT
The problem is in the sasl callback in the mentioned tool. The message  is displayed only when the caller does not supply its own one.
Comment 6 Will Benton 2011-08-26 10:32:56 EDT
(In reply to comment #5)
> The message  is displayed only when the caller does not supply its own one.

But if we agree with the original bug report, the (default) message is still wrong, is it not?  In that case, it should be fixed in SASL regardless of whether or not individual clients can override the message.

The Ruby QMF library that wallaby is built on does not allow developers to supply password-gathering callbacks; fixing SASL is obviously the cleanest solution from my perspective.  (It's far less invasive to correct a static string than it is to expose callback functionality in Qpid/QMF and retool applications to use it!)  But just punting to the application level isn't a good option, both philosophically (because library defaults should be usable and sensible) and technically (because clients may not be able to work around this issue).
Comment 7 Jan F. Chadima 2011-08-26 13:38:17 EDT
(In reply to comment #6)
> (In reply to comment #5)
> > The message  is displayed only when the caller does not supply its own one.
> 
> But if we agree with the original bug report, the (default) message is still
> wrong, is it not?  In that case, it should be fixed in SASL regardless of
> whether or not individual clients can override the message.

No this should be repaired in the caller.

> 
> The Ruby QMF library that wallaby is built on does not allow developers to
> supply password-gathering callbacks; fixing SASL is obviously the cleanest
> solution from my perspective.  

In this case the bug is in ruby.


(It's far less invasive to correct a static
> string than it is to expose callback functionality in Qpid/QMF and retool
> applications to use it!)  But just punting to the application level isn't a
> good option, both philosophically (because library defaults should be usable
> and sensible) and technically (because clients may not be able to work around
> this issue).
Comment 8 Will Benton 2011-08-26 13:52:54 EDT
To be clear, there are two problems here.  (1) The default prompt string is broken in SASL, and (2) the QMF console library for Ruby does not provide an option for a callback.

Both of these should be fixed.  Neither is a bug in ruby.
Comment 9 Petr Lautrbach 2012-03-06 12:26:01 EST
The default prompt string here is actually human readable string you can prompt the user with. You get all strings asking for name and password at once so if you had a GUI application you could bring up a dialog box asking for authentication name and password together instead of one at a time like it's done eg in virt-manager.

Given that, this is not bug in cyrus-sasl. I'm closing this now but feel free to reassign this to correct QMF console library component.

Note You need to log in before you can comment on or make changes to this bug.