Bug 624080 - User can be created through RPC with password length less then 5 characters
Summary: User can be created through RPC with password length less then 5 characters
Status: CLOSED DEFERRED
Alias: None
Product: Red Hat Satellite 5
Classification: Red Hat
Component: Server
Version: 530
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Jan Pazdziora
QA Contact: Red Hat Satellite QA List
URL:
Whiteboard:
Keywords:
Depends On:
Blocks: 462714
TreeView+ depends on / blocked
 
Reported: 2010-08-13 15:19 UTC by Dimitar Yordanov
Modified: 2014-07-04 13:28 UTC (History)
3 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2014-07-04 13:28:26 UTC


Attachments (Terms of Use)

Description Dimitar Yordanov 2010-08-13 15:19:45 UTC
Description of problem:
User can be created through RPC  with password length less then 5 characters. 

Version-Release number of selected component (if applicable):
redhat-rhn-satellite-5.3-server-x86_64-5-embedded-oracle
SpaceWalk 1.1

How reproducible:
USE_PAM=1
PASSWORD='test'
user.create(key, LOGIN, PASSWORD, FIRST_NAME, LAST_NAME, EMAIL, USE_PAM)

Steps to Reproduce:
1.
2.
3.
  
Actual results:
User is created.

Expected results:
Could not create user:  <Fault -1: 'redstone.xmlrpc.XmlRpcFault: unhandled internal exception: Passwords must be at least 5 characters.'>

Additional info:

Comment 1 Colin Coe 2010-08-24 00:52:27 UTC
Running this script:
---
#!/usr/bin/perl

use strict;
use warnings;

use Frontier::Client;

my ($username, $password) = ("admin", "password");
my $client = new Frontier::Client(url => "http://127.0.0.1/rpc/api");
my $session = $client->call("auth.login", $username, $password);

my $apiver = $client->call('api.getVersion');
my $sysver = $client->call('api.systemVersion');
print "api.getVersion: $apiver, api.systemVersion: $sysver\n";
$client->call('user.create', $session, 'coec', 'pwd', 'Colin', 'Coe', 'colin.coe@gmail.com', 0);

$client->call('auth.logout', $session);
---
outputs this on Spacewalk 1.1 (git)
---
api.getVersion: 10.11, api.systemVersion: 1.1
Fault returned from XML RPC Server, fault code -1: redstone.xmlrpc.XmlRpcFault: unhandled internal exception: Passwords must be at least 5 characters. :: Logins must be no shorter than 5 characters.
---
and this on Satellite v5.3
---
api.getVersion: 10.8, api.systemVersion: 5.3.0
Fault returned from XML RPC Server, fault code -1: redstone.xmlrpc.XmlRpcFault: unhandled internal exception: Passwords must be at least 5 characters. :: Logins must be no shorter than 5 characters.
---

Comment 2 Dimitar Yordanov 2010-08-27 14:29:18 UTC
I think the problem will appear if last argument is 1: 

$client->call('user.create', $session, 'coec', 'pwd', 'Colin', 'Coe',
'colin.coe@gmail.com', 1);

Comment 3 Colin Coe 2010-08-28 01:41:26 UTC
I think this is OK.  For PAM enabled users, Satellite is going to ignore the password you put in when the user is created.

IMOOO, the webUI should allow any length passwords for PAM enabled users.

CC

Comment 4 Dimitar Yordanov 2010-08-30 16:00:25 UTC
Actually, what made me thinking that this could be an issue was the the fact that  WebUI does not allow you to create PAM user with password length less than 5 characters and via RPC is possible.


Note You need to log in before you can comment on or make changes to this bug.