Bug 624080 - User can be created through RPC with password length less then 5 characters
User can be created through RPC with password length less then 5 characters
Status: CLOSED DEFERRED
Product: Red Hat Satellite 5
Classification: Red Hat
Component: Server (Show other bugs)
530
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jan Pazdziora
Red Hat Satellite QA List
:
Depends On:
Blocks: 462714
  Show dependency treegraph
 
Reported: 2010-08-13 11:19 EDT by Dimitar Yordanov
Modified: 2014-07-04 09:28 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-07-04 09:28:26 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Dimitar Yordanov 2010-08-13 11:19:45 EDT
Description of problem:
User can be created through RPC  with password length less then 5 characters. 

Version-Release number of selected component (if applicable):
redhat-rhn-satellite-5.3-server-x86_64-5-embedded-oracle
SpaceWalk 1.1

How reproducible:
USE_PAM=1
PASSWORD='test'
user.create(key, LOGIN, PASSWORD, FIRST_NAME, LAST_NAME, EMAIL, USE_PAM)

Steps to Reproduce:
1.
2.
3.
  
Actual results:
User is created.

Expected results:
Could not create user:  <Fault -1: 'redstone.xmlrpc.XmlRpcFault: unhandled internal exception: Passwords must be at least 5 characters.'>

Additional info:
Comment 1 Colin Coe 2010-08-23 20:52:27 EDT
Running this script:
---
#!/usr/bin/perl

use strict;
use warnings;

use Frontier::Client;

my ($username, $password) = ("admin", "password");
my $client = new Frontier::Client(url => "http://127.0.0.1/rpc/api");
my $session = $client->call("auth.login", $username, $password);

my $apiver = $client->call('api.getVersion');
my $sysver = $client->call('api.systemVersion');
print "api.getVersion: $apiver, api.systemVersion: $sysver\n";
$client->call('user.create', $session, 'coec', 'pwd', 'Colin', 'Coe', 'colin.coe@gmail.com', 0);

$client->call('auth.logout', $session);
---
outputs this on Spacewalk 1.1 (git)
---
api.getVersion: 10.11, api.systemVersion: 1.1
Fault returned from XML RPC Server, fault code -1: redstone.xmlrpc.XmlRpcFault: unhandled internal exception: Passwords must be at least 5 characters. :: Logins must be no shorter than 5 characters.
---
and this on Satellite v5.3
---
api.getVersion: 10.8, api.systemVersion: 5.3.0
Fault returned from XML RPC Server, fault code -1: redstone.xmlrpc.XmlRpcFault: unhandled internal exception: Passwords must be at least 5 characters. :: Logins must be no shorter than 5 characters.
---
Comment 2 Dimitar Yordanov 2010-08-27 10:29:18 EDT
I think the problem will appear if last argument is 1: 

$client->call('user.create', $session, 'coec', 'pwd', 'Colin', 'Coe',
'colin.coe@gmail.com', 1);
Comment 3 Colin Coe 2010-08-27 21:41:26 EDT
I think this is OK.  For PAM enabled users, Satellite is going to ignore the password you put in when the user is created.

IMOOO, the webUI should allow any length passwords for PAM enabled users.

CC
Comment 4 Dimitar Yordanov 2010-08-30 12:00:25 EDT
Actually, what made me thinking that this could be an issue was the the fact that  WebUI does not allow you to create PAM user with password length less than 5 characters and via RPC is possible.

Note You need to log in before you can comment on or make changes to this bug.