671051 – DB password appearing in traceback email sent by satellite

Bug 671051 - DB password appearing in traceback email sent by satellite

Summary: DB password appearing in traceback email sent by satellite

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Satellite 5
Classification:	Red Hat
Component:	Server
Sub Component:
Version:	530
Hardware:	All
OS:	All
Priority:	urgent
Severity:	urgent
Target Milestone:	---
Assignee:	Michael Mráka
QA Contact:	Jiri Kastner
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	sat54-errata
TreeView+	depends on / blocked

Reported:	2011-01-20 03:42 UTC by Marcelo Moreira de Mello
Modified:	2018-11-14 16:03 UTC (History)
CC List:	5 users (show)
Fixed In Version:	spacewalk-backend-1.2.13-34.el5sat
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-03-28 09:32:23 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2011:0387	0	normal	SHIPPED_LIVE	Red Hat Network Satellite bug fix update	2011-03-28 09:32:12 UTC

Description Marcelo Moreira de Mello 2011-01-20 03:42:05 UTC

Description of problem:

DB password is appearing in clear text in
traceback email which is generated by satellite server.

Version-Release number of selected component (if applicable):
Red Hat Network Satellite .53

How reproducible:
Always

Actual results:

Traceback shows  DB password

Expected results:

Traceback hides DB password

Additional info:
Exception Handler Information
Traceback (most recent call last):

File "/usr/share/rhn/server/apacheHandler.py", line 72, in headerParserHandler

    rhnSQL.initDB()
  File "/usr/share/rhn/server/rhnSQL/__init__.py", line 98, in initDB
    __init__DB(backend, host, port, username, password, database)
  File "/usr/share/rhn/server/rhnSQL/__init__.py", line 59, in __init__DB
    __DB.check_connection()

File "/usr/share/rhn/server/rhnSQL/driver_cx_Oracle.py", line 445, in check_connection

    self.connect() # only allow one try

File "/usr/share/rhn/server/rhnSQL/driver_cx_Oracle.py", line 336, in connect

    raise apply(sql_base.SQLConnectError, err_args)

SQLConnectError: (1034, 'ORA-01034: ORACLE not available\nORA-27101: shared memory realm does not exist\nLinux-x86_64 Error: 2: No such file or directory\n', 'RHNPROD', 'Connection_Connect(): begin session')

Local variables by frame

Frame connect in /usr/share/rhn/server/rhnSQL/driver_cx_Oracle.py at line 336 e = <type 'instance'> ORA-01034: ORACLE not available

ORA-27101: shared memory realm does not exist
Linux-x86_64 Error: 2: No such file or directory

                       errno = <type 'int'> 1034

self = <type 'instance'> <server.rhnSQL.driver_cx_Oracle.Database instance at 0x2aeca6361950> ret = <type 'tuple'> (1034, 'ORA-01034: ORACLE not available\nORA-27101: shared memory realm does no t exist\nLinux-x86_64 Error: 2: No such file or directory\n', 'Connection_Connect(): begin session')

errmsg = <type 'str'> ORA-01034: ORACLE not available
ORA-27101: shared memory realm does not exist
Linux-x86_64 Error: 2: No such file or directory



Frame check_connection in /usr/share/rhn/server/rhnSQL/driver_cx_Oracle.py at line 445 h = <type 'instance'> <__builtin__.OracleCursor on <cx_Oracle.Connection to RHNSAT RHNPROD>> self = <type 'instance'> <server.rhnSQL.driver_cx_Oracle.Database instance at 0x2aeca6361950>

Frame __init__DB in /usr/share/rhn/server/rhnSQL/__init__.py at line 59
                    username = <type 'str'> RHNSAT
                    database = <type 'str'> RHNPROD
                        host = <type 'str'> localhost
                    password = <type 'str'> S3cr3tP4S5
                        port = <type 'NoneType'> None
                     backend = <type 'str'> oracle

Frame initDB in /usr/share/rhn/server/rhnSQL/__init__.py at line 104
                    username = <type 'str'> RHNSAT
                        temp = <type 'str'> S3cr3tP4S5 RHNPROD
                    database = <type 'str'> RHNPROD
                         dsn = <type 'str'> <CENSORED!>
                        host = <type 'str'> localhost
                    password = <type 'str'> S3cr3tP4S5
                        port = <type 'NoneType'> None

Comment 2 Marcelo Moreira de Mello 2011-01-20 03:53:14 UTC

See also: 

https://bugzilla.redhat.com/show_bug.cgi?id=164651
https://bugzilla.redhat.com/show_bug.cgi?id=428595
https://bugzilla.redhat.com/show_bug.cgi?id=490624

Comment 4 Michael Mráka 2011-01-20 09:28:41 UTC

It should be fixed in spacewalk git by
commit cf722531cf89fb6f1c04b63f0dcb3ae4190e0df6
    hide cleartext password from traceback

Fixed in spacewalk package spacewalk-backend-1.3.37-1.

Comment 6 Jiri Kastner 2011-03-25 10:29:05 UTC

Frame connect in /usr/share/rhn/server/rhnSQL/driver_cx_Oracle.py at line 385
                           e = <type 'instance'> ORA-01017: invalid username/password; logon denied
  
                       errno = <type 'int'> 1017
                        self = <type 'instance'> <server.rhnSQL.driver_cx_Oracle.Database instance at 0x9df664c>
                         ret = <type 'tuple'> (1017, 'ORA-01017: invalid username/password; logon denied\n', 'Connection_Connect(): begin session')
                   reconnect = <type 'int'> 1
                    err_args = <type 'list'> ['<CENSORED!>', 1017, 'ORA-01017: invalid username/password; logon denied\n', 'Connection_Connect(): begin session']
                      errmsg = <type 'str'> ORA-01017: invalid username/password; logon denied


Frame __init__DB in /usr/share/rhn/server/rhnSQL/__init__.py at line 52
                    username = <type 'str'> <CENSORED!>an
                    db_class = <type 'classobj'> server.rhnSQL.driver_cx_Oracle.Database
                    database = <type 'str'> <CENSORED!>
                        host = <type 'str'> localhost
                    password = <type 'str'> <CENSORED!>
                        port = <type 'NoneType'> None
                     backend = <type 'str'> oracle

Frame initDB in /usr/share/rhn/server/rhnSQL/__init__.py at line 127
                    username = <type 'str'> <CENSORED!>an
                    database = <type 'str'> <CENSORED!>
                         dsn = <type 'str'> <CENSORED!>
                        host = <type 'str'> localhost
                    password = <type 'str'> <CENSORED!>
                        port = <type 'NoneType'> None
                     backend = <type 'str'> oracle

Comment 9 errata-xmlrpc 2011-03-28 09:32:23 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0387.html

Note You need to log in before you can comment on or make changes to this bug.