Bug 728390 - Strong passwords are not allowed
Summary: Strong passwords are not allowed
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: ovirt-node
Version: 6.2
Hardware: Unspecified
OS: Unspecified
urgent
urgent
Target Milestone: beta
: ---
Assignee: Joey Boggs
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-08-04 22:41 UTC by Mike Burns
Modified: 2014-06-09 16:20 UTC (History)
9 users (show)

Fixed In Version: ovirt-node-2.0.2-0.1.git5dce5f9.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-12-06 19:25:56 UTC
Target Upstream Version:


Attachments (Terms of Use)
proposed patch (1.05 KB, patch)
2011-08-04 23:39 UTC, Alan Pevec
jboggs: review+
Details | Diff


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:1783 normal SHIPPED_LIVE rhev-hypervisor6 bug fix and enhancement update 2011-12-06 15:10:54 UTC

Description Mike Burns 2011-08-04 22:41:45 UTC
Description of problem:
When installing via the TUI, the password input screen disallows all strong passwords.  A simple password that prompts the "you have entered a weak password" message will allow installation, but a stong password will result in a popup saying that "You must enter a valid password"

Version-Release number of selected component (if applicable):
6.2-0.9

How reproducible:
Always

Steps to Reproduce:
1.Install using TUI and complex password
2.
3.
  
Actual results:
Can't install

Expected results:
Installation runs.

Additional info:

Comment 1 Mike Burns 2011-08-04 22:43:05 UTC
Temporary workaround until permanent solution can be found:

diff --git a/scripts/ovirt-config-installer.py b/scripts/ovirt-config-installer.py
index 30f8aa9..ff2ccc8 100644
--- a/scripts/ovirt-config-installer.py
+++ b/scripts/ovirt-config-installer.py
@@ -828,11 +828,7 @@ class NodeInstallScreen:
                         if not self.current_password_fail == 1:
                             self.upgrade_node()
                     elif self.__current_page == PASSWORD_PAGE:
-                        if self.valid_password == 0:
-                            self.install_node()
-                        else:
-                            ButtonChoiceWindow(self.screen, "Password Check", "You must enter a valid password", buttons = ['Ok'])
-                            self.__current_page = PASSWORD_PAGE
+                        self.install_node()
                     elif self.__current_page == FAILED_PAGE:
                         f = self.log_menu_list.current()
                         log = open(f)

Comment 2 Alan Pevec 2011-08-04 22:48:39 UTC
Joey, I think this is the actual fix, please have a look:
--- a/scripts/ovirtfunctions.py
+++ b/scripts/ovirtfunctions.py
@@ -1085,7 +1085,7 @@ def password_check(password_1, password_2):
                           do not contain dictionary words")
           elif password_1 != "" and password_2 == "":
               return (1, "Please Confirm Password\n\n\n\n\n\n")
-          return (1, "\n\n\n\n\n\n")
+          return (0, "\n\n\n\n\n\n")
 
 def get_logrotate_size():
     size = augtool_get("/files/etc/logrotate.d/ovirt-node/rule/size")

Comment 3 Alan Pevec 2011-08-04 23:02:13 UTC
Actually this:
-- a/scripts/ovirtfunctions.py
+++ b/scripts/ovirtfunctions.py
@@ -1083,6 +1083,7 @@ def password_check(password_1, password_2):
                   return (0, "You have provided a weak password!\nStrong passwo
                           lowercase, numeric and punctuation characters.\n\nThe
                           do not contain dictionary words")
+              return (0, "\n\n\n\n\n\n")
           elif password_1 != "" and password_2 == "":
               return (1, "Please Confirm Password\n\n\n\n\n\n")
           return (1, "\n\n\n\n\n\n")

Comment 4 Alan Pevec 2011-08-04 23:39:54 UTC
Created attachment 516802 [details]
proposed patch

Comment 7 cshao 2011-09-01 09:48:13 UTC
Test version:
rhev-hypervisor-6.2-0.14.el6

TUI: Strong passwords are allowed (e.g. 123qwe!@#QWE)

So change bug status to VERIFIED.

Comment 8 errata-xmlrpc 2011-12-06 19:25:56 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1783.html


Note You need to log in before you can comment on or make changes to this bug.