Bug 84541 - rhn-register complains about characters in password
rhn-register complains about characters in password
Status: CLOSED WORKSFORME
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: rhn_register (Show other bugs)
4.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Pradeep Kilambi
Beth Nackashi
:
Depends On:
Blocks: 191074 191079
  Show dependency treegraph
 
Reported: 2003-02-18 12:13 EST by Mike Gahagan
Modified: 2013-02-26 19:49 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-11-16 14:51:14 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Mike Gahagan 2003-02-18 12:13:21 EST
Description of problem:

After recently changing my password to one that happens to have a '%' character
in it via the web interface, I can no longer register systems. The RHN web
interface accepted the new password without complaint.

RHN register returns error code 15: password contains a '%' character

Error Class Info: The username contains invalid characters


Version-Release number of selected component (if applicable):

rhn_register-2.7.9-7.x.2

How reproducible:

always

Steps to Reproduce:
1.set a password w/ a '%' character on the web interface (which will he accepted)
2. run rhn_register
3.
    
Actual results:

rhn_register doesn't accept my valid password.

Expected results:

rhn_register should register the system regardless of what is in the password if
the password is valid.

Additional info:
Comment 3 Fanny Augustin 2006-04-10 20:34:03 EDT
Blocking rhnupr4u4 and rhnupr3u8 to track the progress of the release
Comment 4 Fanny Augustin 2006-04-13 15:38:25 EDT
Moving bugs to the CanFix List
Comment 5 Fanny Augustin 2006-05-08 15:17:37 EDT
This bug did not make the code freeze and it will not be fiixed during this
release cycle.  Re-aligning bug to the next release
Comment 6 Fanny Augustin 2006-05-08 16:06:43 EDT
This bug did not make the code freeze.  It will not be fixed in this releasee 
Reea ligning to the next one.
Comment 10 Bret McMillan 2006-08-09 14:33:22 EDT
Note, this may not involve client changes.  Should this solely be a server-side
change, I'll clone this bug, change the clone's component to RHN/Backend, and
close this one.
Comment 11 Pradeep Kilambi 2006-11-16 12:59:17 EST
Yes, this needs to be a server side change:

basically in backend/server/rhnUser.py there is a call validate_new_password
this validates the password sent by the client and throws an rhnFault if it
does'nt comply with the regex mentioned.

invalid_re = re.compile(r"[^ A-Za-z0-9`!@#$%^&*()-_=+[{\]}\\|;:'\",<.>/?~]")

so instead of checking for valid characters, we just follow the business rule on
account creation that we follow for webui where the only restriction is the length.

Comment 12 Pradeep Kilambi 2006-11-16 14:50:22 EST
Apparently It seems to work for me:

created a user with 
username: 'test_pwd' 
password: '%password%' from webui

then ran 

$rhn_register -vv (with the above uname and password) 

[root@rlx-0-20 ~]# rhn_register -vv
D: logininfo: {'X-RHN-Server-Id': 1007041205, 'X-RHN-Auth-Server-Time':
'1163706208.5', 'X-RHN-Auth': 'IHPBtCY7wiZ8y/AJjZmVMA==', 'X-RHN-Auth-Channels':
[['rhel-i386-as-4', '20061110101036', '1', '1']], 'X-RHN-Auth-User-Id': '',
'X-RHN-Auth-Expire-Offset': '3600.0'}
[root@rlx-0-20 ~]#

works fine with no errors...

let me know if i missed anything here

Comment 13 Pradeep Kilambi 2006-11-16 14:52:20 EST
Also the version of up2date i'm running is:

[root@rlx-0-20 ~]# rpm -q up2date
up2date-4.4.69-25
Comment 14 Pradeep Kilambi 2006-11-16 15:22:31 EST
my comments in comment#11 is only for new user creation. So if we try to create
a new user with rhn_register with % in password it raises an exception as i
mentioned.

But as per the original bug reported we should not have this issue for existing
users.

Note You need to log in before you can comment on or make changes to this bug.