Bug 84541 - rhn-register complains about characters in password
Summary: rhn-register complains about characters in password
Status: CLOSED WORKSFORME
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: rhn_register (Show other bugs)
(Show other bugs)
Version: 4.0
Hardware: All Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Pradeep Kilambi
QA Contact: Beth Nackashi
URL:
Whiteboard:
Keywords:
Depends On:
Blocks: 191074 191079
TreeView+ depends on / blocked
 
Reported: 2003-02-18 17:13 UTC by Mike Gahagan
Modified: 2013-02-27 00:49 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-11-16 19:51:14 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Mike Gahagan 2003-02-18 17:13:21 UTC
Description of problem:

After recently changing my password to one that happens to have a '%' character
in it via the web interface, I can no longer register systems. The RHN web
interface accepted the new password without complaint.

RHN register returns error code 15: password contains a '%' character

Error Class Info: The username contains invalid characters


Version-Release number of selected component (if applicable):

rhn_register-2.7.9-7.x.2

How reproducible:

always

Steps to Reproduce:
1.set a password w/ a '%' character on the web interface (which will he accepted)
2. run rhn_register
3.
    
Actual results:

rhn_register doesn't accept my valid password.

Expected results:

rhn_register should register the system regardless of what is in the password if
the password is valid.

Additional info:

Comment 3 Fanny Augustin 2006-04-11 00:34:03 UTC
Blocking rhnupr4u4 and rhnupr3u8 to track the progress of the release

Comment 4 Fanny Augustin 2006-04-13 19:38:25 UTC
Moving bugs to the CanFix List

Comment 5 Fanny Augustin 2006-05-08 19:17:37 UTC
This bug did not make the code freeze and it will not be fiixed during this
release cycle.  Re-aligning bug to the next release

Comment 6 Fanny Augustin 2006-05-08 20:06:43 UTC
This bug did not make the code freeze.  It will not be fixed in this releasee 
Reea ligning to the next one.

Comment 10 Bret McMillan 2006-08-09 18:33:22 UTC
Note, this may not involve client changes.  Should this solely be a server-side
change, I'll clone this bug, change the clone's component to RHN/Backend, and
close this one.

Comment 11 Pradeep Kilambi 2006-11-16 17:59:17 UTC
Yes, this needs to be a server side change:

basically in backend/server/rhnUser.py there is a call validate_new_password
this validates the password sent by the client and throws an rhnFault if it
does'nt comply with the regex mentioned.

invalid_re = re.compile(r"[^ A-Za-z0-9`!@#$%^&*()-_=+[{\]}\\|;:'\",<.>/?~]")

so instead of checking for valid characters, we just follow the business rule on
account creation that we follow for webui where the only restriction is the length.



Comment 12 Pradeep Kilambi 2006-11-16 19:50:22 UTC
Apparently It seems to work for me:

created a user with 
username: 'test_pwd' 
password: '%password%' from webui

then ran 

$rhn_register -vv (with the above uname and password) 

[root@rlx-0-20 ~]# rhn_register -vv
D: logininfo: {'X-RHN-Server-Id': 1007041205, 'X-RHN-Auth-Server-Time':
'1163706208.5', 'X-RHN-Auth': 'IHPBtCY7wiZ8y/AJjZmVMA==', 'X-RHN-Auth-Channels':
[['rhel-i386-as-4', '20061110101036', '1', '1']], 'X-RHN-Auth-User-Id': '',
'X-RHN-Auth-Expire-Offset': '3600.0'}
[root@rlx-0-20 ~]#

works fine with no errors...

let me know if i missed anything here



Comment 13 Pradeep Kilambi 2006-11-16 19:52:20 UTC
Also the version of up2date i'm running is:

[root@rlx-0-20 ~]# rpm -q up2date
up2date-4.4.69-25

Comment 14 Pradeep Kilambi 2006-11-16 20:22:31 UTC
my comments in comment#11 is only for new user creation. So if we try to create
a new user with rhn_register with % in password it raises an exception as i
mentioned.

But as per the original bug reported we should not have this issue for existing
users.


Note You need to log in before you can comment on or make changes to this bug.