Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 873611

Summary: spacewalk-hostname-rename don't escape SSL configuration input
Product: [Community] Spacewalk Reporter: Pascal Meier <pascal.meier>
Component: ServerAssignee: Michael Mráka <mmraka>
Status: CLOSED INSUFFICIENT_DATA QA Contact: Red Hat Satellite QA List <satqe-list>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 1.7   
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-02-15 08:41:28 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1484117    

Description Pascal Meier 2012-11-06 10:18:39 UTC 
Description of problem:
The wizard for the new SSL certificate doesn't escape the input on the rhn-ssl-tool. 

Version-Release number of selected component (if applicable):
1.7.15 (spacewalk-utils

How reproducible:
If you insert for example "My Company" as organisation, the parameter for rhn-ssl-tool will be --set-org=My Company instead of  --set-org="My Company"

Steps to Reproduce:
1.Run spacewalk-hostname-rename
2.On "Enter Organization" enter two words seperated by space

  
Actual results:
The SSL certificate generation fails

Expected results:
The SSL certificate generation is successful
Comment 1 Michael Mráka 2012-11-23 14:54:04 UTC 
Hello Pascal,

my investigation shows there's missing parameter quoting in log but the actual command is called correctly. Perhaps there was a different error which caused rhn-ssl-tool fail (e.g. wrong ca password)?

# bash -x  spacewalk-hostname-rename 1.2.3.4 --ssl-org="my org"
+ '[' 00 -gt 0 ']'
+ LOG=/var/log/rhn/rhn_hostname_rename.log
+ RHN_CONF_FILE=/etc/rhn/rhn.conf
+ SSL_BUILD_DIR=/root/ssl-build
+ ETC_JABBERD_DIR=/etc/jabberd
...
+ echo 'Starting generation of new SSL certificate:'
Starting generation of new SSL certificate:
+ '[' -n '' ']'
+ read -e -p ' Enter Country [US] : '
 Enter Country [US] : 
+ SSL_COUNTRY=US
+ '[' -n '' ']'
+ read -e -p ' Enter State [State] : '
 Enter State [State] : 
+ SSL_STATE=State
+ '[' -n x ']'
+ SSL_ORG='my org'
+ '[' -n '' ']'
+ read -e -p ' Enter Organization Unit [spacewalk] : '
 Enter Organization Unit [spacewalk] : 
+ SSL_ORGUNIT=spacewalk
+ '[' -n '' ']'
+ read -e -p ' Enter Email Address [root@localhost] : '
 Enter Email Address [root@localhost] : 
+ SSL_EMAIL=root@localhost
+ '[' -n '' ']'
+ read -e -p ' Enter CA password : ' -s
 Enter CA password : + echo

+ SSL_CA_PASSWORD=wrongpwd
+ echo ' Generating SSL certificate:'
+ tee -a /var/log/rhn/rhn_hostname_rename.log
 Generating SSL certificate:
+ echo 'rhn-ssl-tool --gen-server             --dir=/root/ssl-build             --set-country=US             --set-state=State             --set-org=my' 'org             --set-org-unit=spacewalk              --set-email=root@localhost             --set-hostname=spacewalk'
++ grep noarch.rpm
++ rhn-ssl-tool --gen-server --dir=/root/ssl-build --set-country=US --set-state=State '--set-org=my org' --set-org-unit=spacewalk --set-email=root@localhost --set-hostname=spacewalk --password=wrongpwd
+ SSL_KEY_PAIR_RPM=
+ '[' '!' -n '' ']'
+ echo_err 'Wrong SSL information provided. Check /var/log/rhn/rhn_hostname_rename.log for more information.'
+ tee -a /var/log/rhn/rhn_hostname_rename.log
+ echo 'Wrong SSL information provided. Check /var/log/rhn/rhn_hostname_rename.log for more information.'
Wrong SSL information provided. Check /var/log/rhn/rhn_hostname_rename.log for more information.
+ echo 'Wrong SSL information provided. Check /var/log/rhn/rhn_hostname_rename.log for more information.'
+ bye
+ echo_err 'Fix the problem and run spacewalk-hostname-rename again'
+ echo 'Fix the problem and run spacewalk-hostname-rename again'
Fix the problem and run spacewalk-hostname-rename again
+ echo 'Fix the problem and run spacewalk-hostname-rename again'
+ exit 1


# cat /var/log/rhn/rhn_hostname_rename.log:
...
Generating SSL certificate:
rhn-ssl-tool --gen-server             --dir=/root/ssl-build             --set-country=US             --set-state=State             --set-org=my org             --set-org-unit=spacewalk             --set-email=root@localhost             --set-hostname=spacewalk         

ERROR: web server's SSL certificate generation/signing failed:

Using configuration from /root/ssl-build/rhn-ca-openssl.cnf
unable to load CA private key
139831948363592:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:535:
139831948363592:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:476:

Wrong SSL information provided. Check /var/log/rhn/rhn_hostname_rename.log for more information.
Fix the problem and run spacewalk-hostname-rename again
Comment 2 Michael Mráka 2013-02-15 08:41:28 UTC 
We seem to have communication lost here. Closing, please reopen if you hit the problem with the latest Spacewalk release. Thank you.
Comment 3 Eric Herget 2017-09-28 17:56:18 UTC 
This BZ closed some time during 2.5, 2.6 or 2.7.  Adding to 2.7 tracking bug.