Bug 996779 - Obfuscated database password is converted to plain-text and saved in rhq-server.properites file during auto-install
Obfuscated database password is converted to plain-text and saved in rhq-serv...
Status: CLOSED CURRENTRELEASE
Product: JBoss Operations Network
Classification: JBoss
Component: Installer, Security (Show other bugs)
JON 3.1.2
Unspecified Unspecified
high Severity high
: ER02
: JON 3.2.0
Assigned To: Jay Shaughnessy
Mike Foley
:
Depends On:
Blocks: 1006419
  Show dependency treegraph
 
Reported: 2013-08-13 19:08 EDT by Larry O'Leary
Modified: 2014-01-02 15:40 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
rhq-server-properties.log (44.74 KB, text/x-log)
2013-10-03 10:27 EDT, Armine Hovsepyan
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 451903 None None None Never

  None (edit)
Description Larry O'Leary 2013-08-13 19:08:41 EDT
Description of problem:
When performing a silent or autoisntall the obfuscated property value for rhq.server.database.password is converted to a plain-text value and persisted to rhq-server.properites while the installer is running.

Version-Release number of selected component (if applicable):
4.4.0.JON312GA

How reproducible:
Always

Steps to Reproduce:
1.  Extract JON server.
2.  Prepare it for silent install using an obfuscated database password:

        # Change these values accordingly
        # databasePassword should be obfuscated
        databaseUrl="jdbc:postgresql://127.0.0.1:5432/rhq"
        databaseUser="rhqadmin"
        databasePassword="-627bd760a4751ca4"

        # These should stay the same for all PostgreSQL instances
        databaseDriver="org.postgresql.Driver"
        databaseXAClass="org.postgresql.xa.PGXADataSource"
        databaseTypeMapping="PostgreSQL"
        databaseServerName="127.0.0.1"
        databasePort="5432"
        databaseName="rhq"
        hibernateDialect="org.hibernate.dialect.PostgreSQLDialect"
        quartzDriverDelegate="org.quartz.impl.jdbcjobstore.PostgreSQLDelegate"
        
        sed -i 's/^rhq\.server\.database\.connection-url=.*/rhq.server.database.connection-url='"${databaseUrl}"'/' "${TESTENV_DIR}/jon-server/bin/rhq-server.properties"
        sed -i 's/^rhq\.server\.database\.driver-class=.*/rhq.server.database.driver-class='"${databaseDriver}"'/' "${TESTENV_DIR}/jon-server/bin/rhq-server.properties"
        sed -i 's/^rhq\.server\.database\.xa-datasource-class=.*/rhq.server.database.xa-datasource-class='"${databaseXAClass}"'/' "${TESTENV_DIR}/jon-server/bin/rhq-server.properties"
        sed -i 's/^rhq\.server\.database\.user-name=.*/rhq.server.database.user-name='"${databaseUser}"'/' "${TESTENV_DIR}/jon-server/bin/rhq-server.properties"
        sed -i 's/^rhq\.server\.database\.password=.*/rhq.server.database.password='"${databasePassword}"'/' "${TESTENV_DIR}/jon-server/bin/rhq-server.properties"
        sed -i 's/^rhq\.server\.database\.type-mapping=.*/rhq.server.database.type-mapping='"${databaseTypeMapping}"'/' "${TESTENV_DIR}/jon-server/bin/rhq-server.properties"
        sed -i 's/^rhq\.server\.database\.server-name=.*/rhq.server.database.server-name='"${databaseServerName}"'/' "${TESTENV_DIR}/jon-server/bin/rhq-server.properties"
        sed -i 's/^rhq\.server\.database\.port=.*/rhq.server.database.port='"${databasePort}"'/' "${TESTENV_DIR}/jon-server/bin/rhq-server.properties"
        sed -i 's/^rhq\.server\.database\.db-name=.*/rhq.server.database.db-name='"${databaseName}"'/' "${TESTENV_DIR}/jon-server/bin/rhq-server.properties"
        sed -i 's/^hibernate\.dialect=.*/hibernate.dialect='"${hibernateDialect}"'/' "${TESTENV_DIR}/jon-server/bin/rhq-server.properties"
        sed -i 's/^rhq\.server\.quartz\.driverDelegateClass=.*/rhq.server.quartz.driverDelegateClass='"${quartzDriverDelegate}"'/' "${TESTENV_DIR}/jon-server/bin/rhq-server.properties"
        sed -i 's/^rhq\.autoinstall\.enabled=.*/rhq.autoinstall.enabled=true/' "${TESTENV_DIR}/jon-server/bin/rhq-server.properties"
        sed -i 's/^rhq\.autoinstall\.database=.*/rhq.autoinstall.database=overwrite/' "${TESTENV_DIR}/jon-server/bin/rhq-server.properties"


3.  Start monitoring the rhq-server.properties file for changes:

    _tmpDir=$(mktemp -d) && echo "Using ${_tmpDir}" && md5hash="" && {
        while (true); do
            newmd5="$(md5sum "${TESTENV_DIR}/jon-server/bin/rhq-server.properties")"
            if [ "${md5hash}" != "${newmd5}" ]; then
                cp -a "${TESTENV_DIR}/jon-server/bin/rhq-server.properties" "${_tmpDir}/rhq-server.properties-$(date +%s)"
                md5hash="${newmd5}"
            fi
            sleep 0.2s
        done
    }
    
4.  Start JBoss ON server.
5.  After install is finished, stop JBoss ON server.

Actual results:
At the beginning of the autoinstall process, rhq-server.properties is updated with a plain-text password.

Expected results:
The obfuscated password should remain intact during autoinstall and the plain-text password should never be exposed or persisted.
Comment 1 Heiko W. Rupp 2013-09-13 05:34:47 EDT
We need to investigate if that is still true in 3.2 and fix accordingly.
Comment 2 Jay Shaughnessy 2013-09-19 13:38:49 EDT
With the new install mechanism every install in an autoinstall.  This is no longer an issue for 3.2.
Comment 3 Armine Hovsepyan 2013-10-03 10:26:43 EDT
obfuscated password is not being changed to plain text - attached the full log of updates in rhq-server.properties (tailed to get all updates)
Comment 4 Armine Hovsepyan 2013-10-03 10:27:13 EDT
Created attachment 807105 [details]
rhq-server-properties.log

Note You need to log in before you can comment on or make changes to this bug.