Bug 996779 - Obfuscated database password is converted to plain-text and saved in rhq-server.properites file during auto-install
Summary: Obfuscated database password is converted to plain-text and saved in rhq-serv...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: JBoss Operations Network
Classification: JBoss
Component: Installer, Security
Version: JON 3.1.2
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ER02
: JON 3.2.0
Assignee: Jay Shaughnessy
QA Contact: Mike Foley
URL:
Whiteboard:
Depends On:
Blocks: 1006419
TreeView+ depends on / blocked
 
Reported: 2013-08-13 23:08 UTC by Larry O'Leary
Modified: 2018-12-02 15:36 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Type: Bug
Embargoed:


Attachments (Terms of Use)
rhq-server-properties.log (44.74 KB, text/x-log)
2013-10-03 14:27 UTC, Armine Hovsepyan
no flags Details


Links
System ID Private Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 451903 0 None None None Never

Description Larry O'Leary 2013-08-13 23:08:41 UTC
Description of problem:
When performing a silent or autoisntall the obfuscated property value for rhq.server.database.password is converted to a plain-text value and persisted to rhq-server.properites while the installer is running.

Version-Release number of selected component (if applicable):
4.4.0.JON312GA

How reproducible:
Always

Steps to Reproduce:
1.  Extract JON server.
2.  Prepare it for silent install using an obfuscated database password:

        # Change these values accordingly
        # databasePassword should be obfuscated
        databaseUrl="jdbc:postgresql://127.0.0.1:5432/rhq"
        databaseUser="rhqadmin"
        databasePassword="-627bd760a4751ca4"

        # These should stay the same for all PostgreSQL instances
        databaseDriver="org.postgresql.Driver"
        databaseXAClass="org.postgresql.xa.PGXADataSource"
        databaseTypeMapping="PostgreSQL"
        databaseServerName="127.0.0.1"
        databasePort="5432"
        databaseName="rhq"
        hibernateDialect="org.hibernate.dialect.PostgreSQLDialect"
        quartzDriverDelegate="org.quartz.impl.jdbcjobstore.PostgreSQLDelegate"
        
        sed -i 's/^rhq\.server\.database\.connection-url=.*/rhq.server.database.connection-url='"${databaseUrl}"'/' "${TESTENV_DIR}/jon-server/bin/rhq-server.properties"
        sed -i 's/^rhq\.server\.database\.driver-class=.*/rhq.server.database.driver-class='"${databaseDriver}"'/' "${TESTENV_DIR}/jon-server/bin/rhq-server.properties"
        sed -i 's/^rhq\.server\.database\.xa-datasource-class=.*/rhq.server.database.xa-datasource-class='"${databaseXAClass}"'/' "${TESTENV_DIR}/jon-server/bin/rhq-server.properties"
        sed -i 's/^rhq\.server\.database\.user-name=.*/rhq.server.database.user-name='"${databaseUser}"'/' "${TESTENV_DIR}/jon-server/bin/rhq-server.properties"
        sed -i 's/^rhq\.server\.database\.password=.*/rhq.server.database.password='"${databasePassword}"'/' "${TESTENV_DIR}/jon-server/bin/rhq-server.properties"
        sed -i 's/^rhq\.server\.database\.type-mapping=.*/rhq.server.database.type-mapping='"${databaseTypeMapping}"'/' "${TESTENV_DIR}/jon-server/bin/rhq-server.properties"
        sed -i 's/^rhq\.server\.database\.server-name=.*/rhq.server.database.server-name='"${databaseServerName}"'/' "${TESTENV_DIR}/jon-server/bin/rhq-server.properties"
        sed -i 's/^rhq\.server\.database\.port=.*/rhq.server.database.port='"${databasePort}"'/' "${TESTENV_DIR}/jon-server/bin/rhq-server.properties"
        sed -i 's/^rhq\.server\.database\.db-name=.*/rhq.server.database.db-name='"${databaseName}"'/' "${TESTENV_DIR}/jon-server/bin/rhq-server.properties"
        sed -i 's/^hibernate\.dialect=.*/hibernate.dialect='"${hibernateDialect}"'/' "${TESTENV_DIR}/jon-server/bin/rhq-server.properties"
        sed -i 's/^rhq\.server\.quartz\.driverDelegateClass=.*/rhq.server.quartz.driverDelegateClass='"${quartzDriverDelegate}"'/' "${TESTENV_DIR}/jon-server/bin/rhq-server.properties"
        sed -i 's/^rhq\.autoinstall\.enabled=.*/rhq.autoinstall.enabled=true/' "${TESTENV_DIR}/jon-server/bin/rhq-server.properties"
        sed -i 's/^rhq\.autoinstall\.database=.*/rhq.autoinstall.database=overwrite/' "${TESTENV_DIR}/jon-server/bin/rhq-server.properties"


3.  Start monitoring the rhq-server.properties file for changes:

    _tmpDir=$(mktemp -d) && echo "Using ${_tmpDir}" && md5hash="" && {
        while (true); do
            newmd5="$(md5sum "${TESTENV_DIR}/jon-server/bin/rhq-server.properties")"
            if [ "${md5hash}" != "${newmd5}" ]; then
                cp -a "${TESTENV_DIR}/jon-server/bin/rhq-server.properties" "${_tmpDir}/rhq-server.properties-$(date +%s)"
                md5hash="${newmd5}"
            fi
            sleep 0.2s
        done
    }
    
4.  Start JBoss ON server.
5.  After install is finished, stop JBoss ON server.

Actual results:
At the beginning of the autoinstall process, rhq-server.properties is updated with a plain-text password.

Expected results:
The obfuscated password should remain intact during autoinstall and the plain-text password should never be exposed or persisted.

Comment 1 Heiko W. Rupp 2013-09-13 09:34:47 UTC
We need to investigate if that is still true in 3.2 and fix accordingly.

Comment 2 Jay Shaughnessy 2013-09-19 17:38:49 UTC
With the new install mechanism every install in an autoinstall.  This is no longer an issue for 3.2.

Comment 3 Armine Hovsepyan 2013-10-03 14:26:43 UTC
obfuscated password is not being changed to plain text - attached the full log of updates in rhq-server.properties (tailed to get all updates)

Comment 4 Armine Hovsepyan 2013-10-03 14:27:13 UTC
Created attachment 807105 [details]
rhq-server-properties.log


Note You need to log in before you can comment on or make changes to this bug.