Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 84541

Summary: rhn-register complains about characters in password
Product: Red Hat Enterprise Linux 4 Reporter: Mike Gahagan <mgahagan>
Component: rhn_registerAssignee: Pradeep Kilambi <pkilambi>
Status: CLOSED WORKSFORME QA Contact: Beth Nackashi <bnackash>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.0CC: tsanders
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-11-16 19:51:14 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Mike Gahagan 2003-02-18 17:13:21 UTC
Description of problem:

After recently changing my password to one that happens to have a '%' character
in it via the web interface, I can no longer register systems. The RHN web
interface accepted the new password without complaint.

RHN register returns error code 15: password contains a '%' character

Error Class Info: The username contains invalid characters


Version-Release number of selected component (if applicable):

rhn_register-2.7.9-7.x.2

How reproducible:

always

Steps to Reproduce:
1.set a password w/ a '%' character on the web interface (which will he accepted)
2. run rhn_register
3.
    
Actual results:

rhn_register doesn't accept my valid password.

Expected results:

rhn_register should register the system regardless of what is in the password if
the password is valid.

Additional info:

Comment 3 Fanny Augustin 2006-04-11 00:34:03 UTC
Blocking rhnupr4u4 and rhnupr3u8 to track the progress of the release

Comment 4 Fanny Augustin 2006-04-13 19:38:25 UTC
Moving bugs to the CanFix List

Comment 5 Fanny Augustin 2006-05-08 19:17:37 UTC
This bug did not make the code freeze and it will not be fiixed during this
release cycle.  Re-aligning bug to the next release

Comment 6 Fanny Augustin 2006-05-08 20:06:43 UTC
This bug did not make the code freeze.  It will not be fixed in this releasee 
Reea ligning to the next one.

Comment 10 Bret McMillan 2006-08-09 18:33:22 UTC
Note, this may not involve client changes.  Should this solely be a server-side
change, I'll clone this bug, change the clone's component to RHN/Backend, and
close this one.

Comment 11 Pradeep Kilambi 2006-11-16 17:59:17 UTC
Yes, this needs to be a server side change:

basically in backend/server/rhnUser.py there is a call validate_new_password
this validates the password sent by the client and throws an rhnFault if it
does'nt comply with the regex mentioned.

invalid_re = re.compile(r"[^ A-Za-z0-9`!@#$%^&*()-_=+[{\]}\\|;:'\",<.>/?~]")

so instead of checking for valid characters, we just follow the business rule on
account creation that we follow for webui where the only restriction is the length.



Comment 12 Pradeep Kilambi 2006-11-16 19:50:22 UTC
Apparently It seems to work for me:

created a user with 
username: 'test_pwd' 
password: '%password%' from webui

then ran 

$rhn_register -vv (with the above uname and password) 

[root@rlx-0-20 ~]# rhn_register -vv
D: logininfo: {'X-RHN-Server-Id': 1007041205, 'X-RHN-Auth-Server-Time':
'1163706208.5', 'X-RHN-Auth': 'IHPBtCY7wiZ8y/AJjZmVMA==', 'X-RHN-Auth-Channels':
[['rhel-i386-as-4', '20061110101036', '1', '1']], 'X-RHN-Auth-User-Id': '',
'X-RHN-Auth-Expire-Offset': '3600.0'}
[root@rlx-0-20 ~]#

works fine with no errors...

let me know if i missed anything here



Comment 13 Pradeep Kilambi 2006-11-16 19:52:20 UTC
Also the version of up2date i'm running is:

[root@rlx-0-20 ~]# rpm -q up2date
up2date-4.4.69-25

Comment 14 Pradeep Kilambi 2006-11-16 20:22:31 UTC
my comments in comment#11 is only for new user creation. So if we try to create
a new user with rhn_register with % in password it raises an exception as i
mentioned.

But as per the original bug reported we should not have this issue for existing
users.