Project

Profile

Help

Issue #708

Pulp does not authenticate with mongodb using username with an empty password if specified

Added by igulina@redhat.com over 5 years ago. Updated over 1 year ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
High
Assignee:
Category:
-
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
Platform Release:
2.6.2
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:

Description

Description of problem:

Pulp does not allow authentication with mongodb using username with an empty password if specified in server.conf and shows a traceback, though mongo allows access to pulp_database with an empty pass

Might be connected to BZ 1182335

Version-Release number of selected component (if applicable):

rpm -qa pulp-server

pulp-server-2.6.0-0.7.beta.fc20.noarch

Steps to Reproduce:

mongo

MongoDB shell version: 2.4.6
connecting to: test

use pulp_database

switched to db pulp_database

db.changeUserPassword("gena", "")
exit

bye

mongo pulp_database -u gena

MongoDB shell version: 2.4.6
connecting to: pulp_database

db.repos.find()

{ "_id" : ObjectId("54b7c4cb99cca86045dd3fcb"), "_ns" : "repos", "content_unit_counts" : { "erratum" : 4, "package_category" : 1, "package_group" : 2 }, "description" : null, "display_name" : "zoo_repo", "id" : "zoo_repo", "last_unit_added" : ISODate("2015-01-15T13:47:14.329Z"), "last_unit_removed" : null, "notes" : { "_repo-type" : "rpm-repo" }, "scratchpad" : { "checksum_type" : "sha256" } }

exit

bye

vi /etc/pulp/server.conf

username: gena
password:

for s in {qpidd,pulp_celerybeat,pulp_resource_manager,pulp_workers,httpd}; do sudo systemctl restart $s; done;

pulp-admin login -u admin -p admin

There was an internal server error while trying to access the Pulp application.
One possible cause is that the database needs to be migrated to the latest
version. If this is the case, run pulp-manage-db and restart the services. More
information may be found in Apache's log.

sudo -u apache pulp-manage-db

Database initialization failed: The server config specified username/password authentication but is missing either the username or the password
The server config specified username/password authentication but is missing either the username or the password
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/pulp/server/db/manage.py", line 124, in main
connection.initialize(max_timeout=1)
File "/usr/lib/python2.7/site-packages/pulp/server/db/connection.py", line 92, in initialize
raise Exception(_("The server config specified username/password authentication but "
Exception: The server config specified username/password authentication but is missing either the username or the password

mongo

MongoDB shell version: 2.4.6
connecting to: test

use pulp_database

switched to db pulp_database

db.changeUserPassword("gena", "genka")
exit

bye

vi /etc/pulp/server.conf

username: gena
password: genka

for s in {qpidd,pulp_celerybeat,pulp_resource_manager,pulp_workers,httpd}; do sudo systemctl restart $s; done;

pulp-admin rpm repo list

--------------------------------------------------------------------
RPM Repositories
--------------------------------------------------------------------

Id: zoo_repo
Display Name: zoo_repo
Description: None
Content Unit Counts:
Erratum: 4
Package Category: 1
Package Group: 2

+ This bug was cloned from Bugzilla Bug #1194676 +

Associated revisions

Revision 6fcae917 View on GitHub
Added by cduryee over 5 years ago

Allow passwordless mongodb connections to be configured

MongoDB allows passwordless logins. However, Pulp was checking that both the username and password were set before attempting a login.

This patch alters the user/pass check to fail only if a password is set sans username. If a username is set sans password, a MongoDB connection will be attempted.

Note that all of the auth still happens in Mongo. This was just a "pre-check" that Pulp was doing to give a clear error message.

fixes #708

Revision 6fcae917 View on GitHub
Added by cduryee over 5 years ago

Allow passwordless mongodb connections to be configured

MongoDB allows passwordless logins. However, Pulp was checking that both the username and password were set before attempting a login.

This patch alters the user/pass check to fail only if a password is set sans username. If a username is set sans password, a MongoDB connection will be attempted.

Note that all of the auth still happens in Mongo. This was just a "pre-check" that Pulp was doing to give a clear error message.

fixes #708

History

#1 Updated by bmbouter over 5 years ago

I think this bug is as simple as adjusting this section [0] of code so that if username is not the default (empty string) then both username and password will be included as connection_kwargs. The default password is an empty string so if the user does not adjust the password of server.conf [database] section then an empty password should be allowed.

[0]: https://github.com/pulp/pulp/blob/master/server/pulp/server/db/connection.py#L87-L93

+ This comment was cloned from Bugzilla #1194676 comment 1 +

#2 Updated by cduryee over 5 years ago

  • Status changed from NEW to ASSIGNED
  • Assignee set to cduryee

#3 Updated by cduryee over 5 years ago

  • Assignee changed from cduryee to igulina@redhat.com

Can you give more info about how you created the 'gena' user originally? I am having trouble reproducing this case.

#4 Updated by cduryee over 5 years ago

  • Assignee changed from igulina@redhat.com to cduryee

#5 Updated by bmbouter over 5 years ago

  • Severity changed from Medium to 2. Medium

#6 Updated by cduryee over 5 years ago

  • Status changed from ASSIGNED to POST

#7 Updated by cduryee over 5 years ago

  • Status changed from POST to MODIFIED

#8 Updated by cduryee over 5 years ago

  • % Done changed from 0 to 100

#9 Updated by cduryee over 5 years ago

  • Platform Release changed from 2.6.1 to 2.6.2

#10 Updated by dkliban@redhat.com over 5 years ago

  • Status changed from MODIFIED to 5

#13 Updated by igulina@redhat.com over 5 years ago

  • Status changed from 5 to 6

rpm -qa pulp-server

pulp-server-2.6.2-0.2.beta.fc20.noarch

with

username: gena
password:

in /etc/pulp/server.conf

mongo pulp_database -u gena

MongoDB shell version: 2.4.6
connecting to: pulp_database

^C

bye

sudo -u apache pulp-manage-db

Mongo database for connection is version 2.4.6
Loading content types.
Loading type descriptors [docker.json, rpm_support.json, puppet.json, iso_support.json, nodes.json]
Parsing type descriptors
Validating type descriptor syntactic integrity
Validating type descriptor semantic integrity
Updating the database with types [docker_image, distribution, drpm, erratum, package_group, package_category, package_environment, rpm, srpm, yum_repo_metadata_file, puppet_module, iso, repository, node]
Content types loaded.
Ensuring the admin role and user are in place.
Admin role and user are in place.
Beginning database migrations.
Migration package pulp.server.db.migrations is up to date at version 12
Migration package pulp_puppet.plugins.migrations is up to date at version 2
Migration package pulp_rpm.plugins.migrations is up to date at version 21
Database migrations complete.

for s in {qpidd,pulp_celerybeat,pulp_resource_manager,pulp_workers,httpd}; do sudo systemctl restart $s; done;
pulp-admin -u admin -p admin rpm repo list

--------------------------------------------------------------------
RPM Repositories
--------------------------------------------------------------------

Id: zoo_repo
Display Name: zoo_repo
Description: None
Content Unit Counts:
Erratum: 4
Package Category: 1
Package Group: 2

pulp-admin login -u admin -p admin

Successfully logged in. Session certificate will expire at Jun 1 11:56:14 2015
GMT.

pulp-admin rpm repo create --repo-id test

Successfully created repository [test]

pulp-admin rpm repo delete --repo-id test

This command may be exited via ctrl+c without affecting the request.

[\]
Running...

Repository [test] successfully deleted

#14 Updated by dkliban@redhat.com about 5 years ago

  • Status changed from 6 to CLOSED - CURRENTRELEASE

#16 Updated by bmbouter over 1 year ago

  • Tags Pulp 2 added

Please register to edit this issue

Also available in: Atom PDF