rubycas-server login fail

[Pavel Drobushevich]

Hi all,

I've installed Puppet Enterprise 2.5 on Ubuntu 10.04.4 ("minimal" version on our new hosting provider, previous on amazon ec2 all works fine). So couldn't login to puppet dashboard - internal server error. I found problem in rubycas-server. It fails when try to hash password:

(/opt/puppet/share/rubycas-server/lib/casserver/authenticators/sql_encrypted.rb)

def validate(credentials)

....
    encrypt_function = @options[:encrypt_function] || 'user.encrypted_password == Digest::SHA256.hexdigest("#{user.encryption_salt}::#{@password}")'
...
     return eval(encrypt_function) # FAIL 

But in simple ruby script function Digest::SHA256.hexdigest works fine. I changed to OpenSSL::Digest::SHA256.hexdigest in rubycas-server and it works...

Maybe you can advice how to solve this problem without source change?

Thanks in advance.

[Jeff McCune]

Could you post the trace of the error and some entries from the logs?  How did you track it down to here?

-Jeff

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/EuLrHRjTs-4J.
To post to this group, send email to puppet...@googlegroups.com.
To unsubscribe from this group, send email to puppet-users...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

[Pavel Drobushevich]

Hi Jeff, 

I've added begin/rescue around this line of code but it didn't catch exception, so there is no any information in log :( I added step by step log print to code and found this line. When I did replace it ( eval(encrypt_function) ) to true (or changed encrypt_function to OpenSSL::Digest::SHA256.hexdigest) it works well. As I understand it is problem with native sha2 library.

Thanks,

Pavel

To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.