[Bug 609449] New: yast2 ca-mgm module have mangled capasswd option
http://bugzilla.novell.com/show_bug.cgi?id=609449 http://bugzilla.novell.com/show_bug.cgi?id=609449#c0 Summary: yast2 ca-mgm module have mangled capasswd option Classification: openSUSE Product: openSUSE 11.2 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: YaST2 AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: tthidney@seznam.cz QAContact: jsrain@novell.com Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (compatible; Konqueror/4.4) KHTML/4.4.2 (like Gecko) SUSE I am trying to create certificate from cmdline using yast ca-mgm module. As I need to pass CA password I tried one from documentation: capasswd [string] CA password (Security: This should be given by an environment variable) however using capasswd="password" is ignored, obviously caPassword option is readed. So Window asking me to pass ca password appear (which is problem in batch) And of course passing caPasswd will fail: Unknown option for command 'createCertificate': caPasswd And at the end when I do not pass capasswd at all command complain about ca creation: Invalid password. Use of uninitialized value in sprintf at /usr/share/YaST2/modules/YaST/caUtils.pm line 1848 (#1) (W uninitialized) An undefined value was used as if it were already defined. It was interpreted as a "" or a 0, but maybe it was a mistake. To suppress this warning assign a defined value to your variables. To help you figure out what was undefined, perl will try to tell you the name of the variable (if any) that was undefined. In some cases it cannot do this, so it also tells you what operation you used the undefined value in. Note, however, that perl optimizes your program and the operation displayed in the warning may not necessarily appear literally in your program. For example, "that $foo" is usually optimized into "that " . $foo, and the warning will refer to the concatenation (.) operator, even though there is no . in your program. Invalid value '' for parameter 'caPasswd'. Invalid value '' for parameter 'caPasswd'. Command look like: LANG=us yast2 ca_mgm createCertificate caname="CANAME" type="server" days="3" cn="testauto" keyPasswd="test" email="mymail" verbose Reproducible: Always Steps to Reproduce: 1. 2. 3. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=609449 http://bugzilla.novell.com/show_bug.cgi?id=609449#c yang xiaoyu <xyyang@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |xyyang@novell.com AssignedTo|bnc-team-screening@forge.pr |yast2-maintainers@suse.de |ovo.novell.com | -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=609449 http://bugzilla.novell.com/show_bug.cgi?id=609449#c1 Vladislav Gorobets <vgorobets@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |tthidney@seznam.cz AssignedTo|yast2-maintainers@suse.de |jdsn@novell.com --- Comment #1 from Vladislav Gorobets <vgorobets@novell.com> 2010-06-01 07:04:09 UTC --- Please attach YaST logs. It's actually helpful to attach them to (almost) every bug report for YaST. See http://en.opensuse.org/Bugs/YaST -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=609449 http://bugzilla.novell.com/show_bug.cgi?id=609449#c2 J. Daniel Schmidt <jdsn@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P4 - Low --- Comment #2 from J. Daniel Schmidt <jdsn@novell.com> 2010-06-01 11:33:50 UTC --- (In reply to comment #0)
however using capasswd="password" is ignored, obviously caPassword option is readed.
According to the code the parameter is indeed "capasswd" in lowercase. The error message you saw came from internal processing - internally the password is saved with the camelCase name "caPassword. The error bwt. occurs if the password is missing or if it is shorter than 4 characters. Unfortunately this error message does not report such an error. -> Bug #1
So Window asking me to pass ca password appear (which is problem in batch) -> Bug #2
And of course passing caPasswd will fail: Unknown option for command 'createCertificate': caPasswd
As already said, the parameter is "capasswd".
when I do not pass capasswd at all command complain about ca creation:
Invalid password. Use of uninitialized value in sprintf at /usr/share/YaST2/modules/YaST/caUtils.pm line 1848 (#1) Invalid value '' for parameter 'caPasswd'. -> Bug #1.1 (or #3 if you like)
Please provide YaST the logs in any case, thank you. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=609449 http://bugzilla.novell.com/show_bug.cgi?id=609449#c3 Thidney Thidney <tthidney@seznam.cz> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|tthidney@seznam.cz | --- Comment #3 from Thidney Thidney <tthidney@seznam.cz> 2010-06-08 19:38:29 UTC --- Created an attachment (id=367919) --> (http://bugzilla.novell.com/attachment.cgi?id=367919) y2logs after running I had to change computer (I am on vacation and I can`t access former computer). Exact command: yast2 ca_mgm createCertificate caname="testCAName" type="server" days="3" cn="testServerCert" email="tthidney@seznam.cz" capasswd="test" keyPasswd="test" verbose After that Dialog with request for CA password appear. And after that it fail again with: linux-dde3:/# LANG=us yast2 ca_mgm createCertificate caname="testCAName" type="server" days="3" cn="testServerCert" email="tthidney@seznam.cz" capasswd="test" keyPasswd="test" verbose (process:23293): Gtk-WARNING **: Locale not supported by C library. Using the fallback 'C' locale. Modifying RequestGenerationData failed. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=609449 https://bugzilla.novell.com/show_bug.cgi?id=609449#c4 Igor Podgorski <igor.podgorski@securelinx.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |igor.podgorski@securelinx.c | |om --- Comment #4 from Igor Podgorski <igor.podgorski@securelinx.com> 2012-05-22 16:26:34 UTC --- I have come across the same issue when creating a server certificate in OpenSUSE 11.4 and SLES 11 SP1. There problem is in /usr/share/YaST2/include/ca-management/commandline.ycp in cmdCreateCertificate (starts at line 59). The problem occurs because new_cert_init ("Server Certificate") on line 69 is called before the CA password was read from the command line which happens further down starting at line 96: if (haskey (options, "capasswd")).... So, I moved the block (lines 96-103) taking in the capasswd from the command line and put it above the block calling for new cert (lines 63-75). Diff below: --- commandline.ycp-orig 2012-05-21 11:57:52.000000000 +0100 +++ commandline.ycp 2012-05-21 11:58:57.000000000 +0100 @@ -60,6 +60,15 @@ CaMgm::CAName = options["caname"]:""; CaMgm::currentCA = options["caname"]:""; + if (haskey (options, "capasswd")) + { + CaMgm::passwdMap[CaMgm::CAName] = options["capasswd"]:""; + } + else + { + CaMgm::passwdMap[CaMgm::CAName] = strip(getenv("capasswd")); + } + if (options["type"]:"" == "client") { new_cert_init ("Client Certificate"); @@ -93,15 +102,6 @@ CaMgm::password = strip(getenv("keyPasswd")); } - if (haskey (options, "capasswd")) - { - CaMgm::passwdMap[CaMgm::CAName] = options["capasswd"]:""; - } - else - { - CaMgm::passwdMap[CaMgm::CAName] = strip(getenv("capasswd")); - } - boolean ret = true; if (options["kind"]:"" == "client") { I can confirm that after making this change I can create a new certificate using the CA password supplied on the command line. Igor -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=609449 https://bugzilla.novell.com/show_bug.cgi?id=609449#c5 --- Comment #5 from Igor Podgorski <igor.podgorski@securelinx.com> 2012-05-23 09:31:48 UTC --- This issue is also present in OpenSUSE 12.1 so I assume 12.2 is affected too. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=609449 https://bugzilla.novell.com/show_bug.cgi?id=609449#c6 J. Daniel Schmidt <jdsn@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED --- Comment #6 from J. Daniel Schmidt <jdsn@suse.com> 2012-05-29 13:53:00 UTC --- Thank you for your patch. I will apply and test it once we have finished our SVN to GIT migration (unfortunately the import broke some history and we will redo it). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=609449 https://bugzilla.novell.com/show_bug.cgi?id=609449#c7 J. Daniel Schmidt <jdsn@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED --- Comment #7 from J. Daniel Schmidt <jdsn@suse.com> 2013-06-20 08:14:49 UTC --- Fixed the issue in YaST's master branch, so it will be in next openSUSE. Please reopen this bug if you need this fix also as an update for 12.3. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=609449 https://bugzilla.novell.com/show_bug.cgi?id=609449#c8 --- Comment #8 from Bernhard Wiedemann <bwiedemann@suse.com> 2013-07-04 11:00:17 CEST --- This is an autogenerated message for OBS integration: This bug (609449) was mentioned in https://build.opensuse.org/request/show/182152 Factory / yast2-ca-management -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com