bug #797: OpenNebula core prevents a password with spaces to be used

(cherry picked from commit f0410c9e75a6314976d1c3bc45d5cff11b0feb16)
2025-03-13 12:58:17 +03:00 · 2011-09-09 18:31:46 +02:00 · 2011-09-09 18:31:46 +02:00 · 0faf6203fb
commit 0faf6203fb
parent 4eb0d69e5c
4 changed files with 51 additions and 6 deletions
--- a/include/User.h
+++ b/include/User.h
@ -31,6 +31,11 @@ class User : public PoolObjectSQL
 {
 public:

+    /**
+     *  Characters that can not be in a password
+     */
+    static const string NO_PASSWD_CHARS;
+
    /**
     * Function to print the User object into a string in XML format
     *  @param xml the resulting XML string
@ -73,11 +78,35 @@ public:
    };

    /**
-     *  Sets user password
+     *  Checks if a password is valid.
+     *    @param passwd to be checked
+     *    @return true if the password is valid
     */
-    void set_password(string _password)
+    static bool is_valid_password(const string& passwd)
    {
-        password = _password;
+        return passwd.find_first_of(NO_PASSWD_CHARS) == string::npos;
+    }
+
+    /**
+     *  Sets user password. It checks that the new password does not contain
+     *  forbidden chars.
+     *    @param _password the new pass
+     *    @returns -1 if the password is not valid
+     */
+    int set_password(const string& passwd)
+    {
+        int rc = 0;
+
+        if (is_valid_password(passwd))
+        { 
+            password = passwd;
+        }
+        else
+        {
+            rc = -1;
+        }
+
+        return rc;
    };

    /**
--- a/src/rm/RequestManagerAllocate.cc
+++ b/src/rm/RequestManagerAllocate.cc
@ -242,6 +242,13 @@ int UserAllocate::pool_allocate(xmlrpc_c::paramList const& paramList,
        ugname = GroupPool::USERS_NAME;
    }

+    if (!User::is_valid_password(passwd))
+    {
+        error_str = "Invalid password, it can not contain spaces.";
+
+        return -1;
+    }
+
    return upool->allocate(&id,ugid,uname,ugname,passwd,true,error_str);
 }

--- a/src/rm/RequestManagerUser.cc
+++ b/src/rm/RequestManagerUser.cc
@ -61,13 +61,20 @@ int UserChangePassword::user_action(User * user,

    string new_pass = xmlrpc_c::value_string(paramList.getString(2));

-    user->set_password(new_pass);
+    int rc = user->set_password(new_pass);

-    pool->update(user);
+    if ( rc == 0 )
+    {
+        pool->update(user);
+    }
+    else
+    {
+        error_str = "Invalid password, it can not contain spaces.";
+    }

    user->unlock();

-    return 0;
+    return rc;
 }

 /* ------------------------------------------------------------------------- */
--- a/src/um/User.cc
+++ b/src/um/User.cc
@ -27,6 +27,8 @@
 #include "Group.h"


+const string User::NO_PASSWD_CHARS = " \t\n\v\f\r";
+
 /* ************************************************************************** */
 /* User :: Database Access Functions                                          */
 /* ************************************************************************** */