Puppet users - Jun 2012 - rubycas-server login fail

Hi all,

I''ve installed Puppet Enterprise 2.5 on Ubuntu 10.04.4
("minimal" version
on our new hosting provider, previous on amazon ec2 all works fine). So 
couldn''t login to puppet dashboard - internal server error. I found
problem
in rubycas-server. It fails when try to hash password:
(/opt/puppet/share/rubycas-server/lib/casserver/authenticators/sql_encrypted.rb)
> def validate(credentials)
>
....
>     encrypt_function = @options[:encrypt_function] || 
> ''user.encrypted_password == 
>
Digest::SHA256.hexdigest("#{user.encryption_salt}::#{@password}")''
> ...
>      return eval(encrypt_function) # FAIL 
But in simple ruby script function *Digest::SHA256.hexdigest* works fine. I 
changed to *OpenSSL::Digest::SHA256.hexdigest* in rubycas-server and it 
works...

Maybe you can advice how to solve this problem without source change?

Thanks in advance.

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/EuLrHRjTs-4J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Could you post the trace of the error and some entries from the logs?  How
did you track it down to here?

-Jeff

On Friday, June 8, 2012, Pavel Drobushevich wrote:
> Hi all,
>
> I''ve installed Puppet Enterprise 2.5 on Ubuntu 10.04.4
("minimal" version
> on our new hosting provider, previous on amazon ec2 all works fine). So
> couldn''t login to puppet dashboard - internal server error. I
found problem
> in rubycas-server. It fails when try to hash password:
>
>
(/opt/puppet/share/rubycas-server/lib/casserver/authenticators/sql_encrypted.rb)
>
>> def validate(credentials)
>>
> ....
>>     encrypt_function = @options[:encrypt_function] ||
>> ''user.encrypted_password =>>
Digest::SHA256.hexdigest("#{user.encryption_salt}::#{@password}")''
>> ...
>>      return eval(encrypt_function) # FAIL
>
> But in simple ruby script function *Digest::SHA256.hexdigest* works fine.
> I changed to *OpenSSL::Digest::SHA256.hexdigest* in rubycas-server and it
> works...
>
> Maybe you can advice how to solve this problem without source change?
>
> Thanks in advance.
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/EuLrHRjTs-4J.
> To post to this group, send email to
puppet-users@googlegroups.com<javascript:_e({}, ''cvml'',
''puppet-users@googlegroups.com'');>
> .
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com <javascript:_e({},
''cvml'',
> ''puppet-users%2Bunsubscribe@googlegroups.com'');>.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Hi Jeff, 

I''ve added begin/rescue around this line of code but it didn''t
catch
exception, so there is no any information in log :( I added step by step 
log print to code and found this line. When I did replace it ( 
eval(encrypt_function) ) to true (or changed encrypt_function 
to OpenSSL::Digest::SHA256.hexdigest) it works well. As I understand it is 
problem with native sha2 library.

Thanks,
Pavel

On Friday, June 8, 2012 7:57:09 PM UTC+3, Jeff McCune
wrote:
>
> Could you post the trace of the error and some entries from the logs?  How 
> did you track it down to here?
>
> -Jeff
>
> On Friday, June 8, 2012, Pavel Drobushevich wrote:
>
>> Hi all,
>>
>> I''ve installed Puppet Enterprise 2.5 on Ubuntu 10.04.4
("minimal" version
>> on our new hosting provider, previous on amazon ec2 all works fine). So
>> couldn''t login to puppet dashboard - internal server error. I
found problem
>> in rubycas-server. It fails when try to hash password:
>>
>>
(/opt/puppet/share/rubycas-server/lib/casserver/authenticators/sql_encrypted.rb)
>>
>>> def validate(credentials)
>>>
>> ....
>>>     encrypt_function = @options[:encrypt_function] || 
>>> ''user.encrypted_password == 
>>>
Digest::SHA256.hexdigest("#{user.encryption_salt}::#{@password}")''
>>> ...
>>>      return eval(encrypt_function) # FAIL 
>>
>> But in simple ruby script function *Digest::SHA256.hexdigest* works 
>> fine. I changed to *OpenSSL::Digest::SHA256.hexdigest* in
rubycas-server
>> and it works...
>>
>> Maybe you can advice how to solve this problem without source change?
>>
>> Thanks in advance.
>>
>>  -- 
>> You received this message because you are subscribed to the Google
Groups
>> "Puppet Users" group.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msg/puppet-users/-/EuLrHRjTs-4J.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to 
>> puppet-users+unsubscribe@googlegroups.com.
>> For more options, visit this group at 
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/1qLAKtaBPJIJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.