Sunstone encoding of passwords

DaD · October 13, 2015, 11:30am

Hello,

Our OpenNebula (4.10.2) use LDAP authentication for most users, so I enabled :encode_user_password:.

A core user with non ASCII letters in it’s password can not authenticate through sunstone, but it works with CLI.

I reproduced the problem with a test user, here is the HTTP dialog between sunstone and OpenNebula XML RPC (formated for readability):

POST /RPC2 HTTP/1.1
User-Agent: XMLRPC::Client (Ruby 1.9.3)
Content-Type: text/xml; charset=utf-8
Content-Length: 228
Connection: close
Accept-Encoding: identity
Accept: */*
Host: localhost:2633

<?xml version="1.0" ?>
<methodCall>
  <methodName>one.user.info</methodName>
  <params>
    <param>
      <value>
	  <string>test:some%C3%A8character</string>
	</value>
    </param>
    <param>
      <value>
	  <i4>-1</i4>
	</value>
    </param>
  </params>
</methodCall>

The response:

HTTP/1.1 200 OK
Content-type: text/xml; charset=utf-8
Content-length: 317
Connection: close
Date: Tue, 13 Oct 2015 12:03:21 UTC
Server: Xmlrpc-c_Abyss/1.33.6

<?xml version="1.0" encoding="UTF-8"?>
<methodResponse>
<params>
<param><value><array><data>
<value><boolean>0</boolean></value>
<value><string>[UserInfo] User couldn't be authenticated, aborting call.</string></value>
<value><i4>256</i4></value>
</data></array></value></param>
</params>
</methodResponse>

Any idea?

Regards.

jfontan · November 12, 2015, 5:51pm

Is it possible that the browser is not in UTF-8. I’ve tested using non ASCII characters in Sunstone and works OK. Also with an LDAP server.

DaD · November 27, 2015, 2:22pm

Javi Fontán forum@opennebula.org writes:

Is it possible that the browser is not in UTF-8. I’ve tested using non ASCII characters in Sunstone and works OK. Also with an LDAP server.

Hello,

I made a test with fresh OpenNebula 4.14.2 without LDAP server.

Create a test user:

oneuser create test Testuserwithé
echo 'test:Testuserwithé' > ~/test_one_auth

Activate password encoding:

sed -i -E 's,^#(:encode),\1,' /etc/one/sunstone-server.conf
service opennebula-sunstone restart

Try CLI login:

ONE_AUTH=~/test_one_auth oneuser list -l NAME
NAME
test

Here is a wireshark display of capture during login:

POST /login HTTP/1.1
Host: igor.eole.lan
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:42.0) Gecko/20100101
Firefox/42.0 Iceweasel/42.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Authorization: Basic dGVzdDpUZXN0dXNlcndpdGjDqQ==
X-Requested-With: XMLHttpRequest
Referer: http://igor.eole.lan/login
Content-Length: 14
Cookie: sunstone=2186eaf4cd50d4c4c95450d9761ff3d3b3a3da1b3005fec705837e8a64b08c33; one-user=test
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
remember=false

The “Authorization” field is base64 encoding of “test:Testuserwithé”.

Regards.

Daniel Dehennin
Récupérer ma clef GPG: gpg --recv-keys 0xCC1E9E5B7A6FE2DF
Fingerprint: 3E69 014E 5C23 50E8 9ED6 2AAD CC1E 9E5B 7A6F E2DF
signature.asc (342 Bytes)

Topic		Replies	Views
LDAP login failure GUI - Sunstone	3	394	October 22, 2021
Creating custom portal for OpenNebula GUI - Sunstone	9	1001	October 11, 2021
[Solved] Sunstone authentication bad decrypt Community Support	11	3735	October 14, 2016
Unrecognized UTF-8 initial byte value 0x91 Community Support	2	688	September 1, 2022
Authentication to LDAP/AD for Sunstone fails Community Support	9	2050	August 30, 2017

Sunstone encoding of passwords

Regards.

Related Topics