Closed
Bug 189189
Opened 22 years ago
Closed 22 years ago
My Bugzilla install will validate a user nomatter what password they enter
Categories
(Bugzilla :: Bugzilla-General, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: caseyg, Assigned: justdave)
Details
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)
Build Identifier:
When i go to my bugzilla page (http://bugs.chsamerica.com) and try to login I
get in if i put in any password, including random text. IT logs in fine.
Reproducible: Always
Steps to Reproduce:
1. Login with any user name and no password, or a password that is not right
for that user
2.
3.
Actual Results:
its logs in as if i had entered the right password
Expected Results:
I should have told me i had the wrong password.
What i did notive is that the user MUST exist on the system for it to work,
only it doesn't care what password you put in.
|
Assignee | |
Comment 1•22 years ago
|
||
I can't duplicate this on bugzilla-tip... what version of Bugzilla are you
running, where did you get it from, and are you using any options from
editparameters.cgi which might affect logins? (like persistant cookie netblocks
or alwaysrequirelogin?)
my version is 2.16.2
and i don't have those options, or i am not familiar with them. They are not
in my edit parameters.cgi and i got this from the bugzilla site.
its running on
apache-1.3.27-1.7.1
RedHat 7.1
ActiveState Perl 5.6.1
Version: unspecified → 2.16.2
|
|
Assignee | |
Comment 3•22 years ago
|
||
You're using ActiveState on RedHat? I thought ActiveState was a Windows thing...
OS: Windows XP → Linux
Yes it was an RPM, do you think that could be a problem? I could remove it and
put the normal perl package. When i went to perl.org though that is what i was
directed to. ActiveState that is.
|
||
Comment 5•22 years ago
|
||
That is the largest difference between your system and a "standard" system. I
am not aware of anyone else using activestate under Linux.
Before you switch out perl though, try
mysql -u db_user -p db_passwd database
(substituting your database user, password, and database in, of course)
then
SELECT login_name, cryptpassword FROM profiles LIMIT 5;
You should get a dump like....
+---------------------------------+---------------+
| login_name | cryptpassword |
+---------------------------------+---------------+
| bugreport@peshkin.org | PrlqUj5ybsA4E |
| outsider@foo.com | xIeqts/V9TwDE |
| joel@foo.com | gtL0qiNHoA1H. |
Where the cryptpasswords are a string of very random-looking things. If this is
not true, then your crypt() function in your perl is likely the culprit.
I already Checked that passwords so i am going to remove all the pacakges for
perl and its dependents and reinstall them.
Actually I am going to use the perl-5.8.0 rpm from rpmfind.net and see if that
works.
|
|
Assignee | |
Comment 8•22 years ago
|
||
Since you're using RedHat, you might be better off with RPMs provided by
RedHat... RedHat normally ships a Perl on the CD (and part of the default
install when you net-install). 7.1 probably would have had 5.6.0 on it.
I'm assuming you are probably winding up with something different because you
want Perl 5.8... Look on RedHat's FTP (or your nearest mirror). I would
suggest grabbing the SRPM for Perl 5.8 out of the RedHat 8.0 directory, or from
the rawhide directory. The one out of rawhide is what's installed on Landfill
right now (where I couldn't reproduce your problem) so I know that one works.
(Landfill is running RedHat 7.2)
ftp://ftp.redhat.com/pub/redhat/linux/8.0/en/os/i386/SRPMS/ or
ftp://ftp.redhat.com/pub/redhat/linux/rawhide/SRPMS/SRPMS/
install it with rpm -i.
cd /usr/src/redhat/SPECS
edit the perl.spec file and change the dependency on db-4 to look for db-3
instead (it works fine, I've done it many times :)
then "rpm -ba perl.spec"
when it's done you'll have RPMs in /usr/src/redhat/RPMS/i386 that you can
install the normal way (rpm -Uvh)
I ended up installing the perl5.6.1 rpm and then my httpd would not start. I
messed soemthing major up. I am going to do it from scratch.
|
|
Assignee | |
Comment 10•22 years ago
|
||
WORKSFORME, per recent post to the developers mailing list.
From: Casey Gregoire <caseyg@chsamerica.com>
To: developers@bugzilla.org
Subject: Re: Login
Date: Mon, 20 Jan 2003 07:40:36 -0500
Reply-To: developers@bugzilla.org
That is what i ended up doing. Using the Perl 5.6.1 from CPAN worked fine.
It messed up my installation of Apache to upgrade perl for some reason. I am
not sure if that was my fault or not. But it is working fine now. I am
wondering what function in ActiveState Perl would allow the everything to
work EXCEPT the password checking in Bugzilla. Any how, thanks for the
reply, its all working fine now.
Thank you,
Casey Gregoire.
-----Original Message-----
From: David Miller [mailto:justdave@syndicomm.com]
Sent: Friday, January 17, 2003 5:19 PM
To: developers@bugzilla.org
Subject: Re: Login
[.....]
Last I heard he was on RedHat 7.1 running ActiveState Perl... which threw
most of us because we'd never seen ActiveState on Linux :) Last action on
the bug I believe was he was trying to install an official RedHat
distribution of Perl to see if that fixed it.
Status: UNCONFIRMED → RESOLVED
Closed: 22 years ago
Resolution: --- → WORKSFORME
|
||
Updated•13 years ago
|
QA Contact: matty_is_a_geek → default-qa
You need to log in
before you can comment on or make changes to this bug.
Description
•