From 6ee75cf80919aacad5987098d4fb309403113d7f Mon Sep 17 00:00:00 2001
From: Derek Higgins <derekh@redhat.com>
Date: Mon, 28 Jan 2013 12:37:43 -0500
Subject: [PATCH] Properly quote RHN passwords

some characters were causing probems e.g. | and '
https://bugzilla.redhat.com/show_bug.cgi?id=903502

Change-Id: I092725f4022f61941257118eb06a6fa898797094
---
 packstack/installer/common_utils.py |  3 +++
 packstack/plugins/serverprep_901.py |  5 ++--
 tests/test.py                       | 22 ++++++++++++++++
 tests/test_plugin_serverprep.py     | 41 +++++++++++++++++++++++++++++
 4 files changed, 69 insertions(+), 2 deletions(-)
 create mode 100644 tests/test_plugin_serverprep.py

diff --git a/packstack/installer/common_utils.py b/packstack/installer/common_utils.py
index 09a24c7d5..9cb74471d 100644
--- a/packstack/installer/common_utils.py
+++ b/packstack/installer/common_utils.py
@@ -171,6 +171,9 @@ def _maskString(string, maskList=[]):
     for maskItem in maskList:
         if not maskItem: continue
         maskedStr = maskedStr.replace(maskItem, "*"*8)
+        # if looking at stderr of a script, single quotes have been converted
+        # to '\''
+        maskedStr = maskedStr.replace(maskItem.replace("'","'\\''"), "*"*8)
 
     return maskedStr
 
diff --git a/packstack/plugins/serverprep_901.py b/packstack/plugins/serverprep_901.py
index f84bf4776..c724fbc96 100644
--- a/packstack/plugins/serverprep_901.py
+++ b/packstack/plugins/serverprep_901.py
@@ -128,12 +128,13 @@ def serverprep():
 
         # Subscribe to Red Hat Repositories if configured
         RH_USERNAME = controller.CONF["CONFIG_RH_USERNAME"].strip()
+        RH_PASSWORD = controller.CONF["CONFIG_RH_PASSWORD"].strip()
         if RH_USERNAME:
-            server.append("subscription-manager register --username=%s --password=%s --autosubscribe || true" % (RH_USERNAME, controller.CONF["CONFIG_RH_PASSWORD"].strip()))
+            server.append("subscription-manager register --username=\"%s\" --password=\"%s\" --autosubscribe || true" % (RH_USERNAME, RH_PASSWORD.replace('"','\\"')))
             server.append("subscription-manager list --consumed | grep -i openstack || "
                           "subscription-manager subscribe --pool $(subscription-manager list --available | grep -e 'Red Hat OpenStack' -m 1 -A 2 | grep 'Pool Id' | awk '{print $3}')")
             server.append("yum clean all")
             server.append("yum-config-manager --enable rhel-server-ost-6-folsom-rpms")
 
         server.append("yum clean metadata")
-        server.execute(maskList=[controller.CONF["CONFIG_RH_PASSWORD"].strip()])
+        server.execute(maskList=[controller.CONF["CONFIG_RH_PASSWORD"]])
diff --git a/tests/test.py b/tests/test.py
index c8ebeb7cd..861224912 100644
--- a/tests/test.py
+++ b/tests/test.py
@@ -17,14 +17,36 @@
 import shutil
 import tempfile
 
+import subprocess
 from unittest import TestCase
 
 
+class fakePopen(object):
+    def __init__(self, returncode=0):
+        self.returncode = returncode
+        self.stdout = self.stderr = self.data = ""
+
+    def __call__(self, *args, **kwargs):
+        self.args = args
+        self.kwargs = kwargs
+        return self
+
+    def communicate(self, data):
+        self.data += data
+        return self.stdout, self.stderr
+
+
 class TestCase(TestCase):
     def setUp(self):
         # Creating a temp directory that can be used by tests
         self.tempdir = tempfile.mkdtemp()
 
+        # some plugins call popen, we're replacing it for tests
+        self._Popen = subprocess.Popen
+        self.fakePopen = subprocess.Popen = fakePopen()
+
     def tearDown(self):
         # remove the temp directory
         shutil.rmtree(self.tempdir)
+
+        subprocess.Popen = self._Popen
diff --git a/tests/test_plugin_serverprep.py b/tests/test_plugin_serverprep.py
new file mode 100644
index 000000000..0a7dc4cdb
--- /dev/null
+++ b/tests/test_plugin_serverprep.py
@@ -0,0 +1,41 @@
+# vim: tabstop=4 shiftwidth=4 softtabstop=4
+
+# Copyright 2013, Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import os
+from test import TestCase
+
+from packstack.plugins import serverprep_901
+from packstack.installer.setup_controller import Controller
+
+serverprep_901.controller = Controller()
+
+
+class OSPluginUtilsTestCase(TestCase):
+    def test_rhn_creds_quoted(self):
+        """Make sure RHN password is quoted"""
+
+        password = "dasd|'asda%><?"
+        serverprep_901.controller.CONF["CONFIG_KEYSTONE_HOST"] = "1.2.3.4"
+        serverprep_901.controller.CONF["CONFIG_USE_EPEL"] = "n"
+        serverprep_901.controller.CONF["CONFIG_REPO"] = ""
+        serverprep_901.controller.CONF["CONFIG_RH_USERNAME"] = "testuser"
+        serverprep_901.controller.CONF["CONFIG_RH_PASSWORD"] = password
+
+        serverprep_901.serverprep()
+
+        self.assertNotEqual(
+            self.fakePopen.data.find('--password="%s"' % password), -1
+        )