Bug 1212657
Summary: | Password is not correctly passed to perl command line tools if it contains shell special characters. | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Noriko Hosoi <nhosoi> |
Component: | 389-ds-base | Assignee: | Noriko Hosoi <nhosoi> |
Status: | CLOSED ERRATA | QA Contact: | Viktor Ashirov <vashirov> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.0 | CC: | atolani, jgalipea, nkinder, rmeggins, sramling |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | 389-ds-base-1.2.11.15-54.el6 | Doc Type: | Bug Fix |
Doc Text: |
Cause: Password is not correctly passed to perl command line tools if it contains shell special characters.
Consequence: If the password contains such special characters, the tools did not start.
Fix: Now the shell special characters are properly escaped.
Result: The perl command line tools have no problem with the shell special characters.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2015-07-22 06:37:26 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Noriko Hosoi
2015-04-16 23:28:27 UTC
Affected scripts: bak2db.pl cleanallruv.pl db2bak.pl db2index.pl db2ldif.pl fixup-linkedattrs.pl fixup-memberof.pl ldif2db.pl ns-accountstatus.pl ns-activate.pl ns-inactivate.pl ns-newpwpolicy.pl schema-reload.pl syntax-validate.pl usn-tombstone-cleanup.pl Steps: Set the directory manager's password to pas$w!or'd" Run each script with -D 'cn=directory manager' -w pas\$w\!or\'d\" And -D 'cn=directory manager' -w - Bind Password: pas$w!or'd" If the bind is successful, the fix is verified. [root@ivanova slapd-M1]# ./db2bak.pl -D 'cn=Directory manager' -a /tmp/test123 -w - Bind Password: Back up directory: /tmp/test123 adding new entry "cn=backup_2015_5_15_9_58_29, cn=backup, cn=tasks, cn=config" [root@ivanova slapd-M1]# ./db2bak.pl -D 'cn=Directory manager' -a /tmp/test123 -w pas\$w\!or\'d\" Back up directory: /tmp/test123 adding new entry "cn=backup_2015_5_15_9_58_43, cn=backup, cn=tasks, cn=config" [root@ivanova slapd-M1]# ./bak2db.pl -D 'cn=Directory manager' -a /tmp/test123 -n userRoot -w - Bind Password: adding new entry "cn=restore_2015_5_15_10_38_6, cn=restore, cn=tasks, cn=config" [root@ivanova slapd-M1]# ./bak2db.pl -D 'cn=Directory manager' -a /tmp/test123 -n userRoot -w pas\$w\!or\'d\" adding new entry "cn=restore_2015_5_15_10_38_32, cn=restore, cn=tasks, cn=config" [root@ivanova slapd-M1]# ./cleanallruv.pl -D 'cn=Directory manager' -b "dc=passsync,dc=com" -r 1232 -w pas\$w\!or\'d\" adding new entry "cn=cleanallruv_2015_5_15_10_39_50, cn=cleanallruv, cn=tasks, cn=config" [root@ivanova slapd-M1]# ./cleanallruv.pl -D 'cn=Directory manager' -b "dc=passsync,dc=com" -r 1232 -w - Bind Password: adding new entry "cn=cleanallruv_2015_5_15_10_40_20, cn=cleanallruv, cn=tasks, cn=config" [root@ivanova slapd-M1]# ./db2index.pl -D 'cn=Directory manager' -T cn -n userRoot -w pas\$w\!or\'d\" adding new entry "cn=db2index_2015_5_15_13_9_1, cn=index, cn=tasks, cn=config" [root@ivanova slapd-M1]# ./db2index.pl -D 'cn=Directory manager' -T cn -n userRoot -w - Bind Password: adding new entry "cn=db2index_2015_5_15_13_9_20, cn=index, cn=tasks, cn=config" [root@ivanova slapd-M1]# ./db2ldif.pl -D 'cn=Directory manager' -n userRoot -w pas\$w\!or\'d\" Exporting to ldif file: /var/lib/dirsrv/slapd-M1/ldif/M1-userRoot-2015_5_15_13_10_28.ldif adding new entry "cn=export_2015_5_15_13_10_28, cn=export, cn=tasks, cn=config" [root@ivanova slapd-M1]# ./db2ldif.pl -D 'cn=Directory manager' -n userRoot -w - Bind Password: Exporting to ldif file: /var/lib/dirsrv/slapd-M1/ldif/M1-userRoot-2015_5_15_13_10_41.ldif adding new entry "cn=export_2015_5_15_13_10_41, cn=export, cn=tasks, cn=config" [root@ivanova slapd-M1]# ./ldif2db.pl -D 'cn=Directory manager' -i /var/lib/dirsrv/slapd-M1/ldif/M1-userRoot-2015_5_15_13_10_28.ldif -s "dc=passsync,dc=com" -n userRoot -w pas\$w\!or\'d\" adding new entry "cn=import_2015_5_15_13_14_7, cn=import, cn=tasks, cn=config" [root@ivanova slapd-M1]# ./ldif2db.pl -D 'cn=Directory manager' -i /var/lib/dirsrv/slapd-M1/ldif/M1-userRoot-2015_5_15_13_10_28.ldif -s "dc=passsync,dc=com" -n userRoot -w - Bind Password: adding new entry "cn=import_2015_5_15_13_14_22, cn=import, cn=tasks, cn=config" [root@ivanova slapd-M1]# ./ns-accountstatus.pl -D 'cn=Directory manager' -I "uid=users1189users5,ou=People,dc=passsync,dc=com" -w pas\$w\!or\'d\" uid=users1189users5,ou=People,dc=passsync,dc=com activated. [root@ivanova slapd-M1]# ./ns-accountstatus.pl -D 'cn=Directory manager' -I "uid=users1189users5,ou=People,dc=passsync,dc=com" -w - Bind Password: uid=users1189users5,ou=People,dc=passsync,dc=com activated. [root@ivanova slapd-M1]# ./ns-activate.pl -D 'cn=Directory manager' -I "uid=users1189users5,ou=People,dc=passsync,dc=com" -w - Bind Password: uid=users1189users5,ou=People,dc=passsync,dc=com already activated. [root@ivanova slapd-M1]# ./ns-activate.pl -D 'cn=Directory manager' -I "uid=users1189users5,ou=People,dc=passsync,dc=com" -w pas\$w\!or\'d\" uid=users1189users5,ou=People,dc=passsync,dc=com already activated. [root@ivanova slapd-M1]# ./ns-inactivate.pl -D 'cn=Directory manager' -I "uid=users1189users5,ou=People,dc=passsync,dc=com" -w pas\$w\!or\'d\" uid=users1189users5,ou=People,dc=passsync,dc=com inactivated. [root@ivanova slapd-M1]# ./ns-inactivate.pl -D 'cn=Directory manager' -I "uid=users1189users5,ou=People,dc=passsync,dc=com" -w - Bind Password: uid=users1189users5,ou=People,dc=passsync,dc=com already inactivated. ./usn-tombstone-cleanup.pl -D "cn=Directory Manager" -n userRoot -w - Bind Password: adding new entry "cn=usn_cleanup_2015_5_15_13_25_20, cn=USN tombstone cleanup task, cn=tasks, cn=config" ldap_add: No such object (32) [root@ivanova slapd-M1]# ./ns-activate.pl -D 'cn=Directory manager' -I "uid=users1189users5,ou=People,dc=passsync,dc=com" -j /tmp/pass.txt uid=users1189users5,ou=People,dc=passsync,dc=com activated. [root@ivanova slapd-M1]# ./ns-activate.pl -D 'cn=Directory manager' -I "uid=users1189users5,ou=People,dc=passsync,dc=com" -j /tmp/pass.txt uid=users1189users5,ou=People,dc=passsync,dc=com already activated. [root@ivanova slapd-M1]# ./fixup-linkedattrs.pl -D 'cn=Directory manager' -l "uid=users1189users5,ou=People,dc=passsync,dc=com" -w - Bind Password: adding new entry "cn=linked_attrs_fixup_2015_5_15_13_27_58, cn=fixup linked attributes, cn=tasks, cn=config" [root@ivanova slapd-M1]# ./fixup-memberof.pl -D 'cn=Directory manager' -b "uid=users1189users5,ou=People,dc=passsync,dc=com" -w pas\$w\!or\'d\" adding new entry "cn=memberOf_fixup_2015_5_15_13_28_53, cn=memberOf task, cn=tasks, cn=config" ldap_add: No such object (32) [root@ivanova slapd-M1]# ./schema-reload.pl -D 'cn=Directory manager' -d /etc/dirsrv/schema/ -w pas\$w\!or\'d\" adding new entry "cn=schema_reload_2015_5_15_13_30_14, cn=schema reload task, cn=tasks, cn=config" [root@ivanova slapd-M1]# ./schema-reload.pl -D 'cn=Directory manager' -d /etc/dirsrv/schema/ -w - Bind Password: adding new entry "cn=schema_reload_2015_5_15_13_30_24, cn=schema reload task, cn=tasks, cn=config" All the perl scripts are working perfectly fine with the escaped character passwords. Hence, marking the bug as Verified. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-1326.html *** Bug 1176426 has been marked as a duplicate of this bug. *** |