Bug 1691253

Summary: ovirt-engine-extension-aaa-ldap-setup does not escape special characters in password
Product: Red Hat Enterprise Virtualization Manager Reporter: Miguel Martin <mmartinv>
Component: ovirt-engine-extension-aaa-ldapAssignee: Martin Perina <mperina>
Status: CLOSED ERRATA QA Contact: Petr Matyáš <pmatyas>
Severity: medium Docs Contact:
Priority: high    
Version: 4.2.8-3CC: audgiri, lleistne, lsurette, mtessun, pmatyas, rhodain
Target Milestone: ovirt-4.4.3Keywords: ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ovirt-engine-extension-aaa-ldap-1.4.2 Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-11-24 13:09:18 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Miguel Martin 2019-03-21 09:17:35 UTC 
Description of problem:

It looks like 'ovirt-engine-extension-aaa-ldap-setup' does not escape special characters in the search user's password when generating the profile properties file.

In the setup process, the user enters the 'dn' and the password of the search user. Then the setup script tries to perform a simple bind which is successful and the setup process continues.

At the end of the process, the user is asked to test the authentication. In this test, the setup process has generated the profile file already and tries the authentication by using the extensions tool but it fails because the password of the search user in the profile file is wrong as it hasn't escaped the special characters in the properties file.


Version-Release number of selected component (if applicable):

ovirt-engine-extension-aaa-ldap-setup-1.3.8-1.el7ev.noarch  

How reproducible:
Always

Steps to Reproduce:
1. Run ovirt-engine-extension-aaa-ldap-setup and configure it with a search user who has a password containing '\' special character
2. In the final step try the login of another user.

Actual results:
The authentication fails

Expected results:
The authentication succeeds
Comment 2 Daniel Gur 2019-08-28 13:13:50 UTC 
sync2jira
Comment 3 Daniel Gur 2019-08-28 13:18:03 UTC 
sync2jira
Comment 6 Petr Matyáš 2020-10-30 13:42:16 UTC 
Verified on ovirt-engine-extension-aaa-ldap-1.4.2-1.el8ev.noarch
Comment 10 errata-xmlrpc 2020-11-24 13:09:18 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Low: Red Hat Virtualization security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5179