Bug 447964

Summary: fence_ipmilan does not handle punctuation in password
Product: Red Hat Enterprise Linux 5 Reporter: Jonathan DeHaan <jdehaan>
Component: cmanAssignee: Jan Friesse <jfriesse>
Status: CLOSED ERRATA QA Contact: GFS Bugs <gfs-bugs>
Severity: low Docs Contact:
Priority: low    
Version: 5.1CC: bkahn, bstevens, cfeist, cluster-maint, djansa, edamato, jfriesse, rlerch, rmccabe
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: cman-2.0.100-1.el5 Doc Type: Bug Fix
Doc Text:
Cause: IPMI password with characters like $, ', ... Consequence: User cannot use this strong passwords Fix: Make the called command properly escaped with \, so shell will not interpret these as variables, ... Result: User can use strong passwords.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2009-09-02 11:09:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 472369    
Attachments:
Description Flags
Patch to fix problem none

Description Jonathan DeHaan 2008-05-22 17:05:04 UTC 
Description of problem:
When using a password containing the '$' character, fence_ipmilan will not
connect to the IPMI node. If the ipmitool command is run with the -a option to
specify the same password interactively, it completes properly.
Passwords containing '+', '@', and '?' work correctly with fence_ipmilan.


Version-Release number of selected component (if applicable):


How reproducible:
100%

Steps to Reproduce:
1.Set a password on an IPMI node containing a '$' as well as  other characters
2.Set up a cluster with a fence device of type IPMI pointed at the previous node
3.Attempt to fence the node in Luci
  
Actual results:
Node remains up

Expected results:
Node should turn off, and then on

Additional info:
Comment 1 Jan Friesse 2008-11-20 14:22:01 UTC 
Created attachment 324180 [details]
Patch to fix problem

IPMI fence agent works by spawn a /bin/sh and ipmitool. If host name/password or any other command line argument included special shell characters (like $, ", ', ...) shell will try to substitute. This is not allowed behaviour and
this patch fix it.
Comment 6 Jan Friesse 2009-05-19 07:51:22 UTC 
Release note added. If any revisions are required, please set the 
"requires_release_notes" flag to "?" and edit the "Release Notes" field accordingly.
All revisions will be proofread by the Engineering Content Services team.

New Contents:
Cause: IPMI password with characters like $, ', ...
Consequence: User cannot use this strong passwords
Fix: Make the called command properly escaped with \, so shell will not interpret these as variables, ...
Result: User can use strong passwords.
Comment 8 errata-xmlrpc 2009-09-02 11:09:24 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2009-1341.html