Bug 1691253 - ovirt-engine-extension-aaa-ldap-setup does not escape special characters in password
Summary: ovirt-engine-extension-aaa-ldap-setup does not escape special characters in p...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine-extension-aaa-ldap
Version: 4.2.8-3
Hardware: Unspecified
OS: Unspecified
high
medium
Target Milestone: ovirt-4.4.3
: ---
Assignee: Martin Perina
QA Contact: Petr Matyáš
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-03-21 09:17 UTC by Miguel Martin
Modified: 2021-01-12 14:21 UTC (History)
6 users (show)

Fixed In Version: ovirt-engine-extension-aaa-ldap-1.4.2
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-11-24 13:09:18 UTC
oVirt Team: Infra
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2020:5179 0 None None None 2020-11-24 13:10:34 UTC
oVirt gerrit 111449 0 None MERGED aaa: Fix special characters in password when saving to conf file 2021-01-28 14:12:30 UTC

Description Miguel Martin 2019-03-21 09:17:35 UTC
Description of problem:

It looks like 'ovirt-engine-extension-aaa-ldap-setup' does not escape special characters in the search user's password when generating the profile properties file.

In the setup process, the user enters the 'dn' and the password of the search user. Then the setup script tries to perform a simple bind which is successful and the setup process continues.

At the end of the process, the user is asked to test the authentication. In this test, the setup process has generated the profile file already and tries the authentication by using the extensions tool but it fails because the password of the search user in the profile file is wrong as it hasn't escaped the special characters in the properties file.


Version-Release number of selected component (if applicable):

ovirt-engine-extension-aaa-ldap-setup-1.3.8-1.el7ev.noarch  

How reproducible:
Always

Steps to Reproduce:
1. Run ovirt-engine-extension-aaa-ldap-setup and configure it with a search user who has a password containing '\' special character
2. In the final step try the login of another user.

Actual results:
The authentication fails

Expected results:
The authentication succeeds

Comment 2 Daniel Gur 2019-08-28 13:13:50 UTC
sync2jira

Comment 3 Daniel Gur 2019-08-28 13:18:03 UTC
sync2jira

Comment 6 Petr Matyáš 2020-10-30 13:42:16 UTC
Verified on ovirt-engine-extension-aaa-ldap-1.4.2-1.el8ev.noarch

Comment 10 errata-xmlrpc 2020-11-24 13:09:18 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Low: Red Hat Virtualization security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5179


Note You need to log in before you can comment on or make changes to this bug.