Description of problem: Using the Console to change the admin password to a new password with a single quote (') in it does not work as expected - the password is actually set to a different value. Version-Release number of selected component (if applicable): Fedora-DS 1.0.4 How reproducible: Very Steps to Reproduce: 1. Login to Directory Management Console 2. Change admin password to pass'word 3. Try to login again to Directory Manangement Console Actual results: Should be able to login to console with user="admin", password="pass'word" Expected results: Console gives error saying user/password is incorrect. Additional info: uffe reports that the password is url-encoded from pass'word to pass%27word.
Hmm, I think I swapped actual & expected results above. The upshot is that if you change to a password with a single quote (apostrophe) in it, then you will *not* be able to login to the Console with that new password. This can leave sysadmins with no way to login to FDS, which is really bad. Could the change password screen at least display a warning or error if the new password has funny characters in it? That would give you a clue that you should change the password before you get locked out of the Console (next time you try to login).
Have you tried to reproduce this problem with the latest Fedora DS 1.1.3 and other latest components (especially fedora-ds-admin 1.1.6 and adminutil 1.1.7)? There were some fixes made in the url encoding/decoding area that may have helped with this problem.
(In reply to comment #5) > Have you tried to reproduce this problem with the latest Fedora DS 1.1.3 and > other latest components (especially fedora-ds-admin 1.1.6 and adminutil 1.1.7)? > There were some fixes made in the url encoding/decoding area that may have > helped with this problem. This bug still in this combination: 389-console-1.1.4-1.fc13.noarch 389-ds-console-doc-1.2.3-1.fc13.noarch 389-admin-console-1.1.5-1.fc13.noarch 389-admin-1.1.14-1.fc13.x86_64 389-ds-base-1.2.8-0.1.a1.fc13.x86_64 If you update password from Admin Console | COnfiguration | Access, pass'word is converted to pass%27word. If it is on the Directory Console | Edit Entry, pass'word is passed with no change.
Created attachment 478303 [details] 389-admin-console: git patch file (master) Description: The save method in CGIAccessSetup "encodes" the admin password with URLByteEncoder.encodeUTF8, which escapes a string in the HTML safe manner, which should not be done for the password.
Created attachment 478306 [details] 389-admin-console: git patch file (master)
Note: The console password field does not accept non-ascii characters at all. Input method does not get enabled for the field. If you force to input non-ascii characters with copy&paste, the characters are simply dropped. E.g., Liberté --> Libert
Comment on attachment 478306 [details] 389-admin-console: git patch file (master) I think the console is doing the right thing - it should be url encoding/escaping possibly dangerous characters - I think mod_admserv should be unescaping the password
Hmmm, then the password input on the DS Console's Edit Entry should be escaped, as well?
Never mind... DS sends the password in LDAP not via HTTP. So, it won't break the protocol.
Created attachment 478329 [details] AS: git patch file (master) Thanks to Rich for his comments. I cancelled the 389-admin-console patch. Description: When the Admin User password is changed on the Admin Console, the console escapes the password then sends it to the Admin Server. This patch adds the apache API ap_unescape_url to mod_admserv to unescape the password before handling it.
Comment on attachment 478329 [details] AS: git patch file (master) ap_unescape_url() will do the unescape in place - is that safe to do? This is the r->args pointer from the request_rec* passed in to the function. It may be safe to rewrite that memory - I just don't know.
Created attachment 478422 [details] AS: git patch file (master) Thanks to Rich for his comments. Instead of doing the in-place escape, changed to duplicate the given password and work on the copy. Description: When the Admin User password is changed on the Admin Console, the console escapes the password then sends it to the Admin Server. This patch adds the apache API ap_unescape_url to mod_admserv to unescape the password before handling it. Since ap_unescape_url does the unescape in place, it duplicates the given password and escapes on the duplicated memory.
Thanks to Rich and Nathan for their comments and reviews. Pushed to master. $ git merge 245278 Updating 2f738ad..0f07440 Fast-forward mod_admserv/mod_admserv.c | 18 +++++++++++++++--- 1 files changed, 15 insertions(+), 3 deletions(-) $ git push Counting objects: 7, done. Delta compression using up to 2 threads. Compressing objects: 100% (4/4), done. Writing objects: 100% (4/4), 847 bytes, done. Total 4 (delta 3), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/admin.git 2f738ad..0f07440 master -> master
Tested As : 1. Login to Directory Management Console 2. Change admin password to pass'word 3. Try to login again to Directory Manangement Console Console gives error saying user/password is incorrect. And the also the password in the Access Logs is : pass%27word 10.65.193.133 - cn=Directory Manager [23/Jun/2011:16:18:00 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19 10.65.193.133 - cn=Directory Manager [23/Jun/2011:16:18:01 +0530] "POST /admin-serv/tasks/Configuration/ServerSetup HTTP/1.0" 200 251 10.65.193.133 - cn=Directory Manager [23/Jun/2011:16:18:03 +0530] "POST /admin-serv/tasks/Configuration/AccessSetup HTTP/1.0" 200 17 10.65.193.133 - cn=Directory Manager [23/Jun/2011:16:18:14 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19 10.65.193.133 - cn=Directory Manager [23/Jun/2011:16:18:17 +0530] "POST /admin-serv/tasks/Configuration/AccessSetup HTTP/1.0" 200 14 10.65.193.133 - cn=Directory Manager [23/Jun/2011:16:18:17 +0530] "GET /admin-serv/commands/change-sie-password?pass%27word HTTP/1.0" 200 - 10.65.193.133 - cn=Directory Manager [23/Jun/2011:16:18:29 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19 10.65.193.133 - cn=Directory Manager [23/Jun/2011:16:18:44 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19 10.65.193.133 - cn=Directory Manager [23/Jun/2011:16:19:00 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19 10.65.193.133 - cn=Directory Manager [23/Jun/2011:16:19:15 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19 More over in case I set the password like test123, even that password is not accepted meaning It is like It is not changing the password .. same as I opened a new bug - https://bugzilla.redhat.com/show_bug.cgi?id=715507 ??
[root@amsharma admin-serv]# rpm -qa | grep 389 389-admin-console-doc-1.1.7-1.el6.noarch 389-admin-console-1.1.7-1.el6.noarch 389-ds-console-1.2.5-1.el6.noarch 389-ds-1.2.1-2.el6.noarch 389-adminutil-1.1.13-1.el6.x86_64 389-ds-base-devel-1.2.8.4-2.el6.x86_64 389-ds-base-libs-1.2.8.4-2.el6.x86_64 389-console-1.1.4-1.el6.noarch 389-admin-1.1.16-2.el6.x86_64 389-ds-console-doc-1.2.5-1.el6.noarch 389-ds-base-1.2.8.4-2.el6.x86_64
I have no problem to change the admin password to pass'word. Single quote is internally escaped and converted to %27, which is fine. [11/Jul/2011:10:07:14 -0700] "GET /admin-serv/commands/change-sie-password?pass%27word HTTP/1.0" 200 - My system is on F15 and ahead of yours, but I don't think there are any differences in the area... What I did is identical to your test case. 1. Login Console; open Admin Console 2. On Configuration | Access tab, changed password (PASS'WORD); click Save 3. Exit Console 4. Restart Console; type PASS'WORD in the login panel. [11/Jul/2011:10:19:28 -0700] "GET /admin-serv/commands/change-sie-password?PASS%27WORD HTTP/1.0" 200 -
ok, done.. Marking as VERIFIED.
should be marked CLOSED