Bug 447964 - fence_ipmilan does not handle punctuation in password
fence_ipmilan does not handle punctuation in password
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: cman (Show other bugs)
5.1
x86_64 Linux
low Severity low
: rc
: ---
Assigned To: Jan Friesse
GFS Bugs
:
Depends On:
Blocks: 472369
  Show dependency treegraph
 
Reported: 2008-05-22 13:05 EDT by Jonathan DeHaan
Modified: 2009-09-02 07:09 EDT (History)
9 users (show)

See Also:
Fixed In Version: cman-2.0.100-1.el5
Doc Type: Bug Fix
Doc Text:
Cause: IPMI password with characters like $, ', ... Consequence: User cannot use this strong passwords Fix: Make the called command properly escaped with \, so shell will not interpret these as variables, ... Result: User can use strong passwords.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-09-02 07:09:24 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch to fix problem (3.02 KB, application/octet-stream)
2008-11-20 09:22 EST, Jan Friesse
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2009:1341 normal SHIPPED_LIVE Low: cman security, bug fix, and enhancement update 2009-09-01 06:43:16 EDT

  None (edit)
Description Jonathan DeHaan 2008-05-22 13:05:04 EDT
Description of problem:
When using a password containing the '$' character, fence_ipmilan will not
connect to the IPMI node. If the ipmitool command is run with the -a option to
specify the same password interactively, it completes properly.
Passwords containing '+', '@', and '?' work correctly with fence_ipmilan.


Version-Release number of selected component (if applicable):


How reproducible:
100%

Steps to Reproduce:
1.Set a password on an IPMI node containing a '$' as well as  other characters
2.Set up a cluster with a fence device of type IPMI pointed at the previous node
3.Attempt to fence the node in Luci
  
Actual results:
Node remains up

Expected results:
Node should turn off, and then on

Additional info:
Comment 1 Jan Friesse 2008-11-20 09:22:01 EST
Created attachment 324180 [details]
Patch to fix problem

IPMI fence agent works by spawn a /bin/sh and ipmitool. If host name/password or any other command line argument included special shell characters (like $, ", ', ...) shell will try to substitute. This is not allowed behaviour and
this patch fix it.
Comment 6 Jan Friesse 2009-05-19 03:51:22 EDT
Release note added. If any revisions are required, please set the 
"requires_release_notes" flag to "?" and edit the "Release Notes" field accordingly.
All revisions will be proofread by the Engineering Content Services team.

New Contents:
Cause: IPMI password with characters like $, ', ...
Consequence: User cannot use this strong passwords
Fix: Make the called command properly escaped with \, so shell will not interpret these as variables, ...
Result: User can use strong passwords.
Comment 8 errata-xmlrpc 2009-09-02 07:09:24 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2009-1341.html

Note You need to log in before you can comment on or make changes to this bug.