Project

General

Profile

Actions

Bug #3726

closed

The migration script should be able to handle passwords with non-alpha characters

Added by Nicolas CHARLES over 10 years ago. Updated about 8 years ago.

Status:
Rejected
Priority:
N/A
Category:
Packaging
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
Name check:
Fix check:
Regression:

Description

In all the LDAP query done in the migration script, the password is not quoted, so if it contains funky characters, there's a risk it might fail
We need to quote all the uses to the LDAP password

Actions #1

Updated by Nicolas PERRON over 10 years ago

  • Target version changed from 2.4.7 to 2.4.8
Actions #2

Updated by Nicolas PERRON over 10 years ago

  • Target version changed from 2.4.8 to 2.4.9
Actions #3

Updated by Nicolas PERRON over 10 years ago

  • Target version changed from 2.4.9 to 2.4.10
Actions #4

Updated by Nicolas PERRON over 10 years ago

  • Target version changed from 2.4.10 to 2.4.11
Actions #5

Updated by Nicolas PERRON over 10 years ago

  • Target version changed from 2.4.11 to 2.4.12
Actions #6

Updated by Nicolas PERRON over 10 years ago

  • Target version changed from 2.4.12 to 2.4.13
Actions #7

Updated by Vincent MEMBRÉ about 10 years ago

  • Target version changed from 2.4.13 to 2.6.11

Since 2.4 is not maintained anymore, retargeting to branch 2.6

Actions #8

Updated by Vincent MEMBRÉ about 10 years ago

  • Target version changed from 2.6.11 to 2.6.12
Actions #9

Updated by Vincent MEMBRÉ about 10 years ago

  • Target version changed from 2.6.12 to 2.6.13
Actions #10

Updated by Vincent MEMBRÉ almost 10 years ago

  • Target version changed from 2.6.13 to 2.6.14
Actions #11

Updated by Jonathan CLARKE almost 10 years ago

  • Target version changed from 2.6.14 to 2.6.16
Actions #12

Updated by Jonathan CLARKE almost 10 years ago

  • Target version changed from 2.6.16 to 2.6.17
Actions #13

Updated by Nicolas PERRON over 9 years ago

  • Target version changed from 2.6.17 to 2.6.18
Actions #14

Updated by Matthieu CERDA over 9 years ago

  • Target version changed from 2.6.18 to 2.6.19
Actions #15

Updated by Vincent MEMBRÉ over 9 years ago

  • Target version changed from 2.6.19 to 2.6.20
Actions #16

Updated by François ARMAND about 9 years ago

  • Target version changed from 2.6.20 to 2.10.10

There is a better in Rudder 2.10, but some uses are still unquotted.

Actions #17

Updated by Vincent MEMBRÉ about 9 years ago

  • Target version changed from 2.10.10 to 2.10.11
Actions #18

Updated by Vincent MEMBRÉ about 9 years ago

  • Target version changed from 2.10.11 to 2.10.12
Actions #19

Updated by Benoît PECCATTE about 9 years ago

  • Project changed from 34 to Rudder
  • Category set to Packaging
Actions #20

Updated by Vincent MEMBRÉ about 9 years ago

  • Target version changed from 2.10.12 to 2.10.13
Actions #21

Updated by Vincent MEMBRÉ almost 9 years ago

  • Target version changed from 2.10.13 to 2.10.14
Actions #22

Updated by Vincent MEMBRÉ almost 9 years ago

  • Target version changed from 2.10.14 to 2.10.15
Actions #23

Updated by Vincent MEMBRÉ over 8 years ago

  • Target version changed from 2.10.15 to 2.10.16
Actions #24

Updated by Vincent MEMBRÉ over 8 years ago

  • Target version changed from 2.10.16 to 2.10.17
Actions #25

Updated by Vincent MEMBRÉ over 8 years ago

  • Target version changed from 2.10.17 to 2.10.18
Actions #26

Updated by Vincent MEMBRÉ over 8 years ago

  • Target version changed from 2.10.18 to 2.10.19
Actions #27

Updated by Vincent MEMBRÉ over 8 years ago

  • Target version changed from 2.10.19 to 2.10.20
Actions #28

Updated by Vincent MEMBRÉ over 8 years ago

  • Target version changed from 2.10.20 to 2.11.18
Actions #29

Updated by Jonathan CLARKE about 8 years ago

  • Status changed from New to In progress
  • Assignee set to Jonathan CLARKE
Actions #30

Updated by Jonathan CLARKE about 8 years ago

  • Status changed from In progress to Rejected

All uses of LDAP_PASSWORD variable in rudder-upgrade come from this one line:

LDAP_PARAMETERS="-H ldap://${LDAP_SERVER}:${LDAP_PORT}/ -D ${LDAP_USER} -w ${LDAP_PASSWORD} -x" 

The shell automatically quotes any special characters in this, as shown here:

# grep root /opt/rudder/etc/openldap/slapd.conf
rootdn        "cn=Manager,cn=rudder-configuration" 
rootpw        a!ca*d?085e3

# bash -x /opt/rudder/bin/rudder-upgrade
...
ldapsearch -H ldap://localhost:389/ -D cn=manager,cn=rudder-configuration -w 'a!ca*d?085e3' -x -LLL -b cn=rudder-configuration -s base dn

This does not work, however, if the password contains a single quote, for obvious reasons. Apart from that, all characters seem to be just fine. I think that is good enough, so I'm closing this ticket.

Note: rudder-inventory-endpoint-upgrade does not use LDAP.

Actions

Also available in: Atom PDF