Univention Bugzilla – Full Text Bug Listing |
Summary: | Insecure quoting, global variables in umc.sh, join fails if password contains space | ||
---|---|---|---|
Product: | UCS | Reporter: | Philipp Hahn <hahn> |
Component: | univention-lib | Assignee: | Philipp Hahn <hahn> |
Status: | CLOSED FIXED | QA Contact: | Florian Best <best> |
Severity: | normal | ||
Priority: | P5 | CC: | best, damrose, gohmann, grandjean, requate, schwardt, walkenhorst |
Version: | UCS 4.1 | Flags: | hahn:
Patch_Available+
|
Target Milestone: | UCS 4.1-3-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | Development Internal | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | Further conceptual development, Security, Troubleshooting | |
Max CVSS v3 score: | |||
Attachments: | Workaround shell quoting |
Description
Philipp Hahn
2011-11-21 14:01:59 CET
*** Bug 26827 has been marked as a duplicate of this bug. *** *** Bug 25884 has been marked as a duplicate of this bug. *** Created attachment 5327 [details] Workaround shell quoting This was motivated by: 34univention-management-console-server.inst: > WARNING: the following arguments are ignored: "am" "Main,dc=phahn,dc=dev" "univention" "--ignore_exists" "--position" "cn=univention,dc=phahn,dc=dev" "--set" "name=UMC" > E: Insufficient information > The following parameters are missing: > name Alternative declare that Join-Scripts must use #!/bin/bash and use BIND=("$@"): $ git grep -l /usr/share/univention-lib/umc.sh base/univention-firewall/35univention-management-console-module-firewall.inst base/univention-lib/shell/all.sh base/univention-quota/35univention-management-console-module-quota.inst base/univention-system-setup/35univention-management-console-module-setup.inst base/univention-updater/35univention-management-console-module-updater.inst management/univention-admingrp-user-passwordreset/95univention-admingrp-user-passwordreset.inst management/univention-join/35univention-management-console-module-join.inst management/univention-management-console-frontend/debian/univention-management-console-frontend.postinst management/univention-management-console-module-appcenter/35univention-management-console-module-appcenter.inst management/univention-management-console-module-appcenter/36univention-management-console-module-apps.inst management/univention-management-console-module-ipchange/35univention-management-console-module-ipchange.inst management/univention-management-console-module-lib/35univention-management-console-module-lib.inst management/univention-management-console-module-luga/35univention-management-console-module-luga.inst management/univention-management-console-module-mrtg/35univention-management-console-module-mrtg.inst management/univention-management-console-module-reboot/35univention-management-console-module-reboot.inst management/univention-management-console-module-services/35univention-management-console-module-services.inst management/univention-management-console-module-top/35univention-management-console-module-top.inst management/univention-management-console-module-ucr/35univention-management-console-module-ucr.inst management/univention-management-console-module-udm/35univention-management-console-module-udm.inst management/univention-management-console/34univention-management-console-server.inst management/univention-management-console/dev/dh-umc-module-install management/univention-management-console/tests/sanitizer/install.sh management/univention-management-console/umc-module-templates/grid_with_detailpage/35PACKAGENAME.inst management/univention-management-console/umc-module-templates/simple_form/35PACKAGENAME.inst management/univention-system-info/35univention-management-console-module-sysinfo.inst packaging/ucslint/testframework/0001-6-7/0001-6-7.inst services/univention-ad-connector/35univention-management-console-module-adconnector.inst services/univention-pkgdb/35univention-management-console-module-pkgdb.inst services/univention-printserver/35univention-management-console-module-printers.inst virtualization/univention-virtual-machine-manager-daemon/45univention-management-console-module-uvmm.inst See Bug #31996 for a notion to get rid of "$@" altogether. UCS 4.1: This causes the domain join to fail if the Administrator password contains a space: Configure 34univention-management-console-server.inst Mon Feb 15 13:45:59 CET 2016 WARNING: the following arguments are ignored: "<PASSWORD_CHARS_AFTER_SPACE>" "--ignore_exists" "--position" "cn=univention,dc=xx,dc=xx" "--set" "name=UMC" authentication error: Authentication failed Ticket#2016020921000401 *** Bug 41615 has been marked as a duplicate of this bug. *** *** Bug 41874 has been marked as a duplicate of this bug. *** Set MS to 4.1-2-errata, from bug #41874 I'd like to vote for bash arrays "${BIND_ARGS[@]}", but I can't, because univention-lib gets included from dash/sh scripts too. $ git grep -l /usr/share/univention-lib/umc.sh | xargs grep -l /bin/bash | wc -l 3 $ git grep -l /usr/share/univention-lib/umc.sh | xargs grep -l /bin/sh | wc -l 39 r73287 | Bug #24758 lib: Fix quoting in umc.sh r73286 | Bug #24758 lib: Fix quoting in umc.sh Package: univention-lib Version: 5.0.0-16.323.201610171329 Branch: ucs_4.1-0 Scope: errata4.1-3 r73288 | Bug #24758 lib: Fix quoting in umc.sh YAML univention-lib.yaml QA: dn="uid=Administrator, cn=users , $(ucr get ldap/base)" udm users/user list --bindd "$dn" --bindpwd univention | grep ^DN: set -- --bindd "$dn" --bindpwd univention . /usr/share/univention-lib/umc.sh _umc_udm users/user list | grep ^DN: OK: shell compatibility OK: local variables OK: spaces in parameters OK: YAML OK: UCS 4.2 merge root@xen7:~# /bin/sh \u@\h:\w$ dn="uid=Administrator, cn=users , $(ucr get ldap/base)" \u@\h:\w$ set -- --bindd "$dn" --bindpwd univention \u@\h:\w$ . /usr/share/univention-lib/umc.sh \u@\h:\w$ umc_operation_create bar bar "" bar baz "foo blub" Object created: cn=bar,cn=operations,cn=UMC,cn=univention,dc=school,dc=local \u@\h:\w$ univention-ldapsearch -LLLoldif-wrap=no -b cn=bar,cn=operations,cn=UMC,cn=univention,dc=school,dc=local umcOperationSetCommand umcOperationSetCommand: bar umcOperationSetCommand: baz umcOperationSetCommand: foo:blub |