Univention Bugzilla – Bug 24758
Insecure quoting, global variables in umc.sh, join fails if password contains space
Last modified: 2016-10-20 12:39:49 CEST
Bei der QA für Bug #24330 ist aufgefallen, das umc.sh mehrere Funktionen deklariert, die ggf. globale Variablen überschreiben, und Variablen nicht korrekt quotet. > BIND_ARGS="$@" ist äquivalent zu BIND_ARGS=$* und zerstört ggf. Leerzeichen in Argumenten > timestamp=$(date +'%Y%d%m%H%M%S') +local > for ifile in index.html debug.html; do +local > for idir in css js; do +local > for f in /usr/share/univention-management-console-frontend/${idir}_\$*\$; do +local > udm container/cn create $BIND_ARGS --ignore_exists --position cn=univention,$ldap_base --set name=UMC $BIND_ARGS wird anhand von $IFS aufgespalten. Quoting von "$ldap_base" > udm $module remove $BIND_ARGS --dn "cn=$name,$container,$ldap_base" "$module" > operations="$operations --append operation=$oper " IFS > ops="$ops --append allow=cn=$op,cn=operations,cn=UMC,cn=univention,$ldap_base " IFS Für das korrekte Quoting entweder als bash-Skript umschreiben und Bash-Arrays verwenden, oder eval ... $(quote "$cmd_line_argument") verwenden
*** Bug 26827 has been marked as a duplicate of this bug. ***
*** Bug 25884 has been marked as a duplicate of this bug. ***
Created attachment 5327 [details] Workaround shell quoting This was motivated by: 34univention-management-console-server.inst: > WARNING: the following arguments are ignored: "am" "Main,dc=phahn,dc=dev" "univention" "--ignore_exists" "--position" "cn=univention,dc=phahn,dc=dev" "--set" "name=UMC" > E: Insufficient information > The following parameters are missing: > name Alternative declare that Join-Scripts must use #!/bin/bash and use BIND=("$@"): $ git grep -l /usr/share/univention-lib/umc.sh base/univention-firewall/35univention-management-console-module-firewall.inst base/univention-lib/shell/all.sh base/univention-quota/35univention-management-console-module-quota.inst base/univention-system-setup/35univention-management-console-module-setup.inst base/univention-updater/35univention-management-console-module-updater.inst management/univention-admingrp-user-passwordreset/95univention-admingrp-user-passwordreset.inst management/univention-join/35univention-management-console-module-join.inst management/univention-management-console-frontend/debian/univention-management-console-frontend.postinst management/univention-management-console-module-appcenter/35univention-management-console-module-appcenter.inst management/univention-management-console-module-appcenter/36univention-management-console-module-apps.inst management/univention-management-console-module-ipchange/35univention-management-console-module-ipchange.inst management/univention-management-console-module-lib/35univention-management-console-module-lib.inst management/univention-management-console-module-luga/35univention-management-console-module-luga.inst management/univention-management-console-module-mrtg/35univention-management-console-module-mrtg.inst management/univention-management-console-module-reboot/35univention-management-console-module-reboot.inst management/univention-management-console-module-services/35univention-management-console-module-services.inst management/univention-management-console-module-top/35univention-management-console-module-top.inst management/univention-management-console-module-ucr/35univention-management-console-module-ucr.inst management/univention-management-console-module-udm/35univention-management-console-module-udm.inst management/univention-management-console/34univention-management-console-server.inst management/univention-management-console/dev/dh-umc-module-install management/univention-management-console/tests/sanitizer/install.sh management/univention-management-console/umc-module-templates/grid_with_detailpage/35PACKAGENAME.inst management/univention-management-console/umc-module-templates/simple_form/35PACKAGENAME.inst management/univention-system-info/35univention-management-console-module-sysinfo.inst packaging/ucslint/testframework/0001-6-7/0001-6-7.inst services/univention-ad-connector/35univention-management-console-module-adconnector.inst services/univention-pkgdb/35univention-management-console-module-pkgdb.inst services/univention-printserver/35univention-management-console-module-printers.inst virtualization/univention-virtual-machine-manager-daemon/45univention-management-console-module-uvmm.inst See Bug #31996 for a notion to get rid of "$@" altogether.
UCS 4.1: This causes the domain join to fail if the Administrator password contains a space: Configure 34univention-management-console-server.inst Mon Feb 15 13:45:59 CET 2016 WARNING: the following arguments are ignored: "<PASSWORD_CHARS_AFTER_SPACE>" "--ignore_exists" "--position" "cn=univention,dc=xx,dc=xx" "--set" "name=UMC" authentication error: Authentication failed Ticket#2016020921000401
*** Bug 41615 has been marked as a duplicate of this bug. ***
*** Bug 41874 has been marked as a duplicate of this bug. ***
Set MS to 4.1-2-errata, from bug #41874
I'd like to vote for bash arrays "${BIND_ARGS[@]}", but I can't, because univention-lib gets included from dash/sh scripts too.
$ git grep -l /usr/share/univention-lib/umc.sh | xargs grep -l /bin/bash | wc -l 3 $ git grep -l /usr/share/univention-lib/umc.sh | xargs grep -l /bin/sh | wc -l 39 r73287 | Bug #24758 lib: Fix quoting in umc.sh r73286 | Bug #24758 lib: Fix quoting in umc.sh Package: univention-lib Version: 5.0.0-16.323.201610171329 Branch: ucs_4.1-0 Scope: errata4.1-3 r73288 | Bug #24758 lib: Fix quoting in umc.sh YAML univention-lib.yaml QA: dn="uid=Administrator, cn=users , $(ucr get ldap/base)" udm users/user list --bindd "$dn" --bindpwd univention | grep ^DN: set -- --bindd "$dn" --bindpwd univention . /usr/share/univention-lib/umc.sh _umc_udm users/user list | grep ^DN:
OK: shell compatibility OK: local variables OK: spaces in parameters OK: YAML OK: UCS 4.2 merge root@xen7:~# /bin/sh \u@\h:\w$ dn="uid=Administrator, cn=users , $(ucr get ldap/base)" \u@\h:\w$ set -- --bindd "$dn" --bindpwd univention \u@\h:\w$ . /usr/share/univention-lib/umc.sh \u@\h:\w$ umc_operation_create bar bar "" bar baz "foo blub" Object created: cn=bar,cn=operations,cn=UMC,cn=univention,dc=school,dc=local \u@\h:\w$ univention-ldapsearch -LLLoldif-wrap=no -b cn=bar,cn=operations,cn=UMC,cn=univention,dc=school,dc=local umcOperationSetCommand umcOperationSetCommand: bar umcOperationSetCommand: baz umcOperationSetCommand: foo:blub
<http://errata.software-univention.de/ucs/4.1/296.html>