Bug #1252
LDAP authentication issue on password characters
| Status: | Closed | Start date: | 04/23/2012 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: |  Javi Fontan | % Done: | 0% | |
| Category: | Drivers - Auth | |||
| Target version: | Release 3.6 | |||
| Resolution: | fixed | Pull request: | ||
| Affected Versions: | OpenNebula 3.4 |
Description
I faced recently a password identification issue with LDAP users depending on password.
I could fix the issue in /usr/lib/one/mads/one_auth_mad.rb with this patch:
--- one_auth_mad.rb.orig 2012-04-23 13:54:13.000000000 0200
++ one_auth_mad.rb 2012-04-23 13:50:22.000000000 +0200
@ -110,7 +110,8 @
authN_path = File.join(@local_scripts_path, driver)command = File.join(authN_path, ACTION[:authN].downcase)
- command << " '" << user.gsub("'", '\'"\'"\'') << "' '" << password.gsub("'", '\'"\'"\'') << "' " << secret
+ #command << " '" << user.gsub("'", '\'"\'"\'') << "' '" << password.gsub("'", '\'"\'"\'') << "' " << secret
+ command << " '" << user.gsub("'", '\'"\'"\'') << "' '" << password.gsub("'", '\'"\'"\'') << "' '" << secret << "'"rc = LocalCommand.run(command, log_method(request_id))Adding quotesbefore and after secret. This may not be enough though. secret may indeed get quotes too. Certainly it would need the same kind of qsub than on password
History
#1
Updated by Ruben S. Montero about 9 years ago
- Category set to Drivers - Auth
- Assignee set to Javi Fontan
- Target version set to Release 3.6
#2
Updated by Javi Fontan about 9 years ago
- Status changed from New to Closed
- Resolution set to fixed