Bug #999

Some allowed characters for usernames and passwords break the core-auth mad protocol

Added by Carlos Martín over 9 years ago. Updated over 9 years ago.

Status:ClosedStart date:11/22/2011
Priority:NormalDue date:
Assignee:Carlos Martín% Done:

0%

Category:Drivers - Auth
Target version:Release 3.2 - Beta1
Resolution:fixed Pull request:
Affected Versions:OpenNebula 3.2

Description

For instance, for user with name "ab|c" OpenNebula will call the authentication driver with this command:

/var/lib/one/remotes/auth/x509/authenticate ab|c /C=ES/ST=MAD/O=ONE/OU=DEV/CN=Test:with:quotes: ckp1e[...]tLQo=
ERROR MESSAGE --8<------
undefined method `unpack' for nil:NilClass
ERROR MESSAGE ------>8--
c: command not found

If the name is quoted, it works:

$ /var/lib/one/remotes/auth/x509/authenticate "ab|c" /C=ES/ST=MAD/O=ONE/OU=DEV/CN=Test:with:quotes: ckp1e[...]tLQo=

$ echo $?
0

The pipe character is used in the password filed of users with x509 authentication to separate several DNs.

Associated revisions

Revision 2e508eb3
Added by Carlos Martín over 9 years ago

Bug #999: Enclose auth driver scripts paramenters in single quotes. Quotes inside the parameters are escaped

Revision 67c217a5
Added by Carlos Martín over 9 years ago

Bug #999: Enclose auth driver scripts paramenters in single quotes. Quotes inside the parameters are escaped
(cherry picked from commit 2e508eb3396898a3b679e5f652c4cf4894cd085c)

Conflicts:

src/authm_mad/one_auth_mad.rb

History

#1 Updated by Ruben S. Montero over 9 years ago

  • Target version changed from Release 3.4 to Release 3.2 - Beta1

#2 Updated by Ruben S. Montero over 9 years ago

  • Status changed from New to Closed
  • Assignee set to Carlos Martín
  • Resolution set to fixed

Also available in: Atom PDF