Problem with passwords with a leading ampersand

Home Page Forums Network Management Signal a BUG Problem with passwords with a leading ampersand

This topic contains 2 replies, has 0 voices, and was last updated by  chrisfu 5 years, 10 months ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #42201

    chrisfu
    Member

    When attempting to add a host to the hosts list in ZeroShell, I found I was getting the error below:

    Feb 09 11:39,17 ERROR: sh: line 1: R_b2xR4: command not found while adding "cn=vpn.office.melbourne.co.uk,ou=Computers,dc=example,dc=...

    The “R_b2xR4” string is part of a randomly generated password I was using on the device for the “admin” account, the full password being “&R_b2xR4“. Obviously ampersands are reserved characters in UNIX shells, and should not be accepted as valid input for ZeroShell passwords. Either this, or the way in which ZeroShell uses passwords in different flavours of UNIX shells needs to be adapted. 🙂

    Full debug is listed below:

    [Feb 09 11:42,02] URL: Section=Host&Action=SaveAdd&STk=8439d9148bd8f4a41586a07021a5bf8a2d314e57&host_sel=&type=host&x509cn=&B1=Submit&hostname=vpn&domain=office.melbourne.co.uk&descr=Melbourne+Office+VPN&admin=&K5=yes Section: Host Action: SaveAdd Object:
    [Feb 09 11:42,02] Admin
    [Feb 09 11:42,02] Executing /usr/local/bin/ldapadd -x -h 127.0.0.1 -D"cn=Manager,dc=example,dc=com" -w &R_b2xR4 /tmp/shell_o15110 2>/tmp/kerbynet.err.15110
    [Feb 09 11:42,02] ERROR: sh: line 1: R_z2dX9: command not found found
    [Feb 09 11:42,02] MSG=%26nbsp;Feb+09+11:39,17+ERROR:+sh:%26nbsp;line%26nbsp;1:%26nbsp;R_z2dX9:%26nbsp;command%26nbsp;not%26nbsp;found%26nbsp;while%26nbsp;adding%26nbsp;%26quot;cn=vpn.office.melbourne.co.uk,ou=Computers,dc=example,dc=...
    [Feb 09 11:42,02] sh: line 1: R_z2dX9: command not found while adding "cn=vpn.office.melbourne.co.uk,ou=Computers,dc=example,dc=...
    [Feb 09 11:42,02] %26nbsp;Feb+09+11:42,02+ERROR:+sh:%26nbsp;line%26nbsp;1:%26nbsp;R_z2dX9:%26nbsp;command%26nbsp;not%26nbsp;found%26nbsp;while%26nbsp;adding%26nbsp;%26quot;cn=vpn.office.melbourne.co.uk,ou=Computers,dc=example,dc=...
    [Feb 09 11:42,02] RENDER START: hostform
    [Feb 09 11:42,02] RENDER STOP: /root/kerbynet.cgi/template/hostform
    [Feb 09 11:42,02] URL: STk=8439d9148bd8f4a41586a07021a5bf8a2d314e57&Action=Render&Object=log&msg0=%26nbsp;%3Cfont+class=Smaller1+color=%23FF0000%3EFeb+09+11:42,02+ERROR:+sh:%26nbsp;line%26nbsp;1:%26nbsp;R_z2dX9:%26nbsp;command%26nbsp;not%26nbsp;found%26nbsp;while%26nbsp;adding%26nbsp;%26quot;cn=vpn.office.melbourne.co.uk,ou=Computers,dc=example,dc=...%3C/font%3E&msg1=%26nbsp;%3Cfont+class=Smaller1+color=%23FF0000%3EFeb+09+11:39,17+ERROR:+sh:%26nbsp;line%26nbsp;1:%26nbsp;R_z2dX9:%26nbsp;command%26nbsp;not%26nbsp;found%26nbsp;while%26nbsp;adding%26nbsp;%26quot;cn=vpn.office.melbourne.co.uk,ou=Computers,dc=example,dc=...%3C/font%3E Section: Action: Render Object: log

    Cheers,

    Chris Merrett

    #49611

    zgypa
    Member

    Same problem still exists in ZS R2.0 RC2.

    It is not possible to add a user or a host if the admin password contains space, &, ! or any other character that the shell will interpret as special.

    As you can see below in chrisfu’s posting, the -w argument of ldapadd is invoked without quotes. Consequently, any password which contains shell special characters or spaces will generate an error.

    The post is 3 years old, however the problem still exist. This should be a trivial fix.

    #49612

    ello
    Member

    This also applies to PPPOE password

    took me half an hour to figure that out.

    #49613

    ello
    Member

    To make that clear. I tried to set a password for my pppoe connections. this password contains a $. in /tmp/ppp-secrets the $ was replaced by _

    changing /tmp/ppp-secrets with vim was the trick. but this is not a solution

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.