XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Component/s: script-realm-plugin
    • Labels:
      None
    • Environment:
      Ubuntu Server 10 + Tomcat 6 + OpenJDK 1.6.0_18
    • Similar Issues:

      Description

      We have a C program that validates users using a PAM module, and this works fine using the script-realm plugin.

      However if the user enters a password containing two consecutive dollar signs (e.g. $$password) then they get condensed into a single one in the value that is passed as an environment variable to our script. i.e. our script sees P=$password.

      The behaviour is:

      a$b --> a$b
      a$$b --> a$b
      a$$$b --> a$$b
      a$$$$b --> a$$b

      The workaround is of course to type each dollar sign twice in the password field, but this wasn't obvious to the affected user (me) until after a lot of investigation.

      I see this behaviour on Ubuntu server 10 + Tomcat 6 + OpenJDK 1.6.0_18.
      A simple java program that launches the C program using ProcessBuilder doesn't exhibit this behaviour.

        Attachments

          Activity

          Hide
          domi Dominik Bartholdi added a comment - - edited

          I digged in to this a bit and found that the actual problem is in the core and not the plugin.
          This test case reproduces the problem and fails:

           
          	public void testEnvVars() throws Exception {
          		String value = "dummy$$pwd";
          		EnvVars m = new EnvVars(EnvVars.masterEnvVars);
          		String expandedValue = m.expand(value);
          		assertEquals(value, expandedValue); // failes!
          	}
          
          Show
          domi Dominik Bartholdi added a comment - - edited I digged in to this a bit and found that the actual problem is in the core and not the plugin. This test case reproduces the problem and fails: public void testEnvVars() throws Exception { String value = "dummy$$pwd"; EnvVars m = new EnvVars(EnvVars.masterEnvVars); String expandedValue = m.expand(value); assertEquals(value, expandedValue); // failes! }
          Hide
          sammccall sammccall added a comment -

          I'm a little confused. Why is a password being env-var-expanded at all?

          Show
          sammccall sammccall added a comment - I'm a little confused. Why is a password being env-var-expanded at all?
          Hide
          domi Dominik Bartholdi added a comment -

          fixed in version 1.3

          Show
          domi Dominik Bartholdi added a comment - fixed in version 1.3

            People

            • Assignee:
              domi Dominik Bartholdi
              Reporter:
              sammccall sammccall
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: