Bug#665696: gosa-sync breaks on passwords containing spaces

To: Petter Reinholdtsen <pere@hungry.com>, 665696@bugs.debian.org
Cc: Samuel.Krempp@gmail.com
Subject: Bug#665696: gosa-sync breaks on passwords containing spaces
From: Steven Chamberlain <steven@pyro.eu.org>
Date: Tue, 27 Mar 2012 00:54:06 +0100
Message-id: <[🔎] 4F71019E.5040902@pyro.eu.org>
Reply-to: Steven Chamberlain <steven@pyro.eu.org>, 665696@bugs.debian.org
In-reply-to: <[🔎] 20120326090541.GX26721@login1.uio.no>
References: <[🔎] 4F6ED22A.7060109@gmail.com> <[🔎] 20120325084507.GG401@login1.uio.no> <[🔎] 20120326090541.GX26721@login1.uio.no>

Hi,

On 26/03/12 10:05, Petter Reinholdtsen wrote:
> The fix for gosa.conf is not upgradable, so we need to come up with a
> better idea.

The fix won't work.  Using quotes in gosa.conf is no good if the
%userPassword substitution could contain double quotes.

As Samuel said, the correct fix is for GOsa to use escapeshellarg(), and
while there I see no reason not to do the same for all the others, like
%uid or %homeDirectory in case GOsa ever forgets to sanitise them
(coding defensively in case of a bug elsewhere).

After doing escapeshellarg(), the quotes in gosa.conf actually have to
be removed, or else you are double-quoting and would get extra quotes
(single) included within the password.

Regards,
-- 
Steven Chamberlain
steven@pyro.eu.org

Reply to:

References:
- Bug#665696: gosa-sync breaks on passwords containing spaces
  - From: Samuel Krempp <samuel.krempp@gmail.com>
- Bug#665696: gosa-sync breaks on passwords containing spaces
  - From: Petter Reinholdtsen <pere@hungry.com>
- Bug#665696: gosa-sync breaks on passwords containing spaces
  - From: Petter Reinholdtsen <pere@hungry.com>

Prev by Date: Re: Handling of raw passwords, quoting, escaping
Next by Date: Re: Handling of raw passwords, quoting, escaping
Previous by thread: Re: Bug#665696: gosa-sync breaks on passwords containing spaces
Next by thread: Bug#665696: gosa-sync breaks on passwords containing spaces
Index(es):
- Date
- Thread