-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
rest_cherrypy eauth can't handle some characters #33023
Comments
Thanks for the thorough report! |
I can reproduce this using PAM on OS X. Doesn't affect the Salt CLI. Looks specific to rest_cherrypy and Saltnado. |
Narrowing it down. This is running afoul of the urlencoded content type. A quick workaround is to send JSON instead: curl -ksi http://localhost:8000/login \
-H "Accept: application/json" \
-H "Content-type: application/json" \
-d'{"username": "myapiuser", "password": "1234+", "eauth": "pam"}' |
So turns out this is a curl thing -- and news to me. The The following should do it: curl -ksi http://localhost:8000/login \
-H "Accept: application/json" \
-d username='myapiuser' \
--data-urlencode password='1234+' \
-d eauth='pam' |
Thanks for figuring that out. I was thinking it was something like that, but I didn't think + or ; meant anything special with URLs. Maybe I should update the docs... The examples given don't use a password that would be a problem, but it could save someone else some time. |
Yeah, good call. How about "A note about curl" under the "Usage" section in the docs? |
Removes the "Full list of builtin ..." from each module reference list, leaving just the module type for scanability. Refs saltstack#12470 Refs saltstack#10206 Refs saltstack#10480 Refs saltstack#23522 Refs saltstack#33023
@cmclaughlin I was in the source yesterday so I went ahead and added this: https://docs.saltstack.com/en/latest/ref/netapi/all/salt.netapi.rest_cherrypy.html#a-note-about-curl If you think this fix is sufficient please close. Thanks! |
I think I found a bug... some system passwords don't work with rest_cherrypy. I guess eauth can be used for other things... but I'm just using it for the API... so I'm not certain the scope of this bug.
My master is configured for the like this (I have apache in front, but I've tested with and without it):
If the
myapiuser
system user's password includes any of these characters auth fails:I tested all the special characters on my keyboard and only observed the problem when one of those three is in the password.
Here's how I'm authenticating against the API:
I use the system
passwd
command to set the user's password... simply1234+
in this example.I tried running the api in debug mode and don't see anything interesting... nothing in syslog, etc. I just see this in the master log:
Here's my system report:
The text was updated successfully, but these errors were encountered: