rabbitmq_user set password with $$ in it fails #6338
Comments
|
Have you tried double quoting? In any case, thanks for the report, we need to get this fixed. |
|
Yup…. and '"fancypa$$"', '"fancypa$$"' and '"fancypa$$"'. Marc Marc Powell Infrastructure Lead | Emma® On Jul 26, 2013, at 4:22 PM, Colton Myers notifications@github.com wrote:
|
|
the rabbitmq module is not escaping the password when adding a user or changing the password. This will be easy to fix. Thanks for the report! |
ghost
assigned 
This fixes saltstack#6338, enabling the setting of passwords with characters that would otherwise be interpolated by the shell by single-quoting the password.
This fixes #6338, enabling the setting of passwords with characters that would otherwise be interpolated by the shell by single-quoting the password. Conflicts: salt/modules/rabbitmq.py
|
Hey guys! Sorry, I sent this as an email response on the 30th and it didn't make it into this issue for some reason. Re-quoting -- Thanks guys. I tested this and it doesn't seem to work as expected. My password still doesn't work. I manually applied the changes, removed rabbitmq.pyc and restarted saltmaster. When testing on the client -- [INFO ] Executing command 'rabbitmqctl change_password my-user fancypa$$' as user 'root' in directory '/root' While I understand that this is not actually executing the command, I expected to see my escaped quotes here. Is there something further in that is removing quotes pre-application? Also, to re-iterate, the only combination from the command line that I've found to work is the following. Just quoting 'fancypa$$' isn't sufficient because rabbitmqctl appears to be doing the interpolation at some point (when it shouldn't, obviously). When I try escaping the $$ like 'fancypa$$' in the state or pillar, the log line above reflects that as 'fancypa$$' so I'm not sure at this point that it's really going to end up being the password I want with just this current fix. |
|
@omeganon I'll look into it, thanks. |
|
one more clarification due to md funkiness -- "When I try escaping the $$ like 'fancypa$$' in the state or pillar, the log line above reflects that as 'fancypa\$\$' so ..." |
|
@omeganon How do you login once you have set the password? Trying to do so to test right now and can't figure out how, and the internet is being less than helpful. |
|
It's the management console -- It listens on http://:15672 |
|
No such command on my system. |
|
Nevermind, I just edited the enabled_plugins file and restarted. I'm not seeing an issue, here, at least not when running from the |
|
Actually, I take that back. It looks like noscript was keeping the management console from re-prompting me for the password. I'll do some more testing. |
|
@omeganon Even when setting the password on the command line (i.e. not in salt) as you posted above, I cannot login. Do I have to do anything special in the rabbitmq configuration to give the user I have created access to use the management console? |
|
I didn't create the state and am including it for clarity. I think it's probably the last bit below (munged to replace actual username with 'myuser'). There's also a default guest:guest user for the management console. |
|
OK, I added the vhost and set_user_tags states to my configuration and I am now able to login. I am not having any problems logging in after letting Salt set the password. |
If the password for a rabbitmq_user contains the characters '$$', proper shell escaping is not occurring and $$ is replaced by the shell with the PID of the current process. For example, the password 'wh$$' may become 'wh22456'. rabbitmqctl is actually performing that substitution but salt is preventing us from properly escaping the $$ combination.
Steps to reproduce -
my_user:
rabbitmq_user.present:
We have tried quoting with ' and '" but salt removes those when executing rabbitmqctl.
We have tried escaping the quotes but they end up double-escaped (i.e. \'fancypa$$\', ending up, presumable, with literal ' as part of the password and PID as well
We have tried escaping the $$ but salt further escapes the escapes (i.e. fancypa$$ becomes fancypa\$\$).
We've tried all combinations of the above both directly in the state definition and in a pillar definition to no avail.
The correct invocation of rabbitmqctl that works is --
rabbitmqctl change_password my_user 'fancypa$$'
We don't see how we can get salt to achieve this construct.
The text was updated successfully, but these errors were encountered: