Details
Description
The shell's interactive password prompt does not appear to be able to handle passwords with spaces in them.
Consider a system with two users, dude1 with password "foo bar" and dude2 with password "foobar".
MongoDB shell version: 2.0.0
|
Enter password:
|
connecting to: admin
|
> db.addUser('dude1', 'foo bar')
|
{ "n" : 0, "connectionId" : 11, "err" : null, "ok" : 1 }
|
{
|
"user" : "dude1",
|
"readOnly" : false,
|
"pwd" : "674962411d339872a613f5d22ba79650",
|
"_id" : ObjectId("4e837ef0e495089ea6ace847")
|
}
|
> db.addUser('dude2', 'foobar')
|
{ "n" : 0, "connectionId" : 11, "err" : null, "ok" : 1 }
|
{
|
"user" : "dude2",
|
"readOnly" : false,
|
"pwd" : "db3de9644903e3376f81808af7e4b05a",
|
"_id" : ObjectId("4e837ef7e495089ea6ace848")
|
}
|
>
|
bye
|
Passing the password on the command line works fine.
$ mongo -u dude1 --password='foo bar' admin
|
MongoDB shell version: 2.0.0
|
connecting to: admin
|
>
|
bye
|
But prompting interactively is a different story.
$ echo 'foo bar' | mongo -u dude1 -p admin
|
MongoDB shell version: 2.0.0
|
Enter password:
|
connecting to: admin
|
Wed Sep 28 16:10:31 uncaught exception: login failed
|
exception: login failed
|
|
|
$ echo 'foobar' | mongo -u dude2 -p admin
|
MongoDB shell version: 2.0.0
|
Enter password:
|
connecting to: admin
|
bye
|
In fact, if the string before the first space is the correct password, the subsequent text may be processed as a command.
$ echo 'foobar WHAT' | mongo --verbose -u dude2 -p admin
|
MongoDB shell version: 2.0.0
|
Wed Sep 28 16:23:45 versionCmpTest passed
|
Wed Sep 28 16:23:45 versionArrayTest passed
|
Enter password:
|
connecting to: admin
|
Wed Sep 28 16:23:45 creating new connection to:127.0.0.1
|
Wed Sep 28 16:23:45 BackgroundJob starting: ConnectBG
|
Wed Sep 28 16:23:45 connected connection!
|
Wed Sep 28 16:23:45 ReferenceError: WHAT is not defined (shell):1
|
bye
|
|
|
$ echo 'foobar db.system.users.find({user:"dude1"})' | mongo -u dude2 -p admin
|
MongoDB shell version: 2.0.0
|
Enter password:
|
connecting to: admin
|
{ "_id" : ObjectId("4e837ef0e495089ea6ace847"), "user" : "dude1", "readOnly" : false, "pwd" : "674962411d339872a613f5d22ba79650" }
|
bye
|
Maybe there's a bug in util/password.cpp:askPassword?