[SERVER-3969] Shell interactive password prompt can't handle spaces Created: 28/Sep/11  Updated: 11/Jul/16  Resolved: 27/Nov/11

Status: Closed
Project: Core Server
Component/s: Shell
Affects Version/s: 2.0.0
Fix Version/s: 2.0.7, 2.1.0

Type: Bug Priority: Minor - P4
Reporter: Andy Brody Assignee: Tad Marshall
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

mongodb-10gen 2.0.0 on Ubuntu 10.04


Issue Links:
Related
Operating System: ALL
Participants:

 Description   

The shell's interactive password prompt does not appear to be able to handle passwords with spaces in them.

Consider a system with two users, dude1 with password "foo bar" and dude2 with password "foobar".

MongoDB shell version: 2.0.0
Enter password: 
connecting to: admin
> db.addUser('dude1', 'foo bar')
{ "n" : 0, "connectionId" : 11, "err" : null, "ok" : 1 }
{
	"user" : "dude1",
	"readOnly" : false,
	"pwd" : "674962411d339872a613f5d22ba79650",
	"_id" : ObjectId("4e837ef0e495089ea6ace847")
}
> db.addUser('dude2', 'foobar')
{ "n" : 0, "connectionId" : 11, "err" : null, "ok" : 1 }
{
	"user" : "dude2",
	"readOnly" : false,
	"pwd" : "db3de9644903e3376f81808af7e4b05a",
	"_id" : ObjectId("4e837ef7e495089ea6ace848")
}
> 
bye

Passing the password on the command line works fine.

$ mongo -u dude1 --password='foo bar' admin
MongoDB shell version: 2.0.0
connecting to: admin
> 
bye

But prompting interactively is a different story.

$ echo 'foo bar' | mongo -u dude1 -p admin
MongoDB shell version: 2.0.0
Enter password: 
connecting to: admin
Wed Sep 28 16:10:31 uncaught exception: login failed
exception: login failed
 
$ echo 'foobar' | mongo -u dude2 -p admin
MongoDB shell version: 2.0.0
Enter password: 
connecting to: admin
bye

In fact, if the string before the first space is the correct password, the subsequent text may be processed as a command.

$ echo 'foobar WHAT' | mongo --verbose -u dude2 -p admin
MongoDB shell version: 2.0.0
Wed Sep 28 16:23:45 versionCmpTest passed
Wed Sep 28 16:23:45 versionArrayTest passed
Enter password: 
connecting to: admin
Wed Sep 28 16:23:45 creating new connection to:127.0.0.1
Wed Sep 28 16:23:45 BackgroundJob starting: ConnectBG
Wed Sep 28 16:23:45 connected connection!
Wed Sep 28 16:23:45 ReferenceError: WHAT is not defined (shell):1
bye
 
$ echo 'foobar db.system.users.find({user:"dude1"})' | mongo -u dude2 -p admin
MongoDB shell version: 2.0.0
Enter password: 
connecting to: admin
{ "_id" : ObjectId("4e837ef0e495089ea6ace847"), "user" : "dude1", "readOnly" : false, "pwd" : "674962411d339872a613f5d22ba79650" }
bye

Maybe there's a bug in util/password.cpp:askPassword?



 Comments   
Comment by Tad Marshall [ 22/Jun/12 ]

Backported to 2.0.7.

Comment by auto [ 22/Jun/12 ]

Author:

{u'date': u'2012-06-22T08:13:08-07:00', u'email': u'tad@10gen.com', u'name': u'Tad Marshall'}

Message: SERVER-3969 handle spaces in passwords at the "Enter password:" prompt

Use "getline( cin, password );" instead of "cin >> password;" to read
passwords that may contain spaces.
Branch: v2.0
https://github.com/mongodb/mongo/commit/f45435a02258a537d9f6950bb5aedec965526db9

Comment by Tad Marshall [ 22/Jun/12 ]

Marking for backport to 2.0.7.

Comment by Tad Marshall [ 20/Jun/12 ]

Requesting backport.

Comment by Tad Marshall [ 27/Nov/11 ]

Fixed by commit b8437ea36bfb5920c8fd4f8e2eb3642b755389e2 .

Comment by auto [ 27/Nov/11 ]

Author:

{u'login': u'', u'name': u'Tad Marshall', u'email': u'tad@10gen.com'}

Message: SERVER-3969 – handle spaces in passwords at the "Enter password:" prompt

Use "getline( cin, password );" instead of "cin >> password;" to read
passwords that may contain spaces.
Branch: master
https://github.com/mongodb/mongo/commit/b8437ea36bfb5920c8fd4f8e2eb3642b755389e2

Comment by Tad Marshall [ 27/Nov/11 ]

There are a few things going on here.

1) Based on the errors and lack of errors in some of the samples, it looks like empty quotes are being stripped from the bug's display (by Jira). When I try to reproduce the results, I get different behavior that is best explained by Andy typing something that should have worked but then Jira messing it up. The actual command './mongo -u dude1 -p admin' would treat 'admin' as the password and not prompt for one, but we see the program prompting for a password.

2) Andy is exactly correct that the util/password.cpp routine askPassword() is brain-dead about spaces. Here's the code:

        cin >> password;

The C++ object 'cin' parses individual items from typed input, so your first word goes into 'password' and the rest sits in the input buffer and displays later, for example:

$ echo 'foobar WHAT' | mongo --verbose -u dude2 -p admin
...
Enter password: 
...
Wed Sep 28 16:23:45 ReferenceError: WHAT is not defined (shell):1

I tried inserting [left brace] code [right brace] around my inserts, we'll see if that helps any.

Edit: I changed quote to code in the description to fix the Jira display and edited this comment to not talk about that Jira display issue since it is fixed.

Comment by Andy Brody [ 28/Sep/11 ]

Ugh. I guess I wanted "{noformat}" rather than "{quote}", but I'm not able to edit the issue.

Generated at Thu Feb 08 03:04:35 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.