[SERVER-3969] Shell interactive password prompt can't handle spaces Created: 28/Sep/11 Updated: 11/Jul/16 Resolved: 27/Nov/11 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Shell |
| Affects Version/s: | 2.0.0 |
| Fix Version/s: | 2.0.7, 2.1.0 |
| Type: | Bug | Priority: | Minor - P4 |
| Reporter: | Andy Brody | Assignee: | Tad Marshall |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
mongodb-10gen 2.0.0 on Ubuntu 10.04 |
||
| Issue Links: |
|
||||
| Operating System: | ALL | ||||
| Participants: | |||||
| Description |
|
The shell's interactive password prompt does not appear to be able to handle passwords with spaces in them. Consider a system with two users, dude1 with password "foo bar" and dude2 with password "foobar".
Passing the password on the command line works fine.
But prompting interactively is a different story.
In fact, if the string before the first space is the correct password, the subsequent text may be processed as a command.
Maybe there's a bug in util/password.cpp:askPassword? |
| Comments |
| Comment by Tad Marshall [ 22/Jun/12 ] | ||||||
|
Backported to 2.0.7. | ||||||
| Comment by auto [ 22/Jun/12 ] | ||||||
|
Author: {u'date': u'2012-06-22T08:13:08-07:00', u'email': u'tad@10gen.com', u'name': u'Tad Marshall'}Message: Use "getline( cin, password );" instead of "cin >> password;" to read | ||||||
| Comment by Tad Marshall [ 22/Jun/12 ] | ||||||
|
Marking for backport to 2.0.7. | ||||||
| Comment by Tad Marshall [ 20/Jun/12 ] | ||||||
|
Requesting backport. | ||||||
| Comment by Tad Marshall [ 27/Nov/11 ] | ||||||
|
Fixed by commit b8437ea36bfb5920c8fd4f8e2eb3642b755389e2 . | ||||||
| Comment by auto [ 27/Nov/11 ] | ||||||
|
Author: {u'login': u'', u'name': u'Tad Marshall', u'email': u'tad@10gen.com'}Message: Use "getline( cin, password );" instead of "cin >> password;" to read | ||||||
| Comment by Tad Marshall [ 27/Nov/11 ] | ||||||
|
There are a few things going on here. 1) Based on the errors and lack of errors in some of the samples, it looks like empty quotes are being stripped from the bug's display (by Jira). When I try to reproduce the results, I get different behavior that is best explained by Andy typing something that should have worked but then Jira messing it up. The actual command './mongo -u dude1 -p admin' would treat 'admin' as the password and not prompt for one, but we see the program prompting for a password. 2) Andy is exactly correct that the util/password.cpp routine askPassword() is brain-dead about spaces. Here's the code:
The C++ object 'cin' parses individual items from typed input, so your first word goes into 'password' and the rest sits in the input buffer and displays later, for example:
I tried inserting [left brace] code [right brace] around my inserts, we'll see if that helps any. Edit: I changed quote to code in the description to fix the Jira display and edited this comment to not talk about that Jira display issue since it is fixed. | ||||||
| Comment by Andy Brody [ 28/Sep/11 ] | ||||||
|
Ugh. I guess I wanted "{noformat}" rather than "{quote}", but I'm not able to edit the issue. |