Beefy Boxes and Bandwidth Generously Provided by pair Networks
good chemistry is complicated,
and a little bit messy -LW
 
PerlMonks  

Re^2: passwords with special characters are trying to kill me... no seriously!

by Anonyrnous Monk (Hermit)
on Feb 04, 2011 at 05:49 UTC ( #886133=note: print w/ replies, xml ) Need Help??


in reply to Re: passwords with special characters are trying to kill me... no seriously!
in thread passwords with special characters are trying to kill me... no seriously!

my $set_password = '/usr/bin/ssh ' . $master_host . " 'echo \Q$new_pas +sword\E | /usr/bin/passwd --stdin \Q$username\E'";

Unfortunately, that won't work if the password contains, for example, a single quote.

my $master_host = 'localhost'; my $username = 'foo'; my $new_password = 'a\'b$c"d|e'; print "pwd: ",$new_password; my $set_password = '/usr/bin/ssh ' . $master_host . " 'echo \Q$new_pas +sword\E | /usr/bin/passwd --stdin \Q$username\E'"; print "cmd: ",$set_password; system $set_password; __END__ pwd: a'b$c"d|e cmd: /usr/bin/ssh localhost 'echo a\'b\$c\"d\|e | /usr/bin/passwd --st +din foo' sh: Syntax error: Unterminated quoted string

In other words, a simple quotemeta (\Q) is not the appropriate tool to quote arbitrary strings for the shell. You'd have to use more sophisticated techniques.


Comment on Re^2: passwords with special characters are trying to kill me... no seriously!
Select or Download Code
Re^3: passwords with special characters are trying to kill me... no seriously!
by ikegami (Pope) on Feb 04, 2011 at 17:55 UTC

    It's easy if you build the command in stages.

    sub text_to_shell_lit(_) { return $_[0] if $_[0] =~ /^[a-zA-Z0-9_\-]+\z/; my $s = $_[0]; $s =~ s/'/'\\''/g; return "'$s'"; } my $user = 'bob'; my $passwd = 'test$ing'; my $echo_cmd = join ' ', map text_to_shell_lit, echo => $passwd; my $passwd_cmd = join ' ', map text_to_shell_lit, passwd => '--', $user; my $ssh_cmd = join ' ', map text_to_shell_lit, ssh => 'hostname', "$echo_cmd | $passwd_cmd";
    ssh hostname 'echo '\''test$ing'\'' | passwd -- bob'

    Note that command lines are readable by anyone on the machine. It is not safe to pass passwords in command lines. Yet another reason why opening a pipe to ssh is better.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://886133]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (9)
As of 2014-09-16 16:00 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    How do you remember the number of days in each month?











    Results (33 votes), past polls