search

glpi-project / glpi-agent

GLPI Agent
GNU General Public License v2.0
250 stars 62 forks source link

Problem while handling password with special characters (unix) #789

Closed phillscholl closed 1 month ago

phillscholl commented 1 month ago

Bug reporting acknowledgment

Yes, I read it

Professional support

None

Describe the bug

We use the parameters user and password to connect to our GLPI server. The password contains some special characters. Under Windows everything works fine. But under Unix (tested on MacOS) there seems to be a problem with passing passwords containing special characters. So I tried adding quotation marks to the password in the config file.

When I then use the glpi-agent command, the password works, but it gives an output that contains the pw in plain text! How can this be changed to not show this output or at least remove the password from the output.

And it does not work when the launchdeamon starts the inventory. the GLPI log shows wrong credentials. I have attached the screenshot of the output when starting the inventory via /bin/glpi-agent:

Screenshot 2024-10-11 093258

To reproduce

  1. set a password with special characters such as B8?#aTW';7B;FyN{yz~l
  2. add the password to the configuration parameter password = B8?#aTW';7B;FyN{yz~l
  3. try to run the inventory
  4. check the logfile, it will say wrong credentials
  5. add the quotes: password = "B8?#aTW';7B;FyN{yz~l"
  6. run the inventory again
  7. the credentials will now work, but the terminal will give an output with the password in plain text.
  8. the launchdeamon still can not communicate, wrong credentials

Expected behavior

Password should be handled correctly, as it is on Windows. There should be no output, nor should the launchdemon have any problems with a password containing special characters.

Operating system

MacOSX

GLPI Agent version

v1.11

GLPI version

10.0.16

GLPIInventory plugin or other plugin version

FusionInventory for GLPI (See additional context below)

Additional context

No response

g-bougard commented 1 month ago

Hi @phillscholl

I'm confused about point 7 & 8. This says it works but it not... Can you clarify the context of the 2 points ?

phillscholl commented 1 month ago

it works when i start the inventory via the glpi-agent command in terminal. But not when the launchdeamon starts the inventory periodically. I just see in the glpi-agent.log that the error still is wrong credentials.

g-bougard commented 1 month ago

Did you restart the daemon after the change ?

phillscholl commented 1 month ago

of course

g-bougard commented 1 month ago

To me, this is not possible unless you changed the way the configuration is loaded when starting from command line or the daemon has not been fully restarted.

About the warning on commandline it can actually only appear if the password contains a dash (# char). It won't if this char is not used in password. The warning is here to alert about any possible confusion as # can also be used to introduce a comment in the configuration file.

I'll modify the warning to clarify it and not expose the extracted value.

A point when using special chars, don't use simple-quote and double-quotes at the same time:

We don't support any character escaping.

phillscholl commented 1 month ago

thank you. To clarify, the command to stop /start the launchdeamon is: sudo launchctl stop org.glpi-project.glpi-agent sudo launchctl start org.glpi-project.glpi-agent

This is what i have done each time. i still waiting for the inventory by the lauchdeamon to attach the logs.

phillscholl commented 1 month ago

You are right, I have now restarted the Mac and the deamon has successfully run the inventory. So the problem was that the deamon was not restarted correctly and the command I used was wrong.

Nevermind. But thanks for removing the plain text pw from the output.

g-bougard commented 1 month ago

thank you. To clarify, the command to stop /start the launchdeamon is: sudo launchctl stop org.glpi-project.glpi-agent sudo launchctl start org.glpi-project.glpi-agent

This is what i have done each time. i still waiting for the inventory by the lauchdeamon to attach the logs.

We don't need the log.

About the command to stop/start the daemon, I had to change its name to com.teclib.glpi-agent some time ago. So you have to use now:

sudo launchctl stop com.teclib.glpi-agent
sudo launchctl start com.teclib.glpi-agent
phillscholl commented 1 month ago

yes, i have found this out when i was troubleshooting. Thank you for your help.

phillscholl commented 1 month ago

OMG... i have informed everyone in my team about this change with version 1.7.1 but forgot to change it in my own script.

g-bougard commented 1 month ago

Next nightly build should no more report a warning.

Can you take time to validate after it will be published ?

Thank you in advance.

phillscholl commented 1 month ago

Yes, thank you for handling this so quickly.

phillscholl commented 1 month ago

with the nightly build the message didn't popup anymore. Many thanks!