keepassxreboot / keepassxc

KeePassXC is a cross-platform community-driven port of the Windows application “Keepass Password Safe”.
https://keepassxc.org/
Other
21.45k stars 1.48k forks source link

Command url doesn't work for SAP logon #9593

Open Akidim opened 1 year ago

Akidim commented 1 year ago

Dear Team. Unfortunately I have a problem with the KeePassXC V 2.7.5 when using it for SAP logon via URL.

If a PW with the special character "&" is used via sapshcut.exe, the PW must be entered using a double quote. Example - entry right from command line: start sapshcut.exe -desc -system=XXX -client=200 -user=XXXXXX -pw="xxx&xxxxx" -language=EN If you don't use the superscript in the PW input, SAP interprets the "&" character as a new command.

Unfortunately it is not possible for me in KeePassXC V 2.7.5 to design the input in the field URL in such a manner, that the PW will be interpreted correctly in the commandline. URL: cmd://cmd.exe /c start sapshcut -maxgui -system={Title} -client=200 -user={USERNAME} -pw={PASSWORD} --l=DE

Note: I didn't have this problem with KeePass and my colleagues who still use KeePass don't have this error either.

Best regards

droidmonkey commented 1 year ago

Are you saying you cannot put quotes in your command string or it doesn't work at all regardless of quotes?

Akidim commented 1 year ago

Good morning.

It's possible to put the PW under quotation marks, but unfortunately it does not result in the desired success.

e.g.: cmd://cmd.exe /c start sapshcut -maxgui -system=SM4 -client=001 -language=DE -user={USERNAME} -pw="{PASSWORD}"

the same command entered directly in the commandline ==> SAP is opened

NOTE: If you don't use quotation marks for the PW (which contains a "&" character) in the command line, you will get the same "effect"/ behaviour as when using KeePassXC

Thank you and best regards Angelika

droidmonkey commented 1 year ago

If you attached images, they did not come through. You need to post directly on github.

Akidim commented 1 year ago

sorry - see my screenshots

e.g.: cmd://cmd.exe /c start sapshcut -maxgui -system=SM4 -client=001 -language=DE -user={USERNAME} -pw="{PASSWORD}"

image ==> image

the same command entered directly in the commandline ==> SAP is opened image

NOTE: If you don't use quotation marks for the PW (which contains a “&” character) in the command line, you will get the same “effect”/ behaviour as when using KeePassXC image

Angelika

droidmonkey commented 1 year ago

It is most likely because of windows command line hijinks. I betcha KeePass original is escaping the command line parameters, something we do not do.

To fix this, you can try wrapping the entire command in quotes.

Or you can adjust your password so that it is escaped properly (e.g. replace & with ^&) https://www.robvanderwoude.com/escapechars.php

Or you can change your password to not include an &

Akidim commented 1 year ago

Hello. My first thought about this problem was also that it is SAP bug. But, as already written, I cross checked the problem with my colleague - who uses KeePass and whose SAP installation is the same as mine - and with KeePass he has no problem if his PW contains a &. I have the problem since I switched to KeePassXC 2.7.5. Wrapping the entire command in quotes - doesn't have the desired success either. Inserting ^& in the PW only works if I use the functionality "open URL". However, as soon as I use "copy password" and insert the PW directly in the logon screen, a login error occurs (as expected). I can handle ^& as a workaround and of course I could not use & in my PWs anymore, but it's not a solution for me, because then I can't use the functionality off you PW generator for SAP PW creation either. Best regards Angelika

droidmonkey commented 1 year ago

This will probably work fine if you remove the cmd.exe /c start portion.

Just set the url to cmd://sapshcut -maxgui -system=SM4 -client=001 -language=DE -user={USERNAME} -pw="{PASSWORD}"

Akidim commented 1 year ago

Hello. Unfortunately, that doesn't work either. Note - I have (before I opened the ticket) already made many attempts at adjusting the URL, but all were in vain. The only variant that "works" so far is the one I sent. Best regards Angelika