Closed bertramn closed 5 years ago
Please provide a valid use case where you have $$
in an environment variable. I've personally never seen such a thing unless you have good use case I'd like to close this out.
No clarification received of how/why this is a problem in the current version 2.0.0
that is released. Closing issue.
If you generate passwords using a range of printable characters, chances are that you end up with $$
or $#
. Who does not have a $
in their password these days ;) ?
Fair enough, perhaps this is no longer an issue in the newer releases? I'm not sure what your Vagrantfile looks like and or the version of this plugin you have installed? I also don't know which OS you are using but can only assume you are using a Linux based boxed, based off the information provided.
I attempted to do what you describe with this snippet added to my Vagrantfile and I'm not seeing the $$
be expanded. It could be because the underlying variable I've defined for the HTTPS_PROXY
is using single quotes so perhaps that is the solution. If your variable requires a password that contains things that would be expanded trying wrapping that string in '
.
Here's an example:
export HTTP_PROXY="'http://my_user:my_custom_pass_$$@my-proxy-host.example.com:8080'"
or just use single quotes to begin with
export HTTP_PROXY='http://my_user:my_custom_pass_$$@my-proxy-host.example.com:8080'
$ vagrant --version
Vagrant 2.2.3
VBoxManage --version
6.0.4r128413
sw_ver
I'm using OSXProductName: Mac OS X
ProductVersion: 10.14.3
BuildVersion: 18D109
vagrant plugin list
vagrant-proxyconf (2.0.0, global)
- Version Constraint: > 0
vagrant-share (1.1.9, global)
- Version Constraint: > 0
vagrant-sshfs (1.3.1, global)
- Version Constraint: > 0
vagrant-vbguest (0.17.2, global)
- Version Constraint: > 0
Vagrantfile snippet
# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure("2") do |config|
config.vm.define 'default' do |config|
config.vm.box = "bento/ubuntu-18.04"
config.vm.hostname = "vagrant-issue-165.localdomain"
config.vm.network "private_network", ip: "1.2.3.4"
config.vm.synced_folder ".", "/vagrant",
disabled: false,
type: "sshfs",
ssh_opts_append: "-o Compression=yes -o ControlPersist=60s -o ControlMaster=auto",
sshfs_opts_append: "-o cache=no -o nonempty"
if File.exists?("install.sh")
config.vm.provision "shell", path: "install.sh"
end
ENV['HTTP_PROXY'] = 'http://localhost:8000/'
ENV['HTTPS_PROXY'] = 'http://user:somecrazy$$@localhost:8000/'
ENV['NO_PROXY'] = 'localhost,*.example.net'
if Vagrant.has_plugin?("vagrant-proxyconf") && ENV['HTTP_PROXY'].nil? == false
config.proxy.http = "#{ENV['HTTP_PROXY']}"
config.proxy.https = "#{ENV['HTTPS_PROXY']}"
config.proxy.no_proxy = "#{ENV['NO_PROXY']}"
config.apt_proxy.http = "http://#{ENV['HTTP_PROXY']}"
config.apt_proxy.https = "http://#{ENV['HTTPS_PROXY']}"
end
config.vm.provider "virtualbox" do |vb|
# # Display the VirtualBox GUI when booting the machine
# vb.gui = true
vb.cpus = "1"
vb.memory = "768"
vb.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
vb.customize ["modifyvm", :id, "--natdnsproxy1", "on"]
vb.customize ["modifyvm", :id, "--uartmode1", "disconnected"] if config.vm.box =~ /xenial|bionic/
vb.customize ["modifyvm", :id, "--uart1", "off"] if config.vm.box =~ /xenial|bionic/
end
end
end
vagrant provision
==> default: Configuring proxy for Apt...
==> default: Configuring proxy environment variables...
==> default: Configuring proxy for Git...
vagrant ssh -c 'cat /etc/environment'
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games"
HTTP_PROXY="http://localhost:8000/"
http_proxy="http://localhost:8000/"
HTTPS_PROXY="http://user:somecrazy$$@localhost:8000/"
https_proxy="http://user:somecrazy$$@localhost:8000/"
NO_PROXY="localhost,*.example.com"
no_proxy="localhost,*.example.com"
Connection to 127.0.0.1 closed.
Yep and that is exactly the problem we were facing:
$ source /etc/environment
$ echo $HTTPS_PROXY
http://user:somecrazy96155@localhost:8000/
the $$ in the password was replaced by the PID of the current process because the var string is double quoted and expanded.
If the proxy settings inserted into the /etc/environment
file are single quoted:
HTTPS_PROXY='http://user:somecrazy$$@localhost:8000/'
https_proxy='http://user:somecrazy$$@localhost:8000/'
...
things will work:
$ source /etc/environment
$ echo $HTTPS_PROXY
http://user:somecrazy$$@localhost:8000/
We moved to use cntlm to mange proxy authentication as there have been other dramas with passwords containing # ^ [
and other non-alpha-numeric characters ... the joys of corporate sniffing tools from the dark ages ;)
If your proxy password contains
$$
it will be expanded to the process id of the current bash shell when sourced. When writing the proxy URLs to the/etc/environment
file the values need to be boxed with single quotes'
so no envionment expansion takes place on the proxy password that is part of the url.