search

tmatilai / vagrant-proxyconf

Vagrant plugin that configures the virtual machine to use proxies
MIT License
531 stars 74 forks source link

proxy env configuration is in valid #163

Closed bertramn closed 5 years ago

bertramn commented 6 years ago

If your proxy password contains $$ it will be expanded to the process id of the current bash shell when sourced. When writing the proxy URLs to the /etc/environment file the values need to be boxed with single quotes ' so no envionment expansion takes place on the proxy password that is part of the url.

codylane commented 5 years ago

Please provide a valid use case where you have $$ in an environment variable. I've personally never seen such a thing unless you have good use case I'd like to close this out.

codylane commented 5 years ago

No clarification received of how/why this is a problem in the current version 2.0.0 that is released. Closing issue.

bertramn commented 5 years ago

If you generate passwords using a range of printable characters, chances are that you end up with $$ or $#. Who does not have a $ in their password these days ;) ?

codylane commented 5 years ago

Fair enough, perhaps this is no longer an issue in the newer releases? I'm not sure what your Vagrantfile looks like and or the version of this plugin you have installed? I also don't know which OS you are using but can only assume you are using a Linux based boxed, based off the information provided.

I attempted to do what you describe with this snippet added to my Vagrantfile and I'm not seeing the $$ be expanded. It could be because the underlying variable I've defined for the HTTPS_PROXY is using single quotes so perhaps that is the solution. If your variable requires a password that contains things that would be expanded trying wrapping that string in '.

Here's an example:

export HTTP_PROXY="'http://my_user:my_custom_pass_$$@my-proxy-host.example.com:8080'"

or just use single quotes to begin with

export HTTP_PROXY='http://my_user:my_custom_pass_$$@my-proxy-host.example.com:8080'

$ vagrant --version

Vagrant 2.2.3

VBoxManage --version

6.0.4r128413

sw_ver I'm using OSX

ProductName:    Mac OS X
ProductVersion: 10.14.3
BuildVersion:   18D109

vagrant plugin list

vagrant-proxyconf (2.0.0, global)
  - Version Constraint: > 0
vagrant-share (1.1.9, global)
  - Version Constraint: > 0
vagrant-sshfs (1.3.1, global)
  - Version Constraint: > 0
vagrant-vbguest (0.17.2, global)
  - Version Constraint: > 0

Vagrantfile snippet

# -*- mode: ruby -*-
# vi: set ft=ruby :

Vagrant.configure("2") do |config|

  config.vm.define 'default' do |config|
    config.vm.box = "bento/ubuntu-18.04"
    config.vm.hostname = "vagrant-issue-165.localdomain"

    config.vm.network "private_network", ip: "1.2.3.4"

    config.vm.synced_folder ".", "/vagrant",
      disabled: false,
      type: "sshfs",
      ssh_opts_append: "-o Compression=yes -o ControlPersist=60s -o ControlMaster=auto",
      sshfs_opts_append: "-o cache=no -o nonempty"

    if File.exists?("install.sh")
      config.vm.provision "shell", path: "install.sh"
    end

    ENV['HTTP_PROXY']  = 'http://localhost:8000/'
    ENV['HTTPS_PROXY'] = 'http://user:somecrazy$$@localhost:8000/'
    ENV['NO_PROXY']    = 'localhost,*.example.net'

    if Vagrant.has_plugin?("vagrant-proxyconf") && ENV['HTTP_PROXY'].nil? == false
      config.proxy.http      = "#{ENV['HTTP_PROXY']}"
      config.proxy.https     = "#{ENV['HTTPS_PROXY']}"
      config.proxy.no_proxy  = "#{ENV['NO_PROXY']}"
      config.apt_proxy.http  = "http://#{ENV['HTTP_PROXY']}"
      config.apt_proxy.https = "http://#{ENV['HTTPS_PROXY']}"
    end

    config.vm.provider "virtualbox" do |vb|
      #  # Display the VirtualBox GUI when booting the machine
      # vb.gui = true

      vb.cpus = "1"
      vb.memory = "768"

      vb.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
      vb.customize ["modifyvm", :id, "--natdnsproxy1", "on"]

      vb.customize ["modifyvm", :id, "--uartmode1", "disconnected"] if config.vm.box =~ /xenial|bionic/
      vb.customize ["modifyvm", :id, "--uart1", "off"] if config.vm.box =~ /xenial|bionic/
    end
  end
end

vagrant provision

==> default: Configuring proxy for Apt...
==> default: Configuring proxy environment variables...
==> default: Configuring proxy for Git...

vagrant ssh -c 'cat /etc/environment'

PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games"
HTTP_PROXY="http://localhost:8000/"
http_proxy="http://localhost:8000/"

HTTPS_PROXY="http://user:somecrazy$$@localhost:8000/"
https_proxy="http://user:somecrazy$$@localhost:8000/"

NO_PROXY="localhost,*.example.com"
no_proxy="localhost,*.example.com"
Connection to 127.0.0.1 closed.
bertramn commented 5 years ago

Yep and that is exactly the problem we were facing:

$ source /etc/environment 
$ echo $HTTPS_PROXY
http://user:somecrazy96155@localhost:8000/

the $$ in the password was replaced by the PID of the current process because the var string is double quoted and expanded.

If the proxy settings inserted into the /etc/environment file are single quoted:

HTTPS_PROXY='http://user:somecrazy$$@localhost:8000/'
https_proxy='http://user:somecrazy$$@localhost:8000/'
...

things will work:

$ source /etc/environment 
$ echo $HTTPS_PROXY
http://user:somecrazy$$@localhost:8000/

We moved to use cntlm to mange proxy authentication as there have been other dramas with passwords containing # ^ [ and other non-alpha-numeric characters ... the joys of corporate sniffing tools from the dark ages ;)