Bug #2002
Sogo mysql password unescaped: connection fails
Status: | CLOSED | Start date: | 06/07/2013 | |
---|---|---|---|---|
Priority: | Normal | Due date: | 06/07/2013 | |
Assignee: | - | % Done: | 100% | |
Category: | nethserver-sogo | |||
Target version: | v6.4-beta2 | |||
Security class: | Resolution: | |||
Affected version: | v6.4-beta1 | NEEDINFO: | No |
Description
A password containing the slash "/" character breaks mysql connection string
In /var/log/sogo/sogo.log
ERROR(+[GCSFolderManager defaultFolderManager]): default 'OCSFolderInfoURL' is not a valid URL: 'mysql://sogo:MYPASS/ORD@localhost/sogo/sogo_folder_info'
"MYPASS/ORD" should be uri-escaped "MYPASS%2FORD"
Related issues
Associated revisions
sogo-config template (10mysql): uri-escape mysql password. Refs #2002
History
#1 Updated by Davide Principi about 8 years ago
- Due date set to 06/07/2013
- Status changed from TRIAGED to MODIFIED
- Assignee set to Davide Principi
- Target version set to v6.4-beta2
- Start date set to 06/07/2013
- % Done changed from 20 to 70
Test case
- Before nethserver-sogo installation create a password containing "/" character:
# echo -n "PASS/ORD" > /etc/openldap/.sogo.pw && chmod 600 /etc/openldap/.sogo.pw
- Install nethserver-sogo. If it's already installed, drop mysql
sogo
database and signalnethserver-sogo-update
event again - Check mysql URI are correctly escaped:
# su -s '/bin/bash' -c 'defaults read' sogo | grep mysql sogod OCSSessionsFolderURL mysql://sogo:PASS%2FORD@localhost/sogo/sogo_sessions_folder sogod SOGoProfileURL mysql://sogo:PASS%2FORD@localhost/sogo/sogo_user_profile sogod OCSFolderInfoURL mysql://sogo:PASS%2FORD@localhost/sogo/sogo_folder_info
#2 Updated by Davide Principi about 8 years ago
- Status changed from MODIFIED to ON_QA
- % Done changed from 70 to 80
In nethserver-testing
nethserver-sogo-1.1.1-1.ns6.noarch.rpm
#3 Updated by Davide Principi about 8 years ago
- Assignee deleted (
Davide Principi)
#4 Updated by Giacomo Sanchietti about 8 years ago
- Assignee set to Giacomo Sanchietti
#5 Updated by Giacomo Sanchietti about 8 years ago
- Status changed from ON_QA to VERIFIED
- % Done changed from 80 to 100
Created a password containing the / character:
echo -n "bad/password" > /etc/openldap/.sogo.pw && chmod 600 /etc/openldap/.sogo.pw
SOGo configuration:
[root@test ~]# su -s '/bin/bash' -c 'defaults read' sogo | grep mysql sogod OCSSessionsFolderURL mysql://sogo:bad%2Fpassword@localhost/sogo/sogo_sessions_folder sogod SOGoProfileURL mysql://sogo:bad%2Fpassword@localhost/sogo/sogo_user_profile sogod OCSFolderInfoURL mysql://sogo:bad%2Fpassword@localhost/sogo/sogo_folder_info
Created a test user who can access SOGo without problems.
Marking VERIFIED
#6 Updated by Davide Principi about 8 years ago
- Status changed from VERIFIED to CLOSED
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 90 to 100
Moved to nethserver-updates repository