[30084] in Kerberos
Re: kadmin: Unbalanced quotes in command line
daemon@ATHENA.MIT.EDU (Ken Raeburn)
Tue Jul 8 18:09:30 2008
From: Ken Raeburn <raeburn@mit.edu>
To: Klaus Jensen <kjensen@diku.dk>
In-Reply-To: <20080708145300.GB22948@diku.dk>
Message-Id: <6C710E8A-CBEA-4389-8464-F4B6A45B4DB3@mit.edu>
Mime-Version: 1.0 (Apple Message framework v926)
Date: Tue, 8 Jul 2008 17:56:38 -0400
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Jul 8, 2008, at 10:53, Klaus Jensen wrote:
> I'm working on using a script to change the password for a given
> principal.
> The resulting command line is something like this:
>
> kadmin -k -t keytapfile -p host/host.foobar -q "cpw -pw
> <somepassword> princ@REALM"
>
> When <somepassword> contains a quote character (i.e. password is:
> foobar"omg)
> I get the following error:
>
> kadmin: Unbalanced quotes in command line
>
> Note that the quote is escaped:
> kadmin -k -t keytapfile -p host/host.foobar -q "cpw -pw foobar\"omg
> princ@REALM"
>
>
>
> I tried using kadmin without '-q' and got the same error message
> when using
> the command directly:
>
> # kadmin -k -t keytapfile -p host/host.foobar
> kadmin: cpw -pw foobar"omg princ@REALM
> kadmin: Unbalanced quotes in command line
>
> Samething when escaped:
>
> kadmin: cpw -pw foobar\"omg princ@REALM
> kadmin: Unbalanced quotes in command line
Yeah, the quote handling in that code is kind of strange. As best I
recall, the code was vaguely modeled on a CLI that treated "" within a
quoted string as inserting just " into that string, and unfortunately
not on UNIX sh or csh behavior. So:
% ../../Inst/sbin/kadmin.local -q 'ank "foo""bar"'
Authenticating as principal raeburn/admin@ATHENA.MIT.EDU with password.
WARNING: no policy specified for foo"bar@ATHENA.MIT.EDU; defaulting to
no policy
Enter password for principal "foo"bar@ATHENA.MIT.EDU":
Or this one, which looks even stranger:
% kadmin.local -q 'ank foo""""bar'
Authenticating as principal raeburn/admin@ATHENA.MIT.EDU with password.
WARNING: no policy specified for foo"bar@ATHENA.MIT.EDU; defaulting to
no policy
Enter password for principal "foo"bar@ATHENA.MIT.EDU":
(That's read as "foo" and then a quoted string containing one quote
and then "bar", all pasted together as one argument.)
Getting that through the shell's parser if you use double-quoted
strings on the shell command line will be even uglier.
I wouldn't write any scripts or anything that rely on this behavior; I
keep hoping we'll just replace that library with an externally
maintained, and perhaps more UNIX-like, command-line parser. I'm sure
there are a few out there. (One that provides some kind of scripting
capability would be a win, I would guess.) If we do, I expect we'd
keep the basic tool behavior the same, but weird quoting stuff like
this may change.
Ken
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
