[#362] escape special characters in PAM passwords

d-w-moore · trel · commit 676b1f808058 · 2022-06-24T09:09:03.000-04:00
diff --git a/irods/connection.py b/irods/connection.py
@@ -10,6 +10,10 @@
 import irods.password_obfuscation as obf
 from irods import MAX_NAME_LEN
 from ast import literal_eval as safe_eval
+import re
+
+
+PAM_PW_ESC_PATTERN = re.compile(r'([@=&;])')
 
 
 from irods.message import (
@@ -425,8 +429,10 @@ def _login_pam(self):
 
         time_to_live_in_seconds = 60
 
+        pam_password = PAM_PW_ESC_PATTERN.sub(lambda m: '\\'+m.group(1), self.account.password)
+
         ctx_user = '%s=%s' % (AUTH_USER_KEY, self.account.client_user)
-        ctx_pwd = '%s=%s' % (AUTH_PWD_KEY, self.account.password)
+        ctx_pwd = '%s=%s' % (AUTH_PWD_KEY, pam_password)
         ctx_ttl = '%s=%s' % (AUTH_TTL_KEY, str(time_to_live_in_seconds))
 
         ctx = ";".join([ctx_user, ctx_pwd, ctx_ttl])
@@ -441,7 +447,7 @@ def _login_pam(self):
 
             message_body = PamAuthRequest(
                 pamUser=self.account.client_user,
-                pamPassword=self.account.password,
+                pamPassword=pam_password,
                 timeToLive=time_to_live_in_seconds)
         else:
 
@@ -546,6 +552,7 @@ def _login_native(self, password=None):
             encoded_pwd_array = bytearray(encoded_pwd)
             encoded_pwd = bytes(encoded_pwd_array.replace(b'\x00', b'\x01'))
 
+
         pwd_msg = AuthResponse(
             response=encoded_pwd, username=self.account.proxy_user)
         pwd_request = iRODSMessage(
diff --git a/irods/exception.py b/irods/exception.py
@@ -554,6 +554,10 @@ class SYS_INVALID_INPUT_PARAM(SystemException):
     code = -130000
 
 
+class SYS_BAD_INPUT(iRODSException):
+    code = -158000
+
+
 class SYS_REPLICA_DOES_NOT_EXIST(iRODSException):
     code = -164000
 
