URL: https://github.com/SSSD/sssd/pull/5682 Author: rajsshah86 Title: #5682: bugfix for newline char in sss_obfuscate Action: opened
PR body: """ Fixed bug which causes addition of newline character in password during encryption """
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5682/head:pr5682 git checkout pr5682
URL: https://github.com/SSSD/sssd/pull/5682 Title: #5682: bugfix for newline char in sss_obfuscate
pbrezina commented: """ Hi, can you tell us how to reproduce the issue you are seeing? """
See the full comment at https://github.com/SSSD/sssd/pull/5682#issuecomment-863112499
URL: https://github.com/SSSD/sssd/pull/5682 Title: #5682: bugfix for newline char in sss_obfuscate
rajsshah86 commented: """
Hi, can you tell us how to reproduce the issue you are seeing?
@pbrezina Follow the below steps to reproduce the issue.
1. Encrypt the password for ldap account using sss_obfuscate command using -s option `sss_obfuscate -d <Domain_NAME> -s < <Name_OF_FILE_CONTAINING_PASSWORD>`
Above step will encrypt the password in sssd.conf file.
2. If you now restart the sssd process , it will complain about "Authentication Failure"
3. Download the decrypter from (https://github.com/mludvig/sss_deobfuscate/blob/master/sss_deobfuscate)
4. Decrypt password using command
`python <SCRIPT_PATH> <obfuscate_password_from_sssd_file>` eg.
python /home/raj/sssddecode.py AAAQAJgynPs0ig4TFboLoXjVPIhLDE4up4FBqrQp3bT3qqj0eCrx0ki69PhFZA6a416ZUsiYYiqcmoxFj4wEDEQVPqYAAQID
You will see a newline in the password. 
5. Apply the patch I have provided.
6. Repeat the step 1-4 and you can see that connection is made successful because there is no newline in the encrypted password. """
See the full comment at https://github.com/SSSD/sssd/pull/5682#issuecomment-864933224
URL: https://github.com/SSSD/sssd/pull/5682 Title: #5682: bugfix for newline char in sss_obfuscate
pbrezina commented: """ Hi @rajsshah86 I'm sorry it took so long. I don't think this is an error in the script, but rather an error in usage. `sss_obfuscate -s` means to read whatever comes to `stdin` and use it as a password. Your file contains trailing new line, therefore it is included in the password. I don't think it is the script's duty (especially since it is not documented) to remove the new line character -- it may be as well part of the password.
You either need to remove the new line from the file or call the script like `head -c -1 file | sss_obfuscate -d domain -s` to remove it before sending it to the script's input. """
See the full comment at https://github.com/SSSD/sssd/pull/5682#issuecomment-878989102
URL: https://github.com/SSSD/sssd/pull/5682 Title: #5682: bugfix for newline char in sss_obfuscate
pbrezina commented: """ I'm closing this PR. Feel free to comment if you have further questions. """
See the full comment at https://github.com/SSSD/sssd/pull/5682#issuecomment-905356791
URL: https://github.com/SSSD/sssd/pull/5682 Author: rajsshah86 Title: #5682: bugfix for newline char in sss_obfuscate Action: closed
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5682/head:pr5682 git checkout pr5682
sssd-devel@lists.fedorahosted.org
-
pbrezina -
rajsshah86