From 2d19eacf5ecd73b834ccd07b2201f8728994efaf Mon Sep 17 00:00:00 2001 From: d-w-moore Date: Fri, 22 Mar 2024 23:29:59 -0400 Subject: [PATCH] [_362][_522][_523] allow '=' and ';' in PAM passwords --- irods/api_number.py | 4 +++- irods/connection.py | 12 +++++------- irods/test/PRC_issue_362.bats | 5 ++--- 3 files changed, 10 insertions(+), 11 deletions(-) diff --git a/irods/api_number.py b/irods/api_number.py index 22d6bcf6..2f2a54a1 100644 --- a/irods/api_number.py +++ b/irods/api_number.py @@ -179,5 +179,7 @@ "GET_RESOURCE_INFO_FOR_OPERATION_AN": 10220, "ATOMIC_APPLY_METADATA_OPERATIONS_APN": 20002, "GET_FILE_DESCRIPTOR_INFO_APN": 20000, - "REPLICA_CLOSE_APN": 20004 + "REPLICA_CLOSE_APN": 20004, + + "AUTH_PLUG_REQ_AN": 1201 } diff --git a/irods/connection.py b/irods/connection.py index 28328918..3c4040ae 100644 --- a/irods/connection.py +++ b/irods/connection.py @@ -25,8 +25,6 @@ from irods.message import (PamAuthRequest, PamAuthRequestOut) - -ALLOW_PAM_LONG_TOKENS = True # True to fix [#279] # Message to be logged when the connection # destructor is called. Used in a unit test DESTRUCTOR_MSG = "connection __del__() called" @@ -493,9 +491,10 @@ def _login_pam(self): if getattr(self,'DISALLOWING_PAM_PLAINTEXT',True): raise PlainTextPAMPasswordError - Pam_Long_Tokens = (ALLOW_PAM_LONG_TOKENS and (len(ctx) >= MAX_NAME_LEN)) + use_dedicated_pam_api = len(ctx) >= MAX_NAME_LEN or \ + {';','='}.intersection(set(new_pam_password)) - if Pam_Long_Tokens: + if use_dedicated_pam_api: message_body = PamAuthRequest( pamUser = self.account.client_user, pamPassword = new_pam_password, timeToLive = time_to_live_in_hours) @@ -505,7 +504,7 @@ def _login_pam(self): auth_req = iRODSMessage( msg_type='RODS_API_REQ', msg=message_body, - int_info=(725 if Pam_Long_Tokens else 1201) + int_info=api_number['PAM_AUTH_REQUEST_AN' if use_dedicated_pam_api else 'AUTH_PLUG_REQ_AN'] ) self.send(auth_req) @@ -516,8 +515,7 @@ def _login_pam(self): # TODO (#480): In Python3 will be able to do: 'raise RuntimeError(...) from exc' for more succinct error messages raise RuntimeError('Client-configured TTL is outside server parameters (password min and max times)') - Pam_Response_Class = (PamAuthRequestOut if Pam_Long_Tokens - else AuthPluginOut) + Pam_Response_Class = (PamAuthRequestOut if use_dedicated_pam_api else AuthPluginOut) auth_out = output_message.get_main_message( Pam_Response_Class ) diff --git a/irods/test/PRC_issue_362.bats b/irods/test/PRC_issue_362.bats index 818811ac..01c03d35 100644 --- a/irods/test/PRC_issue_362.bats +++ b/irods/test/PRC_issue_362.bats @@ -50,7 +50,6 @@ prc_test() } @test "test_with_atsymbol" { prc_test; } -# TODO: investigate: the following two cases fail with SYS_BAD_INPUT (when tested with iRODS 4.3.1) -#@test "test_with_semicolon" { prc_test; } -#@test "test_with_equals" { prc_test; } +@test "test_with_semicolon" { prc_test; } +@test "test_with_equals" { prc_test; } @test "test_with_ampersand" { prc_test; }