From cdddcc317552998f5d4283836493709e374fd055 Mon Sep 17 00:00:00 2001
From: Jerry Sun <jerry.sun@windriver.com>
Date: Mon, 28 Oct 2024 16:44:56 -0400
Subject: [PATCH] local_starlingxrc openrc files does not handle special chars

Openrc files created through the execution of the local_starlingxrc
script does not handle special characters in passwords. For example,
a password of whatsmyreturncode$? will be saved into the environment
variable OS_PASSWORD as whatsmyreturncode0 (it tries to evaluate $?).
This results in authorization failures when trying to run commands
after sourcing the openrc file, as it uses a different password from
what the user specified.

This change handles special characters in the password by wrapping
the password in single quotes, which handles every special character
except the single quote itself.
For the single quote, we replace all instances of the single quote
in the password with '\'' before printing it to the openrc file.
This closes the single quote briefly, inserts an escaped single
quote, then opens a second single quote.

Testing
Create keystone + ldap users with the
manage_local_ldap_account.yml playbook. Give it the reader role.
Create an openrc file with "source local_starlingxrc".
- Ensure entering a wrong password makes commands like
  "system host-list" fails
- Ensure entering the correct password executes
  "system host-list correctly
- Ensure the output of "echo $OS_PASSWORD" matches the password
  entered when creating the openrc file
- Ensure reader role works correctly and commands like
  "system host-lock controller-0" is denied

Test with the following passwords:
- TheKeikakuIsALie1$?* (special character $)
- 9000more'Vespene'gas'! (single quote)
- &~*>This$#!+-_-1 (random assortment of other special characters)

Closes-Bug: 2085798
Change-Id: I3f01f9cf4c63e406cc1c22b8fc7cdeb402f39c1d
Signed-off-by: Jerry Sun <jerry.sun@windriver.com>
---
 utilities/platform-util/scripts/local_starlingxrc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/utilities/platform-util/scripts/local_starlingxrc b/utilities/platform-util/scripts/local_starlingxrc
index 29fe4332..5683cc71 100644
--- a/utilities/platform-util/scripts/local_starlingxrc
+++ b/utilities/platform-util/scripts/local_starlingxrc
@@ -27,7 +27,7 @@ else
            "    return 1" \
            "fi" \
            "export OS_USERNAME=$USER" \
-           "export OS_PASSWORD=$password" \
+           "export OS_PASSWORD='${password//\'/\'\\\'\'}'" \
            "export PS1='[\u@\h \W(keystone_\$OS_USERNAME)]\$ '" \
            "return 0" >> $HOME/$USER-openrc
     echo "Created file $HOME/$USER-openrc"