0

I run this command from the CLI and it works fine...

curl -H Content-Type:text/plain -vLk https://10.42.0.197/exec/show%20ver --user chartley:<pw omitted>

Now when I put it into a bash script I get the following...

* About to connect() to 10.42.0.197 port 443 (#0)
*   Trying 10.42.0.197... connected
* Connected to 10.42.0.197 (10.42.0.197) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* warning: ignoring value of ssl.verifyhost
* skipping SSL peer certificate verification
* SSL connection using TLS_RSA_WITH_RC4_128_SHA
* Server certificate:
*       subject: CN=ASA Temporary Self Signed Certificate
*       start date: Jul 18 20:53:46 2013 GMT
*       expire date: Jul 16 20:53:46 2023 GMT
*       common name: ASA Temporary Self Signed Certificate
*       issuer: CN=ASA Temporary Self Signed Certificate
* Server auth using Basic with user 'chartley'
> GET /exec/show%20version HTTP/1.1
> Authorization: Basic
> User-Agent: Firefox
> Host: 10.42.0.197
> Accept: */*
> Content-Type:text/plain
> < HTTP/1.1 401 Unauthorized < Date: Tue, 04 Apr 2017 22:06:53 UTC < Connection: close < Content-Type: text/html < Expires: Thu, 16 eb
1989 00:00:00 GMT
* Authentication problem. Ignoring this. < WWW-Authenticate: Basic realm="Authentication" < <HEAD><TITLE>Authorization
Required</TITLE></HEAD><BODY><H1>Authorization Required</H1>Browser
not authentication-capable or authentication failed.</BODY>

* Closing connection #0

I had the curl command echoed out with variable expansion performed and it's character for character with the command that works on the CLI.

What am I missing?

Here is the script

#!/usr/bin/bash
IFS=$'\n'

echo "Gimme yo password foo!!"
read -s pass

pass=$(echo $pass | sed 's/[(\!|\@|\#|\$|\%|\^|\&|\*|\(|\))&]/\\&/g')

if [[ "$2" =~ [:space:] ]];
then
        CMD=`echo $2 | sed 's/ /\%20/g'`
        #echo "space matched"
        #echo "$2"
fi

if [[ "$CMD" =~ */* ]];
then
        CMD=`echo $2 | 's/[\/]/\%2f/g'`
        #echo "Slash matched"
        #echo "$2"
fi

curl -H Content-Type:text/plain -vLk https://$1/exec/$CMD --user "$USER:$pass"

... and it is run as such... ASA_do 10.42.0.197 "show ver"

Here is the output having added "set -x" in the bash script...

[chartley@s324phx-syslog ~]$ ASA_do 10.42.0.197 "show version"
+ echo 'Gimme yo password foo!!'
Gimme yo password foo!!
+ read -s pass
++ echo '<omitted>'
++ sed 's/[(\!|\@|\#|\$|\%|\^|\&|\*|\(|\))&]/\\&/g'
+ pass='<pw omitted>'
+ [[ show version =~ [:space:] ]]
++ echo 'show version'
++ sed 's/ /\%20/g'
+ CMD=show%20version
+ [[ show%20version =~ */* ]]
+ curl -H Content-Type:text/plain -vLk https://10.42.0.197/exec/show%20version --user 'chartley:<pw omitted>'
* About to connect() to 10.42.0.197 port 443 (#0)
*   Trying 10.42.0.197... connected
* Connected to 10.42.0.197 (10.42.0.197) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* warning: ignoring value of ssl.verifyhost
* skipping SSL peer certificate verification
* SSL connection using TLS_RSA_WITH_RC4_128_SHA
* Server certificate:
*       subject: CN=ASA Temporary Self Signed Certificate
*       start date: Jul 18 20:53:46 2013 GMT
*       expire date: Jul 16 20:53:46 2023 GMT
*       common name: ASA Temporary Self Signed Certificate
*       issuer: CN=ASA Temporary Self Signed Certificate
* Server auth using Basic with user 'chartley'
> GET /exec/show%20version HTTP/1.1
> Authorization: Basic <omitted>
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.18 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: 10.42.0.197
> Accept: */*
> Content-Type:text/plain
>
< HTTP/1.1 401 Unauthorized
< Date: Thu, 06 Apr 2017 20:39:38 UTC
< Connection: close
< Content-Type: text/html
< Expires: Thu, 16 Feb 1989 00:00:00 GMT
* Authentication problem. Ignoring this.
< WWW-Authenticate: Basic realm="Authentication"
<
<HEAD><TITLE>Authorization Required</TITLE></HEAD><BODY><H1>Authorization Required</H1>Browser not authentication-capable or authentication failed.</BODY>

* Closing connection #0

This is the script with it working using eval...

#!/usr/bin/bash
set -x
echo "Gimme yo password foo!!"
IFS=$'\n' read -r -s -p 'Password:' pass

pass=$(echo $pass | sed 's/[(\!|\@|\#|\$|\%|\^|\&|\*|\(|\))&]/\\&/g' | sed "s/'//g")

if [[ "$2" =~ [:space:] ]];
then
        CMD=`echo $2 | sed 's/ /\%20/g'`
        #echo "space matched"
        #echo "$2"
fi

if [[ "$CMD" =~ */* ]];
then
        CMD=`echo $2 | 's/[\/]/\%2f/g'`
        #echo "Slash matched"
        #echo "$2"
fi

eval curl -H Content-Type:text/plain -vLk https://$1/exec/$CMD --user "$USER:$pass"
Improve this question
19
  • From the CLI please provide the output of type curl, and which curl. Commented Apr 6, 2017 at 18:28
  • Please add set -x command on second line of your script and show us the output. Commented Apr 6, 2017 at 18:41
  • 1
    As 1st step; put into the shell script exactly your working command, with the hardcoded username:password and nothing more. You will see, the command will work as in plain command-line. Commented Apr 11, 2017 at 20:26
  • 1
    As step2. - if the above is confirmed, thats mean that all speculations about environment and such are wrong, and you must search the error source in the password-mungling part of your script... :) Commented Apr 11, 2017 at 20:28
  • 1
    @jm666 That should have been obvious but I didn't even think of that, thank you. It executed just fine so I now know that although the command is echoed identically something isn't the same when passed to curl. Commented Apr 11, 2017 at 20:31

2 Answers 2

Reset to default
1

The answer was to add "eval" to the curl command.

#!/usr/bin/bash
set -x
echo "Gimme yo password foo!!"
IFS=$'\n' read -r -s -p 'Password:' pass

pass=$(echo $pass | sed 's/[(\!|\@|\#|\$|\%|\^|\&|\*|\(|\))&]/\\&/g' | sed "s/'//g")

if [[ "$2" =~ [:space:] ]];
then
        CMD=`echo $2 | sed 's/ /\%20/g'`
        #echo "space matched"
        #echo "$2"
fi

if [[ "$CMD" =~ */* ]];
then
        CMD=`echo $2 | 's/[\/]/\%2f/g'`
        #echo "Slash matched"
        #echo "$2"
fi

eval curl -H Content-Type:text/plain -vLk https://$1/exec/$CMD --user "$USER:$pass"
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

If it is the last command in your script, exec is also an option.
0

You probably want to use:

read -r -s -p 'Password:' pass
curl ..... needed args  .... --user "$USER:$pass"

without any password mungling and like. (probably don't want change the IFS too (yes, the IFS=$'\n' helps when the password contains trailing space... but first try without any IFS change...) and after IFS=$'\n' read -r -s -p 'Password:' pass

Improve this answer

2 Comments

I did remove the IFS, set -r and -p on the pass read statement to no avail, but you led me to the answer with your suggestion. I don't think eval is the best solution but it makes it work so I'm happy. Thank you @jm666
@CodyHartley Don't understand why you need some eval. The eval is (usually) dangerous. But you know what do you need. :) happy programming.