Intermittently i am getting following error:
sqsh: Error: Can't read password from pipe (filedes=3)
sqsh: -¨: No error
I am making following call to connect to SQL Server 2005 from Solaris x86:
/usr/local/bin/sqsh -S$MSSQL_SERVER -U$USER -P$PASSWORD -w1000
Well, something in the hide_password function (write to pipe) and subsequent password handling during parameter processing (read from pipe) goes wrong. What is the content of the $PASSWORD variable, any strange characters? Are the variables exported or not? Are you able to connect when specifying server,user and password in plain text on the shell prompt, i.e.
/usr/local/bin/sqsh -Sservername -Usa -Ppassword
Are you able to connect when you do not specify the -P parameter at all and let sqsh prompt you for a password?
Can you comment out or remove line 52 in src/sqsh_main.c and rebuild sqsh. This will not build the hide_password functionality into sqsh then. Does this work OK for you?
Thanks for replying.
No strange characters in $PASSWORD. I verified it that variables are exported. Yes i am able to connect without issues from command line by specifying those variables.
If i dont use -P password it asks me for password on sqsh prompt.
We have a script which runs and checks for data every 5 seconds, it will run fine for few iterations but then suddenly get this error, please see the script snippet below:
${MSSQLISQL} <<!EOF! 1> ${TMPSQLFILE} 2> ${TMPSQLFILE}
use ${DB}
go
DECLARE @PID numeric(18,0)
DECLARE @MSG varchar(255)
DECLARE @MSGTYPE int
EXEC dbo.GetProcessStatus @ProcessType ='${PROCESS_TYPE}', @ProcessId = @PID OUTPUT, @Message = @MSG OUTPUT, @MessageType = @MSGTYPE OUTPUT
go
!EOF!
I will try it out by commenting out line 52. When we tried version 2.1.4 we got similar error while running job (unix scripts) from control-m scheduler.
Again, thanks for replying.
After commenting out line 52 it did work. Will it cause any other issue?
What should case '\250' handle if we comment out line 52?
Thanks
When SQSH_HIDEPWD is defined in the code, sqsh calls function hide_password immediately after starting. This functions checks the parameter list for an occurrence of -P. If found, it modifies the parameter list by removing the -P parameter and argument. It then opens a pipe and adds the \250 parameter to the argv[] list with the pipe input and output file descriptor numbers as arguments and then forks. The parent process writes the password to the pipe and terminates. The child process continues processing and restarts itself (execvp) with the modified parameter list. This new process finds the \250 parameter in the list, and reads the password from the pipe.
The main idea is to hide the password from the argument list so that the password cannot be discovered by executing the 'ps -ef' command, for example.
By undefining SQSH_HIDEPWD, the -P parameter is just handled by the case statement on line 423. The program tries to replace the password with blanks in the arguments list, but on Solaris for example, the real password can still be revealed by running 'ps -ef | grep sqsh' . The handling of the \250 parameter is empty in this case, i.e. there is no code to compile because the pre-compiler removed the code as SQSH_HIDEPWD is undefined.
The first method of hiding the password from the parameter/argument list is considered more safe.
HTH,
Martin.
Hi
We have seen the same behaviour on Solaris 8 SPARC with a 64 bit sqsh binary.
tim