SMB passwords with special characters not accepted

[jorgwolski]

What version of Music Assistant has the issue?

2.0.0

What version of the Home Assistant Integration have you got installed?

2.0.0

Have you tried everything in the Troubleshooting FAQ and reviewed the Open and Closed Issues and Discussions to resolve this yourself?

• [X] Yes

The problem

If the SMB use has a password containing special characters (in my case ?$+& are used), connection failed with the following error message: 2024-05-10 10:15:43.545 ERROR (MainThread) [music_assistant.webserver] Error handling message: config/providers/save: Connection failed for the given details: SMB mount failed with error: mount error(13): Permission denied Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg) User has read and write permissions. Using an user with a password just containing numbers and letters works with the same permission settings on the server side.

How to reproduce

• Try to add music provider "File system (remote share)" using an user, with a password containing special characters.

Music Providers

File system (remote share)

Player Providers

• Chromecast
• Home Assistant media players

Full log output

No response

Additional information

Used hardware: HA Yellow

What version of Home Assistant Core are your running

2024.5.2

What type of installation are you running?

Home Assistant OS

On what type of hardware are you running?

Alternative

[adub08]

I can also confirm the same issue

[OzGav]

Thanks its on the list to be fixed

[MelHarbour]

Note that I believe this is also a (small) security vulnerability. The inputs aren't sanitised in any way before being passed to create_subprocess_shell - this leaves it potentially open to some form of injection attack.

[MelHarbour]

Probably all user-supplied inputs should be passed through something like https://docs.python.org/3/library/shlex.html#shlex.quote