system: configctl and cron command/parameter passing

[M4jx]

Important notices

Before you add a new report, we ask you kindly to acknowledge the following:

• I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
• I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue

Problem

When configctl is invoked with empty string arguments (e.g., to skip optional positional parameters), the empty strings are silently discarded, causing all subsequent arguments to shift left into the wrong parameter positions.

Root Cause

core/src/opnsense/service/configd_ctl.py

Line 114 in 56ea14f

exec_commands=[' '.join(args.command)]

The ' '.join() on args.command converts empty strings into zero-width gaps between spaces. When configd receives this string and parses it with shlex.split(), consecutive spaces are treated as a single delimiter, the empty parameters are lost entirely.

Example: configctl filter list states '' 5 '' '' ''

The value 5 lands in --filter instead of --limit.

This affects any action where callers need to skip leading positional parameters. The PHP equivalent (Backend::configdpRun) does not have this bug because it uses escapeshellarg() which preserves empty strings as '' tokens.

Suggested Fix

Modify core/src/opnsense/service/configd_ctl.py

import shlex  # add import

# line 114: replace
exec_commands=[' '.join(args.command)]
# with
exec_commands=[' '.join(shlex.quote(c) for c in args.command)]

This mirrors what PHP's Backend::configdpRun already does with escapeshellarg(). Both preserve empty strings as quoted '' tokens. On the configd daemon side, shlex.split() in processhandler.py already correctly reconstructs '' back into empty strings, so no changes are needed there.

[AdSchellevis]

@M4jx if you like, you can open a PR with the suggested change as well, it looks like a good addition.

[AdSchellevis]

#10076

[sopex]

@M4jx I really don't like you :)

[fichtner]

@sopex that's not the type of message that immediately helps to review and correct the code...

This is in reference to a suspected regression discussed here #10098 (comment)

[sopex]

@sopex that's not the type of message that immediately helps to review and correct the code...

What's life without some light banter?

Anyway, shlex.quote probably outputs this "'system remote backup' X" and configd tries to find "actions_system remote backup.conf" instead of actions_system.conf

Could this work?
exec_commands=[' '.join(c if c != '' else "''" for c in args.command)]

[M4jx]

While investigating @sopex's reported issue, I found that #10076 has a potential regression affecting cron jobs rendered through the user.cron template.

The template passes the entire job.command as a single quoted shell argument. Before #10076, configd_ctl.py joined args without quoting, so configd's shlex.split would re-split them into individual tokens, making this work by accident.
After #10076, shlex.quote preserves the multi-word string as a single token, which find_action cannot match in the action tree.

core/src/opnsense/service/templates/OPNsense/Cron/user.cron

Lines 13 to 16 in cdf1720

	{{job.minutes}} {{job.hours}} {{job.days}} {{job.months}} {{job.weekdays}} /usr/local/sbin/configctl -d -- {{job.command|replace("\n", "")|shlex_quote}}{%
	if job.parameters %}{%
	for param in job.parameters|shlex_split %} {{param|replace("\n", "")|shlex_quote}}{%
	endfor %}{% endif %}

This regression only affects user cron jobs rendered through user.cron template (i.e., jobs created via the GUI?).
Autocron jobs (e.g., from core_cron) are not affected, they are collected by plugins_cron() and written directly into /var/cron/tabs/root by system.inc:1156, bypassing the user.cron template.