Revision 0a39f78f
Added by Jim Pingle about 9 years ago
| src/etc/inc/auth.inc | ||
|---|---|---|
| 425 | 425 |
* can cause issues. Just remove crontab before run it when necessary |
| 426 | 426 |
*/ |
| 427 | 427 |
unlink_if_exists("/var/cron/tabs/{$line[0]}");
|
| 428 |
$cmd = "/usr/sbin/pw userdel -n '{$line[0]}'";
|
|
| 428 |
$cmd = "/usr/sbin/pw userdel -n " . escapeshellarg($line[0]);
|
|
| 429 | 429 |
if ($debug) {
|
| 430 | 430 |
log_error(sprintf(gettext("Running: %s"), $cmd));
|
| 431 | 431 |
} |
| ... | ... | |
| 449 | 449 |
if ($line[2] > 65000) {
|
| 450 | 450 |
continue; |
| 451 | 451 |
} |
| 452 |
$cmd = "/usr/sbin/pw groupdel -g {$line[2]}";
|
|
| 452 |
$cmd = "/usr/sbin/pw groupdel -g " . escapeshellarg($line[2]);
|
|
| 453 | 453 |
if ($debug) {
|
| 454 | 454 |
log_error(sprintf(gettext("Running: %s"), $cmd));
|
| 455 | 455 |
} |
| ... | ... | |
| 559 | 559 |
|
| 560 | 560 |
$comment = str_replace(array(":", "!", "@"), " ", $user['descr']);
|
| 561 | 561 |
/* add or mod pw db */ |
| 562 |
$cmd = "/usr/sbin/pw {$user_op} -q -u {$user_uid} -n {$user_name}".
|
|
| 563 |
" -g {$user_group} -s {$user_shell} -d {$user_home}".
|
|
| 564 |
" -c ".escapeshellarg($comment)." -H 0 2>&1"; |
|
| 562 |
$cmd = "/usr/sbin/pw {$user_op} -q " .
|
|
| 563 |
" -u " . escapeshellarg($user_uid) . |
|
| 564 |
" -n " . escapeshellarg($user_name) . |
|
| 565 |
" -g " . escapeshellarg($user_group) . |
|
| 566 |
" -s " . escapeshellarg($user_shell) . |
|
| 567 |
" -d " . escapeshellarg($user_home) . |
|
| 568 |
" -c " . escapeshellarg($comment) . |
|
| 569 |
" -H 0 2>&1"; |
|
| 565 | 570 |
|
| 566 | 571 |
if ($debug) {
|
| 567 | 572 |
log_error(sprintf(gettext("Running: %s"), $cmd));
|
| ... | ... | |
| 603 | 608 |
} |
| 604 | 609 |
|
| 605 | 610 |
$un = $lock_account ? "" : "un"; |
| 606 |
exec("/usr/sbin/pw {$un}lock {$user_name} -q 2>/dev/null");
|
|
| 611 |
exec("/usr/sbin/pw {$un}lock " . escapeshellarg($user_name) . " -q 2>/dev/null");
|
|
| 607 | 612 |
|
| 608 | 613 |
conf_mount_ro(); |
| 609 | 614 |
} |
| ... | ... | |
| 631 | 636 |
} |
| 632 | 637 |
|
| 633 | 638 |
/* delete from pw db */ |
| 634 |
$cmd = "/usr/sbin/pw userdel -n {$user['name']} {$rmhome}";
|
|
| 639 |
$cmd = "/usr/sbin/pw userdel -n " . escapeshellarg($user['name']) . " " . escapeshellarg($rmhome);
|
|
| 635 | 640 |
|
| 636 | 641 |
if ($debug) {
|
| 637 | 642 |
log_error(sprintf(gettext("Running: %s"), $cmd));
|
| ... | ... | |
| 779 | 784 |
} |
| 780 | 785 |
|
| 781 | 786 |
/* determine add or mod */ |
| 782 |
if (mwexec("/usr/sbin/pw groupshow -g {$group_gid} 2>&1", true) == 0) {
|
|
| 787 |
if (mwexec("/usr/sbin/pw groupshow -g " . escapeshellarg($group_gid) . " 2>&1", true) == 0) {
|
|
| 783 | 788 |
$group_op = "groupmod -l"; |
| 784 | 789 |
} else {
|
| 785 | 790 |
$group_op = "groupadd -n"; |
| 786 | 791 |
} |
| 787 | 792 |
|
| 788 | 793 |
/* add or mod group db */ |
| 789 |
$cmd = "/usr/sbin/pw {$group_op} {$group_name} -g {$group_gid} -M '{$group_members}' 2>&1";
|
|
| 794 |
$cmd = "/usr/sbin/pw {$group_op} " .
|
|
| 795 |
escapeshellarg($group_name) . |
|
| 796 |
" -g " . escapeshellarg($group_gid) . |
|
| 797 |
" -M " . escapeshellarg($group_members) . " 2>&1"; |
|
| 790 | 798 |
|
| 791 | 799 |
if ($debug) {
|
| 792 | 800 |
log_error(sprintf(gettext("Running: %s"), $cmd));
|
| ... | ... | |
| 799 | 807 |
global $debug; |
| 800 | 808 |
|
| 801 | 809 |
/* delete from group db */ |
| 802 |
$cmd = "/usr/sbin/pw groupdel {$group['name']}";
|
|
| 810 |
$cmd = "/usr/sbin/pw groupdel " . escapeshellarg($group['name']);
|
|
| 803 | 811 |
|
| 804 | 812 |
if ($debug) {
|
| 805 | 813 |
log_error(sprintf(gettext("Running: %s"), $cmd));
|
Also available in: Unified diff
Use escapeshellarg on shell calls in auth.inc. Ticket #6475