Revision 1929acf1
Added by Jim Pingle about 9 years ago
| src/etc/inc/auth.inc | ||
|---|---|---|
| 425 | 425 |
* can cause issues. Just remove crontab before run it when necessary |
| 426 | 426 |
*/ |
| 427 | 427 |
unlink_if_exists("/var/cron/tabs/{$line[0]}");
|
| 428 |
$cmd = "/usr/sbin/pw userdel -n '{$line[0]}'";
|
|
| 428 |
$cmd = "/usr/sbin/pw userdel -n " . escapeshellarg($line[0]);
|
|
| 429 | 429 |
if ($debug) {
|
| 430 | 430 |
log_error(sprintf(gettext("Running: %s"), $cmd));
|
| 431 | 431 |
} |
| ... | ... | |
| 449 | 449 |
if ($line[2] > 65000) {
|
| 450 | 450 |
continue; |
| 451 | 451 |
} |
| 452 |
$cmd = "/usr/sbin/pw groupdel -g {$line[2]}";
|
|
| 452 |
$cmd = "/usr/sbin/pw groupdel -g " . escapeshellarg($line[2]);
|
|
| 453 | 453 |
if ($debug) {
|
| 454 | 454 |
log_error(sprintf(gettext("Running: %s"), $cmd));
|
| 455 | 455 |
} |
| ... | ... | |
| 557 | 557 |
|
| 558 | 558 |
$comment = str_replace(array(":", "!", "@"), " ", $user['descr']);
|
| 559 | 559 |
/* add or mod pw db */ |
| 560 |
$cmd = "/usr/sbin/pw {$user_op} -q -u {$user_uid} -n {$user_name}".
|
|
| 561 |
" -g {$user_group} -s {$user_shell} -d {$user_home}".
|
|
| 562 |
" -c ".escapeshellarg($comment)." -H 0 2>&1"; |
|
| 560 |
$cmd = "/usr/sbin/pw {$user_op} -q " .
|
|
| 561 |
" -u " . escapeshellarg($user_uid) . |
|
| 562 |
" -n " . escapeshellarg($user_name) . |
|
| 563 |
" -g " . escapeshellarg($user_group) . |
|
| 564 |
" -s " . escapeshellarg($user_shell) . |
|
| 565 |
" -d " . escapeshellarg($user_home) . |
|
| 566 |
" -c " . escapeshellarg($comment) . |
|
| 567 |
" -H 0 2>&1"; |
|
| 563 | 568 |
|
| 564 | 569 |
if ($debug) {
|
| 565 | 570 |
log_error(sprintf(gettext("Running: %s"), $cmd));
|
| ... | ... | |
| 593 | 598 |
} |
| 594 | 599 |
|
| 595 | 600 |
$un = $lock_account ? "" : "un"; |
| 596 |
exec("/usr/sbin/pw {$un}lock {$user_name} -q 2>/dev/null");
|
|
| 601 |
exec("/usr/sbin/pw {$un}lock " . escapeshellarg($user_name) . " -q 2>/dev/null");
|
|
| 597 | 602 |
|
| 598 | 603 |
conf_mount_ro(); |
| 599 | 604 |
} |
| ... | ... | |
| 621 | 626 |
} |
| 622 | 627 |
|
| 623 | 628 |
/* delete from pw db */ |
| 624 |
$cmd = "/usr/sbin/pw userdel -n {$user['name']} {$rmhome}";
|
|
| 629 |
$cmd = "/usr/sbin/pw userdel -n " . escapeshellarg($user['name']) . " " . escapeshellarg($rmhome);
|
|
| 625 | 630 |
|
| 626 | 631 |
if ($debug) {
|
| 627 | 632 |
log_error(sprintf(gettext("Running: %s"), $cmd));
|
| ... | ... | |
| 769 | 774 |
} |
| 770 | 775 |
|
| 771 | 776 |
/* determine add or mod */ |
| 772 |
if (mwexec("/usr/sbin/pw groupshow -g {$group_gid} 2>&1", true) == 0) {
|
|
| 777 |
if (mwexec("/usr/sbin/pw groupshow -g " . escapeshellarg($group_gid) . " 2>&1", true) == 0) {
|
|
| 773 | 778 |
$group_op = "groupmod -l"; |
| 774 | 779 |
} else {
|
| 775 | 780 |
$group_op = "groupadd -n"; |
| 776 | 781 |
} |
| 777 | 782 |
|
| 778 | 783 |
/* add or mod group db */ |
| 779 |
$cmd = "/usr/sbin/pw {$group_op} {$group_name} -g {$group_gid} -M '{$group_members}' 2>&1";
|
|
| 784 |
$cmd = "/usr/sbin/pw {$group_op} " .
|
|
| 785 |
escapeshellarg($group_name) . |
|
| 786 |
" -g " . escapeshellarg($group_gid) . |
|
| 787 |
" -M " . escapeshellarg($group_members) . " 2>&1"; |
|
| 780 | 788 |
|
| 781 | 789 |
if ($debug) {
|
| 782 | 790 |
log_error(sprintf(gettext("Running: %s"), $cmd));
|
| ... | ... | |
| 789 | 797 |
global $debug; |
| 790 | 798 |
|
| 791 | 799 |
/* delete from group db */ |
| 792 |
$cmd = "/usr/sbin/pw groupdel {$group['name']}";
|
|
| 800 |
$cmd = "/usr/sbin/pw groupdel " . escapeshellarg($group['name']);
|
|
| 793 | 801 |
|
| 794 | 802 |
if ($debug) {
|
| 795 | 803 |
log_error(sprintf(gettext("Running: %s"), $cmd));
|
Also available in: Unified diff
Use escapeshellarg on shell calls in auth.inc. Ticket #6475