summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorRodrigo Moya <rodrigo@gnome-db.org>2011-06-16 12:56:05 +0200
committerRay Strode <rstrode@redhat.com>2011-07-19 10:52:22 -0400
commit76240f56c816a3164dec210d6722ed9d461423cd (patch)
tree5fbc8229902a42edaa02cd39fd5efc7ebdf9f865 /src
parentd29454d0d0d8a2e075657068c5a039f6da2e790c (diff)
daemon: Add '--' to argument builders before the user's name
This avoids confusing the command line tools with unexpected users' names https://bugs.freedesktop.org/show_bug.cgi?id=38365
Diffstat (limited to 'src')
-rw-r--r--src/daemon.c24
-rw-r--r--src/user.c66
2 files changed, 52 insertions, 38 deletions
diff --git a/src/daemon.c b/src/daemon.c
index 2a18924..a34ccfa 100644
--- a/src/daemon.c
+++ b/src/daemon.c
@@ -1119,7 +1119,7 @@ daemon_create_user_authorized_cb (Daemon *daemon,
CreateUserData *cd = data;
User *user;
GError *error;
- gchar *argv[8];
+ gchar *argv[9];
if (getpwnam (cd->user_name) != NULL) {
throw_error (context, ERROR_USER_EXISTS, "A user with name '%s' already exists", cd->user_name);
@@ -1136,12 +1136,14 @@ daemon_create_user_authorized_cb (Daemon *daemon,
if (cd->account_type == ACCOUNT_TYPE_ADMINISTRATOR) {
argv[4] = "-G";
argv[5] = "wheel";
- argv[6] = cd->user_name;
- argv[7] = NULL;
+ argv[6] = "--";
+ argv[7] = cd->user_name;
+ argv[8] = NULL;
}
else if (cd->account_type == ACCOUNT_TYPE_STANDARD) {
- argv[4] = cd->user_name;
- argv[5] = NULL;
+ argv[4] = "--";
+ argv[5] = cd->user_name;
+ argv[6] = NULL;
}
else {
throw_error (context, ERROR_FAILED, "Don't know how to add user of type %d", cd->account_type);
@@ -1202,7 +1204,7 @@ daemon_delete_user_authorized_cb (Daemon *daemon,
GError *error;
gchar *filename;
struct passwd *pwent;
- gchar *argv[4];
+ gchar *argv[5];
pwent = getpwuid (ud->uid);
@@ -1217,12 +1219,14 @@ daemon_delete_user_authorized_cb (Daemon *daemon,
argv[0] = "/usr/sbin/userdel";
if (ud->remove_files) {
argv[1] = "-r";
- argv[2] = pwent->pw_name;
- argv[3] = NULL;
+ argv[2] = "--";
+ argv[3] = pwent->pw_name;
+ argv[4] = NULL;
}
else {
- argv[1] = pwent->pw_name;
- argv[2] = NULL;
+ argv[1] = "--";
+ argv[2] = pwent->pw_name;
+ argv[3] = NULL;
}
error = NULL;
diff --git a/src/user.c b/src/user.c
index 8741348..e68ed26 100644
--- a/src/user.c
+++ b/src/user.c
@@ -827,7 +827,7 @@ user_change_real_name_authorized_cb (Daemon *daemon,
{
gchar *name = data;
GError *error;
- gchar *argv[5];
+ gchar *argv[6];
if (g_strcmp0 (user->real_name, name) != 0) {
sys_log (context,
@@ -837,8 +837,9 @@ user_change_real_name_authorized_cb (Daemon *daemon,
argv[0] = "/usr/sbin/usermod";
argv[1] = "-c";
argv[2] = name;
- argv[3] = user->user_name;
- argv[4] = NULL;
+ argv[3] = "--";
+ argv[4] = user->user_name;
+ argv[5] = NULL;
error = NULL;
if (!spawn_with_login_uid (context, argv, &error)) {
@@ -907,7 +908,7 @@ user_change_user_name_authorized_cb (Daemon *daemon,
gchar *name = data;
gchar *old_name;
GError *error;
- gchar *argv[5];
+ gchar *argv[6];
if (g_strcmp0 (user->user_name, name) != 0) {
old_name = g_strdup (user->user_name);
@@ -918,8 +919,9 @@ user_change_user_name_authorized_cb (Daemon *daemon,
argv[0] = "/usr/sbin/usermod";
argv[1] = "-l";
argv[2] = name;
- argv[3] = user->user_name;
- argv[4] = NULL;
+ argv[3] = "--";
+ argv[4] = user->user_name;
+ argv[5] = NULL;
error = NULL;
if (!spawn_with_login_uid (context, argv, &error)) {
@@ -1236,7 +1238,7 @@ user_change_home_dir_authorized_cb (Daemon *daemon,
{
gchar *home_dir = data;
GError *error;
- gchar *argv[6];
+ gchar *argv[7];
if (g_strcmp0 (user->home_dir, home_dir) != 0) {
sys_log (context,
@@ -1247,8 +1249,9 @@ user_change_home_dir_authorized_cb (Daemon *daemon,
argv[1] = "-m";
argv[2] = "-d";
argv[3] = home_dir;
- argv[4] = user->user_name;
- argv[5] = NULL;
+ argv[4] = "--";
+ argv[5] = user->user_name;
+ argv[6] = NULL;
error = NULL;
if (!spawn_with_login_uid (context, argv, &error)) {
@@ -1294,7 +1297,7 @@ user_change_shell_authorized_cb (Daemon *daemon,
{
gchar *shell = data;
GError *error;
- gchar *argv[5];
+ gchar *argv[6];
if (g_strcmp0 (user->shell, shell) != 0) {
sys_log (context,
@@ -1304,8 +1307,9 @@ user_change_shell_authorized_cb (Daemon *daemon,
argv[0] = "/usr/sbin/usermod";
argv[1] = "-s";
argv[2] = shell;
- argv[3] = user->user_name;
- argv[4] = NULL;
+ argv[3] = "--";
+ argv[4] = user->user_name;
+ argv[5] = NULL;
error = NULL;
if (!spawn_with_login_uid (context, argv, &error)) {
@@ -1550,7 +1554,7 @@ user_change_locked_authorized_cb (Daemon *daemon,
{
gboolean locked = GPOINTER_TO_INT (data);
GError *error;
- gchar *argv[4];
+ gchar *argv[5];
if (user->locked != locked) {
sys_log (context,
@@ -1558,8 +1562,9 @@ user_change_locked_authorized_cb (Daemon *daemon,
locked ? "locking" : "unlocking", user->user_name, user->uid);
argv[0] = "/usr/sbin/usermod";
argv[1] = locked ? "-L" : "-U";
- argv[2] = user->user_name;
- argv[3] = NULL;
+ argv[2] = "--";
+ argv[3] = user->user_name;
+ argv[4] = NULL;
error = NULL;
if (!spawn_with_login_uid (context, argv, &error)) {
@@ -1610,7 +1615,7 @@ user_change_account_type_authorized_cb (Daemon *daemon,
gid_t wheel;
struct group *grp;
gint i;
- gchar *argv[5];
+ gchar *argv[6];
if (user->account_type != account_type) {
sys_log (context,
@@ -1646,8 +1651,9 @@ user_change_account_type_authorized_cb (Daemon *daemon,
argv[0] = "/usr/sbin/usermod";
argv[1] = "-G";
argv[2] = str->str;
- argv[3] = user->user_name;
- argv[4] = NULL;
+ argv[3] = "--";
+ argv[4] = user->user_name;
+ argv[5] = NULL;
g_string_free (str, FALSE);
@@ -1699,7 +1705,7 @@ user_change_password_mode_authorized_cb (Daemon *daemon,
{
gint mode = GPOINTER_TO_INT (data);
GError *error;
- gchar *argv[5];
+ gchar *argv[6];
if (user->password_mode != mode) {
sys_log (context,
@@ -1713,8 +1719,9 @@ user_change_password_mode_authorized_cb (Daemon *daemon,
argv[0] = "/usr/bin/passwd";
argv[1] = "-d";
- argv[2] = user->user_name;
- argv[3] = NULL;
+ argv[2] = "--";
+ argv[3] = user->user_name;
+ argv[4] = NULL;
error = NULL;
if (!spawn_with_login_uid (context, argv, &error)) {
@@ -1727,8 +1734,9 @@ user_change_password_mode_authorized_cb (Daemon *daemon,
argv[0] = "/usr/bin/chage";
argv[1] = "-d";
argv[2] = "0";
- argv[3] = user->user_name;
- argv[4] = NULL;
+ argv[3] = "--";
+ argv[4] = user->user_name;
+ argv[5] = NULL;
error = NULL;
if (!spawn_with_login_uid (context, argv, &error)) {
@@ -1754,8 +1762,9 @@ user_change_password_mode_authorized_cb (Daemon *daemon,
else if (user->locked) {
argv[0] = "/usr/sbin/usermod";
argv[1] = "-U";
- argv[2] = user->user_name;
- argv[3] = NULL;
+ argv[2] = "--";
+ argv[3] = user->user_name;
+ argv[4] = NULL;
error = NULL;
if (!spawn_with_login_uid (context, argv, &error)) {
@@ -1832,7 +1841,7 @@ user_change_password_authorized_cb (Daemon *daemon,
{
gchar **strings = data;
GError *error;
- gchar *argv[5];
+ gchar *argv[6];
sys_log (context,
"set password and hint of user '%s' (%d)",
@@ -1843,8 +1852,9 @@ user_change_password_authorized_cb (Daemon *daemon,
argv[0] = "/usr/sbin/usermod";
argv[1] = "-p";
argv[2] = strings[0];
- argv[3] = user->user_name;
- argv[4] = NULL;
+ argv[3] = "--";
+ argv[4] = user->user_name;
+ argv[5] = NULL;
error = NULL;
if (!spawn_with_login_uid (context, argv, &error)) {
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-26 09:38:39 +0000