Skip to content

Commit d2842d9

Browse files
committed
Execute users commands directly instead through a shell
See ticket for more info. Ticket: ENT-13535 Signed-off-by: Lars Erik Wik <[email protected]>
1 parent 705d19f commit d2842d9

File tree

1 file changed

+4
-7
lines changed

1 file changed

+4
-7
lines changed

cf-agent/verify_users_pam.c

Lines changed: 4 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -413,7 +413,7 @@ static bool ChangePasswordHashUsingChpasswd(const char *puser, const char *passw
413413
int status;
414414
const char *cmd_str = CHPASSWD " -e";
415415
Log(LOG_LEVEL_VERBOSE, "Changing password hash for user '%s'. (command: '%s')", puser, cmd_str);
416-
FILE *cmd = cf_popen_sh(cmd_str, "w");
416+
FILE *cmd = cf_popen(cmd_str, "w", true);
417417
if (!cmd)
418418
{
419419
Log(LOG_LEVEL_ERR, "Could not launch password changing command '%s': %s.", cmd_str, GetErrorStr());
@@ -645,12 +645,9 @@ static bool ExecuteUserCommand(const char *puser, const char *cmd, size_t sizeof
645645

646646
Log(LOG_LEVEL_VERBOSE, "%s user '%s'. (command: '%s')", cap_action_msg, puser, cmd);
647647

648-
int status = system(cmd);
649-
if (!WIFEXITED(status) || WEXITSTATUS(status) != 0)
650-
{
651-
Log(LOG_LEVEL_ERR, "Command returned error while %s user '%s'. (Command line: '%s')", action_msg, puser, cmd);
652-
return false;
653-
}
648+
FILE *fptr = cf_popen(cmd, "w", true);
649+
cf_pclose(fptr);
650+
654651
return true;
655652
}
656653

0 commit comments

Comments
 (0)