Univention Bugzilla – Attachment 5327 Details for
Bug 24758
Insecure quoting, global variables in umc.sh, join fails if password contains space
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Workaround shell quoting
23758_lib-umc-quote.diff (text/plain), 4.42 KB, created by
Philipp Hahn
on 2013-07-17 19:08:41 CEST
(
hide
)
Description:
Workaround shell quoting
Filename:
MIME Type:
Creator:
Philipp Hahn
Created:
2013-07-17 19:08:41 CEST
Size:
4.42 KB
patch
obsolete
>diff --git a/branches/ucs-3.2/ucs-3.2-0/base/univention-lib/shell/umc.sh b/branches/ucs-3.2/ucs-3.2-0/base/univention-lib/shell/umc.sh >index f02d78b..7d04eea 100644 >--- a/branches/ucs-3.2/ucs-3.2-0/base/univention-lib/shell/umc.sh >+++ b/branches/ucs-3.2/ucs-3.2-0/base/univention-lib/shell/umc.sh >@@ -34,11 +34,34 @@ > > eval "$(ucr shell ldap/base)" > >-BIND_ARGS="$@" >+_quote () { # escaoe any single quote in an argument >+ echo "$1" | sed -e "s,','\\\\'',g" >+} >+# save up a propery quoted/escaped version of "$@" >+_udm_args= >+for arg in "$@" >+do >+ _udm_agrs="${_udm_args:+$_udm_args }'$(_quote "$arg")'" >+done >+_udm () { # internal wrapper for univention-directory-manager to build $cmd >+ local arg >+ cmd="univention-directory-manager '$(_quote "$1")' '$(_quote "$2")' $_udm_args" >+ shift 2 >+ for arg in "$@" >+ do >+ cmd="$cmd '$(_quote "$arg")'" >+ done >+} >+udm () { # wrapper for univention-directory-manager >+ local cmd >+ _udm "$@" >+ eval "$cmd" >+} > > umc_frontend_new_hash () { > # create new timestamps for index.html and debug.html in order to > # avoid caching problems in browsers >+ local timestamp ifile f idir > timestamp=$(date +'%Y%d%m%H%M%S') > for ifile in index.html debug.html js/umc/login.html; do > f="/usr/share/univention-management-console-frontend/$ifile" >@@ -56,53 +79,50 @@ umc_frontend_new_hash () { > > umc_init () { > # containers >- udm container/cn create $BIND_ARGS --ignore_exists --position cn=univention,$ldap_base --set name=UMC || exit $? >- udm container/cn create $BIND_ARGS --ignore_exists --position cn=policies,$ldap_base --set name=UMC --set policyPath=1 || exit $? >- udm container/cn create $BIND_ARGS --ignore_exists --position cn=UMC,cn=univention,$ldap_base --set name=operations || exit $? >+ udm container/cn create --ignore_exists --position "cn=univention,$ldap_base" --set name=UMC || exit $? >+ udm container/cn create --ignore_exists --position "cn=policies,$ldap_base" --set name=UMC --set policyPath=1 || exit $? >+ udm container/cn create --ignore_exists --position "cn=UMC,cn=univention,$ldap_base" --set name=operations || exit $? > > # default policies >- udm policies/umc create $BIND_ARGS --ignore_exists --set name=default-umc-all \ >- --position cn=UMC,cn=policies,$ldap_base || exit $? >+ udm policies/umc create --ignore_exists --set name=default-umc-all \ >+ --position "cn=UMC,cn=policies,$ldap_base" || exit $? > > # link default admin policy to the domain admins >- udm groups/group modify $BIND_ARGS --ignore_exists --dn "cn=Domain Admins,cn=groups,$ldap_base" \ >+ udm groups/group modify --ignore_exists --dn "cn=Domain Admins,cn=groups,$ldap_base" \ > --policy-reference="cn=default-umc-all,cn=UMC,cn=policies,$ldap_base" || exit $? > } > > _umc_remove_old () { > # removes an object and ignores all errors >- name=$1; shift >- module=$1; shift >- container=$1 >- >- udm $module remove $BIND_ARGS --dn "cn=$name,$container,$ldap_base" 2>/dev/null || true >+ local name="$1" module="$2" container="$3" >+ udm "$module" remove --dn "cn=$name,$container,$ldap_base" 2>/dev/null || true > } > > umc_operation_create () { > # example: umc_operation_create "udm" "UDM" "users/user" "udm/*:objectType=users/*" >- name=$1; shift >- description=$1; shift >- flavor=$1; shift >- operations="" >- for oper in "$@"; do >- operations="$operations --append operation=$oper " >- done >- udm settings/umc_operationset create $BIND_ARGS --ignore_exists \ >- --position cn=operations,cn=UMC,cn=univention,$ldap_base \ >+ local name="$1" description="$2" flavor="$3" oper cmd >+ shift 3 >+ _udm settings/umc_operationset create --ignore_exists \ >+ --position "cn=operations,cn=UMC,cn=univention,$ldap_base" \ > --set name="$name" \ > --set description="$description" \ >- --set flavor="$flavor" $operations || exit $? >+ --set flavor="$flavor" >+ for oper in "$@" >+ do >+ cmd="$cmd --append operation='$(_quote "$oper")'" >+ done >+ eval "$cmd || exit \$?" > } > > umc_policy_append () { > # example: umc_policy_append "default-umc-all" "udm-all" "udm-users" >- policy="$1"; shift >- >- ops="" >- for op in "$@"; do >- ops="$ops --append allow=cn=$op,cn=operations,cn=UMC,cn=univention,$ldap_base " >+ local policy="$1" op cmd >+ shift >+ _udm policies/umc modify --ignore_exists \ >+ --dn "cn=$policy,cn=UMC,cn=policies,$ldap_base" >+ for op in "$@" >+ do >+ cmd="$cmd --append allow='$(_quote "cn=$op,cn=operations,cn=UMC,cn=univention,$ldap_base")'" > done >- >- udm policies/umc modify $BIND_ARGS --ignore_exists \ >- --dn "cn=$policy,cn=UMC,cn=policies,$ldap_base" $ops || exit $? >+ eval "$cmd || exit \$?" > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=5327">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 24758
: 5327