summaryrefslogtreecommitdiffhomepage
path: root/loginutils/adduser.c
diff options
context:
space:
mode:
authorDenys Vlasenko <vda.linux@googlemail.com>2011-05-13 03:19:01 +0200
committerDenys Vlasenko <vda.linux@googlemail.com>2011-05-13 03:19:01 +0200
commit12a432715f066cf9d677316a39c9e0ebc6d72404 (patch)
tree14a33cdedbd6ba7739449cc3dec968b55a01efad /loginutils/adduser.c
parent0806e401d6747c391fa0427e0ccba9951f9a1c3d (diff)
adduser: safe username passing to passwd/addgroup
passwd: support creating SHA passwords random code shrink function old new delta crypt_make_pw_salt - 87 +87 adduser_main 883 904 +21 ... crypt_make_salt 99 89 -10 chpasswd_main 329 312 -17 packed_usage 28731 28691 -40 passwd_main 1070 1000 -70 cryptpw_main 310 224 -86 ------------------------------------------------------------------------------ (add/remove: 1/0 grow/shrink: 4/12 up/down: 154/-288) Total: -134 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'loginutils/adduser.c')
-rw-r--r--loginutils/adduser.c16
1 files changed, 9 insertions, 7 deletions
diff --git a/loginutils/adduser.c b/loginutils/adduser.c
index 1944d9d56..a05b72158 100644
--- a/loginutils/adduser.c
+++ b/loginutils/adduser.c
@@ -82,21 +82,23 @@ static void passwd_study(struct passwd *p)
static void addgroup_wrapper(struct passwd *p, const char *group_name)
{
- char *argv[5];
+ char *argv[6];
argv[0] = (char*)"addgroup";
if (group_name) {
/* Add user to existing group */
- argv[1] = p->pw_name;
- argv[2] = (char*)group_name;
- argv[3] = NULL;
+ argv[1] = (char*)"--";
+ argv[2] = p->pw_name;
+ argv[3] = (char*)group_name;
+ argv[4] = NULL;
} else {
/* Add user to his own group with the first free gid found in passwd_study */
//TODO: to be compatible with external addgroup programs we should use --gid instead...
argv[1] = (char*)"-g";
argv[2] = utoa(p->pw_gid);
- argv[3] = p->pw_name;
- argv[4] = NULL;
+ argv[3] = (char*)"--";
+ argv[4] = p->pw_name;
+ argv[5] = NULL;
}
spawn_and_wait(argv);
@@ -106,7 +108,7 @@ static void passwd_wrapper(const char *login_name) NORETURN;
static void passwd_wrapper(const char *login_name)
{
- BB_EXECLP("passwd", "passwd", login_name, NULL);
+ BB_EXECLP("passwd", "passwd", "--", login_name, NULL);
bb_error_msg_and_die("can't execute passwd, you must set password manually");
}