From e7c8da691309f2bcaa0c78cd5fb3c7793f2e2c75 Mon Sep 17 00:00:00 2001 From: Noriko Hosoi Date: Apr 08 2015 00:05:38 +0000 Subject: Ticket #48143 - Password is not correctly passed to perl command line tools if it contains shell special characters. Description: If a password contains shell special characters such as '$', '!', '"', or ''', they were evaluated before passing to the core programs, e.g., ns-slapd for import and export or ldapmodify for tasks. This patch escapes the special characters using shellEscape subroutine in DSUtil.pm. Example: Directory Manager Password: pas$w!or'd" $ ./db2ldif.pl -n userRoot -D 'cn=directory manager' -w -w pas\$w\!or\'d\" Successfully added task entry "cn=export_2015_4_7_15_17_16,cn=export,cn=tasks,cn=config" https://fedorahosted.org/389/ticket/48143 Reviewed by rmeggins@redhat.com (Thank you, Rich!!) --- diff --git a/ldap/admin/src/scripts/DSUtil.pm.in b/ldap/admin/src/scripts/DSUtil.pm.in index 818fafa..879c6d8 100644 --- a/ldap/admin/src/scripts/DSUtil.pm.in +++ b/ldap/admin/src/scripts/DSUtil.pm.in @@ -1433,6 +1433,7 @@ sub ldapmod { my $protocol_error; my $result; my $rc; + my $myrootdnpw = shellEscape($info{rootdnpw}); # # write the entry to file so we can grab the result code after running ldapmodify(-f) @@ -1456,7 +1457,7 @@ sub ldapmod { unlink ($file); return 1; } - + # # Execute ldapmodify using the specified/most secure protocol # @@ -1468,9 +1469,9 @@ sub ldapmod { print "STARTTLS)\n"; } if($info{openldap} eq "yes"){ - system "ldapmodify -x -ZZ -h $info{host} -p $info{port} -D \"$info{rootdn}\" -w \"$info{rootdnpw}\" $info{args} -f \"$file\" > /dev/null"; + system "ldapmodify -x -ZZ -h $info{host} -p $info{port} -D \"$info{rootdn}\" -w $myrootdnpw $info{args} -f \"$file\" > /dev/null"; } else { - system "ldapmodify -ZZZ -P \"$info{certdir}\" -h $info{host} -p $info{port} -D \"$info{rootdn}\" -w \"$info{rootdnpw}\" $info{args} -f \"$file\" > /dev/null"; + system "ldapmodify -ZZZ -P \"$info{certdir}\" -h $info{host} -p $info{port} -D \"$info{rootdn}\" -w $myrootdnpw $info{args} -f \"$file\" > /dev/null"; } } elsif (($info{security} eq "on" && $info{protocol} eq "") || ($info{security} eq "on" && $info{protocol} =~ m/LDAPS/i) ){ # @@ -1480,9 +1481,9 @@ sub ldapmod { print "LDAPS)\n"; } if($info{openldap} eq "yes"){ - system "ldapmodify -x -H \"ldaps://$info{host}:$info{secure_port}\" -D \"$info{rootdn}\" -w \"$info{rootdnpw}\" $info{args} -f \"$file\" > /dev/null"; + system "ldapmodify -x -H \"ldaps://$info{host}:$info{secure_port}\" -D \"$info{rootdn}\" -w $myrootdnpw $info{args} -f \"$file\" > /dev/null"; } else { - system "ldapmodify -Z -P \"$info{certdir}\" -p $info{secure_port} -D \"$info{rootdn}\" -w \"$info{rootdnpw}\" $info{args} -f \"$file\" > /dev/null"; + system "ldapmodify -Z -P \"$info{certdir}\" -p $info{secure_port} -D \"$info{rootdn}\" -w $myrootdnpw $info{args} -f \"$file\" > /dev/null"; } } elsif (($info{openldap} eq "yes") && (($info{ldapi} eq "on" && $info{protocol} eq "") || ($info{ldapi} eq "on" && $info{protocol} =~ m/LDAPI/i)) ){ # @@ -1497,7 +1498,7 @@ sub ldapmod { if($protocol_error eq "yes"){ print "LDAPI)\n"; } - system "ldapmodify -x -H \"$info{ldapiURL}\" -D \"$info{rootdn}\" -w \"$info{rootdnpw}\" $info{args} -f \"$file\" > /dev/null"; + system "ldapmodify -x -H \"$info{ldapiURL}\" -D \"$info{rootdn}\" -w $myrootdnpw $info{args} -f \"$file\" > /dev/null"; } } else { # @@ -1507,9 +1508,9 @@ sub ldapmod { print "LDAP)\n"; } if($info{openldap} eq "yes"){ - system "ldapmodify -x -h $info{host} -p $info{port} -D \"$info{rootdn}\" -w \"$info{rootdnpw}\" $info{args} -f \"$file\" > /dev/null"; + system "ldapmodify -x -h $info{host} -p $info{port} -D \"$info{rootdn}\" -w $myrootdnpw $info{args} -f \"$file\" > /dev/null"; } else { - system "ldapmodify -h $info{host} -p $info{port} -D \"$info{rootdn}\" -w \"$info{rootdnpw}\" $info{args} -f \"$file\" > /dev/null"; + system "ldapmodify -h $info{host} -p $info{port} -D \"$info{rootdn}\" -w $myrootdnpw $info{args} -f \"$file\" > /dev/null"; } } unlink ($file); @@ -1528,6 +1529,7 @@ sub ldapsrch { my $protocol_error; my $search; my $result; + my $myrootdnpw = shellEscape($info{rootdnpw}); $result = check_protocol(%info); if($result == 1){ @@ -1544,11 +1546,11 @@ sub ldapsrch { print "STARTTLS)\n"; } if($info{openldap} eq "yes"){ - $search = "ldapsearch -x -LLL -ZZ -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w \"$info{rootdnpw}\" " . - "$info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs}"; + $search = "ldapsearch -x -LLL -ZZ -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw " . + "$info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs}"; } else { $search = "ldapsearch -ZZZ -P \"$info{certdir}\" -p $info{port} -h $info{host} -D \"$info{rootdn}\" " . - "-w \"$info{rootdnpw}\" $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs}"; + "-w $myrootdnpw $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs}"; } } elsif (($info{security} eq "on" && $info{protocol} eq "") || ($info{security} eq "on" && $info{protocol} =~ m/LDAPS/i) ){ # @@ -1558,11 +1560,11 @@ sub ldapsrch { print "LDAPS)\n"; } if($info{openldap} eq "yes"){ - $search = "ldapsearch -x -LLL -H \"ldaps://$info{host}:$info{secure_port}\" -D \"$info{rootdn}\" " . - "-w \"$info{rootdnpw}\" $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs}"; + $search = "ldapsearch -x -LLL -H \"ldaps://$info{host}:$info{secure_port}\" -D \"$info{rootdn}\" " . + "-w $myrootdnpw $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs}"; } else { $search = "ldapsearch -Z -P \"$info{certdir}\" -p $info{secure_port} -h $info{host} -D \"$info{rootdn}\" " . - "-w \"$info{rootdnpw}\" $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs}"; + "-w $myrootdnpw $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs}"; } } elsif (($info{openldap} eq "yes") && (($info{ldapi} eq "on" && $info{protocol} eq "") || ($info{ldapi} eq "on" && $info{protocol} =~ m/LDAPI/i)) ){ # @@ -1572,7 +1574,7 @@ sub ldapsrch { $search = "ldapsearch -LLL -H \"$info{ldapiURL}\" -Y EXTERNAL " . "$info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} 2>/dev/null"; } else { - $search = "ldapsearch -x -LLL -H \"$info{ldapiURL}\" -D \"$info{rootdn}\" -w \"$info{rootdnpw}\" " . + $search = "ldapsearch -x -LLL -H \"$info{ldapiURL}\" -D \"$info{rootdn}\" -w $myrootdnpw " . "$info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs}"; } } else { @@ -1583,10 +1585,10 @@ sub ldapsrch { print "LDAP)\n"; } if($info{openldap} eq "yes"){ - $search = "ldapsearch -x -LLL -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w \"$info{rootdnpw}\" " . + $search = "ldapsearch -x -LLL -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw " . "$info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs}"; } else { - $search = "ldapsearch -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w \"$info{rootdnpw}\" " . + $search = "ldapsearch -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw " . "$info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs}"; } } @@ -1601,6 +1603,7 @@ sub ldapsrch_ext { my $protocol_error; my $result; my $txt; + my $myrootdnpw = shellEscape($info{rootdnpw}); $result = check_protocol(%info); if($result == 1){ @@ -1617,9 +1620,9 @@ sub ldapsrch_ext { print "STARTTLS)\n"; } if($info{openldap} eq "yes"){ - return `ldapsearch -x -LLL -ZZ -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w \"$info{rootdnpw}\" $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`; + return `ldapsearch -x -LLL -ZZ -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`; } else { - return `ldapsearch -ZZZ -P $info{certdir} -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w \"$info{rootdnpw}\" $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`; + return `ldapsearch -ZZZ -P $info{certdir} -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`; } } elsif (($info{security} eq "on" && $info{protocol} eq "") || ($info{security} eq "on" && $info{protocol} =~ m/LDAPS/i) ){ # @@ -1629,9 +1632,9 @@ sub ldapsrch_ext { print "LDAPS)\n"; } if($info{openldap} eq "yes"){ - return `ldapsearch -x -LLL -H ldaps://$info{host}:$info{secure_port} -D \"$info{rootdn}\" -w \"$info{rootdnpw}\" $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`; + return `ldapsearch -x -LLL -H ldaps://$info{host}:$info{secure_port} -D \"$info{rootdn}\" -w $myrootdnpw $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`; } else { - return `ldapsearch -Z -P $info{certdir} -p $info{secure_port} -D \"$info{rootdn}\" -w \"$info{rootdnpw}\" $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`; + return `ldapsearch -Z -P $info{certdir} -p $info{secure_port} -D \"$info{rootdn}\" -w $myrootdnpw $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`; } } elsif (($info{openldap} eq "yes") && (($info{ldapi} eq "on" && $info{protocol} eq "") || ($info{ldapi} eq "on" && $info{protocol} =~ m/LDAPI/i)) ){ # @@ -1640,7 +1643,7 @@ sub ldapsrch_ext { if ($< == 0 && $info{autobind} eq "on"){ return `ldapsearch -LLL -H \"$info{ldapiURL}\" -Y EXTERNAL $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect} 2>/dev/null`; } else { - return `ldapsearch -x -LLL -H \"$info{ldapiURL}\" -D \"$info{rootdn}\" -w \"$info{rootdnpw}\" $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`; + return `ldapsearch -x -LLL -H \"$info{ldapiURL}\" -D \"$info{rootdn}\" -w $myrootdnpw $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`; } } else { # @@ -1650,9 +1653,9 @@ sub ldapsrch_ext { print "LDAP)\n"; } if($info{openldap} eq "yes"){ - return `ldapsearch -x -LLL -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w \"$info{rootdnpw}\" $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`; + return `ldapsearch -x -LLL -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`; } else { - return `ldapsearch -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w \"$info{rootdnpw}\" $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`; + return `ldapsearch -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`; } } } diff --git a/ldap/admin/src/scripts/template-bak2db.pl.in b/ldap/admin/src/scripts/template-bak2db.pl.in index 4c7bab8..6e2e863 100644 --- a/ldap/admin/src/scripts/template-bak2db.pl.in +++ b/ldap/admin/src/scripts/template-bak2db.pl.in @@ -39,12 +39,15 @@ # END COPYRIGHT BLOCK # +use lib qw(/usr/lib64/dirsrv/perl); +use DSUtil qw(shellEscape); + # We lose args that are quoted when passing ARGV to a wrapper while ($i <= $#ARGV) { if($ARGV[$i] =~ /^-/){ $wrapperArgs[$i] = $ARGV[$i]; } else { - $wrapperArgs[$i] = "\"$ARGV[$i]\""; + $wrapperArgs[$i] = shellEscape($ARGV[$i]); } $i++; } diff --git a/ldap/admin/src/scripts/template-cleanallruv.pl.in b/ldap/admin/src/scripts/template-cleanallruv.pl.in index 8f96b82..132bf1e 100644 --- a/ldap/admin/src/scripts/template-cleanallruv.pl.in +++ b/ldap/admin/src/scripts/template-cleanallruv.pl.in @@ -39,16 +39,19 @@ # END COPYRIGHT BLOCK # +use lib qw(/usr/lib64/dirsrv/perl); +use DSUtil qw(shellEscape); + # We lose args that are quoted when passing ARGV to a wrapper while ($i <= $#ARGV) { if($ARGV[$i] =~ /^-/){ $wrapperArgs[$i] = $ARGV[$i]; } else { - $wrapperArgs[$i] = "\"$ARGV[$i]\""; + $wrapperArgs[$i] = shellEscape($ARGV[$i]); } $i++; } exec "{{SERVERBIN-DIR}}/cleanallruv.pl @wrapperArgs -Z {{SERV-ID}}" -exit ($?); \ No newline at end of file +exit ($?); diff --git a/ldap/admin/src/scripts/template-db2bak.pl.in b/ldap/admin/src/scripts/template-db2bak.pl.in index 712f387..66d136f 100644 --- a/ldap/admin/src/scripts/template-db2bak.pl.in +++ b/ldap/admin/src/scripts/template-db2bak.pl.in @@ -39,12 +39,15 @@ # END COPYRIGHT BLOCK # +use lib qw(/usr/lib64/dirsrv/perl); +use DSUtil qw(shellEscape); + # We lose args that are quoted when passing ARGV to a wrapper while ($i <= $#ARGV) { if($ARGV[$i] =~ /^-/){ $wrapperArgs[$i] = $ARGV[$i]; } else { - $wrapperArgs[$i] = "\"$ARGV[$i]\""; + $wrapperArgs[$i] = shellEscape($ARGV[$i]); } $i++; } diff --git a/ldap/admin/src/scripts/template-db2index.pl.in b/ldap/admin/src/scripts/template-db2index.pl.in index d2d6d87..b724225 100644 --- a/ldap/admin/src/scripts/template-db2index.pl.in +++ b/ldap/admin/src/scripts/template-db2index.pl.in @@ -39,12 +39,15 @@ # END COPYRIGHT BLOCK # +use lib qw(/usr/lib64/dirsrv/perl); +use DSUtil qw(shellEscape); + # We lose args that are quoted when passing ARGV to a wrapper while ($i <= $#ARGV) { if($ARGV[$i] =~ /^-/){ $wrapperArgs[$i] = $ARGV[$i]; } else { - $wrapperArgs[$i] = "\"$ARGV[$i]\""; + $wrapperArgs[$i] = shellEscape($ARGV[$i]); } $i++; } diff --git a/ldap/admin/src/scripts/template-db2ldif.pl.in b/ldap/admin/src/scripts/template-db2ldif.pl.in index feb8af9..3294e95 100644 --- a/ldap/admin/src/scripts/template-db2ldif.pl.in +++ b/ldap/admin/src/scripts/template-db2ldif.pl.in @@ -39,6 +39,8 @@ # END COPYRIGHT BLOCK # +use lib qw(/usr/lib64/dirsrv/perl); +use DSUtil qw(shellEscape); use Cwd; # We lose args that are quoted when passing ARGV to a wrapper @@ -46,7 +48,7 @@ while ($i <= $#ARGV) { if($ARGV[$i] =~ /^-/){ $wrapperArgs[$i] = $ARGV[$i]; } else { - $wrapperArgs[$i] = "\"$ARGV[$i]\""; + $wrapperArgs[$i] = shellEscape($ARGV[$i]); } $i++; } diff --git a/ldap/admin/src/scripts/template-fixup-linkedattrs.pl.in b/ldap/admin/src/scripts/template-fixup-linkedattrs.pl.in index 78ac81d..a2663fa 100644 --- a/ldap/admin/src/scripts/template-fixup-linkedattrs.pl.in +++ b/ldap/admin/src/scripts/template-fixup-linkedattrs.pl.in @@ -39,12 +39,15 @@ # END COPYRIGHT BLOCK # +use lib qw(/usr/lib64/dirsrv/perl); +use DSUtil qw(shellEscape); + # We lose args that are quoted when passing ARGV to a wrapper while ($i <= $#ARGV) { if($ARGV[$i] =~ /^-/){ $wrapperArgs[$i] = $ARGV[$i]; } else { - $wrapperArgs[$i] = "\"$ARGV[$i]\""; + $wrapperArgs[$i] = shellEscape($ARGV[$i]); } $i++; } diff --git a/ldap/admin/src/scripts/template-fixup-memberof.pl.in b/ldap/admin/src/scripts/template-fixup-memberof.pl.in index 7f1ce6c..9bea8a7 100644 --- a/ldap/admin/src/scripts/template-fixup-memberof.pl.in +++ b/ldap/admin/src/scripts/template-fixup-memberof.pl.in @@ -39,12 +39,15 @@ # END COPYRIGHT BLOCK # +use lib qw(/usr/lib64/dirsrv/perl); +use DSUtil qw(shellEscape); + # We lose args that are quoted when passing ARGV to a wrapper while ($i <= $#ARGV) { if($ARGV[$i] =~ /^-/){ $wrapperArgs[$i] = $ARGV[$i]; } else { - $wrapperArgs[$i] = "\"$ARGV[$i]\""; + $wrapperArgs[$i] = shellEscape($ARGV[$i]); } $i++; } diff --git a/ldap/admin/src/scripts/template-fixup-memberuid.pl.in b/ldap/admin/src/scripts/template-fixup-memberuid.pl.in index 8ac4f86..0eca3e1 100644 --- a/ldap/admin/src/scripts/template-fixup-memberuid.pl.in +++ b/ldap/admin/src/scripts/template-fixup-memberuid.pl.in @@ -39,6 +39,9 @@ # END COPYRIGHT BLOCK # +use lib qw(/usr/lib64/dirsrv/perl); +use DSUtil qw(shellEscape); + sub usage { print(STDERR "Usage: $0 [-v] -D rootdn { -w password | -w - | -j filename } \n"); print(STDERR " -b baseDN [-f filter]\n"); @@ -163,7 +166,7 @@ if ( $filter_arg ne "" ) } $entry = "${dn}${misc}${cn}${basedn}${filter}"; -open(FOO, "| ldapmodify @ldaptool_opts@ $vstr -h {{SERVER-NAME}} -p {{SERVER-PORT}} -D \"$rootdn\" -w \"$passwd\" -a" ); +open(FOO, "| ldapmodify @ldaptool_opts@ $vstr -h {{SERVER-NAME}} -p {{SERVER-PORT}} -D \"$rootdn\" -w shellEscape($passwd) -a" ); print(FOO "$entry"); close(FOO); diff --git a/ldap/admin/src/scripts/template-ldif2db.pl.in b/ldap/admin/src/scripts/template-ldif2db.pl.in index 5211fd5..d7e4bc2 100644 --- a/ldap/admin/src/scripts/template-ldif2db.pl.in +++ b/ldap/admin/src/scripts/template-ldif2db.pl.in @@ -39,12 +39,15 @@ # END COPYRIGHT BLOCK # +use lib qw(/usr/lib64/dirsrv/perl); +use DSUtil qw(shellEscape); + # We lose args that are quoted when passing ARGV to a wrapper while ($i <= $#ARGV) { if($ARGV[$i] =~ /^-/){ $wrapperArgs[$i] = $ARGV[$i]; } else { - $wrapperArgs[$i] = "\"$ARGV[$i]\""; + $wrapperArgs[$i] = shellEscape($ARGV[$i]); } $i++; } diff --git a/ldap/admin/src/scripts/template-ns-accountstatus.pl.in b/ldap/admin/src/scripts/template-ns-accountstatus.pl.in index 1a672ae..148b550 100644 --- a/ldap/admin/src/scripts/template-ns-accountstatus.pl.in +++ b/ldap/admin/src/scripts/template-ns-accountstatus.pl.in @@ -39,12 +39,15 @@ # END COPYRIGHT BLOCK # +use lib qw(/usr/lib64/dirsrv/perl); +use DSUtil qw(shellEscape); + # We lose args that are quoted when passing ARGV to a wrapper while ($i <= $#ARGV) { if($ARGV[$i] =~ /^-/){ $wrapperArgs[$i] = $ARGV[$i]; } else { - $wrapperArgs[$i] = "\"$ARGV[$i]\""; + $wrapperArgs[$i] = shellEscape($ARGV[$i]); } $i++; } diff --git a/ldap/admin/src/scripts/template-ns-activate.pl.in b/ldap/admin/src/scripts/template-ns-activate.pl.in index d957212..49f214b 100644 --- a/ldap/admin/src/scripts/template-ns-activate.pl.in +++ b/ldap/admin/src/scripts/template-ns-activate.pl.in @@ -39,16 +39,19 @@ # END COPYRIGHT BLOCK # +use lib qw(/usr/lib64/dirsrv/perl); +use DSUtil qw(shellEscape); + # We lose args that are quoted when passing ARGV to a wrapper while ($i <= $#ARGV) { if($ARGV[$i] =~ /^-/){ $wrapperArgs[$i] = $ARGV[$i]; } else { - $wrapperArgs[$i] = "\"$ARGV[$i]\""; + $wrapperArgs[$i] = shellEscape($ARGV[$i]); } $i++; } exec "{{SERVERBIN-DIR}}/ns-activate.pl @wrapperArgs -Z {{SERV-ID}}"; -exit ($?); \ No newline at end of file +exit ($?); diff --git a/ldap/admin/src/scripts/template-ns-inactivate.pl.in b/ldap/admin/src/scripts/template-ns-inactivate.pl.in index 44c87fb..0e89902 100644 --- a/ldap/admin/src/scripts/template-ns-inactivate.pl.in +++ b/ldap/admin/src/scripts/template-ns-inactivate.pl.in @@ -39,16 +39,19 @@ # END COPYRIGHT BLOCK # +use lib qw(/usr/lib64/dirsrv/perl); +use DSUtil qw(shellEscape); + # We lose args that are quoted when passing ARGV to a wrapper while ($i <= $#ARGV) { if($ARGV[$i] =~ /^-/){ $wrapperArgs[$i] = $ARGV[$i]; } else { - $wrapperArgs[$i] = "\"$ARGV[$i]\""; + $wrapperArgs[$i] = shellEscape($ARGV[$i]); } $i++; } exec "{{SERVERBIN-DIR}}/ns-inactivate.pl @wrapperArgs -Z {{SERV-ID}}"; -exit ($?); \ No newline at end of file +exit ($?); diff --git a/ldap/admin/src/scripts/template-ns-newpwpolicy.pl.in b/ldap/admin/src/scripts/template-ns-newpwpolicy.pl.in index d85394d..096a843 100755 --- a/ldap/admin/src/scripts/template-ns-newpwpolicy.pl.in +++ b/ldap/admin/src/scripts/template-ns-newpwpolicy.pl.in @@ -39,16 +39,19 @@ # END COPYRIGHT BLOCK # +use lib qw(/usr/lib64/dirsrv/perl); +use DSUtil qw(shellEscape); + # We lose args that are quoted when passing ARGV to a wrapper while ($i <= $#ARGV) { if($ARGV[$i] =~ /^-/){ $wrapperArgs[$i] = $ARGV[$i]; } else { - $wrapperArgs[$i] = "\"$ARGV[$i]\""; + $wrapperArgs[$i] = shellEscape($ARGV[$i]); } $i++; } exec "{{SERVERBIN-DIR}}/ns-newpwpolicy.pl @wrapperArgs -Z {{SERV-ID}}"; -exit ($?); \ No newline at end of file +exit ($?); diff --git a/ldap/admin/src/scripts/template-schema-reload.pl.in b/ldap/admin/src/scripts/template-schema-reload.pl.in index 2dcb9d5..ea5bb1e 100644 --- a/ldap/admin/src/scripts/template-schema-reload.pl.in +++ b/ldap/admin/src/scripts/template-schema-reload.pl.in @@ -39,16 +39,19 @@ # END COPYRIGHT BLOCK # +use lib qw(/usr/lib64/dirsrv/perl); +use DSUtil qw(shellEscape); + # We lose args that are quoted when passing ARGV to a wrapper while ($i <= $#ARGV) { if($ARGV[$i] =~ /^-/){ $wrapperArgs[$i] = $ARGV[$i]; } else { - $wrapperArgs[$i] = "\"$ARGV[$i]\""; + $wrapperArgs[$i] = shellEscape($ARGV[$i]); } $i++; } exec "{{SERVERBIN-DIR}}/schema-reload.pl @wrapperArgs -Z {{SERV-ID}}"; -exit ($?); \ No newline at end of file +exit ($?); diff --git a/ldap/admin/src/scripts/template-syntax-validate.pl.in b/ldap/admin/src/scripts/template-syntax-validate.pl.in index a7c5111..a901dcf 100644 --- a/ldap/admin/src/scripts/template-syntax-validate.pl.in +++ b/ldap/admin/src/scripts/template-syntax-validate.pl.in @@ -39,16 +39,19 @@ # END COPYRIGHT BLOCK # +use lib qw(/usr/lib64/dirsrv/perl); +use DSUtil qw(shellEscape); + # We lose args that are quoted when passing ARGV to a wrapper while ($i <= $#ARGV) { if($ARGV[$i] =~ /^-/){ $wrapperArgs[$i] = $ARGV[$i]; } else { - $wrapperArgs[$i] = "\"$ARGV[$i]\""; + $wrapperArgs[$i] = shellEscape($ARGV[$i]); } $i++; } exec "{{SERVERBIN-DIR}}/syntax-validate.pl @wrapperArgs -Z {{SERV-ID}}"; -exit ($?); \ No newline at end of file +exit ($?); diff --git a/ldap/admin/src/scripts/template-usn-tombstone-cleanup.pl.in b/ldap/admin/src/scripts/template-usn-tombstone-cleanup.pl.in index 66202f5..86c6f99 100644 --- a/ldap/admin/src/scripts/template-usn-tombstone-cleanup.pl.in +++ b/ldap/admin/src/scripts/template-usn-tombstone-cleanup.pl.in @@ -38,16 +38,19 @@ # END COPYRIGHT BLOCK # +use lib qw(/usr/lib64/dirsrv/perl); +use DSUtil qw(shellEscape); + # We lose args that are quoted when passing ARGV to a wrapper while ($i <= $#ARGV) { if($ARGV[$i] =~ /^-/){ $wrapperArgs[$i] = $ARGV[$i]; } else { - $wrapperArgs[$i] = "\"$ARGV[$i]\""; + $wrapperArgs[$i] = shellEscape($ARGV[$i]); } $i++; } exec "{{SERVERBIN-DIR}}/usn-tombstone-cleanup.pl @wrapperArgs -Z {{SERV-ID}}"; -exit ($?); \ No newline at end of file +exit ($?); diff --git a/ldap/admin/src/scripts/template-verify-db.pl.in b/ldap/admin/src/scripts/template-verify-db.pl.in index 6d2bfbe..1276a49 100644 --- a/ldap/admin/src/scripts/template-verify-db.pl.in +++ b/ldap/admin/src/scripts/template-verify-db.pl.in @@ -38,16 +38,19 @@ # END COPYRIGHT BLOCK # +use lib qw(/usr/lib64/dirsrv/perl); +use DSUtil qw(shellEscape); + # We lose args that are quoted when passing ARGV to a wrapper while ($i <= $#ARGV) { if($ARGV[$i] =~ /^-/){ $wrapperArgs[$i] = $ARGV[$i]; } else { - $wrapperArgs[$i] = "\"$ARGV[$i]\""; + $wrapperArgs[$i] = shellEscape($ARGV[$i]); } $i++; } exec "{{SERVERBIN-DIR}}/verify-db.pl @wrapperArgs -Z {{SERV-ID}}"; -exit ($?); \ No newline at end of file +exit ($?);