From ad9b493789edfbb09a368145fd5e7eb3b3de5a53 Mon Sep 17 00:00:00 2001
From: Javi Fontan <jfontan@opennebula.org>
Date: Fri, 11 May 2012 13:28:46 +0200
Subject: [PATCH] bug #1252: escape auth parameters

---
 src/authm_mad/one_auth_mad.rb | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/authm_mad/one_auth_mad.rb b/src/authm_mad/one_auth_mad.rb
index f290321430..6b9250f49b 100755
--- a/src/authm_mad/one_auth_mad.rb
+++ b/src/authm_mad/one_auth_mad.rb
@@ -32,6 +32,7 @@ $: << RUBY_LIB_LOCATION
 require 'scripts_common'
 require 'OpenNebulaDriver'
 require 'getoptlong'
+require 'shellwords'
 
 # This is a generic AuthZ/AuthN driver able to manage multiple authentication 
 # protocols (simultaneosly). It also supports the definition of custom 
@@ -110,7 +111,9 @@ class AuthDriver < OpenNebulaDriver
         authN_path = File.join(@local_scripts_path, driver)
 
         command = File.join(authN_path, ACTION[:authN].downcase)
-        command << " '" << user.gsub("'", '\'"\'"\'') << "' '" << password.gsub("'", '\'"\'"\'') << "' " << secret
+        command << ([user, password, secret].map do |p|
+            Shellwords.escape(p)
+        end.join(' '))
 
         rc = LocalCommand.run(command, log_method(request_id))