samba: Add helper script to pipe password

It is complicated to set the password in the C helper binary.

Therefore it is being set by a helper script.

This is still not an optimal solution since the password might be
exposed to the shell environment, but has the advantage that shell
command injection is no longer possible.

Fixes: #12562
Reported-by: Albert Schwarzkopf <ipfire@quitesimple.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

src/misc-progs/sambactrl.c

@@ -82,11 +82,7 @@ int main(int argc, char *argv[]) {
 		snprintf(command, BUFFER_SIZE-1, "/usr/sbin/useradd -c 'Samba User' -m -g sambauser -s /bin/false %s >/dev/null", argv[2]);
 		safe_system(command);
 
-		snprintf(command, BUFFER_SIZE-1, "echo %s:%s | chpasswd", argv[2], argv[3]);
-		safe_system(command);
-
-		snprintf(command, BUFFER_SIZE-1, "/usr/bin/printf '%s\n%s\n' | /usr/bin/smbpasswd -as %s >/dev/null", argv[3], argv[3], argv[2]);
-		safe_system(command);
+		run("/usr/sbin/samba-change-password", argv + 1);
 
 	} else if (strcmp(argv[1], "smbchangepw") == 0) {
 		if (!is_valid_argument_alnum(argv[2])) {
@@ -94,11 +90,7 @@ int main(int argc, char *argv[]) {
 			exit(2);
 		}
 
-		snprintf(command, BUFFER_SIZE-1, "echo %s:%s | chpasswd", argv[2], argv[3]);
-		safe_system(command);
-
-		snprintf(command, BUFFER_SIZE-1, "/usr/bin/printf '%s\n%s\n' | /usr/bin/smbpasswd -as %s >/dev/null", argv[3], argv[3], argv[2]);
-		safe_system(command);
+		run("/usr/sbin/samba-change-password", argv + 1);
 
 	} else if (strcmp(argv[1], "readsmbpasswd") == 0) {
 		safe_system("/bin/chown root:nobody /var/ipfire/samba/private >/dev/null");