diff options
author | An-Cheng Huang <ancheng@vyatta.com> | 2007-12-07 13:37:58 -0800 |
---|---|---|
committer | An-Cheng Huang <ancheng@vyatta.com> | 2007-12-07 13:37:58 -0800 |
commit | f97fa562124a04296a567aadd535662e68c7f8f5 (patch) | |
tree | cfc7b1242a6ed88f23537d3cb0610c30f9f19340 | |
parent | e27aa82a4e6a7be0898bef504901dbb1d32e3dbf (diff) | |
download | vyatta-bash-f97fa562124a04296a567aadd535662e68c7f8f5.tar.gz vyatta-bash-f97fa562124a04296a567aadd535662e68c7f8f5.zip |
code reorg
-rw-r--r-- | Makefile.in | 10 | ||||
-rw-r--r-- | eval.c | 222 | ||||
-rw-r--r-- | general.c | 101 | ||||
-rw-r--r-- | general.h | 16 | ||||
-rw-r--r-- | vyatta-restricted.c | 345 | ||||
-rw-r--r-- | vyatta-restricted.h | 44 |
6 files changed, 399 insertions, 339 deletions
diff --git a/Makefile.in b/Makefile.in index a98b3ab..d4dbc00 100644 --- a/Makefile.in +++ b/Makefile.in @@ -399,7 +399,7 @@ CSOURCES = shell.c eval.c parse.y general.c make_cmd.c print_cmd.c y.tab.c \ input.c bashhist.c array.c arrayfunc.c sig.c pathexp.c \ unwind_prot.c siglist.c bashline.c bracecomp.c error.c \ list.c stringlib.c locale.c findcmd.c redir.c \ - pcomplete.c pcomplib.c syntax.c xmalloc.c + pcomplete.c pcomplib.c syntax.c xmalloc.c vyatta-restricted.c HSOURCES = shell.h flags.h trap.h hashcmd.h hashlib.h jobs.h builtins.h \ general.h variables.h config.h $(ALLOC_HEADERS) alias.h \ @@ -408,6 +408,7 @@ HSOURCES = shell.h flags.h trap.h hashcmd.h hashlib.h jobs.h builtins.h \ subst.h externs.h siglist.h bashhist.h bashline.h bashtypes.h \ array.h arrayfunc.h sig.h mailcheck.h bashintl.h bashjmp.h \ execute_cmd.h parser.h pathexp.h pathnames.h pcomplete.h \ + vyatta-restricted.h \ $(BASHINCFILES) SOURCES = $(CSOURCES) $(HSOURCES) $(BUILTIN_DEFS) @@ -426,7 +427,7 @@ OBJECTS = shell.o eval.o y.tab.o general.o make_cmd.o print_cmd.o $(GLOBO) \ trap.o input.o unwind_prot.o pathexp.o sig.o test.o version.o \ alias.o array.o arrayfunc.o braces.o bracecomp.o bashhist.o \ bashline.o $(SIGLIST_O) list.o stringlib.o locale.o findcmd.o redir.o \ - pcomplete.o pcomplib.o syntax.o xmalloc.o + pcomplete.o pcomplib.o syntax.o xmalloc.o vyatta-restricted.o # Where the source code of the shell builtins resides. BUILTIN_SRCDIR=$(srcdir)/builtins @@ -834,6 +835,7 @@ eval.o: general.h xmalloc.h bashtypes.h variables.h arrayfunc.h conftypes.h arra eval.o: quit.h ${BASHINCDIR}/maxpath.h unwind_prot.h dispose_cmd.h eval.o: make_cmd.h subst.h sig.h pathnames.h externs.h eval.o: input.h execute_cmd.h +eval.o: vyatta-restricted.h execute_cmd.o: config.h bashtypes.h ${BASHINCDIR}/filecntl.h ${BASHINCDIR}/posixstat.h bashansi.h ${BASHINCDIR}/ansi_stdlib.h execute_cmd.o: shell.h syntax.h config.h bashjmp.h ${BASHINCDIR}/posixjmp.h command.h ${BASHINCDIR}/stdc.h error.h execute_cmd.o: general.h xmalloc.h bashtypes.h variables.h arrayfunc.h conftypes.h array.h hashlib.h @@ -934,6 +936,7 @@ shell.o: make_cmd.h subst.h sig.h pathnames.h externs.h shell.o: flags.h trap.h mailcheck.h builtins.h $(DEFSRC)/common.h shell.o: jobs.h siglist.h input.h execute_cmd.h findcmd.h bashhist.h shell.o: ${GLOB_LIBSRC}/strmatch.h ${BASHINCDIR}/posixtime.h +shell.o: vyatta-restricted.h sig.o: config.h bashtypes.h sig.o: shell.h syntax.h config.h bashjmp.h ${BASHINCDIR}/posixjmp.h command.h ${BASHINCDIR}/stdc.h error.h sig.o: general.h xmalloc.h bashtypes.h variables.h arrayfunc.h conftypes.h array.h hashlib.h @@ -983,6 +986,7 @@ variables.o: pcomplete.h ${BASHINCDIR}/chartypes.h variables.o: ${BASHINCDIR}/posixtime.h version.o: conftypes.h patchlevel.h version.h xmalloc.o: config.h bashtypes.h ${BASHINCDIR}/ansi_stdlib.h error.h +vyatta-restricted.o: shell.h command.h vyatta-restricted.h # job control @@ -1036,6 +1040,7 @@ pcomplete.o: ${BASHINCDIR}/stdc.h hashlib.h pcomplete.h shell.h syntax.h pcomplete.o: bashjmp.h command.h general.h xmalloc.h error.h variables.h arrayfunc.h conftypes.h quit.h pcomplete.o: unwind_prot.h dispose_cmd.h make_cmd.h subst.h sig.h pathnames.h pcomplete.o: externs.h ${BASHINCDIR}/maxpath.h execute_cmd.h +pcomplete.o: vyatta-restricted.h # library support files @@ -1055,6 +1060,7 @@ bashline.o: make_cmd.h subst.h sig.h pathnames.h externs.h bashline.o: builtins.h bashhist.h bashline.h execute_cmd.h findcmd.h pathexp.h bashline.o: $(DEFSRC)/common.h $(GLOB_LIBSRC)/glob.h alias.h bashline.o: pcomplete.h ${BASHINCDIR}/chartypes.h input.h +bashline.o: vyatta-restricted.h bracecomp.o: config.h bashansi.h ${BASHINCDIR}/ansi_stdlib.h bracecomp.o: shell.h syntax.h config.h bashjmp.h ${BASHINCDIR}/posixjmp.h command.h ${BASHINCDIR}/stdc.h error.h bracecomp.o: general.h xmalloc.h bashtypes.h variables.h arrayfunc.h conftypes.h array.h hashlib.h @@ -29,7 +29,6 @@ #include "bashansi.h" #include <stdio.h> -#include <dirent.h> #include "bashintl.h" @@ -198,227 +197,6 @@ send_pwd_to_eterm () fprintf (stderr, "\032/%s\n", pwd); } -static int -is_in_command_list(const char *cmd, char *cmds[]) -{ - int idx = 0; - for (idx = 0; cmds[idx]; idx++) { - if (strcmp(cmd, cmds[idx]) == 0) { - return 1; - } - } - return 0; -} - -static int -is_vyatta_restricted_pipe_command(WORD_LIST *words) -{ - char *allowed_commands[] = { "more", NULL }; - if (words) { - if (!words->next) { - /* only 1 word */ - if (is_in_command_list(words->word->word, allowed_commands)) { - /* allowed */ - return 1; - } - } - } - /* not allowed */ - return 0; -} - -static void -make_restricted_word(WORD_DESC *word) -{ - char *c, *ns, *n; - int sq_count = 0; - char *uqs = string_quote_removal(word->word, 0); - - for (c = uqs; *c; c++) { - if (*c == '\'') { - sq_count++; - } - } - - /* strlen + start/end quotes + \0 + extra "'\''" */ - ns = (char *) xmalloc(strlen(uqs) + 2 + 1 + (3 * sq_count)); - n = ns; - *n = '\''; - n++; - for (c = uqs; *c; c++) { - if (*c == '\'') { - *n = '\''; - *(n + 1) = '\\'; - *(n + 2) = '\''; - *(n + 3) = '\''; - n += 4; - } else { - *n = *c; - n++; - } - } - *n = '\''; - *(n + 1) = '\0'; - - free(word->word); - free(uqs); - word->word = ns; - word->flags = W_QUOTED; -} - -static void -make_restricted_wordlist(WORD_LIST *words) -{ - WORD_LIST *l = words->next; /* skip the first word */ - for (; l; l = l->next) { - make_restricted_word(l->word); - } -} - -static int -is_vyatta_restricted_command(COMMAND *cmd) -{ - struct simple_com *cS; - struct connection *cC; - - if (!cmd) { - return 1; - } - - switch (cmd->type) { - case cm_simple: - cS = cmd->value.Simple; - if (!(cS->redirects)) { - /* simple command, no redirects */ - /* make sure the words are allowed */ - make_restricted_wordlist(cS->words); - return 1; - } - break; - case cm_connection: - cC = cmd->value.Connection; - if (cC->connector == '|') { - if ((cC->first->type == cm_simple) && (cC->second->type == cm_simple)) { - struct simple_com *cS1 = cC->first->value.Simple; - struct simple_com *cS2 = cC->second->value.Simple; - if (!(cS1->redirects) && !(cS2->redirects)) { - /* both are simple and no redirects */ - /* make sure the words are allowed */ - make_restricted_wordlist(cS1->words); - make_restricted_wordlist(cS2->words); - if (is_vyatta_restricted_pipe_command(cS2->words)) { - /* pipe command is allowed => allowed */ - return 1; - } - } - } - } - break; - default: - break; - } - /* not allowed */ - return 0; -} - -static int -is_vyatta_cfg_command(const char *cmd) -{ - char *valid_commands[] = { "set", "delete", "commit", "save", "load", - "show", "exit", "edit", "run", NULL }; - return is_in_command_list(cmd, valid_commands); -} - -static int -is_vyatta_op_command(const char *cmd) -{ - char *dir = getenv("vyatta_op_templates"); - DIR *dp = NULL; - struct dirent *dent = NULL; - char *restrict_exclude_commands[] - = { "clear", "configure", "init-floppy", "install-system", "no", - "reboot", "set", "telnet", NULL }; - char *other_commands[] = { "exit", NULL }; - int ret = 0; - - if (dir == NULL || (dp = opendir(dir)) == NULL) { - return 0; - } - - /* FIXME this assumes FULL == "users" */ - if (in_vyatta_restricted_mode(FULL) - && is_in_command_list(cmd, restrict_exclude_commands)) { - /* command not allowed in "full" restricted mode */ - return 0; - } - - while (dent = readdir(dp)) { - if (strncmp(dent->d_name, ".", 1) == 0) { - continue; - } - if (strcmp(dent->d_name, cmd) == 0) { - ret = 1; - break; - } - } - closedir(dp); - return (ret) ? 1 : is_in_command_list(cmd, other_commands); -} - -static char *prev_cmdline = NULL; - -static int -is_vyatta_command(char *cmdline, COMMAND *cmd) -{ - char *cfg = getenv("_OFR_CONFIGURE"); - int in_cfg = (cfg) ? (strcmp(cfg, "ok") == 0) : 0; - char *start = cmdline; - char *end = NULL; - char save = 0; - int ret = 0; - - if (!prev_cmdline) { - prev_cmdline = strdup(""); - } - if (strcmp(cmdline, prev_cmdline) == 0) { - /* still at the same line. not checking. */ - return 1; - } - if (!is_vyatta_restricted_command(cmd)) { - return 0; - } - - while (*start && (whitespace(*start) || *start == '\n')) { - start++; - } - if (*start == 0) { - /* empty command line is valid */ - free(prev_cmdline); - prev_cmdline = strdup(cmdline); - return 1; - } - end = start; - while (*end && (!whitespace(*end) && *end != '\n')) { - end++; - } - save = *end; - *end = 0; - - if (in_cfg) { - ret = is_vyatta_cfg_command(start); - } else { - ret = is_vyatta_op_command(start); - } - *end = save; - - if (ret) { - /* valid command */ - free(prev_cmdline); - prev_cmdline = strdup(cmdline); - } - return ret; -} - /* Call the YACC-generated parser and return the status of the parse. Input is read from the current input stream (bash_input). yyparse leaves the parsed command in the global variable GLOBAL_COMMAND. @@ -1023,104 +1023,3 @@ get_group_array (ngp) *ngp = ngroups; return group_iarray; } - -static int -vyatta_user_in_group(uid_t ruid, char *grp_name) -{ - int ret = 0; - struct passwd pw; - struct passwd *pwp = NULL; - struct group grp; - struct group *grpp = NULL; - char *pbuf = NULL, *gbuf = NULL; - long psize = 0, gsize = 0; - - if (!grp_name) { - return 0; - } - - do { - psize = sysconf(_SC_GETPW_R_SIZE_MAX); - pbuf = (char *) xmalloc(psize); - if (!pbuf) { - break; - } - - gsize = sysconf(_SC_GETGR_R_SIZE_MAX); - gbuf = (char *) xmalloc(gsize); - if (!gbuf) { - break; - } - - ret = getpwuid_r(ruid, &pw, pbuf, psize, &pwp); - if (!pwp) { - break; - } - - ret = getgrnam_r(grp_name, &grp, gbuf, gsize, &grpp); - if (!grpp) { - break; - } - - { - int i = 0; - for (i = 0; grp.gr_mem[i]; i++) { - if (strcmp(pw.pw_name, grp.gr_mem[i]) == 0) { - ret = 1; - break; - } - } - } - } while (0); - - if (pbuf) { - free(pbuf); - } - if (gbuf) { - free(gbuf); - } - return ret; -} - -static int vyatta_default_output_restricted = 0; -static int vyatta_default_full_restricted = 0; - -#define VYATTA_OUTPUT_RESTRICTED_GROUP "vyattacfg" - -void -set_vyatta_restricted_mode() -{ - uid_t ruid = getuid(); - if (vyatta_user_in_group(ruid, VYATTA_OUTPUT_RESTRICTED_GROUP)) { - vyatta_default_output_restricted = 1; - vyatta_default_full_restricted = 0; - } else { - /* if not in the output restricted group, default to full */ - vyatta_default_output_restricted = 0; - vyatta_default_full_restricted = 1; - } -} - -int -in_vyatta_restricted_mode(enum vyatta_restricted_type type) -{ - char *rval = getenv("VYATTA_RESTRICTED_MODE"); - int output = vyatta_default_output_restricted; - int full = vyatta_default_full_restricted; - - /* environment var overrides default */ - if (rval) { - output = (strcmp(rval, "output") == 0); - full = (strcmp(rval, "full") == 0); - } - - if (type == OUTPUT && (output || full)) { - return 1; - } - if (type == FULL && full) { - return 1; - } - - return 0; -} - @@ -43,18 +43,10 @@ # include <limits.h> #endif -#if defined(HAVE_UNISTD_H) -# include <unistd.h> -#endif - -#include <pwd.h> - -#if defined(HAVE_GRP_H) -# include <grp.h> -#endif - #include "xmalloc.h" +#include "vyatta-restricted.h" + /* NULL pointer type. */ #if !defined (NULL) # if defined (__STDC__) @@ -327,8 +319,4 @@ extern int group_member __P((gid_t)); extern char **get_group_list __P((int *)); extern int *get_group_array __P((int *)); -extern void set_vyatta_restricted_mode __P((void)); -enum vyatta_restricted_type { OUTPUT, FULL }; -extern int in_vyatta_restricted_mode __P((enum vyatta_restricted_type)); - #endif /* _GENERAL_H_ */ diff --git a/vyatta-restricted.c b/vyatta-restricted.c new file mode 100644 index 0000000..fc9ea6d --- /dev/null +++ b/vyatta-restricted.c @@ -0,0 +1,345 @@ +/* vyatta-restricted.c -- Vyatta restricted mode functionality */ + +/* This file is part of GNU Bash, the Bourne Again SHell. + + Bash is free software; you can redistribute it and/or modify it under + the terms of the GNU General Public License as published by the Free + Software Foundation; either version 2, or (at your option) any later + version. + + Bash is distributed in the hope that it will be useful, but WITHOUT ANY + WARRANTY; without even the implied warranty of MERCHANTABILITY or + FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + for more details. + + You should have received a copy of the GNU General Public License along + with Bash; see the file COPYING. If not, write to the Free Software + Foundation, 59 Temple Place, Suite 330, Boston, MA 02111 USA. + + This code was originally developed by Vyatta, Inc. + Portions created by Vyatta are Copyright (C) 2007 Vyatta, Inc. */ + +#include "shell.h" +#include "vyatta-restricted.h" + +static int +is_in_command_list(const char *cmd, char *cmds[]) +{ + int idx = 0; + for (idx = 0; cmds[idx]; idx++) { + if (strcmp(cmd, cmds[idx]) == 0) { + return 1; + } + } + return 0; +} + +static int +is_vyatta_restricted_pipe_command(WORD_LIST *words) +{ + char *allowed_commands[] = { "more", NULL }; + if (words) { + if (!words->next) { + /* only 1 word */ + if (is_in_command_list(words->word->word, allowed_commands)) { + /* allowed */ + return 1; + } + } + } + /* not allowed */ + return 0; +} + +static void +make_restricted_word(WORD_DESC *word) +{ + char *c, *ns, *n; + int sq_count = 0; + char *uqs = string_quote_removal(word->word, 0); + + for (c = uqs; *c; c++) { + if (*c == '\'') { + sq_count++; + } + } + + /* strlen + start/end quotes + \0 + extra "'\''" */ + ns = (char *) xmalloc(strlen(uqs) + 2 + 1 + (3 * sq_count)); + n = ns; + *n = '\''; + n++; + for (c = uqs; *c; c++) { + if (*c == '\'') { + *n = '\''; + *(n + 1) = '\\'; + *(n + 2) = '\''; + *(n + 3) = '\''; + n += 4; + } else { + *n = *c; + n++; + } + } + *n = '\''; + *(n + 1) = '\0'; + + free(word->word); + free(uqs); + word->word = ns; + word->flags = W_QUOTED; +} + +static void +make_restricted_wordlist(WORD_LIST *words) +{ + WORD_LIST *l = words->next; /* skip the first word */ + for (; l; l = l->next) { + make_restricted_word(l->word); + } +} + +static int +is_vyatta_restricted_command(COMMAND *cmd) +{ + struct simple_com *cS; + struct connection *cC; + + if (!cmd) { + return 1; + } + + switch (cmd->type) { + case cm_simple: + cS = cmd->value.Simple; + if (!(cS->redirects)) { + /* simple command, no redirects */ + /* make sure the words are allowed */ + make_restricted_wordlist(cS->words); + return 1; + } + break; + case cm_connection: + cC = cmd->value.Connection; + if (cC->connector == '|') { + if ((cC->first->type == cm_simple) && (cC->second->type == cm_simple)) { + struct simple_com *cS1 = cC->first->value.Simple; + struct simple_com *cS2 = cC->second->value.Simple; + if (!(cS1->redirects) && !(cS2->redirects)) { + /* both are simple and no redirects */ + /* make sure the words are allowed */ + make_restricted_wordlist(cS1->words); + make_restricted_wordlist(cS2->words); + if (is_vyatta_restricted_pipe_command(cS2->words)) { + /* pipe command is allowed => allowed */ + return 1; + } + } + } + } + break; + default: + break; + } + /* not allowed */ + return 0; +} + +static int +is_vyatta_cfg_command(const char *cmd) +{ + char *valid_commands[] = { "set", "delete", "commit", "save", "load", + "show", "exit", "edit", "run", NULL }; + return is_in_command_list(cmd, valid_commands); +} + +static int +is_vyatta_op_command(const char *cmd) +{ + char *dir = getenv("vyatta_op_templates"); + DIR *dp = NULL; + struct dirent *dent = NULL; + char *restrict_exclude_commands[] + = { "clear", "configure", "init-floppy", "install-system", "no", + "reboot", "set", "telnet", NULL }; + char *other_commands[] = { "exit", NULL }; + int ret = 0; + + if (dir == NULL || (dp = opendir(dir)) == NULL) { + return 0; + } + + /* FIXME this assumes FULL == "users" */ + if (in_vyatta_restricted_mode(FULL) + && is_in_command_list(cmd, restrict_exclude_commands)) { + /* command not allowed in "full" restricted mode */ + return 0; + } + + while (dent = readdir(dp)) { + if (strncmp(dent->d_name, ".", 1) == 0) { + continue; + } + if (strcmp(dent->d_name, cmd) == 0) { + ret = 1; + break; + } + } + closedir(dp); + return (ret) ? 1 : is_in_command_list(cmd, other_commands); +} + +static char *prev_cmdline = NULL; + +int +is_vyatta_command(char *cmdline, COMMAND *cmd) +{ + char *cfg = getenv("_OFR_CONFIGURE"); + int in_cfg = (cfg) ? (strcmp(cfg, "ok") == 0) : 0; + char *start = cmdline; + char *end = NULL; + char save = 0; + int ret = 0; + + if (!prev_cmdline) { + prev_cmdline = strdup(""); + } + if (strcmp(cmdline, prev_cmdline) == 0) { + /* still at the same line. not checking. */ + return 1; + } + if (!is_vyatta_restricted_command(cmd)) { + return 0; + } + + while (*start && (whitespace(*start) || *start == '\n')) { + start++; + } + if (*start == 0) { + /* empty command line is valid */ + free(prev_cmdline); + prev_cmdline = strdup(cmdline); + return 1; + } + end = start; + while (*end && (!whitespace(*end) && *end != '\n')) { + end++; + } + save = *end; + *end = 0; + + if (in_cfg) { + ret = is_vyatta_cfg_command(start); + } else { + ret = is_vyatta_op_command(start); + } + *end = save; + + if (ret) { + /* valid command */ + free(prev_cmdline); + prev_cmdline = strdup(cmdline); + } + return ret; +} + +static int +vyatta_user_in_group(uid_t ruid, char *grp_name) +{ + int ret = 0; + struct passwd pw; + struct passwd *pwp = NULL; + struct group grp; + struct group *grpp = NULL; + char *pbuf = NULL, *gbuf = NULL; + long psize = 0, gsize = 0; + + if (!grp_name) { + return 0; + } + + do { + psize = sysconf(_SC_GETPW_R_SIZE_MAX); + pbuf = (char *) xmalloc(psize); + if (!pbuf) { + break; + } + + gsize = sysconf(_SC_GETGR_R_SIZE_MAX); + gbuf = (char *) xmalloc(gsize); + if (!gbuf) { + break; + } + + ret = getpwuid_r(ruid, &pw, pbuf, psize, &pwp); + if (!pwp) { + break; + } + + ret = getgrnam_r(grp_name, &grp, gbuf, gsize, &grpp); + if (!grpp) { + break; + } + + { + int i = 0; + for (i = 0; grp.gr_mem[i]; i++) { + if (strcmp(pw.pw_name, grp.gr_mem[i]) == 0) { + ret = 1; + break; + } + } + } + } while (0); + + if (pbuf) { + free(pbuf); + } + if (gbuf) { + free(gbuf); + } + return ret; +} + +static int vyatta_default_output_restricted = 0; +static int vyatta_default_full_restricted = 0; + +#define VYATTA_OUTPUT_RESTRICTED_GROUP "vyattacfg" + +void +set_vyatta_restricted_mode() +{ + uid_t ruid = getuid(); + if (vyatta_user_in_group(ruid, VYATTA_OUTPUT_RESTRICTED_GROUP)) { + vyatta_default_output_restricted = 1; + vyatta_default_full_restricted = 0; + } else { + /* if not in the output restricted group, default to full */ + vyatta_default_output_restricted = 0; + vyatta_default_full_restricted = 1; + } +} + +int +in_vyatta_restricted_mode(enum vyatta_restricted_type type) +{ + char *rval = getenv("VYATTA_RESTRICTED_MODE"); + int output = vyatta_default_output_restricted; + int full = vyatta_default_full_restricted; + + /* environment var overrides default */ + if (rval) { + output = (strcmp(rval, "output") == 0); + full = (strcmp(rval, "full") == 0); + } + + if (type == OUTPUT && (output || full)) { + return 1; + } + if (type == FULL && full) { + return 1; + } + + return 0; +} + diff --git a/vyatta-restricted.h b/vyatta-restricted.h new file mode 100644 index 0000000..beda140 --- /dev/null +++ b/vyatta-restricted.h @@ -0,0 +1,44 @@ +/* vyatta-restricted.h -- header for Vyatta restricted mode functionality */ + +/* This file is part of GNU Bash, the Bourne Again SHell. + + Bash is free software; you can redistribute it and/or modify it under + the terms of the GNU General Public License as published by the Free + Software Foundation; either version 2, or (at your option) any later + version. + + Bash is distributed in the hope that it will be useful, but WITHOUT ANY + WARRANTY; without even the implied warranty of MERCHANTABILITY or + FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + for more details. + + You should have received a copy of the GNU General Public License along + with Bash; see the file COPYING. If not, write to the Free Software + Foundation, 59 Temple Place, Suite 330, Boston, MA 02111 USA. + + This code was originally developed by Vyatta, Inc. + Portions created by Vyatta are Copyright (C) 2007 Vyatta, Inc. */ + +#include "command.h" + +#if !defined(_VYATTA_RESTRICTED_H_) +#define _VYATTA_RESTRICTED_H_ + +#if defined(HAVE_UNISTD_H) +# include <unistd.h> +#endif + +#include <pwd.h> +#include <dirent.h> + +#if defined(HAVE_GRP_H) +# include <grp.h> +#endif + +extern void set_vyatta_restricted_mode __P((void)); +enum vyatta_restricted_type { OUTPUT, FULL }; +extern int in_vyatta_restricted_mode __P((enum vyatta_restricted_type)); +extern int is_vyatta_command __P((char *, COMMAND *)); + +#endif /* _VYATTA_RESTRICTED_H_ */ + |