summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAn-Cheng Huang <ancheng@vyatta.com>2007-12-05 13:42:35 -0800
committerAn-Cheng Huang <ancheng@vyatta.com>2007-12-05 13:42:35 -0800
commite27aa82a4e6a7be0898bef504901dbb1d32e3dbf (patch)
tree4669fb2e2f0fcf3c0e44db2c0a10fdf35892d964
parent63ffe130ceed78534bee790ee5dbbb47ced63d84 (diff)
downloadvyatta-bash-e27aa82a4e6a7be0898bef504901dbb1d32e3dbf.tar.gz
vyatta-bash-e27aa82a4e6a7be0898bef504901dbb1d32e3dbf.zip
restrict allowed operational commands in "full" mode.
-rw-r--r--eval.c11
1 files changed, 11 insertions, 0 deletions
diff --git a/eval.c b/eval.c
index 4f090c6..2e12ab4 100644
--- a/eval.c
+++ b/eval.c
@@ -335,12 +335,23 @@ is_vyatta_op_command(const char *cmd)
char *dir = getenv("vyatta_op_templates");
DIR *dp = NULL;
struct dirent *dent = NULL;
+ char *restrict_exclude_commands[]
+ = { "clear", "configure", "init-floppy", "install-system", "no",
+ "reboot", "set", "telnet", NULL };
char *other_commands[] = { "exit", NULL };
int ret = 0;
if (dir == NULL || (dp = opendir(dir)) == NULL) {
return 0;
}
+
+ /* FIXME this assumes FULL == "users" */
+ if (in_vyatta_restricted_mode(FULL)
+ && is_in_command_list(cmd, restrict_exclude_commands)) {
+ /* command not allowed in "full" restricted mode */
+ return 0;
+ }
+
while (dent = readdir(dp)) {
if (strncmp(dent->d_name, ".", 1) == 0) {
continue;