diff options
author | An-Cheng Huang <ancheng@vyatta.com> | 2007-12-05 13:42:35 -0800 |
---|---|---|
committer | An-Cheng Huang <ancheng@vyatta.com> | 2007-12-05 13:42:35 -0800 |
commit | e27aa82a4e6a7be0898bef504901dbb1d32e3dbf (patch) | |
tree | 4669fb2e2f0fcf3c0e44db2c0a10fdf35892d964 | |
parent | 63ffe130ceed78534bee790ee5dbbb47ced63d84 (diff) | |
download | vyatta-bash-e27aa82a4e6a7be0898bef504901dbb1d32e3dbf.tar.gz vyatta-bash-e27aa82a4e6a7be0898bef504901dbb1d32e3dbf.zip |
restrict allowed operational commands in "full" mode.
-rw-r--r-- | eval.c | 11 |
1 files changed, 11 insertions, 0 deletions
@@ -335,12 +335,23 @@ is_vyatta_op_command(const char *cmd) char *dir = getenv("vyatta_op_templates"); DIR *dp = NULL; struct dirent *dent = NULL; + char *restrict_exclude_commands[] + = { "clear", "configure", "init-floppy", "install-system", "no", + "reboot", "set", "telnet", NULL }; char *other_commands[] = { "exit", NULL }; int ret = 0; if (dir == NULL || (dp = opendir(dir)) == NULL) { return 0; } + + /* FIXME this assumes FULL == "users" */ + if (in_vyatta_restricted_mode(FULL) + && is_in_command_list(cmd, restrict_exclude_commands)) { + /* command not allowed in "full" restricted mode */ + return 0; + } + while (dent = readdir(dp)) { if (strncmp(dent->d_name, ".", 1) == 0) { continue; |