diff options
| -rw-r--r-- | eval.c | 4 | ||||
| -rw-r--r-- | vyatta-restricted.c | 63 | ||||
| -rw-r--r-- | vyatta-restricted.h | 2 |
3 files changed, 69 insertions, 0 deletions
@@ -223,6 +223,8 @@ parse_command () send_pwd_to_eterm (); /* Yuck */ } + vyatta_reset_hist_expansion(); + current_command_line_count = 0; r = yyparse (); @@ -236,6 +238,8 @@ parse_command () current_readline_line[1] = '\0'; return 1; } + } else if (interactive && current_readline_line) { + vyatta_check_expansion(global_command); } #endif diff --git a/vyatta-restricted.c b/vyatta-restricted.c index dc78ef2..f3b918d 100644 --- a/vyatta-restricted.c +++ b/vyatta-restricted.c @@ -20,6 +20,7 @@ Portions created by Vyatta are Copyright (C) 2007 Vyatta, Inc. */ #include "shell.h" +#include "bashhist.h" #include "vyatta-restricted.h" #define FILENAME_MODE "restricted-mode" @@ -42,6 +43,28 @@ static int vyatta_default_output_restricted = 0; static int vyatta_default_full_restricted = 0; static int +is_expansion_disabled() +{ + char *exp = getenv("VYATTA_ENABLE_SHELL_EXPANSION"); + if (!exp) { + return 1; + } + return 0; +} + +void +vyatta_reset_hist_expansion() +{ +#if defined (BANG_HISTORY) + if (is_expansion_disabled()) { + history_expansion_inhibited = 1; + } else { + history_expansion_inhibited = 0; + } +#endif +} + +static int is_in_command_list(const char *cmd, char *cmds[]) { int idx = 0; @@ -126,6 +149,46 @@ make_restricted_wordlist(WORD_LIST *words) } } +/* this basically disables shell expansions for "simple" commands */ +void +vyatta_check_expansion(COMMAND *cmd) +{ + struct simple_com *cS; + struct connection *cC; + + if (!cmd) { + return; + } + if (!is_expansion_disabled()) { + /* enabled */ + return; + } + + switch (cmd->type) { + case cm_simple: + cS = cmd->value.Simple; + if (!(cS->redirects)) { + /* simple command, no redirects */ + /* quote all words */ + make_restricted_wordlist(cS->words); + } + break; + case cm_connection: + cC = cmd->value.Connection; + if ((cC->connector == '|') && (cC->first->type == cm_simple)) { + struct simple_com *cS1 = cC->first->value.Simple; + if (!(cS1->redirects)) { + /* simple, no redirects */ + /* quote all words */ + make_restricted_wordlist(cS1->words); + } + } + break; + default: + break; + } +} + static int is_vyatta_restricted_command(COMMAND *cmd) { diff --git a/vyatta-restricted.h b/vyatta-restricted.h index 32888c8..fcc4b6f 100644 --- a/vyatta-restricted.h +++ b/vyatta-restricted.h @@ -29,6 +29,8 @@ enum vyatta_restricted_type { OUTPUT, FULL }; extern int in_vyatta_restricted_mode __P((enum vyatta_restricted_type)); extern int is_vyatta_command __P((char *, COMMAND *)); +extern void vyatta_check_expansion __P((COMMAND *)); +extern void vyatta_reset_hist_expansion(); #endif /* _VYATTA_RESTRICTED_H_ */ |