diff options
Diffstat (limited to 'eval.c')
| -rw-r--r-- | eval.c | 222 |
1 files changed, 0 insertions, 222 deletions
@@ -29,7 +29,6 @@ #include "bashansi.h" #include <stdio.h> -#include <dirent.h> #include "bashintl.h" @@ -198,227 +197,6 @@ send_pwd_to_eterm () fprintf (stderr, "\032/%s\n", pwd); } -static int -is_in_command_list(const char *cmd, char *cmds[]) -{ - int idx = 0; - for (idx = 0; cmds[idx]; idx++) { - if (strcmp(cmd, cmds[idx]) == 0) { - return 1; - } - } - return 0; -} - -static int -is_vyatta_restricted_pipe_command(WORD_LIST *words) -{ - char *allowed_commands[] = { "more", NULL }; - if (words) { - if (!words->next) { - /* only 1 word */ - if (is_in_command_list(words->word->word, allowed_commands)) { - /* allowed */ - return 1; - } - } - } - /* not allowed */ - return 0; -} - -static void -make_restricted_word(WORD_DESC *word) -{ - char *c, *ns, *n; - int sq_count = 0; - char *uqs = string_quote_removal(word->word, 0); - - for (c = uqs; *c; c++) { - if (*c == '\'') { - sq_count++; - } - } - - /* strlen + start/end quotes + \0 + extra "'\''" */ - ns = (char *) xmalloc(strlen(uqs) + 2 + 1 + (3 * sq_count)); - n = ns; - *n = '\''; - n++; - for (c = uqs; *c; c++) { - if (*c == '\'') { - *n = '\''; - *(n + 1) = '\\'; - *(n + 2) = '\''; - *(n + 3) = '\''; - n += 4; - } else { - *n = *c; - n++; - } - } - *n = '\''; - *(n + 1) = '\0'; - - free(word->word); - free(uqs); - word->word = ns; - word->flags = W_QUOTED; -} - -static void -make_restricted_wordlist(WORD_LIST *words) -{ - WORD_LIST *l = words->next; /* skip the first word */ - for (; l; l = l->next) { - make_restricted_word(l->word); - } -} - -static int -is_vyatta_restricted_command(COMMAND *cmd) -{ - struct simple_com *cS; - struct connection *cC; - - if (!cmd) { - return 1; - } - - switch (cmd->type) { - case cm_simple: - cS = cmd->value.Simple; - if (!(cS->redirects)) { - /* simple command, no redirects */ - /* make sure the words are allowed */ - make_restricted_wordlist(cS->words); - return 1; - } - break; - case cm_connection: - cC = cmd->value.Connection; - if (cC->connector == '|') { - if ((cC->first->type == cm_simple) && (cC->second->type == cm_simple)) { - struct simple_com *cS1 = cC->first->value.Simple; - struct simple_com *cS2 = cC->second->value.Simple; - if (!(cS1->redirects) && !(cS2->redirects)) { - /* both are simple and no redirects */ - /* make sure the words are allowed */ - make_restricted_wordlist(cS1->words); - make_restricted_wordlist(cS2->words); - if (is_vyatta_restricted_pipe_command(cS2->words)) { - /* pipe command is allowed => allowed */ - return 1; - } - } - } - } - break; - default: - break; - } - /* not allowed */ - return 0; -} - -static int -is_vyatta_cfg_command(const char *cmd) -{ - char *valid_commands[] = { "set", "delete", "commit", "save", "load", - "show", "exit", "edit", "run", NULL }; - return is_in_command_list(cmd, valid_commands); -} - -static int -is_vyatta_op_command(const char *cmd) -{ - char *dir = getenv("vyatta_op_templates"); - DIR *dp = NULL; - struct dirent *dent = NULL; - char *restrict_exclude_commands[] - = { "clear", "configure", "init-floppy", "install-system", "no", - "reboot", "set", "telnet", NULL }; - char *other_commands[] = { "exit", NULL }; - int ret = 0; - - if (dir == NULL || (dp = opendir(dir)) == NULL) { - return 0; - } - - /* FIXME this assumes FULL == "users" */ - if (in_vyatta_restricted_mode(FULL) - && is_in_command_list(cmd, restrict_exclude_commands)) { - /* command not allowed in "full" restricted mode */ - return 0; - } - - while (dent = readdir(dp)) { - if (strncmp(dent->d_name, ".", 1) == 0) { - continue; - } - if (strcmp(dent->d_name, cmd) == 0) { - ret = 1; - break; - } - } - closedir(dp); - return (ret) ? 1 : is_in_command_list(cmd, other_commands); -} - -static char *prev_cmdline = NULL; - -static int -is_vyatta_command(char *cmdline, COMMAND *cmd) -{ - char *cfg = getenv("_OFR_CONFIGURE"); - int in_cfg = (cfg) ? (strcmp(cfg, "ok") == 0) : 0; - char *start = cmdline; - char *end = NULL; - char save = 0; - int ret = 0; - - if (!prev_cmdline) { - prev_cmdline = strdup(""); - } - if (strcmp(cmdline, prev_cmdline) == 0) { - /* still at the same line. not checking. */ - return 1; - } - if (!is_vyatta_restricted_command(cmd)) { - return 0; - } - - while (*start && (whitespace(*start) || *start == '\n')) { - start++; - } - if (*start == 0) { - /* empty command line is valid */ - free(prev_cmdline); - prev_cmdline = strdup(cmdline); - return 1; - } - end = start; - while (*end && (!whitespace(*end) && *end != '\n')) { - end++; - } - save = *end; - *end = 0; - - if (in_cfg) { - ret = is_vyatta_cfg_command(start); - } else { - ret = is_vyatta_op_command(start); - } - *end = save; - - if (ret) { - /* valid command */ - free(prev_cmdline); - prev_cmdline = strdup(cmdline); - } - return ret; -} - /* Call the YACC-generated parser and return the status of the parse. Input is read from the current input stream (bash_input). yyparse leaves the parsed command in the global variable GLOBAL_COMMAND. |