From 10f1fb8bdfb9efedb269dbe3225102dbf992a8cf Mon Sep 17 00:00:00 2001
From: An-Cheng Huang <ancheng@vyatta.com>
Date: Wed, 13 Feb 2008 15:32:35 -0800
Subject: fix for bug 2604: shell accepts '!' by default

---
 eval.c              |  4 ++++
 vyatta-restricted.c | 63 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 vyatta-restricted.h |  2 ++
 3 files changed, 69 insertions(+)

diff --git a/eval.c b/eval.c
index 6c9508b..82b8496 100644
--- a/eval.c
+++ b/eval.c
@@ -223,6 +223,8 @@ parse_command ()
 	send_pwd_to_eterm ();	/* Yuck */
     }
 
+  vyatta_reset_hist_expansion();
+
   current_command_line_count = 0;
   r = yyparse ();
 
@@ -236,6 +238,8 @@ parse_command ()
       current_readline_line[1] = '\0';
       return 1;
     }
+  } else if (interactive && current_readline_line) {
+    vyatta_check_expansion(global_command);
   }
 #endif
 
diff --git a/vyatta-restricted.c b/vyatta-restricted.c
index dc78ef2..f3b918d 100644
--- a/vyatta-restricted.c
+++ b/vyatta-restricted.c
@@ -20,6 +20,7 @@
    Portions created by Vyatta are Copyright (C) 2007 Vyatta, Inc. */
 
 #include "shell.h"
+#include "bashhist.h"
 #include "vyatta-restricted.h"
 
 #define FILENAME_MODE "restricted-mode"
@@ -41,6 +42,28 @@ static char *vyatta_user_level_dir = NULL;
 static int vyatta_default_output_restricted = 0;
 static int vyatta_default_full_restricted = 0;
 
+static int
+is_expansion_disabled()
+{
+  char *exp = getenv("VYATTA_ENABLE_SHELL_EXPANSION");
+  if (!exp) {
+    return 1;
+  }
+  return 0;
+}
+
+void
+vyatta_reset_hist_expansion()
+{
+#if defined (BANG_HISTORY)
+  if (is_expansion_disabled()) {
+    history_expansion_inhibited = 1;
+  } else {
+    history_expansion_inhibited = 0;
+  }
+#endif
+}
+
 static int
 is_in_command_list(const char *cmd, char *cmds[])
 {
@@ -126,6 +149,46 @@ make_restricted_wordlist(WORD_LIST *words)
   }
 }
 
+/* this basically disables shell expansions for "simple" commands */
+void
+vyatta_check_expansion(COMMAND *cmd)
+{
+  struct simple_com *cS;
+  struct connection *cC;
+
+  if (!cmd) {
+    return;
+  }
+  if (!is_expansion_disabled()) {
+    /* enabled */
+    return;
+  }
+
+  switch (cmd->type) {
+  case cm_simple:
+    cS = cmd->value.Simple;
+    if (!(cS->redirects)) {
+      /* simple command, no redirects */
+      /* quote all words */
+      make_restricted_wordlist(cS->words);
+    }
+    break;
+  case cm_connection:
+    cC = cmd->value.Connection;
+    if ((cC->connector == '|') && (cC->first->type == cm_simple)) {
+      struct simple_com *cS1 = cC->first->value.Simple;
+      if (!(cS1->redirects)) {
+        /* simple, no redirects */
+        /* quote all words */
+        make_restricted_wordlist(cS1->words);
+      }
+    }
+    break;
+  default:
+    break;
+  }
+}
+
 static int
 is_vyatta_restricted_command(COMMAND *cmd)
 {
diff --git a/vyatta-restricted.h b/vyatta-restricted.h
index 32888c8..fcc4b6f 100644
--- a/vyatta-restricted.h
+++ b/vyatta-restricted.h
@@ -29,6 +29,8 @@
 enum vyatta_restricted_type { OUTPUT, FULL };
 extern int in_vyatta_restricted_mode __P((enum vyatta_restricted_type));
 extern int is_vyatta_command __P((char *, COMMAND *));
+extern void vyatta_check_expansion __P((COMMAND *));
+extern void vyatta_reset_hist_expansion();
 
 #endif /* _VYATTA_RESTRICTED_H_ */
 
-- 
cgit v1.2.3