diff options
| author | John Southworth <john.southworth@vyatta.com> | 2011-08-02 19:41:42 -0500 |
|---|---|---|
| committer | John Southworth <john.southworth@vyatta.com> | 2011-08-02 19:41:42 -0500 |
| commit | 91fe0a2b6b73a817296caa88ee7ce518c813ff6a (patch) | |
| tree | d4a31a4c167555458b4d666d107801f1259018b7 | |
| parent | 0a889b5701a6502dd12572e7fc24b6a1904de885 (diff) | |
| download | vyatta-op-91fe0a2b6b73a817296caa88ee7ce518c813ff6a.tar.gz vyatta-op-91fe0a2b6b73a817296caa88ee7ce518c813ff6a.zip | |
Add support for unambiguous top level commands for unpriviledged users
| -rw-r--r-- | etc/bash_completion.d/vyatta-op | 10 | ||||
| -rw-r--r-- | functions/interpreter/vyatta-op-run | 3 | ||||
| -rw-r--r-- | functions/interpreter/vyatta-unpriv | 80 |
3 files changed, 87 insertions, 6 deletions
diff --git a/etc/bash_completion.d/vyatta-op b/etc/bash_completion.d/vyatta-op index 340c316..c1aa50d 100644 --- a/etc/bash_completion.d/vyatta-op +++ b/etc/bash_completion.d/vyatta-op @@ -68,8 +68,8 @@ declare _vyatta_comptype declare -x -a reply declare -a _vyatta_operator_allowed -if [[ "$VYATTA_USER_LEVEL_DIR" == "/opt/vyatta/etc/shell/level/users" ]]; then - _vyatta_operator_allowed=( $(cat /opt/vyatta/etc/shell/level/users/allowed-op) ) +if [[ "$VYATTA_USER_LEVEL_DIR" != "/opt/vyatta/etc/shell/level/admin" ]]; then + _vyatta_operator_allowed=( $(cat $VYATTA_USER_LEVEL_DIR/allowed-op) ) fi #source /etc/bash_completion.d/vyatta-op-run @@ -444,7 +444,11 @@ if [ "$_OFR_CONFIGURE" == "ok" ]; then return 0 fi -_vyatta_op_init $@ +if [[ "$VYATTA_USER_LEVEL_DIR" != "/opt/vyatta/etc/shell/level/admin" ]]; then + vyatta_unpriv_init $@ +else + _vyatta_op_init $@ +fi ### Local Variables: ### mode: shell-script diff --git a/functions/interpreter/vyatta-op-run b/functions/interpreter/vyatta-op-run index 02f862b..ea451e5 100644 --- a/functions/interpreter/vyatta-op-run +++ b/functions/interpreter/vyatta-op-run @@ -40,9 +40,6 @@ _vyatta_op_init () done shopt -s histverify - if [[ "$VYATTA_USER_LEVEL_DIR" == "/opt/vyatta/etc/shell/level/users" ]]; then - PS1='\u@\h> ' - fi } _vyatta_op_get_node_def_field () diff --git a/functions/interpreter/vyatta-unpriv b/functions/interpreter/vyatta-unpriv new file mode 100644 index 0000000..0b07317 --- /dev/null +++ b/functions/interpreter/vyatta-unpriv @@ -0,0 +1,80 @@ +#!/bin/bash +source /opt/vyatta/share/vyatta-op/functions/interpreter/vyatta-common + +declare -a op_allowed +declare -a toplevel + +op_allowed=( $(cat /opt/vyatta/etc/shell/level/users/allowed-op.in) ) +toplevel=( $(ls /opt/vyatta/share/vyatta-op/templates/) ) + +vyatta_unpriv_ambiguous () +{ + local -a filtered_cmds=() + get_prefix_filtered_list $1 op_allowed filtered_cmds + _vyatta_op_node_path=${vyatta_op_templates} + comps=$(_vyatta_op_help $1 ${filtered_cmds[@]}) + echo -e "$comps\n" | sed -e 's/^P/ P/' +} + +vyatta_unpriv_init () +{ + # empty and default line compeletion + complete -E -F _vyatta_op_expand + complete -D -F _vyatta_op_default_expand + + for cmd in "${op_allowed[@]}"; do + if is_elem_of ${cmd} toplevel; then + for pos in $(seq 1 ${#cmd}); do + case ${cmd:0:$pos} in + for|do|done|if|fi|case|while|tr ) + continue ;; + *) ;; + esac + local -a filtered_cmds=() + get_prefix_filtered_list ${cmd:0:$pos} op_allowed filtered_cmds + local found + is_elem_of "${cmd:0:$pos}" op_allowed + found=$? + if [[ "${#filtered_cmds[@]}" == "1" || "${cmd:0:$pos}" == "$cmd" || "$found" == "0" ]]; then + local fcmd + if [[ "${#filtered_cmds[@]}" == "1" ]]; then + fcmd=${filtered_cmds[0]} + elif is_elem_of "${cmd:0:$pos}" op_allowed; then + fcmd=${cmd:0:$pos} + else + fcmd=$cmd + fi + eval alias ${cmd:0:$pos}=\'_vyatta_op_run $fcmd\' + else + eval alias ${cmd:0:$pos}=\'vyatta_unpriv_ambiguous ${cmd:0:$pos}\' + fi + complete -F _vyatta_op_expand ${cmd:0:$pos} + done + fi + done + if [[ "$VYATTA_USER_LEVEL_DIR" == "/opt/vyatta/etc/shell/level/users" ]]; then + PS1='\u@\h> ' + fi +} + +vyatta_unpriv_gen_allowed () { + local -a allowed_cmds=() + rm -rf /opt/vyatta/etc/shell/level/users/allowed-op + for cmd in "${op_allowed[@]}"; do + if is_elem_of ${cmd} toplevel; then + for pos in $(seq 1 ${#cmd}); do + case ${cmd:0:$pos} in + for|do|done|if|fi|case|while|tr ) + continue ;; + *) ;; + esac + if ! is_elem_of ${cmd:0:$pos} allowed_cmds; then + allowed_cmds+=( ${cmd:0:$pos} ) + echo ${cmd:0:$pos} >> /opt/vyatta/etc/shell/level/users/allowed-op + fi + done + else + echo ${cmd} >> /opt/vyatta/etc/shell/level/users/allowed-op + fi + done +} |