summaryrefslogtreecommitdiff
path: root/gen-unpriv-commands.sh
diff options
context:
space:
mode:
authorJohn Southworth <john.southworth@vyatta.com>2011-08-03 11:59:21 -0500
committerJohn Southworth <john.southworth@vyatta.com>2011-08-03 11:59:21 -0500
commitf6e3d3d687bdc82e4fa885864b35d9d7aa9ed5ca (patch)
treef15084d2df351671952e98b5da2bb7d4df74fcb8 /gen-unpriv-commands.sh
parent5881df96b478d388813557d7280e55e788b5e175 (diff)
downloadvyatta-op-f6e3d3d687bdc82e4fa885864b35d9d7aa9ed5ca.tar.gz
vyatta-op-f6e3d3d687bdc82e4fa885864b35d9d7aa9ed5ca.zip
Generate unpriviledged allowed-op at compile time. Add script to allow admin user to regenerate it if needed. Fix ambiguous command message.
Diffstat (limited to 'gen-unpriv-commands.sh')
-rwxr-xr-xgen-unpriv-commands.sh32
1 files changed, 32 insertions, 0 deletions
diff --git a/gen-unpriv-commands.sh b/gen-unpriv-commands.sh
new file mode 100755
index 0000000..cce36a1
--- /dev/null
+++ b/gen-unpriv-commands.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+source ./functions/interpreter/vyatta-common
+
+declare -a op_allowed
+declare -a toplevel
+
+op_allowed=( $(cat ./etc/shell/level/users/allowed-op.in) )
+toplevel=( $(ls ./templates/) )
+
+vyatta_unpriv_gen_allowed () {
+ local -a allowed_cmds=()
+ rm -f ./etc/shell/level/users/allowed-op
+ for cmd in "${op_allowed[@]}"; do
+ if is_elem_of ${cmd} toplevel; then
+ for pos in $(seq 1 ${#cmd}); do
+ case ${cmd:0:$pos} in
+ for|do|done|if|fi|case|while|tr )
+ continue ;;
+ *) ;;
+ esac
+ if ! is_elem_of ${cmd:0:$pos} allowed_cmds; then
+ allowed_cmds+=( ${cmd:0:$pos} )
+ echo ${cmd:0:$pos} >> ./etc/shell/level/users/allowed-op
+ fi
+ done
+ else
+ echo ${cmd} >> ./etc/shell/level/users/allowed-op
+ fi
+ done
+}
+
+vyatta_unpriv_gen_allowed
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-20 00:35:21 +0000