From 91fe0a2b6b73a817296caa88ee7ce518c813ff6a Mon Sep 17 00:00:00 2001 From: John Southworth Date: Tue, 2 Aug 2011 19:41:42 -0500 Subject: Add support for unambiguous top level commands for unpriviledged users --- functions/interpreter/vyatta-op-run | 3 -- functions/interpreter/vyatta-unpriv | 80 +++++++++++++++++++++++++++++++++++++ 2 files changed, 80 insertions(+), 3 deletions(-) create mode 100644 functions/interpreter/vyatta-unpriv (limited to 'functions/interpreter') diff --git a/functions/interpreter/vyatta-op-run b/functions/interpreter/vyatta-op-run index 02f862b..ea451e5 100644 --- a/functions/interpreter/vyatta-op-run +++ b/functions/interpreter/vyatta-op-run @@ -40,9 +40,6 @@ _vyatta_op_init () done shopt -s histverify - if [[ "$VYATTA_USER_LEVEL_DIR" == "/opt/vyatta/etc/shell/level/users" ]]; then - PS1='\u@\h> ' - fi } _vyatta_op_get_node_def_field () diff --git a/functions/interpreter/vyatta-unpriv b/functions/interpreter/vyatta-unpriv new file mode 100644 index 0000000..0b07317 --- /dev/null +++ b/functions/interpreter/vyatta-unpriv @@ -0,0 +1,80 @@ +#!/bin/bash +source /opt/vyatta/share/vyatta-op/functions/interpreter/vyatta-common + +declare -a op_allowed +declare -a toplevel + +op_allowed=( $(cat /opt/vyatta/etc/shell/level/users/allowed-op.in) ) +toplevel=( $(ls /opt/vyatta/share/vyatta-op/templates/) ) + +vyatta_unpriv_ambiguous () +{ + local -a filtered_cmds=() + get_prefix_filtered_list $1 op_allowed filtered_cmds + _vyatta_op_node_path=${vyatta_op_templates} + comps=$(_vyatta_op_help $1 ${filtered_cmds[@]}) + echo -e "$comps\n" | sed -e 's/^P/ P/' +} + +vyatta_unpriv_init () +{ + # empty and default line compeletion + complete -E -F _vyatta_op_expand + complete -D -F _vyatta_op_default_expand + + for cmd in "${op_allowed[@]}"; do + if is_elem_of ${cmd} toplevel; then + for pos in $(seq 1 ${#cmd}); do + case ${cmd:0:$pos} in + for|do|done|if|fi|case|while|tr ) + continue ;; + *) ;; + esac + local -a filtered_cmds=() + get_prefix_filtered_list ${cmd:0:$pos} op_allowed filtered_cmds + local found + is_elem_of "${cmd:0:$pos}" op_allowed + found=$? + if [[ "${#filtered_cmds[@]}" == "1" || "${cmd:0:$pos}" == "$cmd" || "$found" == "0" ]]; then + local fcmd + if [[ "${#filtered_cmds[@]}" == "1" ]]; then + fcmd=${filtered_cmds[0]} + elif is_elem_of "${cmd:0:$pos}" op_allowed; then + fcmd=${cmd:0:$pos} + else + fcmd=$cmd + fi + eval alias ${cmd:0:$pos}=\'_vyatta_op_run $fcmd\' + else + eval alias ${cmd:0:$pos}=\'vyatta_unpriv_ambiguous ${cmd:0:$pos}\' + fi + complete -F _vyatta_op_expand ${cmd:0:$pos} + done + fi + done + if [[ "$VYATTA_USER_LEVEL_DIR" == "/opt/vyatta/etc/shell/level/users" ]]; then + PS1='\u@\h> ' + fi +} + +vyatta_unpriv_gen_allowed () { + local -a allowed_cmds=() + rm -rf /opt/vyatta/etc/shell/level/users/allowed-op + for cmd in "${op_allowed[@]}"; do + if is_elem_of ${cmd} toplevel; then + for pos in $(seq 1 ${#cmd}); do + case ${cmd:0:$pos} in + for|do|done|if|fi|case|while|tr ) + continue ;; + *) ;; + esac + if ! is_elem_of ${cmd:0:$pos} allowed_cmds; then + allowed_cmds+=( ${cmd:0:$pos} ) + echo ${cmd:0:$pos} >> /opt/vyatta/etc/shell/level/users/allowed-op + fi + done + else + echo ${cmd} >> /opt/vyatta/etc/shell/level/users/allowed-op + fi + done +} -- cgit v1.2.3