From 7aa420e5a5509793030350acb9c108eaef6c79ea Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Sun, 30 Jun 2024 07:35:25 +0200
Subject: T6527: add legacy Vyatta interpreter files still in use

(cherry picked from commit 72a704d2e2b06bfedc4f1ee841814f983fc34baa)
---
 src/opt/vyatta/bin/restricted-shell      | 11 +++++++++++
 src/opt/vyatta/bin/vyatta-op-cmd-wrapper |  6 ++++++
 2 files changed, 17 insertions(+)
 create mode 100755 src/opt/vyatta/bin/restricted-shell
 create mode 100755 src/opt/vyatta/bin/vyatta-op-cmd-wrapper

(limited to 'src/opt/vyatta/bin')

diff --git a/src/opt/vyatta/bin/restricted-shell b/src/opt/vyatta/bin/restricted-shell
new file mode 100755
index 000000000..ffcbb53b7
--- /dev/null
+++ b/src/opt/vyatta/bin/restricted-shell
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+if [ $# != 0 ]; then
+    echo "Remote command execution is not allowed for operator level users"
+    args=($@)
+    args_str=$(IFS=" " ; echo "${args[*]}")
+    logger "Operator level user $USER attempted remote command execution: $args_str" 
+    exit 1
+fi
+
+exec vbash
diff --git a/src/opt/vyatta/bin/vyatta-op-cmd-wrapper b/src/opt/vyatta/bin/vyatta-op-cmd-wrapper
new file mode 100755
index 000000000..a89211b2b
--- /dev/null
+++ b/src/opt/vyatta/bin/vyatta-op-cmd-wrapper
@@ -0,0 +1,6 @@
+#!/bin/vbash
+shopt -s expand_aliases
+source /etc/default/vyatta
+source /etc/bash_completion.d/vyatta-op
+_vyatta_op_init
+_vyatta_op_run "$@"
-- 
cgit v1.2.3