Commit b6d20956 authored by Robert Ricci's avatar Robert Ricci

Added the ability to do 'cd <dir> && command' or

'cd <dir> ; command' (this is the only cirumstance where
these characters, or 'chained comands' are allowed). This
was done so that the wrapper script can use it, so that
the wrapper will work properly for people who have real
shells on paper.
parent fcb9808c
......@@ -16,7 +16,6 @@
$tb = "/usr/testbed/bin";
%allowed = ( "avail" => "$tb/avail",
"delay_setup" => "$tb/delay_setup",
"genptop" => "$tb/genptop",
"ifc_filegen" => "$tb/ifc_filegen",
"ifc_setup" => "$tb/ifc_setup",
"inuse" => "$tb/inuse",
......@@ -45,12 +44,10 @@ $tb = "/usr/testbed/bin";
"trafgen" => "$tb/trafgen",
"turn" => "$tb/turn",
"vpower" => "$tb/vpower",
"vsnmpit" => "$tb/vsnmpit",
# Here for testing - REMOVE LATER
"ls" => "/bin/ls");
"vsnmpit" => "$tb/vsnmpit");
# Since look up commands in the above, hash, we don't need a path..
$ENV{PATH} = "";
# Need to provide a simple path, because some scripts we call need one
$ENV{PATH} = "/usr/testbed/bin:/bin:/usr/bin:/usr/local/bin";
# Clean the environment of potentially nasty variables
delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
......@@ -61,11 +58,11 @@ $message = "This is a restricted shell, and will only allow you to run
a limited set of commands. For an unrestrictive shell, log into
ops.emulab.net\n";
$debug = 1;
$debug = 0;
$| = 1; # No line buffering, so that we can see the prompt
$interactive = 1;
if ($ARGV[0] eq "-c") { # We were called by sshd - transform args into a useful form
if (@ARGV && ($ARGV[0] eq "-c")) { # We were called by sshd - transform args into a useful form
my $bigarg = pop @ARGV;
push(@ARGV,split(/\s+/,$bigarg));
shift @ARGV; # Dispose of -c
......@@ -77,6 +74,19 @@ if ($ARGV[0] eq "-c") { # We were called by sshd - transform args into a useful
if (@ARGV && ($ARGV[0] =~ /dir=(.*)/)) {
shift @ARGV;
&cd($1); # Change to given directory
} elsif($ARGV[0] eq "cd") { # also understand 'cd dir &&' or 'cd dir ;' syntax to be a little more compatible
# with other shells
# Discard the cd
shift @ARGV;
my $dir = shift @ARGV;
my $trash = shift @ARGV;
if (($trash ne "&&") && ($trash ne ";")) {
die "Syntax error: expected && or ; after cd <dir>\n";
}
# Untaint directory name - changing directories isn't a security risk in our situation
if ($dir =~ /^(.*)$/) {
&cd($1);
}
}
if (@ARGV) { # We were given command line arguments
......@@ -97,9 +107,10 @@ do {{
($command, @args) = split /\s+/,<>;
}
next unless $command; # Don't complain if they leave a blank command
# Don't allow any naughty characters - kick the user off if they try
foreach $string ($command, @args) {
if ($string !~ m|^([A-Za-z0-9._\-/]*)$|) {
if ($string !~ m|^([A-Za-z0-9._\-/=]*)$|) {
print "Sorry, you used a forbidden character\n";
&debug("String was $string\n");
exit(-1);
......@@ -109,7 +120,6 @@ do {{
}
}
next unless $command; # Don't complain if they leave a blank command
# Strip off all path information from the command
$command =~ /([^\/]+)$/; $command = $1;
next unless $command; # Don't complain if they leave a blank command
......@@ -147,7 +157,7 @@ do {{
# it is appropriate to do so or not
sub cd {
my $dirname = shift;
chdir $dirname or print "Unable to change directories to $dirname\n";
chdir $dirname or warn "Unable to change directories to $dirname\n";
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment