| [vhffs-dev] [svn] commit: r65 - in trunk/vhffs-shells: Makefile tuxshell.c |
[ Thread Index |
Date Index
| More vhffs.org/vhffs-dev Archives
]
Author: soda
Date: Wed Jul 27 01:06:04 2005
New Revision: 65
Log:
Update Tuxshell
* Tuxshell uses now the username and the uid
* Can allow many commands
* Tell to syslog what happens
Modified:
trunk/vhffs-shells/Makefile
trunk/vhffs-shells/tuxshell.c
Modified: trunk/vhffs-shells/Makefile
==============================================================================
--- trunk/vhffs-shells/Makefile (original)
+++ trunk/vhffs-shells/Makefile Wed Jul 27 01:06:04 2005
@@ -1,7 +1,7 @@
.SUFFIXES = .c
tuxshell: tuxshell.c
- gcc -o $@ $<
+ gcc -Wall -pedantic -o $@ $<
all: tuxshell
Modified: trunk/vhffs-shells/tuxshell.c
==============================================================================
--- trunk/vhffs-shells/tuxshell.c (original)
+++ trunk/vhffs-shells/tuxshell.c Wed Jul 27 01:06:04 2005
@@ -33,6 +33,8 @@
#include <unistd.h>
#include <string.h>
#include <syslog.h>
+#include <pwd.h>
+#include <sys/types.h>
/* grap is a wrapper designed to verify commands before passing them to system()
or just reporting the accepted command. grap will report an error if the
@@ -82,8 +84,14 @@
/* Define what strings are acceptable in <command>
define an optional execution path CMD_PATH if desired */
-char *commands[] = { "cvs" , "svnserve" , NULL };
-
+/*char *commands[] = { "cvs" , "svnserve" , NULL };*/
+char *commands[][3] = {
+ {"cvs" , "server" , NULL },
+ {"svnserve" , NULL },
+ {NULL}
+ };
+char **line;
+int k;
#define MAXARGS 256
/* NO USER SERVICEABLE PARTS BELOW --------------------------------- */
@@ -106,27 +114,39 @@
int i, j, flag;
char *buf;
char *args[MAXARGS];
- int ok = 0;
-
+ int ok;
+ uid_t uid;
+ struct passwd *cuser;
+ char *username;
+
openlog("Tuxshell" , LOG_NOWAIT | LOG_NDELAY , LOG_AUTHPRIV );
+ ok = 0;
+ uid = getuid();
+ cuser = getpwuid(uid);
+
+ if( cuser == NULL )
+ {
+ closelog();
+ exit( -1 );
+ }
+
+ /* Get username */
+ username = cuser->pw_name;
+
if(argc != 3) {
- /* printf("FATAL: %s bailed because not enough options.\n", argv[0]); */
- syslog( LOG_INFO , "try open a login shell");
+ syslog( LOG_INFO , "user %s try open a login shell" , username );
closelog();
deny();
}
-
-
/* process the initial option (see options array) */
-
i = -1;
while((options[++i] != NULL) && strcmp(options[i], argv[OPTION_ARGC]));
if(options[i] == NULL) {
/* printf("FATAL: %s bailed because options didn't qualify.\n", argv[0]); */
- syslog( LOG_INFO , "option %s is not allowed" , argv[OPTION_ARGC]);
+ syslog( LOG_INFO , "option %s is not allowed for user %s " , argv[OPTION_ARGC] , username );
closelog();
deny();
}
@@ -154,27 +174,40 @@
i++;
}
+ i = 0;
/* check the command to insure it's in the acceptance list */
- i = 0;
- while((commands[i] != NULL))
+ while( commands[i] != NULL )
{
- if( strcmp( commands[i] , args[CMD_POS] ) == 0 )
+ line = commands[i];
+ k = -1;
+
+ if( line[0] == NULL )
+ {
+ ok = 0;
+ break;
+ }
+
+ while((line[++k] != NULL) && ( args[CMD_POS+k] != NULL ) && !strcmp(line[k], args[CMD_POS+k]));
+
+ if( line[k] == NULL )
{
ok = 1;
+ break;
}
i++;
}
- if( ok == 0)
+ if( ok == 0 )
{
/* printf("FATAL: %s bailed because command didn't qualify.\n", args[CMD_POS]); */
- syslog( LOG_WARNING , "NOT allow command %s" , args[CMD_POS] );
+ syslog( LOG_WARNING , "NOT allow command %s for user %s" , args[CMD_POS] , username );
closelog();
deny();
}
- syslog( LOG_INFO , "allow command %s" , args[CMD_POS] );
+ syslog( LOG_INFO , "allow command %s for user %s" , args[CMD_POS] , username );
closelog();
+ printf("allowed");
/* ok, the command is clear, exec() it */