diff options
author | Sebastian Huber <sebastian.huber@embedded-brains.de> | 2014-11-18 07:35:30 +0100 |
---|---|---|
committer | Sebastian Huber <sebastian.huber@embedded-brains.de> | 2014-11-20 10:30:26 +0100 |
commit | 7eada71e1b8e707d5b97d4d0cf7d2ca73013e403 (patch) | |
tree | 0595921de0173366d2bfb5331be1fb89ab1001ca /cpukit/libmisc/shell/shell_cmdset.c | |
parent | shell: Inherit UID and GID if no login check (diff) | |
download | rtems-7eada71e1b8e707d5b97d4d0cf7d2ca73013e403.tar.bz2 |
shell: Add mode, UID and GID to shell commands
Use this information to determine if a command is visible to the current
user and if the current user is allowed to execute this command.
Diffstat (limited to 'cpukit/libmisc/shell/shell_cmdset.c')
-rw-r--r-- | cpukit/libmisc/shell/shell_cmdset.c | 44 |
1 files changed, 39 insertions, 5 deletions
diff --git a/cpukit/libmisc/shell/shell_cmdset.c b/cpukit/libmisc/shell/shell_cmdset.c index 07d37dbda7..be64b83fe4 100644 --- a/cpukit/libmisc/shell/shell_cmdset.c +++ b/cpukit/libmisc/shell/shell_cmdset.c @@ -29,6 +29,7 @@ #include <rtems.h> #include <rtems/shell.h> #include <rtems/shellconfig.h> +#include <rtems/libio_.h> #include "internal.h" /* @@ -122,6 +123,9 @@ rtems_shell_cmd_t *rtems_shell_add_cmd_struct( next_ptr = &existing->next; } + /* Ensure that the user can read and execute commands */ + shell_cmd->mode |= S_IRUSR | S_IXUSR; + /* Append */ *next_ptr = shell_cmd; @@ -152,7 +156,7 @@ rtems_shell_cmd_t * rtems_shell_add_cmd( } /* Allocate command stucture */ - shell_cmd = (rtems_shell_cmd_t *) malloc(sizeof(rtems_shell_cmd_t)); + shell_cmd = (rtems_shell_cmd_t *) calloc(1, sizeof(*shell_cmd)); if (shell_cmd == NULL) { return NULL; } @@ -167,8 +171,6 @@ rtems_shell_cmd_t * rtems_shell_add_cmd( shell_cmd->topic = my_topic; shell_cmd->usage = my_usage; shell_cmd->command = command; - shell_cmd->alias = NULL; - shell_cmd->next = NULL; if (rtems_shell_add_cmd_struct(shell_cmd) == NULL) { /* Something is wrong, free allocated resources */ @@ -208,13 +210,37 @@ rtems_shell_cmd_t *rtems_shell_alias_cmd( shell_cmd->usage, shell_cmd->command ); - if (shell_aux) + if (shell_aux) { shell_aux->alias = shell_cmd; + shell_aux->mode = shell_cmd->mode; + shell_aux->uid = shell_cmd->uid; + shell_aux->gid = shell_cmd->gid; + } } } return shell_aux; } +bool rtems_shell_can_see_cmd(const rtems_shell_cmd_t *shell_cmd) +{ + return rtems_filesystem_check_access( + RTEMS_FS_PERMS_READ, + shell_cmd->mode, + shell_cmd->uid, + shell_cmd->gid + ); +} + +static bool rtems_shell_can_execute_cmd(const rtems_shell_cmd_t *shell_cmd) +{ + return rtems_filesystem_check_access( + RTEMS_FS_PERMS_EXEC, + shell_cmd->mode, + shell_cmd->uid, + shell_cmd->gid + ); +} + int rtems_shell_execute_cmd(const char *cmd, int argc, char *argv[]) { rtems_shell_cmd_t *shell_cmd; @@ -225,9 +251,17 @@ int rtems_shell_execute_cmd(const char *cmd, int argc, char *argv[]) shell_cmd = rtems_shell_lookup_cmd(argv[0]); + if (shell_cmd != NULL && !rtems_shell_can_see_cmd(shell_cmd)) { + shell_cmd = NULL; + } + if (shell_cmd == NULL) { return rtems_shell_script_file(argc, argv); - } else { + } else if (rtems_shell_can_execute_cmd(shell_cmd)) { return shell_cmd->command(argc, argv); + } else { + fprintf(stderr, "%s: Permission denied\n", cmd); + + return -1; } } |