diff options
author | 2015-08-08 19:12:30 -0400 | |
---|---|---|
committer | 2015-08-08 19:12:30 -0400 | |
commit | 1379851360349d6617ad32944a25ee5e2bb74fc2 (patch) | |
tree | f69b48e90708bfa3c2723d5a27ed3e024c827b43 /src/firejail/restricted_shell.c | |
parent | delete files (diff) | |
download | firejail-1379851360349d6617ad32944a25ee5e2bb74fc2.tar.gz firejail-1379851360349d6617ad32944a25ee5e2bb74fc2.tar.zst firejail-1379851360349d6617ad32944a25ee5e2bb74fc2.zip |
Baseline firejail 0.9.28
Diffstat (limited to 'src/firejail/restricted_shell.c')
-rw-r--r-- | src/firejail/restricted_shell.c | 96 |
1 files changed, 96 insertions, 0 deletions
diff --git a/src/firejail/restricted_shell.c b/src/firejail/restricted_shell.c new file mode 100644 index 000000000..ba3aae759 --- /dev/null +++ b/src/firejail/restricted_shell.c | |||
@@ -0,0 +1,96 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2014, 2015 netblue30 (netblue30@yahoo.com) | ||
3 | * | ||
4 | * This file is part of firejail project | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or modify | ||
7 | * it under the terms of the GNU General Public License as published by | ||
8 | * the Free Software Foundation; either version 2 of the License, or | ||
9 | * (at your option) any later version. | ||
10 | * | ||
11 | * This program is distributed in the hope that it will be useful, | ||
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
14 | * GNU General Public License for more details. | ||
15 | * | ||
16 | * You should have received a copy of the GNU General Public License along | ||
17 | * with this program; if not, write to the Free Software Foundation, Inc., | ||
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | ||
19 | */ | ||
20 | #include "firejail.h" | ||
21 | |||
22 | #define MAX_READ 4096 // maximum line length | ||
23 | char *restricted_user = NULL; | ||
24 | |||
25 | |||
26 | int restricted_shell(const char *user) { | ||
27 | assert(user); | ||
28 | |||
29 | // open profile file: | ||
30 | FILE *fp = fopen("/etc/firejail/login.users", "r"); | ||
31 | if (fp == NULL) | ||
32 | return 0; | ||
33 | |||
34 | int lineno = 0; | ||
35 | char buf[MAX_READ]; | ||
36 | while (fgets(buf, MAX_READ, fp)) { | ||
37 | lineno++; | ||
38 | |||
39 | // remove empty spaces at the beginning of the line | ||
40 | char *ptr = buf; | ||
41 | while (*ptr == ' ' || *ptr == '\t') { | ||
42 | ptr++; | ||
43 | } | ||
44 | if (*ptr == '\n' || *ptr == '#') | ||
45 | continue; | ||
46 | |||
47 | // parse line | ||
48 | char *usr = ptr; | ||
49 | char *args = strchr(usr, ':'); | ||
50 | if (args == NULL) { | ||
51 | fprintf(stderr, "Error: users.conf line %d\n", lineno); | ||
52 | exit(1); | ||
53 | } | ||
54 | *args = '\0'; | ||
55 | args++; | ||
56 | ptr = strchr(args, '\n'); | ||
57 | if (ptr) | ||
58 | *ptr = '\0'; | ||
59 | |||
60 | if (strcmp(user, usr) == 0) { | ||
61 | restricted_user = strdup(user); | ||
62 | // extract program arguments | ||
63 | |||
64 | fullargv[0] = "firejail"; | ||
65 | int i; | ||
66 | ptr = args; | ||
67 | for (i = 1; i < MAX_ARGS; i++) { | ||
68 | fullargv[i] = ptr; | ||
69 | while (*ptr != ' ' && *ptr != '\t' && *ptr != '\0') | ||
70 | ptr++; | ||
71 | if (*ptr != '\0') { | ||
72 | *ptr ='\0'; | ||
73 | fullargv[i] = strdup(fullargv[i]); | ||
74 | if (fullargv[i] == NULL) { | ||
75 | fprintf(stderr, "Error: cannot allocate memory\n"); | ||
76 | exit(1); | ||
77 | } | ||
78 | ptr++; | ||
79 | while (*ptr == ' ' || *ptr == '\t') | ||
80 | ptr++; | ||
81 | if (*ptr != '\0') | ||
82 | continue; | ||
83 | } | ||
84 | fullargv[i] = strdup(fullargv[i]); | ||
85 | fclose(fp); | ||
86 | return i + 1; | ||
87 | } | ||
88 | fprintf(stderr, "Error: too many program arguments in users.conf line %d\n", lineno); | ||
89 | exit(1); | ||
90 | } | ||
91 | } | ||
92 | fclose(fp); | ||
93 | |||
94 | return 0; | ||
95 | } | ||
96 | |||