diff options
| author |  netblue30 <netblue30@yahoo.com> | 2016-10-09 08:53:12 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2016-10-09 08:53:12 -0400 |
| commit | fe47611efe819382cb846b0ae1032080c2272fdc (patch) | |
| tree | 7694ac1cbabe74c75c344489a01f190161ca1fb0 /src | |
| parent | nvidia fix (diff) | |
| download | firejail-fe47611efe819382cb846b0ae1032080c2272fdc.tar.gz firejail-fe47611efe819382cb846b0ae1032080c2272fdc.tar.zst firejail-fe47611efe819382cb846b0ae1032080c2272fdc.zip | |
user name globbing for restricted shell
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/restricted_shell.c | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/src/firejail/restricted_shell.c b/src/firejail/restricted_shell.c index 24ce27c2e..979bb1eed 100644 --- a/src/firejail/restricted_shell.c +++ b/src/firejail/restricted_shell.c | |||
| @@ -18,6 +18,7 @@ | |||
| 18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | 18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
| 19 | */ | 19 | */ |
| 20 | #include "firejail.h" | 20 | #include "firejail.h" |
| 21 | #include <fnmatch.h> | ||
| 21 | 22 | ||
| 22 | #define MAX_READ 4096 // maximum line length | 23 | #define MAX_READ 4096 // maximum line length |
| 23 | char *restricted_user = NULL; | 24 | char *restricted_user = NULL; |
| @@ -49,7 +50,11 @@ int restricted_shell(const char *user) { | |||
| 49 | if (*ptr == '\n' || *ptr == '#') | 50 | if (*ptr == '\n' || *ptr == '#') |
| 50 | continue; | 51 | continue; |
| 51 | 52 | ||
| 52 | // parse line | 53 | // |
| 54 | // parse line | ||
| 55 | // | ||
| 56 | |||
| 57 | // extract users | ||
| 53 | char *usr = ptr; | 58 | char *usr = ptr; |
| 54 | char *args = strchr(usr, ':'); | 59 | char *args = strchr(usr, ':'); |
| 55 | if (args == NULL) { | 60 | if (args == NULL) { |
| @@ -63,7 +68,7 @@ int restricted_shell(const char *user) { | |||
| 63 | if (ptr) | 68 | if (ptr) |
| 64 | *ptr = '\0'; | 69 | *ptr = '\0'; |
| 65 | 70 | ||
| 66 | // if nothing follows, continue | 71 | // extract firejail command line arguments |
| 67 | char *ptr2 = args; | 72 | char *ptr2 = args; |
| 68 | int found = 0; | 73 | int found = 0; |
| 69 | while (*ptr2 != '\0') { | 74 | while (*ptr2 != '\0') { |
| @@ -73,12 +78,13 @@ int restricted_shell(const char *user) { | |||
| 73 | } | 78 | } |
| 74 | ptr2++; | 79 | ptr2++; |
| 75 | } | 80 | } |
| 81 | // if nothing follows, continue | ||
| 76 | if (!found) | 82 | if (!found) |
| 77 | continue; | 83 | continue; |
| 78 | 84 | ||
| 79 | // process user | 85 | // user name globbing |
| 80 | if (strcmp(user, usr) == 0) { | 86 | if (fnmatch(usr, user, 0) == 0) { |
| 81 | // extract program arguments | 87 | // process program arguments |
| 82 | 88 | ||
| 83 | fullargv[0] = "firejail"; | 89 | fullargv[0] = "firejail"; |
| 84 | int i; | 90 | int i; |