diff options
-rw-r--r-- | src/firejail/restricted_shell.c | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/src/firejail/restricted_shell.c b/src/firejail/restricted_shell.c index 24ce27c2e..979bb1eed 100644 --- a/src/firejail/restricted_shell.c +++ b/src/firejail/restricted_shell.c | |||
@@ -18,6 +18,7 @@ | |||
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | 18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
19 | */ | 19 | */ |
20 | #include "firejail.h" | 20 | #include "firejail.h" |
21 | #include <fnmatch.h> | ||
21 | 22 | ||
22 | #define MAX_READ 4096 // maximum line length | 23 | #define MAX_READ 4096 // maximum line length |
23 | char *restricted_user = NULL; | 24 | char *restricted_user = NULL; |
@@ -49,7 +50,11 @@ int restricted_shell(const char *user) { | |||
49 | if (*ptr == '\n' || *ptr == '#') | 50 | if (*ptr == '\n' || *ptr == '#') |
50 | continue; | 51 | continue; |
51 | 52 | ||
52 | // parse line | 53 | // |
54 | // parse line | ||
55 | // | ||
56 | |||
57 | // extract users | ||
53 | char *usr = ptr; | 58 | char *usr = ptr; |
54 | char *args = strchr(usr, ':'); | 59 | char *args = strchr(usr, ':'); |
55 | if (args == NULL) { | 60 | if (args == NULL) { |
@@ -63,7 +68,7 @@ int restricted_shell(const char *user) { | |||
63 | if (ptr) | 68 | if (ptr) |
64 | *ptr = '\0'; | 69 | *ptr = '\0'; |
65 | 70 | ||
66 | // if nothing follows, continue | 71 | // extract firejail command line arguments |
67 | char *ptr2 = args; | 72 | char *ptr2 = args; |
68 | int found = 0; | 73 | int found = 0; |
69 | while (*ptr2 != '\0') { | 74 | while (*ptr2 != '\0') { |
@@ -73,12 +78,13 @@ int restricted_shell(const char *user) { | |||
73 | } | 78 | } |
74 | ptr2++; | 79 | ptr2++; |
75 | } | 80 | } |
81 | // if nothing follows, continue | ||
76 | if (!found) | 82 | if (!found) |
77 | continue; | 83 | continue; |
78 | 84 | ||
79 | // process user | 85 | // user name globbing |
80 | if (strcmp(user, usr) == 0) { | 86 | if (fnmatch(usr, user, 0) == 0) { |
81 | // extract program arguments | 87 | // process program arguments |
82 | 88 | ||
83 | fullargv[0] = "firejail"; | 89 | fullargv[0] = "firejail"; |
84 | int i; | 90 | int i; |