From 00258a8e5c1f31b60020302cf1560cd0d13260ad Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Mon, 15 Aug 2016 09:44:54 -0400
Subject: removed prompt, ssh fixes

---
 src/firejail/env.c              |  4 +--
 src/firejail/firejail.h         |  2 ++
 src/firejail/main.c             | 63 +++++++++++++++++++++++++++++++++--------
 src/firejail/restricted_shell.c | 24 ++++++++++++----
 4 files changed, 73 insertions(+), 20 deletions(-)

(limited to 'src')

diff --git a/src/firejail/env.c b/src/firejail/env.c
index 328b19c5b..c05abadca 100644
--- a/src/firejail/env.c
+++ b/src/firejail/env.c
@@ -125,8 +125,8 @@ void env_defaults(void) {
 		errExit("setenv");
 	// set prompt color to green
 	//export PS1='\[\e[1;32m\][\u@\h \W]\$\[\e[0m\] '
-	if (setenv("PROMPT_COMMAND", "export PS1=\"\\[\\e[1;32m\\][\\u@\\h \\W]\\$\\[\\e[0m\\] \"", 1) < 0)
-		errExit("setenv");
+//	if (setenv("PROMPT_COMMAND", "export PS1=\"\\[\\e[1;32m\\][\\u@\\h \\W]\\$\\[\\e[0m\\] \"", 1) < 0)
+//		errExit("setenv");
 
 	// set the window title
 	printf("\033]0;firejail %s\007", cfg.window_title);
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index 2a96afa1b..ce232ace5 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -22,6 +22,8 @@
 #include "../include/common.h"
 #include "../include/euid_common.h"
 
+// debug restricted shell
+//#define DEBUG_RESTRICTED_SHELL
 
 // filesystem
 #define RUN_FIREJAIL_BASEDIR	"/run"
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 6f1e7531a..047d1a010 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -879,25 +879,35 @@ int main(int argc, char **argv) {
 				arg_quiet = 1;
 				parent_sshd = 1;
 
-#if 0
-EUID_ROOT();
-FILE *fp = fopen("/mylog", "w");
-if (fp) {
-	int i;
-	for (i = 0; i < argc; i++)
-		fprintf(fp, "#%s# ", argv[i]);
-	fprintf(fp, "\n");
-	fclose(fp);
-}
-EUID_USER();
+#ifdef DEBUG_RESTRICTED_SHELL
+				{EUID_ROOT();
+				FILE *fp = fopen("/firelog", "w");
+				if (fp) {
+					int i;
+					fprintf(fp, "argc %d: ", argc);
+					for (i = 0; i < argc; i++)
+						fprintf(fp, "#%s# ", argv[i]);
+					fprintf(fp, "\n");
+					fclose(fp);
+				}
+				EUID_USER();}
 #endif
-
 				// run sftp and scp directly without any sandboxing
 				// regular login has argv[0] == "-firejail"
 				if (*argv[0] != '-') {
 					if (strcmp(argv[1], "-c") == 0 && argc > 2) {
 						if (strcmp(argv[2], "/usr/lib/openssh/sftp-server") == 0 ||
 						    strncmp(argv[2], "scp ", 4) == 0) {
+#ifdef DEBUG_RESTRICTED_SHELL
+							{EUID_ROOT();
+							FILE *fp = fopen("/firelog", "a");
+							if (fp) {
+								fprintf(fp, "run without a sandbox\n");
+								fclose(fp);
+							}
+							EUID_USER();}
+#endif
+						    
 						    	drop_privs(1);
 							run_no_sandbox(argc, argv);
 						}
@@ -914,6 +924,21 @@ EUID_USER();
 			login_shell = 1;
 		fullargc = restricted_shell(cfg.username);
 		if (fullargc) {
+			
+#ifdef DEBUG_RESTRICTED_SHELL
+			{EUID_ROOT();
+			FILE *fp = fopen("/firelog", "a");
+			if (fp) {
+				fprintf(fp, "fullargc %d: ",  fullargc);
+				int i;
+				for (i = 0; i < fullargc; i++)
+					fprintf(fp, "#%s# ", fullargv[i]);
+				fprintf(fp, "\n");
+				fclose(fp);
+			}
+			EUID_USER();}
+#endif
+			
 			int j;
 			for (i = 1, j = fullargc; i < argc && j < MAX_ARGS; i++, j++, fullargc++)
 				fullargv[j] = argv[i];
@@ -921,6 +946,20 @@ EUID_USER();
 			// replace argc/argv with fullargc/fullargv
 			argv = fullargv;
 			argc = j;
+
+#ifdef DEBUG_RESTRICTED_SHELL
+			{EUID_ROOT();
+			FILE *fp = fopen("/firelog", "a");
+			if (fp) {
+				fprintf(fp, "argc %d: ", argc);
+				int i;
+				for (i = 0; i < argc; i++)
+					fprintf(fp, "#%s# ", argv[i]);
+				fprintf(fp, "\n");
+				fclose(fp);
+			}
+			EUID_USER();}
+#endif
 		}
 	}
 	else {
diff --git a/src/firejail/restricted_shell.c b/src/firejail/restricted_shell.c
index e66ed0e6b..24ce27c2e 100644
--- a/src/firejail/restricted_shell.c
+++ b/src/firejail/restricted_shell.c
@@ -84,16 +84,28 @@ int restricted_shell(const char *user) {
 		    	int i;
 		    	ptr = args;
 		    	for (i = 1; i < MAX_ARGS; i++) {
-		    		fullargv[i] = ptr;
-		    		while (*ptr != ' ' && *ptr != '\t' && *ptr != '\0')
+		    		// skip blanks
+		    		while (*ptr == ' ' || *ptr == '\t')
 		    			ptr++;
+		    		fullargv[i] = ptr;
+#ifdef DEBUG_RESTRICTED_SHELL
+				{EUID_ROOT();
+				FILE *fp = fopen("/firelog", "a");
+				if (fp) {
+					fprintf(fp, "i %d ptr #%s#\n", i, fullargv[i]);
+					fclose(fp);
+				}
+				EUID_USER();}
+#endif				
+		    		
 		    		if (*ptr != '\0') {
+		    			// go to the end of the word
+			    		while (*ptr != ' ' && *ptr != '\t' && *ptr != '\0')
+			    			ptr++;
 		    			*ptr ='\0';
 		    			fullargv[i] = strdup(fullargv[i]);
-		    			if (fullargv[i] == NULL) {
-		    				fprintf(stderr, "Error: cannot allocate memory\n");
-		    				exit(1);
-		    			}
+		    			if (fullargv[i] == NULL)
+		    				errExit("strdup");
 		    			ptr++;
 		    			while (*ptr == ' ' || *ptr == '\t')
 		    				ptr++;
-- 
cgit v1.2.3-54-g00ecf