Ignore:
Timestamp:
Nov 18, 2014, 6:35:30 AM (6 years ago)
Author:
Sebastian Huber <sebastian.huber@…>
Branches:
4.11, 5, master
Children:
478455e0
Parents:
ffd5285
git-author:
Sebastian Huber <sebastian.huber@…> (11/18/14 06:35:30)
git-committer:
Sebastian Huber <sebastian.huber@…> (11/20/14 09:30:26)
Message:

shell: Add mode, UID and GID to shell commands

Use this information to determine if a command is visible to the current
user and if the current user is allowed to execute this command.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • cpukit/libmisc/shell/shell_cmdset.c

    rffd5285 r7eada71  
    3030#include <rtems/shell.h>
    3131#include <rtems/shellconfig.h>
     32#include <rtems/libio_.h>
    3233#include "internal.h"
    3334
     
    123124  }
    124125
     126  /* Ensure that the user can read and execute commands */
     127  shell_cmd->mode |= S_IRUSR | S_IXUSR;
     128
    125129  /* Append */
    126130  *next_ptr = shell_cmd;
     
    153157
    154158  /* Allocate command stucture */
    155   shell_cmd = (rtems_shell_cmd_t *) malloc(sizeof(rtems_shell_cmd_t));
     159  shell_cmd = (rtems_shell_cmd_t *) calloc(1, sizeof(*shell_cmd));
    156160  if (shell_cmd == NULL) {
    157161    return NULL;
     
    168172  shell_cmd->usage   = my_usage;
    169173  shell_cmd->command = command;
    170   shell_cmd->alias   = NULL;
    171   shell_cmd->next    = NULL;
    172174
    173175  if (rtems_shell_add_cmd_struct(shell_cmd) == NULL) {
     
    209211         shell_cmd->command
    210212      );
    211       if (shell_aux)
     213      if (shell_aux) {
    212214        shell_aux->alias = shell_cmd;
     215        shell_aux->mode = shell_cmd->mode;
     216        shell_aux->uid = shell_cmd->uid;
     217        shell_aux->gid = shell_cmd->gid;
     218      }
    213219    }
    214220  }
    215221  return shell_aux;
     222}
     223
     224bool rtems_shell_can_see_cmd(const rtems_shell_cmd_t *shell_cmd)
     225{
     226  return rtems_filesystem_check_access(
     227    RTEMS_FS_PERMS_READ,
     228    shell_cmd->mode,
     229    shell_cmd->uid,
     230    shell_cmd->gid
     231  );
     232}
     233
     234static bool rtems_shell_can_execute_cmd(const rtems_shell_cmd_t *shell_cmd)
     235{
     236  return rtems_filesystem_check_access(
     237    RTEMS_FS_PERMS_EXEC,
     238    shell_cmd->mode,
     239    shell_cmd->uid,
     240    shell_cmd->gid
     241  );
    216242}
    217243
     
    226252  shell_cmd = rtems_shell_lookup_cmd(argv[0]);
    227253
     254  if (shell_cmd != NULL && !rtems_shell_can_see_cmd(shell_cmd)) {
     255    shell_cmd = NULL;
     256  }
     257
    228258  if (shell_cmd == NULL) {
    229259    return rtems_shell_script_file(argc, argv);
     260  } else if (rtems_shell_can_execute_cmd(shell_cmd)) {
     261    return shell_cmd->command(argc, argv);
    230262  } else {
    231     return shell_cmd->command(argc, argv);
    232   }
    233 }
     263    fprintf(stderr, "%s: Permission denied\n", cmd);
     264
     265    return -1;
     266  }
     267}
Note: See TracChangeset for help on using the changeset viewer.