B u&`@s ddlmZddlmZddlmZddlmZddlmZeddlTddl Z ddl Z ddl Z ddl Z ddl mZd Zd Zd d Zd dZddZddZddZddZddZddZd$ddZd%ddZed kre ee jd!e jd"e jd#ddS)&)print_function)absolute_import)division)unicode_literals)standard_library)*N) native_strz/etc/cagefs/filtersPcGs|rt||dS)N)print)debugmsgargsr!/usr/share/cagefs/check_params.pydmesgsrcCsy:tj|}ttjtd|d}t|}|Wnt k rNdSXt |dkrxd|kstd|kstd|krx|S| || ddS) z* Load JSON config by command name z%s.jsonrNallowdeny restrict_pathdefault) ospathbasenameopenjoin CONFIGS_DIRjsonloadclose Exceptionlenget) command_pathnamefZ full_configrrr load_configs   r&cCs |dS)z Return True if arg is option name, not parameter of an option :param arg: option or parameter :type arg: string -) startswith)argrrris_option_name5sr*cCs.x(|D] }x|D]}||rdSqWqWdS)z* Check denied params in args list TF)r()r deny_listr)optrrrhas_denied_params>s     r-cCs&x |D]}t|r||krdSqWdS)z- Check is all args allow for program TF)r*)r allow_listr)rrrhas_extra_paramsIs r/cGs0ttdtttjB||tdS)z4 Wrapper for syslog or other logging system zcagefs.check_paramsN)syslogZopenlogr LOG_AUTHPRIVZLOG_PIDZcloselog)messager rrrto_logSsr3cCs&|dkr dS|ddkr"d|fS|S)N/z%s/r)rrrraddslash\s   r7cCstttj|}d|}|dks*|dr>tj|d|S||ksT||drhtj|||Stj|S)N~z~/r5)r7rrrealpathr(replace)ruserhome_dirZuserpathrrr expanduserdsr=Fc Cs$ttj|}x t|D]\}}||kry||d} Wntk rTwYnXt| ||} t| } | |st|d|||||dt d|||||ddSqxj|D]b} || r|t | d} t| ||} t| } | |st|d|||t d|||dSqWqWdS)aT Return True when args contain paths that refer outside of user's home directory :param args: parameters (options) from command line :type args: list of strings :param restrict_path_list: names of parameters (options) that should use paths inside user's home directory only :type restrict_path_list: list of strings rz0Attempt to call program %s with %s %s parametersTNz,Attempt to call program %s with %s parameterF) r7rrr9 enumerate IndexErrorr=r(rr3r!) r;homedirr#r restrict_path_listr r<ir)rr,rrr check_pathns.       rCc CsNt|dkrt|ddSt|dkr:t|d|ddS|d}|dd}t|}t|dt||szt|d|dS|d d}|d d}|d d} |s|s| st|d dS|r|rt|d dS|rt||rt|d|td|dS|r"t||r"t|d|td|dS| r@t||||| |r@dSt|ddS)z Program main function :params - list of strings that specify command and its parameters, such as ['/path/command', '-a', 'arg', '-C', '/path/to/config'] rzNo parameters specifiedrz8Command has no parameters. Allow execution of command %sNz config: %sz/Config not found. Allow execution of command %srrrz,empty config - allow user to run the commandzWinvalid config - both allow and deny lists are specified. allow user to run the commandz1Attempt to call program %s with denied parametersz0Attempt to call program %s with extra parameterszExecution allowed) r!rr&strr"r-r3r/rC) r;r@Zparamsr r#r Zconfigr.r+rArrrmainsD                rF__main__rrD)F)F)Z __future__rrrrZfuturerZinstall_aliasesbuiltinsrrsysr0Z future.utilsrrr1rr&r*r-r/r3r7r=rCrF__name__exitargvrrrrs2           % 5