[pti/rtp.git] / meta-stx / recipes-core / stx-integ / files / base / 0001-cgcs-users-with-patch-ibsh-patches.patch

From b62415943878891ce000b9e0b414354b60047876 Mon Sep 17 00:00:00 2001
From: babak sarashki <babak.sarashki@windriver.com>
Date: Tue, 2 Jul 2019 14:09:28 -0700
Subject: [PATCH 1/2] cgcs-users with patch ibsh patches

Applied ibsh-0.3e-cgcs.patch and copyright patch.
---
 base/cgcs-users/cgcs-users-1.0/BUGS           |  19 +
 base/cgcs-users/cgcs-users-1.0/CONTRIBUTORS   |   7 +
 base/cgcs-users/cgcs-users-1.0/COPYING        | 340 ++++++++++++++++++
 base/cgcs-users/cgcs-users-1.0/COPYRIGHT      |  17 +
 base/cgcs-users/cgcs-users-1.0/INSTALL        |  23 ++
 base/cgcs-users/cgcs-users-1.0/Makefile       |  56 +++
 base/cgcs-users/cgcs-users-1.0/README         |  29 ++
 base/cgcs-users/cgcs-users-1.0/Release        |  17 +
 base/cgcs-users/cgcs-users-1.0/TODO           |  10 +
 base/cgcs-users/cgcs-users-1.0/VERSION        |   1 +
 base/cgcs-users/cgcs-users-1.0/antixploit.c   | 131 +++++++
 base/cgcs-users/cgcs-users-1.0/command.c      | 209 +++++++++++
 base/cgcs-users/cgcs-users-1.0/config.c       | 179 +++++++++
 base/cgcs-users/cgcs-users-1.0/delbadfiles.c  | 239 ++++++++++++
 .../cgcs-users-1.0/example.allowall.xtns      |  28 ++
 .../cgcs-users-1.0/example.denyall.xtns       |   2 +
 base/cgcs-users/cgcs-users-1.0/execute.c      | 159 ++++++++
 base/cgcs-users/cgcs-users-1.0/globals.cmds   |   8 +
 base/cgcs-users/cgcs-users-1.0/globals.xtns   |   3 +
 base/cgcs-users/cgcs-users-1.0/ibsh.h         | 126 +++++++
 base/cgcs-users/cgcs-users-1.0/jail.c         | 101 ++++++
 base/cgcs-users/cgcs-users-1.0/main.c         | 239 ++++++++++++
 base/cgcs-users/cgcs-users-1.0/misc.c         |  52 +++
 23 files changed, 1995 insertions(+)
 create mode 100644 base/cgcs-users/cgcs-users-1.0/BUGS
 create mode 100644 base/cgcs-users/cgcs-users-1.0/CONTRIBUTORS
 create mode 100644 base/cgcs-users/cgcs-users-1.0/COPYING
 create mode 100644 base/cgcs-users/cgcs-users-1.0/COPYRIGHT
 create mode 100644 base/cgcs-users/cgcs-users-1.0/INSTALL
 create mode 100644 base/cgcs-users/cgcs-users-1.0/Makefile
 create mode 100644 base/cgcs-users/cgcs-users-1.0/README
 create mode 100644 base/cgcs-users/cgcs-users-1.0/Release
 create mode 100644 base/cgcs-users/cgcs-users-1.0/TODO
 create mode 100644 base/cgcs-users/cgcs-users-1.0/VERSION
 create mode 100644 base/cgcs-users/cgcs-users-1.0/antixploit.c
 create mode 100644 base/cgcs-users/cgcs-users-1.0/command.c
 create mode 100644 base/cgcs-users/cgcs-users-1.0/config.c
 create mode 100644 base/cgcs-users/cgcs-users-1.0/delbadfiles.c
 create mode 100644 base/cgcs-users/cgcs-users-1.0/example.allowall.xtns
 create mode 100644 base/cgcs-users/cgcs-users-1.0/example.denyall.xtns
 create mode 100644 base/cgcs-users/cgcs-users-1.0/execute.c
 create mode 100644 base/cgcs-users/cgcs-users-1.0/globals.cmds
 create mode 100644 base/cgcs-users/cgcs-users-1.0/globals.xtns
 create mode 100644 base/cgcs-users/cgcs-users-1.0/ibsh.h
 create mode 100644 base/cgcs-users/cgcs-users-1.0/jail.c
 create mode 100644 base/cgcs-users/cgcs-users-1.0/main.c
 create mode 100644 base/cgcs-users/cgcs-users-1.0/misc.c

diff --git a/base/cgcs-users/cgcs-users-1.0/BUGS b/base/cgcs-users/cgcs-users-1.0/BUGS
new file mode 100644
index 0000000..7dacaab
--- /dev/null
+++ b/base/cgcs-users/cgcs-users-1.0/BUGS
@@ -0,0 +1,19 @@
+** Open BUGS **
+None, so far.
+
+** Fixed BUGS **
+- Input length checking on all inputs, string copies, etc. is fixed.
+- The myscanf function will no longer accept more then 80 chars at once,
+so ibsh hopefully wont crash on a too long input.
+- Added signal.h in the header file, the lack of it caused compilation
+problems on some systems.
+- Fixed the infinite loop in DelBadFiles. This function is temporarily 
+taken out of the project
+- Removed the involvment of /bin/sh from system. Added path checking.
+- In jail root, not only ../ is not allowed, but .. too.
+- Fixed a bug, that happened on bsd, when the user pressed ^D.
+- Fixed a bug with opendir
+- Fixed a format string vulnerability in logprintbadfile(). Thanks to
+Kim Streich for the report.
+
+2005.05.23
diff --git a/base/cgcs-users/cgcs-users-1.0/CONTRIBUTORS b/base/cgcs-users/cgcs-users-1.0/CONTRIBUTORS
new file mode 100644
index 0000000..35ca436
--- /dev/null
+++ b/base/cgcs-users/cgcs-users-1.0/CONTRIBUTORS
@@ -0,0 +1,7 @@
+CONTRIBUTORS TO PROJECT IBSH
+
+Kim Streich <kstreich at gmail.com>
+       * bug finder, debugger, tester.
+
+RazoR (Nikolay Alexandrov) <Nikolay@Alexandrov.ws>
+       * bug finder, debugger, tester.
diff --git a/base/cgcs-users/cgcs-users-1.0/COPYING b/base/cgcs-users/cgcs-users-1.0/COPYING
new file mode 100644
index 0000000..d60c31a
--- /dev/null
+++ b/base/cgcs-users/cgcs-users-1.0/COPYING
@@ -0,0 +1,340 @@
+                   GNU GENERAL PUBLIC LICENSE
+                      Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+     59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                           Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Library General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+\f
+                   GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+\f
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+\f
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+\f
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+                           NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+                    END OF TERMS AND CONDITIONS
+\f
+           How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+    Gnomovision version 69, Copyright (C) year  name of author
+    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary.  Here is a sample; alter the names:
+
+  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+  `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+  <signature of Ty Coon>, 1 April 1989
+  Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs.  If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library.  If this is what you want to do, use the GNU Library General
+Public License instead of this License.
diff --git a/base/cgcs-users/cgcs-users-1.0/COPYRIGHT b/base/cgcs-users/cgcs-users-1.0/COPYRIGHT
new file mode 100644
index 0000000..7507d05
--- /dev/null
+++ b/base/cgcs-users/cgcs-users-1.0/COPYRIGHT
@@ -0,0 +1,17 @@
+This file is part of IBSH (Iron Bars Shell) , a restricted Unix shell
+Copyright (C) 2005  Attila Nagyidai
+
+This program is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License
+as published by the Free Software Foundation; either version 2
+of the License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+
diff --git a/base/cgcs-users/cgcs-users-1.0/INSTALL b/base/cgcs-users/cgcs-users-1.0/INSTALL
new file mode 100644
index 0000000..42b1866
--- /dev/null
+++ b/base/cgcs-users/cgcs-users-1.0/INSTALL
@@ -0,0 +1,23 @@
+Installing ibsh is really easy, so no need for the usual sections
+in this document. There is no configure script either, so if 
+something wrong, make will fail.
+
+# make ibsh
+# make ibsh_install
+
+Optionally:
+
+# make clean
+
+
+To uninstall ibsh:
+
+# make ibsh_uninstall
+
+
+Of course you will have to enable this shell by:
+# echo /bin/ibsh >> /etc/shells
+or however you like it.
+And make sure the permissions read 0755 !
+
+2005.03.24.
diff --git a/base/cgcs-users/cgcs-users-1.0/Makefile b/base/cgcs-users/cgcs-users-1.0/Makefile
new file mode 100644
index 0000000..ed37d00
--- /dev/null
+++ b/base/cgcs-users/cgcs-users-1.0/Makefile
@@ -0,0 +1,56 @@
+# This is the makefile for ibsh 0.3e
+CC = gcc
+OBJECTS = main.o command.o jail.o execute.o config.o misc.o antixploit.o delbadfiles.o
+
+ibsh: ${OBJECTS} ibsh.h
+       ${CC} -o ibsh ${OBJECTS}
+
+main.o: main.c ibsh.h
+       ${CC} -c main.c
+
+command.o: command.c ibsh.h
+       ${CC} -c command.c
+
+jail.o: jail.c ibsh.h
+       ${CC} -c jail.c
+
+execute.o: execute.c ibsh.h
+       ${CC} -c execute.c
+
+config.o: config.c ibsh.h
+       ${CC} -c config.c
+
+misc.o: misc.c ibsh.h
+       ${CC} -c misc.c
+
+antixploit.o: antixploit.c ibsh.h
+       ${CC} -c antixploit.c
+
+delbadfiles.o: delbadfiles.c ibsh.h
+       ${CC} -c delbadfiles.c
+
+ibsh_install:
+       cp ./ibsh /bin/
+       mkdir /etc/ibsh
+       mkdir /etc/ibsh/cmds
+       mkdir /etc/ibsh/xtns
+       cp ./globals.cmds /etc/ibsh/
+       cp ./globals.xtns /etc/ibsh/
+
+ibsh_uninstall:
+       rm -rf /etc/ibsh/globals.cmds
+       rm -rf /etc/ibsh/globals.xtns
+       rm -rf /etc/ibsh/cmds/*.*
+       rm -rf /etc/ibsh/xtns/*.*
+       rmdir /etc/ibsh/cmds
+       rmdir /etc/ibsh/xtns
+       rmdir /etc/ibsh
+       rm -rf /bin/ibsh
+
+clean:
+       rm -rf ibsh
+       rm -rf *.o
+
+
+# 13:49 2005.04.06.
+
diff --git a/base/cgcs-users/cgcs-users-1.0/README b/base/cgcs-users/cgcs-users-1.0/README
new file mode 100644
index 0000000..2035e57
--- /dev/null
+++ b/base/cgcs-users/cgcs-users-1.0/README
@@ -0,0 +1,29 @@
+       Iron Bars SHell - a restricted interactive shell.
+
+Overview
+
+       For long i have been in the search of a decent restricted shell, but in vain.
+       The few i found, were really easy to hack, and there were quite a few docs
+       around on the web about hacking restricted shells with a menu interface.
+       For my definitions, a restricted shell must not only prevent the user to 
+       escape her jail, but also not to access any files outside the jail.
+       The system administrator must have total control over the restricted shell.
+       These are the major features incorporated and realized by ibsh.
+
+
+Features
+
+       Please read the changelog.      
+
+
+Installation
+
+       Read the INSTALL file.
+
+
+Contact
+       See Authors file.
+
+
+Attila Nagyidai
+2005.05.23.
diff --git a/base/cgcs-users/cgcs-users-1.0/Release b/base/cgcs-users/cgcs-users-1.0/Release
new file mode 100644
index 0000000..e6cb9f3
--- /dev/null
+++ b/base/cgcs-users/cgcs-users-1.0/Release
@@ -0,0 +1,17 @@
+This release introduces minor bugfixes, and important new and renewed features.
+Erasing evil files in the home directory of the user is incorporated again, with 
+many improvements. First of all: no file will be erased! Only the access to them
+will be blocked. The extension policy has changed, now ibsh blocks those extensions,
+that are NOT listed. This goes in sync with the usual method of operation of ibsh.
+The execute permission of files in the user space, will be removed.
+New customizing features were added: each user now can have her own commands and 
+extensions file, created and maintained by the system administrator. Some users
+(employees) may require access to special programs. User configuration files allow
+this access only those, who need it, not for everybody.
+Ibsh now scans not only the extensions of files, but the content too! Whatever the permission
+for a certain file exists, if that contains source code, or is a linux binary, access
+will be blocked.
+The absolute path for the users is now limited to 255 characters. Longer, already
+existing filenames will be renamed.
+
+06/04/2005 
diff --git a/base/cgcs-users/cgcs-users-1.0/TODO b/base/cgcs-users/cgcs-users-1.0/TODO
new file mode 100644
index 0000000..9a8de60
--- /dev/null
+++ b/base/cgcs-users/cgcs-users-1.0/TODO
@@ -0,0 +1,10 @@
+TODO
+
+       - tab completion.
+       - shell variables.
+       - some changes to the prompt, maybe variable prompt.
+       - history
+       - to be able to use corporate, or other large/complicated programs in a safe
+       working environment, yet be able to share files/work with others.
+
+2005.05.23.
diff --git a/base/cgcs-users/cgcs-users-1.0/VERSION b/base/cgcs-users/cgcs-users-1.0/VERSION
new file mode 100644
index 0000000..aaf9552
--- /dev/null
+++ b/base/cgcs-users/cgcs-users-1.0/VERSION
@@ -0,0 +1 @@
+IBSH v0.3e
diff --git a/base/cgcs-users/cgcs-users-1.0/antixploit.c b/base/cgcs-users/cgcs-users-1.0/antixploit.c
new file mode 100644
index 0000000..79ac9e4
--- /dev/null
+++ b/base/cgcs-users/cgcs-users-1.0/antixploit.c
@@ -0,0 +1,131 @@
+/*
+  Created: 03.19.05 11:34:57 by Attila Nagyidai
+
+  $Id: C\040Console.c,v 1.1.2.1 2003/08/13 00:38:46 neum Exp $
+
+  This file is part of IBSH (Iron Bars Shell) , a restricted Unix shell
+  Copyright (C) 2005  Attila Nagyidai
+
+  This program is free software; you can redistribute it and/or
+  modify it under the terms of the GNU General Public License
+  as published by the Free Software Foundation; either version 2
+  of the License, or (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program; if not, write to the Free Software
+  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+
+  Author: Attila Nagyidai
+  Email: na@ent.hu
+
+  Co-Author: Shy
+  Email: shy@cpan.org
+
+  Co-Author: Witzy
+  Email: stazzz@altern.org
+  
+  URL: http://ibsh.sourceforge.net
+  IRC: irc.freenode.net #ibsh
+  RSS, Statistics, etc: http://sourceforge.net/projects/ibsh/
+
+*/
+
+/* Header files */
+#include "ibsh.h"
+
+
+void lshift( char *line )
+{
+  int i = 0;
+  
+  for (i=0; i<strlen(line) - 1; i++) {
+      line[i] = line[i+1];
+  }
+}
+
+
+/* Checks if a part of the command line contains */
+/* a file in the jail, that is a source code. */
+/* Source codes must not be compiled, interpreted, */
+/* or otherwise used. */
+/* abspath is loggedin.udir, if the token is a path. */
+/* otherwise abspath is realpath. */
+int antixploit( const char *abspath, char *token )
+{
+  char jailfile[STRING_SIZE], line[LINE_SIZE], temp[BUFFER_SIZE];
+  struct stat info;
+  FILE *fp;
+  int retval = 0;
+
+  
+  snprintf(jailfile, STRING_SIZE, "%s/%s/%s", loggedin.udir, abspath, token);
+#ifdef DEBUG
+  printf("jailfile: %s\n", jailfile);
+#endif
+  if ( (lstat(jailfile, &info)) == -1 ) {
+      // this is not a file
+      return 0;
+  }
+
+  fp = fopen(jailfile, "rb");
+  if ( fp == NULL ) {
+      // if i cant open it, gcc cant open it
+      return 0;
+  }
+
+  fgets(line, LINE_SIZE, fp);
+  while ( line[0] != '\0' ) {
+#ifdef DEBUG
+      printf("Line: %s\n", line);
+#endif
+      // c, c++
+      if ( (strncmp(line, C_CODE, strlen(C_CODE) - 1)) == 0 ) {
+          retval = 1;
+          break;
+      }
+      // perl, sh, python
+      if ( (strncmp(line, SHELL_CODE, strlen(SHELL_CODE) - 1)) == 0 ) {
+          retval = 1;
+          break;
+      }
+      // python
+      if ( (strncmp(line, PYTHON_CODE, strlen(PYTHON_CODE) - 1)) == 0 ) {
+          retval = 1;
+          break;
+      }
+      // ada
+      if ( (strncmp(line, ADA_CODE, strlen(ADA_CODE) - 1)) == 0 ) {
+          retval = 1;
+          break;
+      }
+      // eiffel
+      if ( (strncmp(line, EIFFEL_CODE, strlen(EIFFEL_CODE) - 1)) == 0 ) {
+          retval = 1;
+          break;
+      }
+      // lisp
+      if ( (strncmp(line, LISP_CODE, strlen(LISP_CODE) - 1)) == 0 ) {
+          retval = 1;
+          break;
+      }
+      // elf
+      lshift(line);
+      if ( (strncmp(line, ELF_CODE, strlen(ELF_CODE) - 1)) == 0 ) {
+          retval = 1;
+          break;
+      }
+      bzero(line, LINE_SIZE);
+      fgets(line, LINE_SIZE, fp);
+  }
+  fclose(fp);
+#ifdef DEBUG
+  printf("retval: %d\n", retval);
+#endif
+  return retval;
+}
+
diff --git a/base/cgcs-users/cgcs-users-1.0/command.c b/base/cgcs-users/cgcs-users-1.0/command.c
new file mode 100644
index 0000000..91d9d8f
--- /dev/null
+++ b/base/cgcs-users/cgcs-users-1.0/command.c
@@ -0,0 +1,209 @@
+/*
+  Created: 03.19.05 11:34:57 by Attila Nagyidai
+
+  $Id: C\040Console.c,v 1.1.2.1 2003/08/13 00:38:46 neum Exp $
+
+  This file is part of IBSH (Iron Bars Shell) , a restricted Unix shell
+  Copyright (C) 2005  Attila Nagyidai
+
+  This program is free software; you can redistribute it and/or
+  modify it under the terms of the GNU General Public License
+  as published by the Free Software Foundation; either version 2
+  of the License, or (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program; if not, write to the Free Software
+  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+
+  Author: Attila Nagyidai
+  Email: na@ent.hu
+
+  Co-Author: Shy
+  Email: shy@cpan.org
+
+  Co-Author: Witzy
+  Email: stazzz@altern.org
+  
+  URL: http://ibsh.sourceforge.net
+  IRC: irc.freenode.net #ibsh
+  RSS, Statistics, etc: http://sourceforge.net/projects/ibsh/
+
+*/
+
+/* Header files */
+#include "ibsh.h"
+
+extern Strng commands[MAX_ITEMS];
+
+/* This is my version of scanf. It offers good protection against */
+/* buffer overflow attacks. */
+/* Technical Description: */
+/* Variables: the char to read to from stdin, the sum of chars typed in, */
+/* and an integer for length checking. */
+/* Read characters from stdin in a loop, until Enter is pressed. */
+/* The line size check wont stop accepting characters, but it will */
+/* break long commands to LINE_SIZEd pieces. */
+/* Update: */
+/* Read only 80 characters. If the current path + this 80 chars + / */
+/* are longer then 255, read less chars. */
+void myscanf( char *vptr, char *abspath )
+{
+    int c;
+               char chars[STRING_SIZE];
+    int i = 0, j = 0;
+    int linesize = LINE_SIZE;
+
+               fflush(stdin);
+    if ( (strlen(abspath)) > (255 - 80 - 1) ) {
+        linesize = 255 - strlen(abspath) - 1; /* thats for the / */
+    }
+
+    while ( ((c = getchar()) != 10) && ( i < linesize ) ) {
+                               //printf("%d", c);
+                               if  (c > 127) {
+                                                c = 0;
+                                               //ungetc(c, stdin);
+                                               //fflush(stdin);
+                                               break;
+                               }
+             if ( c < 0 ) {
+                 ungetc(c, stdin);
+                 openlog("ibsh", LOG_PID, LOG_AUTH);
+            syslog(LOG_INFO, "user %s has logged out.", loggedin.uname);
+            closelog();
+            exit(0);
+             }
+        chars[i] = c;
+        /* the user is not allowed to pass long lines of trash to ibsh */
+        i++;
+    }
+    chars[i] = '\0';
+   strncpy(vptr,chars,STRING_SIZE-1);
+   vptr[STRING_SIZE-1] = '\0';
+}
+
+
+/* Checks, if the user command, is blacklisted, a hack attempt, */
+/* or it is a real and allowed command. */
+/* Technical Description: */
+/* Variables: pointer for the strtok, temporary strings, counters, */
+/* and an integer to check, how deep is the user in the jail. That is */
+/* the level of subdirectories below jail root. It is set to -1, because */
+/* there is always a / in the jailpath. So only subdir /'s are counted. */
+/* Check if the command contains special characters, if yes, quit. */
+/* If the user is in jailroot, a ../ is not appropriate! */
+/* Count the slashes in the jailpath, so if the user uses way too many */
+/* ../ 's, then we will know. Split the command to particles by the spaces. */
+/* Count the dirups (../); if a token starts with a /, paste the homedir path */
+/* right in front of it. Thats your root booby, not / !!!! */
+/* Finally check the command against the COMMANDS_LIST. */
+int CommandOK( const char *thecommand, const char *rootdir,
+const char *jailpath, char *newcommand )
+{
+  char *tok;
+  char temp1[STRING_SIZE], *temp2;
+  int i = 0, j = 0;
+  int subdirlevel = -1; /* jailpath always starts with a / */
+  int dirupfound = 0;
+  int listed = 0;
+
+  /* First, get the fancy stuff: */
+  /* ../ out of the jailroot, too many ../ out of some */
+  /* subdirectory in the jail, multiple commands, pipes. */
+  bzero(newcommand,STRING_SIZE);
+
+  if ( (strstr(thecommand, ";")) != NULL ) {
+      return 0;
+  }
+  if ( (strstr(thecommand, "|")) != NULL ) {
+      return 0;
+  }
+  if ( (strstr(thecommand, "&")) != NULL ) {
+      return 0;
+  }
+  if ( (strstr(thecommand, "&&")) != NULL ) {
+      return 0;
+  }
+  if ( (strstr(thecommand, "||")) != NULL ) {
+      return 0;
+  }
+  /* The user is in the jailroot. */
+  if ( (strcmp(jailpath, "/")) == 0 ) {
+      /* Does the user wish to get out ? */
+      if ( (strstr(thecommand, "..")) != NULL ) {
+             return 0;
+      }
+  }
+  /* The user is deeper, than the jailroot, and */
+  /* this is a problem. How deep is he, how many */
+  /* ../ do we allow ?? */
+  else {
+      for (i = 0; i < strlen(jailpath); i++) {
+          if ( jailpath[i] == '/' ) {
+              subdirlevel++;
+          }
+      }
+  }
+
+  /* Split the command */
+  for (tok = strtok((void *) thecommand, " "); tok; tok = strtok(0, " ")) {
+      /* Separate parts of the command with a space */
+      if ( (strlen(newcommand)) > 0 ) {
+          strncat(newcommand," ", STRING_SIZE-strlen(newcommand)-1);
+      }
+      
+      /* He wants to get to the real root, does he ? */
+      /* In that case, add the jailroot to the left. */
+      if ( tok[0] == '/' ) {
+        strncat(newcommand,rootdir,STRING_SIZE-strlen(newcommand)-1);
+       }
+
+      /* how many ../ are here */
+      /* if too many, that is more, then how deep */
+      /* the user in the subdirs inside the jail is, */
+      /* cancel the execution of the command. */
+      if ( (strstr(tok, "../")) != NULL ) {
+        strncpy(temp1,tok,sizeof(temp1)-1);
+        temp1[sizeof(temp1)-1] = '\0';
+       
+       while (1) {
+              temp2 = strstr(temp1, "../");
+              if ( temp2 == NULL ) {
+                  break;
+              }
+              LTrim3(temp2, temp1);
+              dirupfound++;
+          }
+          if ( dirupfound > subdirlevel ) {
+              return 0;
+          }
+          /* replace dirups with real path */
+          for (i = 0; i < dirupfound; i++) {
+              PathMinusOne(jailpath, tok, subdirlevel,sizeof(tok));
+          }
+      }
+          /* if command is not listed, return 0 */
+      i = 0;
+      while ( ((strlen(commands[i])) > 0) && ( j == 0 ) ) {
+       if ( (strcmp(tok, commands[i])) == 0 ) {
+                listed = 1;
+                break;
+          }
+          i++;
+      }
+      j++;
+      strncat(newcommand,tok,STRING_SIZE-strlen(newcommand)-1);
+ 
+}
+#ifdef DEBUG
+  printf("old: %s; new: %s; ok: %d\n", thecommand, newcommand, listed);
+#endif
+  return listed;
+}
+
+
diff --git a/base/cgcs-users/cgcs-users-1.0/config.c b/base/cgcs-users/cgcs-users-1.0/config.c
new file mode 100644
index 0000000..8e2af23
--- /dev/null
+++ b/base/cgcs-users/cgcs-users-1.0/config.c
@@ -0,0 +1,179 @@
+/*
+  Created: 03.19.05 11:34:57 by Attila Nagyidai
+
+  $Id: C\040Console.c,v 1.1.2.1 2003/08/13 00:38:46 neum Exp $
+
+  This file is part of IBSH (Iron Bars Shell) , a restricted Unix shell
+  Copyright (C) 2005  Attila Nagyidai
+
+  Copyright(c) 2013-2017 Wind River Systems, Inc. All rights reserved.
+
+  This program is free software; you can redistribute it and/or
+  modify it under the terms of the GNU General Public License
+  as published by the Free Software Foundation; either version 2
+  of the License, or (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program; if not, write to the Free Software
+  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+
+  Author: Attila Nagyidai
+  Email: na@ent.hu
+
+  Co-Author: Shy
+  Email: shy@cpan.org
+
+  Co-Author: Witzy
+  Email: stazzz@altern.org
+  
+  URL: http://ibsh.sourceforge.net
+  IRC: irc.freenode.net #ibsh
+  RSS, Statistics, etc: http://sourceforge.net/projects/ibsh/
+
+*/
+
+/* Header files */
+#include "ibsh.h"
+
+extern Strng commands[MAX_ITEMS];
+extern Strng extensions[MAX_ITEMS];
+
+/* Shy's improved version of the original (and not well working) loadconfig. */
+/* Reads both config files, and parses the contents into arrays. */
+/* This one effectively dismisses every comment from the files. */
+/* Technical Description: */
+/* Variables: file pointer, counters, temporary string arrays. */
+/* The method is the same for both files. First open the file, catch */
+/* any errors. Read file 'til eof. Not read comments (starting with '#'), */
+/* remove trailing newline character. Copy the finished item to the */
+/* pass-by-address arguments. */
+int LoadConfig( void )
+{
+  FILE *fp;
+  int i = 0;
+  char *file_user;
+  
+  Strng tmp[MAX_ITEMS];
+  Strng tmp2[MAX_ITEMS];
+
+  /* COMMAND CONFIG !!!! */
+  file_user = (char *)malloc(strlen(loggedin.uname) + strlen(COMMANDS_DIR) + strlen(".cmds") + 2);
+
+  if(loggedin.uname != NULL)
+       sprintf(file_user, "%s/%s.cmds", COMMANDS_DIR, loggedin.uname);
+  else{
+         free(file_user);
+         return -1;
+  }
+
+  /* Open global config,if not present go out !!! */
+  if((fp = fopen(COMMANDS_FILE,"r")) == NULL) {
+      OPENLOG;
+      syslog(LOG_ERR, "ibsh panic! Global commands file %s can not be read.", COMMANDS_FILE);
+      CLOSELOG;
+      exit(0);
+  }
+
+  while (!feof(fp) && (i<MAX_ITEMS)) {
+        fgets(tmp[i],STRING_SIZE,fp);
+        if ( tmp[i][0] != '#' ) {
+                /* Delete '\n' */
+                tmp[i][strlen(tmp[i]) - 1] = '\0';
+                strncpy(commands[i],tmp[i],strlen(tmp[i]));
+       
+#ifdef DEBUG
+                printf("COMMANDS %s\n",commands[i]);
+#endif
+               i++;
+      }
+  }
+  fclose(fp);
+
+
+#ifdef DEBUG
+  printf("FILE USER %s\n",file_user);
+#endif
+  /* Add the user command */
+  if ((fp = fopen(file_user,"r")) == NULL) {
+             free(file_user);
+       }
+  else {
+  i--;
+  
+  while (!feof(fp) && (i<MAX_ITEMS)) {
+        fgets(tmp[i],STRING_SIZE,fp);
+        if ( tmp[i][0] != '#' ) {
+                // Delete '\n'
+                tmp[i][strlen(tmp[i]) - 1] = '\0';
+                strncpy(commands[i],tmp[i],strlen(tmp[i]));
+#ifdef DEBUG
+                printf("COMMANDS %s\n",commands[i]);
+#endif
+
+               i++;
+      }
+  }
+  fclose(fp);
+  free(file_user);
+  }
+
+  i = 0;
+  
+  /* EXTENSIONS CONFIG !!!!*/
+  
+  file_user = (char *)malloc(strlen(loggedin.uname) + strlen(EXTENSIONS_DIR) + strlen(".xtns") + 2);
+  
+  sprintf(file_user, "%s/%s.xtns", EXTENSIONS_DIR, loggedin.uname);
+
+    /* Open global config,if not present go out !!! */
+  if((fp = fopen(EXTENSIONS_FILE,"r")) == NULL) {
+      OPENLOG;
+      syslog(LOG_ERR, "ibsh panic! Global extensions file %s can not be read.", EXTENSIONS_FILE);
+      CLOSELOG;
+      printf("heyxtns");
+      exit(0);
+  }
+
+  while (!feof(fp) && (i<MAX_ITEMS)) {
+    fgets(tmp2[i],STRING_SIZE,fp);
+        if ( tmp2[i][0] != '#' ) {
+                /* Delete '\n' */
+                tmp2[i][strlen(tmp2[i]) - 1] = '\0';
+                strncpy(extensions[i],tmp2[i],strlen(tmp2[i]));
+#ifdef DEBUG
+                printf("EXTENSIONS %s\n",extensions[i]);
+#endif
+               i++;
+      }
+  }
+  fclose(fp);
+
+  
+  /* Add the user extensions */
+  if ((fp = fopen(file_user,"r")) == NULL) {
+             free(file_user);
+             return 0;
+       }
+
+  i--;
+  
+  while (!feof(fp) && (i<MAX_ITEMS)) {
+        fgets(tmp2[i],STRING_SIZE,fp);
+        if ( tmp2[i][0] != '#' ) {
+                // Delete '\n'
+                tmp2[i][strlen(tmp2[i]) - 1] = '\0';
+                strncpy(extensions[i],tmp2[i],strlen(tmp2[i]));
+               i++;
+      }
+  }
+  fclose(fp);
+  free(file_user);
+  
+  return 0;
+}
+
diff --git a/base/cgcs-users/cgcs-users-1.0/delbadfiles.c b/base/cgcs-users/cgcs-users-1.0/delbadfiles.c
new file mode 100644
index 0000000..fc09f4b
--- /dev/null
+++ b/base/cgcs-users/cgcs-users-1.0/delbadfiles.c
@@ -0,0 +1,239 @@
+/*
+  Created: 03.19.05 11:34:57 by Attila Nagyidai
+
+  $Id: C\040Console.c,v 1.1.2.1 2003/08/13 00:38:46 neum Exp $
+
+  This file is part of IBSH (Iron Bars Shell) , a restricted Unix shell
+  Copyright (C) 2005  Attila Nagyidai
+
+  This program is free software; you can redistribute it and/or
+  modify it under the terms of the GNU General Public License
+  as published by the Free Software Foundation; either version 2
+  of the License, or (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program; if not, write to the Free Software
+  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+
+  Author: Attila Nagyidai
+  Email: na@ent.hu
+
+  Co-Author: Shy
+  Email: shy@cpan.org
+
+  Co-Author: Witzy
+  Email: stazzz@altern.org
+  
+  URL: http://ibsh.sourceforge.net
+  IRC: irc.freenode.net #ibsh
+  RSS, Statistics, etc: http://sourceforge.net/projects/ibsh/
+
+*/
+
+/* Header files */
+#include "ibsh.h"
+
+extern Strng extensions[MAX_ITEMS];
+
+/* witzy's fix of the DelBadFiles function, making it work and adding features.
+   It drops rights of the files which don't end with an extension present into the extensions array,
+   deletes symbolic links pointing out of the jail, and makes unexecutable the files that are executable.
+   A message is printed each time such a file is found, explaining what was done.
+   Don't forget that this function chdirs to the path given into parameter, so when DelBadFiles returns,
+   your current working directory is this path.
+*/
+void DelBadFiles (const char *basedir)
+{
+  DIR *dp;
+  struct dirent *list;
+  struct stat info, attr;
+  char tmp[STRING_SIZE];
+  int i, allowed;
+
+  strncpy(tmp, basedir, STRING_SIZE - 1);
+  if ( lstat( tmp, &info ) == -1 ) {
+      return;
+  }
+
+  if ( !S_ISDIR(info.st_mode) ) {
+      return;
+  }
+
+  if ( (dp = opendir(tmp)) == NULL ) {
+           closedir( dp );
+      return;
+  }
+
+  if ( chdir(tmp) == -1 ) {
+      return;
+  }
+
+  while ( (list = readdir(dp)) != NULL ) {
+#ifdef DEBUG
+    printf("direntry: %s\n", list->d_name);
+#endif
+    if ( (lstat(list->d_name, &attr)) < 0 )
+      continue;
+    
+    // rename long path names
+#ifdef DEBUG
+    printf("length: %d;\n", (strlen(basedir) + strlen(list->d_name) + 2) );
+#endif
+    if ( (strlen(basedir) + strlen(list->d_name) + 2) > 255 ) {
+      snprintf(tmp, 255 - strlen(basedir) - 2, "%s", list->d_name);
+      rename(list->d_name, tmp);
+#ifdef DEBUG
+      printf("%s renamed to %s !\n", list->d_name, tmp);
+#endif
+      if ( (antixploit(basedir, tmp)) == 1 ) {
+       removeAllRights(list->d_name, &attr);
+      }
+      if (isExecutable(&attr)) {
+       makeUnexecutable(tmp, &attr);
+      }
+      continue;
+    }
+
+    if ( S_ISDIR(attr.st_mode) ) { /* in the case of a directory */
+      if ( ((strcmp(list->d_name, ".")) != 0) && ((strcmp(list->d_name, "..")) != 0) ) {
+#ifdef DEBUG
+       printf("recursive call for %s\n", list->d_name);
+#endif
+       DelBadFiles(list->d_name); /* recursively look for bad files in this directory */
+       chdir ("..");
+      }
+    } else if ( S_ISLNK(attr.st_mode) ) { /* in the case of a symlink */
+      if ( symlinkGoesOuttaJail(list->d_name) ) {
+#ifdef DEBUG
+       printf("symlinkoutofjail: %s\n", list->d_name);
+#endif
+       if (unlink(list->d_name) == 0) {
+         bzero (tmp, sizeof(tmp));
+         snprintf (tmp, sizeof(tmp)-1, "Illegal symbolic link %s was erased. Contact the sysadmin for policy.\n", list->d_name);
+         logPrintBadfile (tmp);
+       }
+      }
+    } else if (hasSomeRwxRights(&attr)) { /* other cases (in particular a file), only if there are some rights on it */
+#ifdef DEBUG
+      printf("%s has some rights\n", list->d_name);
+#endif
+      /* check the runnability of the file */
+      if (isExecutable(&attr)) {
+#ifdef DEBUG
+       printf("%s executable\n", list->d_name);
+#endif
+       if (makeUnexecutable(list->d_name, &attr) == 0) {
+         bzero (tmp, sizeof(tmp));
+         snprintf (tmp, sizeof(tmp)-1, "Executable file %s is not anymore. Contact the sysadmin for policy.\n", list->d_name);
+         logPrintBadfile (tmp);
+       }
+      }
+      
+      if ( (antixploit(basedir, list->d_name)) == 1 ) {
+       if (removeAllRights(list->d_name, &attr) == 0) {
+         bzero (tmp, sizeof(tmp));
+         snprintf (tmp, sizeof(tmp)-1, "Illegal file %s got its rights dropped. Contact the sysadmin for policy.\n", list->d_name);
+         logPrintBadfile (tmp);
+         continue;
+       }
+      }
+      
+      /* check if the file has a permitted extension */
+      for (i = 0, allowed = 0; (strlen(extensions[i])) > 0 && !allowed; i++) {
+       if ( (strstr(list->d_name, extensions[i])) != NULL ) {
+#ifdef DEBUG
+         printf("filename: %s; extension: %s\n", list->d_name, extensions[i]);
+#endif
+         allowed = 1;
+       }
+      } /* for */
+      if (!allowed) { /* if the file hasn't an allowed extension */
+#ifdef DEBUG
+       printf("not allowed extension for %s\n", list->d_name);
+#endif
+       if (removeAllRights(list->d_name, &attr) == 0) {
+         bzero (tmp, sizeof(tmp));
+         snprintf (tmp, sizeof(tmp)-1, "Illegal file %s got its rights dropped. Contact the sysadmin for policy.\n", list->d_name);
+         logPrintBadfile (tmp);
+       }
+      }
+    } /* else */
+
+  } /* while */
+  
+  closedir( dp );
+}
+
+/* takes a symlink location, resolves it and returns :
+   1 if the symlink points out of the jail
+   0 else, meaning the symlink is ok
+*/
+int symlinkGoesOuttaJail (const char * sl)
+{
+  char fPnted[PATH_MAX];
+  char rslvdPath[PATH_MAX]; /* size of PATH_MAX because of realpath() behavior */
+  int i;
+  
+  i = readlink (sl, fPnted, PATH_MAX);
+  if ( i > 0 && i < PATH_MAX ) {
+    fPnted[i] = '\0';
+    if (realpath (fPnted, rslvdPath) == rslvdPath) {
+      if ( strncmp (loggedin.udir, rslvdPath, strlen(loggedin.udir)) == 0 )
+       return 0;
+      else
+       return 1;
+    }
+  }
+  return 1; /* if this line is reached, there was a problem with the processing of the symlink, 
+              e.g. the path is too long, so we should consider that the symlink is bad, 
+              and may be deleted by the calling function */
+}
+
+/* takes a stat structure, and returns
+   1 if at least one of the user/group/other execution bits or suid/guid are set
+   0 if no such bit is set at all
+ */
+int isExecutable (struct stat * s)
+{
+  if ( ((s->st_mode & S_IXUSR) == S_IXUSR)
+       | ((s->st_mode & S_IXGRP) == S_IXGRP)
+       | ((s->st_mode & S_IXOTH) == S_IXOTH)
+       | ((s->st_mode & S_ISUID) == S_ISUID)
+       | ((s->st_mode & S_ISGID) == S_ISGID) )
+    return 1;
+  return 0;
+}
+
+int hasSomeRwxRights (struct stat * s)
+{
+  if ( ((s->st_mode & S_IRWXU) != 0)
+       | ((s->st_mode & S_IRWXG) != 0)
+       | ((s->st_mode & S_IRWXO) != 0) )
+    return 1;
+  return 0;
+}
+
+int makeUnexecutable (const char * filename, struct stat * s)
+{
+  return chmod (filename,
+               s->st_mode & ~(S_IXUSR | S_IXGRP | S_IXOTH | S_ISUID | S_ISGID) );
+}
+
+int removeAllRights (const char * filename, struct stat * s)
+{
+  return chmod (filename, 
+               s->st_mode & ~(S_IRWXU | S_IRWXG | S_IRWXO | S_ISUID | S_ISGID) );
+}
+
+void logPrintBadfile (const char * msg)
+{
+  OPENLOG;
+  syslog(LOG_WARNING, "%s", msg);
+  CLOSELOG;
+  //  printf ("ibsh: %s\n", msg);
+}
diff --git a/base/cgcs-users/cgcs-users-1.0/example.allowall.xtns b/base/cgcs-users/cgcs-users-1.0/example.allowall.xtns
new file mode 100644
index 0000000..d0963cd
--- /dev/null
+++ b/base/cgcs-users/cgcs-users-1.0/example.allowall.xtns
@@ -0,0 +1,28 @@
+# Add any extension the user may use.
+q
+w
+e
+r
+t
+y
+u
+i
+o
+p
+a
+s
+d
+f
+g
+h
+j
+k
+l
+z
+x
+c
+v
+b
+n
+m
+
diff --git a/base/cgcs-users/cgcs-users-1.0/example.denyall.xtns b/base/cgcs-users/cgcs-users-1.0/example.denyall.xtns
new file mode 100644
index 0000000..9dead3a
--- /dev/null
+++ b/base/cgcs-users/cgcs-users-1.0/example.denyall.xtns
@@ -0,0 +1,2 @@
+# Add any extension the user may use.
+
diff --git a/base/cgcs-users/cgcs-users-1.0/execute.c b/base/cgcs-users/cgcs-users-1.0/execute.c
new file mode 100644
index 0000000..2d80366
--- /dev/null
+++ b/base/cgcs-users/cgcs-users-1.0/execute.c
@@ -0,0 +1,159 @@
+/*
+  Created: 03.19.05 11:34:57 by Attila Nagyidai
+
+  $Id: C\040Console.c,v 1.1.2.1 2003/08/13 00:38:46 neum Exp $
+
+  This file is part of IBSH (Iron Bars Shell) , a restricted Unix shell
+  Copyright (C) 2005  Attila Nagyidai
+
+  This program is free software; you can redistribute it and/or
+  modify it under the terms of the GNU General Public License
+  as published by the Free Software Foundation; either version 2
+  of the License, or (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program; if not, write to the Free Software
+  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+
+  Author: Attila Nagyidai
+  Email: na@ent.hu
+
+  Co-Author: Shy
+  Email: shy@cpan.org
+
+  Co-Author: Witzy
+  Email: stazzz@altern.org
+  
+  URL: http://ibsh.sourceforge.net
+  IRC: irc.freenode.net #ibsh
+  RSS, Statistics, etc: http://sourceforge.net/projects/ibsh/
+
+*/
+
+/* Header files */
+#include "ibsh.h"
+
+/* Counts the spaces in the command */
+int nbspace(const char *command)
+{
+int i=0;
+int nbspace=0;
+
+while(command[i] != '\0'){
+       if(command[i] == ' ')
+               nbspace++;
+       i++;
+}
+
+return nbspace;
+}
+
+/* Shy's improved and secured version of hhsystem, originally taken from */
+/* the book: Linux Unix Systemprogramming by Helmut Herold. */
+int  hhsystem(const char *user_command)   /*--- Version ohne Signalbehandlung ---*/
+{
+   pid_t   pid;
+   int     status;
+   int i=0;
+   int find = 0;
+
+   char *field;
+
+   char path[STRING_SIZE];
+
+   char *current_path;
+   char *fieldspath;
+   char *params[nbspace(user_command) + 1];
+
+   DIR *currentdir;
+   struct dirent *pdirent;
+
+   if (user_command == NULL)
+      return(1);   /* In Unix ist immer Kommandoprozessor vorhanden */
+
+   if ( (pid=fork()) < 0)
+      status = -1;
+
+   else if (pid == 0) {
+        /* Split the command */
+       field = strtok((char *)user_command," ");
+       while(field != NULL){
+#ifdef DEBUG
+               printf("CHAMPS %s\n",field);
+#endif
+               params[i] = malloc(strlen(field) + 1);
+               bzero(params[i],strlen(field)+1);
+               strncpy(params[i],field,strlen(field));
+               i++;
+               field = strtok(NULL," ");
+
+       }
+       /* Put NULL at the end for execve */
+       params[i] = NULL;
+
+       /* Get PATH */
+       current_path = getenv("PATH");
+
+#ifdef DEBUG
+       printf("PATH %s %s\n",current_path,loggedin.udir);
+#endif
+
+       /* Parse the PATH if the command is in the home dir it's skip !! */
+        fieldspath = strtok((char *)current_path,":");
+               while((fieldspath != NULL) && find != 1){
+#ifdef DEBUG
+                       printf("FIELD PATH %s\n",fieldspath);
+#endif
+                       if(!strstr(fieldspath,loggedin.udir)){
+                               if((currentdir = opendir(fieldspath)) != NULL){
+
+                                       while(((pdirent = readdir(currentdir)) != NULL) && find != 1){
+                                               if(!strncmp(pdirent->d_name,params[0],sizeof(params[0]))){
+#ifdef DEBUG
+                                               printf("TROUVE %s!!!!\n",pdirent->d_name);
+#endif
+                                               find = 1;
+
+                                       }
+                               }
+                       }
+                               closedir(currentdir);
+                       }
+                       if(find == 0)
+                               fieldspath = strtok(NULL,":");
+                       
+               }
+
+       /* Contruct the real command with the good path */
+       if(find == 1 && ((strlen(fieldspath)+strlen(params[0])+1) < sizeof(path))){
+               bzero(path,sizeof(path));
+               snprintf(path,sizeof(path)-1,"%s/%s",fieldspath,params[0]);
+               path[sizeof(path)-1] = '\0';
+
+#ifdef DEBUG
+    printf("PATH FINAL %s %d ok!\n",path,strlen(path));
+               printf("PARAMS[0] %s\n",params[0]);
+               printf("PARAMS[1] %s\n",params[1]);
+#endif
+               execve(path,params,environ);
+       }
+       /* The command is in the home dir :( bad for you guys !! */
+       else{
+               status = -1;
+       }
+       _exit(127);
+
+   } else
+      while (waitpid(pid, &status, 0) < 0)
+         if (errno != EINTR) {
+            status = -1;
+            break;
+         }
+
+   return(status);
+}
diff --git a/base/cgcs-users/cgcs-users-1.0/globals.cmds b/base/cgcs-users/cgcs-users-1.0/globals.cmds
new file mode 100644
index 0000000..8c9b7a4
--- /dev/null
+++ b/base/cgcs-users/cgcs-users-1.0/globals.cmds
@@ -0,0 +1,8 @@
+# Add any commands the user may execute. Even shell commands.
+# You have to allow logout and/or exit, so the user can logout!
+# cd and pwd should also be allowed. Note: other shell builtin
+# commands are not yet implemented!
+cd
+pwd
+logout
+exit
diff --git a/base/cgcs-users/cgcs-users-1.0/globals.xtns b/base/cgcs-users/cgcs-users-1.0/globals.xtns
new file mode 100644
index 0000000..71f86f8
--- /dev/null
+++ b/base/cgcs-users/cgcs-users-1.0/globals.xtns
@@ -0,0 +1,3 @@
+# Add any extension the user may use.
+.doc
+.txt
diff --git a/base/cgcs-users/cgcs-users-1.0/ibsh.h b/base/cgcs-users/cgcs-users-1.0/ibsh.h
new file mode 100644
index 0000000..9d9d692
--- /dev/null
+++ b/base/cgcs-users/cgcs-users-1.0/ibsh.h
@@ -0,0 +1,126 @@
+/*
+  Created: 03.19.05 11:15:21 by Attila Nagyidai
+
+  $Id: C\040Header.h,v 1.1.2.1 2003/08/13 00:38:46 neum Exp $
+
+  This file is part of IBSH (Iron Bars Shell) , a restricted Unix shell
+  Copyright (C) 2005  Attila Nagyidai
+
+  This program is free software; you can redistribute it and/or
+  modify it under the terms of the GNU General Public License
+  as published by the Free Software Foundation; either version 2
+  of the License, or (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program; if not, write to the Free Software
+  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+
+  Author: Attila Nagyidai
+  Email: na@ent.hu
+
+  Co-Author: Shy
+  Email: shy@cpan.org
+
+  URL: http://ibsh.sourceforge.net
+  IRC: irc.freenode.net #ibsh
+  RSS, Statistics, etc: http://sourceforge.net/projects/ibsh/
+
+*/
+
+#ifndef _IBSH_H
+#define _IBSH_H
+
+/* Insert Code here */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/wait.h>
+#include <syslog.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <dirent.h>
+#include <pwd.h>
+#include <grp.h>
+#include <limits.h>
+#include <glob.h>
+#include <signal.h>
+
+#define PAM_SIZE    8
+#define LINE_SIZE   80
+#define STRING_SIZE 255
+#define BUFFER_SIZE 4096
+#define PATH_MAX 4096
+#define MAX_ITEMS   50
+#define COMMANDS_DIR "/etc/ibsh/cmds"
+#define COMMANDS_FILE "/etc/ibsh/globals.cmds"
+#define EXTENSIONS_DIR "/etc/ibsh/xtns"
+#define EXTENSIONS_FILE "/etc/ibsh/globals.xtns"
+
+/* Antixploit */
+#define C_CODE  "#include"
+#define SHELL_CODE  "#!/"
+#define PYTHON_CODE "import"
+#define ADA_CODE  "package body"
+#define EIFFEL_CODE "feature --"
+#define LISP_CODE "(defun"
+#define ELF_CODE "ELF"
+
+/* Logging */
+#define OPENLOG     openlog("ibsh", LOG_PID, LOG_AUTH)
+#define CLOSELOG    closelog()
+
+/* Typedefs, structs, globals */
+typedef struct theuser {
+    char uname[STRING_SIZE];
+    uid_t uid;
+    char udir[STRING_SIZE];
+    struct passwd *record;
+} theuser;
+
+typedef char Strng[STRING_SIZE];
+
+theuser loggedin; /* user info */
+
+//static Strng commands[MAX_ITEMS];  /* permitted commands */
+Strng commands[MAX_ITEMS];
+Strng extensions[MAX_ITEMS];
+/*static Strng extensions[MAX_ITEMS];   permitted extensions */
+char real_path[STRING_SIZE];    /* absolute path */
+char jail_path[STRING_SIZE];    /* path inside the jail */
+char user_command[STRING_SIZE];   /* whatever the user types */
+char filtered_command[STRING_SIZE]; /* this one will be executed */
+int exitcode;
+extern char **environ;
+
+
+int CommandOK( const char *thecommand, const char *rootdir,
+const char *jailpath, char *newcommand );
+void LTrim3( const char *base, char *result );
+void GetPositionInJail( const char *abspath, const char *rootdir, char *relpath );
+int LoadConfig( void );
+void myscanf( char *vptr, char *abspath );
+int  hhsystem(const char *kdozeile);
+void PathMinusOne( const char *basepath, char *evalpath, int slashcount,size_t nevalpath);
+void log_attempt( const char *username );
+int nbspace(const char *command);
+void lshift( char *line );
+int antixploit( const char *abspath, char *token );
+void logPrintBadfile (const char * msg);
+int removeAllRights (const char * filename, struct stat * s);
+int makeUnexecutable (const char * filename, struct stat * s);
+int hasSomeRwxRights (struct stat * s);
+int isExecutable (struct stat * s);
+int symlinkGoesOuttaJail (const char * sl);
+void DelBadFiles (const char *basedir);
+
+
+#endif /* _IBSH_H */
diff --git a/base/cgcs-users/cgcs-users-1.0/jail.c b/base/cgcs-users/cgcs-users-1.0/jail.c
new file mode 100644
index 0000000..ab3300a
--- /dev/null
+++ b/base/cgcs-users/cgcs-users-1.0/jail.c
@@ -0,0 +1,101 @@
+/*
+  Created: 03.19.05 11:34:57 by Attila Nagyidai
+
+  $Id: C\040Console.c,v 1.1.2.1 2003/08/13 00:38:46 neum Exp $
+
+  This file is part of IBSH (Iron Bars Shell) , a restricted Unix shell
+  Copyright (C) 2005  Attila Nagyidai
+
+  This program is free software; you can redistribute it and/or
+  modify it under the terms of the GNU General Public License
+  as published by the Free Software Foundation; either version 2
+  of the License, or (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program; if not, write to the Free Software
+  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+
+  Author: Attila Nagyidai
+  Email: na@ent.hu
+
+  Co-Author: Shy
+  Email: shy@cpan.org
+
+  Co-Author: Witzy
+  Email: stazzz@altern.org
+  
+  URL: http://ibsh.sourceforge.net
+  IRC: irc.freenode.net #ibsh
+  RSS, Statistics, etc: http://sourceforge.net/projects/ibsh/
+
+*/
+
+/* Header files */
+#include "ibsh.h"
+
+
+
+/* Remove the path of the Jail root dir from the displayed paths! */
+/* Return the jail path from the absolute path. */
+/* Copy characters from absolute path to jail path, starting, where the */
+/* jail root ends. */
+void GetPositionInJail( const char *abspath, const char *rootdir, char *relpath )
+{
+  int i = 0;
+  int j = 0;
+  
+  bzero(relpath, strlen(relpath));
+  for (i = strlen(rootdir); i < strlen(abspath); i++) {
+      relpath[j] = abspath[i];
+      j++;
+  }
+  relpath[j] = '\0';
+}
+
+/* Take 3 characters from left off a string. */
+/* It practically removes one ../ . */
+void LTrim3( const char *base, char *result )
+{
+  int i = 0;
+  int j = 0;
+
+  bzero(result, strlen(result));
+  for (i = 3; i < strlen(base); i++) {
+      result[j] = base[i];
+      j++;
+  }
+  result[j] = '\0';
+}
+
+/* Remove one subdirectory from the path in the argument. */
+/* In case the user uses ../ 's in his command. */
+/* Technical Description: */
+/* Variables: string pointer for the strtok function, and an */
+/* integer to stop the removing. */
+/* Disassemble the path by the slashes. And glue the required parts */
+/* together. Number of required parts = number of all parts - 1 . */
+void PathMinusOne( const char *basepath, char *evalpath, int slashcount,size_t nevalpath )
+{
+  char *tok;
+  int j = 1;
+  
+  bzero(evalpath, strlen(evalpath));
+  if ( slashcount == 1 ) {
+      strncpy(evalpath,"/",nevalpath-1);
+      evalpath[nevalpath-1] = '\0';
+  }
+  else {
+      for (tok = strtok((void *) basepath, "/"); tok; tok = strtok(0, "/")) {
+          if ( j < slashcount ) {
+              strncat(evalpath,tok,nevalpath-strlen(evalpath)-1);
+               strncat(evalpath,"/",nevalpath-strlen(evalpath)-1);
+          }
+          j++;
+      }
+  }
+}
diff --git a/base/cgcs-users/cgcs-users-1.0/main.c b/base/cgcs-users/cgcs-users-1.0/main.c
new file mode 100644
index 0000000..1d92899
--- /dev/null
+++ b/base/cgcs-users/cgcs-users-1.0/main.c
@@ -0,0 +1,239 @@
+/*
+  Created: 03.19.05 11:34:57 by Attila Nagyidai
+
+  $Id: C\040Console.c,v 1.1.2.1 2003/08/13 00:38:46 neum Exp $
+
+  This file is part of IBSH (Iron Bars Shell) , a restricted Unix shell
+  Copyright (C) 2005  Attila Nagyidai
+
+  Copyright(c) 2013-2017 Wind River Systems, Inc. All rights reserved.
+
+  This program is free software; you can redistribute it and/or
+  modify it under the terms of the GNU General Public License
+  as published by the Free Software Foundation; either version 2
+  of the License, or (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program; if not, write to the Free Software
+  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+
+  Author: Attila Nagyidai
+  Email: na@ent.hu
+
+  Co-Author: Shy
+  Email: shy@cpan.org
+
+  Co-Author: Witzy
+  Email: stazzz@altern.org
+  
+  URL: http://ibsh.sourceforge.net
+  IRC: irc.freenode.net #ibsh
+  RSS, Statistics, etc: http://sourceforge.net/projects/ibsh/
+
+*/
+
+/* Header files */
+#include "ibsh.h"
+#include "stdlib.h"
+
+/* Main: */
+/* Handle arguments, read config files, start command processing. */
+/* IBSH doesnt use any command line arguments, but my text editor */
+/* uses this code in all new c files to create. And i didnt have the */
+/* heart to remove it. ;p */
+/* Technical Description: */
+/* Get the passwd entry for the user. The uid is easily aquired, since */
+/* it is the real user id. After that, grab the passwd file entry upon */
+/* the id, and copy the information to the loggedin struct. */
+/* Add some signal handlers too. */
+/* The infinite loop: */
+/* Get the current directory, the full path. Compute the jailpath from that, */
+/* that is the directories below the users homedir, which is the jail root. */
+/* The jail ceiling if you like. Print some prompt to the user with the jailpath, */
+/* and read stdin for incoming commands. Filter out the bad commands, typos, the */
+/* not allowed commands. It the command is ok, execute it. If it is a shell builtin, */
+/* use our builtin code, otherwise use execve. After execve, check if the user didnt */
+/* use the last command to create some illegal content. If yes, erase that. Give the */
+/* notice only afterwards. */
+
+void ALRMhandler(int sig) {
+    OPENLOG;
+    syslog(LOG_INFO, "CLI timeout, user %s has logged out.", loggedin.uname);
+    CLOSELOG;
+    exit(0);
+}
+
+int main(int argc, char **argv)
+{
+  char temp[STRING_SIZE], *buf;
+  struct stat info;
+  uid_t ruid, euid;
+  gid_t rgid, egid;
+  unsigned int tout_cli = 0;
+
+  const char* tout = getenv("TMOUT");
+  if (tout)
+    tout_cli = atoi(tout);
+  else
+    //default to 5 mins
+    tout_cli = 300;
+
+  /* setuid protection */
+  ruid = getuid();
+  euid = geteuid();
+  rgid = getgid();
+  egid = getegid();
+  if ( (ruid!=euid) || (ruid==0) || (euid==0) || (rgid!=egid) || (rgid==0) || (egid==0) ) {
+      OPENLOG;
+      syslog(LOG_ERR, "setuid/setgid violation!");
+      CLOSELOG;
+      printf("ibsh: setuid/setgid violation!! exiting...\n");
+#ifdef DEBUG
+      printf("ruid: %d;euid: %d;rgid: %d;egid: %d\n", ruid,euid,rgid,egid);
+#endif
+      exit(0);
+  }
+
+  /* To Do: The code of your application goes here */
+  /* First part: */
+  /* Get essential information about the user who got this shell: */
+  /* first the username, then the user id. Upon this, retrieve the */
+  /* user's record in the passwd file. */
+  bzero(&loggedin, sizeof(loggedin));
+  loggedin.uid = getuid();
+  loggedin.record = getpwuid(loggedin.uid);
+  if ( loggedin.record == NULL ) {
+      loggedin.record = getpwnam(loggedin.uname);
+      if ( loggedin.record == NULL ) {
+          openlog(loggedin.uname, LOG_PID, LOG_AUTH);
+          syslog(LOG_ERR, "Can not obtain user information");
+          closelog();
+          exit(0);
+      }
+  }
+  strncpy(loggedin.uname, loggedin.record->pw_name, PAM_SIZE);
+  strncpy(loggedin.udir, loggedin.record->pw_dir, STRING_SIZE);
+
+  /* Second part: */
+  /* Handle some signal catching. Read the configuration files. */
+  signal( SIGINT, SIG_IGN );
+  signal( SIGQUIT, SIG_IGN );
+  signal( SIGTERM, SIG_IGN );
+  signal( SIGTSTP, SIG_IGN );
+  signal( SIGALRM, ALRMhandler );
+  LoadConfig();
+
+  /* Command mode */
+  if(argc == 3) {
+      if ( argv[1][1] == 'c' ) {
+          if ( CommandOK(argv[2], loggedin.udir, "/", filtered_command) == 1) {
+                exitcode = hhsystem(filtered_command);
+                OPENLOG;
+                syslog(LOG_INFO, "command %s ordered, command %s has been executed.",
+                argv[2], filtered_command);
+                CLOSELOG;
+                exit(exitcode);
+          }
+          exit(0);
+      }
+      else {
+        exit(0);
+      }
+  }
+
+  OPENLOG;
+  syslog(LOG_INFO, "user %s has logged in.", loggedin.uname);
+  CLOSELOG;
+
+
+  DelBadFiles(loggedin.udir);
+  chdir (loggedin.udir);
+
+
+  /* Third part: */
+  /* Start reading and processing the user issued commands. */
+  /* Split the command by the spaces, filter out anything, */
+  /* that would allow the user to access files outside the */
+  /* jail. Filter out multiples and pipes as well. No program */
+  /* will be allowed to run, unless it is mentioned in the */
+  /* config files. Files that are created with an extension */
+  /* that is listed in the other config file, must be deleted! */
+  alarm(tout_cli);
+  for ( ; ; ) {
+    /* Where is he ? */
+    getcwd(real_path, STRING_SIZE);
+    GetPositionInJail(real_path, loggedin.udir, jail_path);
+    if ( (strlen(jail_path)) == 0 ) {
+        strncpy(jail_path, "/", 2);
+    }
+    /* We don't want the user to know where he actually is. */
+    /* This is the prompt! */
+    printf("[%s]%% ", loggedin.uname);
+    /* scanf("%s", user_command); */
+    myscanf(user_command, real_path);
+    alarm(tout_cli);
+    /* Command interpretation and execution. */
+    if ( (CommandOK(user_command, loggedin.udir, jail_path, filtered_command)) == 0 ) {
+        log_attempt(loggedin.uname);  /* v0.2a */
+        continue;
+    }
+    /* If the user issued command starts with a shell builtin. */
+    bzero(temp, strlen(temp));
+    if ( (buf = strstr(filtered_command, "cd")) != NULL ) {
+      if ( (strcmp(buf, filtered_command)) == 0 ) {
+          LTrim3(filtered_command, temp);
+          if ( (strcmp(temp, real_path)) != 0 ) {
+            if ( (strcmp(temp, "..")) == 0 ) {
+                PathMinusOne(jail_path, temp, 1,sizeof(temp));
+            }
+            if ( (strcmp(temp, "/")) == 0 ) {
+                strncpy(temp, loggedin.udir, LINE_SIZE);
+            }
+            exitcode = chdir(temp);
+            if ( exitcode == -1 ) {
+                printf("ibsh: cd: %s: No such file or directory\n", temp);
+            }
+          }
+          continue;
+      }
+    }
+    else if ( (buf = strstr(filtered_command, "pwd")) != NULL ) {
+     if ( (strcmp(buf, filtered_command)) == 0 ) {
+          printf("%s\n", jail_path);
+          continue;
+      }
+    }
+    else if ( (buf = strstr(filtered_command, "logout")) != NULL ) {
+      if ( (strcmp(buf, filtered_command)) == 0 ) {
+          OPENLOG;
+          syslog(LOG_INFO, "user %s has logged out.", loggedin.uname);
+          CLOSELOG;
+          break;
+      }
+    }
+    else if ( (buf = strstr(filtered_command, "exit")) != NULL ) {
+      if ( (strcmp(buf, filtered_command)) == 0 ) {
+          OPENLOG;
+          syslog(LOG_INFO, "user %s has logged out.", loggedin.uname);
+          CLOSELOG;
+          break;
+      }
+    }
+    else {
+        exitcode = hhsystem(filtered_command);
+        if ( exitcode < 0 ) {
+            printf("%s\n", strerror(errno));
+        }
+    }
+    getcwd(real_path, STRING_SIZE);
+    DelBadFiles(loggedin.udir);
+    chdir (real_path);
+  }
+  return 0;
+}
+
diff --git a/base/cgcs-users/cgcs-users-1.0/misc.c b/base/cgcs-users/cgcs-users-1.0/misc.c
new file mode 100644
index 0000000..d73ddb8
--- /dev/null
+++ b/base/cgcs-users/cgcs-users-1.0/misc.c
@@ -0,0 +1,52 @@
+/*
+  Created: 03.19.05 11:34:57 by Attila Nagyidai
+
+  $Id: C\040Console.c,v 1.1.2.1 2003/08/13 00:38:46 neum Exp $
+
+  This file is part of IBSH (Iron Bars Shell) , a restricted Unix shell
+  Copyright (C) 2005  Attila Nagyidai
+
+  This program is free software; you can redistribute it and/or
+  modify it under the terms of the GNU General Public License
+  as published by the Free Software Foundation; either version 2
+  of the License, or (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program; if not, write to the Free Software
+  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+
+  Author: Attila Nagyidai
+  Email: na@ent.hu
+
+  Co-Author: Shy
+  Email: shy@cpan.org
+
+  Co-Author: Witzy
+  Email: stazzz@altern.org
+  
+  URL: http://ibsh.sourceforge.net
+  IRC: irc.freenode.net #ibsh
+  RSS, Statistics, etc: http://sourceforge.net/projects/ibsh/
+
+*/
+
+/* Header files */
+#include "ibsh.h"
+
+/* If the command is not ok, there is a possible hack attempt. */
+/* Can also be a typo, but we're not taking any chances. v0.2a */
+void log_attempt( const char *username )
+{
+  char logmsg[STRING_SIZE];
+
+  snprintf(logmsg, 50, "Possible hack attempt by %s.", username);
+  
+  OPENLOG;
+  syslog(LOG_WARNING, "%s", logmsg);
+  CLOSELOG;
+}
-- 
2.17.1