+++ /dev/null
-From b62415943878891ce000b9e0b414354b60047876 Mon Sep 17 00:00:00 2001
-From: babak sarashki <babak.sarashki@windriver.com>
-Date: Tue, 2 Jul 2019 14:09:28 -0700
-Subject: [PATCH 1/2] cgcs-users with patch ibsh patches
-
-Applied ibsh-0.3e-cgcs.patch and copyright patch.
----
- base/cgcs-users/cgcs-users-1.0/BUGS | 19 +
- base/cgcs-users/cgcs-users-1.0/CONTRIBUTORS | 7 +
- base/cgcs-users/cgcs-users-1.0/COPYING | 340 ++++++++++++++++++
- base/cgcs-users/cgcs-users-1.0/COPYRIGHT | 17 +
- base/cgcs-users/cgcs-users-1.0/INSTALL | 23 ++
- base/cgcs-users/cgcs-users-1.0/Makefile | 56 +++
- base/cgcs-users/cgcs-users-1.0/README | 29 ++
- base/cgcs-users/cgcs-users-1.0/Release | 17 +
- base/cgcs-users/cgcs-users-1.0/TODO | 10 +
- base/cgcs-users/cgcs-users-1.0/VERSION | 1 +
- base/cgcs-users/cgcs-users-1.0/antixploit.c | 131 +++++++
- base/cgcs-users/cgcs-users-1.0/command.c | 209 +++++++++++
- base/cgcs-users/cgcs-users-1.0/config.c | 179 +++++++++
- base/cgcs-users/cgcs-users-1.0/delbadfiles.c | 239 ++++++++++++
- .../cgcs-users-1.0/example.allowall.xtns | 28 ++
- .../cgcs-users-1.0/example.denyall.xtns | 2 +
- base/cgcs-users/cgcs-users-1.0/execute.c | 159 ++++++++
- base/cgcs-users/cgcs-users-1.0/globals.cmds | 8 +
- base/cgcs-users/cgcs-users-1.0/globals.xtns | 3 +
- base/cgcs-users/cgcs-users-1.0/ibsh.h | 126 +++++++
- base/cgcs-users/cgcs-users-1.0/jail.c | 101 ++++++
- base/cgcs-users/cgcs-users-1.0/main.c | 239 ++++++++++++
- base/cgcs-users/cgcs-users-1.0/misc.c | 52 +++
- 23 files changed, 1995 insertions(+)
- create mode 100644 base/cgcs-users/cgcs-users-1.0/BUGS
- create mode 100644 base/cgcs-users/cgcs-users-1.0/CONTRIBUTORS
- create mode 100644 base/cgcs-users/cgcs-users-1.0/COPYING
- create mode 100644 base/cgcs-users/cgcs-users-1.0/COPYRIGHT
- create mode 100644 base/cgcs-users/cgcs-users-1.0/INSTALL
- create mode 100644 base/cgcs-users/cgcs-users-1.0/Makefile
- create mode 100644 base/cgcs-users/cgcs-users-1.0/README
- create mode 100644 base/cgcs-users/cgcs-users-1.0/Release
- create mode 100644 base/cgcs-users/cgcs-users-1.0/TODO
- create mode 100644 base/cgcs-users/cgcs-users-1.0/VERSION
- create mode 100644 base/cgcs-users/cgcs-users-1.0/antixploit.c
- create mode 100644 base/cgcs-users/cgcs-users-1.0/command.c
- create mode 100644 base/cgcs-users/cgcs-users-1.0/config.c
- create mode 100644 base/cgcs-users/cgcs-users-1.0/delbadfiles.c
- create mode 100644 base/cgcs-users/cgcs-users-1.0/example.allowall.xtns
- create mode 100644 base/cgcs-users/cgcs-users-1.0/example.denyall.xtns
- create mode 100644 base/cgcs-users/cgcs-users-1.0/execute.c
- create mode 100644 base/cgcs-users/cgcs-users-1.0/globals.cmds
- create mode 100644 base/cgcs-users/cgcs-users-1.0/globals.xtns
- create mode 100644 base/cgcs-users/cgcs-users-1.0/ibsh.h
- create mode 100644 base/cgcs-users/cgcs-users-1.0/jail.c
- create mode 100644 base/cgcs-users/cgcs-users-1.0/main.c
- create mode 100644 base/cgcs-users/cgcs-users-1.0/misc.c
-
-diff --git a/base/cgcs-users/cgcs-users-1.0/BUGS b/base/cgcs-users/cgcs-users-1.0/BUGS
-new file mode 100644
-index 0000000..7dacaab
---- /dev/null
-+++ b/base/cgcs-users/cgcs-users-1.0/BUGS
-@@ -0,0 +1,19 @@
-+** Open BUGS **
-+None, so far.
-+
-+** Fixed BUGS **
-+- Input length checking on all inputs, string copies, etc. is fixed.
-+- The myscanf function will no longer accept more then 80 chars at once,
-+so ibsh hopefully wont crash on a too long input.
-+- Added signal.h in the header file, the lack of it caused compilation
-+problems on some systems.
-+- Fixed the infinite loop in DelBadFiles. This function is temporarily
-+taken out of the project
-+- Removed the involvment of /bin/sh from system. Added path checking.
-+- In jail root, not only ../ is not allowed, but .. too.
-+- Fixed a bug, that happened on bsd, when the user pressed ^D.
-+- Fixed a bug with opendir
-+- Fixed a format string vulnerability in logprintbadfile(). Thanks to
-+Kim Streich for the report.
-+
-+2005.05.23
-diff --git a/base/cgcs-users/cgcs-users-1.0/CONTRIBUTORS b/base/cgcs-users/cgcs-users-1.0/CONTRIBUTORS
-new file mode 100644
-index 0000000..35ca436
---- /dev/null
-+++ b/base/cgcs-users/cgcs-users-1.0/CONTRIBUTORS
-@@ -0,0 +1,7 @@
-+CONTRIBUTORS TO PROJECT IBSH
-+
-+Kim Streich <kstreich at gmail.com>
-+ * bug finder, debugger, tester.
-+
-+RazoR (Nikolay Alexandrov) <Nikolay@Alexandrov.ws>
-+ * bug finder, debugger, tester.
-diff --git a/base/cgcs-users/cgcs-users-1.0/COPYING b/base/cgcs-users/cgcs-users-1.0/COPYING
-new file mode 100644
-index 0000000..d60c31a
---- /dev/null
-+++ b/base/cgcs-users/cgcs-users-1.0/COPYING
-@@ -0,0 +1,340 @@
-+ GNU GENERAL PUBLIC LICENSE
-+ Version 2, June 1991
-+
-+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
-+ 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-+ Everyone is permitted to copy and distribute verbatim copies
-+ of this license document, but changing it is not allowed.
-+
-+ Preamble
-+
-+ The licenses for most software are designed to take away your
-+freedom to share and change it. By contrast, the GNU General Public
-+License is intended to guarantee your freedom to share and change free
-+software--to make sure the software is free for all its users. This
-+General Public License applies to most of the Free Software
-+Foundation's software and to any other program whose authors commit to
-+using it. (Some other Free Software Foundation software is covered by
-+the GNU Library General Public License instead.) You can apply it to
-+your programs, too.
-+
-+ When we speak of free software, we are referring to freedom, not
-+price. Our General Public Licenses are designed to make sure that you
-+have the freedom to distribute copies of free software (and charge for
-+this service if you wish), that you receive source code or can get it
-+if you want it, that you can change the software or use pieces of it
-+in new free programs; and that you know you can do these things.
-+
-+ To protect your rights, we need to make restrictions that forbid
-+anyone to deny you these rights or to ask you to surrender the rights.
-+These restrictions translate to certain responsibilities for you if you
-+distribute copies of the software, or if you modify it.
-+
-+ For example, if you distribute copies of such a program, whether
-+gratis or for a fee, you must give the recipients all the rights that
-+you have. You must make sure that they, too, receive or can get the
-+source code. And you must show them these terms so they know their
-+rights.
-+
-+ We protect your rights with two steps: (1) copyright the software, and
-+(2) offer you this license which gives you legal permission to copy,
-+distribute and/or modify the software.
-+
-+ Also, for each author's protection and ours, we want to make certain
-+that everyone understands that there is no warranty for this free
-+software. If the software is modified by someone else and passed on, we
-+want its recipients to know that what they have is not the original, so
-+that any problems introduced by others will not reflect on the original
-+authors' reputations.
-+
-+ Finally, any free program is threatened constantly by software
-+patents. We wish to avoid the danger that redistributors of a free
-+program will individually obtain patent licenses, in effect making the
-+program proprietary. To prevent this, we have made it clear that any
-+patent must be licensed for everyone's free use or not licensed at all.
-+
-+ The precise terms and conditions for copying, distribution and
-+modification follow.
-+\f
-+ GNU GENERAL PUBLIC LICENSE
-+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
-+
-+ 0. This License applies to any program or other work which contains
-+a notice placed by the copyright holder saying it may be distributed
-+under the terms of this General Public License. The "Program", below,
-+refers to any such program or work, and a "work based on the Program"
-+means either the Program or any derivative work under copyright law:
-+that is to say, a work containing the Program or a portion of it,
-+either verbatim or with modifications and/or translated into another
-+language. (Hereinafter, translation is included without limitation in
-+the term "modification".) Each licensee is addressed as "you".
-+
-+Activities other than copying, distribution and modification are not
-+covered by this License; they are outside its scope. The act of
-+running the Program is not restricted, and the output from the Program
-+is covered only if its contents constitute a work based on the
-+Program (independent of having been made by running the Program).
-+Whether that is true depends on what the Program does.
-+
-+ 1. You may copy and distribute verbatim copies of the Program's
-+source code as you receive it, in any medium, provided that you
-+conspicuously and appropriately publish on each copy an appropriate
-+copyright notice and disclaimer of warranty; keep intact all the
-+notices that refer to this License and to the absence of any warranty;
-+and give any other recipients of the Program a copy of this License
-+along with the Program.
-+
-+You may charge a fee for the physical act of transferring a copy, and
-+you may at your option offer warranty protection in exchange for a fee.
-+
-+ 2. You may modify your copy or copies of the Program or any portion
-+of it, thus forming a work based on the Program, and copy and
-+distribute such modifications or work under the terms of Section 1
-+above, provided that you also meet all of these conditions:
-+
-+ a) You must cause the modified files to carry prominent notices
-+ stating that you changed the files and the date of any change.
-+
-+ b) You must cause any work that you distribute or publish, that in
-+ whole or in part contains or is derived from the Program or any
-+ part thereof, to be licensed as a whole at no charge to all third
-+ parties under the terms of this License.
-+
-+ c) If the modified program normally reads commands interactively
-+ when run, you must cause it, when started running for such
-+ interactive use in the most ordinary way, to print or display an
-+ announcement including an appropriate copyright notice and a
-+ notice that there is no warranty (or else, saying that you provide
-+ a warranty) and that users may redistribute the program under
-+ these conditions, and telling the user how to view a copy of this
-+ License. (Exception: if the Program itself is interactive but
-+ does not normally print such an announcement, your work based on
-+ the Program is not required to print an announcement.)
-+\f
-+These requirements apply to the modified work as a whole. If
-+identifiable sections of that work are not derived from the Program,
-+and can be reasonably considered independent and separate works in
-+themselves, then this License, and its terms, do not apply to those
-+sections when you distribute them as separate works. But when you
-+distribute the same sections as part of a whole which is a work based
-+on the Program, the distribution of the whole must be on the terms of
-+this License, whose permissions for other licensees extend to the
-+entire whole, and thus to each and every part regardless of who wrote it.
-+
-+Thus, it is not the intent of this section to claim rights or contest
-+your rights to work written entirely by you; rather, the intent is to
-+exercise the right to control the distribution of derivative or
-+collective works based on the Program.
-+
-+In addition, mere aggregation of another work not based on the Program
-+with the Program (or with a work based on the Program) on a volume of
-+a storage or distribution medium does not bring the other work under
-+the scope of this License.
-+
-+ 3. You may copy and distribute the Program (or a work based on it,
-+under Section 2) in object code or executable form under the terms of
-+Sections 1 and 2 above provided that you also do one of the following:
-+
-+ a) Accompany it with the complete corresponding machine-readable
-+ source code, which must be distributed under the terms of Sections
-+ 1 and 2 above on a medium customarily used for software interchange; or,
-+
-+ b) Accompany it with a written offer, valid for at least three
-+ years, to give any third party, for a charge no more than your
-+ cost of physically performing source distribution, a complete
-+ machine-readable copy of the corresponding source code, to be
-+ distributed under the terms of Sections 1 and 2 above on a medium
-+ customarily used for software interchange; or,
-+
-+ c) Accompany it with the information you received as to the offer
-+ to distribute corresponding source code. (This alternative is
-+ allowed only for noncommercial distribution and only if you
-+ received the program in object code or executable form with such
-+ an offer, in accord with Subsection b above.)
-+
-+The source code for a work means the preferred form of the work for
-+making modifications to it. For an executable work, complete source
-+code means all the source code for all modules it contains, plus any
-+associated interface definition files, plus the scripts used to
-+control compilation and installation of the executable. However, as a
-+special exception, the source code distributed need not include
-+anything that is normally distributed (in either source or binary
-+form) with the major components (compiler, kernel, and so on) of the
-+operating system on which the executable runs, unless that component
-+itself accompanies the executable.
-+
-+If distribution of executable or object code is made by offering
-+access to copy from a designated place, then offering equivalent
-+access to copy the source code from the same place counts as
-+distribution of the source code, even though third parties are not
-+compelled to copy the source along with the object code.
-+\f
-+ 4. You may not copy, modify, sublicense, or distribute the Program
-+except as expressly provided under this License. Any attempt
-+otherwise to copy, modify, sublicense or distribute the Program is
-+void, and will automatically terminate your rights under this License.
-+However, parties who have received copies, or rights, from you under
-+this License will not have their licenses terminated so long as such
-+parties remain in full compliance.
-+
-+ 5. You are not required to accept this License, since you have not
-+signed it. However, nothing else grants you permission to modify or
-+distribute the Program or its derivative works. These actions are
-+prohibited by law if you do not accept this License. Therefore, by
-+modifying or distributing the Program (or any work based on the
-+Program), you indicate your acceptance of this License to do so, and
-+all its terms and conditions for copying, distributing or modifying
-+the Program or works based on it.
-+
-+ 6. Each time you redistribute the Program (or any work based on the
-+Program), the recipient automatically receives a license from the
-+original licensor to copy, distribute or modify the Program subject to
-+these terms and conditions. You may not impose any further
-+restrictions on the recipients' exercise of the rights granted herein.
-+You are not responsible for enforcing compliance by third parties to
-+this License.
-+
-+ 7. If, as a consequence of a court judgment or allegation of patent
-+infringement or for any other reason (not limited to patent issues),
-+conditions are imposed on you (whether by court order, agreement or
-+otherwise) that contradict the conditions of this License, they do not
-+excuse you from the conditions of this License. If you cannot
-+distribute so as to satisfy simultaneously your obligations under this
-+License and any other pertinent obligations, then as a consequence you
-+may not distribute the Program at all. For example, if a patent
-+license would not permit royalty-free redistribution of the Program by
-+all those who receive copies directly or indirectly through you, then
-+the only way you could satisfy both it and this License would be to
-+refrain entirely from distribution of the Program.
-+
-+If any portion of this section is held invalid or unenforceable under
-+any particular circumstance, the balance of the section is intended to
-+apply and the section as a whole is intended to apply in other
-+circumstances.
-+
-+It is not the purpose of this section to induce you to infringe any
-+patents or other property right claims or to contest validity of any
-+such claims; this section has the sole purpose of protecting the
-+integrity of the free software distribution system, which is
-+implemented by public license practices. Many people have made
-+generous contributions to the wide range of software distributed
-+through that system in reliance on consistent application of that
-+system; it is up to the author/donor to decide if he or she is willing
-+to distribute software through any other system and a licensee cannot
-+impose that choice.
-+
-+This section is intended to make thoroughly clear what is believed to
-+be a consequence of the rest of this License.
-+\f
-+ 8. If the distribution and/or use of the Program is restricted in
-+certain countries either by patents or by copyrighted interfaces, the
-+original copyright holder who places the Program under this License
-+may add an explicit geographical distribution limitation excluding
-+those countries, so that distribution is permitted only in or among
-+countries not thus excluded. In such case, this License incorporates
-+the limitation as if written in the body of this License.
-+
-+ 9. The Free Software Foundation may publish revised and/or new versions
-+of the General Public License from time to time. Such new versions will
-+be similar in spirit to the present version, but may differ in detail to
-+address new problems or concerns.
-+
-+Each version is given a distinguishing version number. If the Program
-+specifies a version number of this License which applies to it and "any
-+later version", you have the option of following the terms and conditions
-+either of that version or of any later version published by the Free
-+Software Foundation. If the Program does not specify a version number of
-+this License, you may choose any version ever published by the Free Software
-+Foundation.
-+
-+ 10. If you wish to incorporate parts of the Program into other free
-+programs whose distribution conditions are different, write to the author
-+to ask for permission. For software which is copyrighted by the Free
-+Software Foundation, write to the Free Software Foundation; we sometimes
-+make exceptions for this. Our decision will be guided by the two goals
-+of preserving the free status of all derivatives of our free software and
-+of promoting the sharing and reuse of software generally.
-+
-+ NO WARRANTY
-+
-+ 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
-+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
-+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
-+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
-+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
-+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
-+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
-+REPAIR OR CORRECTION.
-+
-+ 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
-+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
-+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
-+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
-+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
-+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
-+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
-+POSSIBILITY OF SUCH DAMAGES.
-+
-+ END OF TERMS AND CONDITIONS
-+\f
-+ How to Apply These Terms to Your New Programs
-+
-+ If you develop a new program, and you want it to be of the greatest
-+possible use to the public, the best way to achieve this is to make it
-+free software which everyone can redistribute and change under these terms.
-+
-+ To do so, attach the following notices to the program. It is safest
-+to attach them to the start of each source file to most effectively
-+convey the exclusion of warranty; and each file should have at least
-+the "copyright" line and a pointer to where the full notice is found.
-+
-+ <one line to give the program's name and a brief idea of what it does.>
-+ Copyright (C) <year> <name of author>
-+
-+ This program is free software; you can redistribute it and/or modify
-+ it under the terms of the GNU General Public License as published by
-+ the Free Software Foundation; either version 2 of the License, or
-+ (at your option) any later version.
-+
-+ This program is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+ GNU General Public License for more details.
-+
-+ You should have received a copy of the GNU General Public License
-+ along with this program; if not, write to the Free Software
-+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-+
-+
-+Also add information on how to contact you by electronic and paper mail.
-+
-+If the program is interactive, make it output a short notice like this
-+when it starts in an interactive mode:
-+
-+ Gnomovision version 69, Copyright (C) year name of author
-+ Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
-+ This is free software, and you are welcome to redistribute it
-+ under certain conditions; type `show c' for details.
-+
-+The hypothetical commands `show w' and `show c' should show the appropriate
-+parts of the General Public License. Of course, the commands you use may
-+be called something other than `show w' and `show c'; they could even be
-+mouse-clicks or menu items--whatever suits your program.
-+
-+You should also get your employer (if you work as a programmer) or your
-+school, if any, to sign a "copyright disclaimer" for the program, if
-+necessary. Here is a sample; alter the names:
-+
-+ Yoyodyne, Inc., hereby disclaims all copyright interest in the program
-+ `Gnomovision' (which makes passes at compilers) written by James Hacker.
-+
-+ <signature of Ty Coon>, 1 April 1989
-+ Ty Coon, President of Vice
-+
-+This General Public License does not permit incorporating your program into
-+proprietary programs. If your program is a subroutine library, you may
-+consider it more useful to permit linking proprietary applications with the
-+library. If this is what you want to do, use the GNU Library General
-+Public License instead of this License.
-diff --git a/base/cgcs-users/cgcs-users-1.0/COPYRIGHT b/base/cgcs-users/cgcs-users-1.0/COPYRIGHT
-new file mode 100644
-index 0000000..7507d05
---- /dev/null
-+++ b/base/cgcs-users/cgcs-users-1.0/COPYRIGHT
-@@ -0,0 +1,17 @@
-+This file is part of IBSH (Iron Bars Shell) , a restricted Unix shell
-+Copyright (C) 2005 Attila Nagyidai
-+
-+This program is free software; you can redistribute it and/or
-+modify it under the terms of the GNU General Public License
-+as published by the Free Software Foundation; either version 2
-+of the License, or (at your option) any later version.
-+
-+This program is distributed in the hope that it will be useful,
-+but WITHOUT ANY WARRANTY; without even the implied warranty of
-+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+GNU General Public License for more details.
-+
-+You should have received a copy of the GNU General Public License
-+along with this program; if not, write to the Free Software
-+Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-+
-diff --git a/base/cgcs-users/cgcs-users-1.0/INSTALL b/base/cgcs-users/cgcs-users-1.0/INSTALL
-new file mode 100644
-index 0000000..42b1866
---- /dev/null
-+++ b/base/cgcs-users/cgcs-users-1.0/INSTALL
-@@ -0,0 +1,23 @@
-+Installing ibsh is really easy, so no need for the usual sections
-+in this document. There is no configure script either, so if
-+something wrong, make will fail.
-+
-+# make ibsh
-+# make ibsh_install
-+
-+Optionally:
-+
-+# make clean
-+
-+
-+To uninstall ibsh:
-+
-+# make ibsh_uninstall
-+
-+
-+Of course you will have to enable this shell by:
-+# echo /bin/ibsh >> /etc/shells
-+or however you like it.
-+And make sure the permissions read 0755 !
-+
-+2005.03.24.
-diff --git a/base/cgcs-users/cgcs-users-1.0/Makefile b/base/cgcs-users/cgcs-users-1.0/Makefile
-new file mode 100644
-index 0000000..ed37d00
---- /dev/null
-+++ b/base/cgcs-users/cgcs-users-1.0/Makefile
-@@ -0,0 +1,56 @@
-+# This is the makefile for ibsh 0.3e
-+CC = gcc
-+OBJECTS = main.o command.o jail.o execute.o config.o misc.o antixploit.o delbadfiles.o
-+
-+ibsh: ${OBJECTS} ibsh.h
-+ ${CC} -o ibsh ${OBJECTS}
-+
-+main.o: main.c ibsh.h
-+ ${CC} -c main.c
-+
-+command.o: command.c ibsh.h
-+ ${CC} -c command.c
-+
-+jail.o: jail.c ibsh.h
-+ ${CC} -c jail.c
-+
-+execute.o: execute.c ibsh.h
-+ ${CC} -c execute.c
-+
-+config.o: config.c ibsh.h
-+ ${CC} -c config.c
-+
-+misc.o: misc.c ibsh.h
-+ ${CC} -c misc.c
-+
-+antixploit.o: antixploit.c ibsh.h
-+ ${CC} -c antixploit.c
-+
-+delbadfiles.o: delbadfiles.c ibsh.h
-+ ${CC} -c delbadfiles.c
-+
-+ibsh_install:
-+ cp ./ibsh /bin/
-+ mkdir /etc/ibsh
-+ mkdir /etc/ibsh/cmds
-+ mkdir /etc/ibsh/xtns
-+ cp ./globals.cmds /etc/ibsh/
-+ cp ./globals.xtns /etc/ibsh/
-+
-+ibsh_uninstall:
-+ rm -rf /etc/ibsh/globals.cmds
-+ rm -rf /etc/ibsh/globals.xtns
-+ rm -rf /etc/ibsh/cmds/*.*
-+ rm -rf /etc/ibsh/xtns/*.*
-+ rmdir /etc/ibsh/cmds
-+ rmdir /etc/ibsh/xtns
-+ rmdir /etc/ibsh
-+ rm -rf /bin/ibsh
-+
-+clean:
-+ rm -rf ibsh
-+ rm -rf *.o
-+
-+
-+# 13:49 2005.04.06.
-+
-diff --git a/base/cgcs-users/cgcs-users-1.0/README b/base/cgcs-users/cgcs-users-1.0/README
-new file mode 100644
-index 0000000..2035e57
---- /dev/null
-+++ b/base/cgcs-users/cgcs-users-1.0/README
-@@ -0,0 +1,29 @@
-+ Iron Bars SHell - a restricted interactive shell.
-+
-+Overview
-+
-+ For long i have been in the search of a decent restricted shell, but in vain.
-+ The few i found, were really easy to hack, and there were quite a few docs
-+ around on the web about hacking restricted shells with a menu interface.
-+ For my definitions, a restricted shell must not only prevent the user to
-+ escape her jail, but also not to access any files outside the jail.
-+ The system administrator must have total control over the restricted shell.
-+ These are the major features incorporated and realized by ibsh.
-+
-+
-+Features
-+
-+ Please read the changelog.
-+
-+
-+Installation
-+
-+ Read the INSTALL file.
-+
-+
-+Contact
-+ See Authors file.
-+
-+
-+Attila Nagyidai
-+2005.05.23.
-diff --git a/base/cgcs-users/cgcs-users-1.0/Release b/base/cgcs-users/cgcs-users-1.0/Release
-new file mode 100644
-index 0000000..e6cb9f3
---- /dev/null
-+++ b/base/cgcs-users/cgcs-users-1.0/Release
-@@ -0,0 +1,17 @@
-+This release introduces minor bugfixes, and important new and renewed features.
-+Erasing evil files in the home directory of the user is incorporated again, with
-+many improvements. First of all: no file will be erased! Only the access to them
-+will be blocked. The extension policy has changed, now ibsh blocks those extensions,
-+that are NOT listed. This goes in sync with the usual method of operation of ibsh.
-+The execute permission of files in the user space, will be removed.
-+New customizing features were added: each user now can have her own commands and
-+extensions file, created and maintained by the system administrator. Some users
-+(employees) may require access to special programs. User configuration files allow
-+this access only those, who need it, not for everybody.
-+Ibsh now scans not only the extensions of files, but the content too! Whatever the permission
-+for a certain file exists, if that contains source code, or is a linux binary, access
-+will be blocked.
-+The absolute path for the users is now limited to 255 characters. Longer, already
-+existing filenames will be renamed.
-+
-+06/04/2005
-diff --git a/base/cgcs-users/cgcs-users-1.0/TODO b/base/cgcs-users/cgcs-users-1.0/TODO
-new file mode 100644
-index 0000000..9a8de60
---- /dev/null
-+++ b/base/cgcs-users/cgcs-users-1.0/TODO
-@@ -0,0 +1,10 @@
-+TODO
-+
-+ - tab completion.
-+ - shell variables.
-+ - some changes to the prompt, maybe variable prompt.
-+ - history
-+ - to be able to use corporate, or other large/complicated programs in a safe
-+ working environment, yet be able to share files/work with others.
-+
-+2005.05.23.
-diff --git a/base/cgcs-users/cgcs-users-1.0/VERSION b/base/cgcs-users/cgcs-users-1.0/VERSION
-new file mode 100644
-index 0000000..aaf9552
---- /dev/null
-+++ b/base/cgcs-users/cgcs-users-1.0/VERSION
-@@ -0,0 +1 @@
-+IBSH v0.3e
-diff --git a/base/cgcs-users/cgcs-users-1.0/antixploit.c b/base/cgcs-users/cgcs-users-1.0/antixploit.c
-new file mode 100644
-index 0000000..79ac9e4
---- /dev/null
-+++ b/base/cgcs-users/cgcs-users-1.0/antixploit.c
-@@ -0,0 +1,131 @@
-+/*
-+ Created: 03.19.05 11:34:57 by Attila Nagyidai
-+
-+ $Id: C\040Console.c,v 1.1.2.1 2003/08/13 00:38:46 neum Exp $
-+
-+ This file is part of IBSH (Iron Bars Shell) , a restricted Unix shell
-+ Copyright (C) 2005 Attila Nagyidai
-+
-+ This program is free software; you can redistribute it and/or
-+ modify it under the terms of the GNU General Public License
-+ as published by the Free Software Foundation; either version 2
-+ of the License, or (at your option) any later version.
-+
-+ This program is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+ GNU General Public License for more details.
-+
-+ You should have received a copy of the GNU General Public License
-+ along with this program; if not, write to the Free Software
-+ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-+
-+ Author: Attila Nagyidai
-+ Email: na@ent.hu
-+
-+ Co-Author: Shy
-+ Email: shy@cpan.org
-+
-+ Co-Author: Witzy
-+ Email: stazzz@altern.org
-+
-+ URL: http://ibsh.sourceforge.net
-+ IRC: irc.freenode.net #ibsh
-+ RSS, Statistics, etc: http://sourceforge.net/projects/ibsh/
-+
-+*/
-+
-+/* Header files */
-+#include "ibsh.h"
-+
-+
-+void lshift( char *line )
-+{
-+ int i = 0;
-+
-+ for (i=0; i<strlen(line) - 1; i++) {
-+ line[i] = line[i+1];
-+ }
-+}
-+
-+
-+/* Checks if a part of the command line contains */
-+/* a file in the jail, that is a source code. */
-+/* Source codes must not be compiled, interpreted, */
-+/* or otherwise used. */
-+/* abspath is loggedin.udir, if the token is a path. */
-+/* otherwise abspath is realpath. */
-+int antixploit( const char *abspath, char *token )
-+{
-+ char jailfile[STRING_SIZE], line[LINE_SIZE], temp[BUFFER_SIZE];
-+ struct stat info;
-+ FILE *fp;
-+ int retval = 0;
-+
-+
-+ snprintf(jailfile, STRING_SIZE, "%s/%s/%s", loggedin.udir, abspath, token);
-+#ifdef DEBUG
-+ printf("jailfile: %s\n", jailfile);
-+#endif
-+ if ( (lstat(jailfile, &info)) == -1 ) {
-+ // this is not a file
-+ return 0;
-+ }
-+
-+ fp = fopen(jailfile, "rb");
-+ if ( fp == NULL ) {
-+ // if i cant open it, gcc cant open it
-+ return 0;
-+ }
-+
-+ fgets(line, LINE_SIZE, fp);
-+ while ( line[0] != '\0' ) {
-+#ifdef DEBUG
-+ printf("Line: %s\n", line);
-+#endif
-+ // c, c++
-+ if ( (strncmp(line, C_CODE, strlen(C_CODE) - 1)) == 0 ) {
-+ retval = 1;
-+ break;
-+ }
-+ // perl, sh, python
-+ if ( (strncmp(line, SHELL_CODE, strlen(SHELL_CODE) - 1)) == 0 ) {
-+ retval = 1;
-+ break;
-+ }
-+ // python
-+ if ( (strncmp(line, PYTHON_CODE, strlen(PYTHON_CODE) - 1)) == 0 ) {
-+ retval = 1;
-+ break;
-+ }
-+ // ada
-+ if ( (strncmp(line, ADA_CODE, strlen(ADA_CODE) - 1)) == 0 ) {
-+ retval = 1;
-+ break;
-+ }
-+ // eiffel
-+ if ( (strncmp(line, EIFFEL_CODE, strlen(EIFFEL_CODE) - 1)) == 0 ) {
-+ retval = 1;
-+ break;
-+ }
-+ // lisp
-+ if ( (strncmp(line, LISP_CODE, strlen(LISP_CODE) - 1)) == 0 ) {
-+ retval = 1;
-+ break;
-+ }
-+ // elf
-+ lshift(line);
-+ if ( (strncmp(line, ELF_CODE, strlen(ELF_CODE) - 1)) == 0 ) {
-+ retval = 1;
-+ break;
-+ }
-+ bzero(line, LINE_SIZE);
-+ fgets(line, LINE_SIZE, fp);
-+ }
-+ fclose(fp);
-+#ifdef DEBUG
-+ printf("retval: %d\n", retval);
-+#endif
-+ return retval;
-+}
-+
-diff --git a/base/cgcs-users/cgcs-users-1.0/command.c b/base/cgcs-users/cgcs-users-1.0/command.c
-new file mode 100644
-index 0000000..91d9d8f
---- /dev/null
-+++ b/base/cgcs-users/cgcs-users-1.0/command.c
-@@ -0,0 +1,209 @@
-+/*
-+ Created: 03.19.05 11:34:57 by Attila Nagyidai
-+
-+ $Id: C\040Console.c,v 1.1.2.1 2003/08/13 00:38:46 neum Exp $
-+
-+ This file is part of IBSH (Iron Bars Shell) , a restricted Unix shell
-+ Copyright (C) 2005 Attila Nagyidai
-+
-+ This program is free software; you can redistribute it and/or
-+ modify it under the terms of the GNU General Public License
-+ as published by the Free Software Foundation; either version 2
-+ of the License, or (at your option) any later version.
-+
-+ This program is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+ GNU General Public License for more details.
-+
-+ You should have received a copy of the GNU General Public License
-+ along with this program; if not, write to the Free Software
-+ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-+
-+ Author: Attila Nagyidai
-+ Email: na@ent.hu
-+
-+ Co-Author: Shy
-+ Email: shy@cpan.org
-+
-+ Co-Author: Witzy
-+ Email: stazzz@altern.org
-+
-+ URL: http://ibsh.sourceforge.net
-+ IRC: irc.freenode.net #ibsh
-+ RSS, Statistics, etc: http://sourceforge.net/projects/ibsh/
-+
-+*/
-+
-+/* Header files */
-+#include "ibsh.h"
-+
-+extern Strng commands[MAX_ITEMS];
-+
-+/* This is my version of scanf. It offers good protection against */
-+/* buffer overflow attacks. */
-+/* Technical Description: */
-+/* Variables: the char to read to from stdin, the sum of chars typed in, */
-+/* and an integer for length checking. */
-+/* Read characters from stdin in a loop, until Enter is pressed. */
-+/* The line size check wont stop accepting characters, but it will */
-+/* break long commands to LINE_SIZEd pieces. */
-+/* Update: */
-+/* Read only 80 characters. If the current path + this 80 chars + / */
-+/* are longer then 255, read less chars. */
-+void myscanf( char *vptr, char *abspath )
-+{
-+ int c;
-+ char chars[STRING_SIZE];
-+ int i = 0, j = 0;
-+ int linesize = LINE_SIZE;
-+
-+ fflush(stdin);
-+ if ( (strlen(abspath)) > (255 - 80 - 1) ) {
-+ linesize = 255 - strlen(abspath) - 1; /* thats for the / */
-+ }
-+
-+ while ( ((c = getchar()) != 10) && ( i < linesize ) ) {
-+ //printf("%d", c);
-+ if (c > 127) {
-+ c = 0;
-+ //ungetc(c, stdin);
-+ //fflush(stdin);
-+ break;
-+ }
-+ if ( c < 0 ) {
-+ ungetc(c, stdin);
-+ openlog("ibsh", LOG_PID, LOG_AUTH);
-+ syslog(LOG_INFO, "user %s has logged out.", loggedin.uname);
-+ closelog();
-+ exit(0);
-+ }
-+ chars[i] = c;
-+ /* the user is not allowed to pass long lines of trash to ibsh */
-+ i++;
-+ }
-+ chars[i] = '\0';
-+ strncpy(vptr,chars,STRING_SIZE-1);
-+ vptr[STRING_SIZE-1] = '\0';
-+}
-+
-+
-+/* Checks, if the user command, is blacklisted, a hack attempt, */
-+/* or it is a real and allowed command. */
-+/* Technical Description: */
-+/* Variables: pointer for the strtok, temporary strings, counters, */
-+/* and an integer to check, how deep is the user in the jail. That is */
-+/* the level of subdirectories below jail root. It is set to -1, because */
-+/* there is always a / in the jailpath. So only subdir /'s are counted. */
-+/* Check if the command contains special characters, if yes, quit. */
-+/* If the user is in jailroot, a ../ is not appropriate! */
-+/* Count the slashes in the jailpath, so if the user uses way too many */
-+/* ../ 's, then we will know. Split the command to particles by the spaces. */
-+/* Count the dirups (../); if a token starts with a /, paste the homedir path */
-+/* right in front of it. Thats your root booby, not / !!!! */
-+/* Finally check the command against the COMMANDS_LIST. */
-+int CommandOK( const char *thecommand, const char *rootdir,
-+const char *jailpath, char *newcommand )
-+{
-+ char *tok;
-+ char temp1[STRING_SIZE], *temp2;
-+ int i = 0, j = 0;
-+ int subdirlevel = -1; /* jailpath always starts with a / */
-+ int dirupfound = 0;
-+ int listed = 0;
-+
-+ /* First, get the fancy stuff: */
-+ /* ../ out of the jailroot, too many ../ out of some */
-+ /* subdirectory in the jail, multiple commands, pipes. */
-+ bzero(newcommand,STRING_SIZE);
-+
-+ if ( (strstr(thecommand, ";")) != NULL ) {
-+ return 0;
-+ }
-+ if ( (strstr(thecommand, "|")) != NULL ) {
-+ return 0;
-+ }
-+ if ( (strstr(thecommand, "&")) != NULL ) {
-+ return 0;
-+ }
-+ if ( (strstr(thecommand, "&&")) != NULL ) {
-+ return 0;
-+ }
-+ if ( (strstr(thecommand, "||")) != NULL ) {
-+ return 0;
-+ }
-+ /* The user is in the jailroot. */
-+ if ( (strcmp(jailpath, "/")) == 0 ) {
-+ /* Does the user wish to get out ? */
-+ if ( (strstr(thecommand, "..")) != NULL ) {
-+ return 0;
-+ }
-+ }
-+ /* The user is deeper, than the jailroot, and */
-+ /* this is a problem. How deep is he, how many */
-+ /* ../ do we allow ?? */
-+ else {
-+ for (i = 0; i < strlen(jailpath); i++) {
-+ if ( jailpath[i] == '/' ) {
-+ subdirlevel++;
-+ }
-+ }
-+ }
-+
-+ /* Split the command */
-+ for (tok = strtok((void *) thecommand, " "); tok; tok = strtok(0, " ")) {
-+ /* Separate parts of the command with a space */
-+ if ( (strlen(newcommand)) > 0 ) {
-+ strncat(newcommand," ", STRING_SIZE-strlen(newcommand)-1);
-+ }
-+
-+ /* He wants to get to the real root, does he ? */
-+ /* In that case, add the jailroot to the left. */
-+ if ( tok[0] == '/' ) {
-+ strncat(newcommand,rootdir,STRING_SIZE-strlen(newcommand)-1);
-+ }
-+
-+ /* how many ../ are here */
-+ /* if too many, that is more, then how deep */
-+ /* the user in the subdirs inside the jail is, */
-+ /* cancel the execution of the command. */
-+ if ( (strstr(tok, "../")) != NULL ) {
-+ strncpy(temp1,tok,sizeof(temp1)-1);
-+ temp1[sizeof(temp1)-1] = '\0';
-+
-+ while (1) {
-+ temp2 = strstr(temp1, "../");
-+ if ( temp2 == NULL ) {
-+ break;
-+ }
-+ LTrim3(temp2, temp1);
-+ dirupfound++;
-+ }
-+ if ( dirupfound > subdirlevel ) {
-+ return 0;
-+ }
-+ /* replace dirups with real path */
-+ for (i = 0; i < dirupfound; i++) {
-+ PathMinusOne(jailpath, tok, subdirlevel,sizeof(tok));
-+ }
-+ }
-+ /* if command is not listed, return 0 */
-+ i = 0;
-+ while ( ((strlen(commands[i])) > 0) && ( j == 0 ) ) {
-+ if ( (strcmp(tok, commands[i])) == 0 ) {
-+ listed = 1;
-+ break;
-+ }
-+ i++;
-+ }
-+ j++;
-+ strncat(newcommand,tok,STRING_SIZE-strlen(newcommand)-1);
-+
-+}
-+#ifdef DEBUG
-+ printf("old: %s; new: %s; ok: %d\n", thecommand, newcommand, listed);
-+#endif
-+ return listed;
-+}
-+
-+
-diff --git a/base/cgcs-users/cgcs-users-1.0/config.c b/base/cgcs-users/cgcs-users-1.0/config.c
-new file mode 100644
-index 0000000..8e2af23
---- /dev/null
-+++ b/base/cgcs-users/cgcs-users-1.0/config.c
-@@ -0,0 +1,179 @@
-+/*
-+ Created: 03.19.05 11:34:57 by Attila Nagyidai
-+
-+ $Id: C\040Console.c,v 1.1.2.1 2003/08/13 00:38:46 neum Exp $
-+
-+ This file is part of IBSH (Iron Bars Shell) , a restricted Unix shell
-+ Copyright (C) 2005 Attila Nagyidai
-+
-+ Copyright(c) 2013-2017 Wind River Systems, Inc. All rights reserved.
-+
-+ This program is free software; you can redistribute it and/or
-+ modify it under the terms of the GNU General Public License
-+ as published by the Free Software Foundation; either version 2
-+ of the License, or (at your option) any later version.
-+
-+ This program is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+ GNU General Public License for more details.
-+
-+ You should have received a copy of the GNU General Public License
-+ along with this program; if not, write to the Free Software
-+ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-+
-+ Author: Attila Nagyidai
-+ Email: na@ent.hu
-+
-+ Co-Author: Shy
-+ Email: shy@cpan.org
-+
-+ Co-Author: Witzy
-+ Email: stazzz@altern.org
-+
-+ URL: http://ibsh.sourceforge.net
-+ IRC: irc.freenode.net #ibsh
-+ RSS, Statistics, etc: http://sourceforge.net/projects/ibsh/
-+
-+*/
-+
-+/* Header files */
-+#include "ibsh.h"
-+
-+extern Strng commands[MAX_ITEMS];
-+extern Strng extensions[MAX_ITEMS];
-+
-+/* Shy's improved version of the original (and not well working) loadconfig. */
-+/* Reads both config files, and parses the contents into arrays. */
-+/* This one effectively dismisses every comment from the files. */
-+/* Technical Description: */
-+/* Variables: file pointer, counters, temporary string arrays. */
-+/* The method is the same for both files. First open the file, catch */
-+/* any errors. Read file 'til eof. Not read comments (starting with '#'), */
-+/* remove trailing newline character. Copy the finished item to the */
-+/* pass-by-address arguments. */
-+int LoadConfig( void )
-+{
-+ FILE *fp;
-+ int i = 0;
-+ char *file_user;
-+
-+ Strng tmp[MAX_ITEMS];
-+ Strng tmp2[MAX_ITEMS];
-+
-+ /* COMMAND CONFIG !!!! */
-+ file_user = (char *)malloc(strlen(loggedin.uname) + strlen(COMMANDS_DIR) + strlen(".cmds") + 2);
-+
-+ if(loggedin.uname != NULL)
-+ sprintf(file_user, "%s/%s.cmds", COMMANDS_DIR, loggedin.uname);
-+ else{
-+ free(file_user);
-+ return -1;
-+ }
-+
-+ /* Open global config,if not present go out !!! */
-+ if((fp = fopen(COMMANDS_FILE,"r")) == NULL) {
-+ OPENLOG;
-+ syslog(LOG_ERR, "ibsh panic! Global commands file %s can not be read.", COMMANDS_FILE);
-+ CLOSELOG;
-+ exit(0);
-+ }
-+
-+ while (!feof(fp) && (i<MAX_ITEMS)) {
-+ fgets(tmp[i],STRING_SIZE,fp);
-+ if ( tmp[i][0] != '#' ) {
-+ /* Delete '\n' */
-+ tmp[i][strlen(tmp[i]) - 1] = '\0';
-+ strncpy(commands[i],tmp[i],strlen(tmp[i]));
-+
-+#ifdef DEBUG
-+ printf("COMMANDS %s\n",commands[i]);
-+#endif
-+ i++;
-+ }
-+ }
-+ fclose(fp);
-+
-+
-+#ifdef DEBUG
-+ printf("FILE USER %s\n",file_user);
-+#endif
-+ /* Add the user command */
-+ if ((fp = fopen(file_user,"r")) == NULL) {
-+ free(file_user);
-+ }
-+ else {
-+ i--;
-+
-+ while (!feof(fp) && (i<MAX_ITEMS)) {
-+ fgets(tmp[i],STRING_SIZE,fp);
-+ if ( tmp[i][0] != '#' ) {
-+ // Delete '\n'
-+ tmp[i][strlen(tmp[i]) - 1] = '\0';
-+ strncpy(commands[i],tmp[i],strlen(tmp[i]));
-+#ifdef DEBUG
-+ printf("COMMANDS %s\n",commands[i]);
-+#endif
-+
-+ i++;
-+ }
-+ }
-+ fclose(fp);
-+ free(file_user);
-+ }
-+
-+ i = 0;
-+
-+ /* EXTENSIONS CONFIG !!!!*/
-+
-+ file_user = (char *)malloc(strlen(loggedin.uname) + strlen(EXTENSIONS_DIR) + strlen(".xtns") + 2);
-+
-+ sprintf(file_user, "%s/%s.xtns", EXTENSIONS_DIR, loggedin.uname);
-+
-+ /* Open global config,if not present go out !!! */
-+ if((fp = fopen(EXTENSIONS_FILE,"r")) == NULL) {
-+ OPENLOG;
-+ syslog(LOG_ERR, "ibsh panic! Global extensions file %s can not be read.", EXTENSIONS_FILE);
-+ CLOSELOG;
-+ printf("heyxtns");
-+ exit(0);
-+ }
-+
-+ while (!feof(fp) && (i<MAX_ITEMS)) {
-+ fgets(tmp2[i],STRING_SIZE,fp);
-+ if ( tmp2[i][0] != '#' ) {
-+ /* Delete '\n' */
-+ tmp2[i][strlen(tmp2[i]) - 1] = '\0';
-+ strncpy(extensions[i],tmp2[i],strlen(tmp2[i]));
-+#ifdef DEBUG
-+ printf("EXTENSIONS %s\n",extensions[i]);
-+#endif
-+ i++;
-+ }
-+ }
-+ fclose(fp);
-+
-+
-+ /* Add the user extensions */
-+ if ((fp = fopen(file_user,"r")) == NULL) {
-+ free(file_user);
-+ return 0;
-+ }
-+
-+ i--;
-+
-+ while (!feof(fp) && (i<MAX_ITEMS)) {
-+ fgets(tmp2[i],STRING_SIZE,fp);
-+ if ( tmp2[i][0] != '#' ) {
-+ // Delete '\n'
-+ tmp2[i][strlen(tmp2[i]) - 1] = '\0';
-+ strncpy(extensions[i],tmp2[i],strlen(tmp2[i]));
-+ i++;
-+ }
-+ }
-+ fclose(fp);
-+ free(file_user);
-+
-+ return 0;
-+}
-+
-diff --git a/base/cgcs-users/cgcs-users-1.0/delbadfiles.c b/base/cgcs-users/cgcs-users-1.0/delbadfiles.c
-new file mode 100644
-index 0000000..fc09f4b
---- /dev/null
-+++ b/base/cgcs-users/cgcs-users-1.0/delbadfiles.c
-@@ -0,0 +1,239 @@
-+/*
-+ Created: 03.19.05 11:34:57 by Attila Nagyidai
-+
-+ $Id: C\040Console.c,v 1.1.2.1 2003/08/13 00:38:46 neum Exp $
-+
-+ This file is part of IBSH (Iron Bars Shell) , a restricted Unix shell
-+ Copyright (C) 2005 Attila Nagyidai
-+
-+ This program is free software; you can redistribute it and/or
-+ modify it under the terms of the GNU General Public License
-+ as published by the Free Software Foundation; either version 2
-+ of the License, or (at your option) any later version.
-+
-+ This program is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+ GNU General Public License for more details.
-+
-+ You should have received a copy of the GNU General Public License
-+ along with this program; if not, write to the Free Software
-+ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-+
-+ Author: Attila Nagyidai
-+ Email: na@ent.hu
-+
-+ Co-Author: Shy
-+ Email: shy@cpan.org
-+
-+ Co-Author: Witzy
-+ Email: stazzz@altern.org
-+
-+ URL: http://ibsh.sourceforge.net
-+ IRC: irc.freenode.net #ibsh
-+ RSS, Statistics, etc: http://sourceforge.net/projects/ibsh/
-+
-+*/
-+
-+/* Header files */
-+#include "ibsh.h"
-+
-+extern Strng extensions[MAX_ITEMS];
-+
-+/* witzy's fix of the DelBadFiles function, making it work and adding features.
-+ It drops rights of the files which don't end with an extension present into the extensions array,
-+ deletes symbolic links pointing out of the jail, and makes unexecutable the files that are executable.
-+ A message is printed each time such a file is found, explaining what was done.
-+ Don't forget that this function chdirs to the path given into parameter, so when DelBadFiles returns,
-+ your current working directory is this path.
-+*/
-+void DelBadFiles (const char *basedir)
-+{
-+ DIR *dp;
-+ struct dirent *list;
-+ struct stat info, attr;
-+ char tmp[STRING_SIZE];
-+ int i, allowed;
-+
-+ strncpy(tmp, basedir, STRING_SIZE - 1);
-+ if ( lstat( tmp, &info ) == -1 ) {
-+ return;
-+ }
-+
-+ if ( !S_ISDIR(info.st_mode) ) {
-+ return;
-+ }
-+
-+ if ( (dp = opendir(tmp)) == NULL ) {
-+ closedir( dp );
-+ return;
-+ }
-+
-+ if ( chdir(tmp) == -1 ) {
-+ return;
-+ }
-+
-+ while ( (list = readdir(dp)) != NULL ) {
-+#ifdef DEBUG
-+ printf("direntry: %s\n", list->d_name);
-+#endif
-+ if ( (lstat(list->d_name, &attr)) < 0 )
-+ continue;
-+
-+ // rename long path names
-+#ifdef DEBUG
-+ printf("length: %d;\n", (strlen(basedir) + strlen(list->d_name) + 2) );
-+#endif
-+ if ( (strlen(basedir) + strlen(list->d_name) + 2) > 255 ) {
-+ snprintf(tmp, 255 - strlen(basedir) - 2, "%s", list->d_name);
-+ rename(list->d_name, tmp);
-+#ifdef DEBUG
-+ printf("%s renamed to %s !\n", list->d_name, tmp);
-+#endif
-+ if ( (antixploit(basedir, tmp)) == 1 ) {
-+ removeAllRights(list->d_name, &attr);
-+ }
-+ if (isExecutable(&attr)) {
-+ makeUnexecutable(tmp, &attr);
-+ }
-+ continue;
-+ }
-+
-+ if ( S_ISDIR(attr.st_mode) ) { /* in the case of a directory */
-+ if ( ((strcmp(list->d_name, ".")) != 0) && ((strcmp(list->d_name, "..")) != 0) ) {
-+#ifdef DEBUG
-+ printf("recursive call for %s\n", list->d_name);
-+#endif
-+ DelBadFiles(list->d_name); /* recursively look for bad files in this directory */
-+ chdir ("..");
-+ }
-+ } else if ( S_ISLNK(attr.st_mode) ) { /* in the case of a symlink */
-+ if ( symlinkGoesOuttaJail(list->d_name) ) {
-+#ifdef DEBUG
-+ printf("symlinkoutofjail: %s\n", list->d_name);
-+#endif
-+ if (unlink(list->d_name) == 0) {
-+ bzero (tmp, sizeof(tmp));
-+ snprintf (tmp, sizeof(tmp)-1, "Illegal symbolic link %s was erased. Contact the sysadmin for policy.\n", list->d_name);
-+ logPrintBadfile (tmp);
-+ }
-+ }
-+ } else if (hasSomeRwxRights(&attr)) { /* other cases (in particular a file), only if there are some rights on it */
-+#ifdef DEBUG
-+ printf("%s has some rights\n", list->d_name);
-+#endif
-+ /* check the runnability of the file */
-+ if (isExecutable(&attr)) {
-+#ifdef DEBUG
-+ printf("%s executable\n", list->d_name);
-+#endif
-+ if (makeUnexecutable(list->d_name, &attr) == 0) {
-+ bzero (tmp, sizeof(tmp));
-+ snprintf (tmp, sizeof(tmp)-1, "Executable file %s is not anymore. Contact the sysadmin for policy.\n", list->d_name);
-+ logPrintBadfile (tmp);
-+ }
-+ }
-+
-+ if ( (antixploit(basedir, list->d_name)) == 1 ) {
-+ if (removeAllRights(list->d_name, &attr) == 0) {
-+ bzero (tmp, sizeof(tmp));
-+ snprintf (tmp, sizeof(tmp)-1, "Illegal file %s got its rights dropped. Contact the sysadmin for policy.\n", list->d_name);
-+ logPrintBadfile (tmp);
-+ continue;
-+ }
-+ }
-+
-+ /* check if the file has a permitted extension */
-+ for (i = 0, allowed = 0; (strlen(extensions[i])) > 0 && !allowed; i++) {
-+ if ( (strstr(list->d_name, extensions[i])) != NULL ) {
-+#ifdef DEBUG
-+ printf("filename: %s; extension: %s\n", list->d_name, extensions[i]);
-+#endif
-+ allowed = 1;
-+ }
-+ } /* for */
-+ if (!allowed) { /* if the file hasn't an allowed extension */
-+#ifdef DEBUG
-+ printf("not allowed extension for %s\n", list->d_name);
-+#endif
-+ if (removeAllRights(list->d_name, &attr) == 0) {
-+ bzero (tmp, sizeof(tmp));
-+ snprintf (tmp, sizeof(tmp)-1, "Illegal file %s got its rights dropped. Contact the sysadmin for policy.\n", list->d_name);
-+ logPrintBadfile (tmp);
-+ }
-+ }
-+ } /* else */
-+
-+ } /* while */
-+
-+ closedir( dp );
-+}
-+
-+/* takes a symlink location, resolves it and returns :
-+ 1 if the symlink points out of the jail
-+ 0 else, meaning the symlink is ok
-+*/
-+int symlinkGoesOuttaJail (const char * sl)
-+{
-+ char fPnted[PATH_MAX];
-+ char rslvdPath[PATH_MAX]; /* size of PATH_MAX because of realpath() behavior */
-+ int i;
-+
-+ i = readlink (sl, fPnted, PATH_MAX);
-+ if ( i > 0 && i < PATH_MAX ) {
-+ fPnted[i] = '\0';
-+ if (realpath (fPnted, rslvdPath) == rslvdPath) {
-+ if ( strncmp (loggedin.udir, rslvdPath, strlen(loggedin.udir)) == 0 )
-+ return 0;
-+ else
-+ return 1;
-+ }
-+ }
-+ return 1; /* if this line is reached, there was a problem with the processing of the symlink,
-+ e.g. the path is too long, so we should consider that the symlink is bad,
-+ and may be deleted by the calling function */
-+}
-+
-+/* takes a stat structure, and returns
-+ 1 if at least one of the user/group/other execution bits or suid/guid are set
-+ 0 if no such bit is set at all
-+ */
-+int isExecutable (struct stat * s)
-+{
-+ if ( ((s->st_mode & S_IXUSR) == S_IXUSR)
-+ | ((s->st_mode & S_IXGRP) == S_IXGRP)
-+ | ((s->st_mode & S_IXOTH) == S_IXOTH)
-+ | ((s->st_mode & S_ISUID) == S_ISUID)
-+ | ((s->st_mode & S_ISGID) == S_ISGID) )
-+ return 1;
-+ return 0;
-+}
-+
-+int hasSomeRwxRights (struct stat * s)
-+{
-+ if ( ((s->st_mode & S_IRWXU) != 0)
-+ | ((s->st_mode & S_IRWXG) != 0)
-+ | ((s->st_mode & S_IRWXO) != 0) )
-+ return 1;
-+ return 0;
-+}
-+
-+int makeUnexecutable (const char * filename, struct stat * s)
-+{
-+ return chmod (filename,
-+ s->st_mode & ~(S_IXUSR | S_IXGRP | S_IXOTH | S_ISUID | S_ISGID) );
-+}
-+
-+int removeAllRights (const char * filename, struct stat * s)
-+{
-+ return chmod (filename,
-+ s->st_mode & ~(S_IRWXU | S_IRWXG | S_IRWXO | S_ISUID | S_ISGID) );
-+}
-+
-+void logPrintBadfile (const char * msg)
-+{
-+ OPENLOG;
-+ syslog(LOG_WARNING, "%s", msg);
-+ CLOSELOG;
-+ // printf ("ibsh: %s\n", msg);
-+}
-diff --git a/base/cgcs-users/cgcs-users-1.0/example.allowall.xtns b/base/cgcs-users/cgcs-users-1.0/example.allowall.xtns
-new file mode 100644
-index 0000000..d0963cd
---- /dev/null
-+++ b/base/cgcs-users/cgcs-users-1.0/example.allowall.xtns
-@@ -0,0 +1,28 @@
-+# Add any extension the user may use.
-+q
-+w
-+e
-+r
-+t
-+y
-+u
-+i
-+o
-+p
-+a
-+s
-+d
-+f
-+g
-+h
-+j
-+k
-+l
-+z
-+x
-+c
-+v
-+b
-+n
-+m
-+
-diff --git a/base/cgcs-users/cgcs-users-1.0/example.denyall.xtns b/base/cgcs-users/cgcs-users-1.0/example.denyall.xtns
-new file mode 100644
-index 0000000..9dead3a
---- /dev/null
-+++ b/base/cgcs-users/cgcs-users-1.0/example.denyall.xtns
-@@ -0,0 +1,2 @@
-+# Add any extension the user may use.
-+
-diff --git a/base/cgcs-users/cgcs-users-1.0/execute.c b/base/cgcs-users/cgcs-users-1.0/execute.c
-new file mode 100644
-index 0000000..2d80366
---- /dev/null
-+++ b/base/cgcs-users/cgcs-users-1.0/execute.c
-@@ -0,0 +1,159 @@
-+/*
-+ Created: 03.19.05 11:34:57 by Attila Nagyidai
-+
-+ $Id: C\040Console.c,v 1.1.2.1 2003/08/13 00:38:46 neum Exp $
-+
-+ This file is part of IBSH (Iron Bars Shell) , a restricted Unix shell
-+ Copyright (C) 2005 Attila Nagyidai
-+
-+ This program is free software; you can redistribute it and/or
-+ modify it under the terms of the GNU General Public License
-+ as published by the Free Software Foundation; either version 2
-+ of the License, or (at your option) any later version.
-+
-+ This program is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+ GNU General Public License for more details.
-+
-+ You should have received a copy of the GNU General Public License
-+ along with this program; if not, write to the Free Software
-+ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-+
-+ Author: Attila Nagyidai
-+ Email: na@ent.hu
-+
-+ Co-Author: Shy
-+ Email: shy@cpan.org
-+
-+ Co-Author: Witzy
-+ Email: stazzz@altern.org
-+
-+ URL: http://ibsh.sourceforge.net
-+ IRC: irc.freenode.net #ibsh
-+ RSS, Statistics, etc: http://sourceforge.net/projects/ibsh/
-+
-+*/
-+
-+/* Header files */
-+#include "ibsh.h"
-+
-+/* Counts the spaces in the command */
-+int nbspace(const char *command)
-+{
-+int i=0;
-+int nbspace=0;
-+
-+while(command[i] != '\0'){
-+ if(command[i] == ' ')
-+ nbspace++;
-+ i++;
-+}
-+
-+return nbspace;
-+}
-+
-+/* Shy's improved and secured version of hhsystem, originally taken from */
-+/* the book: Linux Unix Systemprogramming by Helmut Herold. */
-+int hhsystem(const char *user_command) /*--- Version ohne Signalbehandlung ---*/
-+{
-+ pid_t pid;
-+ int status;
-+ int i=0;
-+ int find = 0;
-+
-+ char *field;
-+
-+ char path[STRING_SIZE];
-+
-+ char *current_path;
-+ char *fieldspath;
-+ char *params[nbspace(user_command) + 1];
-+
-+ DIR *currentdir;
-+ struct dirent *pdirent;
-+
-+ if (user_command == NULL)
-+ return(1); /* In Unix ist immer Kommandoprozessor vorhanden */
-+
-+ if ( (pid=fork()) < 0)
-+ status = -1;
-+
-+ else if (pid == 0) {
-+ /* Split the command */
-+ field = strtok((char *)user_command," ");
-+ while(field != NULL){
-+#ifdef DEBUG
-+ printf("CHAMPS %s\n",field);
-+#endif
-+ params[i] = malloc(strlen(field) + 1);
-+ bzero(params[i],strlen(field)+1);
-+ strncpy(params[i],field,strlen(field));
-+ i++;
-+ field = strtok(NULL," ");
-+
-+ }
-+ /* Put NULL at the end for execve */
-+ params[i] = NULL;
-+
-+ /* Get PATH */
-+ current_path = getenv("PATH");
-+
-+#ifdef DEBUG
-+ printf("PATH %s %s\n",current_path,loggedin.udir);
-+#endif
-+
-+ /* Parse the PATH if the command is in the home dir it's skip !! */
-+ fieldspath = strtok((char *)current_path,":");
-+ while((fieldspath != NULL) && find != 1){
-+#ifdef DEBUG
-+ printf("FIELD PATH %s\n",fieldspath);
-+#endif
-+ if(!strstr(fieldspath,loggedin.udir)){
-+ if((currentdir = opendir(fieldspath)) != NULL){
-+
-+ while(((pdirent = readdir(currentdir)) != NULL) && find != 1){
-+ if(!strncmp(pdirent->d_name,params[0],sizeof(params[0]))){
-+#ifdef DEBUG
-+ printf("TROUVE %s!!!!\n",pdirent->d_name);
-+#endif
-+ find = 1;
-+
-+ }
-+ }
-+ }
-+ closedir(currentdir);
-+ }
-+ if(find == 0)
-+ fieldspath = strtok(NULL,":");
-+
-+ }
-+
-+ /* Contruct the real command with the good path */
-+ if(find == 1 && ((strlen(fieldspath)+strlen(params[0])+1) < sizeof(path))){
-+ bzero(path,sizeof(path));
-+ snprintf(path,sizeof(path)-1,"%s/%s",fieldspath,params[0]);
-+ path[sizeof(path)-1] = '\0';
-+
-+#ifdef DEBUG
-+ printf("PATH FINAL %s %d ok!\n",path,strlen(path));
-+ printf("PARAMS[0] %s\n",params[0]);
-+ printf("PARAMS[1] %s\n",params[1]);
-+#endif
-+ execve(path,params,environ);
-+ }
-+ /* The command is in the home dir :( bad for you guys !! */
-+ else{
-+ status = -1;
-+ }
-+ _exit(127);
-+
-+ } else
-+ while (waitpid(pid, &status, 0) < 0)
-+ if (errno != EINTR) {
-+ status = -1;
-+ break;
-+ }
-+
-+ return(status);
-+}
-diff --git a/base/cgcs-users/cgcs-users-1.0/globals.cmds b/base/cgcs-users/cgcs-users-1.0/globals.cmds
-new file mode 100644
-index 0000000..8c9b7a4
---- /dev/null
-+++ b/base/cgcs-users/cgcs-users-1.0/globals.cmds
-@@ -0,0 +1,8 @@
-+# Add any commands the user may execute. Even shell commands.
-+# You have to allow logout and/or exit, so the user can logout!
-+# cd and pwd should also be allowed. Note: other shell builtin
-+# commands are not yet implemented!
-+cd
-+pwd
-+logout
-+exit
-diff --git a/base/cgcs-users/cgcs-users-1.0/globals.xtns b/base/cgcs-users/cgcs-users-1.0/globals.xtns
-new file mode 100644
-index 0000000..71f86f8
---- /dev/null
-+++ b/base/cgcs-users/cgcs-users-1.0/globals.xtns
-@@ -0,0 +1,3 @@
-+# Add any extension the user may use.
-+.doc
-+.txt
-diff --git a/base/cgcs-users/cgcs-users-1.0/ibsh.h b/base/cgcs-users/cgcs-users-1.0/ibsh.h
-new file mode 100644
-index 0000000..9d9d692
---- /dev/null
-+++ b/base/cgcs-users/cgcs-users-1.0/ibsh.h
-@@ -0,0 +1,126 @@
-+/*
-+ Created: 03.19.05 11:15:21 by Attila Nagyidai
-+
-+ $Id: C\040Header.h,v 1.1.2.1 2003/08/13 00:38:46 neum Exp $
-+
-+ This file is part of IBSH (Iron Bars Shell) , a restricted Unix shell
-+ Copyright (C) 2005 Attila Nagyidai
-+
-+ This program is free software; you can redistribute it and/or
-+ modify it under the terms of the GNU General Public License
-+ as published by the Free Software Foundation; either version 2
-+ of the License, or (at your option) any later version.
-+
-+ This program is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+ GNU General Public License for more details.
-+
-+ You should have received a copy of the GNU General Public License
-+ along with this program; if not, write to the Free Software
-+ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-+
-+ Author: Attila Nagyidai
-+ Email: na@ent.hu
-+
-+ Co-Author: Shy
-+ Email: shy@cpan.org
-+
-+ URL: http://ibsh.sourceforge.net
-+ IRC: irc.freenode.net #ibsh
-+ RSS, Statistics, etc: http://sourceforge.net/projects/ibsh/
-+
-+*/
-+
-+#ifndef _IBSH_H
-+#define _IBSH_H
-+
-+/* Insert Code here */
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <string.h>
-+#include <time.h>
-+#include <unistd.h>
-+#include <sys/types.h>
-+#include <sys/stat.h>
-+#include <sys/wait.h>
-+#include <syslog.h>
-+#include <fcntl.h>
-+#include <errno.h>
-+#include <dirent.h>
-+#include <pwd.h>
-+#include <grp.h>
-+#include <limits.h>
-+#include <glob.h>
-+#include <signal.h>
-+
-+#define PAM_SIZE 8
-+#define LINE_SIZE 80
-+#define STRING_SIZE 255
-+#define BUFFER_SIZE 4096
-+#define PATH_MAX 4096
-+#define MAX_ITEMS 50
-+#define COMMANDS_DIR "/etc/ibsh/cmds"
-+#define COMMANDS_FILE "/etc/ibsh/globals.cmds"
-+#define EXTENSIONS_DIR "/etc/ibsh/xtns"
-+#define EXTENSIONS_FILE "/etc/ibsh/globals.xtns"
-+
-+/* Antixploit */
-+#define C_CODE "#include"
-+#define SHELL_CODE "#!/"
-+#define PYTHON_CODE "import"
-+#define ADA_CODE "package body"
-+#define EIFFEL_CODE "feature --"
-+#define LISP_CODE "(defun"
-+#define ELF_CODE "ELF"
-+
-+/* Logging */
-+#define OPENLOG openlog("ibsh", LOG_PID, LOG_AUTH)
-+#define CLOSELOG closelog()
-+
-+/* Typedefs, structs, globals */
-+typedef struct theuser {
-+ char uname[STRING_SIZE];
-+ uid_t uid;
-+ char udir[STRING_SIZE];
-+ struct passwd *record;
-+} theuser;
-+
-+typedef char Strng[STRING_SIZE];
-+
-+theuser loggedin; /* user info */
-+
-+//static Strng commands[MAX_ITEMS]; /* permitted commands */
-+Strng commands[MAX_ITEMS];
-+Strng extensions[MAX_ITEMS];
-+/*static Strng extensions[MAX_ITEMS]; permitted extensions */
-+char real_path[STRING_SIZE]; /* absolute path */
-+char jail_path[STRING_SIZE]; /* path inside the jail */
-+char user_command[STRING_SIZE]; /* whatever the user types */
-+char filtered_command[STRING_SIZE]; /* this one will be executed */
-+int exitcode;
-+extern char **environ;
-+
-+
-+int CommandOK( const char *thecommand, const char *rootdir,
-+const char *jailpath, char *newcommand );
-+void LTrim3( const char *base, char *result );
-+void GetPositionInJail( const char *abspath, const char *rootdir, char *relpath );
-+int LoadConfig( void );
-+void myscanf( char *vptr, char *abspath );
-+int hhsystem(const char *kdozeile);
-+void PathMinusOne( const char *basepath, char *evalpath, int slashcount,size_t nevalpath);
-+void log_attempt( const char *username );
-+int nbspace(const char *command);
-+void lshift( char *line );
-+int antixploit( const char *abspath, char *token );
-+void logPrintBadfile (const char * msg);
-+int removeAllRights (const char * filename, struct stat * s);
-+int makeUnexecutable (const char * filename, struct stat * s);
-+int hasSomeRwxRights (struct stat * s);
-+int isExecutable (struct stat * s);
-+int symlinkGoesOuttaJail (const char * sl);
-+void DelBadFiles (const char *basedir);
-+
-+
-+#endif /* _IBSH_H */
-diff --git a/base/cgcs-users/cgcs-users-1.0/jail.c b/base/cgcs-users/cgcs-users-1.0/jail.c
-new file mode 100644
-index 0000000..ab3300a
---- /dev/null
-+++ b/base/cgcs-users/cgcs-users-1.0/jail.c
-@@ -0,0 +1,101 @@
-+/*
-+ Created: 03.19.05 11:34:57 by Attila Nagyidai
-+
-+ $Id: C\040Console.c,v 1.1.2.1 2003/08/13 00:38:46 neum Exp $
-+
-+ This file is part of IBSH (Iron Bars Shell) , a restricted Unix shell
-+ Copyright (C) 2005 Attila Nagyidai
-+
-+ This program is free software; you can redistribute it and/or
-+ modify it under the terms of the GNU General Public License
-+ as published by the Free Software Foundation; either version 2
-+ of the License, or (at your option) any later version.
-+
-+ This program is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+ GNU General Public License for more details.
-+
-+ You should have received a copy of the GNU General Public License
-+ along with this program; if not, write to the Free Software
-+ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-+
-+ Author: Attila Nagyidai
-+ Email: na@ent.hu
-+
-+ Co-Author: Shy
-+ Email: shy@cpan.org
-+
-+ Co-Author: Witzy
-+ Email: stazzz@altern.org
-+
-+ URL: http://ibsh.sourceforge.net
-+ IRC: irc.freenode.net #ibsh
-+ RSS, Statistics, etc: http://sourceforge.net/projects/ibsh/
-+
-+*/
-+
-+/* Header files */
-+#include "ibsh.h"
-+
-+
-+
-+/* Remove the path of the Jail root dir from the displayed paths! */
-+/* Return the jail path from the absolute path. */
-+/* Copy characters from absolute path to jail path, starting, where the */
-+/* jail root ends. */
-+void GetPositionInJail( const char *abspath, const char *rootdir, char *relpath )
-+{
-+ int i = 0;
-+ int j = 0;
-+
-+ bzero(relpath, strlen(relpath));
-+ for (i = strlen(rootdir); i < strlen(abspath); i++) {
-+ relpath[j] = abspath[i];
-+ j++;
-+ }
-+ relpath[j] = '\0';
-+}
-+
-+/* Take 3 characters from left off a string. */
-+/* It practically removes one ../ . */
-+void LTrim3( const char *base, char *result )
-+{
-+ int i = 0;
-+ int j = 0;
-+
-+ bzero(result, strlen(result));
-+ for (i = 3; i < strlen(base); i++) {
-+ result[j] = base[i];
-+ j++;
-+ }
-+ result[j] = '\0';
-+}
-+
-+/* Remove one subdirectory from the path in the argument. */
-+/* In case the user uses ../ 's in his command. */
-+/* Technical Description: */
-+/* Variables: string pointer for the strtok function, and an */
-+/* integer to stop the removing. */
-+/* Disassemble the path by the slashes. And glue the required parts */
-+/* together. Number of required parts = number of all parts - 1 . */
-+void PathMinusOne( const char *basepath, char *evalpath, int slashcount,size_t nevalpath )
-+{
-+ char *tok;
-+ int j = 1;
-+
-+ bzero(evalpath, strlen(evalpath));
-+ if ( slashcount == 1 ) {
-+ strncpy(evalpath,"/",nevalpath-1);
-+ evalpath[nevalpath-1] = '\0';
-+ }
-+ else {
-+ for (tok = strtok((void *) basepath, "/"); tok; tok = strtok(0, "/")) {
-+ if ( j < slashcount ) {
-+ strncat(evalpath,tok,nevalpath-strlen(evalpath)-1);
-+ strncat(evalpath,"/",nevalpath-strlen(evalpath)-1);
-+ }
-+ j++;
-+ }
-+ }
-+}
-diff --git a/base/cgcs-users/cgcs-users-1.0/main.c b/base/cgcs-users/cgcs-users-1.0/main.c
-new file mode 100644
-index 0000000..1d92899
---- /dev/null
-+++ b/base/cgcs-users/cgcs-users-1.0/main.c
-@@ -0,0 +1,239 @@
-+/*
-+ Created: 03.19.05 11:34:57 by Attila Nagyidai
-+
-+ $Id: C\040Console.c,v 1.1.2.1 2003/08/13 00:38:46 neum Exp $
-+
-+ This file is part of IBSH (Iron Bars Shell) , a restricted Unix shell
-+ Copyright (C) 2005 Attila Nagyidai
-+
-+ Copyright(c) 2013-2017 Wind River Systems, Inc. All rights reserved.
-+
-+ This program is free software; you can redistribute it and/or
-+ modify it under the terms of the GNU General Public License
-+ as published by the Free Software Foundation; either version 2
-+ of the License, or (at your option) any later version.
-+
-+ This program is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+ GNU General Public License for more details.
-+
-+ You should have received a copy of the GNU General Public License
-+ along with this program; if not, write to the Free Software
-+ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-+
-+ Author: Attila Nagyidai
-+ Email: na@ent.hu
-+
-+ Co-Author: Shy
-+ Email: shy@cpan.org
-+
-+ Co-Author: Witzy
-+ Email: stazzz@altern.org
-+
-+ URL: http://ibsh.sourceforge.net
-+ IRC: irc.freenode.net #ibsh
-+ RSS, Statistics, etc: http://sourceforge.net/projects/ibsh/
-+
-+*/
-+
-+/* Header files */
-+#include "ibsh.h"
-+#include "stdlib.h"
-+
-+/* Main: */
-+/* Handle arguments, read config files, start command processing. */
-+/* IBSH doesnt use any command line arguments, but my text editor */
-+/* uses this code in all new c files to create. And i didnt have the */
-+/* heart to remove it. ;p */
-+/* Technical Description: */
-+/* Get the passwd entry for the user. The uid is easily aquired, since */
-+/* it is the real user id. After that, grab the passwd file entry upon */
-+/* the id, and copy the information to the loggedin struct. */
-+/* Add some signal handlers too. */
-+/* The infinite loop: */
-+/* Get the current directory, the full path. Compute the jailpath from that, */
-+/* that is the directories below the users homedir, which is the jail root. */
-+/* The jail ceiling if you like. Print some prompt to the user with the jailpath, */
-+/* and read stdin for incoming commands. Filter out the bad commands, typos, the */
-+/* not allowed commands. It the command is ok, execute it. If it is a shell builtin, */
-+/* use our builtin code, otherwise use execve. After execve, check if the user didnt */
-+/* use the last command to create some illegal content. If yes, erase that. Give the */
-+/* notice only afterwards. */
-+
-+void ALRMhandler(int sig) {
-+ OPENLOG;
-+ syslog(LOG_INFO, "CLI timeout, user %s has logged out.", loggedin.uname);
-+ CLOSELOG;
-+ exit(0);
-+}
-+
-+int main(int argc, char **argv)
-+{
-+ char temp[STRING_SIZE], *buf;
-+ struct stat info;
-+ uid_t ruid, euid;
-+ gid_t rgid, egid;
-+ unsigned int tout_cli = 0;
-+
-+ const char* tout = getenv("TMOUT");
-+ if (tout)
-+ tout_cli = atoi(tout);
-+ else
-+ //default to 5 mins
-+ tout_cli = 300;
-+
-+ /* setuid protection */
-+ ruid = getuid();
-+ euid = geteuid();
-+ rgid = getgid();
-+ egid = getegid();
-+ if ( (ruid!=euid) || (ruid==0) || (euid==0) || (rgid!=egid) || (rgid==0) || (egid==0) ) {
-+ OPENLOG;
-+ syslog(LOG_ERR, "setuid/setgid violation!");
-+ CLOSELOG;
-+ printf("ibsh: setuid/setgid violation!! exiting...\n");
-+#ifdef DEBUG
-+ printf("ruid: %d;euid: %d;rgid: %d;egid: %d\n", ruid,euid,rgid,egid);
-+#endif
-+ exit(0);
-+ }
-+
-+ /* To Do: The code of your application goes here */
-+ /* First part: */
-+ /* Get essential information about the user who got this shell: */
-+ /* first the username, then the user id. Upon this, retrieve the */
-+ /* user's record in the passwd file. */
-+ bzero(&loggedin, sizeof(loggedin));
-+ loggedin.uid = getuid();
-+ loggedin.record = getpwuid(loggedin.uid);
-+ if ( loggedin.record == NULL ) {
-+ loggedin.record = getpwnam(loggedin.uname);
-+ if ( loggedin.record == NULL ) {
-+ openlog(loggedin.uname, LOG_PID, LOG_AUTH);
-+ syslog(LOG_ERR, "Can not obtain user information");
-+ closelog();
-+ exit(0);
-+ }
-+ }
-+ strncpy(loggedin.uname, loggedin.record->pw_name, PAM_SIZE);
-+ strncpy(loggedin.udir, loggedin.record->pw_dir, STRING_SIZE);
-+
-+ /* Second part: */
-+ /* Handle some signal catching. Read the configuration files. */
-+ signal( SIGINT, SIG_IGN );
-+ signal( SIGQUIT, SIG_IGN );
-+ signal( SIGTERM, SIG_IGN );
-+ signal( SIGTSTP, SIG_IGN );
-+ signal( SIGALRM, ALRMhandler );
-+ LoadConfig();
-+
-+ /* Command mode */
-+ if(argc == 3) {
-+ if ( argv[1][1] == 'c' ) {
-+ if ( CommandOK(argv[2], loggedin.udir, "/", filtered_command) == 1) {
-+ exitcode = hhsystem(filtered_command);
-+ OPENLOG;
-+ syslog(LOG_INFO, "command %s ordered, command %s has been executed.",
-+ argv[2], filtered_command);
-+ CLOSELOG;
-+ exit(exitcode);
-+ }
-+ exit(0);
-+ }
-+ else {
-+ exit(0);
-+ }
-+ }
-+
-+ OPENLOG;
-+ syslog(LOG_INFO, "user %s has logged in.", loggedin.uname);
-+ CLOSELOG;
-+
-+
-+ DelBadFiles(loggedin.udir);
-+ chdir (loggedin.udir);
-+
-+
-+ /* Third part: */
-+ /* Start reading and processing the user issued commands. */
-+ /* Split the command by the spaces, filter out anything, */
-+ /* that would allow the user to access files outside the */
-+ /* jail. Filter out multiples and pipes as well. No program */
-+ /* will be allowed to run, unless it is mentioned in the */
-+ /* config files. Files that are created with an extension */
-+ /* that is listed in the other config file, must be deleted! */
-+ alarm(tout_cli);
-+ for ( ; ; ) {
-+ /* Where is he ? */
-+ getcwd(real_path, STRING_SIZE);
-+ GetPositionInJail(real_path, loggedin.udir, jail_path);
-+ if ( (strlen(jail_path)) == 0 ) {
-+ strncpy(jail_path, "/", 2);
-+ }
-+ /* We don't want the user to know where he actually is. */
-+ /* This is the prompt! */
-+ printf("[%s]%% ", loggedin.uname);
-+ /* scanf("%s", user_command); */
-+ myscanf(user_command, real_path);
-+ alarm(tout_cli);
-+ /* Command interpretation and execution. */
-+ if ( (CommandOK(user_command, loggedin.udir, jail_path, filtered_command)) == 0 ) {
-+ log_attempt(loggedin.uname); /* v0.2a */
-+ continue;
-+ }
-+ /* If the user issued command starts with a shell builtin. */
-+ bzero(temp, strlen(temp));
-+ if ( (buf = strstr(filtered_command, "cd")) != NULL ) {
-+ if ( (strcmp(buf, filtered_command)) == 0 ) {
-+ LTrim3(filtered_command, temp);
-+ if ( (strcmp(temp, real_path)) != 0 ) {
-+ if ( (strcmp(temp, "..")) == 0 ) {
-+ PathMinusOne(jail_path, temp, 1,sizeof(temp));
-+ }
-+ if ( (strcmp(temp, "/")) == 0 ) {
-+ strncpy(temp, loggedin.udir, LINE_SIZE);
-+ }
-+ exitcode = chdir(temp);
-+ if ( exitcode == -1 ) {
-+ printf("ibsh: cd: %s: No such file or directory\n", temp);
-+ }
-+ }
-+ continue;
-+ }
-+ }
-+ else if ( (buf = strstr(filtered_command, "pwd")) != NULL ) {
-+ if ( (strcmp(buf, filtered_command)) == 0 ) {
-+ printf("%s\n", jail_path);
-+ continue;
-+ }
-+ }
-+ else if ( (buf = strstr(filtered_command, "logout")) != NULL ) {
-+ if ( (strcmp(buf, filtered_command)) == 0 ) {
-+ OPENLOG;
-+ syslog(LOG_INFO, "user %s has logged out.", loggedin.uname);
-+ CLOSELOG;
-+ break;
-+ }
-+ }
-+ else if ( (buf = strstr(filtered_command, "exit")) != NULL ) {
-+ if ( (strcmp(buf, filtered_command)) == 0 ) {
-+ OPENLOG;
-+ syslog(LOG_INFO, "user %s has logged out.", loggedin.uname);
-+ CLOSELOG;
-+ break;
-+ }
-+ }
-+ else {
-+ exitcode = hhsystem(filtered_command);
-+ if ( exitcode < 0 ) {
-+ printf("%s\n", strerror(errno));
-+ }
-+ }
-+ getcwd(real_path, STRING_SIZE);
-+ DelBadFiles(loggedin.udir);
-+ chdir (real_path);
-+ }
-+ return 0;
-+}
-+
-diff --git a/base/cgcs-users/cgcs-users-1.0/misc.c b/base/cgcs-users/cgcs-users-1.0/misc.c
-new file mode 100644
-index 0000000..d73ddb8
---- /dev/null
-+++ b/base/cgcs-users/cgcs-users-1.0/misc.c
-@@ -0,0 +1,52 @@
-+/*
-+ Created: 03.19.05 11:34:57 by Attila Nagyidai
-+
-+ $Id: C\040Console.c,v 1.1.2.1 2003/08/13 00:38:46 neum Exp $
-+
-+ This file is part of IBSH (Iron Bars Shell) , a restricted Unix shell
-+ Copyright (C) 2005 Attila Nagyidai
-+
-+ This program is free software; you can redistribute it and/or
-+ modify it under the terms of the GNU General Public License
-+ as published by the Free Software Foundation; either version 2
-+ of the License, or (at your option) any later version.
-+
-+ This program is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+ GNU General Public License for more details.
-+
-+ You should have received a copy of the GNU General Public License
-+ along with this program; if not, write to the Free Software
-+ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-+
-+ Author: Attila Nagyidai
-+ Email: na@ent.hu
-+
-+ Co-Author: Shy
-+ Email: shy@cpan.org
-+
-+ Co-Author: Witzy
-+ Email: stazzz@altern.org
-+
-+ URL: http://ibsh.sourceforge.net
-+ IRC: irc.freenode.net #ibsh
-+ RSS, Statistics, etc: http://sourceforge.net/projects/ibsh/
-+
-+*/
-+
-+/* Header files */
-+#include "ibsh.h"
-+
-+/* If the command is not ok, there is a possible hack attempt. */
-+/* Can also be a typo, but we're not taking any chances. v0.2a */
-+void log_attempt( const char *username )
-+{
-+ char logmsg[STRING_SIZE];
-+
-+ snprintf(logmsg, 50, "Possible hack attempt by %s.", username);
-+
-+ OPENLOG;
-+ syslog(LOG_WARNING, "%s", logmsg);
-+ CLOSELOG;
-+}
---
-2.17.1
-
+++ /dev/null
-GNU GENERAL PUBLIC LICENSE
-Version 2, June 1991
-
-Copyright (C) 1989, 1991 Free Software Foundation, Inc.
-59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-Everyone is permitted to copy and distribute verbatim copies
-of this license document, but changing it is not allowed.
-
-Preamble
-
-The licenses for most software are designed to take away your
-freedom to share and change it. By contrast, the GNU General Public
-License is intended to guarantee your freedom to share and change free
-software--to make sure the software is free for all its users. This
- General Public License applies to most of the Free Software
- Foundation's software and to any other program whose authors commit to
- using it. (Some other Free Software Foundation software is covered by
- the GNU Library General Public License instead.) You can apply it to
- your programs, too.
-
- When we speak of free software, we are referring to freedom, not
- price. Our General Public Licenses are designed to make sure that you
- have the freedom to distribute copies of free software (and charge for
- this service if you wish), that you receive source code or can get it
- if you want it, that you can change the software or use pieces of it
- in new free programs; and that you know you can do these things.
-
- To protect your rights, we need to make restrictions that forbid
- anyone to deny you these rights or to ask you to surrender the rights.
- These restrictions translate to certain responsibilities for you if you
- distribute copies of the software, or if you modify it.
-
- For example, if you distribute copies of such a program, whether
- gratis or for a fee, you must give the recipients all the rights that
- you have. You must make sure that they, too, receive or can get the
- source code. And you must show them these terms so they know their
- rights.
-
- We protect your rights with two steps: (1) copyright the software, and
- (2) offer you this license which gives you legal permission to copy,
- distribute and/or modify the software.
-
- Also, for each author's protection and ours, we want to make certain
- that everyone understands that there is no warranty for this free
- software. If the software is modified by someone else and passed on, we
- want its recipients to know that what they have is not the original, so
- that any problems introduced by others will not reflect on the original
- authors' reputations.
-
- Finally, any free program is threatened constantly by software
- patents. We wish to avoid the danger that redistributors of a free
- program will individually obtain patent licenses, in effect making the
- program proprietary. To prevent this, we have made it clear that any
- patent must be licensed for everyone's free use or not licensed at all.
-
- The precise terms and conditions for copying, distribution and
- modification follow.
- \f
- GNU GENERAL PUBLIC LICENSE
- TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
-
- 0. This License applies to any program or other work which contains
- a notice placed by the copyright holder saying it may be distributed
- under the terms of this General Public License. The "Program", below,
- refers to any such program or work, and a "work based on the Program"
-means either the Program or any derivative work under copyright law:
- that is to say, a work containing the Program or a portion of it,
- either verbatim or with modifications and/or translated into another
- language. (Hereinafter, translation is included without limitation in
- the term "modification".) Each licensee is addressed as "you".
-
- Activities other than copying, distribution and modification are not
- covered by this License;
-they are outside its scope. The act of
-running the Program is not restricted, and the output from the Program
-is covered only if its contents constitute a work based on the
-Program (independent of having been made by running the Program).
- Whether that is true depends on what the Program does.
-
- 1. You may copy and distribute verbatim copies of the Program's
- source code as you receive it, in any medium, provided that you
- conspicuously and appropriately publish on each copy an appropriate
- copyright notice and disclaimer of warranty; keep intact all the
- notices that refer to this License and to the absence of any warranty;
- and give any other recipients of the Program a copy of this License
- along with the Program.
-
- You may charge a fee for the physical act of transferring a copy, and
- you may at your option offer warranty protection in exchange for a fee.
-
- 2. You may modify your copy or copies of the Program or any portion
- of it, thus forming a work based on the Program, and copy and
- distribute such modifications or work under the terms of Section 1
- above, provided that you also meet all of these conditions:
-
- a) You must cause the modified files to carry prominent notices
- stating that you changed the files and the date of any change.
-
- b) You must cause any work that you distribute or publish, that in
- whole or in part contains or is derived from the Program or any
- part thereof, to be licensed as a whole at no charge to all third
- parties under the terms of this License.
-
- c) If the modified program normally reads commands interactively
- when run, you must cause it, when started running for such
- interactive use in the most ordinary way, to print or display an
- announcement including an appropriate copyright notice and a
- notice that there is no warranty (or else, saying that you provide
- a warranty) and that users may redistribute the program under
- these conditions, and telling the user how to view a copy of this
- License. (Exception: if the Program itself is interactive but
- does not normally print such an announcement, your work based on
- the Program is not required to print an announcement.)
- \f
- These requirements apply to the modified work as a whole. If
- identifiable sections of that work are not derived from the Program,
- and can be reasonably considered independent and separate works in
- themselves, then this License, and its terms, do not apply to those
- sections when you distribute them as separate works. But when you
- distribute the same sections as part of a whole which is a work based
- on the Program, the distribution of the whole must be on the terms of
- this License, whose permissions for other licensees extend to the
- entire whole, and thus to each and every part regardless of who wrote it.
-
- Thus, it is not the intent of this section to claim rights or contest
- your rights to work written entirely by you; rather, the intent is to
- exercise the right to control the distribution of derivative or
- collective works based on the Program.
-
- In addition, mere aggregation of another work not based on the Program
- with the Program (or with a work based on the Program) on a volume of
- a storage or distribution medium does not bring the other work under
- the scope of this License.
-
- 3. You may copy and distribute the Program (or a work based on it,
- under Section 2) in object code or executable form under the terms of
- Sections 1 and 2 above provided that you also do one of the following:
-
- a) Accompany it with the complete corresponding machine-readable
- source code, which must be distributed under the terms of Sections
- 1 and 2 above on a medium customarily used for software interchange; or,
-
- b) Accompany it with a written offer, valid for at least three
- years, to give any third party, for a charge no more than your
- cost of physically performing source distribution, a complete
- machine-readable copy of the corresponding source code, to be
- distributed under the terms of Sections 1 and 2 above on a medium
- customarily used for software interchange; or,
-
- c) Accompany it with the information you received as to the offer
- to distribute corresponding source code. (This alternative is
- allowed only for noncommercial distribution and only if you
- received the program in object code or executable form with such
- an offer, in accord with Subsection b above.)
-
- The source code for a work means the preferred form of the work for
- making modifications to it. For an executable work, complete source
- code means all the source code for all modules it contains, plus any
- associated interface definition files, plus the scripts used to
- control compilation and installation of the executable. However, as a
- special exception, the source code distributed need not include
- anything that is normally distributed (in either source or binary
- form) with the major components (compiler, kernel, and so on) of the
- operating system on which the executable runs, unless that component
- itself accompanies the executable.
-
- If distribution of executable or object code is made by offering
- access to copy from a designated place, then offering equivalent
- access to copy the source code from the same place counts as
- distribution of the source code, even though third parties are not
- compelled to copy the source along with the object code.
- \f
- 4. You may not copy, modify, sublicense, or distribute the Program
- except as expressly provided under this License. Any attempt
- otherwise to copy, modify, sublicense or distribute the Program is
- void, and will automatically terminate your rights under this License.
- However, parties who have received copies, or rights, from you under
- this License will not have their licenses terminated so long as such
- parties remain in full compliance.
-
- 5. You are not required to accept this License, since you have not
- signed it. However, nothing else grants you permission to modify or
- distribute the Program or its derivative works. These actions are
- prohibited by law if you do not accept this License. Therefore, by
- modifying or distributing the Program (or any work based on the
- Program), you indicate your acceptance of this License to do so, and
- all its terms and conditions for copying, distributing or modifying
- the Program or works based on it.
-
- 6. Each time you redistribute the Program (or any work based on the
- Program), the recipient automatically receives a license from the
- original licensor to copy, distribute or modify the Program subject to
- these terms and conditions. You may not impose any further
- restrictions on the recipients' exercise of the rights granted herein.
- You are not responsible for enforcing compliance by third parties to
- this License.
-
- 7. If, as a consequence of a court judgment or allegation of patent
- infringement or for any other reason (not limited to patent issues),
- conditions are imposed on you (whether by court order, agreement or
- otherwise) that contradict the conditions of this License, they do not
- excuse you from the conditions of this License. If you cannot
- distribute so as to satisfy simultaneously your obligations under this
- License and any other pertinent obligations, then as a consequence you
- may not distribute the Program at all. For example, if a patent
- license would not permit royalty-free redistribution of the Program by
- all those who receive copies directly or indirectly through you, then
- the only way you could satisfy both it and this License would be to
- refrain entirely from distribution of the Program.
-
- If any portion of this section is held invalid or unenforceable under
- any particular circumstance, the balance of the section is intended to
- apply and the section as a whole is intended to apply in other
- circumstances.
-
- It is not the purpose of this section to induce you to infringe any
- patents or other property right claims or to contest validity of any
- such claims;
-this section has the sole purpose of protecting the
-integrity of the free software distribution system, which is
-implemented by public license practices. Many people have made
-generous contributions to the wide range of software distributed
-through that system in reliance on consistent application of that
-system;
-it is up to the author/donor to decide if he or she is willing
-to distribute software through any other system and a licensee cannot
-impose that choice.
-
-This section is intended to make thoroughly clear what is believed to
-be a consequence of the rest of this License.
-\f
-8. If the distribution and/or use of the Program is restricted in
-certain countries either by patents or by copyrighted interfaces, the
-original copyright holder who places the Program under this License
-may add an explicit geographical distribution limitation excluding
-those countries, so that distribution is permitted only in or among
-countries not thus excluded. In such case, this License incorporates
-the limitation as if written in the body of this License.
-
- 9. The Free Software Foundation may publish revised and/or new versions
- of the General Public License from time to time. Such new versions will
- be similar in spirit to the present version, but may differ in detail to
- address new problems or concerns.
-
- Each version is given a distinguishing version number. If the Program
- specifies a version number of this License which applies to it and "any
- later version", you have the option of following the terms and conditions
- either of that version or of any later version published by the Free
- Software Foundation. If the Program does not specify a version number of
- this License, you may choose any version ever published by the Free Software
- Foundation.
-
- 10. If you wish to incorporate parts of the Program into other free
- programs whose distribution conditions are different, write to the author
- to ask for permission. For software which is copyrighted by the Free
- Software Foundation, write to the Free Software Foundation;
-we sometimes
-make exceptions for this. Our decision will be guided by the two goals
-of preserving the free status of all derivatives of our free software and
-of promoting the sharing and reuse of software generally.
-
-NO WARRANTY
-
-11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
-FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
-OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
-PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
-OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
-TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
-PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
-REPAIR OR CORRECTION.
-
-12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
-REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
-INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
-OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
- TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
- YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
- PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGES.
-
- END OF TERMS AND CONDITIONS
- \f
- How to Apply These Terms to Your New Programs
-
- If you develop a new program, and you want it to be of the greatest
- possible use to the public, the best way to achieve this is to make it
- free software which everyone can redistribute and change under these terms.
-
- To do so, attach the following notices to the program. It is safest
- to attach them to the start of each source file to most effectively
- convey the exclusion of warranty;
-and each file should have at least
-the "copyright" line and a pointer to where the full notice is found.
-
-<one line to give the program's name and a brief idea of what it does.>
-Copyright (C) <year> <name of author>
-
-This program is free software; you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation; either version 2 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program; if not, write to the Free Software
-Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-
-
-Also add information on how to contact you by electronic and paper mail.
-
-If the program is interactive, make it output a short notice like this
-when it starts in an interactive mode:
-
-Gnomovision version 69, Copyright (C) year name of author
-Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
-This is free software, and you are welcome to redistribute it
-under certain conditions;
-type `show c' for details.
-
-The hypothetical commands `show w' and `show c' should show the appropriate
-parts of the General Public License. Of course, the commands you use may
-be called something other than `show w' and `show c'; they could even be
-mouse-clicks or menu items--whatever suits your program.
-
-You should also get your employer (if you work as a programmer) or your
-school, if any, to sign a "copyright disclaimer" for the program, if
-necessary. Here is a sample; alter the names:
-
-Yoyodyne, Inc., hereby disclaims all copyright interest in the program
-`Gnomovision' (which makes passes at compilers) written by James Hacker.
-
-<signature of Ty Coon>, 1 April 1989
-Ty Coon, President of Vice
-
-This General Public License does not permit incorporating your program into
-proprietary programs. If your program is a subroutine library, you may
-consider it more useful to permit linking proprietary applications with the
-library. If this is what you want to do, use the GNU Library General
-Public License instead of this License.
+++ /dev/null
-Index: cgcs-users-1.0-r0/AUTHORS.orig
-===================================================================
---- /dev/null
-+++ cgcs-users-1.0-r0/AUTHORS.orig
-@@ -0,0 +1,15 @@
-+AUTHORS OF PROJECT IBSH
-+
-+Attila Nagyidai <attila at ibsh.net>
-+ * Original program author, project admin, developer.
-+
-+Shy <shy at ibsh.net>
-+ * Developer, debugger, tester, and many more.
-+
-+Witzy <witzy at ibsh.net>
-+ * Developer, debugger, tester, and many more.
-+
-+http://www.ibsh.net
-+irc:
-+irc.freenode.net #ibsh
-+irc.geek-power.org #ibsh
-Index: cgcs-users-1.0-r0/BUGS.orig
-===================================================================
---- /dev/null
-+++ cgcs-users-1.0-r0/BUGS.orig
-@@ -0,0 +1,19 @@
-+** Open BUGS **
-+None, so far.
-+
-+** Fixed BUGS **
-+- Input length checking on all inputs, string copies, etc. is fixed.
-+- The myscanf function will no longer accept more then 80 chars at once,
-+so ibsh hopefully wont crash on a too long input.
-+- Added signal.h in the header file, the lack of it caused compilation
-+problems on some systems.
-+- Fixed the infinite loop in DelBadFiles. This function is temporarily
-+taken out of the project
-+- Removed the involvment of /bin/sh from system. Added path checking.
-+- In jail root, not only ../ is not allowed, but .. too.
-+- Fixed a bug, that happened on bsd, when the user pressed ^D.
-+- Fixed a bug with opendir
-+- Fixed a format string vulnerability in logprintbadfile(). Thanks to
-+Kim Streich for the report.
-+
-+2005.05.23
-Index: cgcs-users-1.0-r0/ChangeLog.orig
-===================================================================
---- /dev/null
-+++ cgcs-users-1.0-r0/ChangeLog.orig
-@@ -0,0 +1,34 @@
-+0.3e - a buffer overflow and a string bug, both found by RazoR (Nikolay Alexandrov), fixed.
-+0.3d - a format string vulnerability, found by Kim Streich, is fixed.
-+0.3b-0.3c - bugfixes.
-+0.3a - The admin has the opportunity, to create separate cmds file for each user.
-+ This way the sysadmin has complete control over sensitive applications, which
-+ should only be allowed to a selected few.
-+ - The admin has the opportunity, to create separate xtns file for each user.
-+ - The extensions policy has been changed. Now both globals.xtns and the user
-+ extension files will list the extensions, that are _allowed_ ! In earlier versions,
-+ the forbidden extensions were listed, that is allow everything, except to deny a few.
-+ From this version on, it's deny everything, except allow the ones, listed in these files.
-+ - While the code for the search of illegal/dangerous material stored in user space is
-+ back, it will not erase any files any more. Instead, it will remove all
-+ rights from that file, so it can not be executed, or read. Files, with the +x bit set,
-+ will be chmodded to -x. This is another "defense line" to stop the user to execute
-+ programs, stored in user space.
-+ - The access to all linux binaries, and source code files, stored in user space, if any,
-+ will be blocked.
-+ - Absolute path for restricted users can not be longer then 255 characters. All files,
-+ that are longer (with full path), will be renamed.
-+ - Minor bug fixes.
-+
-+0.2a - Major bug fixes.
-+ - User activities are logged with syslog.
-+ - hhsytem revised, hardened. /bin/sh isnt involved anymore into program starting.
-+ If the home directory is in the PATH, it's ignored.
-+ - erasing illegal content is temporarily suspended and removed.
-+
-+0.1b - Major bug fixes.
-+ - The config files are accidentally missing from this release!
-+
-+0.1a - The first version of the program.
-+
-+2005.05.23.
-Index: cgcs-users-1.0-r0/CONTRIBUTORS.orig
-===================================================================
---- /dev/null
-+++ cgcs-users-1.0-r0/CONTRIBUTORS.orig
-@@ -0,0 +1,7 @@
-+CONTRIBUTORS TO PROJECT IBSH
-+
-+Kim Streich <kstreich at gmail.com>
-+ * bug finder, debugger, tester.
-+
-+RazoR (Nikolay Alexandrov) <Nikolay@Alexandrov.ws>
-+ * bug finder, debugger, tester.
-Index: cgcs-users-1.0-r0/COPYING.orig
-===================================================================
---- /dev/null
-+++ cgcs-users-1.0-r0/COPYING.orig
-@@ -0,0 +1,340 @@
-+ GNU GENERAL PUBLIC LICENSE
-+ Version 2, June 1991
-+
-+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
-+ 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-+ Everyone is permitted to copy and distribute verbatim copies
-+ of this license document, but changing it is not allowed.
-+
-+ Preamble
-+
-+ The licenses for most software are designed to take away your
-+freedom to share and change it. By contrast, the GNU General Public
-+License is intended to guarantee your freedom to share and change free
-+software--to make sure the software is free for all its users. This
-+General Public License applies to most of the Free Software
-+Foundation's software and to any other program whose authors commit to
-+using it. (Some other Free Software Foundation software is covered by
-+the GNU Library General Public License instead.) You can apply it to
-+your programs, too.
-+
-+ When we speak of free software, we are referring to freedom, not
-+price. Our General Public Licenses are designed to make sure that you
-+have the freedom to distribute copies of free software (and charge for
-+this service if you wish), that you receive source code or can get it
-+if you want it, that you can change the software or use pieces of it
-+in new free programs; and that you know you can do these things.
-+
-+ To protect your rights, we need to make restrictions that forbid
-+anyone to deny you these rights or to ask you to surrender the rights.
-+These restrictions translate to certain responsibilities for you if you
-+distribute copies of the software, or if you modify it.
-+
-+ For example, if you distribute copies of such a program, whether
-+gratis or for a fee, you must give the recipients all the rights that
-+you have. You must make sure that they, too, receive or can get the
-+source code. And you must show them these terms so they know their
-+rights.
-+
-+ We protect your rights with two steps: (1) copyright the software, and
-+(2) offer you this license which gives you legal permission to copy,
-+distribute and/or modify the software.
-+
-+ Also, for each author's protection and ours, we want to make certain
-+that everyone understands that there is no warranty for this free
-+software. If the software is modified by someone else and passed on, we
-+want its recipients to know that what they have is not the original, so
-+that any problems introduced by others will not reflect on the original
-+authors' reputations.
-+
-+ Finally, any free program is threatened constantly by software
-+patents. We wish to avoid the danger that redistributors of a free
-+program will individually obtain patent licenses, in effect making the
-+program proprietary. To prevent this, we have made it clear that any
-+patent must be licensed for everyone's free use or not licensed at all.
-+
-+ The precise terms and conditions for copying, distribution and
-+modification follow.
-+\f
-+ GNU GENERAL PUBLIC LICENSE
-+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
-+
-+ 0. This License applies to any program or other work which contains
-+a notice placed by the copyright holder saying it may be distributed
-+under the terms of this General Public License. The "Program", below,
-+refers to any such program or work, and a "work based on the Program"
-+means either the Program or any derivative work under copyright law:
-+that is to say, a work containing the Program or a portion of it,
-+either verbatim or with modifications and/or translated into another
-+language. (Hereinafter, translation is included without limitation in
-+the term "modification".) Each licensee is addressed as "you".
-+
-+Activities other than copying, distribution and modification are not
-+covered by this License; they are outside its scope. The act of
-+running the Program is not restricted, and the output from the Program
-+is covered only if its contents constitute a work based on the
-+Program (independent of having been made by running the Program).
-+Whether that is true depends on what the Program does.
-+
-+ 1. You may copy and distribute verbatim copies of the Program's
-+source code as you receive it, in any medium, provided that you
-+conspicuously and appropriately publish on each copy an appropriate
-+copyright notice and disclaimer of warranty; keep intact all the
-+notices that refer to this License and to the absence of any warranty;
-+and give any other recipients of the Program a copy of this License
-+along with the Program.
-+
-+You may charge a fee for the physical act of transferring a copy, and
-+you may at your option offer warranty protection in exchange for a fee.
-+
-+ 2. You may modify your copy or copies of the Program or any portion
-+of it, thus forming a work based on the Program, and copy and
-+distribute such modifications or work under the terms of Section 1
-+above, provided that you also meet all of these conditions:
-+
-+ a) You must cause the modified files to carry prominent notices
-+ stating that you changed the files and the date of any change.
-+
-+ b) You must cause any work that you distribute or publish, that in
-+ whole or in part contains or is derived from the Program or any
-+ part thereof, to be licensed as a whole at no charge to all third
-+ parties under the terms of this License.
-+
-+ c) If the modified program normally reads commands interactively
-+ when run, you must cause it, when started running for such
-+ interactive use in the most ordinary way, to print or display an
-+ announcement including an appropriate copyright notice and a
-+ notice that there is no warranty (or else, saying that you provide
-+ a warranty) and that users may redistribute the program under
-+ these conditions, and telling the user how to view a copy of this
-+ License. (Exception: if the Program itself is interactive but
-+ does not normally print such an announcement, your work based on
-+ the Program is not required to print an announcement.)
-+\f
-+These requirements apply to the modified work as a whole. If
-+identifiable sections of that work are not derived from the Program,
-+and can be reasonably considered independent and separate works in
-+themselves, then this License, and its terms, do not apply to those
-+sections when you distribute them as separate works. But when you
-+distribute the same sections as part of a whole which is a work based
-+on the Program, the distribution of the whole must be on the terms of
-+this License, whose permissions for other licensees extend to the
-+entire whole, and thus to each and every part regardless of who wrote it.
-+
-+Thus, it is not the intent of this section to claim rights or contest
-+your rights to work written entirely by you; rather, the intent is to
-+exercise the right to control the distribution of derivative or
-+collective works based on the Program.
-+
-+In addition, mere aggregation of another work not based on the Program
-+with the Program (or with a work based on the Program) on a volume of
-+a storage or distribution medium does not bring the other work under
-+the scope of this License.
-+
-+ 3. You may copy and distribute the Program (or a work based on it,
-+under Section 2) in object code or executable form under the terms of
-+Sections 1 and 2 above provided that you also do one of the following:
-+
-+ a) Accompany it with the complete corresponding machine-readable
-+ source code, which must be distributed under the terms of Sections
-+ 1 and 2 above on a medium customarily used for software interchange; or,
-+
-+ b) Accompany it with a written offer, valid for at least three
-+ years, to give any third party, for a charge no more than your
-+ cost of physically performing source distribution, a complete
-+ machine-readable copy of the corresponding source code, to be
-+ distributed under the terms of Sections 1 and 2 above on a medium
-+ customarily used for software interchange; or,
-+
-+ c) Accompany it with the information you received as to the offer
-+ to distribute corresponding source code. (This alternative is
-+ allowed only for noncommercial distribution and only if you
-+ received the program in object code or executable form with such
-+ an offer, in accord with Subsection b above.)
-+
-+The source code for a work means the preferred form of the work for
-+making modifications to it. For an executable work, complete source
-+code means all the source code for all modules it contains, plus any
-+associated interface definition files, plus the scripts used to
-+control compilation and installation of the executable. However, as a
-+special exception, the source code distributed need not include
-+anything that is normally distributed (in either source or binary
-+form) with the major components (compiler, kernel, and so on) of the
-+operating system on which the executable runs, unless that component
-+itself accompanies the executable.
-+
-+If distribution of executable or object code is made by offering
-+access to copy from a designated place, then offering equivalent
-+access to copy the source code from the same place counts as
-+distribution of the source code, even though third parties are not
-+compelled to copy the source along with the object code.
-+\f
-+ 4. You may not copy, modify, sublicense, or distribute the Program
-+except as expressly provided under this License. Any attempt
-+otherwise to copy, modify, sublicense or distribute the Program is
-+void, and will automatically terminate your rights under this License.
-+However, parties who have received copies, or rights, from you under
-+this License will not have their licenses terminated so long as such
-+parties remain in full compliance.
-+
-+ 5. You are not required to accept this License, since you have not
-+signed it. However, nothing else grants you permission to modify or
-+distribute the Program or its derivative works. These actions are
-+prohibited by law if you do not accept this License. Therefore, by
-+modifying or distributing the Program (or any work based on the
-+Program), you indicate your acceptance of this License to do so, and
-+all its terms and conditions for copying, distributing or modifying
-+the Program or works based on it.
-+
-+ 6. Each time you redistribute the Program (or any work based on the
-+Program), the recipient automatically receives a license from the
-+original licensor to copy, distribute or modify the Program subject to
-+these terms and conditions. You may not impose any further
-+restrictions on the recipients' exercise of the rights granted herein.
-+You are not responsible for enforcing compliance by third parties to
-+this License.
-+
-+ 7. If, as a consequence of a court judgment or allegation of patent
-+infringement or for any other reason (not limited to patent issues),
-+conditions are imposed on you (whether by court order, agreement or
-+otherwise) that contradict the conditions of this License, they do not
-+excuse you from the conditions of this License. If you cannot
-+distribute so as to satisfy simultaneously your obligations under this
-+License and any other pertinent obligations, then as a consequence you
-+may not distribute the Program at all. For example, if a patent
-+license would not permit royalty-free redistribution of the Program by
-+all those who receive copies directly or indirectly through you, then
-+the only way you could satisfy both it and this License would be to
-+refrain entirely from distribution of the Program.
-+
-+If any portion of this section is held invalid or unenforceable under
-+any particular circumstance, the balance of the section is intended to
-+apply and the section as a whole is intended to apply in other
-+circumstances.
-+
-+It is not the purpose of this section to induce you to infringe any
-+patents or other property right claims or to contest validity of any
-+such claims; this section has the sole purpose of protecting the
-+integrity of the free software distribution system, which is
-+implemented by public license practices. Many people have made
-+generous contributions to the wide range of software distributed
-+through that system in reliance on consistent application of that
-+system; it is up to the author/donor to decide if he or she is willing
-+to distribute software through any other system and a licensee cannot
-+impose that choice.
-+
-+This section is intended to make thoroughly clear what is believed to
-+be a consequence of the rest of this License.
-+\f
-+ 8. If the distribution and/or use of the Program is restricted in
-+certain countries either by patents or by copyrighted interfaces, the
-+original copyright holder who places the Program under this License
-+may add an explicit geographical distribution limitation excluding
-+those countries, so that distribution is permitted only in or among
-+countries not thus excluded. In such case, this License incorporates
-+the limitation as if written in the body of this License.
-+
-+ 9. The Free Software Foundation may publish revised and/or new versions
-+of the General Public License from time to time. Such new versions will
-+be similar in spirit to the present version, but may differ in detail to
-+address new problems or concerns.
-+
-+Each version is given a distinguishing version number. If the Program
-+specifies a version number of this License which applies to it and "any
-+later version", you have the option of following the terms and conditions
-+either of that version or of any later version published by the Free
-+Software Foundation. If the Program does not specify a version number of
-+this License, you may choose any version ever published by the Free Software
-+Foundation.
-+
-+ 10. If you wish to incorporate parts of the Program into other free
-+programs whose distribution conditions are different, write to the author
-+to ask for permission. For software which is copyrighted by the Free
-+Software Foundation, write to the Free Software Foundation; we sometimes
-+make exceptions for this. Our decision will be guided by the two goals
-+of preserving the free status of all derivatives of our free software and
-+of promoting the sharing and reuse of software generally.
-+
-+ NO WARRANTY
-+
-+ 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
-+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
-+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
-+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
-+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
-+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
-+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
-+REPAIR OR CORRECTION.
-+
-+ 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
-+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
-+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
-+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
-+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
-+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
-+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
-+POSSIBILITY OF SUCH DAMAGES.
-+
-+ END OF TERMS AND CONDITIONS
-+\f
-+ How to Apply These Terms to Your New Programs
-+
-+ If you develop a new program, and you want it to be of the greatest
-+possible use to the public, the best way to achieve this is to make it
-+free software which everyone can redistribute and change under these terms.
-+
-+ To do so, attach the following notices to the program. It is safest
-+to attach them to the start of each source file to most effectively
-+convey the exclusion of warranty; and each file should have at least
-+the "copyright" line and a pointer to where the full notice is found.
-+
-+ <one line to give the program's name and a brief idea of what it does.>
-+ Copyright (C) <year> <name of author>
-+
-+ This program is free software; you can redistribute it and/or modify
-+ it under the terms of the GNU General Public License as published by
-+ the Free Software Foundation; either version 2 of the License, or
-+ (at your option) any later version.
-+
-+ This program is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+ GNU General Public License for more details.
-+
-+ You should have received a copy of the GNU General Public License
-+ along with this program; if not, write to the Free Software
-+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-+
-+
-+Also add information on how to contact you by electronic and paper mail.
-+
-+If the program is interactive, make it output a short notice like this
-+when it starts in an interactive mode:
-+
-+ Gnomovision version 69, Copyright (C) year name of author
-+ Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
-+ This is free software, and you are welcome to redistribute it
-+ under certain conditions; type `show c' for details.
-+
-+The hypothetical commands `show w' and `show c' should show the appropriate
-+parts of the General Public License. Of course, the commands you use may
-+be called something other than `show w' and `show c'; they could even be
-+mouse-clicks or menu items--whatever suits your program.
-+
-+You should also get your employer (if you work as a programmer) or your
-+school, if any, to sign a "copyright disclaimer" for the program, if
-+necessary. Here is a sample; alter the names:
-+
-+ Yoyodyne, Inc., hereby disclaims all copyright interest in the program
-+ `Gnomovision' (which makes passes at compilers) written by James Hacker.
-+
-+ <signature of Ty Coon>, 1 April 1989
-+ Ty Coon, President of Vice
-+
-+This General Public License does not permit incorporating your program into
-+proprietary programs. If your program is a subroutine library, you may
-+consider it more useful to permit linking proprietary applications with the
-+library. If this is what you want to do, use the GNU Library General
-+Public License instead of this License.
-Index: cgcs-users-1.0-r0/COPYRIGHT.orig
-===================================================================
---- /dev/null
-+++ cgcs-users-1.0-r0/COPYRIGHT.orig
-@@ -0,0 +1,17 @@
-+This file is part of IBSH (Iron Bars Shell) , a restricted Unix shell
-+Copyright (C) 2005 Attila Nagyidai
-+
-+This program is free software; you can redistribute it and/or
-+modify it under the terms of the GNU General Public License
-+as published by the Free Software Foundation; either version 2
-+of the License, or (at your option) any later version.
-+
-+This program is distributed in the hope that it will be useful,
-+but WITHOUT ANY WARRANTY; without even the implied warranty of
-+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+GNU General Public License for more details.
-+
-+You should have received a copy of the GNU General Public License
-+along with this program; if not, write to the Free Software
-+Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-+
-Index: cgcs-users-1.0-r0/INSTALL.orig
-===================================================================
---- /dev/null
-+++ cgcs-users-1.0-r0/INSTALL.orig
-@@ -0,0 +1,23 @@
-+Installing ibsh is really easy, so no need for the usual sections
-+in this document. There is no configure script either, so if
-+something wrong, make will fail.
-+
-+# make ibsh
-+# make ibsh_install
-+
-+Optionally:
-+
-+# make clean
-+
-+
-+To uninstall ibsh:
-+
-+# make ibsh_uninstall
-+
-+
-+Of course you will have to enable this shell by:
-+# echo /bin/ibsh >> /etc/shells
-+or however you like it.
-+And make sure the permissions read 0755 !
-+
-+2005.03.24.
-Index: cgcs-users-1.0-r0/main.c.orig
-===================================================================
---- /dev/null
-+++ cgcs-users-1.0-r0/main.c.orig
-@@ -0,0 +1,233 @@
-+/*
-+ Created: 03.19.05 11:34:57 by Attila Nagyidai
-+
-+ $Id: C\040Console.c,v 1.1.2.1 2003/08/13 00:38:46 neum Exp $
-+
-+ This file is part of IBSH (Iron Bars Shell) , a restricted Unix shell
-+ Copyright (C) 2005 Attila Nagyidai
-+
-+ This program is free software; you can redistribute it and/or
-+ modify it under the terms of the GNU General Public License
-+ as published by the Free Software Foundation; either version 2
-+ of the License, or (at your option) any later version.
-+
-+ This program is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+ GNU General Public License for more details.
-+
-+ You should have received a copy of the GNU General Public License
-+ along with this program; if not, write to the Free Software
-+ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-+
-+ Author: Attila Nagyidai
-+ Email: na@ent.hu
-+
-+ Co-Author: Shy
-+ Email: shy@cpan.org
-+
-+ Co-Author: Witzy
-+ Email: stazzz@altern.org
-+
-+ URL: http://ibsh.sourceforge.net
-+ IRC: irc.freenode.net #ibsh
-+ RSS, Statistics, etc: http://sourceforge.net/projects/ibsh/
-+
-+*/
-+
-+/* Header files */
-+#include "ibsh.h"
-+
-+/* Main: */
-+/* Handle arguments, read config files, start command processing. */
-+/* IBSH doesnt use any command line arguments, but my text editor */
-+/* uses this code in all new c files to create. And i didnt have the */
-+/* heart to remove it. ;p */
-+/* Technical Description: */
-+/* Get the passwd entry for the user. The uid is easily aquired, since */
-+/* it is the real user id. After that, grab the passwd file entry upon */
-+/* the id, and copy the information to the loggedin struct. */
-+/* Add some signal handlers too. */
-+/* The infinite loop: */
-+/* Get the current directory, the full path. Compute the jailpath from that, */
-+/* that is the directories below the users homedir, which is the jail root. */
-+/* The jail ceiling if you like. Print some prompt to the user with the jailpath, */
-+/* and read stdin for incoming commands. Filter out the bad commands, typos, the */
-+/* not allowed commands. It the command is ok, execute it. If it is a shell builtin, */
-+/* use our builtin code, otherwise use execve. After execve, check if the user didnt */
-+/* use the last command to create some illegal content. If yes, erase that. Give the */
-+/* notice only afterwards. */
-+int main(int argc, char **argv)
-+{
-+ char temp[STRING_SIZE], *buf;
-+ struct stat info;
-+ uid_t ruid, euid;
-+ gid_t rgid, egid;
-+
-+
-+ /* setuid protection */
-+ ruid = getuid();
-+ euid = geteuid();
-+ rgid = getgid();
-+ egid = getegid();
-+ if ( (ruid!=euid) || (ruid==0) || (euid==0) || (rgid!=egid) || (rgid==0) || (egid==0) ) {
-+ OPENLOG;
-+ syslog(LOG_ERR, "setuid/setgid violation!");
-+ CLOSELOG;
-+ printf("ibsh: setuid/setgid violation!! exiting...\n");
-+#ifdef DEBUG
-+ printf("ruid: %d;euid: %d;rgid: %d;egid: %d\n", ruid,euid,rgid,egid);
-+#endif
-+ exit(0);
-+ }
-+
-+ /* To Do: The code of your application goes here */
-+ /* First part: */
-+ /* Get essential information about the user who got this shell: */
-+ /* first the username, then the user id. Upon this, retrieve the */
-+ /* user's record in the passwd file. */
-+ bzero(&loggedin, sizeof(loggedin));
-+ loggedin.uid = getuid();
-+ loggedin.record = getpwuid(loggedin.uid);
-+ if ( loggedin.record == NULL ) {
-+ loggedin.record = getpwnam(loggedin.uname);
-+ if ( loggedin.record == NULL ) {
-+ openlog(loggedin.uname, LOG_PID, LOG_AUTH);
-+ syslog(LOG_ERR, "Can not obtain user information");
-+ printf("Can not obtain user information\n");
-+ closelog();
-+ exit(0);
-+ }
-+ }
-+ strncpy(loggedin.uname, loggedin.record->pw_name, PAM_SIZE);
-+ strncpy(loggedin.udir, loggedin.record->pw_dir, STRING_SIZE);
-+
-+ /* Second part: */
-+ /* Handle some signal catching. Read the configuration files. */
-+ signal( SIGINT, SIG_IGN );
-+ signal( SIGQUIT, SIG_IGN );
-+ signal( SIGTERM, SIG_IGN );
-+ signal( SIGTSTP, SIG_IGN );
-+ LoadConfig();
-+
-+ /* Command mode */
-+ if(argc == 3) {
-+ if ( argv[1][1] == 'c' ) {
-+ if ( CommandOK(argv[2], loggedin.udir, "/", filtered_command) == 1) {
-+ exitcode = hhsystem(filtered_command);
-+ OPENLOG;
-+ syslog(LOG_INFO, "command %s ordered, command %s has been executed.",
-+ argv[2], filtered_command);
-+ printf("command %s ordered, command %s has been executed.\n",
-+ argv[2], filtered_command);
-+ CLOSELOG;
-+ exit(exitcode);
-+ }
-+ printf("CommandOK failed (%s/%s)\n", loggedin.udir, filtered_command);
-+ exit(0);
-+ }
-+ else {
-+ printf("Invalid are (%s)\n", argv[1]);
-+ exit(0);
-+ }
-+ }
-+
-+ OPENLOG;
-+ syslog(LOG_INFO, "user %s has logged in.", loggedin.uname);
-+ CLOSELOG;
-+
-+
-+#ifdef INCLUDE_DELETE_BAD_FILES
-+ DelBadFiles(loggedin.udir);
-+#endif
-+ if ( chdir (loggedin.udir) < 0 )
-+ return -1;
-+
-+
-+ /* Third part: */
-+ /* Start reading and processing the user issued commands. */
-+ /* Split the command by the spaces, filter out anything, */
-+ /* that would allow the user to access files outside the */
-+ /* jail. Filter out multiples and pipes as well. No program */
-+ /* will be allowed to run, unless it is mentioned in the */
-+ /* config files. Files that are created with an extension */
-+ /* that is listed in the other config file, must be deleted! */
-+ for ( ; ; ) {
-+ /* Where is he ? */
-+ if ( getcwd(real_path, STRING_SIZE) == NULL )
-+ return -1;
-+ GetPositionInJail(real_path, loggedin.udir, jail_path);
-+ if ( (strlen(jail_path)) == 0 ) {
-+ strncpy(jail_path, "/", 2);
-+ }
-+ /* We don't want the user to know where he actually is. */
-+ /* This is the prompt! */
-+ printf("[%s]%% ", jail_path);
-+ /* scanf("%s", user_command); */
-+ myscanf(user_command, real_path);
-+ /* Command interpretation and execution. */
-+ if ( (CommandOK(user_command, loggedin.udir, jail_path, filtered_command)) == 0 ) {
-+ printf("Sorry, can't let you do that!\n");
-+ log_attempt(loggedin.uname); /* v0.2a */
-+ continue;
-+ }
-+ /* If the user issued command starts with a shell builtin. */
-+ bzero(temp, strlen(temp));
-+ if ( (buf = strstr(filtered_command, "cd")) != NULL ) {
-+ if ( (strcmp(buf, filtered_command)) == 0 ) {
-+ LTrim3(filtered_command, temp);
-+ if ( (strcmp(temp, real_path)) != 0 ) {
-+ if ( (strcmp(temp, "..")) == 0 ) {
-+ PathMinusOne(jail_path, temp, 1,sizeof(temp));
-+ }
-+ if ( (strcmp(temp, "/")) == 0 ) {
-+ strncpy(temp, loggedin.udir, LINE_SIZE);
-+ }
-+ exitcode = chdir(temp);
-+ if ( exitcode == -1 ) {
-+ printf("ibsh: cd: %s: No such file or directory\n", temp);
-+ }
-+ }
-+ continue;
-+ }
-+ }
-+ else if ( (buf = strstr(filtered_command, "pwd")) != NULL ) {
-+ if ( (strcmp(buf, filtered_command)) == 0 ) {
-+ printf("%s\n", jail_path);
-+ continue;
-+ }
-+ }
-+ else if ( (buf = strstr(filtered_command, "logout")) != NULL ) {
-+ if ( (strcmp(buf, filtered_command)) == 0 ) {
-+ OPENLOG;
-+ syslog(LOG_INFO, "user %s has logged out.", loggedin.uname);
-+ CLOSELOG;
-+ break;
-+ }
-+ }
-+ else if ( (buf = strstr(filtered_command, "exit")) != NULL ) {
-+ if ( (strcmp(buf, filtered_command)) == 0 ) {
-+ OPENLOG;
-+ syslog(LOG_INFO, "user %s has logged out.", loggedin.uname);
-+ printf("user %s has logged out\n", loggedin.uname);
-+ CLOSELOG;
-+ break;
-+ }
-+ }
-+ else {
-+ exitcode = hhsystem(filtered_command);
-+ if ( exitcode < 0 ) {
-+ printf("%s\n", strerror(errno));
-+ }
-+ }
-+ if ( getcwd(real_path, STRING_SIZE) == NULL )
-+ return -1;
-+#ifdef INCLUDE_BAD_FILES
-+ DelBadFiles(loggedin.udir);
-+#endif
-+ if ( chdir (real_path) < 0 )
-+ return 1;
-+ }
-+ return 0;
-+}
-+
-Index: cgcs-users-1.0-r0/Makefile.orig
-===================================================================
---- /dev/null
-+++ cgcs-users-1.0-r0/Makefile.orig
-@@ -0,0 +1,56 @@
-+# This is the makefile for ibsh 0.3e
-+CC = gcc -g -O3
-+OBJECTS = main.o command.o jail.o execute.o config.o misc.o antixploit.o delbadfiles.o
-+
-+all ibsh: ${OBJECTS} ibsh.h
-+ ${CC} -o ibsh ${OBJECTS}
-+
-+main.o: main.c ibsh.h
-+ ${CC} -c main.c
-+
-+command.o: command.c ibsh.h
-+ ${CC} -c command.c
-+
-+jail.o: jail.c ibsh.h
-+ ${CC} -c jail.c
-+
-+execute.o: execute.c ibsh.h
-+ ${CC} -c execute.c
-+
-+config.o: config.c ibsh.h
-+ ${CC} -c config.c
-+
-+misc.o: misc.c ibsh.h
-+ ${CC} -c misc.c
-+
-+antixploit.o: antixploit.c ibsh.h
-+ ${CC} -c antixploit.c
-+
-+delbadfiles.o: delbadfiles.c ibsh.h
-+ ${CC} -c delbadfiles.c
-+
-+ibsh_install:
-+ cp ./ibsh /bin/
-+ mkdir /etc/ibsh
-+ mkdir /etc/ibsh/cmds
-+ mkdir /etc/ibsh/xtns
-+ cp ./globals.cmds /etc/ibsh/
-+ cp ./globals.xtns /etc/ibsh/
-+
-+ibsh_uninstall:
-+ rm -rf /etc/ibsh/globals.cmds
-+ rm -rf /etc/ibsh/globals.xtns
-+ rm -rf /etc/ibsh/cmds/*.*
-+ rm -rf /etc/ibsh/xtns/*.*
-+ rmdir /etc/ibsh/cmds
-+ rmdir /etc/ibsh/xtns
-+ rmdir /etc/ibsh
-+ rm -rf /bin/ibsh
-+
-+clean:
-+ rm -rf ibsh
-+ rm -rf *.o
-+
-+
-+# 13:49 2005.04.06.
-+
-Index: cgcs-users-1.0-r0/README.orig
-===================================================================
---- /dev/null
-+++ cgcs-users-1.0-r0/README.orig
-@@ -0,0 +1,29 @@
-+ Iron Bars SHell - a restricted interactive shell.
-+
-+Overview
-+
-+ For long i have been in the search of a decent restricted shell, but in vain.
-+ The few i found, were really easy to hack, and there were quite a few docs
-+ around on the web about hacking restricted shells with a menu interface.
-+ For my definitions, a restricted shell must not only prevent the user to
-+ escape her jail, but also not to access any files outside the jail.
-+ The system administrator must have total control over the restricted shell.
-+ These are the major features incorporated and realized by ibsh.
-+
-+
-+Features
-+
-+ Please read the changelog.
-+
-+
-+Installation
-+
-+ Read the INSTALL file.
-+
-+
-+Contact
-+ See Authors file.
-+
-+
-+Attila Nagyidai
-+2005.05.23.
-Index: cgcs-users-1.0-r0/Release.orig
-===================================================================
---- /dev/null
-+++ cgcs-users-1.0-r0/Release.orig
-@@ -0,0 +1,17 @@
-+This release introduces minor bugfixes, and important new and renewed features.
-+Erasing evil files in the home directory of the user is incorporated again, with
-+many improvements. First of all: no file will be erased! Only the access to them
-+will be blocked. The extension policy has changed, now ibsh blocks those extensions,
-+that are NOT listed. This goes in sync with the usual method of operation of ibsh.
-+The execute permission of files in the user space, will be removed.
-+New customizing features were added: each user now can have her own commands and
-+extensions file, created and maintained by the system administrator. Some users
-+(employees) may require access to special programs. User configuration files allow
-+this access only those, who need it, not for everybody.
-+Ibsh now scans not only the extensions of files, but the content too! Whatever the permission
-+for a certain file exists, if that contains source code, or is a linux binary, access
-+will be blocked.
-+The absolute path for the users is now limited to 255 characters. Longer, already
-+existing filenames will be renamed.
-+
-+06/04/2005
-Index: cgcs-users-1.0-r0/TODO.orig
-===================================================================
---- /dev/null
-+++ cgcs-users-1.0-r0/TODO.orig
-@@ -0,0 +1,10 @@
-+TODO
-+
-+ - tab completion.
-+ - shell variables.
-+ - some changes to the prompt, maybe variable prompt.
-+ - history
-+ - to be able to use corporate, or other large/complicated programs in a safe
-+ working environment, yet be able to share files/work with others.
-+
-+2005.05.23.
Code Review / pti / rtp.git / commitdiff