Permalink
Browse files

[code] moved all global variables to variables.py

  • Loading branch information...
Ignace Mouzannar
Ignace Mouzannar committed Feb 16, 2016
1 parent 13c1124 commit 1c378cde0232f40118d4b51094659adb086ddde1
Showing with 138 additions and 109 deletions.
  1. +16 −92 lshell/checkconfig.py
  2. +4 −2 lshell/shellcmd.py
  3. +0 −9 lshell/utils.py
  4. +107 −0 lshell/variables.py
  5. +7 −4 setup.py
  6. +4 −2 test/test_unit.py
View
@@ -30,85 +30,9 @@
import time
import glob
-from utils import get_aliases, exec_cmd
-
-__version__ = "0.9.18"
-
-# Required config variable list per user
-required_config = ['allowed', 'forbidden', 'warning_counter']
-
-# set configuration file path depending on sys.exec_prefix
-# on *Linux sys.exec_prefix = '/usr' and default path must be in '/etc'
-# on *BSD sys.exec_prefix = '/usr/{pkg,local}/' and default path
-# is '/usr/{pkg,local}/etc'
-if sys.exec_prefix != '/usr':
- # for *BSD
- conf_prefix = sys.exec_prefix
-else:
- # for *Linux
- conf_prefix = ''
-configfile = conf_prefix + '/etc/lshell.conf'
-
-# history file
-history_file = ".lhistory"
-
-# help text
-usage = """Usage: lshell [OPTIONS]
- --config <file> : Config file location (default %s)
- --<param> <value> : where <param> is *any* config file parameter
- -h, --help : Show this help message
- --version : Show version
-""" % configfile
-
-# Intro Text
-intro = """You are in a limited shell.
-Type '?' or 'help' to get the list of allowed commands"""
-
-# configuration parameters
-configparams = ['config=',
- 'help',
- 'version',
- 'quiet=',
- 'log=',
- 'logpath=',
- 'loglevel=',
- 'logfilename=',
- 'syslogname=',
- 'allowed=',
- 'forbidden=',
- 'sudo_commands=',
- 'warning_counter=',
- 'aliases=',
- 'intro=',
- 'prompt=',
- 'prompt_short=',
- 'timer=',
- 'path=',
- 'home_path=',
- 'env_path=',
- 'allowed_cmd_path=',
- 'env_vars=',
- 'scp=',
- 'scp_upload=',
- 'scp_download=',
- 'sftp=',
- 'overssh=',
- 'strict=',
- 'scpforce=',
- 'history_size=',
- 'history_file=',
- 'path_noxec=',
- 'allowed_shell_escape=',
- 'winscp=',
- 'include_dir=']
-
-builtins = ['cd',
- 'clear',
- 'exit',
- 'export',
- 'history',
- 'lpath',
- 'lsudo']
+# import lshell specifics
+from lshell.utils import get_aliases, exec_cmd
+from lshell import variables
class CheckConfig:
@@ -153,12 +77,12 @@ def getoptions(self, arguments, conf):
file path to /etc/lshell.confelf.conf['allowed'].append('exit')
"""
# set configfile as default configuration file
- conf['configfile'] = configfile
+ conf['configfile'] = variables.configfile
try:
optlist, args = getopt.getopt(arguments,
'hc:',
- configparams)
+ variables.configparams)
except getopt.GetoptError:
self.stderr.write('Missing or unknown argument(s)\n')
self.usage()
@@ -168,7 +92,7 @@ def getoptions(self, arguments, conf):
conf['configfile'] = os.path.realpath(value)
if option in ['--log']:
conf['logpath'] = os.path.realpath(value)
- if "%s=" % option[2:] in configparams:
+ if "%s=" % option[2:] in variables.configparams:
conf[option[2:]] = value
if option in ['-c']:
conf['ssh'] = value
@@ -193,12 +117,12 @@ def getoptions(self, arguments, conf):
def usage(self):
""" Prints the usage """
- sys.stderr.write(usage)
+ sys.stderr.write(variables.usage)
sys.exit(0)
def version(self):
""" Prints the version """
- sys.stderr.write('lshell-%s - Limited Shell\n' % __version__)
+ sys.stderr.write('lshell-%s - Limited Shell\n' % variables.__version__)
sys.exit(0)
def check_env(self):
@@ -214,7 +138,7 @@ def check_file(self, file):
"""
if not os.path.exists(file):
self.stderr.write("Error: Config file doesn't exist\n")
- self.stderr.write(usage)
+ self.stderr.write(variables.usage)
sys.exit(0)
else:
self.config = ConfigParser.ConfigParser()
@@ -499,7 +423,7 @@ def check_user_integrity(self):
for the present user.
In case fields are missing, the user is notified and exited from lshell
"""
- for item in required_config:
+ for item in variables.required_config:
if item not in self.conf_raw.keys():
self.log.critical("ERROR: Missing parameter '%s'" % item)
self.log.critical('ERROR: Add it in the in the [%s] '
@@ -618,7 +542,7 @@ def get_config_user(self):
if 'intro' in self.conf_raw:
self.conf['intro'] = self.myeval(self.conf_raw['intro'])
else:
- self.conf['intro'] = intro
+ self.conf['intro'] = variables.intro
if os.path.isdir(self.conf['home_path']):
os.chdir(self.conf['home_path'])
@@ -636,7 +560,7 @@ def get_config_user(self):
self.log.error('CONF: history file error: %s'
% self.conf['history_file'])
else:
- self.conf['history_file'] = history_file
+ self.conf['history_file'] = variables.history_file
if not self.conf['history_file'].startswith('/'):
self.conf['history_file'] = "%s/%s" % (self.conf['home_path'],
@@ -645,7 +569,7 @@ def get_config_user(self):
os.environ['PATH'] = os.environ['PATH'] + self.conf['env_path']
# append default commands to allowed list
- self.conf['allowed'] += builtins
+ self.conf['allowed'] += variables.builtins
# in case sudo_commands is not empty, append sudo to allowed commands
if self.conf['sudo_commands']:
@@ -666,7 +590,7 @@ def get_config_user(self):
if 'sudo_commands' in self.conf_raw \
and self.conf_raw['sudo_commands'] == 'all':
# exclude native commands and sudo(8)
- exclude = builtins + ['sudo']
+ exclude = variables.builtins + ['sudo']
self.conf['sudo_commands'] = [x for x in self.conf['allowed']
if x not in exclude]
@@ -857,7 +781,7 @@ def set_noexec(self):
# exclude allowed_shell_escape commands from loop
exclude_se = list(set(self.conf['allowed']) -
set(self.conf['allowed_shell_escape']) -
- set(builtins))
+ set(variables.builtins))
for cmd in exclude_se:
# take already set aliases into consideration
@@ -866,7 +790,7 @@ def set_noexec(self):
# add an alias to all the commands, prepending with LD_PRELOAD=
# except for built-in commands
- if cmd not in builtins:
+ if cmd not in variables.builtins:
self.conf['aliases'][cmd] = 'LD_PRELOAD=%s %s' % (
self.conf['path_noexec'],
cmd)
View
@@ -27,7 +27,9 @@
import readline
import glob
-from utils import get_aliases, exec_cmd, FORBIDDEN_ENVIRON
+# import lshell specifics
+from lshell.utils import get_aliases, exec_cmd
+from lshell import variables
class ShellCmd(cmd.Cmd, object):
@@ -269,7 +271,7 @@ def export(self):
if env.count('='):
var, value = env.split(' ')[0].split('=')[0:2]
# disallow dangerous variable
- if var in FORBIDDEN_ENVIRON:
+ if var in variables.FORBIDDEN_ENVIRON:
return 1, var
os.environ.update({var: value})
return 0, None
View
@@ -36,15 +36,6 @@ def urandom(n):
_urandomfd.close()
return bytes
-FORBIDDEN_ENVIRON = (
- 'LD_AOUT_LIBRARY_PATH', 'LD_AOUT_PRELOAD', 'LD_LIBRARY_PATH', 'LD_PRELOAD',
- 'LD_ORIGIN_PATH', 'LD_DEBUG_OUTPUT', 'LD_PROFILE', 'GCONV_PATH',
- 'HOSTALIASES', 'LOCALDOMAIN', 'LOCPATH', 'MALLOC_TRACE', 'NLSPATH',
- 'RESOLV_HOST_CONF', 'RES_OPTIONS', 'TMPDIR', 'TZDIR', 'LD_USE_LOAD_BIAS',
- 'LD_DEBUG', 'LD_DYNAMIC_WEAK', 'LD_SHOW_AUXV', 'GETCONF_DIR', 'LD_AUDIT',
- 'NIS_PATH', 'PATH'
-)
-
def get_aliases(line, aliases):
""" Replace all configured aliases in the line
View
@@ -0,0 +1,107 @@
+#
+# Limited command Shell (lshell)
+#
+# Copyright (C) 2008-2013 Ignace Mouzannar (ghantoos) <ghantoos@ghantoos.org>
+#
+# This file is part of lshell
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+import sys
+
+__version__ = "0.9.18"
+
+# Required config variable list per user
+required_config = ['allowed', 'forbidden', 'warning_counter']
+
+# set configuration file path depending on sys.exec_prefix
+# on *Linux sys.exec_prefix = '/usr' and default path must be in '/etc'
+# on *BSD sys.exec_prefix = '/usr/{pkg,local}/' and default path
+# is '/usr/{pkg,local}/etc'
+if sys.exec_prefix != '/usr':
+ # for *BSD
+ conf_prefix = sys.exec_prefix
+else:
+ # for *Linux
+ conf_prefix = ''
+configfile = conf_prefix + '/etc/lshell.conf'
+
+# history file
+history_file = ".lhistory"
+
+# help text
+usage = """Usage: lshell [OPTIONS]
+ --config <file> : Config file location (default %s)
+ --<param> <value> : where <param> is *any* config file parameter
+ -h, --help : Show this help message
+ --version : Show version
+""" % configfile
+
+# Intro Text
+intro = """You are in a limited shell.
+Type '?' or 'help' to get the list of allowed commands"""
+# configuration parameters
+configparams = ['config=',
+ 'help',
+ 'version',
+ 'quiet=',
+ 'log=',
+ 'logpath=',
+ 'loglevel=',
+ 'logfilename=',
+ 'syslogname=',
+ 'allowed=',
+ 'forbidden=',
+ 'sudo_commands=',
+ 'warning_counter=',
+ 'aliases=',
+ 'intro=',
+ 'prompt=',
+ 'prompt_short=',
+ 'timer=',
+ 'path=',
+ 'home_path=',
+ 'env_path=',
+ 'allowed_cmd_path=',
+ 'env_vars=',
+ 'scp=',
+ 'scp_upload=',
+ 'scp_download=',
+ 'sftp=',
+ 'overssh=',
+ 'strict=',
+ 'scpforce=',
+ 'history_size=',
+ 'history_file=',
+ 'path_noxec=',
+ 'allowed_shell_escape=',
+ 'winscp=',
+ 'include_dir=']
+
+builtins = ['cd',
+ 'clear',
+ 'exit',
+ 'export',
+ 'history',
+ 'lpath',
+ 'lsudo']
+
+FORBIDDEN_ENVIRON = (
+ 'LD_AOUT_LIBRARY_PATH', 'LD_AOUT_PRELOAD', 'LD_LIBRARY_PATH', 'LD_PRELOAD',
+ 'LD_ORIGIN_PATH', 'LD_DEBUG_OUTPUT', 'LD_PROFILE', 'GCONV_PATH',
+ 'HOSTALIASES', 'LOCALDOMAIN', 'LOCPATH', 'MALLOC_TRACE', 'NLSPATH',
+ 'RESOLV_HOST_CONF', 'RES_OPTIONS', 'TMPDIR', 'TZDIR', 'LD_USE_LOAD_BIAS',
+ 'LD_DEBUG', 'LD_DYNAMIC_WEAK', 'LD_SHOW_AUXV', 'GETCONF_DIR', 'LD_AUDIT',
+ 'NIS_PATH', 'PATH'
+)
View
@@ -19,20 +19,23 @@
from distutils.core import setup
+# import lshell specifics
+from lshell.variables import __version__
+
if __name__ == '__main__':
setup(name='lshell',
- version='0.9.18',
+ version='%s' % __version__,
description='Limited Shell',
long_description="""Limited Shell (lshell) is lets you restrict the \
environment of any user. It provides an easily configurable shell: just \
choose a list of allowed commands for every limited account.""",
- author='Ignace Mouzannar (ghantoos)',
+ author='Ignace Mouzannar',
author_email='ghantoos@ghantoos.org',
- maintainer='Ignace Mouzannar (ghantoos)',
+ maintainer='Ignace Mouzannar',
maintainer_email='ghantoos@ghantoos.org',
keywords=['limited', 'shell', 'security', 'python'],
- url='http://ghantoos.org/limited-shell-lshell/',
+ url='https://github.com/ghantoos/lshell',
license='GPL',
platforms='UNIX',
scripts=['bin/lshell'],
View
@@ -1,9 +1,11 @@
import unittest
+import os
+# import lshell specifics
from lshell.shellcmd import ShellCmd
-from lshell.checkconfig import CheckConfig, builtins
+from lshell.checkconfig import CheckConfig
from lshell.utils import get_aliases
-import os
+from lshell.variables import builtins
TOPDIR = '%s/../' % os.path.dirname(os.path.realpath(__file__))

0 comments on commit 1c378cd

Please sign in to comment.