|
Page 1 of 3 Here’s a genuine app that I wrote for an ISP. They needed a way to let their help desk staff perform system administration functions in a controlled manner, through a simple menu of choices. The solution was pretty simple: a controlled environment with no shell access plus a series of programs and scripts that were elevated if required by sudo.
The help desk staff would use telnet or ssh or any other means to login to the Linux server as a special menu user account, instead of their ordinary accounts. The shell in /etc/passwd was set to be the menu program. This meant their environment was locked.
It wasn’t desirable to recompile the application whenever a new menu option was needed, so the first thing it does is read a configuration file and dynamically builds up its list of features that the user is offered. Additional programs and shell scripts perform the actual tasks, and these are referenced in the config file.
Also, some functions require privileged access – ie superuser access – and it’s best to run programs with the least permissions required. So, by hiving off the functionality out of the main app, the app itself need just not have any special permission.
Not all users are equal, so the config file also specifies a minimum access level required to perform each task, and another list of users stipulates the access level each user has. If a user doesn’t meet the minimum criteria for any option they simply do not see that option in the list – no point teasing people!
The first file in our program, constants.h, simply defines – as you might guess – some constant values which will be used by the rest of the program. This lets the behaviour be changed in one spot.
#define BANNER "ISP Help-Desk operations menu\nPlease log in\n\n"
#define LOGGING_ENABLED
#undef DISABLE_INTERRUPTS
#define HIDE_PASSWORD
#define CLEAR_SCREEN
#define USE_EXECL
#undef DEBUGGING
#define LOGFILE "/usr/local/menu/menu.log"
#define USERLIST "/usr/local/menu/user.list"
#define MENULIST "/usr/local/menu/menu.list"
#define SCRIPTSDIR "/usr/local/menu/scripts"
#define SUDO "/usr/local/bin/sudo"
The next file, menu.h, defines a data structure to hold the menu in memory as well as declare the functions the program will implement.
#include "constants.h"
#include <crypt.h>
#include <ctype.h>
#include <limits.h>
#include <signal.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include <wait.h>
typedef struct
{
char MenuText [75];
char ScriptName [80];
int RunAsRoot;
void *Next;
void *Submenu;
} ScriptNode;
typedef ScriptNode *ScriptTree;
void clrscrn ();
void login (char *username, char *password);
void noAccess (char *username);
int verify (char *username, char *password, int *access);
void buildMenu (int access, ScriptTree *theMenu);
void DoMenu (char *username, ScriptTree theMenu, int InSub);
ScriptTree AddMenu (ScriptTree *theMenu, char *ItemText);
void AddNode (ScriptTree *theMenu, char *ItemText,
char *ScriptCommand, int UseSudo);
void Destroy (ScriptTree theMenu);
void DoCommand (char *username, char *ScriptName, int UseSudo);
void log (const char *format, ...);
int DisplayMenu (ScriptTree theMenu, int InSub);
int getChoice (int MenuItems);
void ProcessChoice (int userChoice, ScriptTree theMenu, char *username, int InSub);
void DumpMenu (int level, ScriptTree theMenu);
void indent (int level);
CONTINUED
<< Start < Prev 1 2 3 Next > End >>
|
Linux.conf.au
The Linux distillery 
Subscribe to iTWire's daily e-newsletter now and get a FREE 12 month license to project management software valued at $99 USD. 
