src/klish-plugin-infix: break out shell to optional shell.xml

Some customers don't want unprivileged CLI users to be able to exit to a shell. The shell is currently hard-coded to bash, but should be one of the ietf-system shells, configurable --with-shell=foo. Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
kernelkit · Feb 4, 2024 · 14eee45 · 14eee45
1 parent 855f1c5
commit 14eee45
Show file tree

Hide file tree

Showing 6 changed files with 39 additions and 4 deletions.
diff --git a/package/klish-plugin-infix/Config.in b/package/klish-plugin-infix/Config.in
@@ -6,3 +6,13 @@ config BR2_PACKAGE_KLISH_PLUGIN_INFIX
 	help
 	  A plugin to klish with an opinionated config and some
 	  command extensions, suitable for systems running Infix.
+
+if BR2_PACKAGE_KLISH_PLUGIN_INFIX
+
+config BR2_PACKAGE_KLISH_PLUGIN_INFIX_SHELL
+	bool "shell command"
+	default y
+	help
+	  Include 'shell' command exit to Bash.
+
+endif
diff --git a/package/klish-plugin-infix/klish-plugin-infix.mk b/package/klish-plugin-infix/klish-plugin-infix.mk
@@ -19,6 +19,12 @@ else
 KLISH_PLUGIN_INFIX_CONF_OPTS += --disable-containers
 endif
 
+ifeq ($(BR2_PACKAGE_KLISH_PLUGIN_INFIX_SHELL),y)
+KLISH_PLUGIN_INFIX_CONF_OPTS += --enable-shell
+else
+KLISH_PLUGIN_INFIX_CONF_OPTS += --disable-shell
+endif
+
 define KLISH_PLUGIN_INFIX_INSTALL_DOC
 	$(INSTALL) -t $(TARGET_DIR)/usr/share/infix/cli -D -m 0644 \
 		$(wildcard $(BR2_EXTERNAL_INFIX_PATH)/doc/cli/*.md)

diff --git a/src/klish-plugin-infix/configure.ac b/src/klish-plugin-infix/configure.ac
@@ -22,6 +22,10 @@ AC_ARG_ENABLE(containers,
         AS_HELP_STRING([--enable-containers], [Enable support for containers]),,[
 	enable_containers=no])
 
+AC_ARG_ENABLE(shell,
+        AS_HELP_STRING([--enable-shell], [Enable shell access from CLI]),,[
+	enable_shell=no])
+
 # Check for pkg-config first, warn if it's not installed
 PKG_PROG_PKG_CONFIG
 
@@ -31,6 +35,7 @@ AC_CHECK_LIB([klish], [kplugin_new],, AC_MSG_ERROR([Klish not found]))
 
 # Control build with automake flags
 AM_CONDITIONAL(CONTAINERS,   [test "x$enable_containers" != "xno"])
+AM_CONDITIONAL(SHELL,        [test "x$enable_shell" != "xno"])
 
 test "x$prefix" = xNONE && prefix=$ac_default_prefix
 test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'

diff --git a/src/klish-plugin-infix/xml/Makefile.am b/src/klish-plugin-infix/xml/Makefile.am
@@ -4,3 +4,7 @@ klishconf_DATA  = infix.xml
 if CONTAINERS
 klishconf_DATA += containers.xml
 endif
+
+if SHELL
+klishconf_DATA += shell.xml
+endif
diff --git a/src/klish-plugin-infix/xml/infix.xml b/src/klish-plugin-infix/xml/infix.xml
@@ -147,10 +147,6 @@
   <ACTION sym="rpc@infix" ptype="STRING">/ietf-system:system-restart</ACTION>
 </COMMAND>
 
-<COMMAND name="shell" help="Enter system shell">
-  <ACTION sym="script" in="tty" out="tty" interrupt="true">/usr/bin/env CLISH=yes bash -l</ACTION>
-</COMMAND>
-
 <COMMAND name="exit" help="Exit from CLI (log out)">
   <ACTION sym="nav">pop</ACTION>
 </COMMAND>

diff --git a/src/klish-plugin-infix/xml/shell.xml b/src/klish-plugin-infix/xml/shell.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<KLISH
+  xmlns="https://klish.libcode.org/klish3"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="https://src.libcode.org/pkun/klish/src/master/klish.xsd">
+
+  <VIEW name="main">
+
+    <COMMAND name="shell" help="Enter system shell">
+      <ACTION sym="script" in="tty" out="tty" interrupt="true">/usr/bin/env CLISH=yes bash -l</ACTION>
+    </COMMAND>
+
+  </VIEW>
+</KLISH>