From fe2776b1ad591ae7e349bfc518938efeb6e57182 Mon Sep 17 00:00:00 2001
From: xSmurf <xsmurf+github@smurfturf.net>
Date: Fri, 12 Jun 2015 23:14:20 +0000
Subject: [PATCH] Sanitizing of environment variables and fixed passing of vars
 to shell

---
 config.go           | 37 +++++++++++++++++++++----------------
 oz-daemon/daemon.go | 39 ++++++++++++++++++++++++++++++++++++++-
 oz-init/init.go     |  4 +++-
 3 files changed, 62 insertions(+), 18 deletions(-)

diff --git a/config.go b/config.go
index 8319e0d..329e2c2 100644
--- a/config.go
+++ b/config.go
@@ -6,28 +6,33 @@ import (
 )
 
 type Config struct {
-	ProfileDir     string `json:"profile_dir"`
-	ShellPath      string `json:"shell_path"`
-	SandboxPath    string `json:"sandbox_path"`
-	BridgeMACAddr  string `json:"bridge_mac"`
-	NMIgnoreFile   string `json:"nm_ignore_file"`
-	UseFullDev     bool   `json:"use_full_dev"`
-	AllowRootShell bool   `json:"allow_root_shell"`
-	LogXpra        bool   `json:"log_xpra"`
+	ProfileDir      string   `json:"profile_dir"`
+	ShellPath       string   `json:"shell_path"`
+	SandboxPath     string   `json:"sandbox_path"`
+	BridgeMACAddr   string   `json:"bridge_mac"`
+	NMIgnoreFile    string   `json:"nm_ignore_file"`
+	UseFullDev      bool     `json:"use_full_dev"`
+	AllowRootShell  bool     `json:"allow_root_shell"`
+	LogXpra         bool     `json:"log_xpra"`
+	EnvironmentVars []string `json:"environment_vars"`
 }
 
 const DefaultConfigPath = "/etc/oz/oz.conf"
 
 func NewDefaultConfig() *Config {
 	return &Config{
-		ProfileDir:     "/var/lib/oz/cells.d",
-		ShellPath:      "/bin/bash",
-		SandboxPath:    "/srv/oz",
-		NMIgnoreFile:   "/etc/NetworkManager/conf.d/oz.conf",
-		BridgeMACAddr:  "6A:A8:2E:56:E8:9C",
-		UseFullDev:     false,
-		AllowRootShell: false,
-		LogXpra:        false,
+		ProfileDir:      "/var/lib/oz/cells.d",
+		ShellPath:       "/bin/bash",
+		SandboxPath:     "/srv/oz",
+		NMIgnoreFile:    "/etc/NetworkManager/conf.d/oz.conf",
+		BridgeMACAddr:   "6A:A8:2E:56:E8:9C",
+		UseFullDev:      false,
+		AllowRootShell:  false,
+		LogXpra:         false,
+		EnvironmentVars: []string{
+			"USER", "USERNAME", "LOGNAME",
+			"LANG", "LANGUAGE", "_",
+		},
 	}
 }
 
diff --git a/oz-daemon/daemon.go b/oz-daemon/daemon.go
index cf5154a..6e3e851 100644
--- a/oz-daemon/daemon.go
+++ b/oz-daemon/daemon.go
@@ -3,6 +3,7 @@ package daemon
 import (
 	"fmt"
 	"os/user"
+	"strings"
 	"syscall"
 
 	"github.com/subgraph/oz"
@@ -127,7 +128,8 @@ func (d *daemonState) handleLaunch(msg *LaunchMsg, m *ipc.Message) error {
 		return m.Respond(&ErrorMsg{err.Error()})
 	}
 	d.Debug("Would launch %s", p.Name)
-	_, err = d.launch(p, msg.Env, m.Ucred.Uid, m.Ucred.Gid, d.log)
+	env := d.sanitizeEnvironment(p, msg.Env)
+	_, err = d.launch(p, env, m.Ucred.Uid, m.Ucred.Gid, d.log)
 	if err != nil {
 		d.Warning("launch of %s failed: %v", p.Name, err)
 		return m.Respond(&ErrorMsg{err.Error()})
@@ -135,6 +137,41 @@ func (d *daemonState) handleLaunch(msg *LaunchMsg, m *ipc.Message) error {
 	return m.Respond(&OkMsg{})
 }
 
+func (d *daemonState) sanitizeEnvironment(p *oz.Profile, oldEnv []string) ([]string) {
+	newEnv := []string{}
+	
+	for _, EnvItem := range d.config.EnvironmentVars {
+		for _, OldItem := range oldEnv {
+			if strings.HasPrefix(OldItem, EnvItem+"=") {
+				newEnv = append(newEnv, EnvItem+"="+strings.Replace(OldItem, EnvItem+"=", "", 1))
+
+				break
+			}
+		}
+	}
+
+	for _, EnvItem := range p.Environment {
+		if EnvItem.Value != "" {
+			d.log.Info("Setting environment variable: %s=%s\n", EnvItem.Name, EnvItem.Value)
+
+			newEnv = append(newEnv, EnvItem.Name+"="+EnvItem.Value)
+		} else {
+			for _, OldItem := range oldEnv {
+				if strings.HasPrefix(OldItem, EnvItem.Name+"=") {
+					NewValue := strings.Replace(OldItem, EnvItem.Name+"=", "", 1)
+					newEnv = append(newEnv, EnvItem.Name+"="+NewValue)
+
+					d.log.Info("Cloning environment variable: %s=%s\n", EnvItem.Name, NewValue)
+
+					break
+				}
+			}
+		}
+	}
+	
+	return newEnv
+}
+
 func (d *daemonState) handleKillSandbox(msg *KillSandboxMsg, m *ipc.Message) error {
 	sbox := d.sandboxById(msg.Id)
 	if sbox == nil {
diff --git a/oz-init/init.go b/oz-init/init.go
index 2958930..728a631 100644
--- a/oz-init/init.go
+++ b/oz-init/init.go
@@ -319,7 +319,7 @@ func (st *initState) handleRunShell(rs *RunShellMsg, msg *ipc.Message) error {
 		Gid: msg.Ucred.Gid,
 	}
 	if rs.Term != "" {
-		cmd.Env = append(cmd.Env, "TERM="+rs.Term)
+		cmd.Env = append(st.launchEnv, "TERM="+rs.Term)
 	}
 	if msg.Ucred.Uid != 0 && msg.Ucred.Gid != 0 {
 		if homedir, _ := st.fs.GetHomeDir(); homedir != "" {
@@ -327,9 +327,11 @@ func (st *initState) handleRunShell(rs *RunShellMsg, msg *ipc.Message) error {
 			cmd.Env = append(cmd.Env, "HOME="+homedir)
 		}
 	}
+	/*
 	if st.profile.XServer.Enabled {
 		cmd.Env = append(cmd.Env, "DISPLAY=:"+strconv.Itoa(st.display))
 	}
+	*/
 	cmd.Env = append(cmd.Env, "PATH=/usr/bin:/bin")
 	cmd.Env = append(cmd.Env, fmt.Sprintf("PS1=[%s] $ ", st.profile.Name))
 	st.log.Info("Executing shell...")