tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
openssh-portable/regress/pesterTests/CommonUtils.psm1

106 lines
2.8 KiB
PowerShell
Raw Normal View History

file permission on ssh_config, authorized_keys, private keys, host keys, public keys. (#110) 1. Add file permission check when load or add ssh_config, authorized_keys, private keys, host keys,. 2. set the owner and ACE for create secure file, ex, private key in ssh-keygen.exe 3. Update script OpenSSHTestHelper.psm1 to be able to run Install-OpenSSH if the sshd is running on the machine. 4. add OpenSSHBinPath to path. 5. change indents in agentconfig.c 6. update test script to represent the changes 7. Add tests for: * authorized_keys and ssh-keygen testing * host keys file perm testing * user private key file perm testing * ssh-add test * user ssh_config
2017-05-01 23:18:20 +02:00
Enum PlatformType {
Windows
Linux
OSX
}
function Get-Platform {
# Use the .NET Core APIs to determine the current platform; if a runtime
# exception is thrown, we are on FullCLR, not .NET Core.
try {
$Runtime = [System.Runtime.InteropServices.RuntimeInformation]
$OSPlatform = [System.Runtime.InteropServices.OSPlatform]
$IsLinux = $Runtime::IsOSPlatform($OSPlatform::Linux)
$IsOSX = $Runtime::IsOSPlatform($OSPlatform::OSX)
$IsWindows = $Runtime::IsOSPlatform($OSPlatform::Windows)
} catch {
try {
$IsLinux = $false
$IsOSX = $false
$IsWindows = $true
}
catch { }
}
if($IsOSX) {
[PlatformType]::OSX
} elseif($IsLinux) {
[PlatformType]::Linux
} else {
[PlatformType]::Windows
}
}
function Set-SecureFileACL
{
param(
[string]$FilePath,
[System.Security.Principal.NTAccount]$Owner = $null
)
$myACL = Get-ACL -Path $FilePath
$myACL.SetAccessRuleProtection($True, $True)
Set-Acl -Path $FilePath -AclObject $myACL
$myACL = Get-ACL $FilePath
$actualOwner = $null
if($owner -eq $null)
{
$actualOwner = New-Object System.Security.Principal.NTAccount($($env:USERDOMAIN), $($env:USERNAME))
}
else
{
$actualOwner = $Owner
}
$myACL.SetOwner($actualOwner)
if($myACL.Access)
{
$myACL.Access | % {
if(-not ($myACL.RemoveAccessRule($_)))
{
throw "failed to remove access of $($_.IdentityReference.Value) rule in setup "
}
}
}
$objACE = New-Object System.Security.AccessControl.FileSystemAccessRule `
($actualOwner, "FullControl", "None", "None", "Allow")
$myACL.AddAccessRule($objACE)
Set-Acl -Path $FilePath -AclObject $myACL
}
function Add-PermissionToFileACL
{
param(
[string]$FilePath,
[System.Security.Principal.NTAccount] $User,
[System.Security.AccessControl.FileSystemRights]$Perm
)
$myACL = Get-ACL $filePath
$objACE = New-Object System.Security.AccessControl.FileSystemAccessRule `
($User, $perm, "None", "None", "Allow")
$myACL.AddAccessRule($objACE)
Set-Acl -Path $filePath -AclObject $myACL
}
function Add-PasswordSetting
{
param([string] $pass)
$platform = Get-Platform
if ($platform -eq [PlatformType]::Windows) {
if (-not($env:DISPLAY)) {$env:DISPLAY = 1}
$env:SSH_ASKPASS="$($env:ComSpec) /c echo $pass"
}
}
function Remove-PasswordSetting
{
if ($env:DISPLAY -eq 1) { Remove-Item env:\DISPLAY }
Remove-item "env:SSH_ASKPASS" -ErrorAction SilentlyContinue
}