Suspended File permissions logic, cranked version.
This commit is contained in:
parent
b4a38796b9
commit
79662b9a6f
|
@ -1,4 +1,4 @@
|
||||||
version: 0.0.13.0.{build}
|
version: 0.0.14.0.{build}
|
||||||
image: Visual Studio 2015
|
image: Visual Studio 2015
|
||||||
|
|
||||||
branches:
|
branches:
|
||||||
|
|
|
@ -412,7 +412,7 @@ function Run-OpenSSHE2ETest
|
||||||
# Discover all CI tests and run them.
|
# Discover all CI tests and run them.
|
||||||
Push-Location $Script:E2ETestDirectory
|
Push-Location $Script:E2ETestDirectory
|
||||||
Write-Log -Message "Running OpenSSH E2E tests..."
|
Write-Log -Message "Running OpenSSH E2E tests..."
|
||||||
$testFolders = Get-ChildItem *.tests.ps1 -Recurse -Exclude SSHDConfig.tests.ps1, SSH.Tests.ps1 | ForEach-Object{ Split-Path $_.FullName} | Sort-Object -Unique
|
$testFolders = Get-ChildItem *.tests.ps1 -Recurse | ForEach-Object{ Split-Path $_.FullName} | Sort-Object -Unique
|
||||||
Invoke-Pester $testFolders -OutputFormat NUnitXml -OutputFile $Script:E2ETestResultsFile -Tag 'CI'
|
Invoke-Pester $testFolders -OutputFormat NUnitXml -OutputFile $Script:E2ETestResultsFile -Tag 'CI'
|
||||||
Pop-Location
|
Pop-Location
|
||||||
}
|
}
|
||||||
|
|
Binary file not shown.
|
@ -55,8 +55,9 @@
|
||||||
*/
|
*/
|
||||||
int
|
int
|
||||||
check_secure_file_permission(const char *name, struct passwd * pw)
|
check_secure_file_permission(const char *name, struct passwd * pw)
|
||||||
{
|
{
|
||||||
PSECURITY_DESCRIPTOR pSD = NULL;
|
return 0;
|
||||||
|
/*PSECURITY_DESCRIPTOR pSD = NULL;
|
||||||
wchar_t * name_utf16 = NULL;
|
wchar_t * name_utf16 = NULL;
|
||||||
PSID owner_sid = NULL, user_sid = NULL;
|
PSID owner_sid = NULL, user_sid = NULL;
|
||||||
PACL dacl = NULL;
|
PACL dacl = NULL;
|
||||||
|
@ -79,10 +80,10 @@ check_secure_file_permission(const char *name, struct passwd * pw)
|
||||||
if ((name_utf16 = utf8_to_utf16(name)) == NULL) {
|
if ((name_utf16 = utf8_to_utf16(name)) == NULL) {
|
||||||
errno = ENOMEM;
|
errno = ENOMEM;
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}*/
|
||||||
|
|
||||||
/*Get the owner sid of the file.*/
|
/*Get the owner sid of the file.*/
|
||||||
if ((error_code = GetNamedSecurityInfoW(name_utf16, SE_FILE_OBJECT,
|
/*if ((error_code = GetNamedSecurityInfoW(name_utf16, SE_FILE_OBJECT,
|
||||||
OWNER_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION,
|
OWNER_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION,
|
||||||
&owner_sid, NULL, &dacl, NULL, &pSD)) != ERROR_SUCCESS) {
|
&owner_sid, NULL, &dacl, NULL, &pSD)) != ERROR_SUCCESS) {
|
||||||
debug3("failed to retrieve the owner sid and dacl of file %s with error code: %d", name, error_code);
|
debug3("failed to retrieve the owner sid and dacl of file %s with error code: %d", name, error_code);
|
||||||
|
@ -102,14 +103,14 @@ check_secure_file_permission(const char *name, struct passwd * pw)
|
||||||
debug3("Bad owner on %s", name);
|
debug3("Bad owner on %s", name);
|
||||||
ret = -1;
|
ret = -1;
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}*/
|
||||||
/*
|
/*
|
||||||
iterate all aces of the file to find out if there is voilation of the following rules:
|
iterate all aces of the file to find out if there is voilation of the following rules:
|
||||||
1. no others than administrators group, system account, and current user, owner accounts have write permission on the file
|
1. no others than administrators group, system account, and current user, owner accounts have write permission on the file
|
||||||
2. sshd account can only have read permission
|
2. sshd account can only have read permission
|
||||||
3. this user and file owner should at least have read permission
|
3. this user and file owner should at least have read permission
|
||||||
*/
|
*/
|
||||||
for (DWORD i = 0; i < dacl->AceCount; i++) {
|
/*for (DWORD i = 0; i < dacl->AceCount; i++) {
|
||||||
PVOID current_ace = NULL;
|
PVOID current_ace = NULL;
|
||||||
PACE_HEADER current_aceHeader = NULL;
|
PACE_HEADER current_aceHeader = NULL;
|
||||||
PSID current_trustee_sid = NULL;
|
PSID current_trustee_sid = NULL;
|
||||||
|
@ -152,10 +153,10 @@ check_secure_file_permission(const char *name, struct passwd * pw)
|
||||||
// Not interested ACE
|
// Not interested ACE
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
}
|
}*/
|
||||||
|
|
||||||
/*no need to check administrators group, owner account, user account and system account*/
|
/*no need to check administrators group, owner account, user account and system account*/
|
||||||
if (IsWellKnownSid(current_trustee_sid, WinBuiltinAdministratorsSid) ||
|
/*if (IsWellKnownSid(current_trustee_sid, WinBuiltinAdministratorsSid) ||
|
||||||
IsWellKnownSid(current_trustee_sid, WinLocalSystemSid) ||
|
IsWellKnownSid(current_trustee_sid, WinLocalSystemSid) ||
|
||||||
EqualSid(current_trustee_sid, owner_sid) ||
|
EqualSid(current_trustee_sid, owner_sid) ||
|
||||||
EqualSid(current_trustee_sid, user_sid) ||
|
EqualSid(current_trustee_sid, user_sid) ||
|
||||||
|
@ -188,7 +189,7 @@ cleanup:
|
||||||
FreeSid(user_sid);
|
FreeSid(user_sid);
|
||||||
if(name_utf16)
|
if(name_utf16)
|
||||||
free(name_utf16);
|
free(name_utf16);
|
||||||
return ret;
|
return ret;*/
|
||||||
}
|
}
|
||||||
|
|
||||||
static BOOL
|
static BOOL
|
||||||
|
@ -267,7 +268,8 @@ done:
|
||||||
int
|
int
|
||||||
set_secure_file_permission(const char *name, struct passwd * pw)
|
set_secure_file_permission(const char *name, struct passwd * pw)
|
||||||
{
|
{
|
||||||
PSECURITY_DESCRIPTOR pSD = NULL;
|
return 0;
|
||||||
|
/*PSECURITY_DESCRIPTOR pSD = NULL;
|
||||||
PSID owner_sid = NULL;
|
PSID owner_sid = NULL;
|
||||||
PACL dacl = NULL;
|
PACL dacl = NULL;
|
||||||
wchar_t *name_utf16 = NULL, *sid_utf16 = NULL, sddl[256];
|
wchar_t *name_utf16 = NULL, *sid_utf16 = NULL, sddl[256];
|
||||||
|
@ -327,10 +329,10 @@ set_secure_file_permission(const char *name, struct passwd * pw)
|
||||||
errno = ENOMEM;
|
errno = ENOMEM;
|
||||||
ret = -1;
|
ret = -1;
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}*/
|
||||||
|
|
||||||
/*Set the owner sid and acl of the file.*/
|
/*Set the owner sid and acl of the file.*/
|
||||||
if ((error_code = SetNamedSecurityInfoW(name_utf16, SE_FILE_OBJECT,
|
/*if ((error_code = SetNamedSecurityInfoW(name_utf16, SE_FILE_OBJECT,
|
||||||
OWNER_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION | PROTECTED_DACL_SECURITY_INFORMATION,
|
OWNER_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION | PROTECTED_DACL_SECURITY_INFORMATION,
|
||||||
owner_sid, NULL, dacl, NULL)) != ERROR_SUCCESS) {
|
owner_sid, NULL, dacl, NULL)) != ERROR_SUCCESS) {
|
||||||
debug3("failed to set the owner sid and dacl of file %s with error code: %d", name, error_code);
|
debug3("failed to set the owner sid and dacl of file %s with error code: %d", name, error_code);
|
||||||
|
@ -348,5 +350,5 @@ cleanup:
|
||||||
if (owner_sid)
|
if (owner_sid)
|
||||||
FreeSid(owner_sid);
|
FreeSid(owner_sid);
|
||||||
|
|
||||||
return ret;
|
return ret;*/
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
Import-Module $PSScriptRoot\CommonUtils.psm1 -Force
|
Import-Module $PSScriptRoot\CommonUtils.psm1 -Force
|
||||||
Describe "Tests for authorized_keys file permission" -Tags "CI" {
|
Describe "Tests for authorized_keys file permission" -Tags "Scenario" {
|
||||||
BeforeAll {
|
BeforeAll {
|
||||||
if($OpenSSHTestInfo -eq $null)
|
if($OpenSSHTestInfo -eq $null)
|
||||||
{
|
{
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
Describe "Tests for ssh config" -Tags "CI" {
|
Describe "Tests for ssh config" -Tags "Scenario" {
|
||||||
BeforeAll {
|
BeforeAll {
|
||||||
if($OpenSSHTestInfo -eq $null)
|
if($OpenSSHTestInfo -eq $null)
|
||||||
{
|
{
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
Import-Module $PSScriptRoot\CommonUtils.psm1 -Force
|
Import-Module $PSScriptRoot\CommonUtils.psm1 -Force
|
||||||
Describe "Tests for host keys file permission" -Tags "CI" {
|
Describe "Tests for host keys file permission" -Tags "Scenario" {
|
||||||
BeforeAll {
|
BeforeAll {
|
||||||
if($OpenSSHTestInfo -eq $null)
|
if($OpenSSHTestInfo -eq $null)
|
||||||
{
|
{
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
$tI = 0
|
$tI = 0
|
||||||
$suite = "keyutils"
|
$suite = "keyutils"
|
||||||
|
|
||||||
Describe "E2E scenarios for ssh key management" -Tags "CI" {
|
Describe "E2E scenarios for ssh key management" -Tags "Scenario" {
|
||||||
BeforeAll {
|
BeforeAll {
|
||||||
if($OpenSSHTestInfo -eq $null)
|
if($OpenSSHTestInfo -eq $null)
|
||||||
{
|
{
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
Import-Module $PSScriptRoot\CommonUtils.psm1 -Force
|
Import-Module $PSScriptRoot\CommonUtils.psm1 -Force
|
||||||
Describe "Tests for user Key file permission" -Tags "CI" {
|
Describe "Tests for user Key file permission" -Tags "Scenario" {
|
||||||
BeforeAll {
|
BeforeAll {
|
||||||
if($OpenSSHTestInfo -eq $null)
|
if($OpenSSHTestInfo -eq $null)
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in New Issue