Suspended File permissions logic, cranked version.

This commit is contained in:
Yanbing 2017-05-15 22:08:01 -07:00 committed by Manoj Ampalam
parent b4a38796b9
commit 79662b9a6f
9 changed files with 22 additions and 20 deletions

View File

@ -1,4 +1,4 @@
version: 0.0.13.0.{build}
version: 0.0.14.0.{build}
image: Visual Studio 2015
branches:

View File

@ -412,7 +412,7 @@ function Run-OpenSSHE2ETest
# Discover all CI tests and run them.
Push-Location $Script:E2ETestDirectory
Write-Log -Message "Running OpenSSH E2E tests..."
$testFolders = Get-ChildItem *.tests.ps1 -Recurse -Exclude SSHDConfig.tests.ps1, SSH.Tests.ps1 | ForEach-Object{ Split-Path $_.FullName} | Sort-Object -Unique
$testFolders = Get-ChildItem *.tests.ps1 -Recurse | ForEach-Object{ Split-Path $_.FullName} | Sort-Object -Unique
Invoke-Pester $testFolders -OutputFormat NUnitXml -OutputFile $Script:E2ETestResultsFile -Tag 'CI'
Pop-Location
}

Binary file not shown.

View File

@ -56,7 +56,8 @@
int
check_secure_file_permission(const char *name, struct passwd * pw)
{
PSECURITY_DESCRIPTOR pSD = NULL;
return 0;
/*PSECURITY_DESCRIPTOR pSD = NULL;
wchar_t * name_utf16 = NULL;
PSID owner_sid = NULL, user_sid = NULL;
PACL dacl = NULL;
@ -79,10 +80,10 @@ check_secure_file_permission(const char *name, struct passwd * pw)
if ((name_utf16 = utf8_to_utf16(name)) == NULL) {
errno = ENOMEM;
goto cleanup;
}
}*/
/*Get the owner sid of the file.*/
if ((error_code = GetNamedSecurityInfoW(name_utf16, SE_FILE_OBJECT,
/*if ((error_code = GetNamedSecurityInfoW(name_utf16, SE_FILE_OBJECT,
OWNER_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION,
&owner_sid, NULL, &dacl, NULL, &pSD)) != ERROR_SUCCESS) {
debug3("failed to retrieve the owner sid and dacl of file %s with error code: %d", name, error_code);
@ -102,14 +103,14 @@ check_secure_file_permission(const char *name, struct passwd * pw)
debug3("Bad owner on %s", name);
ret = -1;
goto cleanup;
}
}*/
/*
iterate all aces of the file to find out if there is voilation of the following rules:
1. no others than administrators group, system account, and current user, owner accounts have write permission on the file
2. sshd account can only have read permission
3. this user and file owner should at least have read permission
*/
for (DWORD i = 0; i < dacl->AceCount; i++) {
/*for (DWORD i = 0; i < dacl->AceCount; i++) {
PVOID current_ace = NULL;
PACE_HEADER current_aceHeader = NULL;
PSID current_trustee_sid = NULL;
@ -152,10 +153,10 @@ check_secure_file_permission(const char *name, struct passwd * pw)
// Not interested ACE
continue;
}
}
}*/
/*no need to check administrators group, owner account, user account and system account*/
if (IsWellKnownSid(current_trustee_sid, WinBuiltinAdministratorsSid) ||
/*if (IsWellKnownSid(current_trustee_sid, WinBuiltinAdministratorsSid) ||
IsWellKnownSid(current_trustee_sid, WinLocalSystemSid) ||
EqualSid(current_trustee_sid, owner_sid) ||
EqualSid(current_trustee_sid, user_sid) ||
@ -188,7 +189,7 @@ cleanup:
FreeSid(user_sid);
if(name_utf16)
free(name_utf16);
return ret;
return ret;*/
}
static BOOL
@ -267,7 +268,8 @@ done:
int
set_secure_file_permission(const char *name, struct passwd * pw)
{
PSECURITY_DESCRIPTOR pSD = NULL;
return 0;
/*PSECURITY_DESCRIPTOR pSD = NULL;
PSID owner_sid = NULL;
PACL dacl = NULL;
wchar_t *name_utf16 = NULL, *sid_utf16 = NULL, sddl[256];
@ -327,10 +329,10 @@ set_secure_file_permission(const char *name, struct passwd * pw)
errno = ENOMEM;
ret = -1;
goto cleanup;
}
}*/
/*Set the owner sid and acl of the file.*/
if ((error_code = SetNamedSecurityInfoW(name_utf16, SE_FILE_OBJECT,
/*if ((error_code = SetNamedSecurityInfoW(name_utf16, SE_FILE_OBJECT,
OWNER_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION | PROTECTED_DACL_SECURITY_INFORMATION,
owner_sid, NULL, dacl, NULL)) != ERROR_SUCCESS) {
debug3("failed to set the owner sid and dacl of file %s with error code: %d", name, error_code);
@ -348,5 +350,5 @@ cleanup:
if (owner_sid)
FreeSid(owner_sid);
return ret;
return ret;*/
}

View File

@ -1,5 +1,5 @@
Import-Module $PSScriptRoot\CommonUtils.psm1 -Force
Describe "Tests for authorized_keys file permission" -Tags "CI" {
Describe "Tests for authorized_keys file permission" -Tags "Scenario" {
BeforeAll {
if($OpenSSHTestInfo -eq $null)
{

View File

@ -1,4 +1,4 @@
Describe "Tests for ssh config" -Tags "CI" {
Describe "Tests for ssh config" -Tags "Scenario" {
BeforeAll {
if($OpenSSHTestInfo -eq $null)
{

View File

@ -1,5 +1,5 @@
Import-Module $PSScriptRoot\CommonUtils.psm1 -Force
Describe "Tests for host keys file permission" -Tags "CI" {
Describe "Tests for host keys file permission" -Tags "Scenario" {
BeforeAll {
if($OpenSSHTestInfo -eq $null)
{

View File

@ -2,7 +2,7 @@
$tI = 0
$suite = "keyutils"
Describe "E2E scenarios for ssh key management" -Tags "CI" {
Describe "E2E scenarios for ssh key management" -Tags "Scenario" {
BeforeAll {
if($OpenSSHTestInfo -eq $null)
{

View File

@ -1,5 +1,5 @@
Import-Module $PSScriptRoot\CommonUtils.psm1 -Force
Describe "Tests for user Key file permission" -Tags "CI" {
Describe "Tests for user Key file permission" -Tags "Scenario" {
BeforeAll {
if($OpenSSHTestInfo -eq $null)
{