@SuppressFBWarnings(
value = "RV_RETURN_VALUE_IGNORED_BAD_PRACTICE",
justification = "createTempFile will fail anyway if there is a problem with mkdirs")
private String createLocalSocketAddress() throws IOException {
String name;
if (temp != null) {
temp.mkdirs();
}
if (OsUtils.isUNIX()) {
File socket = File.createTempFile("ssh", "", temp);
if (socket.getAbsolutePath().length() >= /*UNIX_PATH_MAX*/ 108) {
LOGGER.log(
Level.WARNING,
"Cannot use {0} due to UNIX_PATH_MAX; falling back to system temp dir",
socket);
socket = File.createTempFile("ssh", "");
}
FileUtils.deleteQuietly(socket);
name = socket.getAbsolutePath();
} else {
File socket = File.createTempFile("ssh", "", temp);
FileUtils.deleteQuietly(socket);
name = "\\\\.\\pipe\\" + socket.getName();
}
return name;
}
/**
* Checks if a path has strict permissions
*
* <UL>
* <LI>
* <p>(For {@code Unix}) The path may not have group or others write permissions
* <LI>
* <p>The path must be owned by current user.
* <LI>
* <p>(For {@code Unix}) The path may be owned by root.
* </UL>
*
* @param path The {@link Path} to be checked - ignored if {@code null} or does not exist
* @param options The {@link LinkOption}s to use to query the file's permissions
* @return The violated permission as {@link Pair} where {@link Pair#getClass()} is a loggable
* message and {@link Pair#getSecond()} is the offending object - e.g., {@link
* PosixFilePermission} or {@link String} for owner. Return value is {@code null} if no
* violations detected
* @throws IOException If failed to retrieve the permissions
* @see #STRICTLY_PROHIBITED_FILE_PERMISSION
*/
public static Pair<String, Object> validateStrictConfigFilePermissions(
Path path, LinkOption... options) throws IOException {
if ((path == null) || (!Files.exists(path, options))) {
return null;
}
Collection<PosixFilePermission> perms = IoUtils.getPermissions(path, options);
if (GenericUtils.isEmpty(perms)) {
return null;
}
if (OsUtils.isUNIX()) {
PosixFilePermission p =
IoUtils.validateExcludedPermissions(perms, STRICTLY_PROHIBITED_FILE_PERMISSION);
if (p != null) {
return new Pair<String, Object>(String.format("Permissions violation (%s)", p), p);
}
}
String owner = IoUtils.getFileOwner(path, options);
if (GenericUtils.isEmpty(owner)) {
// we cannot get owner
// general issue: jvm does not support permissions
// security issue: specific filesystem does not support permissions
return null;
}
String current = OsUtils.getCurrentUser();
Set<String> expected = new HashSet<>();
expected.add(current);
if (OsUtils.isUNIX()) {
// Windows "Administrator" was considered however in Windows most likely a group is used.
expected.add(OsUtils.ROOT_USER);
}
if (!expected.contains(owner)) {
return new Pair<String, Object>(String.format("Owner violation (%s)", owner), owner);
}
return null;
}
public void setupSensibleDefaultPty() {
try {
if (OsUtils.isUNIX()) {
ptyModes = SttySupport.getUnixPtyModes();
ptyColumns = SttySupport.getTerminalWidth();
ptyLines = SttySupport.getTerminalHeight();
} else {
ptyType = "windows";
}
} catch (Throwable t) {
// Ignore exceptions
}
}
