Пример #1
0
 @SuppressFBWarnings(
     value = "RV_RETURN_VALUE_IGNORED_BAD_PRACTICE",
     justification = "createTempFile will fail anyway if there is a problem with mkdirs")
 private String createLocalSocketAddress() throws IOException {
   String name;
   if (temp != null) {
     temp.mkdirs();
   }
   if (OsUtils.isUNIX()) {
     File socket = File.createTempFile("ssh", "", temp);
     if (socket.getAbsolutePath().length() >= /*UNIX_PATH_MAX*/ 108) {
       LOGGER.log(
           Level.WARNING,
           "Cannot use {0} due to UNIX_PATH_MAX; falling back to system temp dir",
           socket);
       socket = File.createTempFile("ssh", "");
     }
     FileUtils.deleteQuietly(socket);
     name = socket.getAbsolutePath();
   } else {
     File socket = File.createTempFile("ssh", "", temp);
     FileUtils.deleteQuietly(socket);
     name = "\\\\.\\pipe\\" + socket.getName();
   }
   return name;
 }
Пример #2
0
  /**
   * Checks if a path has strict permissions
   *
   * <UL>
   *   <LI>
   *       <p>(For {@code Unix}) The path may not have group or others write permissions
   *   <LI>
   *       <p>The path must be owned by current user.
   *   <LI>
   *       <p>(For {@code Unix}) The path may be owned by root.
   * </UL>
   *
   * @param path The {@link Path} to be checked - ignored if {@code null} or does not exist
   * @param options The {@link LinkOption}s to use to query the file's permissions
   * @return The violated permission as {@link Pair} where {@link Pair#getClass()} is a loggable
   *     message and {@link Pair#getSecond()} is the offending object - e.g., {@link
   *     PosixFilePermission} or {@link String} for owner. Return value is {@code null} if no
   *     violations detected
   * @throws IOException If failed to retrieve the permissions
   * @see #STRICTLY_PROHIBITED_FILE_PERMISSION
   */
  public static Pair<String, Object> validateStrictConfigFilePermissions(
      Path path, LinkOption... options) throws IOException {
    if ((path == null) || (!Files.exists(path, options))) {
      return null;
    }

    Collection<PosixFilePermission> perms = IoUtils.getPermissions(path, options);
    if (GenericUtils.isEmpty(perms)) {
      return null;
    }

    if (OsUtils.isUNIX()) {
      PosixFilePermission p =
          IoUtils.validateExcludedPermissions(perms, STRICTLY_PROHIBITED_FILE_PERMISSION);
      if (p != null) {
        return new Pair<String, Object>(String.format("Permissions violation (%s)", p), p);
      }
    }

    String owner = IoUtils.getFileOwner(path, options);
    if (GenericUtils.isEmpty(owner)) {
      // we cannot get owner
      // general issue: jvm does not support permissions
      // security issue: specific filesystem does not support permissions
      return null;
    }

    String current = OsUtils.getCurrentUser();
    Set<String> expected = new HashSet<>();
    expected.add(current);
    if (OsUtils.isUNIX()) {
      // Windows "Administrator" was considered however in Windows most likely a group is used.
      expected.add(OsUtils.ROOT_USER);
    }

    if (!expected.contains(owner)) {
      return new Pair<String, Object>(String.format("Owner violation (%s)", owner), owner);
    }

    return null;
  }
Пример #3
0
 public void setupSensibleDefaultPty() {
   try {
     if (OsUtils.isUNIX()) {
       ptyModes = SttySupport.getUnixPtyModes();
       ptyColumns = SttySupport.getTerminalWidth();
       ptyLines = SttySupport.getTerminalHeight();
     } else {
       ptyType = "windows";
     }
   } catch (Throwable t) {
     // Ignore exceptions
   }
 }