Fix Windows file permission checking

This commit is contained in:
Shreya 2021-06-09 13:34:26 +05:30 committed by Mike Salvatore
parent f1d85dbc44
commit 438a63b0f4
2 changed files with 11 additions and 5 deletions

View File

@ -26,12 +26,12 @@ def has_expected_permissions(path: str, expected_permissions: int) -> bool:
sid = ace[-1]
permissions = ace[1]
if sid == user_sid:
if oct(permissions & 0o777) != expected_permissions:
if permissions != expected_permissions:
return False
elif sid == admins_sid:
continue
else:
if oct(permissions) != 0: # everyone but user & admins should have no permissions
if permissions != 2032127: # everyone but user & admins should have no permissions
return False
return True

View File

@ -1,16 +1,17 @@
import os
from common.utils.exceptions import InsecurePermissionsError
from monkey_island.cc.environment.utils import is_windows_os
from monkey_island.cc.server_utils.file_utils import has_expected_permissions
from monkey_island.cc.setup.island_config_options import IslandConfigOptions
def raise_on_invalid_options(options: IslandConfigOptions):
_raise_if_not_isfile(options.crt_path)
_raise_if_incorrect_permissions(options.crt_path, 0o400)
_raise_if_incorrect_permissions(options.crt_path, 0o400, 1179817)
_raise_if_not_isfile(options.key_path)
_raise_if_incorrect_permissions(options.key_path, 0o400)
_raise_if_incorrect_permissions(options.key_path, 0o400, 1179817)
def _raise_if_not_isfile(f: str):
@ -18,7 +19,12 @@ def _raise_if_not_isfile(f: str):
raise FileNotFoundError(f"{f} does not exist or is not a regular file.")
def _raise_if_incorrect_permissions(f: str, expected_permissions: int):
def _raise_if_incorrect_permissions(
f: str, linux_expected_permissions: int, windows_expected_permissions: int
):
expected_permissions = (
windows_expected_permissions if is_windows_os() else linux_expected_permissions
)
if not has_expected_permissions(f, expected_permissions):
raise InsecurePermissionsError(
f"The file {f} has incorrect permissions. Expected: {oct(expected_permissions)}"