Fix Windows file permission checking

2021-06-09 13:34:26 +05:30 · 2021-06-09 13:34:26 +05:30 · 438a63b0f4
parent f1d85dbc44
commit 438a63b0f4
2 changed files with 11 additions and 5 deletions
--- a/monkey/monkey_island/cc/server_utils/file_utils.py
+++ b/monkey/monkey_island/cc/server_utils/file_utils.py
@ -26,12 +26,12 @@ def has_expected_permissions(path: str, expected_permissions: int) -> bool:
            sid = ace[-1]
            permissions = ace[1]
            if sid == user_sid:
-                if oct(permissions & 0o777) != expected_permissions:
+                if permissions != expected_permissions:
                    return False
            elif sid == admins_sid:
                continue
            else:
-                if oct(permissions) != 0:  # everyone but user & admins should have no permissions
+                if permissions != 2032127:  # everyone but user & admins should have no permissions
                    return False

        return True
--- a/monkey/monkey_island/cc/setup/island_config_options_validator.py
+++ b/monkey/monkey_island/cc/setup/island_config_options_validator.py
@ -1,16 +1,17 @@
 import os

 from common.utils.exceptions import InsecurePermissionsError
+from monkey_island.cc.environment.utils import is_windows_os
 from monkey_island.cc.server_utils.file_utils import has_expected_permissions
 from monkey_island.cc.setup.island_config_options import IslandConfigOptions


 def raise_on_invalid_options(options: IslandConfigOptions):
    _raise_if_not_isfile(options.crt_path)
-    _raise_if_incorrect_permissions(options.crt_path, 0o400)
+    _raise_if_incorrect_permissions(options.crt_path, 0o400, 1179817)

    _raise_if_not_isfile(options.key_path)
-    _raise_if_incorrect_permissions(options.key_path, 0o400)
+    _raise_if_incorrect_permissions(options.key_path, 0o400, 1179817)


 def _raise_if_not_isfile(f: str):
@ -18,7 +19,12 @@ def _raise_if_not_isfile(f: str):
        raise FileNotFoundError(f"{f} does not exist or is not a regular file.")


-def _raise_if_incorrect_permissions(f: str, expected_permissions: int):
+def _raise_if_incorrect_permissions(
+    f: str, linux_expected_permissions: int, windows_expected_permissions: int
+):
+    expected_permissions = (
+        windows_expected_permissions if is_windows_os() else linux_expected_permissions
+    )
    if not has_expected_permissions(f, expected_permissions):
        raise InsecurePermissionsError(
            f"The file {f} has incorrect permissions. Expected: {oct(expected_permissions)}"