ab55018

Keyfactor · Mar 6, 2024 · b964e8e · b964e8e
1 parent b53710b
commit b964e8e
Show file tree

Hide file tree

Showing 5 changed files with 75 additions and 4 deletions.
diff --git a/RemoteFile/ApplicationSettings.cs b/RemoteFile/ApplicationSettings.cs
@@ -27,6 +27,7 @@ public enum FileTransferProtocolEnum
 
         private const string DEFAULT_LINUX_PERMISSION_SETTING = "600";
         private const string DEFAULT_OWNER_SETTING = "";
+        private const string DEFAULT_SUDO_IMPERSONATION_SETTING = "";
 
         private static Dictionary<string,string> configuration;
 
@@ -36,6 +37,7 @@ public enum FileTransferProtocolEnum
         public static string SeparateUploadFilePath { get { return configuration.ContainsKey("SeparateUploadFilePath") ? AddTrailingSlash(configuration["SeparateUploadFilePath"]) : string.Empty; } }
         public static string DefaultLinuxPermissionsOnStoreCreation { get { return configuration.ContainsKey("DefaultLinuxPermissionsOnStoreCreation") ? configuration["DefaultLinuxPermissionsOnStoreCreation"] : DEFAULT_LINUX_PERMISSION_SETTING; } }
         public static string DefaultOwnerOnStoreCreation { get { return configuration.ContainsKey("DefaultOwnerOnStoreCreation") ? configuration["DefaultOwnerOnStoreCreation"] : DEFAULT_OWNER_SETTING; } }
+        public static string DefaultSudoImpersonatedOwner { get { return configuration.ContainsKey("DefaultSudoImpersonatedOwner") ? configuration["DefaultSudoImpersonatedOwner"] : DEFAULT_SUDO_IMPERSONATION_SETTING; } }
         public static FileTransferProtocolEnum FileTransferProtocol 
         { 
             get 

diff --git a/RemoteFile/RemoteCertificateStore.cs b/RemoteFile/RemoteCertificateStore.cs
@@ -72,7 +72,7 @@ internal RemoteCertificateStore(string server, string serverId, string serverPas
             UploadFilePath = !string.IsNullOrEmpty(ApplicationSettings.SeparateUploadFilePath) && ServerType == ServerTypeEnum.Linux ? ApplicationSettings.SeparateUploadFilePath : StorePath;
             logger.LogDebug($"UploadFilePath: {UploadFilePath}");
 
-            if (!IsStorePathValid())
+            if (!IsValueSafeRegex(StorePath + StoreFileName))
             {
                 logger.LogDebug("Store path not valid");
                 string partialMessage = ServerType == ServerTypeEnum.Windows ? @"'\', ':', " : string.Empty;
@@ -133,6 +133,14 @@ internal void Terminate()
         internal List<string> FindStores(string[] paths, string[] extensions, string[] files, bool includeSymLinks)
         {
             logger.MethodEntry(LogLevel.Debug);
+
+            if (!AreValuesSafeRegex(paths))
+                throw new RemoteFileException("Invalid/unsafe directories to search value supplied.");
+            if (!AreValuesSafeRegex(extensions))
+                throw new RemoteFileException("Invalid/unsafe file extension value supplied.");
+            if (!AreValuesSafeRegex(files))
+                throw new RemoteFileException("Invalid/unsafe file name value supplied.");
+
             logger.MethodExit(LogLevel.Debug);
 
             if (DiscoveredStores != null)
@@ -342,15 +350,27 @@ internal void Initialize()
             logger.MethodExit(LogLevel.Debug);
         }
 
-        private bool IsStorePathValid()
+        private bool AreValuesSafeRegex(string[] values)
+        {
+            bool valueIsSafe = true;
+            foreach(string value in values)
+            {
+                valueIsSafe = IsValueSafeRegex(value);
+                if (!valueIsSafe)
+                    break;
+            }
+            return valueIsSafe;
+        }
+
+        private bool IsValueSafeRegex(string value)
         {
             logger.MethodEntry(LogLevel.Debug);
 
             Regex regex = new Regex(ServerType == ServerTypeEnum.Linux ? $@"^[\d\s\w-_/.]*$" : $@"^[\d\s\w-_/.:)(\\\\]*$");
 
             logger.MethodExit(LogLevel.Debug);
 
-            return regex.IsMatch(StorePath + StoreFileName);
+            return regex.IsMatch(value);
         }
 
         private List<string> FindStoresLinux(string[] paths, string[] extensions, string[] fileNames, bool includeSymLinks)

diff --git a/RemoteFile/RemoteHandlers/SSHHandler.cs b/RemoteFile/RemoteHandlers/SSHHandler.cs
@@ -99,7 +99,7 @@ public override string RunCommand(string commandText, object[] arguments, bool w
             _logger.MethodEntry(LogLevel.Debug);
             _logger.LogDebug($"RunCommand: {commandText}");
 
-            string sudo = $"sudo -i -S ";
+            string sudo = $"sudo -S ";
             string echo = $"echo -e '\n' | ";
 
             try

diff --git a/RemoteFile/config.json b/RemoteFile/config.json
@@ -1,5 +1,6 @@
 {
   "UseSudo": "N",
+  "SudoImpersonatingUser":  "",
   "CreateStoreIfMissing": "N",
   "UseNegotiate": "N",
   "SeparateUploadFilePath": "",

diff --git a/integration-manifest.json b/integration-manifest.json
@@ -68,6 +68,14 @@
               "DependsOn": "",
               "Type": "String",
               "DefaultValue": ""
+            },
+            {
+              "Name": "SudoImpersonatingUser",
+              "DisplayName": "Sudo Impersonating User",
+              "Required": false,
+              "DependsOn": "",
+              "Type": "String",
+              "DefaultValue": ""
             }
           ],
           "EntryParameters": []
@@ -110,6 +118,14 @@
               "Type": "String",
               "DefaultValue": ""
             },
+            {
+              "Name": "SudoImpersonatingUser",
+              "DisplayName": "Sudo Impersonating User",
+              "Required": false,
+              "DependsOn": "",
+              "Type": "String",
+              "DefaultValue": ""
+            },
             {
               "Name": "IsTrustStore",
               "DisplayName": "Trust Store",
@@ -190,6 +206,14 @@
               "DependsOn": "",
               "Type": "String",
               "DefaultValue": ""
+            },
+            {
+              "Name": "SudoImpersonatingUser",
+              "DisplayName": "Sudo Impersonating User",
+              "Required": false,
+              "DependsOn": "",
+              "Type": "String",
+              "DefaultValue": ""
             }
           ],
           "EntryParameters": []
@@ -232,6 +256,14 @@
               "Type": "String",
               "DefaultValue": ""
             },
+            {
+              "Name": "SudoImpersonatingUser",
+              "DisplayName": "Sudo Impersonating User",
+              "Required": false,
+              "DependsOn": "",
+              "Type": "String",
+              "DefaultValue": ""
+            },
             {
               "Name": "SeparatePrivateKeyFilePath",
               "DisplayName": "Separate Private Key File Location",
@@ -280,6 +312,14 @@
               "DependsOn": "",
               "Type": "String",
               "DefaultValue": ""
+            },
+            {
+              "Name": "SudoImpersonatingUser",
+              "DisplayName": "Sudo Impersonating User",
+              "Required": false,
+              "DependsOn": "",
+              "Type": "String",
+              "DefaultValue": ""
             }
           ],
           "EntryParameters": []
@@ -322,6 +362,14 @@
               "Type": "String",
               "DefaultValue": ""
             },
+            {
+              "Name": "SudoImpersonatingUser",
+              "DisplayName": "Sudo Impersonating User",
+              "Required": false,
+              "DependsOn": "",
+              "Type": "String",
+              "DefaultValue": ""
+            },
             {
               "Name": "WorkFolder",
               "DisplayName": "Location to use for creation/removal of work files",