diff --git a/RemoteFile/ApplicationSettings.cs b/RemoteFile/ApplicationSettings.cs index 914e8fce..d13bf612 100644 --- a/RemoteFile/ApplicationSettings.cs +++ b/RemoteFile/ApplicationSettings.cs @@ -27,6 +27,7 @@ public enum FileTransferProtocolEnum private const string DEFAULT_LINUX_PERMISSION_SETTING = "600"; private const string DEFAULT_OWNER_SETTING = ""; + private const string DEFAULT_SUDO_IMPERSONATION_SETTING = ""; private static Dictionary configuration; @@ -36,6 +37,7 @@ public enum FileTransferProtocolEnum public static string SeparateUploadFilePath { get { return configuration.ContainsKey("SeparateUploadFilePath") ? AddTrailingSlash(configuration["SeparateUploadFilePath"]) : string.Empty; } } public static string DefaultLinuxPermissionsOnStoreCreation { get { return configuration.ContainsKey("DefaultLinuxPermissionsOnStoreCreation") ? configuration["DefaultLinuxPermissionsOnStoreCreation"] : DEFAULT_LINUX_PERMISSION_SETTING; } } public static string DefaultOwnerOnStoreCreation { get { return configuration.ContainsKey("DefaultOwnerOnStoreCreation") ? configuration["DefaultOwnerOnStoreCreation"] : DEFAULT_OWNER_SETTING; } } + public static string DefaultSudoImpersonatedOwner { get { return configuration.ContainsKey("DefaultSudoImpersonatedOwner") ? configuration["DefaultSudoImpersonatedOwner"] : DEFAULT_SUDO_IMPERSONATION_SETTING; } } public static FileTransferProtocolEnum FileTransferProtocol { get diff --git a/RemoteFile/RemoteCertificateStore.cs b/RemoteFile/RemoteCertificateStore.cs index ae19b7e5..089d7b23 100644 --- a/RemoteFile/RemoteCertificateStore.cs +++ b/RemoteFile/RemoteCertificateStore.cs @@ -72,7 +72,7 @@ internal RemoteCertificateStore(string server, string serverId, string serverPas UploadFilePath = !string.IsNullOrEmpty(ApplicationSettings.SeparateUploadFilePath) && ServerType == ServerTypeEnum.Linux ? ApplicationSettings.SeparateUploadFilePath : StorePath; logger.LogDebug($"UploadFilePath: {UploadFilePath}"); - if (!IsStorePathValid()) + if (!IsValueSafeRegex(StorePath + StoreFileName)) { logger.LogDebug("Store path not valid"); string partialMessage = ServerType == ServerTypeEnum.Windows ? @"'\', ':', " : string.Empty; @@ -133,6 +133,14 @@ internal void Terminate() internal List FindStores(string[] paths, string[] extensions, string[] files, bool includeSymLinks) { logger.MethodEntry(LogLevel.Debug); + + if (!AreValuesSafeRegex(paths)) + throw new RemoteFileException("Invalid/unsafe directories to search value supplied."); + if (!AreValuesSafeRegex(extensions)) + throw new RemoteFileException("Invalid/unsafe file extension value supplied."); + if (!AreValuesSafeRegex(files)) + throw new RemoteFileException("Invalid/unsafe file name value supplied."); + logger.MethodExit(LogLevel.Debug); if (DiscoveredStores != null) @@ -342,7 +350,19 @@ internal void Initialize() logger.MethodExit(LogLevel.Debug); } - private bool IsStorePathValid() + private bool AreValuesSafeRegex(string[] values) + { + bool valueIsSafe = true; + foreach(string value in values) + { + valueIsSafe = IsValueSafeRegex(value); + if (!valueIsSafe) + break; + } + return valueIsSafe; + } + + private bool IsValueSafeRegex(string value) { logger.MethodEntry(LogLevel.Debug); @@ -350,7 +370,7 @@ private bool IsStorePathValid() logger.MethodExit(LogLevel.Debug); - return regex.IsMatch(StorePath + StoreFileName); + return regex.IsMatch(value); } private List FindStoresLinux(string[] paths, string[] extensions, string[] fileNames, bool includeSymLinks) diff --git a/RemoteFile/RemoteHandlers/SSHHandler.cs b/RemoteFile/RemoteHandlers/SSHHandler.cs index eb6bd131..221440c5 100644 --- a/RemoteFile/RemoteHandlers/SSHHandler.cs +++ b/RemoteFile/RemoteHandlers/SSHHandler.cs @@ -99,7 +99,7 @@ public override string RunCommand(string commandText, object[] arguments, bool w _logger.MethodEntry(LogLevel.Debug); _logger.LogDebug($"RunCommand: {commandText}"); - string sudo = $"sudo -i -S "; + string sudo = $"sudo -S "; string echo = $"echo -e '\n' | "; try diff --git a/RemoteFile/config.json b/RemoteFile/config.json index 24999a06..5afd0c1e 100644 --- a/RemoteFile/config.json +++ b/RemoteFile/config.json @@ -1,5 +1,6 @@ { "UseSudo": "N", + "SudoImpersonatingUser": "", "CreateStoreIfMissing": "N", "UseNegotiate": "N", "SeparateUploadFilePath": "", diff --git a/integration-manifest.json b/integration-manifest.json index 641a20a9..bb423a33 100644 --- a/integration-manifest.json +++ b/integration-manifest.json @@ -68,6 +68,14 @@ "DependsOn": "", "Type": "String", "DefaultValue": "" + }, + { + "Name": "SudoImpersonatingUser", + "DisplayName": "Sudo Impersonating User", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" } ], "EntryParameters": [] @@ -110,6 +118,14 @@ "Type": "String", "DefaultValue": "" }, + { + "Name": "SudoImpersonatingUser", + "DisplayName": "Sudo Impersonating User", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, { "Name": "IsTrustStore", "DisplayName": "Trust Store", @@ -190,6 +206,14 @@ "DependsOn": "", "Type": "String", "DefaultValue": "" + }, + { + "Name": "SudoImpersonatingUser", + "DisplayName": "Sudo Impersonating User", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" } ], "EntryParameters": [] @@ -232,6 +256,14 @@ "Type": "String", "DefaultValue": "" }, + { + "Name": "SudoImpersonatingUser", + "DisplayName": "Sudo Impersonating User", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, { "Name": "SeparatePrivateKeyFilePath", "DisplayName": "Separate Private Key File Location", @@ -280,6 +312,14 @@ "DependsOn": "", "Type": "String", "DefaultValue": "" + }, + { + "Name": "SudoImpersonatingUser", + "DisplayName": "Sudo Impersonating User", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" } ], "EntryParameters": [] @@ -322,6 +362,14 @@ "Type": "String", "DefaultValue": "" }, + { + "Name": "SudoImpersonatingUser", + "DisplayName": "Sudo Impersonating User", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, { "Name": "WorkFolder", "DisplayName": "Location to use for creation/removal of work files",