/** The value of the ChRootPath setting should becase sensitive. */ void ChRootPathValueIsCaseSensitive() { SCX_RunAsAdminProvider conf = GivenAdminProviderWithEmptyConfiguration(); conf.Set(L"ChRootPath", L"/FoO/bAr/"); SCXCore::RunAsConfigurator c = GivenAReparsedConfiguration(conf); CPPUNIT_ASSERT(c.GetChRootPath() == SCXFilePath(L"/FoO/bAr/")); }
SCXFilePath SCXGlob::Current() const { SCX_LOGTRACE(m_logHandle, L"Current()"); if(cNoData == m_index) { return SCXFilePath(); } if (this->m_pathnames[m_index]) { return StrFromUTF8(this->m_pathnames[m_index]); } else { return SCXFilePath(); } }
void TestWriteAndRead() { SCX_RunAsAdminProvider conf = GivenAdminProviderWithEmptyConfiguration(); CPPUNIT_ASSERT(conf.Set(L"AllowRoot", L"false")); CPPUNIT_ASSERT(conf.Set(L"ChRootPath", L"/what/ever/")); CPPUNIT_ASSERT(conf.Set(L"CWD", L"/foo/bar/")); std::wostringstream buf; CPPUNIT_ASSERT(conf.Print(buf)); SCXHandle<ConfigurationStringParser> parser( new ConfigurationStringParser(buf.str())); SCXCore::RunAsConfigurator c2 = SCXCore::RunAsConfigurator( parser, SCXCoreLib::SCXHandle<SCXCore::ConfigurationWriter>(0)).Parse(); CPPUNIT_ASSERT(c2.GetAllowRoot() == false); CPPUNIT_ASSERT(c2.GetChRootPath() == SCXFilePath(L"/what/ever/")); CPPUNIT_ASSERT(c2.GetCWD() == SCXFilePath(L"/foo/bar/")); }
/** The ChRootPath parameter (the name) to the set command should be case insensitive. */ void ChRootPathIsCaseInsensitive() { std::vector<std::wstring> parameters; parameters.push_back(L"ChRootPath"); parameters.push_back(L"chrootpath"); parameters.push_back(L"CHROOTPATH"); for (std::vector<std::wstring>::const_iterator iter = parameters.begin(); iter != parameters.end(); ++iter) { SCX_RunAsAdminProvider conf = GivenAdminProviderWithEmptyConfiguration(); conf.Set(*iter, L"/foo/bar/"); SCXCore::RunAsConfigurator c = GivenAReparsedConfiguration(conf); CPPUNIT_ASSERT(c.GetChRootPath() == SCXFilePath(L"/foo/bar/")); } }
/** The CWD parameter to the reset command should be case insensitive. */ void ResetCWDIsCaseInsensitive() { std::vector<std::wstring> parameters; parameters.push_back(L"CWD"); parameters.push_back(L"cwd"); parameters.push_back(L"CwD"); for (std::vector<std::wstring>::const_iterator iter = parameters.begin(); iter != parameters.end(); ++iter) { SCX_RunAsAdminProvider conf = GivenAdminProviderWithEmptyConfiguration(); conf.Set(L"CWD", L"/foo/bar/"); conf.Reset(*iter); SCXCore::RunAsConfigurator c = GivenAReparsedConfiguration(conf); CPPUNIT_ASSERT(c.GetCWD() != SCXFilePath(L"/foo/bar/")); } }
std::vector<NetworkInterfaceConfigurationInstance> NetworkInterfaceConfigurationEnumeration::FindAll() { // Use NetworkInterface provider to get all the interfaces std::vector<NetworkInterfaceInfo> interfaces = NetworkInterfaceInfo::FindAll(m_deps); std::vector<NetworkInterfaceConfigurationInstance> resultList; for (size_t nr = 0; nr < interfaces.size(); nr++) { NetworkInterfaceConfigurationInstance instance(interfaces[nr]); // Set m_Index instance.m_Index = static_cast<Uint32>(nr); instance.SetKnown(NetworkInterfaceConfigurationInstance::eIndex); // Get if interface is enabled. If up interface has the address set. If running inteface has the resources // allocated and is ready to receive/transmit. if (interfaces[nr].IsKnownIfUp() && interfaces[nr].IsKnownIfRunning()) { instance.SetKnown(NetworkInterfaceConfigurationInstance::eIPEnabled); instance.m_IPEnabled = false; if (interfaces[nr].IsUp() && interfaces[nr].IsRunning()) { instance.m_IPEnabled = true; } } // (WI 468917) Activate MAC Address to be reported by the provider. interfaces[nr].GetMACAddress(instance.m_MACAddress); instance.SetKnown(NetworkInterfaceConfigurationInstance::eMACAddress); instance.m_IPAddress.clear(); if (interfaces[nr].IsIPAddressKnown()) { instance.m_IPAddress.push_back(interfaces[nr].GetIPAddress()); } vector<wstring> tmpIPv6 = interfaces[nr].GetIPV6Address(); instance.m_IPAddress.insert(instance.m_IPAddress.end(), tmpIPv6.begin(), tmpIPv6.end()); if (instance.m_IPAddress.empty() == false) { instance.SetKnown(NetworkInterfaceConfigurationInstance::eIPAddress); } if (interfaces[nr].IsNetmaskKnown()) { instance.m_IPSubnet.resize(1); instance.m_IPSubnet[0] = interfaces[nr].GetNetmask(); instance.SetKnown(NetworkInterfaceConfigurationInstance::eIPSubnet); } // Determine m_ArpUseEtherSNAP // ARP packets can be sent using EtherType fields in Ethernet II (DIX) format or in 802.3 (SNAP) format. // Both are permitted. Some operating systems can force ARP packets to be sent in the newer 802.3 // format, but due to its simplicity, the older DIX format is still widely used. #if defined(linux) || defined(sun) instance.m_ArpUseEtherSNAP = false; instance.SetKnown(NetworkInterfaceConfigurationInstance::eArpUseEtherSNAP); #endif // Determine m_Caption // Index in format [nnnnnnnn] followed by a short textual description (one-line string) of the object. ostringstream ixstr; ixstr << '[' << setfill('0') << setw(8) << nr << "] "; instance.m_Caption = StrFromMultibyte(ixstr.str()) + instance.GetName(); instance.SetKnown(NetworkInterfaceConfigurationInstance::eCaption); // Determine m_Description // Description of the CIM_Setting object. This property is inherited from CIM_Setting. instance.m_Description = instance.GetName(); instance.SetKnown(NetworkInterfaceConfigurationInstance::eDescription); // Determine m_DeadGWDetectEnabled // If TRUE, dead gateway detection occurs. With this feature enabled, Transmission // Control Protocol (TCP) asks Internet Protocol (IP) to change to a backup gateway // if it retransmits a segment several times without receiving a response. // // For Linux, this capability was added with IPv6 via its Neighbor Discovery protocol // Solaris also. #if defined(linux) // Subset of neighbor reachability problems solved by IPv6 instance.m_DeadGWDetectEnabled = SCXDirectory::Exists(L"/proc/sys/net/ipv6"); instance.SetKnown(NetworkInterfaceConfigurationInstance::eDeadGWDetectEnabled); #endif // Determine m_DefaultTOS // Default Type Of Service (TOS) value set in the header of outgoing IP packets. // Request for Comments (RFC) 791 defines the values. Default: 0 (zero), // Valid Range: 0 - 255. // This is deprecated. Implementations also are not uniform. // NOT SET-------------- // Determine m_DefaultTTL // Default Time To Live (TTL) value set in the header of outgoing IP packets. // The TTL specifies the number of routers an IP packet can pass through to // reach its destination before being discarded. Each router decrements by // one the TTL count of a packet as it passes through and discards the // packets if the TTL is 0 (zero). Default: 32, Valid Range: 1 - 255. std::vector<wstring> lines; SCXStream::NLFs nlfs; #if defined(PF_DISTRO_REDHAT) || defined(sun) // This is hardcoded in Linux microkernel source. Since V2.2 it has been in net/ipv4/ipconfig.c // For Solaris it has been 64 since version 2.8 instance.m_DefaultTTL = 64; instance.SetKnown(NetworkInterfaceConfigurationInstance::eDefaultTTL); #elif defined(PF_DISTRO_SUSE) || defined(PF_DISTRO_ULINUX) // if /proc/sys/net/ipv4/ip_default_ttl exists, then override 64 as the default with what is contained SCXFile::ReadAllLines(SCXFilePath(L"/proc/sys/net/ipv4/ip_default_ttl"), lines, nlfs); if (lines.size() > 0) { instance.m_DefaultTTL = (Uint8) StrToUInt(lines[0]); instance.SetKnown(NetworkInterfaceConfigurationInstance::eDefaultTTL); } #endif // Determine m_DHCPEnabled // If TRUE, the dynamic host configuration protocol (DHCP) server automatically // assigns an IP address to the computer system when establishing a network connection. // First fetch config data from the appropriate file wstring interface = instance.GetName(); lines.clear(); bool performRead = true; #if defined(PF_DISTRO_SUSE) // Determine DHCP Enabled by looking for process dhcpcd w/param matching this interface name instance.m_DHCPEnabled = GetDHCPEnabledFromProcessList(interface); #elif defined(PF_DISTRO_REDHAT) SCXFile::ReadAllLines(SCXFilePath(SCXCoreLib::StrAppend(L"/etc/sysconfig/network-scripts/ifcfg-", interface)), lines, nlfs); #elif defined(PF_DISTRO_ULINUX) instance.m_DHCPEnabled = GetDHCPEnabledFromProcessList(interface); if (!instance.m_DHCPEnabled) { if (SCXFile::Exists(SCXCoreLib::StrAppend(L"/etc/sysconfig/network-scripts/ifcfg-", interface))) { SCXFile::ReadAllLines(SCXFilePath(SCXCoreLib::StrAppend(L"/etc/sysconfig/network-scripts/ifcfg-", interface)), lines, nlfs); } else if (SCXFile::Exists(SCXCoreLib::StrAppend(L"/etc/sysconfig/network/ifcfg-", interface))) { SCXFile::ReadAllLines(SCXFilePath(SCXCoreLib::StrAppend(L"/etc/sysconfig/network/ifcfg-", interface)), lines, nlfs); } else { performRead = false; } } #elif defined(sun) SCXFile::ReadAllLines(SCXFilePath(SCXCoreLib::StrAppend(L"/etc/hostname.", interface)), lines, nlfs); #elif defined(hpux) SCXFile::ReadAllLines(SCXFilePath(L"/etc/rc.config.d/netconf"), lines, nlfs); #elif defined(aix) SCXFile::ReadAllLines(SCXFilePath(L"/etc/dhcpcd.ini"), lines, nlfs); #endif if (performRead) { instance.m_DHCPEnabled = GetDHCPEnabledFromConfigData(lines, interface); } #if defined(linux) // Determine DHCP Enabled by looking for process dhcpcd w/param matching this interface name if (!instance.m_DHCPEnabled) { instance.m_DHCPEnabled = GetDHCPEnabledFromProcessList(interface); } #endif instance.SetKnown(NetworkInterfaceConfigurationInstance::eDHCPEnabled); #if defined(linux) || defined(sun) || defined(hpux) // Initialize the DHCP lease information DHCPLeaseInfo dhcpLeaseInfo(interface); // Determine m_DHCPLeaseExpires // Expiration date and time for a leased IP address that was assigned to the // computer by the dynamic host configuration protocol (DHCP) server. // Example: 20521201000230.000000000 instance.m_DHCPLeaseExpires = dhcpLeaseInfo.getLeaseExpires(); if (instance.m_DHCPLeaseExpires.IsInitialized()) { instance.SetKnown(NetworkInterfaceConfigurationInstance::eDHCPLeaseExpires); } // Determine m_DHCPLeaseObtained // Date and time the lease was obtained for the IP address assigned to the // computer by the dynamic host configuration protocol (DHCP) server. // Example: 19521201000230.000000000 instance.m_DHCPLeaseObtained = dhcpLeaseInfo.getLeaseObtained(); if (instance.m_DHCPLeaseObtained.IsInitialized()) { instance.SetKnown(NetworkInterfaceConfigurationInstance::eDHCPLeaseObtained); } #endif // Determine m_DHCPServer // IP address of the dynamic host configuration protocol (DHCP) server. // Example: 10.55.34.2 #if defined(linux) instance.m_DHCPServer = dhcpLeaseInfo.getDHCPServer(); instance.SetKnown(NetworkInterfaceConfigurationInstance::eDHCPServer); #endif // Determine m_DefaultIPGateway // Array of IP addresses of default gateways that the computer system uses. // Example: 192.168.12.1 192.168.46.1 #if defined(linux) || defined(sun) wstring gwip; if (GatewayInfo::get_gatewayip(gwip, m_deps)) { instance.m_DefaultIPGateway.push_back(gwip); instance.SetKnown(NetworkInterfaceConfigurationInstance::eDefaultIPGateway); } #elif defined(hpux) // The HPUX DHCP info file also contains the default gateway wstring defaultGateway = dhcpLeaseInfo.getDefaultGateway(); if (defaultGateway.size() > 0) { instance.m_DefaultIPGateway.push_back(defaultGateway); instance.SetKnown(NetworkInterfaceConfigurationInstance::eDefaultIPGateway); } #endif // Determine m_DNSDomain // Organization name followed by a period and an extension that indicates // the type of organization, such as microsoft.com. The name can be any // combination of the letters A through Z, the numerals 0 through 9, and // the hyphen (-), plus the period (.) character used as a separator. // Example: microsoft.com #if defined(linux) || defined(sun) || defined(hpux) instance.m_DNSDomain = dhcpLeaseInfo.getDomainName(); instance.SetKnown(NetworkInterfaceConfigurationInstance::eDNSDomain); #endif // Determine m_DNSDomainSuffixSearchOrder // Array of DNS domain suffixes to be appended to the end of host names // during name resolution. When attempting to resolve a fully qualified // domain name (FQDN) from a host-only name, the system will first append // the local domain name. If this is not successful, the system will use // the domain suffix list to create additional FQDNs in the order listed // and query DNS servers for each. // Example: samples.microsoft.com example.microsoft.com // Linux doesn't add missing suffixes -----NOT SET // Determine m_DNSEnabledForWINSResolution // If TRUE, the Domain Name System (DNS) is enabled for name resolution // over Windows Internet Naming Service (WINS) resolution. If the name // cannot be resolved using DNS, the name request is forwarded to WINS // for resolution. // Windows only --------NOT SET // Determine m_DNSHostName // Host name used to identify the local computer for authentication by // some utilities. Other TCP/IP-based utilities can use this value to // acquire the name of the local computer. Host names are stored on DNS // servers in a table that maps names to IP addresses for use by DNS. // The name can be any combination of the letters A through Z, the // numerals 0 through 9, and the hyphen (-), plus the period (.) character // used as a separator. By default, this value is the Microsoft networking // computer name, but the network administrator can assign another host // name without affecting the computer name. // Example: corpdns // Probably utility authentication for Windows only ----------NOT SET // Determine m_DNSServerSearchOrder // Array of server IP addresses to be used in querying for DNS servers. #if defined(linux) || defined(sun) || defined(hpux) lines.clear(); instance.m_DNSServerSearchOrder.clear(); SCXFile::ReadAllLines(SCXFilePath(L"/etc/resolv.conf"), lines, nlfs); for (uint i = 0; i < lines.size(); i++) { // remove all comments from the current line, as they should be ignored wstring curLine = lines[i]; wstring::size_type pos; pos = curLine.find(L";"); if (pos != wstring::npos) { curLine.erase(pos, curLine.length()); } if (curLine.empty()) { continue; } std::vector<wstring> tokens; StrTokenize(curLine, tokens, L" \t"); if (tokens.size() > 1 && tokens[0].compare(L"nameserver") == 0) { instance.m_DNSServerSearchOrder.push_back(tokens[1]); } } if(instance.m_DNSServerSearchOrder.size() > 0) { instance.SetKnown(NetworkInterfaceConfigurationInstance::eDNSServerSearchOrder); } #endif // Determine m_DomainDNSRegistrationEnabled // If TRUE, the IP addresses for this connection are registered in DNS under the domain // name of this connection in addition to being registered under the computer's // full DNS name. The domain name of this connection is either set using the // SetDNSDomain() method or assigned by DSCP. The registered name is the host // name of the computer with the domain name appended. // Windows 2000: This property is not available. // NOT SET for Linux------------------------------------------------------ // Determine m_ArpAlwaysSourceRoute // If TRUE, TCP/IP transmits Address Resolution Protocol (ARP) queries with // source routing enabled on Token Ring networks. By default (FALSE), ARP first // queries without source routing, and then retries with source routing enabled // if no reply is received. Source routing allows the routing of network packets // across different types of networks. // See http://www.rapid7.com/vulndb/lookup/generic-ip-source-routing-enabled for AIX/Linux/Solaris // This property seems to be set to prevent ARP spoofing. The // principle of ARP spoofing is to send fake ARP messages onto a LAN. // Generally, the aim is to associate the attacker's MAC address with // the IP address of another host (such as the default gateway). // // Operating System Approaches // Static ARP entries: entries in the local ARP cache can be defined as // static to prevent overwrite. While static entries provide perfect security // against spoofing if the operating systems handles them correctly, they // result in quadratic maintenance efforts as IP-MAC mappings of all machines // in the network have to be distributed to all other machines. // OS security: Operating systems react differently, e.g. Linux ignores // unsolicited replies, but on the other hand uses seen requests from // other machines to update its cache. Solaris only accepts updates on // entries after a timeout. In Microsoft Windows, the behavior of the // ARP cache can be configured through several registry entries under // HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters, // namely ArpCacheLife, ArpCacheMinReferenceLife, ArpUseEtherSNAP, ArpTRSingleRoute, // ArpAlwaysSourceRoute, ArpRetryCount. #if defined(linux) instance.m_ArpAlwaysSourceRoute = false; lines.clear(); SCXFile::ReadAllLines(SCXFilePath(L"/etc/sysctl.conf"), lines, nlfs); SCXRegex r(L"accept_source_route\\s*=\\s*([01])"); instance.m_ArpAlwaysSourceRoute = false; for (int i = 0; i < (int)lines.size(); i++) { if (r.IsMatch(lines[i])) { instance.m_ArpAlwaysSourceRoute = true; break; } } instance.SetKnown(NetworkInterfaceConfigurationInstance::eArpAlwaysSourceRoute); #endif resultList.push_back(instance); } return resultList; }
/** Convenience method to retrieve the directory part of the full path \returns Directory part of the path */ const SCXFilePath SCXFileInfo::GetDirectoryPath() const { return SCXFilePath(GetFullPath().GetDirectory()); }