403Webshell
Server IP : 103.119.228.120  /  Your IP : 52.14.27.122
Web Server : Apache
System : Linux v8.techscape8.com 3.10.0-1160.119.1.el7.tuxcare.els2.x86_64 #1 SMP Mon Jul 15 12:09:18 UTC 2024 x86_64
User : nobody ( 99)
PHP Version : 5.6.40
Disable Function : shell_exec,symlink,system,exec,proc_get_status,proc_nice,proc_terminate,define_syslog_variables,syslog,openlog,closelog,escapeshellcmd,passthru,ocinum cols,ini_alter,leak,listen,chgrp,apache_note,apache_setenv,debugger_on,debugger_off,ftp_exec,dl,dll,myshellexec,proc_open,socket_bind,proc_close,escapeshellarg,parse_ini_filepopen,fpassthru,exec,passthru,escapeshellarg,escapeshellcmd,proc_close,proc_open,ini_alter,popen,show_source,proc_nice,proc_terminate,proc_get_status,proc_close,pfsockopen,leak,apache_child_terminate,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,dl,symlink,shell_exec,system,dl,passthru,escapeshellarg,escapeshellcmd,myshellexec,c99_buff_prepare,c99_sess_put,fpassthru,getdisfunc,fx29exec,fx29exec2,is_windows,disp_freespace,fx29sh_getupdate,fx29_buff_prepare,fx29_sess_put,fx29shexit,fx29fsearch,fx29ftpbrutecheck,fx29sh_tools,fx29sh_about,milw0rm,imagez,sh_name,myshellexec,checkproxyhost,dosyayicek,c99_buff_prepare,c99_sess_put,c99getsource,c99sh_getupdate,c99fsearch,c99shexit,view_perms,posix_getpwuid,posix_getgrgid,posix_kill,parse_perms,parsesort,view_perms_color,set_encoder_input,ls_setcheckboxall,ls_reverse_all,rsg_read,rsg_glob,selfURL,dispsecinfo,unix2DosTime,addFile,system,get_users,view_size,DirFiles,DirFilesWide,DirPrintHTMLHeaders,GetFilesTotal,GetTitles,GetTimeTotal,GetMatchesCount,GetFileMatchesCount,GetResultFiles,fs_copy_dir,fs_copy_obj,fs_move_dir,fs_move_obj,fs_rmdir,SearchText,getmicrotime
MySQL : ON |  cURL : ON |  WGET : ON |  Perl : ON |  Python : ON |  Sudo : ON |  Pkexec : ON
Directory :  /bin/

Upload File :
current_dir [ Writeable] document_root [ Writeable]

 

Command :


[ Back ]     

Current File : /bin/chcat
#! /usr/bin/python -Es
# Copyright (C) 2005 Red Hat
# see file 'COPYING' for use and warranty information
#
#    chcat is a script that allows you modify the Security label on a file
#
#`   Author: Daniel Walsh <dwalsh@redhat.com>
#
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of the GNU General Public License as
#    published by the Free Software Foundation; either version 2 of
#    the License, or (at your option) any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#    You should have received a copy of the GNU General Public License
#    along with this program; if not, write to the Free Software
#    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
#                                        02111-1307  USA
#
#
try:
    from subprocess import getstatusoutput
except ImportError:
    from commands import getstatusoutput
import sys
import os
import pwd
import string
import getopt
import selinux
import seobject
import gettext

try:
    gettext.install('policycoreutils')
except IOError:
    try:
        import builtins
        builtins.__dict__['_'] = str
    except ImportError:
        import __builtin__
        __builtin__.__dict__['_'] = unicode


def errorExit(error):
    sys.stderr.write("%s: " % sys.argv[0])
    sys.stderr.write("%s\n" % error)
    sys.stderr.flush()
    sys.exit(1)


def verify_users(users):
    for u in users:
        try:
            pwd.getpwnam(u)
        except KeyError:
            error("User %s does not exist" % u)


def chcat_user_add(newcat, users):
    errors = 0
    logins = seobject.loginRecords()
    seusers = logins.get_all()
    add_ind = 0
    verify_users(users)
    for u in users:
        if u in seusers.keys():
            user = seusers[u]
        else:
            add_ind = 1
            user = seusers["__default__"]
        serange = user[1].split("-")
        cats = []
        top = ["s0"]
        if len(serange) > 1:
            top = serange[1].split(":")
            if len(top) > 1:
                cats.append(top[1])
                cats = expandCats(cats)

        for i in newcat[1:]:
            if i not in cats:
                cats.append(i)

        if len(cats) > 0:
            new_serange = "%s-%s:%s" % (serange[0], top[0], ",".join(cats))
        else:
            new_serange = "%s-%s" % (serange[0], top[0])

        if add_ind:
            cmd = "semanage login -a -r %s -s %s %s" % (new_serange, user[0], u)
        else:
            cmd = "semanage login -m -r %s -s %s %s" % (new_serange, user[0], u)
        rc = getstatusoutput(cmd)
        if rc[0] != 0:
            print(rc[1])
            errors += 1

    return errors


def chcat_add(orig, newcat, objects, login_ind):
    if len(newcat) == 1:
        raise ValueError(_("Requires at least one category"))

    if login_ind == 1:
        return chcat_user_add(newcat, objects)

    errors = 0
    sensitivity = newcat[0]
    cat = newcat[1]
    cmd = 'chcon -l %s' % sensitivity
    for f in objects:
        (rc, c) = selinux.getfilecon(f)
        con = c.split(":")[3:]
        clist = translate(con)
        if sensitivity != clist[0]:
            print(_("Can not modify sensitivity levels using '+' on %s") % f)

        if len(clist) > 1:
            if cat in clist[1:]:
                print(_("%s is already in %s") % (f, orig))
                continue
            clist.append(cat)
            cats = clist[1:]
            cats.sort()
            cat_string = cats[0]
            for c in cats[1:]:
                cat_string = "%s,%s" % (cat_string, c)
        else:
            cat_string = cat
        cmd = 'chcon -l %s:%s %s' % (sensitivity, cat_string, f)
        rc = getstatusoutput(cmd)
        if rc[0] != 0:
            print(rc[1])
            errors += 1
    return errors


def chcat_user_remove(newcat, users):
    errors = 0
    logins = seobject.loginRecords()
    seusers = logins.get_all()
    add_ind = 0
    verify_users(users)
    for u in users:
        if u in seusers.keys():
            user = seusers[u]
        else:
            add_ind = 1
            user = seusers["__default__"]
        serange = user[1].split("-")
        cats = []
        top = ["s0"]
        if len(serange) > 1:
            top = serange[1].split(":")
            if len(top) > 1:
                cats.append(top[1])
                cats = expandCats(cats)

        for i in newcat[1:]:
            if i in cats:
                cats.remove(i)

        if len(cats) > 0:
            new_serange = "%s-%s:%s" % (serange[0], top[0], ",".join(cats))
        else:
            new_serange = "%s-%s" % (serange[0], top[0])

        if add_ind:
            cmd = "semanage login -a -r %s -s %s %s" % (new_serange, user[0], u)
        else:
            cmd = "semanage login -m -r %s -s %s %s" % (new_serange, user[0], u)
        rc = getstatusoutput(cmd)
        if rc[0] != 0:
            print(rc[1])
            errors += 1
    return errors


def chcat_remove(orig, newcat, objects, login_ind):
    if len(newcat) == 1:
        raise ValueError(_("Requires at least one category"))

    if login_ind == 1:
        return chcat_user_remove(newcat, objects)

    errors = 0
    sensitivity = newcat[0]
    cat = newcat[1]

    for f in objects:
        (rc, c) = selinux.getfilecon(f)
        con = c.split(":")[3:]
        clist = translate(con)
        if sensitivity != clist[0]:
            print(_("Can not modify sensitivity levels using '+' on %s") % f)
            continue

        if len(clist) > 1:
            if cat not in clist[1:]:
                print(_("%s is not in %s") % (f, orig))
                continue
            clist.remove(cat)
            if len(clist) > 1:
                cat = clist[1]
                for c in clist[2:]:
                    cat = "%s,%s" % (cat, c)
            else:
                cat = ""
        else:
            print(_("%s is not in %s") % (f, orig))
            continue

        if len(cat) == 0:
            cmd = 'chcon -l %s %s' % (sensitivity, f)
        else:
            cmd = 'chcon -l %s:%s %s' % (sensitivity, cat, f)
        rc = getstatusoutput(cmd)
        if rc[0] != 0:
            print(rc[1])
            errors += 1
    return errors


def chcat_user_replace(newcat, users):
    errors = 0
    logins = seobject.loginRecords()
    seusers = logins.get_all()
    add_ind = 0
    verify_users(users)
    for u in users:
        if u in seusers.keys():
            user = seusers[u]
        else:
            add_ind = 1
            user = seusers["__default__"]
        serange = user[1].split("-")
        new_serange = "%s-%s:%s" % (serange[0], newcat[0], string.join(newcat[1:], ","))
        if new_serange[-1:] == ":":
            new_serange = new_serange[:-1]

        if add_ind:
            cmd = "semanage login -a -r %s -s %s %s" % (new_serange, user[0], u)
        else:
            cmd = "semanage login -m -r %s -s %s %s" % (new_serange, user[0], u)
        rc = getstatusoutput(cmd)
        if rc[0] != 0:
            print(rc[1])
            errors += 1
    return errors


def chcat_replace(newcat, objects, login_ind):
    if login_ind == 1:
        return chcat_user_replace(newcat, objects)
    errors = 0
    if len(newcat) == 1:
        sensitivity = newcat[0]
        cmd = 'chcon -l %s ' % newcat[0]
    else:
        sensitivity = newcat[0]
        cmd = 'chcon -l %s:%s' % (sensitivity, newcat[1])
        for cat in newcat[2:]:
            cmd = '%s,%s' % (cmd, cat)

    for f in objects:
        cmd = "%s %s" % (cmd, f)

    rc = getstatusoutput(cmd)
    if rc[0] != 0:
        print(rc[1])
        errors += 1

    return errors


def check_replace(cats):
    plus_ind = 0
    replace_ind = 0
    for c in cats:
        if len(c) > 0 and (c[0] == "+" or c[0] == "-"):
            if replace_ind:
                raise ValueError(_("Can not combine +/- with other types of categories"))
            plus_ind = 1
        else:
            replace_ind = 1
            if plus_ind:
                raise ValueError(_("Can not combine +/- with other types of categories"))
    return replace_ind


def isSensitivity(sensitivity):
    if sensitivity[0] == "s" and sensitivity[1:].isdigit() and int(sensitivity[1:]) in range(0, 16):
        return 1
    else:
        return 0


def expandCats(cats):
    newcats = []
    for c in cats:
        for i in c.split(","):
            if i.find(".") != -1:
                j = i.split(".")
                for k in range(int(j[0][1:]), int(j[1][1:]) + 1):
                    x = ("c%d" % k)
                    if x not in newcats:
                        newcats.append(x)
            else:
                if i not in newcats:
                    newcats.append(i)
    if len(newcats) > 25:
        return cats
    return newcats


def translate(cats):
    newcat = []
    if len(cats) == 0:
        newcat.append("s0")
        return newcat
    for c in cats:
        (rc, raw) = selinux.selinux_trans_to_raw_context("a:b:c:%s" % c)
        rlist = raw.split(":")[3:]
        tlist = []
        if isSensitivity(rlist[0]) == 0:
            tlist.append("s0")
            for i in expandCats(rlist):
                tlist.append(i)
        else:
            tlist.append(rlist[0])
            for i in expandCats(rlist[1:]):
                tlist.append(i)
        if len(newcat) == 0:
            newcat.append(tlist[0])
        else:
            if newcat[0] != tlist[0]:
                raise ValueError(_("Can not have multiple sensitivities"))
        for i in tlist[1:]:
            newcat.append(i)
    return newcat


def usage():
    print(_("Usage %s CATEGORY File ...") % sys.argv[0])
    print(_("Usage %s -l CATEGORY user ...") % sys.argv[0])
    print(_("Usage %s [[+|-]CATEGORY],...] File ...") % sys.argv[0])
    print(_("Usage %s -l [[+|-]CATEGORY],...] user ...") % sys.argv[0])
    print(_("Usage %s -d File ...") % sys.argv[0])
    print(_("Usage %s -l -d user ...") % sys.argv[0])
    print(_("Usage %s -L") % sys.argv[0])
    print(_("Usage %s -L -l user") % sys.argv[0])
    print(_("Use -- to end option list.  For example"))
    print(_("chcat -- -CompanyConfidential /docs/businessplan.odt"))
    print(_("chcat -l +CompanyConfidential juser"))
    sys.exit(1)


def listcats():
    fd = open(selinux.selinux_translations_path())
    for l in fd.read().split("\n"):
        if l.startswith("#"):
            continue
        if l.find("=") != -1:
            rec = l.split("=")
            print("%-30s %s" % tuple(rec))
    fd.close()
    return 0


def listusercats(users):
    if len(users) == 0:
        try:
            users.append(os.getlogin())
        except:
            users.append(pwd.getpwuid(os.getuid()).pw_name)

    verify_users(users)
    for u in users:
        cats = seobject.translate(selinux.getseuserbyname(u)[2])
        cats = cats.split("-")
        if len(cats) > 1 and cats[1] != "s0":
            print("%s: %s" % (u, cats[1]))
        else:
            print("%s: %s" % (u, cats[0]))


def error(msg):
    print("%s: %s" % (sys.argv[0], msg))
    sys.exit(1)

if __name__ == '__main__':
    if selinux.is_selinux_mls_enabled() != 1:
        error("Requires a mls enabled system")

    if selinux.is_selinux_enabled() != 1:
        error("Requires an SELinux enabled system")

    delete_ind = 0
    list_ind = 0
    login_ind = 0
    try:
        gopts, cmds = getopt.getopt(sys.argv[1:],
                                    'dhlL',
                                    ['list',
                                     'login',
                                     'help',
                                     'delete'])

        for o, a in gopts:
            if o == "-h" or o == "--help":
                usage()
            if o == "-d" or o == "--delete":
                delete_ind = 1
            if o == "-L" or o == "--list":
                list_ind = 1
            if o == "-l" or o == "--login":
                login_ind = 1

        if list_ind == 0 and len(cmds) < 1:
            usage()

    except getopt.error as error:
        errorExit(_("Options Error %s ") % error.msg)

    except ValueError as e:
        usage()

    if delete_ind:
        sys.exit(chcat_replace(["s0"], cmds, login_ind))

    if list_ind:
        if login_ind:
            sys.exit(listusercats(cmds))
        else:
            if len(cmds) > 0:
                usage()
            sys.exit(listcats())

    if len(cmds) < 2:
        usage()

    set_ind = 0
    cats = cmds[0].split(",")
    mod_ind = 0
    errors = 0
    objects = cmds[1:]
    try:
        if check_replace(cats):
            errors = chcat_replace(translate(cats), objects, login_ind)
        else:
            for c in cats:
                l = []
                l.append(c[1:])
                if len(c) > 0 and c[0] == "+":
                    errors += chcat_add(c[1:], translate(l), objects, login_ind)
                    continue
                if len(c) > 0 and c[0] == "-":
                    errors += chcat_remove(c[1:], translate(l), objects, login_ind)
                    continue
    except ValueError as e:
        error(e)
    except OSError as e:
        error(e)

    sys.exit(errors)

Youez - 2016 - github.com/yon3zu
LinuXploit