403Webshell
Server IP : 103.119.228.120  /  Your IP : 18.191.97.229
Web Server : Apache
System : Linux v8.techscape8.com 3.10.0-1160.119.1.el7.tuxcare.els2.x86_64 #1 SMP Mon Jul 15 12:09:18 UTC 2024 x86_64
User : nobody ( 99)
PHP Version : 5.6.40
Disable Function : shell_exec,symlink,system,exec,proc_get_status,proc_nice,proc_terminate,define_syslog_variables,syslog,openlog,closelog,escapeshellcmd,passthru,ocinum cols,ini_alter,leak,listen,chgrp,apache_note,apache_setenv,debugger_on,debugger_off,ftp_exec,dl,dll,myshellexec,proc_open,socket_bind,proc_close,escapeshellarg,parse_ini_filepopen,fpassthru,exec,passthru,escapeshellarg,escapeshellcmd,proc_close,proc_open,ini_alter,popen,show_source,proc_nice,proc_terminate,proc_get_status,proc_close,pfsockopen,leak,apache_child_terminate,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,dl,symlink,shell_exec,system,dl,passthru,escapeshellarg,escapeshellcmd,myshellexec,c99_buff_prepare,c99_sess_put,fpassthru,getdisfunc,fx29exec,fx29exec2,is_windows,disp_freespace,fx29sh_getupdate,fx29_buff_prepare,fx29_sess_put,fx29shexit,fx29fsearch,fx29ftpbrutecheck,fx29sh_tools,fx29sh_about,milw0rm,imagez,sh_name,myshellexec,checkproxyhost,dosyayicek,c99_buff_prepare,c99_sess_put,c99getsource,c99sh_getupdate,c99fsearch,c99shexit,view_perms,posix_getpwuid,posix_getgrgid,posix_kill,parse_perms,parsesort,view_perms_color,set_encoder_input,ls_setcheckboxall,ls_reverse_all,rsg_read,rsg_glob,selfURL,dispsecinfo,unix2DosTime,addFile,system,get_users,view_size,DirFiles,DirFilesWide,DirPrintHTMLHeaders,GetFilesTotal,GetTitles,GetTimeTotal,GetMatchesCount,GetFileMatchesCount,GetResultFiles,fs_copy_dir,fs_copy_obj,fs_move_dir,fs_move_obj,fs_rmdir,SearchText,getmicrotime
MySQL : ON |  cURL : ON |  WGET : ON |  Perl : ON |  Python : ON |  Sudo : ON |  Pkexec : ON
Directory :  /usr/local/ssl/lib64/golang/src/pkg/github.com/selinux/

Upload File :
current_dir [ Writeable] document_root [ Writeable]

 

Command :


[ Back ]     

Current File : /usr/local/ssl/lib64/golang/src/pkg/github.com/selinux/selinux.go
package selinux

/*
 The selinux package is a go bindings to libselinux required to add selinux
 support to docker.

 Author Dan Walsh <dwalsh@redhat.com>

 Used some ideas/code from the go-ini packages https://github.com/vaughan0
 By Vaughan Newton
*/

// #cgo pkg-config: libselinux
// #include <selinux/selinux.h>
// #include <stdlib.h>
import "C"
import (
	"bufio"
	"crypto/rand"
	"encoding/binary"
	"fmt"
	"io"
	"os"
	"path"
	"path/filepath"
	"regexp"
	"strings"
	"unsafe"
)

var (
	assignRegex = regexp.MustCompile(`^([^=]+)=(.*)$`)
	mcsList     = make(map[string]bool)
)

func Matchpathcon(path string, mode os.FileMode) (string, error) {
	var con C.security_context_t
	var scon string
	rc, err := C.matchpathcon(C.CString(path), C.mode_t(mode), &con)
	if rc == 0 {
		scon = C.GoString(con)
		C.free(unsafe.Pointer(con))
	}
	return scon, err
}

func Setfilecon(path, scon string) (int, error) {
	rc, err := C.lsetfilecon(C.CString(path), C.CString(scon))
	return int(rc), err
}

func Getfilecon(path string) (string, error) {
	var scon C.security_context_t
	var fcon string
	rc, err := C.lgetfilecon(C.CString(path), &scon)
	if rc >= 0 {
		fcon = C.GoString(scon)
		err = nil
	}
	return fcon, err
}

func Setfscreatecon(scon string) (int, error) {
	var (
		rc  C.int
		err error
	)
	if scon != "" {
		rc, err = C.setfscreatecon(C.CString(scon))
	} else {
		rc, err = C.setfscreatecon(nil)
	}
	return int(rc), err
}

func Getfscreatecon() (string, error) {
	var scon C.security_context_t
	var fcon string
	rc, err := C.getfscreatecon(&scon)
	if rc >= 0 {
		fcon = C.GoString(scon)
		err = nil
		C.freecon(scon)
	}
	return fcon, err
}

func Getcon() string {
	var pcon C.security_context_t
	C.getcon(&pcon)
	scon := C.GoString(pcon)
	C.freecon(pcon)
	return scon
}

func Getpidcon(pid int) (string, error) {
	var pcon C.security_context_t
	var scon string
	rc, err := C.getpidcon(C.pid_t(pid), &pcon)
	if rc >= 0 {
		scon = C.GoString(pcon)
		C.freecon(pcon)
		err = nil
	}
	return scon, err
}

func Getpeercon(socket int) (string, error) {
	var pcon C.security_context_t
	var scon string
	rc, err := C.getpeercon(C.int(socket), &pcon)
	if rc >= 0 {
		scon = C.GoString(pcon)
		C.freecon(pcon)
		err = nil
	}
	return scon, err
}

func Setexeccon(scon string) error {
	var val *C.char
	if !SelinuxEnabled() {
		return nil
	}
	if scon != "" {
		val = C.CString(scon)
	} else {
		val = nil
	}
	_, err := C.setexeccon(val)
	return err
}

type Context struct {
	con []string
}

func (c *Context) SetUser(user string) {
	c.con[0] = user
}
func (c *Context) GetUser() string {
	return c.con[0]
}
func (c *Context) SetRole(role string) {
	c.con[1] = role
}
func (c *Context) GetRole() string {
	return c.con[1]
}
func (c *Context) SetType(setype string) {
	c.con[2] = setype
}
func (c *Context) GetType() string {
	return c.con[2]
}
func (c *Context) SetLevel(mls string) {
	c.con[3] = mls
}
func (c *Context) GetLevel() string {
	return c.con[3]
}
func (c *Context) Get() string {
	return strings.Join(c.con, ":")
}
func (c *Context) Set(scon string) {
	c.con = strings.SplitN(scon, ":", 4)
}
func NewContext(scon string) Context {
	var con Context
	con.Set(scon)
	return con
}

func SelinuxEnabled() bool {
	b := C.is_selinux_enabled()
	if b > 0 {
		return true
	}
	return false
}

const (
	Enforcing  = 1
	Permissive = 0
	Disabled   = -1
)

func SelinuxGetEnforce() int {
	return int(C.security_getenforce())
}

func SelinuxGetEnforceMode() int {
	var enforce C.int
	C.selinux_getenforcemode(&enforce)
	return int(enforce)
}

func mcsAdd(mcs string) {
	mcsList[mcs] = true
}

func mcsDelete(mcs string) {
	mcsList[mcs] = false
}

func mcsExists(mcs string) bool {
	return mcsList[mcs]
}

func IntToMcs(id int, catRange uint32) string {
	if (id < 1) || (id > 523776) {
		return ""
	}

	SETSIZE := int(catRange)
	TIER := SETSIZE

	ORD := id
	for ORD > TIER {
		ORD = ORD - TIER
		TIER -= 1
	}
	TIER = SETSIZE - TIER
	ORD = ORD + TIER
	return fmt.Sprintf("s0:c%d,c%d", TIER, ORD)
}

func uniqMcs(catRange uint32) string {
	var n uint32
	var c1, c2 uint32
	var mcs string
	for {
		binary.Read(rand.Reader, binary.LittleEndian, &n)
		c1 = n % catRange
		binary.Read(rand.Reader, binary.LittleEndian, &n)
		c2 = n % catRange
		if c1 == c2 {
			continue
		} else {
			if c1 > c2 {
				t := c1
				c1 = c2
				c2 = t
			}
		}
		mcs = fmt.Sprintf("s0:c%d,c%d", c1, c2)
		if mcsExists(mcs) {
			continue
		}
		mcsAdd(mcs)
		break
	}
	return mcs
}
func freeContext(processLabel string) {
	var scon Context
	scon = NewContext(processLabel)
	mcsDelete(scon.GetLevel())
}

func GetLxcContexts() (processLabel string, fileLabel string) {
	var val, key string
	var bufin *bufio.Reader
	if !SelinuxEnabled() {
		return
	}
	lxcPath := C.GoString(C.selinux_lxc_contexts_path())
	fileLabel = "system_u:object_r:svirt_sandbox_file_t:s0"
	processLabel = "system_u:system_r:svirt_lxc_net_t:s0"

	in, err := os.Open(lxcPath)
	if err != nil {
		goto exit
	}

	defer in.Close()
	bufin = bufio.NewReader(in)

	for done := false; !done; {
		var line string
		if line, err = bufin.ReadString('\n'); err != nil {
			if err == io.EOF {
				done = true
			} else {
				goto exit
			}
		}
		line = strings.TrimSpace(line)
		if len(line) == 0 {
			// Skip blank lines
			continue
		}
		if line[0] == ';' || line[0] == '#' {
			// Skip comments
			continue
		}
		if groups := assignRegex.FindStringSubmatch(line); groups != nil {
			key, val = strings.TrimSpace(groups[1]), strings.TrimSpace(groups[2])
			if key == "process" {
				processLabel = strings.Trim(val, "\"")
			}
			if key == "file" {
				fileLabel = strings.Trim(val, "\"")
			}
		}
	}
exit:
	var scon Context
	mcs := IntToMcs(os.Getpid(), 1024)
	scon = NewContext(processLabel)
	scon.SetLevel(mcs)
	processLabel = scon.Get()
	scon = NewContext(fileLabel)
	scon.SetLevel(mcs)
	fileLabel = scon.Get()
	return processLabel, fileLabel
}

func CopyLevel(src, dest string) (string, error) {
	if !SelinuxEnabled() {
		return "", nil
	}
	if src == "" {
		return "", nil
	}
	rc, err := C.security_check_context(C.CString(src))
	if rc != 0 {
		return "", err
	}
	rc, err = C.security_check_context(C.CString(dest))
	if rc != 0 {
		return "", err
	}
	scon := NewContext(src)
	tcon := NewContext(dest)
	tcon.SetLevel(scon.GetLevel())
	return tcon.Get(), nil
}

func RestoreCon(fpath string, recurse bool) error {
	var flabel string
	var err error
	var fs os.FileInfo

	if !SelinuxEnabled() {
		return nil
	}

	if recurse {
		var paths []string
		var err error

		if paths, err = filepath.Glob(path.Join(fpath, "**", "*")); err != nil {
			return fmt.Errorf("Unable to find directory %v: %v", fpath, err)
		}

		for _, fpath := range paths {
			if err = RestoreCon(fpath, false); err != nil {
				return fmt.Errorf("Unable to restore selinux context for %v: %v", fpath, err)
			}
		}
		return nil
	}
	if fs, err = os.Stat(fpath); err != nil {
		return fmt.Errorf("Unable stat %v: %v", fpath, err)
	}

	if flabel, err = Matchpathcon(fpath, fs.Mode()); flabel == "" {
		return fmt.Errorf("Unable to get context for %v: %v", fpath, err)
	}

	if rc, err := Setfilecon(fpath, flabel); rc != 0 {
		return fmt.Errorf("Unable to set selinux context for %v: %v", fpath, err)
	}

	return nil
}

func Test() {
	var plabel, flabel string
	if !SelinuxEnabled() {
		return
	}

	plabel, flabel = GetLxcContexts()
	fmt.Println(plabel)
	fmt.Println(flabel)
	freeContext(plabel)
	plabel, flabel = GetLxcContexts()
	fmt.Println(plabel)
	fmt.Println(flabel)
	freeContext(plabel)
	if SelinuxEnabled() {
		fmt.Println("Enabled")
	} else {
		fmt.Println("Disabled")
	}
	fmt.Println("getenforce ", SelinuxGetEnforce())
	fmt.Println("getenforcemode ", SelinuxGetEnforceMode())
	flabel, _ = Matchpathcon("/home/dwalsh/.emacs", 0)
	fmt.Println(flabel)
	pid := os.Getpid()
	fmt.Printf("PID:%d MCS:%s\n", pid, IntToMcs(pid, 1023))
	fmt.Println(Getcon())
	fmt.Println(Getfilecon("/etc/passwd"))
	fmt.Println(Getpidcon(1))
	Setfscreatecon("unconfined_u:unconfined_r:unconfined_t:s0")
	fmt.Println(Getfscreatecon())
	Setfscreatecon("")
	fmt.Println(Getfscreatecon())
	fmt.Println(Getpidcon(1))
}

Youez - 2016 - github.com/yon3zu
LinuXploit