def testCreateGRRTempFile(self):
fd = tempfiles.CreateGRRTempFile(self.not_exists, suffix=".exe")
self.assertTrue(fd.name.startswith(self.new_temp_file))
self.assertTrue(fd.name.endswith(".exe"))
self.assertTrue(os.path.exists(fd.name))
self._CheckPermissions(fd.name, 0700)
self._CheckPermissions(os.path.dirname(fd.name), 0700)
def WriteBlobToFile(self, request):
"""Writes the blob to a file and returns its path."""
lifetime = 0
# Only set the lifetime thread on the last chunk written.
if not request.more_data:
lifetime = request.time_limit
# Keep the file for at least 5 seconds after execution.
if lifetime > 0:
lifetime += 5
# First chunk truncates the file, later chunks append.
if request.offset == 0:
mode = "w+b"
else:
mode = "r+b"
temp_file = tempfiles.CreateGRRTempFile(filename=request.write_path,
mode=mode)
with temp_file:
path = temp_file.name
temp_file.seek(0, 2)
if temp_file.tell() != request.offset:
raise IOError("Chunks out of order Error.")
# Write the new chunk.
temp_file.write(request.executable.data)
return path
def setUp(self):
super(DeleteGRRTempFiles, self).setUp()
filename = "%s_blah" % config_lib.CONFIG["Client.tempfile_prefix"]
self.tempfile = utils.JoinPath(self.temp_dir, "delete_test", filename)
self.dirname = os.path.dirname(self.tempfile)
os.makedirs(self.dirname)
self.not_tempfile = os.path.join(self.dirname, "notatempfile")
open(self.not_tempfile, "w").write("something")
self.temp_fd = tempfiles.CreateGRRTempFile(self.dirname)
self.temp_fd2 = tempfiles.CreateGRRTempFile(self.dirname)
self.assertTrue(os.path.exists(self.not_tempfile))
self.assertTrue(os.path.exists(self.temp_fd.name))
self.assertTrue(os.path.exists(self.temp_fd2.name))
self.pathspec = rdfvalue.PathSpec(
path=self.dirname, pathtype=rdfvalue.PathSpec.PathType.OS)
def WriteBlobToFile(self, signed_pb, lifetime, suffix=""):
"""Writes the blob to a file and returns its path."""
temp_file = tempfiles.CreateGRRTempFile(suffix=suffix,
lifetime=lifetime)
with temp_file:
path = temp_file.name
temp_file.write(signed_pb.data)
return path
def open(self, directory=None, filename=None, mode="rb"):
result = tempfiles.CreateGRRTempFile(filename=filename, mode=mode)
# The tempfile library created an os path, we pass it through vfs to
# normalize it.
with vfs.VFSOpen(
paths.PathSpec(path=result.name,
pathtype=paths.PathSpec.PathType.OS)) as vfs_fd:
dict_pathspec = vfs_fd.pathspec.ToPrimitiveDict()
self.SendMessage(["file", dict_pathspec])
return result
def Run(self, arg):
"""Does the actual work."""
try:
if self.grr_worker.client.FleetspeakEnabled():
raise ValueError(
"Not supported on Fleetspeak enabled clients.")
except AttributeError:
pass
smart_arg = {
utils.SmartStr(field): value
for field, value in arg.items()
}
disallowed_fields = [
field for field in smart_arg.keys()
if field not in UpdateConfiguration.UPDATABLE_FIELDS
]
if disallowed_fields:
raise ValueError(
"Received an update request for restricted field(s) %s.",
",".join(disallowed_fields))
if platform.system() != "Windows":
# Check config validity before really applying the changes. This isn't
# implemented for our Windows clients though, whose configs are stored in
# the registry, as opposed to in the filesystem.
canary_config = config.CONFIG.CopyConfig()
# Prepare a temporary file we'll write changes to.
with tempfiles.CreateGRRTempFile(mode="w+") as temp_fd:
temp_filename = temp_fd.name
# Write canary_config changes to temp_filename.
canary_config.SetWriteBack(temp_filename)
self._UpdateConfig(smart_arg, canary_config)
try:
# Assert temp_filename is usable by loading it.
canary_config.SetWriteBack(temp_filename)
# Wide exception handling passed here from config_lib.py...
except Exception: # pylint: disable=broad-except
logging.warning("Updated config file %s is not usable.",
temp_filename)
raise
# If temp_filename works, remove it (if not, it's useful for debugging).
os.unlink(temp_filename)
# The changes seem to work, so push them to the real config.
self._UpdateConfig(smart_arg, config.CONFIG)
def setUp(self):
super(DeleteGRRTempFiles, self).setUp()
filename = "%s_blah" % config_lib.CONFIG["Client.tempfile_prefix"]
self.tempfile = utils.JoinPath(self.temp_dir,
"delete_test", filename)
self.dirname = os.path.dirname(self.tempfile)
os.makedirs(self.dirname)
self.tempdir_overrider = test_lib.ConfigOverrider({
"Client.tempdir_roots": [os.path.dirname(self.dirname)],
"Client.grr_tempdir": os.path.basename(self.dirname)})
self.tempdir_overrider.Start()
self.not_tempfile = os.path.join(self.temp_dir, "notatempfile")
open(self.not_tempfile, "w").write("something")
self.temp_fd = tempfiles.CreateGRRTempFile(self.dirname)
self.temp_fd2 = tempfiles.CreateGRRTempFile(self.dirname)
self.assertTrue(os.path.exists(self.not_tempfile))
self.assertTrue(os.path.exists(self.temp_fd.name))
self.assertTrue(os.path.exists(self.temp_fd2.name))
self.pathspec = rdf_paths.PathSpec(
path=self.dirname, pathtype=rdf_paths.PathSpec.PathType.OS)
def testCreateAndDelete(self):
fd = tempfiles.CreateGRRTempFile(filename="process.42.exe", mode="wb")
fd.close()
self.assertTrue(os.path.exists(fd.name))
self.assertTrue(os.path.basename(fd.name) == "process.42.exe")
tempfiles.DeleteGRRTempFile(fd.name)
self.assertFalse(os.path.exists(fd.name))
fd = open(os.path.join(self.temp_dir, "notatmpfile"), "w")
fd.write("something")
fd.close()
self.assertTrue(os.path.exists(fd.name))
self.assertRaises(tempfiles.ErrorNotTempFile,
tempfiles.DeleteGRRTempFile, fd.name)
self.assertTrue(os.path.exists(fd.name))
def testWrongOwnerGetsFixed(self):
def mystat(filename):
stat_info = os.lstat.old_target(filename)
stat_list = list(stat_info)
# Adjust the UID.
stat_list[4] += 1
return posix.stat_result(stat_list)
# Place a malicious file in the temp dir. This needs to be deleted
# before we can use the temp dir.
fd = tempfiles.CreateGRRTempFile(filename="maliciousfile", mode="wb")
fd.close()
self.assertTrue(os.path.exists(fd.name))
with utils.Stubber(os, "lstat", mystat):
fd2 = tempfiles.CreateGRRTempFile(filename="temptemp", mode="wb")
fd2.close()
# Old file is gone.
self.assertFalse(os.path.exists(fd.name))
# Cleanup.
tempfiles.DeleteGRRTempFile(fd2.name)
def Run(self, args):
"""Read from a VFS file and write to a GRRTempFile on disk.
If file writing doesn't complete files won't be cleaned up.
Args:
args: see CopyPathToFile in jobs.proto
"""
self.src_fd = vfs.VFSOpen(args.src_path,
progress_callback=self.Progress)
self.src_fd.Seek(args.offset)
offset = self.src_fd.Tell()
self.length = args.length or (1024**4) # 1 TB
self.written = 0
suffix = ".gz" if args.gzip_output else ""
self.dest_fd = tempfiles.CreateGRRTempFile(directory=args.dest_dir,
lifetime=args.lifetime,
suffix=suffix)
self.dest_file = self.dest_fd.name
with self.dest_fd:
if args.gzip_output:
gzip_fd = gzip.GzipFile(self.dest_file, "wb", 9, self.dest_fd)
# Gzip filehandle needs its own close method called
with gzip_fd:
self._Copy(gzip_fd)
else:
self._Copy(self.dest_fd)
pathspec_out = rdfvalue.PathSpec(
path=self.dest_file, pathtype=rdfvalue.PathSpec.PathType.OS)
self.SendReply(offset=offset,
length=self.written,
src_path=args.src_path,
dest_dir=args.dest_dir,
dest_path=pathspec_out,
gzip_output=args.gzip_output)
def testCreateGRRTempFileWithLifetime(self):
fd = tempfiles.CreateGRRTempFile(self.not_exists, lifetime=0.1)
self.assertTrue(os.path.exists(fd.name))
time.sleep(1)
self.assertFalse(os.path.exists(fd.name))
