Example #1
0
def logProtectedCall(result, path, args, user, allowed=True):
    """This should be called when a protected call was attempted,
       successful or not. It logs the attempt and its results in the
       audit_trail database. This audit trail can be used for several things-
       listing recently updated metadata (perhaps for a 'whats new?' page)
       or detecting and recovering from malicious use of keys.
       """
    # Store the first argument separately so we can relatively efficiently search for it
    if args:
        main_param = str(args[0])
    else:
        main_param = None

    # Get the user's UID. If it hasn't even been looked up successfully,
    # this is just a failed operation on a nonexistent user and it's not worth logging.
    uid = user.getCachedUid()
    if uid is None:
        return

    Database.pool.runOperation(
        "INSERT INTO audit_trail (timestamp, uid, action_domain, action_name,"
        " main_param, params, allowed, results)"
        " VALUES(%d, %d, 'protected_call', %s, %s, '%s', %d, '%s')" % (
        time.time(),
        uid,
        Database.quote(".".join(path), 'text'),
        Database.quote(main_param, 'text'),
        Database.quoteBlob(cPickle.dumps(args)),
        allowed,
        Database.quoteBlob(cPickle.dumps(result))))
    return result
Example #2
0
 def _grant(self, cursor, *capabilities):
     uid = self._getUid(cursor)
     for capability in capabilities:
         rep = repr(capability)
         print rep
         cursor.execute("INSERT IGNORE INTO capabilities (uid, cap_md5, cap_repr)"
                        " VALUES(%d, %s, %s)" % (
             uid,
             Database.quote(hashlib.md5(rep).hexdigest(), 'char'),
             Database.quote(rep, 'text')))
Example #3
0
 def _createUser(self, cursor):
     """Create a new user, optionally setting the given parameters.
        Returns the new user ID.
        """
     log.msg("Creating new user %r" % self._full_name)
     self.newUser = True
     cursor.execute("INSERT INTO users (secret_key, creation_time, full_name, email, login_name) "
                    "VALUES (%s, %d, %s, %s, %s)" % (
         Database.quote(createRandomKey(), 'varchar'),
         time.time(),
         Database.quote(self._full_name, 'text'),
         Database.quote(self._email, 'text'),
         Database.quote(self._login_name, 'varchar')))
     cursor.execute("SELECT LAST_INSERT_ID()")
     return int(cursor.fetchone()[0])
Example #4
0
 def _getUidFromEmail(self, cursor, name):
     """Find a user by email address"""
     cursor.execute("SELECT uid FROM users WHERE email = %s" %
                    Database.quote(name, 'text'))
     row = cursor.fetchone()
     if row:
         return int(row[0])
     else:
         raise NoSuchUser("No such email address: %r" % name)
Example #5
0
 def _getUidFromLoginName(self, cursor, name):
     """Find a user by login name"""
     cursor.execute("SELECT uid FROM users WHERE login_name = %s" %
                    Database.quote(name, 'text'))
     row = cursor.fetchone()
     if row:
         return int(row[0])
     else:
         raise NoSuchUser("No such login name: %r" % name)
Example #6
0
 def _getUidFromKey(self, cursor, key):
     """Find a user by their key"""
     cursor.execute("SELECT uid FROM users WHERE secret_key = %s" %
                    Database.quote(key.strip(), 'varchar'))
     row = cursor.fetchone()
     if row:
         return int(row[0])
     else:
         raise NoSuchUser("No user found matching the given key")
Example #7
0
 def _getUidFromFullName(self, cursor, name):
     """Find a user by full name"""
     if name is None:
         cursor.execute("SELECT uid FROM users WHERE full_name is NULL")
     else:
         cursor.execute("SELECT uid FROM users WHERE full_name = %s" %
                        Database.quote(name, 'text'))
     row = cursor.fetchone()
     if row:
         return int(row[0])
     else:
         raise NoSuchUser("No such name: %r" % name)
Example #8
0
 def _createTestQuery(self, uid, capabilities):
     """Create an SQL query that returns something nonzero if a uid matches any of
        a list of capabilities. If the capabilities list is empty, this creates a
        query that always has a nonzero result.
        """
     if capabilities:
         return "SELECT 1 FROM capabilities WHERE uid = %d AND (%s) LIMIT 1" % (
             uid,
             " OR ".join(["cap_md5 = " + Database.quote(hashlib.md5(repr(c)).hexdigest(),
                                                        'char') for c in capabilities]),
             )
     else:
         return "SELECT 1"
Example #9
0
    def dbStore(self, ruleset):
        """Store a ruleset persistently in our SQL database"""

        # Delete the old ruleset, if there was one
        result = defer.Deferred()
        d = Database.pool.runOperation("DELETE FROM rulesets WHERE uri = %s" % Database.quote(ruleset.uri, 'text'))

        # If we need to insert a new ruleset, do that after the delete finishes
        if ruleset.isEmpty():
            d.addCallback(result.callback)
        else:
            d.addCallback(self._insertRuleset, result, ruleset)
        d.addErrback(result.errback)
        return result
Example #10
0
# place, note the ID of the last converted message and add
# a "WHERE id > foo" clause to the stats_messages query.
#
# -- Micah Dowty
#

import os

import sys
from cia.LibCIA import XML, Database


sys.path[0] = os.path.join(sys.path[0], "..")
from cia.LibCIA.Stats.Target import StatsTarget

Database.init(serverCursor=True)
cursor = Database.pool.connect().cursor()

# Make sure we're starting with version 3
cursor.execute("SELECT value FROM meta WHERE name = 'version'")
if cursor.fetchall()[0][0] != "6":
    raise Exception("This script must only be run on version 6 databases")

# To avoid spending all our time reading buffer headers, cache frequently used targets
targetCache = {}
targetHits = {}
targetCacheMax = 128

rowsProcessed = 0
prevId = 0
Example #11
0
"""

import os
import re
import xmlrpclib
import shutil

import sys
import time
from cia.tools import RandomMessage


sys.path[0] = os.path.join(sys.path[0], "..")
from cia.LibCIA import Database

Database.init({"db": None})
dbcursor = Database.pool.connect().cursor()


def readStatements(filename):
    """Return a sequence of SQL statements from the given file"""
    lines = []
    for line in open(filename).xreadlines():
        line = line.strip()
        if not line.startswith("--"):
            lines.append(line)
    fulltext = " ".join(lines)
    for statement in fulltext.split(";"):
        statement = statement.strip()
        if statement:
            yield statement
Example #12
0
 def _insertRuleset(self, none, result, ruleset):
     """Callback used by store() to insert a new or modified ruleset into the SQL database"""
     d = Database.pool.runOperation("INSERT INTO rulesets (uri, xml) values(%s, %s)" % (
         Database.quote(ruleset.uri, 'text'), Database.quote(ruleset.get_source(), 'text')))
     d.addCallback(result.callback)
     d.addErrback(result.errback)
Example #13
0
# Back up your database before running this, as failure to
# finish could cause all security data to be lost!
#
# -- Micah Dowty
#

import os
import md5

import sys
import time

sys.path[0] = os.path.join(sys.path[0], "..")
from cia.LibCIA import Database

Database.init()
cursor = Database.pool.connect().cursor()

# Make sure we're starting with version 3
cursor.execute("SELECT value FROM meta WHERE name = 'version'")
if cursor.fetchone()[0] != "3":
    raise Exception("This script must only be run on version 3 databases")

# Read in all security data from the old capabilities table...
# Each key gets a list of capabilities, but only one owner.
cursor.execute("SELECT * FROM capabilities")
key_owner = {}
key_ownerMail = {}
key_capabilities = {}
while True:
    row = cursor.fetchone()