Example #1
0
def AddUser(username, password=None, labels=None, token=None):
    """Implementation of the add_user command."""
    if not username:
        raise UserError("Cannot add user: User must have a non-empty name")

    token = data_store.GetDefaultToken(token)
    user_urn = "aff4:/users/%s" % username
    try:
        if aff4.FACTORY.Open(user_urn, users.GRRUser, token=token):
            raise UserError("Cannot add user %s: User already exists." %
                            username)
    except aff4.InstantiationError:
        pass

    fd = aff4.FACTORY.Create(user_urn, users.GRRUser, mode="rw", token=token)
    # Note this accepts blank passwords as valid.
    if password is None:
        password = getpass.getpass(
            prompt="Please enter password for user '%s': " % username)
    fd.SetPassword(password)

    if labels:
        fd.AddLabels(set(labels), owner="GRR")

    fd.Close()

    EPrint("Added user %s." % username)

    events.Events.PublishEvent("Audit",
                               events.AuditEvent(user=token.username,
                                                 action="USER_ADD",
                                                 urn=user_urn),
                               token=token)
Example #2
0
def DeleteUser(username, token=None):
    """Deletes an existing user."""
    if not username:
        raise UserError("User must have a non-empty name")

    token = data_store.GetDefaultToken(token)
    user_urn = "aff4:/users/%s" % username
    try:
        aff4.FACTORY.Open(user_urn, users.GRRUser, token=token)
    except aff4.InstantiationError:
        EPrint("User %s not found." % username)
        return

    aff4.FACTORY.Delete(user_urn, token=token)
    EPrint("User %s has been deleted." % username)

    events.Events.PublishEvent("Audit",
                               events.AuditEvent(user=token.username,
                                                 action="USER_DELETE",
                                                 urn=user_urn),
                               token=token)
Example #3
0
def UpdateUser(username,
               password,
               add_labels=None,
               delete_labels=None,
               token=None):
    """Implementation of the update_user command."""
    if not username:
        raise UserError("User must have a non-empty name")

    token = data_store.GetDefaultToken(token)

    user_urn = "aff4:/users/%s" % username
    try:
        fd = aff4.FACTORY.Open(user_urn, users.GRRUser, mode="rw", token=token)
    except aff4.InstantiationError:
        raise UserError("User %s does not exist." % username)

    # Note this accepts blank passwords as valid.
    if password:
        if not isinstance(password, basestring):
            password = getpass.getpass(
                prompt="Please enter password for user '%s': " % username)
        fd.SetPassword(password)

    # Use sets to dedup input.
    current_labels = set()

    # Build a list of existing labels.
    for label in fd.GetLabels():
        current_labels.add(label.name)

    # Build a list of labels to be added.
    expanded_add_labels = set()
    if add_labels:
        for label in add_labels:
            # Split up any space or comma separated labels in the list.
            labels = label.split(",")
            expanded_add_labels.update(labels)

    # Build a list of labels to be removed.
    expanded_delete_labels = set()
    if delete_labels:
        for label in delete_labels:
            # Split up any space or comma separated labels in the list.
            labels = label.split(",")
            expanded_delete_labels.update(labels)

    # Set subtraction to remove labels being added and deleted at the same time.
    clean_add_labels = expanded_add_labels - expanded_delete_labels
    clean_del_labels = expanded_delete_labels - expanded_add_labels

    # Create final list using difference to only add new labels.
    final_add_labels = clean_add_labels - current_labels

    # Create final list using intersection to only remove existing labels.
    final_del_labels = clean_del_labels & current_labels

    if final_add_labels:
        fd.AddLabels(final_add_labels, owner="GRR")

    if final_del_labels:
        fd.RemoveLabels(final_del_labels, owner="GRR")

    fd.Close()

    EPrint("Updated user %s" % username)

    ShowUser(username, token=token)

    events.Events.PublishEvent("Audit",
                               events.AuditEvent(user=token.username,
                                                 action="USER_UPDATE",
                                                 urn=user_urn),
                               token=token)