def decryptpath(encryptedpath, keyfile):
servicename = 'decrypt'
fh = open(encryptedpath, 'rb+')
encrypteddata = fh.read()[:-32]
fh.seek(-32, 2)
iv = fh.read(32)
fh.close()
mypath = "/bin:/usr/bin:/usr/local/bin:"
myldlibrarypath = "/lib"
myenv = {"PATH": mypath, "LD_LIBRARY_PATH": myldlibrarypath}
procargs = [
'openssl', 'enc', '-d', '-aes-256-cbc', '-z', '-kfile', keyfile, '-iv',
iv
]
sslprocess = subprocess.Popen(procargs,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
stdin=subprocess.PIPE,
shell=False,
env=myenv)
out, err = sslprocess.communicate(input=encrypteddata)
if len(err) > 0:
for line in out.split("\n"):
userio.message(servicename, " stdout: " + line)
for line in err.split("\n"):
userio.message(servicename, " stderr: " + line)
userio.messageanddie("Fatal openssl decryption error")
return (out)
def set_ids():
if showchange:
userio.message("Changing GID to " + str(newgid))
os.setgid(newgid)
if showchange:
userio.message("Changing group memberships to " + str(grouplist))
os.setgroups(grouplist)
if showchange:
userio.message("Changing user to " + user)
os.setuid(newuid)
def dosqlplus(sid, sqlcommands, **kwargs):
import orautils
passkwargs = {
'bufsize': 1,
'stdin': subprocess.PIPE,
'stdout': subprocess.PIPE,
'stderr': subprocess.PIPE,
'shell': False
}
commandblock = 'set echo off;\nset feedback off;\nset heading off;\nset pagesize 0;\nset linesize 500;\n'
if 'quiet' in kwargs.keys() and kwargs['quiet'] is False:
commandblock = ''
if 'home' in kwargs.keys():
oraclehome = kwargs['home']
else:
oraclehome = orautils.getoraclehome(sid)
if oraclehome is None:
return ({
'RESULT': 1,
'STDOUT': [],
'STDERR': ['Unable to get ORACLE_HOME for ' + sid]
})
if 'base' in kwargs.keys():
oraclebase = kwargs['base']
else:
oraclebase = orautils.getoraclebase(oraclehome)
if oraclebase is None:
return ({
'RESULT': 1,
'STDOUT': [],
'STDERR': ['Unable to get ORACLE_HOME for ' + sid]
})
if 'user' in kwargs.keys():
useraccount = kwargs['user']
try:
checkuid = pwd.getpwnam(kwargs['user']).pw_uid
except:
return ({
'RESULT': 1,
'STDOUT': [],
'STDERR': ['Unknown user: '******'user']]
})
else:
useraccount = orautils.getoracleuser(oraclehome)
if useraccount is None:
return ({
'RESULT': 1,
'STDOUT': [],
'STDERR': ['Unable to get Oracle user for ' + oraclehome]
})
else:
checkuid = pwd.getpwnam(useraccount).pw_uid
if not checkuid == os.geteuid():
if os.geteuid() == 0:
passkwargs['preexec_fn'] = changeuser(useraccount,
showchange=False)
else:
return ({
'RESULT': 1,
'STDOUT': [],
'STDERR': ['Only root can run sqlplus as alternate user']
})
if 'printstdout' in kwargs.keys():
printstdout = kwargs['printstdout']
else:
printstdout = False
if type(sqlcommands) is list:
for line in sqlcommands:
commandblock = commandblock + line + "\n"
else:
commandblock = commandblock + sqlcommands + "\n"
if not (commandblock[-5:-1]).lower() == 'exit;':
commandblock = commandblock + "exit;\n"
stdout = []
stderr = []
returnhash = {}
returnhash['ERRORFLAG'] = 0
mypath = "/bin:/usr/bin:/usr/local/bin:" + oraclehome + "/bin"
myldlibrarypath = oraclehome + "/lib"
myenv = {
"PATH": mypath,
"LD_LIBRARY_PATH": myldlibrarypath,
"ORACLE_HOME": oraclehome,
"ORACLE_SID": sid,
"ORACLE_BASE": oraclebase
}
passkwargs['env'] = myenv
sqlpluscmd = subprocess.Popen(['sqlplus', '-S', '/', 'as', 'sysdba'],
**passkwargs)
if printstdout:
sqlpluscmd.stdin.write(commandblock)
while sqlpluscmd.poll() is None:
nextline = sqlpluscmd.stdout.readline()
nextline = nextline.rstrip()
if len(nextline) > 0:
userio.message(nextline)
stdout.append(nextline)
remainder = sqlpluscmd.stdout.readlines()
for nextline in remainder:
if len(nextline) > 0:
userio.message(nextline)
stdout.append(nextline)
stderr = sqlpluscmd.stderr.readlines()
else:
#Conversion of string to memoryblock added as part of upgrade
#from python 2 to 3, chad m
commandblock = commandblock.encode('utf-8')
cmdout, cmderr = sqlpluscmd.communicate(commandblock)
#Conversion of memoryblock to string added as part of upgrade
#from python 2 to 3, chad m
cmdout = cmdout.decode()
cmderr = cmderr.decode()
lines = cmdout.splitlines()
for line in lines:
if len(line) > 0:
stdout.append(line)
lines = cmderr.splitlines()
for line in lines:
if line(line) > 0:
stderr.append(line)
for line in stdout:
if line[:5] == 'ERROR':
returnhash['ERRORFLAG'] = 1
returnhash['STDOUT'] = stdout
returnhash['STDERR'] = stderr
returnhash['RESULT'] = sqlpluscmd.returncode
return (returnhash)
def forcemkdir(path, **kwargs):
quiet = True
if 'quiet' in kwargs.keys():
quiet = kwargs['quiet']
if not os.path.exists(path):
if not quiet:
userio.message("Creating directory: " + path)
try:
os.makedirs(path)
except Exception as e:
if not quiet:
userio.message("Unable to create directory: ")
userio.message(str(e))
return (False)
else:
if not quiet:
userio.message("Directory already exists: " + path)
if 'user' in kwargs.keys():
if kwargs['user'] is None:
if not quiet:
userio.message("User passed was 'None'")
return (False)
if not quiet:
userio.message("Setting user ownership of " + path + " to " +
kwargs['user'])
try:
newuid = pwd.getpwnam(kwargs['user']).pw_uid
except Exception as e:
if not quiet:
userio.message("Unknown user: "******"Unable to set user of " + path + " to " +
kwargs['user'])
userio.message(str(e))
return (False)
if 'group' in kwargs.keys():
if kwargs['group'] is None:
if not quiet:
userio.message("Group passed was 'None'")
return (False)
if not quiet:
userio.message("Setting group ownership of " + path + " to " +
kwargs['group'])
try:
newgid = grp.getgrnam(kwargs['group']).gr_gid
except Exception as e:
if not quiet:
userio.message("Unknown group: " + kwargs['group'])
userio.message(str(e))
return (False)
try:
os.chown(path, -1, newgid)
except Exception as e:
if not quiet:
userio.message("Unable to set group of " + path + " to " +
kwargs['group'])
userio.message(str(e))
return (False)
if 'mode' in kwargs.keys():
try:
octalmode = int(str(kwargs['mode']), 8)
except Exception as e:
if not quiet:
userio.message("Invalid mode: " + str(kwargs['mode']))
userio.message(str(e))
return (False)
return (False)
if not quiet:
userio.message("Setting mode of " + path + " to " +
str(kwargs['mode']))
try:
os.chmod(path, octalmode)
except Exception as e:
if not quiet:
userio.message("Unable to set mode of " + path + " to " +
str(kwargs['mode']))
userio.message(str(e))
return (False)
return (True)
def checkfileprotection(filepath):
servicename = 'checkfileprotection'
returncode = 1
try:
tempfilehandle = open(filepath, 'r')
userio.message(servicename, "Found file at " + filepath)
except Exception as e:
userio.message(servicename,
"Failed to open " + filepath + " for reading")
userio.message(str(e))
return (0)
if os.stat(filepath).st_uid == 0:
userio.message(servicename, "File " + filepath + " is owned by root")
else:
userio.message(servicename, "File " + filepath + " not owned by root")
return (0)
mask = oct(os.stat(filepath).st_mode & 0777)
if mask == '0600':
userio.message(servicename,
"File " + filepath + " has permissions 0600")
else:
userio.message(servicename, "File " + filepath + " is not secure")
return (0)
return (returncode)
def doprocess(command, **kwargs):
passkwargs = {'bufsize': 1,
'stdin': subprocess.PIPE,
'stdout': subprocess.PIPE,
'stderr': subprocess.PIPE,
'shell': False}
OAmmandblock = ''
cmdargs = []
printstdout = False
retryable = False
showchange = False
tryagain = True
stdin = None
trapsignals = False
noparse = False
returndict = {}
mypath = "/bin:/usr/bin:/usr/local/bin"
myldlibrarypath = "/lib"
myenv = {"PATH": mypath, "LD_LIBRARY_PATH": myldlibrarypath}
mylist = command.split(' ')
debug = False
for item in mylist:
cmdargs.append(item)
if 'debug' in kwargs.keys():
debug = kwargs['debug']
if 'noparse' in kwargs.keys():
noparse = kwargs['noparse']
if 'env' in kwargs.keys():
for key in kwargs['env'].keys():
if key in myenv.keys():
myenv[key] = myenv[key]+":"+kwargs['env'][key]
else:
myenv[key] = kwargs['env'][key]
passkwargs['env'] = myenv
if 'user' in kwargs.keys():
useraccount = kwargs['user']
if 'showchange' in kwargs.keys():
passkwargs['preexec_fn'] = changeuser(useraccount, showchange=kwargs['showchange'])
else:
passkwargs['preexec_fn'] = changeuser(useraccount, showchange=False)
if 'printstdout' in kwargs.keys():
printstdout = kwargs['printstdout']
if 'retry' in kwargs.keys():
retryable = kwargs['retry']
if 'input' in kwargs.keys():
if type(kwargs['input']) is str:
stdin = kwargs['input']
stdin = stdin + "\n"
elif type(kwargs['input']) is list:
stdin = ''
for line in kwargs['input']:
stdin = stdin + line
if not stdin[-1] == "\n":
stdin = stdin + "\n"
if 'cwd' in kwargs.keys():
passkwargs['cwd'] = kwargs['cwd']
if 'trapsignals' in kwargs.keys():
signal.signal(signal.SIGINT, signal2exit)
while tryagain:
tryagain = False
stdout = []
stderr = []
resultcode = None
try:
cmd = subprocess.Popen(cmdargs, **passkwargs)
except Exception:
resultcode = 1
if resultcode is None:
if printstdout:
if stdin is not None:
cmd.stdin.write(stdin)
while cmd.poll() is None:
nextline = cmd.stdout.readline().rstrip()
if len(nextline) > 0:
userio.message(nextline)
stdout.append(nextline)
remainder = cmd.stdout.readlines()
for nextline in remainder:
if len(nextline) > 0:
userio.message(nextline)
stdout.append(nextline)
stderr = cmd.stderr.readlines()
else:
if stdin is not None:
cmdout, cmderr = cmd.communicate(stdin)
else:
cmdout, cmderr = cmd.communicate()
if noparse:
stdout = cmdout
stderr = cmderr
else:
lines = cmdout.splitlines()
for line in lines:
if len(line) > 0:
stdout.append(line)
lines = cmderr.splitlines()
for line in lines:
if len(line) > 0:
stderr.append(line)
resultcode = cmd.returncode
if retryable and resultcode > 0:
userio.warn("Errors encountered during '" + command + "'")
for line in stdout:
userio.message("STDOUT: " + line)
for line in stderr:
userio.message("STDERR: " + line)
tryagain = userio.yesno("Retry?")
if debug:
for line in stdout:
userio.message("STDOUT-->" + line)
for line in stderr:
userio.message("STDERR-->" + line)
returndict['STDOUT'] = stdout
returndict['STDERR'] = stderr
returndict['RESULT'] = resultcode
return(returndict)
