Example #1
0
def _identify_user(request_handler):
    user_id = request_handler.application.identification.identify(request_handler)

    if user_id is None:
        raise Exception('Could not identify user: ' + audit_utils.get_all_audit_names(request_handler))

    return user_id
Example #2
0
    def identify(self, request_handler):
        remote_ip = request_handler.request.remote_ip
        new_trusted = remote_ip in self._trusted_ips

        if new_trusted:
            if request_handler.get_cookie(self.COOKIE_KEY):
                request_handler.clear_cookie(self.COOKIE_KEY)
            return self._resolve_ip(request_handler)

        (client_id, days_remaining) = self._read_client_token(request_handler)
        if client_id:
            if days_remaining < (self.EXPIRES_DAYS - 2):
                if self._can_write(request_handler):
                    self._write_client_token(client_id, request_handler)

            return client_id

        if not self._can_write(request_handler):
            raise Exception('Cannot generate ID, because request_handler is not writable')

        ip = self._resolve_ip(request_handler)
        new_id = ip + '-' + uuid.uuid4().hex[:16]

        LOGGER.info('Assigned user_id=%s to %s' % (new_id, str(audit_utils.get_all_audit_names(request_handler))))
        self._write_client_token(new_id, request_handler)

        return new_id
Example #3
0
    def identify(self, request_handler):
        remote_ip = request_handler.request.remote_ip
        new_trusted = remote_ip in self._trusted_ips

        if new_trusted:
            if request_handler.get_cookie(self.COOKIE_KEY):
                request_handler.clear_cookie(self.COOKIE_KEY)
            if self._user_header_name:
                user_header = request_handler.request.headers.get(
                    self._user_header_name, None)
                if user_header:
                    return user_header
            return self._resolve_ip(request_handler)

        (client_id, days_remaining) = self._read_client_token(request_handler)
        if client_id:
            if days_remaining < (self.EXPIRES_DAYS - 2):
                if self._can_write(request_handler):
                    self._write_client_token(client_id, request_handler)

            return client_id

        if not self._can_write(request_handler):
            raise Exception(
                'Cannot generate ID, because request_handler is not writable')

        ip = self._resolve_ip(request_handler)
        new_id = ip + '-' + uuid.uuid4().hex[:16]

        LOGGER.info(
            'Assigned user_id=%s to %s' %
            (new_id, str(audit_utils.get_all_audit_names(request_handler))))
        self._write_client_token(new_id, request_handler)

        return new_id
Example #4
0
def _identify_user(request_handler):
    user_id = request_handler.application.identification.identify(request_handler)

    if user_id is None:
        raise Exception('Could not identify user: ' + audit_utils.get_all_audit_names(request_handler))

    return user_id
Example #5
0
    def wrapper(self, *args, **kwargs):
        user_id = _identify_user(self)
        audit_names = audit_utils.get_all_audit_names(self)

        user = User(user_id, audit_names)

        new_args = chain([user], args)
        return func(self, *new_args, **kwargs)
Example #6
0
    def wrapper(self, *args, **kwargs):
        user_id = _identify_user(self)
        audit_names = audit_utils.get_all_audit_names(self)

        user = User(user_id, audit_names)

        new_args = chain([user], args)
        return func(self, *new_args, **kwargs)
Example #7
0
def has_admin_rights(request_handler):
    names = get_all_audit_names(request_handler)
    if AUTH_USERNAME in names:
        username = names[audit_utils.AUTH_USERNAME]
    else:
        username = names.get(audit_utils.IP)

    if not username:
        LOGGER.warning('has_admin_rights: could not resolve username for %s',
                       get_audit_name_from_request(request_handler))
        return False

    return request_handler.application.authorizer.is_admin(username)
Example #8
0
def get_all_audit_names(request_handler):
    logger = logging.getLogger('tests')
    return audit_utils.get_all_audit_names(request_handler, logger)
def get_all_audit_names(request_handler):
    return audit_utils.get_all_audit_names(request_handler)
Example #10
0
    def post(self):
        script_name = None

        audit_name = get_audit_name(self)

        try:
            arguments = tornado_utils.get_form_arguments(self)
            execution_info = external_model.to_execution_info(arguments)

            script_name = execution_info.script

            config = load_config(script_name)

            if not config:
                message = 'Script with name "' + str(
                    script_name) + '" not found'
                LOGGER.error(message)
                respond_error(self, 400, message)
                return

            file_upload_feature = self.application.file_upload_feature
            if self.request.files:
                for key, value in self.request.files.items():
                    file_info = value[0]
                    file_path = file_upload_feature.save_file(
                        file_info.filename, file_info.body, audit_name)
                    execution_info.param_values[key] = file_path

            valid_parameters = model_helper.validate_parameters(
                execution_info.param_values, config)
            if not valid_parameters:
                message = 'Received invalid parameters'
                LOGGER.error(message)
                respond_error(self, 400, message)
                return

            executor = ScriptExecutor(config, execution_info.param_values,
                                      audit_name)

            audit_command = executor.get_secure_command()
            LOGGER.info('Calling script: ' + audit_command)
            LOGGER.info('User info: ' + str(get_all_audit_names(self)))

            process_id = executor.start()
            running_scripts[process_id] = executor

            self.write(str(process_id))

            secure_output_stream = executor.get_secure_output_stream()

            self.start_script_output_logger(audit_name, script_name,
                                            secure_output_stream)

            alerts_config = self.application.alerts_config
            if alerts_config:
                self.subscribe_fail_alerter(script_name, alerts_config,
                                            audit_name, executor,
                                            secure_output_stream)

        except Exception as e:
            LOGGER.exception("Error while calling the script")

            if hasattr(e, "strerror") and e.strerror:
                error_output = e.strerror
            else:
                error_output = "Unknown error occurred, contact the administrator"

            result = " ---  ERRORS  --- \n"
            result += error_output

            if script_name:
                script = str(script_name)
            else:
                script = "Some script"

            audit_name = audit_name
            send_alerts(
                self.application.alerts_config, script + ' NOT STARTED',
                "Couldn't start the script " + script + ' by ' + audit_name +
                '.\n\n' + result)

            respond_error(self, 500, result)
Example #11
0
    def post(self):
        script_name = None

        audit_name = get_audit_name_from_request(self)

        try:
            arguments = tornado_utils.get_form_arguments(self)
            execution_info = external_model.to_execution_info(arguments)

            script_name = execution_info.script

            config = self.application.config_service.load_config(script_name)

            if not config:
                message = 'Script with name "' + str(script_name) + '" not found'
                LOGGER.error(message)
                respond_error(self, 400, message)
                return

            if not can_access_script(config, self):
                LOGGER.warning('Access to the script "' + script_name + '" is denied for ' + audit_name)
                respond_error(self, 403, 'Access to the script is denied')
                return

            file_upload_feature = self.application.file_upload_feature
            if self.request.files:
                for key, value in self.request.files.items():
                    file_info = value[0]
                    file_path = file_upload_feature.save_file(file_info.filename, file_info.body, audit_name)
                    execution_info.param_values[key] = file_path

            model_helper.prepare_multiselect_values(execution_info.param_values, config.parameters)

            valid_parameters = model_helper.validate_parameters(execution_info.param_values, config)
            if not valid_parameters:
                message = 'Received invalid parameters'
                LOGGER.error(message)
                respond_error(self, 400, message)
                return

            user_id = _identify_user(self)
            all_audit_names = get_all_audit_names(self)
            LOGGER.info('Calling script ' + script_name + '. User ' + str(all_audit_names))

            execution_id = self.application.execution_service.start_script(
                config,
                execution_info.param_values,
                user_id,
                all_audit_names)

            self.write(str(execution_id))

        except Exception as e:
            LOGGER.exception("Error while calling the script")

            if hasattr(e, "strerror") and e.strerror:
                error_output = e.strerror
            else:
                error_output = "Unknown error occurred, contact the administrator"

            result = " ---  ERRORS  --- \n"
            result += error_output

            if script_name:
                script = str(script_name)
            else:
                script = "Some script"

            audit_name = audit_name
            self.application.alerts_service.send_alert(
                script + ' NOT STARTED',
                "Couldn't start the script " + script + ' by ' + audit_name + '.\n\n'
                + result)

            respond_error(self, 500, result)
Example #12
0
def get_all_audit_names(request_handler):
    names = audit_utils.get_all_audit_names(request_handler)
    if 'hostname' in names:
        names['hostname'] = normalize_hostname(names['hostname'])

    return names
Example #13
0
    def post(self, user):
        script_name = None

        audit_name = get_audit_name_from_request(self)

        try:
            arguments = tornado_utils.get_form_arguments(self)
            execution_info = external_model.to_execution_info(arguments)

            script_name = execution_info.script

            config_model = self.application.config_service.create_config_model(
                script_name, user)

            if not config_model:
                message = 'Script with name "' + str(
                    script_name) + '" not found'
                LOGGER.error(message)
                respond_error(self, 400, message)
                return

            parameter_values = execution_info.param_values

            if self.request.files:
                file_upload_feature = self.application.file_upload_feature
                for key, value in self.request.files.items():
                    file_info = value[0]
                    file_path = file_upload_feature.save_file(
                        file_info.filename, file_info.body, audit_name)
                    parameter_values[key] = file_path

            try:
                config_model.set_all_param_values(parameter_values)
                normalized_values = dict(config_model.parameter_values)
            except InvalidValueException as e:
                message = 'Invalid parameter %s value: %s' % (e.param_name,
                                                              str(e))
                LOGGER.error(message)
                respond_error(self, 400, message)
                return

            user_id = _identify_user(self)
            all_audit_names = get_all_audit_names(self)
            LOGGER.info('Calling script ' + script_name + '. User ' +
                        str(all_audit_names))

            execution_id = self.application.execution_service.start_script(
                config_model, normalized_values, user_id, all_audit_names)

            self.write(str(execution_id))

        except ConfigNotAllowedException:
            LOGGER.warning('Access to the script "' + script_name +
                           '" is denied for ' + audit_name)
            respond_error(self, 403, 'Access to the script is denied')
            return

        except Exception as e:
            LOGGER.exception("Error while calling the script")

            if hasattr(e, "strerror") and e.strerror:
                error_output = e.strerror
            else:
                error_output = "Unknown error occurred, contact the administrator"

            result = " ---  ERRORS  --- \n"
            result += error_output

            if script_name:
                script = str(script_name)
            else:
                script = "Some script"

            audit_name = audit_name
            self.application.alerts_service.send_alert(
                script + ' NOT STARTED', "Couldn't start the script " +
                script + ' by ' + audit_name + '.\n\n' + result)

            respond_error(self, 500, result)
Example #14
0
    def post(self):
        script_name = None

        try:
            request_data = self.request.body

            execution_info = external_model.to_execution_info(request_data.decode("UTF-8"))

            script_name = execution_info.script

            config = load_config(script_name)

            if not config:
                respond_error(self, 400, "Script with name '" + str(script_name) + "' not found")
                return

            working_directory = config.get_working_directory()
            if working_directory is not None:
                working_directory = file_utils.normalize_path(working_directory)

            script_logger = logging.getLogger("scriptServer")

            valid_parameters = model_helper.validate_parameters(execution_info.param_values, config)
            if not valid_parameters:
                respond_error(self, 400, 'Received invalid parameters')
                return

            script_base_command = process_utils.split_command(config.get_script_command(), working_directory)

            script_args = build_command_args(execution_info.param_values, config)
            command = script_base_command + script_args

            audit_script_args = build_command_args(
                execution_info.param_values,
                config,
                model_helper.value_to_str)
            audit_command = script_base_command + audit_script_args

            script_logger.info('Calling script: ' + ' '.join(audit_command))
            script_logger.info('User info: ' + str(get_all_audit_names(self, script_logger)))

            run_pty = config.is_requires_terminal()
            if run_pty and not pty_supported:
                script_logger.warning(
                    "Requested PTY mode, but it's not supported for this OS (" + sys.platform + "). Falling back to POpen")
                run_pty = False

            if run_pty:
                self.process_wrapper = execution_pty.PtyProcessWrapper(command,
                                                                       config.get_name(),
                                                                       working_directory,
                                                                       config,
                                                                       execution_info)
            else:
                self.process_wrapper = execution_popen.POpenProcessWrapper(command,
                                                                           config.get_name(),
                                                                           working_directory,
                                                                           config,
                                                                           execution_info)
            self.process_wrapper.start()

            process_id = self.process_wrapper.get_process_id()

            running_scripts[process_id] = self.process_wrapper

            self.write(str(process_id))

            alerts_config = self.application.alerts_config
            if alerts_config:
                self.subscribe_fail_alerter(script_name, script_logger, alerts_config)


        except Exception as e:
            script_logger = logging.getLogger("scriptServer")
            script_logger.exception("Error while calling the script")

            if hasattr(e, "strerror") and e.strerror:
                error_output = e.strerror
            else:
                error_output = "Unknown error occurred, contact the administrator"

            result = " ---  ERRORS  --- \n"
            result += error_output

            if script_name:
                script = str(script_name)
            else:
                script = "Some script"

            audit_name = get_audit_name(self, script_logger)
            send_alerts(self.application.alerts_config, script + ' NOT STARTED',
                        "Couldn't start the script " + script + ' by ' + audit_name + '.\n\n' +
                        result)

            respond_error(self, 500, result)
Example #15
0
def get_user(request_handler):
    user_id = identify_user(request_handler)
    audit_names = audit_utils.get_all_audit_names(request_handler)

    return User(user_id, audit_names)
Example #16
0
def get_all_audit_names(request_handler):
    names = audit_utils.get_all_audit_names(request_handler)
    if 'hostname' in names:
        names['hostname'] = normalize_hostname(names['hostname'])

    return names