def _GetHuntObj(self, hunt_id, token=None):
if data_store.RelationalDBEnabled():
try:
return data_store.REL_DB.ReadHuntObject(str(hunt_id))
except db.UnknownHuntError:
raise api_call_handler_base.ResourceNotFoundError(
"Hunt with id %s could not be found" % hunt_id)
else:
hunt_urn = hunt_id.ToURN()
try:
return aff4.FACTORY.Open(
hunt_urn, aff4_type=implementation.GRRHunt, token=token)
except aff4.InstantiationError:
raise api_call_handler_base.ResourceNotFoundError(
"Hunt with id %s could not be found" % hunt_id)
def Handle(self, args, token=None):
if not args.timestamp:
age = rdfvalue.RDFDatetime.Now()
else:
age = rdfvalue.RDFDatetime(args.timestamp)
api_client = None
if data_store.RelationalDBReadEnabled():
client_id = unicode(args.client_id)
info = data_store.REL_DB.ReadClientFullInfo(client_id)
if info is None:
raise api_call_handler_base.ResourceNotFoundError()
if args.timestamp:
# Assume that a snapshot for this particular timestamp exists.
snapshots = data_store.REL_DB.ReadClientSnapshotHistory(
client_id, timerange=(args.timestamp, args.timestamp))
if snapshots:
info.last_snapshot = snapshots[0]
info.last_startup_info = snapshots[0].startup_info
api_client = ApiClient().InitFromClientInfo(info)
else:
client = aff4.FACTORY.Open(args.client_id.ToClientURN(),
aff4_type=aff4_grr.VFSGRRClient,
age=age,
token=token)
api_client = ApiClient().InitFromAff4Object(client)
UpdateClientsFromFleetspeak([api_client])
return api_client
def _GetHuntObj(self, hunt_id, token=None):
hunt_urn = hunt_id.ToURN()
try:
return aff4.FACTORY.Open(
hunt_urn, aff4_type=implementation.GRRHunt, token=token)
except aff4.InstantiationError:
raise api_call_handler_base.ResourceNotFoundError(
"Hunt with id %s could not be found" % hunt_id)
def Handle(self, args, token=None):
if not args.username:
raise ValueError("username can't be empty.")
try:
data_store.REL_DB.DeleteGRRUser(args.username)
except db.UnknownGRRUserError as e:
raise api_call_handler_base.ResourceNotFoundError(e)
def Handle(self, args, token=None):
if not args.username:
raise ValueError("username can't be empty.")
try:
user = data_store.REL_DB.ReadGRRUser(args.username)
return api_user.ApiGrrUser().InitFromDatabaseObject(user)
except db.UnknownGRRUserError as e:
raise api_call_handler_base.ResourceNotFoundError(e)
def _HandleAff4(self, args, token=None):
user_urn = aff4.ROOT_URN.Add("users").Add(args.username)
try:
fd = aff4.FACTORY.Open(user_urn,
aff4_type=users.GRRUser,
mode="r",
token=token)
return api_user.ApiGrrUser().InitFromAff4Object(fd)
except aff4.InstantiationError:
raise api_call_handler_base.ResourceNotFoundError(
"GRR user with username '%s' could not be found." %
args.username)
def _HandleAff4(self, args, token):
user_urn = aff4.ROOT_URN.Add("users").Add(args.username)
events.Events.PublishEvent("Audit",
rdf_events.AuditEvent(user=token.username,
action="USER_DELETE",
urn=user_urn),
token=token)
if not aff4.FACTORY.ExistsWithType(
user_urn, aff4_type=users.GRRUser, token=token):
raise api_call_handler_base.ResourceNotFoundError(
"GRR user with username '%s' could not be found." %
args.username)
aff4.FACTORY.Delete(user_urn, token=token)
def GetCollectedTimeline(self, args, token=None):
try:
flow = data_store.REL_DB.ReadFlowObject(
str(args.client_id), str(args.flow_id))
except db.UnknownFlowError:
raise api_call_handler_base.ResourceNotFoundError(
"Flow with client id %s and flow id %s could not be found" %
(args.client_id, args.flow_id))
if flow.flow_class_name != timeline.TimelineFlow.__name__:
raise ValueError("Flow '{}' is not a timeline flow".format(flow.flow_id))
# Check for client access if this flow was not scheduled as part of a hunt.
if flow.parent_hunt_id != flow.flow_id:
self.access_checker.CheckClientAccess(token.username, args.client_id)
return self.delegate.GetCollectedTimeline(args, token=token)
def Handle(self, args, context=None):
client_id = str(args.client_id)
info = data_store.REL_DB.ReadClientFullInfo(client_id)
if info is None:
raise api_call_handler_base.ResourceNotFoundError()
if args.timestamp:
# Assume that a snapshot for this particular timestamp exists.
snapshots = data_store.REL_DB.ReadClientSnapshotHistory(
client_id, timerange=(args.timestamp, args.timestamp))
if snapshots:
info.last_snapshot = snapshots[0]
info.last_startup_info = snapshots[0].startup_info
api_client = ApiClient().InitFromClientInfo(info)
UpdateClientsFromFleetspeak([api_client])
return api_client
def GetOsqueryResults(
self,
args: api_osquery.ApiGetOsqueryResultsArgs,
context: Optional[api_call_context.ApiCallContext] = None,
):
try:
flow = data_store.REL_DB.ReadFlowObject(str(args.client_id),
str(args.flow_id))
except db.UnknownFlowError:
raise api_call_handler_base.ResourceNotFoundError(
"Flow with client id %s and flow id %s could not be found" %
(args.client_id, args.flow_id))
if flow.flow_class_name != osquery.OsqueryFlow.__name__:
raise ValueError("Flow '{}' is not an osquery flow".format(
flow.flow_id))
# Check for client access if this flow was not scheduled as part of a hunt.
if flow.parent_hunt_id != flow.flow_id:
self.access_checker.CheckClientAccess(context, args.client_id)
return self.delegate.GetOsqueryResults(args, context=context)
def FailureNotFound(self, args, context=None):
raise api_call_handler_base.ResourceNotFoundError()
def _GetHuntObj(self, hunt_id, token=None):
try:
return data_store.REL_DB.ReadHuntObject(str(hunt_id))
except db.UnknownHuntError:
raise api_call_handler_base.ResourceNotFoundError(
"Hunt with id %s could not be found" % hunt_id)
def _HandleRelational(self, args):
try:
user = data_store.REL_DB.ReadGRRUser(args.username)
return api_user.ApiGrrUser().InitFromDatabaseObject(user)
except db.UnknownGRRUserError as e:
raise api_call_handler_base.ResourceNotFoundError(e)
def _HandleRelational(self, args):
try:
data_store.REL_DB.DeleteGRRUser(args.username)
except db.UnknownGRRUserError as e:
raise api_call_handler_base.ResourceNotFoundError(e)
