def db_update_node(session, tid, user_session, request, language):
"""
Transaction to update the node configuration
:param session: An ORM session
:param tid: A tenant ID
:param user_session: The current user session
:param request: The request data
:param language: the language in which to localize data
:return: Return the serialized configuration for the specified tenant
"""
config = ConfigFactory(session, tid)
enable_escrow = not config.get_val('escrow') and request.get('escrow', False)
disable_escrow = user_session.ek and config.get_val('escrow') and not request.get('escrow', False)
config.update('node', request)
if request['enable_ricochet_panel'] and not request['ricochet_address']:
request['enable_ricochet_panel'] = False
# Validate that IP addresses/ranges we're getting are goo
if 'ip_filter_admin' in request and request['ip_filter_admin_enable'] and request['ip_filter_admin']:
parse_csv_ip_ranges_to_ip_networks(request['ip_filter_admin'])
if 'languages_enabled' in request and 'default_language' in request:
db_update_enabled_languages(session,
tid,
request['languages_enabled'],
request['default_language'])
if language in db_get_languages(session, tid):
ConfigL10NFactory(session, tid).update('node', request, language)
if enable_escrow:
crypto_escrow_prv_key, State.tenant_cache[tid].crypto_escrow_pub_key = GCE.generate_keypair()
user = db_get(session, models.User, models.User.id == user_session.user_id)
user.crypto_escrow_prv_key = Base64Encoder.encode(GCE.asymmetric_encrypt(user.crypto_pub_key, crypto_escrow_prv_key))
if tid == 1:
session.query(models.User).update({'password_change_needed': True}, synchronize_session=False)
else:
session.query(models.User).filter(models.User.tid == tid).update({'password_change_needed': True}, synchronize_session=False)
if disable_escrow:
if tid == 1:
session.query(models.User).update({'crypto_escrow_bkp1_key': ''}, synchronize_session=False)
else:
session.query(models.User).update({'crypto_escrow_bkp2_key': ''}, synchronize_session=False)
session.query(models.User).filter(models.User.tid == tid).update({'crypto_escrow_prv_key': ''}, synchronize_session=False)
config.set_val('crypto_escrow_pub_key', State.tenant_cache[tid].crypto_escrow_pub_key)
db_refresh_memory_variables(session, [tid])
if tid == 1:
log.setloglevel(config.get_val('log_level'))
return db_admin_serialize_node(session, tid, language)
def db_update_node(session, tid, request, language):
"""
Update and serialize the node infos
:param tid:
:param request:
:param session: the session on which perform queries.
:param language: the language in which to localize data
:return: a dictionary representing the serialization of the node
"""
config = ConfigFactory(session, tid)
config.update('node', request)
if 'basic_auth' in request and request['basic_auth'] and request[
'basic_auth_username'] and request['basic_auth_password']:
config.set_val('basic_auth', True)
config.set_val('basic_auth_username', request['basic_auth_username'])
config.set_val('basic_auth_password', request['basic_auth_password'])
else:
config.set_val('basic_auth', False)
config.set_val('basic_auth_username', '')
config.set_val('basic_auth_password', '')
if request['enable_ricochet_panel'] and not request['ricochet_address']:
request['enable_ricochet_panel'] = False
# Validate that IP addresses/ranges we're getting are goo
if 'ip_filter_admin' in request and request[
'ip_filter_admin_enable'] and request['ip_filter_admin']:
parse_csv_ip_ranges_to_ip_networks(request['ip_filter_admin'])
if 'ip_filter_whistleblower_enable' in request and request[
'ip_filter_whistleblower_enable'] and request[
'ip_filter_whistleblower']:
parse_csv_ip_ranges_to_ip_networks(request['ip_filter_whistleblower'])
if 'languages_enabled' in request and 'default_language' in request:
db_update_enabled_languages(session, tid, request['languages_enabled'],
request['default_language'])
if language in models.EnabledLanguage.list(session, tid):
ConfigL10NFactory(session, tid).update('node', request, language)
db_refresh_memory_variables(session, [tid])
if tid == 1:
log.setloglevel(config.get_val('log_level'))
return db_admin_serialize_node(session, tid, language)
def db_update_node(session, tid, request, language, config_node):
"""
Update and serialize the node infos
:param session: the session on which perform queries.
:param language: the language in which to localize data
:return: a dictionary representing the serialization of the node
"""
node = ConfigFactory(session, tid, config_node)
node.update(request)
if 'basic_auth' in request:
if request['basic_auth'] and request['basic_auth_username'] and request['basic_auth_password']:
node.set_val(u'basic_auth', True)
node.set_val(u'basic_auth_username', request['basic_auth_username'])
node.set_val(u'basic_auth_password', request['basic_auth_password'])
else:
node.set_val(u'basic_auth', False)
# Validate that IP addresses/ranges we're getting are goo
if 'ip_filter_authenticated' in request:
if request['ip_filter_authenticated_enable'] and request['ip_filter_authenticated']:
# Make sure we can validate and parse the whole thing
parse_csv_ip_ranges_to_ip_networks(request['ip_filter_authenticated'])
if 'languages_enabled' in request and 'default_language' in request:
db_update_enabled_languages(session,
tid,
request['languages_enabled'],
request['default_language'])
if language in models.EnabledLanguage.list(session, tid):
NodeL10NFactory(session, tid).update(request, language)
db_refresh_memory_variables(session, [tid])
if tid == 1:
log.setloglevel(node.get_val(u'log_level'))
return db_admin_serialize_node(session, tid, language)
def db_refresh_memory_variables(session, to_refresh=None):
tenant_map = {
tenant.id: tenant
for tenant in session.query(models.Tenant).filter(
models.Tenant.active == True)
}
existing_tids = set(tenant_map.keys())
cached_tids = set(State.tenant_state.keys())
to_remove = cached_tids - existing_tids
to_add = existing_tids - cached_tids
for tid in to_remove:
if tid in State.tenant_state:
del State.tenant_state[tid]
if tid in State.tenant_cache:
del State.tenant_cache[tid]
for tid in to_add:
State.tenant_state[tid] = TenantState(State)
State.tenant_cache[tid] = ObjectDict()
if to_refresh is None:
to_refresh = tenant_map.keys()
else:
to_refresh = [tid for tid in to_refresh if tid in tenant_map]
if to_refresh:
db_refresh_tenant_cache(session, to_refresh)
if 1 in to_refresh:
to_refresh = State.tenant_cache.keys()
db_set_cache_exception_delivery_list(session, State.tenant_cache[1])
if State.tenant_cache[1].admin_api_token_digest:
State.api_token_session = Session(1, 0, 'admin', False, '')
log.setloglevel(State.tenant_cache[1].log_level)
rootdomain = State.tenant_cache[1].rootdomain
root_onionservice = State.tenant_cache[1].onionservice
for tid in to_refresh:
if tid not in tenant_map:
continue
tenant = tenant_map[tid]
if not tenant.active and tid != 1:
continue
hostnames = []
onionnames = []
if State.tenant_cache[tid].hostname != '':
hostnames.append(State.tenant_cache[tid].hostname.encode())
if State.tenant_cache[tid].onionservice != '':
onionnames.append(State.tenant_cache[tid].onionservice.encode())
if rootdomain != '':
hostnames.append('p{}.{}'.format(tid, rootdomain).encode())
if root_onionservice != '':
onionnames.append('p{}.{}'.format(tid, root_onionservice).encode())
if tenant.subdomain != '':
if rootdomain != '':
onionnames.append('{}.{}'.format(tenant.subdomain,
rootdomain).encode())
if root_onionservice != '':
onionnames.append('{}.{}'.format(tenant.subdomain,
root_onionservice).encode())
State.tenant_cache[tid].hostnames = hostnames
State.tenant_cache[tid].onionnames = onionnames
State.tenant_hostname_id_map.update(
{h: tid
for h in hostnames + onionnames})
def db_refresh_memory_variables(session, to_refresh=None):
active_tids = set([
tid[0] for tid in session.query(models.Tenant.id).filter(
models.Tenant.active.is_(True))
])
cached_tids = set(State.tenant_state.keys())
# Remove tenants that have been disabled
for tid in cached_tids - active_tids:
if tid in State.tenant_state:
del State.tenant_state[tid]
if tid in State.tenant_cache:
del State.tenant_cache[tid]
# Add tenants that have been enabled
for tid in active_tids - cached_tids:
State.tenant_state[tid] = TenantState(State)
State.tenant_cache[tid] = ObjectDict()
if to_refresh is None or 1 in to_refresh:
to_refresh = active_tids
else:
to_refresh = [tid for tid in to_refresh if tid in active_tids]
if not len(to_refresh):
return
db_refresh_tenant_cache(session, to_refresh)
root_tenant = State.tenant_cache[1]
for tid in to_refresh:
tenant = State.tenant_cache[tid]
tenant.hostnames = []
tenant.onionnames = []
if tid == 1:
log.setloglevel(tenant.log_level)
db_set_cache_exception_delivery_list(session, tenant)
if tenant.hostname:
tenant.hostnames.append(tenant.hostname.encode())
if tenant.onionservice:
tenant.onionnames.append(tenant.onionservice.encode())
if tenant.old_onionservice:
tenant.onionnames.append(tenant.old_onionservice.encode())
if not tenant.onionservice and root_tenant.onionservice:
tenant.onionservice = tenant.subdomain + '.' + root_tenant.onionservice
if tenant.subdomain:
if root_tenant.rootdomain:
tenant.hostnames.append('{}.{}'.format(
tenant.subdomain, root_tenant.rootdomain).encode())
if root_tenant.onionservice:
tenant.onionnames.append('{}.{}'.format(
tenant.subdomain, root_tenant.onionservice).encode())
State.tenant_hostname_id_map.update(
{h: tid
for h in tenant.hostnames + tenant.onionnames})
def db_refresh_memory_variables(session, to_refresh=None):
tenant_map = {tenant.id: tenant for tenant in session.query(models.Tenant).filter(models.Tenant.active == True)}
existing_tids = set(tenant_map.keys())
cached_tids = set(State.tenant_state.keys())
to_remove = cached_tids - existing_tids
to_add = existing_tids - cached_tids
for tid in to_remove:
if tid in State.tenant_state:
del State.tenant_state[tid]
if tid in State.tenant_cache:
del State.tenant_cache[tid]
for tid in to_add:
State.tenant_state[tid] = TenantState(State)
State.tenant_cache[tid] = ObjectDict()
if to_refresh is None:
to_refresh = tenant_map.keys()
else:
to_refresh = [tid for tid in to_refresh if tid in tenant_map]
if to_refresh:
db_refresh_tenant_cache(session, to_refresh)
if 1 in to_refresh:
to_refresh = State.tenant_cache.keys()
db_set_cache_exception_delivery_list(session, State.tenant_cache[1])
if State.tenant_cache[1].admin_api_token_digest:
State.api_token_session = Session(1, 0, 'admin', False, '')
log.setloglevel(State.tenant_cache[1].log_level)
rootdomain = State.tenant_cache[1].rootdomain
root_onionservice = State.tenant_cache[1].onionservice
for tid in to_refresh:
if tid not in tenant_map:
continue
tenant = tenant_map[tid]
if not tenant.active and tid != 1:
continue
hostnames = []
onionnames = []
if State.tenant_cache[tid].hostname != '':
hostnames.append(State.tenant_cache[tid].hostname.encode())
if State.tenant_cache[tid].onionservice != '':
onionnames.append(State.tenant_cache[tid].onionservice.encode())
if rootdomain != '':
hostnames.append('p{}.{}'.format(tid, rootdomain).encode())
if root_onionservice != '':
onionnames.append('p{}.{}'.format(tid, root_onionservice).encode())
if tenant.subdomain != '':
if rootdomain != '':
onionnames.append('{}.{}'.format(tenant.subdomain, rootdomain).encode())
if root_onionservice != '':
onionnames.append('{}.{}'.format(tenant.subdomain, root_onionservice).encode())
State.tenant_cache[tid].hostnames = hostnames
State.tenant_cache[tid].onionnames = onionnames
State.tenant_hostname_id_map.update({h: tid for h in hostnames + onionnames})
def load_cmdline_options(self):
self.nodaemon = self.cmdline_options.nodaemon
if self.cmdline_options.disable_swap:
self.disable_swap = True
log.setloglevel(verbosity_dict[self.cmdline_options.loglevel])
self.bind_address = self.cmdline_options.ip
self.socks_host = self.cmdline_options.socks_host
if not self.validate_port(self.cmdline_options.socks_port):
sys.exit(1)
self.socks_port = self.cmdline_options.socks_port
if platform.system() != 'Windows':
if (self.cmdline_options.user and self.cmdline_options.group is None) or \
(self.cmdline_options.group and self.cmdline_options.user is None):
self.print_msg("Error: missing user or group option")
sys.exit(1)
if self.cmdline_options.user and self.cmdline_options.group:
import grp
import pwd
self.user = self.cmdline_options.user
self.group = self.cmdline_options.group
self.uid = pwd.getpwnam(self.cmdline_options.user).pw_uid
self.gid = grp.getgrnam(self.cmdline_options.group).gr_gid
if self.uid == 0 or self.gid == 0:
self.print_msg("Invalid user: cannot run as root")
sys.exit(1)
if self.cmdline_options.devel_mode:
self.set_devel_mode()
self.orm_debug = self.cmdline_options.orm_debug
if self.cmdline_options.working_path:
self.working_path = self.cmdline_options.working_path
self.api_prefix = self.cmdline_options.api_prefix
if self.cmdline_options.client_path:
self.client_path = os.path.abspath(os.path.join(self.src_path, self.cmdline_options.client_path))
self.eval_paths()
if self.nodaemon:
self.print_msg("Going in background; log available at %s" % Settings.logfile)
# special evaluation of client directory:
indexfile = os.path.join(self.client_path, 'index.html')
if os.path.isfile(indexfile):
self.print_msg("Serving the client from directory: %s" % self.client_path)
else:
self.print_msg("Unable to find a directory to load the client from")
sys.exit(1)