def _identify_user(request_handler):
user_id = request_handler.application.identification.identify(request_handler)
if user_id is None:
raise Exception('Could not identify user: ' + audit_utils.get_all_audit_names(request_handler))
return user_id
def identify(self, request_handler):
remote_ip = request_handler.request.remote_ip
new_trusted = remote_ip in self._trusted_ips
if new_trusted:
if request_handler.get_cookie(self.COOKIE_KEY):
request_handler.clear_cookie(self.COOKIE_KEY)
return self._resolve_ip(request_handler)
(client_id, days_remaining) = self._read_client_token(request_handler)
if client_id:
if days_remaining < (self.EXPIRES_DAYS - 2):
if self._can_write(request_handler):
self._write_client_token(client_id, request_handler)
return client_id
if not self._can_write(request_handler):
raise Exception('Cannot generate ID, because request_handler is not writable')
ip = self._resolve_ip(request_handler)
new_id = ip + '-' + uuid.uuid4().hex[:16]
LOGGER.info('Assigned user_id=%s to %s' % (new_id, str(audit_utils.get_all_audit_names(request_handler))))
self._write_client_token(new_id, request_handler)
return new_id
def identify(self, request_handler):
remote_ip = request_handler.request.remote_ip
new_trusted = remote_ip in self._trusted_ips
if new_trusted:
if request_handler.get_cookie(self.COOKIE_KEY):
request_handler.clear_cookie(self.COOKIE_KEY)
if self._user_header_name:
user_header = request_handler.request.headers.get(
self._user_header_name, None)
if user_header:
return user_header
return self._resolve_ip(request_handler)
(client_id, days_remaining) = self._read_client_token(request_handler)
if client_id:
if days_remaining < (self.EXPIRES_DAYS - 2):
if self._can_write(request_handler):
self._write_client_token(client_id, request_handler)
return client_id
if not self._can_write(request_handler):
raise Exception(
'Cannot generate ID, because request_handler is not writable')
ip = self._resolve_ip(request_handler)
new_id = ip + '-' + uuid.uuid4().hex[:16]
LOGGER.info(
'Assigned user_id=%s to %s' %
(new_id, str(audit_utils.get_all_audit_names(request_handler))))
self._write_client_token(new_id, request_handler)
return new_id
def _identify_user(request_handler):
user_id = request_handler.application.identification.identify(request_handler)
if user_id is None:
raise Exception('Could not identify user: ' + audit_utils.get_all_audit_names(request_handler))
return user_id
def wrapper(self, *args, **kwargs):
user_id = _identify_user(self)
audit_names = audit_utils.get_all_audit_names(self)
user = User(user_id, audit_names)
new_args = chain([user], args)
return func(self, *new_args, **kwargs)
def wrapper(self, *args, **kwargs):
user_id = _identify_user(self)
audit_names = audit_utils.get_all_audit_names(self)
user = User(user_id, audit_names)
new_args = chain([user], args)
return func(self, *new_args, **kwargs)
def has_admin_rights(request_handler):
names = get_all_audit_names(request_handler)
if AUTH_USERNAME in names:
username = names[audit_utils.AUTH_USERNAME]
else:
username = names.get(audit_utils.IP)
if not username:
LOGGER.warning('has_admin_rights: could not resolve username for %s',
get_audit_name_from_request(request_handler))
return False
return request_handler.application.authorizer.is_admin(username)
def get_all_audit_names(request_handler):
logger = logging.getLogger('tests')
return audit_utils.get_all_audit_names(request_handler, logger)
def get_all_audit_names(request_handler):
return audit_utils.get_all_audit_names(request_handler)
def post(self):
script_name = None
audit_name = get_audit_name(self)
try:
arguments = tornado_utils.get_form_arguments(self)
execution_info = external_model.to_execution_info(arguments)
script_name = execution_info.script
config = load_config(script_name)
if not config:
message = 'Script with name "' + str(
script_name) + '" not found'
LOGGER.error(message)
respond_error(self, 400, message)
return
file_upload_feature = self.application.file_upload_feature
if self.request.files:
for key, value in self.request.files.items():
file_info = value[0]
file_path = file_upload_feature.save_file(
file_info.filename, file_info.body, audit_name)
execution_info.param_values[key] = file_path
valid_parameters = model_helper.validate_parameters(
execution_info.param_values, config)
if not valid_parameters:
message = 'Received invalid parameters'
LOGGER.error(message)
respond_error(self, 400, message)
return
executor = ScriptExecutor(config, execution_info.param_values,
audit_name)
audit_command = executor.get_secure_command()
LOGGER.info('Calling script: ' + audit_command)
LOGGER.info('User info: ' + str(get_all_audit_names(self)))
process_id = executor.start()
running_scripts[process_id] = executor
self.write(str(process_id))
secure_output_stream = executor.get_secure_output_stream()
self.start_script_output_logger(audit_name, script_name,
secure_output_stream)
alerts_config = self.application.alerts_config
if alerts_config:
self.subscribe_fail_alerter(script_name, alerts_config,
audit_name, executor,
secure_output_stream)
except Exception as e:
LOGGER.exception("Error while calling the script")
if hasattr(e, "strerror") and e.strerror:
error_output = e.strerror
else:
error_output = "Unknown error occurred, contact the administrator"
result = " --- ERRORS --- \n"
result += error_output
if script_name:
script = str(script_name)
else:
script = "Some script"
audit_name = audit_name
send_alerts(
self.application.alerts_config, script + ' NOT STARTED',
"Couldn't start the script " + script + ' by ' + audit_name +
'.\n\n' + result)
respond_error(self, 500, result)
def post(self):
script_name = None
audit_name = get_audit_name_from_request(self)
try:
arguments = tornado_utils.get_form_arguments(self)
execution_info = external_model.to_execution_info(arguments)
script_name = execution_info.script
config = self.application.config_service.load_config(script_name)
if not config:
message = 'Script with name "' + str(script_name) + '" not found'
LOGGER.error(message)
respond_error(self, 400, message)
return
if not can_access_script(config, self):
LOGGER.warning('Access to the script "' + script_name + '" is denied for ' + audit_name)
respond_error(self, 403, 'Access to the script is denied')
return
file_upload_feature = self.application.file_upload_feature
if self.request.files:
for key, value in self.request.files.items():
file_info = value[0]
file_path = file_upload_feature.save_file(file_info.filename, file_info.body, audit_name)
execution_info.param_values[key] = file_path
model_helper.prepare_multiselect_values(execution_info.param_values, config.parameters)
valid_parameters = model_helper.validate_parameters(execution_info.param_values, config)
if not valid_parameters:
message = 'Received invalid parameters'
LOGGER.error(message)
respond_error(self, 400, message)
return
user_id = _identify_user(self)
all_audit_names = get_all_audit_names(self)
LOGGER.info('Calling script ' + script_name + '. User ' + str(all_audit_names))
execution_id = self.application.execution_service.start_script(
config,
execution_info.param_values,
user_id,
all_audit_names)
self.write(str(execution_id))
except Exception as e:
LOGGER.exception("Error while calling the script")
if hasattr(e, "strerror") and e.strerror:
error_output = e.strerror
else:
error_output = "Unknown error occurred, contact the administrator"
result = " --- ERRORS --- \n"
result += error_output
if script_name:
script = str(script_name)
else:
script = "Some script"
audit_name = audit_name
self.application.alerts_service.send_alert(
script + ' NOT STARTED',
"Couldn't start the script " + script + ' by ' + audit_name + '.\n\n'
+ result)
respond_error(self, 500, result)
def get_all_audit_names(request_handler):
names = audit_utils.get_all_audit_names(request_handler)
if 'hostname' in names:
names['hostname'] = normalize_hostname(names['hostname'])
return names
def post(self, user):
script_name = None
audit_name = get_audit_name_from_request(self)
try:
arguments = tornado_utils.get_form_arguments(self)
execution_info = external_model.to_execution_info(arguments)
script_name = execution_info.script
config_model = self.application.config_service.create_config_model(
script_name, user)
if not config_model:
message = 'Script with name "' + str(
script_name) + '" not found'
LOGGER.error(message)
respond_error(self, 400, message)
return
parameter_values = execution_info.param_values
if self.request.files:
file_upload_feature = self.application.file_upload_feature
for key, value in self.request.files.items():
file_info = value[0]
file_path = file_upload_feature.save_file(
file_info.filename, file_info.body, audit_name)
parameter_values[key] = file_path
try:
config_model.set_all_param_values(parameter_values)
normalized_values = dict(config_model.parameter_values)
except InvalidValueException as e:
message = 'Invalid parameter %s value: %s' % (e.param_name,
str(e))
LOGGER.error(message)
respond_error(self, 400, message)
return
user_id = _identify_user(self)
all_audit_names = get_all_audit_names(self)
LOGGER.info('Calling script ' + script_name + '. User ' +
str(all_audit_names))
execution_id = self.application.execution_service.start_script(
config_model, normalized_values, user_id, all_audit_names)
self.write(str(execution_id))
except ConfigNotAllowedException:
LOGGER.warning('Access to the script "' + script_name +
'" is denied for ' + audit_name)
respond_error(self, 403, 'Access to the script is denied')
return
except Exception as e:
LOGGER.exception("Error while calling the script")
if hasattr(e, "strerror") and e.strerror:
error_output = e.strerror
else:
error_output = "Unknown error occurred, contact the administrator"
result = " --- ERRORS --- \n"
result += error_output
if script_name:
script = str(script_name)
else:
script = "Some script"
audit_name = audit_name
self.application.alerts_service.send_alert(
script + ' NOT STARTED', "Couldn't start the script " +
script + ' by ' + audit_name + '.\n\n' + result)
respond_error(self, 500, result)
def post(self):
script_name = None
try:
request_data = self.request.body
execution_info = external_model.to_execution_info(request_data.decode("UTF-8"))
script_name = execution_info.script
config = load_config(script_name)
if not config:
respond_error(self, 400, "Script with name '" + str(script_name) + "' not found")
return
working_directory = config.get_working_directory()
if working_directory is not None:
working_directory = file_utils.normalize_path(working_directory)
script_logger = logging.getLogger("scriptServer")
valid_parameters = model_helper.validate_parameters(execution_info.param_values, config)
if not valid_parameters:
respond_error(self, 400, 'Received invalid parameters')
return
script_base_command = process_utils.split_command(config.get_script_command(), working_directory)
script_args = build_command_args(execution_info.param_values, config)
command = script_base_command + script_args
audit_script_args = build_command_args(
execution_info.param_values,
config,
model_helper.value_to_str)
audit_command = script_base_command + audit_script_args
script_logger.info('Calling script: ' + ' '.join(audit_command))
script_logger.info('User info: ' + str(get_all_audit_names(self, script_logger)))
run_pty = config.is_requires_terminal()
if run_pty and not pty_supported:
script_logger.warning(
"Requested PTY mode, but it's not supported for this OS (" + sys.platform + "). Falling back to POpen")
run_pty = False
if run_pty:
self.process_wrapper = execution_pty.PtyProcessWrapper(command,
config.get_name(),
working_directory,
config,
execution_info)
else:
self.process_wrapper = execution_popen.POpenProcessWrapper(command,
config.get_name(),
working_directory,
config,
execution_info)
self.process_wrapper.start()
process_id = self.process_wrapper.get_process_id()
running_scripts[process_id] = self.process_wrapper
self.write(str(process_id))
alerts_config = self.application.alerts_config
if alerts_config:
self.subscribe_fail_alerter(script_name, script_logger, alerts_config)
except Exception as e:
script_logger = logging.getLogger("scriptServer")
script_logger.exception("Error while calling the script")
if hasattr(e, "strerror") and e.strerror:
error_output = e.strerror
else:
error_output = "Unknown error occurred, contact the administrator"
result = " --- ERRORS --- \n"
result += error_output
if script_name:
script = str(script_name)
else:
script = "Some script"
audit_name = get_audit_name(self, script_logger)
send_alerts(self.application.alerts_config, script + ' NOT STARTED',
"Couldn't start the script " + script + ' by ' + audit_name + '.\n\n' +
result)
respond_error(self, 500, result)
def get_user(request_handler):
user_id = identify_user(request_handler)
audit_names = audit_utils.get_all_audit_names(request_handler)
return User(user_id, audit_names)
def get_all_audit_names(request_handler):
names = audit_utils.get_all_audit_names(request_handler)
if 'hostname' in names:
names['hostname'] = normalize_hostname(names['hostname'])
return names