def db_update_node(session, tid, user_session, request, language): """ Transaction to update the node configuration :param session: An ORM session :param tid: A tenant ID :param user_session: The current user session :param request: The request data :param language: the language in which to localize data :return: Return the serialized configuration for the specified tenant """ config = ConfigFactory(session, tid) enable_escrow = not config.get_val('escrow') and request.get('escrow', False) disable_escrow = user_session.ek and config.get_val('escrow') and not request.get('escrow', False) config.update('node', request) if request['enable_ricochet_panel'] and not request['ricochet_address']: request['enable_ricochet_panel'] = False # Validate that IP addresses/ranges we're getting are goo if 'ip_filter_admin' in request and request['ip_filter_admin_enable'] and request['ip_filter_admin']: parse_csv_ip_ranges_to_ip_networks(request['ip_filter_admin']) if 'languages_enabled' in request and 'default_language' in request: db_update_enabled_languages(session, tid, request['languages_enabled'], request['default_language']) if language in db_get_languages(session, tid): ConfigL10NFactory(session, tid).update('node', request, language) if enable_escrow: crypto_escrow_prv_key, State.tenant_cache[tid].crypto_escrow_pub_key = GCE.generate_keypair() user = db_get(session, models.User, models.User.id == user_session.user_id) user.crypto_escrow_prv_key = Base64Encoder.encode(GCE.asymmetric_encrypt(user.crypto_pub_key, crypto_escrow_prv_key)) if tid == 1: session.query(models.User).update({'password_change_needed': True}, synchronize_session=False) else: session.query(models.User).filter(models.User.tid == tid).update({'password_change_needed': True}, synchronize_session=False) if disable_escrow: if tid == 1: session.query(models.User).update({'crypto_escrow_bkp1_key': ''}, synchronize_session=False) else: session.query(models.User).update({'crypto_escrow_bkp2_key': ''}, synchronize_session=False) session.query(models.User).filter(models.User.tid == tid).update({'crypto_escrow_prv_key': ''}, synchronize_session=False) config.set_val('crypto_escrow_pub_key', State.tenant_cache[tid].crypto_escrow_pub_key) db_refresh_memory_variables(session, [tid]) if tid == 1: log.setloglevel(config.get_val('log_level')) return db_admin_serialize_node(session, tid, language)
def db_update_node(session, tid, request, language): """ Update and serialize the node infos :param tid: :param request: :param session: the session on which perform queries. :param language: the language in which to localize data :return: a dictionary representing the serialization of the node """ config = ConfigFactory(session, tid) config.update('node', request) if 'basic_auth' in request and request['basic_auth'] and request[ 'basic_auth_username'] and request['basic_auth_password']: config.set_val('basic_auth', True) config.set_val('basic_auth_username', request['basic_auth_username']) config.set_val('basic_auth_password', request['basic_auth_password']) else: config.set_val('basic_auth', False) config.set_val('basic_auth_username', '') config.set_val('basic_auth_password', '') if request['enable_ricochet_panel'] and not request['ricochet_address']: request['enable_ricochet_panel'] = False # Validate that IP addresses/ranges we're getting are goo if 'ip_filter_admin' in request and request[ 'ip_filter_admin_enable'] and request['ip_filter_admin']: parse_csv_ip_ranges_to_ip_networks(request['ip_filter_admin']) if 'ip_filter_whistleblower_enable' in request and request[ 'ip_filter_whistleblower_enable'] and request[ 'ip_filter_whistleblower']: parse_csv_ip_ranges_to_ip_networks(request['ip_filter_whistleblower']) if 'languages_enabled' in request and 'default_language' in request: db_update_enabled_languages(session, tid, request['languages_enabled'], request['default_language']) if language in models.EnabledLanguage.list(session, tid): ConfigL10NFactory(session, tid).update('node', request, language) db_refresh_memory_variables(session, [tid]) if tid == 1: log.setloglevel(config.get_val('log_level')) return db_admin_serialize_node(session, tid, language)
def db_update_node(session, tid, request, language, config_node): """ Update and serialize the node infos :param session: the session on which perform queries. :param language: the language in which to localize data :return: a dictionary representing the serialization of the node """ node = ConfigFactory(session, tid, config_node) node.update(request) if 'basic_auth' in request: if request['basic_auth'] and request['basic_auth_username'] and request['basic_auth_password']: node.set_val(u'basic_auth', True) node.set_val(u'basic_auth_username', request['basic_auth_username']) node.set_val(u'basic_auth_password', request['basic_auth_password']) else: node.set_val(u'basic_auth', False) # Validate that IP addresses/ranges we're getting are goo if 'ip_filter_authenticated' in request: if request['ip_filter_authenticated_enable'] and request['ip_filter_authenticated']: # Make sure we can validate and parse the whole thing parse_csv_ip_ranges_to_ip_networks(request['ip_filter_authenticated']) if 'languages_enabled' in request and 'default_language' in request: db_update_enabled_languages(session, tid, request['languages_enabled'], request['default_language']) if language in models.EnabledLanguage.list(session, tid): NodeL10NFactory(session, tid).update(request, language) db_refresh_memory_variables(session, [tid]) if tid == 1: log.setloglevel(node.get_val(u'log_level')) return db_admin_serialize_node(session, tid, language)
def db_refresh_memory_variables(session, to_refresh=None): tenant_map = { tenant.id: tenant for tenant in session.query(models.Tenant).filter( models.Tenant.active == True) } existing_tids = set(tenant_map.keys()) cached_tids = set(State.tenant_state.keys()) to_remove = cached_tids - existing_tids to_add = existing_tids - cached_tids for tid in to_remove: if tid in State.tenant_state: del State.tenant_state[tid] if tid in State.tenant_cache: del State.tenant_cache[tid] for tid in to_add: State.tenant_state[tid] = TenantState(State) State.tenant_cache[tid] = ObjectDict() if to_refresh is None: to_refresh = tenant_map.keys() else: to_refresh = [tid for tid in to_refresh if tid in tenant_map] if to_refresh: db_refresh_tenant_cache(session, to_refresh) if 1 in to_refresh: to_refresh = State.tenant_cache.keys() db_set_cache_exception_delivery_list(session, State.tenant_cache[1]) if State.tenant_cache[1].admin_api_token_digest: State.api_token_session = Session(1, 0, 'admin', False, '') log.setloglevel(State.tenant_cache[1].log_level) rootdomain = State.tenant_cache[1].rootdomain root_onionservice = State.tenant_cache[1].onionservice for tid in to_refresh: if tid not in tenant_map: continue tenant = tenant_map[tid] if not tenant.active and tid != 1: continue hostnames = [] onionnames = [] if State.tenant_cache[tid].hostname != '': hostnames.append(State.tenant_cache[tid].hostname.encode()) if State.tenant_cache[tid].onionservice != '': onionnames.append(State.tenant_cache[tid].onionservice.encode()) if rootdomain != '': hostnames.append('p{}.{}'.format(tid, rootdomain).encode()) if root_onionservice != '': onionnames.append('p{}.{}'.format(tid, root_onionservice).encode()) if tenant.subdomain != '': if rootdomain != '': onionnames.append('{}.{}'.format(tenant.subdomain, rootdomain).encode()) if root_onionservice != '': onionnames.append('{}.{}'.format(tenant.subdomain, root_onionservice).encode()) State.tenant_cache[tid].hostnames = hostnames State.tenant_cache[tid].onionnames = onionnames State.tenant_hostname_id_map.update( {h: tid for h in hostnames + onionnames})
def db_refresh_memory_variables(session, to_refresh=None): active_tids = set([ tid[0] for tid in session.query(models.Tenant.id).filter( models.Tenant.active.is_(True)) ]) cached_tids = set(State.tenant_state.keys()) # Remove tenants that have been disabled for tid in cached_tids - active_tids: if tid in State.tenant_state: del State.tenant_state[tid] if tid in State.tenant_cache: del State.tenant_cache[tid] # Add tenants that have been enabled for tid in active_tids - cached_tids: State.tenant_state[tid] = TenantState(State) State.tenant_cache[tid] = ObjectDict() if to_refresh is None or 1 in to_refresh: to_refresh = active_tids else: to_refresh = [tid for tid in to_refresh if tid in active_tids] if not len(to_refresh): return db_refresh_tenant_cache(session, to_refresh) root_tenant = State.tenant_cache[1] for tid in to_refresh: tenant = State.tenant_cache[tid] tenant.hostnames = [] tenant.onionnames = [] if tid == 1: log.setloglevel(tenant.log_level) db_set_cache_exception_delivery_list(session, tenant) if tenant.hostname: tenant.hostnames.append(tenant.hostname.encode()) if tenant.onionservice: tenant.onionnames.append(tenant.onionservice.encode()) if tenant.old_onionservice: tenant.onionnames.append(tenant.old_onionservice.encode()) if not tenant.onionservice and root_tenant.onionservice: tenant.onionservice = tenant.subdomain + '.' + root_tenant.onionservice if tenant.subdomain: if root_tenant.rootdomain: tenant.hostnames.append('{}.{}'.format( tenant.subdomain, root_tenant.rootdomain).encode()) if root_tenant.onionservice: tenant.onionnames.append('{}.{}'.format( tenant.subdomain, root_tenant.onionservice).encode()) State.tenant_hostname_id_map.update( {h: tid for h in tenant.hostnames + tenant.onionnames})
def db_refresh_memory_variables(session, to_refresh=None): tenant_map = {tenant.id: tenant for tenant in session.query(models.Tenant).filter(models.Tenant.active == True)} existing_tids = set(tenant_map.keys()) cached_tids = set(State.tenant_state.keys()) to_remove = cached_tids - existing_tids to_add = existing_tids - cached_tids for tid in to_remove: if tid in State.tenant_state: del State.tenant_state[tid] if tid in State.tenant_cache: del State.tenant_cache[tid] for tid in to_add: State.tenant_state[tid] = TenantState(State) State.tenant_cache[tid] = ObjectDict() if to_refresh is None: to_refresh = tenant_map.keys() else: to_refresh = [tid for tid in to_refresh if tid in tenant_map] if to_refresh: db_refresh_tenant_cache(session, to_refresh) if 1 in to_refresh: to_refresh = State.tenant_cache.keys() db_set_cache_exception_delivery_list(session, State.tenant_cache[1]) if State.tenant_cache[1].admin_api_token_digest: State.api_token_session = Session(1, 0, 'admin', False, '') log.setloglevel(State.tenant_cache[1].log_level) rootdomain = State.tenant_cache[1].rootdomain root_onionservice = State.tenant_cache[1].onionservice for tid in to_refresh: if tid not in tenant_map: continue tenant = tenant_map[tid] if not tenant.active and tid != 1: continue hostnames = [] onionnames = [] if State.tenant_cache[tid].hostname != '': hostnames.append(State.tenant_cache[tid].hostname.encode()) if State.tenant_cache[tid].onionservice != '': onionnames.append(State.tenant_cache[tid].onionservice.encode()) if rootdomain != '': hostnames.append('p{}.{}'.format(tid, rootdomain).encode()) if root_onionservice != '': onionnames.append('p{}.{}'.format(tid, root_onionservice).encode()) if tenant.subdomain != '': if rootdomain != '': onionnames.append('{}.{}'.format(tenant.subdomain, rootdomain).encode()) if root_onionservice != '': onionnames.append('{}.{}'.format(tenant.subdomain, root_onionservice).encode()) State.tenant_cache[tid].hostnames = hostnames State.tenant_cache[tid].onionnames = onionnames State.tenant_hostname_id_map.update({h: tid for h in hostnames + onionnames})
def load_cmdline_options(self): self.nodaemon = self.cmdline_options.nodaemon if self.cmdline_options.disable_swap: self.disable_swap = True log.setloglevel(verbosity_dict[self.cmdline_options.loglevel]) self.bind_address = self.cmdline_options.ip self.socks_host = self.cmdline_options.socks_host if not self.validate_port(self.cmdline_options.socks_port): sys.exit(1) self.socks_port = self.cmdline_options.socks_port if platform.system() != 'Windows': if (self.cmdline_options.user and self.cmdline_options.group is None) or \ (self.cmdline_options.group and self.cmdline_options.user is None): self.print_msg("Error: missing user or group option") sys.exit(1) if self.cmdline_options.user and self.cmdline_options.group: import grp import pwd self.user = self.cmdline_options.user self.group = self.cmdline_options.group self.uid = pwd.getpwnam(self.cmdline_options.user).pw_uid self.gid = grp.getgrnam(self.cmdline_options.group).gr_gid if self.uid == 0 or self.gid == 0: self.print_msg("Invalid user: cannot run as root") sys.exit(1) if self.cmdline_options.devel_mode: self.set_devel_mode() self.orm_debug = self.cmdline_options.orm_debug if self.cmdline_options.working_path: self.working_path = self.cmdline_options.working_path self.api_prefix = self.cmdline_options.api_prefix if self.cmdline_options.client_path: self.client_path = os.path.abspath(os.path.join(self.src_path, self.cmdline_options.client_path)) self.eval_paths() if self.nodaemon: self.print_msg("Going in background; log available at %s" % Settings.logfile) # special evaluation of client directory: indexfile = os.path.join(self.client_path, 'index.html') if os.path.isfile(indexfile): self.print_msg("Serving the client from directory: %s" % self.client_path) else: self.print_msg("Unable to find a directory to load the client from") sys.exit(1)