def testClientSummary(self):
d = self.CreateDatabase()
client_id_1 = "C.0000000000000001"
client_id_2 = "C.0000000000000002"
client_id_3 = "C.0000000000000003"
d.WriteClientMetadata(client_id_1, fleetspeak_enabled=True)
d.WriteClientMetadata(client_id_2, fleetspeak_enabled=True)
d.WriteClientMetadata(client_id_3, fleetspeak_enabled=True)
d.WriteClient(
client_id_1,
objects.Client(hostname="test1234.examples.com", kernel="12.3"))
d.WriteClient(
client_id_1,
objects.Client(hostname="test1234.examples.com", kernel="12.4"))
d.WriteClient(
client_id_2,
objects.Client(hostname="test1235.examples.com", kernel="12.4"))
hist = d.ReadClientHistory(client_id_1)
self.assertEqual(len(hist), 2)
# client_3 should be excluded - no snapshot yet
res = d.ReadClients([client_id_1, client_id_2, client_id_3])
self.assertEqual(len(res), 3)
self.assertIsInstance(res[client_id_1], objects.Client)
self.assertIsInstance(res[client_id_2], objects.Client)
self.assertIsNotNone(res[client_id_1].timestamp)
self.assertIsNotNone(res[client_id_2].timestamp)
self.assertEqual(res[client_id_1].hostname, "test1234.examples.com")
self.assertEqual(res[client_id_1].kernel, "12.4")
self.assertEqual(res[client_id_2].hostname, "test1235.examples.com")
self.assertFalse(res[client_id_3])
def testInvalidClientID(self):
# No id.
with self.assertRaises(ValueError):
objects.Client()
# One digit short.
with self.assertRaises(ValueError):
objects.Client(client_id="C.000000000000000")
with self.assertRaises(ValueError):
objects.Client(client_id="not a real id")
objects.Client(client_id="C.0000000000000000")
def ConvertVFSGRRClient(client):
"""Converts a VFSGRRClient object to and rdfvalues.objects.Client objects."""
result = rdf_objects.Client(client_id=client.urn.Basename())
s = client.Schema
result.last_boot_time = client.Get(s.LAST_BOOT_TIME)
result.filesystems = client.Get(s.FILESYSTEM)
result.client_info = client.Get(s.CLIENT_INFO)
result.hostname = client.Get(s.HOSTNAME)
result.fqdn = client.Get(s.FQDN)
result.system = client.Get(s.SYSTEM)
result.os_release = client.Get(s.OS_RELEASE)
result.os_version = client.Get(s.OS_VERSION)
result.arch = client.Get(s.ARCH)
result.install_time = client.Get(s.INSTALL_DATE)
result.knowledge_base = client.Get(s.KNOWLEDGE_BASE)
conf = client.Get(s.GRR_CONFIGURATION)
for key in conf or []:
result.grr_configuration.Append(key=key,
value=utils.SmartStr(conf[key]))
lib = client.Get(s.LIBRARY_VERSIONS)
for key in lib or []:
result.library_versions.Append(key=key, value=utils.SmartStr(lib[key]))
result.kernel = client.Get(s.KERNEL)
result.volumes = client.Get(s.VOLUMES)
result.interfaces = client.Get(s.INTERFACES)
result.hardware_info = client.Get(s.HARDWARE_INFO)
result.memory_size = client.Get(s.MEMORY_SIZE)
result.cloud_instance = client.Get(s.CLOUD_INSTANCE)
return result
def testClientStartupInfo(self):
"""StartupInfo is written to a separate table, make sure the merge works."""
d = self.db
client_id = "C.fc413187fefa1dcf"
self._InitializeClient(client_id)
client = objects.Client(client_id=client_id, kernel="12.3")
client.startup_info = rdf_client.StartupInfo(boot_time=123)
client.knowledge_base.fqdn = "test1234.examples.com"
d.WriteClient(client)
client = d.ReadClient(client_id)
self.assertEqual(client.startup_info.boot_time, 123)
client.kernel = "12.4"
client.startup_info = rdf_client.StartupInfo(boot_time=124)
d.WriteClient(client)
client.kernel = "12.5"
client.startup_info = rdf_client.StartupInfo(boot_time=125)
d.WriteClient(client)
hist = d.ReadClientHistory(client_id)
self.assertEqual(len(hist), 3)
startup_infos = [cl.startup_info for cl in hist]
self.assertEqual([si.boot_time for si in startup_infos],
[125, 124, 123])
# StartupInfos written using WriteClient show up in the StartupInfoHistory.
history = d.ReadClientStartupInfoHistory(client_id)
self.assertEqual(len(history), 3)
self.assertEqual(startup_infos, history)
def Start(self):
"""Start off all the tests."""
# Create the objects we need to exist.
self.Load()
self.state.client = objects.Client(client_id=self.client_id.Basename())
self.state.fqdn = None
self.state.os = None
# Make sure we always have a VFSDirectory with a pathspec at fs/os
pathspec = rdf_paths.PathSpec(
path="/", pathtype=rdf_paths.PathSpec.PathType.OS)
urn = pathspec.AFF4Path(self.client_id)
with aff4.FACTORY.Create(
urn, standard.VFSDirectory, mode="w", token=self.token) as fd:
fd.Set(fd.Schema.PATHSPEC, pathspec)
self.CallClient(server_stubs.GetPlatformInfo, next_state="Platform")
self.CallClient(server_stubs.GetMemorySize, next_state="StoreMemorySize")
self.CallClient(server_stubs.GetInstallDate, next_state="InstallDate")
self.CallClient(server_stubs.GetClientInfo, next_state="ClientInfo")
self.CallClient(
server_stubs.GetConfiguration, next_state="ClientConfiguration")
self.CallClient(
server_stubs.GetLibraryVersions, next_state="ClientLibraries")
self.CallClient(
server_stubs.EnumerateInterfaces, next_state="EnumerateInterfaces")
self.CallClient(
server_stubs.EnumerateFilesystems, next_state="EnumerateFilesystems")
def _SetupClients(self, n):
res = {}
for i in range(1, n + 1):
client_id = "C.100000000000000%d" % i
client = objects.Client()
client.system = "Windows"
client.hostname = "host-%d" % i
client.fqdn = "host-%d.example.com" % i
client.interfaces = [
rdf_client.Interface(addresses=[
rdf_client.NetworkAddress(
address_type=rdf_client.NetworkAddress.Family.INET,
packed_bytes=ipv6_utils.InetPtoN(
socket.AF_INET, "192.168.0.%d" % i)),
rdf_client.NetworkAddress(
address_type=rdf_client.NetworkAddress.Family.INET6,
packed_bytes=ipv6_utils.InetPtoN(
socket.AF_INET6, "2001:abcd::%d" % i))
],
mac_address=("aabbccddee0%d" %
i).decode("hex"))
]
res[client_id] = client
return res
def testClientSummary(self):
d = self.db
client_id_1 = "C.0000000000000001"
client_id_2 = "C.0000000000000002"
client_id_3 = "C.0000000000000003"
self._InitializeClient(client_id_1)
self._InitializeClient(client_id_2)
self._InitializeClient(client_id_3)
d.WriteClient(
client_id_1,
objects.Client(client_id=client_id_1,
knowledge_base=rdf_client.KnowledgeBase(
fqdn="test1234.examples.com"),
kernel="12.3"))
d.WriteClient(
client_id_1,
objects.Client(client_id=client_id_1,
knowledge_base=rdf_client.KnowledgeBase(
fqdn="test1234.examples.com"),
kernel="12.4"))
d.WriteClient(
client_id_2,
objects.Client(client_id=client_id_2,
knowledge_base=rdf_client.KnowledgeBase(
fqdn="test1235.examples.com"),
kernel="12.4"))
hist = d.ReadClientHistory(client_id_1)
self.assertEqual(len(hist), 2)
# client_3 should be excluded - no snapshot yet
res = d.ReadClients([client_id_1, client_id_2, client_id_3])
self.assertEqual(len(res), 3)
self.assertIsInstance(res[client_id_1], objects.Client)
self.assertIsInstance(res[client_id_2], objects.Client)
self.assertIsInstance(res[client_id_1].timestamp, rdfvalue.RDFDatetime)
self.assertIsNotNone(res[client_id_2].timestamp)
self.assertEqual(res[client_id_1].knowledge_base.fqdn,
"test1234.examples.com")
self.assertEqual(res[client_id_1].kernel, "12.4")
self.assertEqual(res[client_id_2].knowledge_base.fqdn,
"test1235.examples.com")
self.assertFalse(res[client_id_3])
def SetupTestClientObject(self,
client_nr,
add_cert=True,
arch="x86_64",
last_boot_time=None,
fqdn=None,
kernel="4.0.0",
memory_size=None,
os_version="buster/sid",
ping=None,
system="Linux"):
"""Prepares a test client object."""
client_id = "C.1%015x" % client_nr
client = objects.Client(client_id=client_id)
client.startup_info.client_info = self._TestClientInfo()
if last_boot_time is not None:
client.startup_info.boot_time = last_boot_time
client.knowledge_base.fqdn = fqdn or "Host-%x.example.com" % client_nr
client.knowledge_base.os = system
client.knowledge_base.users = [
rdf_client.User(username="******"),
rdf_client.User(username="******"),
]
client.os_version = os_version
client.arch = arch
client.kernel = kernel
client.interfaces = self._TestInterfaces(client_nr)
client.hardware_info = rdf_client.HardwareInfo(
system_manufacturer="System-Manufacturer-%x" % client_nr,
bios_version="Bios-Version-%x" % client_nr)
if memory_size is not None:
client.memory_size = memory_size
ping = ping or rdfvalue.RDFDatetime.Now()
if add_cert:
cert = self.ClientCertFromPrivateKey(
config.CONFIG["Client.private_key"])
else:
cert = None
data_store.REL_DB.WriteClientMetadata(client_id,
last_ping=ping,
certificate=cert,
fleetspeak_enabled=False)
data_store.REL_DB.WriteClient(client)
client_index.ClientIndex().AddClient(client_id, client)
return client
def testClientWriteToUnknownClient(self):
d = self.db
client_id = "C.fc413187fefa1dcf"
with self.assertRaises(db.UnknownClientError):
d.WriteClient(objects.Client(client_id=client_id))
# fleetspeak_enabled not set means update.
with self.assertRaises(db.UnknownClientError):
d.WriteClientMetadata(client_id,
first_seen=rdfvalue.RDFDatetime.Now())
def testClientHistory(self):
d = self.CreateDatabase()
client_id = "C.fc413187fefa1dcf"
d.WriteClientMetadata(client_id, fleetspeak_enabled=True)
client = objects.Client(hostname="test1234.examples.com",
kernel="12.3")
d.WriteClient(client_id, client)
client = objects.Client(hostname="test1234.examples.com",
kernel="12.4")
d.WriteClient(client_id, client)
hist = d.ReadClientHistory(client_id)
self.assertEqual(len(hist), 2)
self.assertIsInstance(hist[0], objects.Client)
self.assertIsInstance(hist[1], objects.Client)
self.assertGreater(hist[0].timestamp, hist[1].timestamp)
self.assertEqual(hist[0].kernel, "12.4")
self.assertEqual(hist[1].kernel, "12.3")
def MakeClient():
client = objects.Client()
base_pb = objects_pb2.Client()
text_format.Merge(
"""
hostname: "test123"
fqdn: "test123.examples.com"
system: "Linux"
os_release: "Ubuntu"
os_version: "14.4"
interfaces: {
addresses: {
address_type: INET
packed_bytes: "\177\000\000\001"
}
addresses: {
address_type: INET6
packed_bytes: "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\001"
}
}
interfaces: {
mac_address: "\001\002\003\004\001\002\003\004\001\002\003\004"
addresses: {
address_type: INET
packed_bytes: "\010\010\010\010"
}
addresses: {
address_type: INET6
packed_bytes: "\376\200\001\002\003\000\000\000\000\000\000\000\000\000\000\000"
}
}
knowledge_base: {
users: {
username: "******"
full_name: "Good Guy Joe"
}
users: {
username: "******"
full_name: "Ok Guy Fred"
}
}
cloud_instance: {
cloud_type: GOOGLE
google: {
unique_id: "us-central1-a/myproject/1771384456894610289"
}
}
""", base_pb)
client.ParseFromString(base_pb.SerializeToString())
return client
def testClientHistory(self):
d = self.db
client_id = "C.fc413187fefa1dcf"
self._InitializeClient(client_id)
client = objects.Client(client_id=client_id, kernel="12.3")
client.knowledge_base.fqdn = "test1234.examples.com"
d.WriteClient(client)
client.kernel = "12.4"
d.WriteClient(client)
hist = d.ReadClientHistory(client_id)
self.assertEqual(len(hist), 2)
self.assertIsInstance(hist[0], objects.Client)
self.assertIsInstance(hist[1], objects.Client)
self.assertGreater(hist[0].timestamp, hist[1].timestamp)
self.assertIsInstance(hist[0].timestamp, rdfvalue.RDFDatetime)
self.assertEqual(hist[0].kernel, "12.4")
self.assertEqual(hist[1].kernel, "12.3")
def testFullInfo(self):
d = self.db
client_id = "C.0000000050000001"
self._InitializeClient(client_id)
cl = objects.Client(client_id=client_id,
knowledge_base=rdf_client.KnowledgeBase(
fqdn="test1234.examples.com"),
kernel="12.3")
d.WriteClient(cl)
d.WriteClientMetadata(client_id, certificate=CERT)
si = rdf_client.StartupInfo(boot_time=1)
d.WriteClientStartupInfo(client_id, si)
d.AddClientLabels(client_id, "test_owner", ["test_label"])
full_info = d.ReadFullInfoClient(client_id)
self.assertEqual(full_info["client"], cl)
self.assertEqual(full_info["metadata"].certificate, CERT)
self.assertEqual(full_info["last_startup_info"], si)
self.assertEqual(
full_info["labels"],
[objects.ClientLabel(owner="test_owner", name="test_label")])
def testAnalyzeClient(self):
index = client_index.ClientIndex()
client = objects.Client(client_id="C.0000000000000000")
client.knowledge_base.os = "Windows"
client.startup_info.client_info.client_name = "grr monitor"
client.startup_info.client_info.labels = ["client-label-23"]
kb = client.knowledge_base
kb.users = [
rdf_client.User(
username="******",
full_name="Eric (Bertrand ) 'Russell' \"Logician\" Jacobson"),
rdf_client.User(username="******", full_name="Steve O'Bryan")
]
keywords = index.AnalyzeClient(client)
# Should not contain an empty string.
self.assertNotIn("", keywords)
# OS of the client
self.assertIn("windows", keywords)
# Users of the client.
self.assertIn("bert", keywords)
self.assertIn("bertrand", keywords)
self.assertNotIn(")", keywords)
self.assertIn("russell", keywords)
self.assertIn("logician", keywords)
self.assertIn("ernie", keywords)
self.assertIn("eric", keywords)
self.assertIn("jacobson", keywords)
self.assertIn("steve o'bryan", keywords)
self.assertIn("o'bryan", keywords)
# Client information.
self.assertIn("grr monitor", keywords)
self.assertIn("client-label-23", keywords)
