def testInvalidClientID(self):
# No id.
with self.assertRaises(ValueError):
rdf_objects.ClientSnapshot()
# One digit short.
with self.assertRaises(ValueError):
rdf_objects.ClientSnapshot(client_id="C.000000000000000")
with self.assertRaises(ValueError):
rdf_objects.ClientSnapshot(client_id="not a real id")
rdf_objects.ClientSnapshot(client_id="C.0000000000000000")
def Start(self):
"""Start off all the tests."""
# Create the objects we need to exist.
self.Load()
client_id = self.client_id.Basename()
self.state.client = rdf_objects.ClientSnapshot(client_id=client_id)
self.state.fqdn = None
self.state.os = None
# Make sure we always have a VFSDirectory with a pathspec at fs/os
pathspec = rdf_paths.PathSpec(path="/",
pathtype=rdf_paths.PathSpec.PathType.OS)
urn = pathspec.AFF4Path(self.client_id)
with aff4.FACTORY.Create(urn,
standard.VFSDirectory,
mode="w",
token=self.token) as fd:
fd.Set(fd.Schema.PATHSPEC, pathspec)
self.CallClient(server_stubs.GetPlatformInfo, next_state="Platform")
self.CallClient(server_stubs.GetMemorySize,
next_state="StoreMemorySize")
self.CallClient(server_stubs.GetInstallDate, next_state="InstallDate")
self.CallClient(server_stubs.GetClientInfo, next_state="ClientInfo")
self.CallClient(server_stubs.GetConfiguration,
next_state="ClientConfiguration")
self.CallClient(server_stubs.GetLibraryVersions,
next_state="ClientLibraries")
self.CallClient(server_stubs.EnumerateInterfaces,
next_state="EnumerateInterfaces")
self.CallClient(server_stubs.EnumerateFilesystems,
next_state="EnumerateFilesystems")
def _ResponseToClientsFullInfo(self, response):
"""Creates a ClientFullInfo object from a database response."""
c_full_info = None
prev_cid = None
for row in response:
(cid, fs, crt, ping, clk, ip, foreman, first, last_client_ts,
last_crash_ts, last_startup_ts, client_obj, client_startup_obj,
last_startup_obj, label_owner, label_name) = row
if cid != prev_cid:
if c_full_info:
yield mysql_utils.IntToClientID(prev_cid), c_full_info
metadata = objects.ClientMetadata(
certificate=crt,
fleetspeak_enabled=fs,
first_seen=mysql_utils.MysqlToRDFDatetime(first),
ping=mysql_utils.MysqlToRDFDatetime(ping),
clock=mysql_utils.MysqlToRDFDatetime(clk),
ip=mysql_utils.StringToRDFProto(rdf_client.NetworkAddress,
ip),
last_foreman_time=mysql_utils.MysqlToRDFDatetime(foreman),
startup_info_timestamp=mysql_utils.MysqlToRDFDatetime(
last_startup_ts),
last_crash_timestamp=mysql_utils.MysqlToRDFDatetime(
last_crash_ts))
if client_obj is not None:
l_snapshot = objects.ClientSnapshot.FromSerializedString(
client_obj)
l_snapshot.timestamp = mysql_utils.MysqlToRDFDatetime(
last_client_ts)
l_snapshot.startup_info = rdf_client.StartupInfo.FromSerializedString(
client_startup_obj)
l_snapshot.startup_info.timestamp = l_snapshot.timestamp
else:
l_snapshot = objects.ClientSnapshot(
client_id=mysql_utils.IntToClientID(cid))
if last_startup_obj is not None:
startup_info = rdf_client.StartupInfo.FromSerializedString(
last_startup_obj)
startup_info.timestamp = mysql_utils.MysqlToRDFDatetime(
last_startup_ts)
else:
startup_info = None
prev_cid = cid
c_full_info = objects.ClientFullInfo(
metadata=metadata,
labels=[],
last_snapshot=l_snapshot,
last_startup_info=startup_info)
if label_owner and label_name:
c_full_info.labels.append(
objects.ClientLabel(name=label_name, owner=label_owner))
if c_full_info:
yield mysql_utils.IntToClientID(prev_cid), c_full_info
def ConvertVFSGRRClient(client):
"""Converts from `VFSGRRClient` to `rdfvalues.objects.ClientSnapshot`."""
snapshot = rdf_objects.ClientSnapshot(client_id=client.urn.Basename())
snapshot.filesystems = client.Get(client.Schema.FILESYSTEM)
snapshot.hostname = client.Get(client.Schema.HOSTNAME)
snapshot.fqdn = client.Get(client.Schema.FQDN)
snapshot.system = client.Get(client.Schema.SYSTEM)
snapshot.os_release = client.Get(client.Schema.OS_RELEASE)
snapshot.os_version = utils.SmartStr(client.Get(client.Schema.OS_VERSION))
snapshot.arch = client.Get(client.Schema.ARCH)
snapshot.install_time = client.Get(client.Schema.INSTALL_DATE)
snapshot.knowledge_base = client.Get(client.Schema.KNOWLEDGE_BASE)
snapshot.startup_info.boot_time = client.Get(client.Schema.LAST_BOOT_TIME)
snapshot.startup_info.client_info = client.Get(client.Schema.CLIENT_INFO)
conf = client.Get(client.Schema.GRR_CONFIGURATION) or []
for key in conf or []:
snapshot.grr_configuration.Append(key=key,
value=utils.SmartStr(conf[key]))
lib = client.Get(client.Schema.LIBRARY_VERSIONS) or []
for key in lib or []:
snapshot.library_versions.Append(key=key,
value=utils.SmartStr(lib[key]))
snapshot.kernel = client.Get(client.Schema.KERNEL)
snapshot.volumes = client.Get(client.Schema.VOLUMES)
snapshot.interfaces = client.Get(client.Schema.INTERFACES)
snapshot.hardware_info = client.Get(client.Schema.HARDWARE_INFO)
snapshot.memory_size = client.Get(client.Schema.MEMORY_SIZE)
snapshot.cloud_instance = client.Get(client.Schema.CLOUD_INSTANCE)
return snapshot
def SetupTestClientObject(self,
client_nr,
add_cert=True,
arch="x86_64",
install_time=None,
last_boot_time=None,
fqdn=None,
kernel="4.0.0",
memory_size=None,
os_version="buster/sid",
ping=None,
system="Linux",
labels=None):
"""Prepares a test client object."""
client_id = "C.1%015x" % client_nr
client = rdf_objects.ClientSnapshot(client_id=client_id)
client.startup_info.client_info = self._TestClientInfo()
if last_boot_time is not None:
client.startup_info.boot_time = last_boot_time
client.knowledge_base.fqdn = fqdn or "Host-%x.example.com" % client_nr
client.knowledge_base.os = system
client.knowledge_base.users = [
rdf_client.User(username="******"),
rdf_client.User(username="******"),
]
client.os_version = os_version
client.arch = arch
client.kernel = kernel
client.interfaces = self._TestInterfaces(client_nr)
client.install_time = install_time
client.hardware_info = rdf_client.HardwareInfo(
system_manufacturer="System-Manufacturer-%x" % client_nr,
bios_version="Bios-Version-%x" % client_nr)
if memory_size is not None:
client.memory_size = memory_size
ping = ping or rdfvalue.RDFDatetime.Now()
if add_cert:
cert = self.ClientCertFromPrivateKey(config.CONFIG["Client.private_key"])
else:
cert = None
data_store.REL_DB.WriteClientMetadata(
client_id, last_ping=ping, certificate=cert, fleetspeak_enabled=False)
data_store.REL_DB.WriteClientSnapshot(client)
client_index.ClientIndex().AddClient(client)
if labels:
data_store.REL_DB.AddClientLabels(client_id, "GRR", labels)
client_index.ClientIndex().AddClientLabels(
client_id, data_store.REL_DB.ReadClientLabels(client_id))
return client
def MakeClient():
client = rdf_objects.ClientSnapshot(client_id="C.0000000000000000")
base_pb = objects_pb2.ClientSnapshot()
# pylint: disable=line-too-long
text_format.Merge(
"""
os_release: "Ubuntu"
os_version: "14.4"
interfaces: {
addresses: {
address_type: INET
packed_bytes: "\177\000\000\001"
}
addresses: {
address_type: INET6
packed_bytes: "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\001"
}
}
interfaces: {
mac_address: "\001\002\003\004\001\002\003\004\001\002\003\004"
addresses: {
address_type: INET
packed_bytes: "\010\010\010\010"
}
addresses: {
address_type: INET6
packed_bytes: "\376\200\001\002\003\000\000\000\000\000\000\000\000\000\000\000"
}
}
knowledge_base: {
users: {
username: "******"
full_name: "Good Guy Joe"
}
users: {
username: "******"
full_name: "Ok Guy Fred"
}
fqdn: "test123.examples.com"
os: "Linux"
}
cloud_instance: {
cloud_type: GOOGLE
google: {
unique_id: "us-central1-a/myproject/1771384456894610289"
}
}
""", base_pb)
# pylint: enable=line-too-long
client.ParseFromString(base_pb.SerializeToString())
return client
def testAnalyzeClient(self):
index = client_index.ClientIndex()
client = rdf_objects.ClientSnapshot(client_id="C.0000000000000000")
client.knowledge_base.os = "Windows"
client.startup_info.client_info.client_name = "grr monitor"
client.startup_info.client_info.labels = ["client-label-23"]
kb = client.knowledge_base
kb.users = [
rdf_client.User(
username="******",
full_name="Eric (Bertrand ) 'Russell' \"Logician\" Jacobson"),
rdf_client.User(username="******", full_name="Steve O'Bryan")
]
keywords = index.AnalyzeClient(client)
# Should not contain an empty string.
self.assertNotIn("", keywords)
# OS of the client
self.assertIn("windows", keywords)
# Users of the client.
self.assertIn("bert", keywords)
self.assertIn("bertrand", keywords)
self.assertNotIn(")", keywords)
self.assertIn("russell", keywords)
self.assertIn("logician", keywords)
self.assertIn("ernie", keywords)
self.assertIn("eric", keywords)
self.assertIn("jacobson", keywords)
self.assertIn("steve o'bryan", keywords)
self.assertIn("o'bryan", keywords)
# Client information.
self.assertIn("grr monitor", keywords)
self.assertIn("client-label-23", keywords)
def _SetupClients(self, n):
res = {}
for i in range(1, n + 1):
client_id = "C.100000000000000%d" % i
client = rdf_objects.ClientSnapshot(client_id=client_id)
client.knowledge_base.os = "Windows"
client.knowledge_base.fqdn = "host-%d.example.com" % i
client.interfaces = [
rdf_client.Interface(addresses=[
rdf_client.NetworkAddress(
address_type=rdf_client.NetworkAddress.Family.INET,
packed_bytes=ipv6_utils.InetPtoN(
socket.AF_INET, "192.168.0.%d" % i)),
rdf_client.NetworkAddress(
address_type=rdf_client.NetworkAddress.Family.INET6,
packed_bytes=ipv6_utils.InetPtoN(
socket.AF_INET6, "2001:abcd::%d" % i))
],
mac_address=("aabbccddee0%d" %
i).decode("hex"))
]
res[client_id] = client
return res