예제 #1
0
파일: user_test.py 프로젝트: ehossam/grr
  def testRaisesIfUsernameSetInRequest(self):
    user = user_plugin.ApiGrrUser(username=u"foo")
    with self.assertRaises(ValueError):
      self.handler.Handle(user, token=access_control.ACLToken(username=u"foo"))

    user = user_plugin.ApiGrrUser(username=u"bar")
    with self.assertRaises(ValueError):
      self.handler.Handle(user, token=access_control.ACLToken(username=u"foo"))
예제 #2
0
  def testRaisesIfUsernameSetInRequest(self):
    user = user_plugin.ApiGrrUser(username=u"foo")
    with self.assertRaises(ValueError):
      self.handler.Handle(
          user, context=api_call_context.ApiCallContext(username="******"))

    user = user_plugin.ApiGrrUser(username=u"bar")
    with self.assertRaises(ValueError):
      self.handler.Handle(
          user, context=api_call_context.ApiCallContext(username=u"foo"))
예제 #3
0
  def Handle(self, args, token=None):
    if not args.username:
      raise ValueError("username can't be empty.")

    if args.HasField(
        "user_type") and args.user_type != args.UserType.USER_TYPE_ADMIN:
      args.user_type = args.UserType.USER_TYPE_STANDARD

    # query user, to throw if a nonexistent user should be modified
    data_store.REL_DB.ReadGRRUser(args.username)

    if args.HasField("password"):
      password = args.password
    else:
      password = None

    if args.HasField("user_type"):
      user_type = args.user_type
    else:
      user_type = None

    data_store.REL_DB.WriteGRRUser(
        username=args.username, password=password, user_type=user_type)

    user = data_store.REL_DB.ReadGRRUser(args.username)
    return api_user.ApiGrrUser().InitFromDatabaseObject(user)
예제 #4
0
    def Handle(self, args, token=None):
        if not args.username:
            raise ValueError("username can't be empty.")

        if args.user_type != args.UserType.USER_TYPE_ADMIN:
            args.user_type = args.UserType.USER_TYPE_STANDARD

        if args.email:
            if config.CONFIG["Email.enable_custom_email_address"]:
                email = args.email
            else:
                raise ValueError(
                    "email can't be set if the config option "
                    "Email.enable_custom_email_address is not enabled.")
        else:
            email = None

        data_store.REL_DB.WriteGRRUser(
            username=args.username,
            password=args.password if args.HasField("password") else None,
            user_type=args.user_type,
            email=email,
        )
        user = data_store.REL_DB.ReadGRRUser(args.username)
        return api_user.ApiGrrUser().InitFromDatabaseObject(user)
예제 #5
0
    def Handle(self, args, token=None):
        if not args.username:
            raise ValueError("username can't be empty.")

        user_urn = aff4.ROOT_URN.Add("users").Add(args.username)

        events.Events.PublishEvent("Audit",
                                   rdf_events.AuditEvent(user=token.username,
                                                         action="USER_ADD",
                                                         urn=user_urn),
                                   token=token)

        if aff4.FACTORY.ExistsWithType(user_urn,
                                       aff4_type=users.GRRUser,
                                       token=token):
            raise access_control.UnauthorizedAccess(
                "Cannot add user %s: User already exists." % args.username)

        with aff4.FACTORY.Create(user_urn,
                                 aff4_type=users.GRRUser,
                                 mode="rw",
                                 token=token) as fd:

            if args.HasField("password"):
                fd.SetPassword(args.password)

            if args.user_type == args.UserType.USER_TYPE_ADMIN:
                fd.AddLabels(["admin"], owner="GRR")

            return api_user.ApiGrrUser().InitFromAff4Object(fd)
예제 #6
0
    def Handle(self, args, token=None):
        if not args.username:
            raise ValueError("username can't be empty.")

        user_urn = aff4.ROOT_URN.Add("users").Add(args.username)

        events.Events.PublishEvent("Audit",
                                   rdf_events.AuditEvent(user=token.username,
                                                         action="USER_UPDATE",
                                                         urn=user_urn),
                                   token=token)

        with aff4.FACTORY.Open(user_urn,
                               aff4_type=users.GRRUser,
                               mode="rw",
                               token=token) as fd:

            if args.HasField("password"):
                fd.SetPassword(args.password)

            if args.user_type == args.UserType.USER_TYPE_ADMIN:
                fd.AddLabels(["admin"], owner="GRR")
            elif args.user_type == args.UserType.USER_TYPE_STANDARD:
                fd.RemoveLabels(["admin"], owner="GRR")

            return api_user.ApiGrrUser().InitFromAff4Object(fd)
예제 #7
0
 def Handle(self, args, token=None):
     total_count = data_store.REL_DB.CountGRRUsers()
     db_users = data_store.REL_DB.ReadGRRUsers(offset=args.offset,
                                               count=args.count)
     items = [
         api_user.ApiGrrUser().InitFromDatabaseObject(u) for u in db_users
     ]
     return ApiListGrrUsersResult(total_count=total_count, items=items)
예제 #8
0
 def _HandleRelational(self, args):
     data_store.REL_DB.WriteGRRUser(
         username=args.username,
         password=args.password if args.HasField("password") else None,
         user_type=args.user_type,
     )
     user = data_store.REL_DB.ReadGRRUser(args.username)
     return api_user.ApiGrrUser().InitFromDatabaseObject(user)
예제 #9
0
파일: user_test.py 프로젝트: rahmiy/grr
  def testSetsSettingsForUserCorrespondingToToken(self):
    settings = user_plugin.GUISettings(mode="ADVANCED", canary_mode=True)
    user = user_plugin.ApiGrrUser(settings=settings)

    self.handler.Handle(user, token=access_control.ACLToken(username=u"foo"))

    u = data_store.REL_DB.ReadGRRUser(u"foo")
    self.assertEqual(settings.mode, u.ui_mode)
    self.assertEqual(settings.canary_mode, u.canary_mode)
예제 #10
0
    def Handle(self, args, token=None):
        if not args.username:
            raise ValueError("username can't be empty.")

        try:
            user = data_store.REL_DB.ReadGRRUser(args.username)
            return api_user.ApiGrrUser().InitFromDatabaseObject(user)
        except db.UnknownGRRUserError as e:
            raise api_call_handler_base.ResourceNotFoundError(e)
예제 #11
0
파일: user_test.py 프로젝트: avmi/grr
    def testSetsSettingsForUserCorrespondingToToken(self):
        settings = user_plugin.GUISettings(mode="ADVANCED", canary_mode=True)
        user = user_plugin.ApiGrrUser(settings=settings)

        self.handler.Handle(
            user, context=api_call_context.ApiCallContext(username="******"))

        u = data_store.REL_DB.ReadGRRUser("foo")
        self.assertEqual(settings.mode, u.ui_mode)
        self.assertEqual(settings.canary_mode, u.canary_mode)
예제 #12
0
 def _HandleAff4(self, args, token=None):
     user_urn = aff4.ROOT_URN.Add("users").Add(args.username)
     try:
         fd = aff4.FACTORY.Open(user_urn,
                                aff4_type=users.GRRUser,
                                mode="r",
                                token=token)
         return api_user.ApiGrrUser().InitFromAff4Object(fd)
     except aff4.InstantiationError:
         raise api_call_handler_base.ResourceNotFoundError(
             "GRR user with username '%s' could not be found." %
             args.username)
예제 #13
0
  def Handle(self, args, token=None):
    if not args.username:
      raise ValueError("username can't be empty.")

    if args.user_type != args.UserType.USER_TYPE_ADMIN:
      args.user_type = args.UserType.USER_TYPE_STANDARD

    data_store.REL_DB.WriteGRRUser(
        username=args.username,
        password=args.password if args.HasField("password") else None,
        user_type=args.user_type,
    )
    user = data_store.REL_DB.ReadGRRUser(args.username)
    return api_user.ApiGrrUser().InitFromDatabaseObject(user)
예제 #14
0
파일: user_test.py 프로젝트: ehossam/grr
  def testSetsSettingsForUserCorrespondingToToken(self):
    settings = aff4_users.GUISettings(mode="ADVANCED", canary_mode=True)
    user = user_plugin.ApiGrrUser(settings=settings)

    self.handler.Handle(user, token=access_control.ACLToken(username=u"foo"))

    # Check that settings for user "foo" were applied.
    fd = aff4.FACTORY.Open("aff4:/users/foo", token=self.token)
    self.assertEqual(fd.Get(fd.Schema.GUI_SETTINGS), settings)

    # Check that settings were applied in relational db.
    u = data_store.REL_DB.ReadGRRUser(u"foo")
    self.assertEqual(settings.mode, u.ui_mode)
    self.assertEqual(settings.canary_mode, u.canary_mode)
예제 #15
0
    def Handle(self, args, token=None):
        users_root = aff4.FACTORY.Open(aff4.ROOT_URN.Add("users"), token=token)
        usernames = sorted(users_root.ListChildren())

        total_count = len(usernames)
        if args.count:
            usernames = usernames[args.offset:args.offset + args.count]
        else:
            usernames = usernames[args.offset:]

        items = []
        for aff4_obj in aff4.FACTORY.MultiOpen(usernames,
                                               aff4_type=users.GRRUser,
                                               token=token):
            items.append(api_user.ApiGrrUser().InitFromAff4Object(aff4_obj))

        return ApiListGrrUsersResult(total_count=total_count, items=items)
예제 #16
0
    def _HandleRelational(self, args):
        # query user, to throw if a nonexistent user should be modified
        data_store.REL_DB.ReadGRRUser(args.username)

        if args.HasField("password"):
            password = args.password
        else:
            password = None

        if args.HasField("user_type"):
            user_type = args.user_type
        else:
            user_type = None

        data_store.REL_DB.WriteGRRUser(username=args.username,
                                       password=password,
                                       user_type=user_type)

        user = data_store.REL_DB.ReadGRRUser(args.username)
        return api_user.ApiGrrUser().InitFromDatabaseObject(user)
예제 #17
0
    def Handle(self, args, token=None):
        if not args.username:
            raise ValueError("username can't be empty.")

        if args.HasField("user_type"
                         ) and args.user_type != args.UserType.USER_TYPE_ADMIN:
            args.user_type = args.UserType.USER_TYPE_STANDARD

        # query user, to throw if a nonexistent user should be modified
        data_store.REL_DB.ReadGRRUser(args.username)

        if args.HasField("password"):
            password = args.password
        else:
            password = None

        if args.HasField("user_type"):
            user_type = args.user_type
        else:
            user_type = None

        if args.HasField("email"):
            if config.CONFIG["Email.enable_custom_email_address"]:
                email = args.email
            else:
                raise ValueError(
                    "email can't be set if the config option "
                    "Email.enable_custom_email_address is not enabled.")
        else:
            email = None

        data_store.REL_DB.WriteGRRUser(username=args.username,
                                       password=password,
                                       user_type=user_type,
                                       email=email)

        user = data_store.REL_DB.ReadGRRUser(args.username)
        return api_user.ApiGrrUser().InitFromDatabaseObject(user)
예제 #18
0
파일: user_test.py 프로젝트: cdstelly/grr
 def testRaisesIfTraitsSetInRequest(self):
     user = user_plugin.ApiGrrUser(
         interface_traits=user_plugin.ApiGrrUserInterfaceTraits())
     with self.assertRaises(ValueError):
         self.handler.Handle(user,
                             token=access_control.ACLToken(username=u"foo"))
예제 #19
0
 def testRaisesIfTraitsSetInRequest(self):
   user = user_plugin.ApiGrrUser(
       interface_traits=user_plugin.ApiGrrUserInterfaceTraits())
   with self.assertRaises(ValueError):
     self.handler.Handle(
         user, context=api_call_context.ApiCallContext(username=u"foo"))
예제 #20
0
 def _HandleRelational(self, args):
     try:
         user = data_store.REL_DB.ReadGRRUser(args.username)
         return api_user.ApiGrrUser().InitFromDatabaseObject(user)
     except db.UnknownGRRUserError as e:
         raise api_call_handler_base.ResourceNotFoundError(e)