def decryptpath(encryptedpath, keyfile): servicename = 'decrypt' fh = open(encryptedpath, 'rb+') encrypteddata = fh.read()[:-32] fh.seek(-32, 2) iv = fh.read(32) fh.close() mypath = "/bin:/usr/bin:/usr/local/bin:" myldlibrarypath = "/lib" myenv = {"PATH": mypath, "LD_LIBRARY_PATH": myldlibrarypath} procargs = [ 'openssl', 'enc', '-d', '-aes-256-cbc', '-z', '-kfile', keyfile, '-iv', iv ] sslprocess = subprocess.Popen(procargs, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE, shell=False, env=myenv) out, err = sslprocess.communicate(input=encrypteddata) if len(err) > 0: for line in out.split("\n"): userio.message(servicename, " stdout: " + line) for line in err.split("\n"): userio.message(servicename, " stderr: " + line) userio.messageanddie("Fatal openssl decryption error") return (out)
def set_ids(): if showchange: userio.message("Changing GID to " + str(newgid)) os.setgid(newgid) if showchange: userio.message("Changing group memberships to " + str(grouplist)) os.setgroups(grouplist) if showchange: userio.message("Changing user to " + user) os.setuid(newuid)
def dosqlplus(sid, sqlcommands, **kwargs): import orautils passkwargs = { 'bufsize': 1, 'stdin': subprocess.PIPE, 'stdout': subprocess.PIPE, 'stderr': subprocess.PIPE, 'shell': False } commandblock = 'set echo off;\nset feedback off;\nset heading off;\nset pagesize 0;\nset linesize 500;\n' if 'quiet' in kwargs.keys() and kwargs['quiet'] is False: commandblock = '' if 'home' in kwargs.keys(): oraclehome = kwargs['home'] else: oraclehome = orautils.getoraclehome(sid) if oraclehome is None: return ({ 'RESULT': 1, 'STDOUT': [], 'STDERR': ['Unable to get ORACLE_HOME for ' + sid] }) if 'base' in kwargs.keys(): oraclebase = kwargs['base'] else: oraclebase = orautils.getoraclebase(oraclehome) if oraclebase is None: return ({ 'RESULT': 1, 'STDOUT': [], 'STDERR': ['Unable to get ORACLE_HOME for ' + sid] }) if 'user' in kwargs.keys(): useraccount = kwargs['user'] try: checkuid = pwd.getpwnam(kwargs['user']).pw_uid except: return ({ 'RESULT': 1, 'STDOUT': [], 'STDERR': ['Unknown user: '******'user']] }) else: useraccount = orautils.getoracleuser(oraclehome) if useraccount is None: return ({ 'RESULT': 1, 'STDOUT': [], 'STDERR': ['Unable to get Oracle user for ' + oraclehome] }) else: checkuid = pwd.getpwnam(useraccount).pw_uid if not checkuid == os.geteuid(): if os.geteuid() == 0: passkwargs['preexec_fn'] = changeuser(useraccount, showchange=False) else: return ({ 'RESULT': 1, 'STDOUT': [], 'STDERR': ['Only root can run sqlplus as alternate user'] }) if 'printstdout' in kwargs.keys(): printstdout = kwargs['printstdout'] else: printstdout = False if type(sqlcommands) is list: for line in sqlcommands: commandblock = commandblock + line + "\n" else: commandblock = commandblock + sqlcommands + "\n" if not (commandblock[-5:-1]).lower() == 'exit;': commandblock = commandblock + "exit;\n" stdout = [] stderr = [] returnhash = {} returnhash['ERRORFLAG'] = 0 mypath = "/bin:/usr/bin:/usr/local/bin:" + oraclehome + "/bin" myldlibrarypath = oraclehome + "/lib" myenv = { "PATH": mypath, "LD_LIBRARY_PATH": myldlibrarypath, "ORACLE_HOME": oraclehome, "ORACLE_SID": sid, "ORACLE_BASE": oraclebase } passkwargs['env'] = myenv sqlpluscmd = subprocess.Popen(['sqlplus', '-S', '/', 'as', 'sysdba'], **passkwargs) if printstdout: sqlpluscmd.stdin.write(commandblock) while sqlpluscmd.poll() is None: nextline = sqlpluscmd.stdout.readline() nextline = nextline.rstrip() if len(nextline) > 0: userio.message(nextline) stdout.append(nextline) remainder = sqlpluscmd.stdout.readlines() for nextline in remainder: if len(nextline) > 0: userio.message(nextline) stdout.append(nextline) stderr = sqlpluscmd.stderr.readlines() else: #Conversion of string to memoryblock added as part of upgrade #from python 2 to 3, chad m commandblock = commandblock.encode('utf-8') cmdout, cmderr = sqlpluscmd.communicate(commandblock) #Conversion of memoryblock to string added as part of upgrade #from python 2 to 3, chad m cmdout = cmdout.decode() cmderr = cmderr.decode() lines = cmdout.splitlines() for line in lines: if len(line) > 0: stdout.append(line) lines = cmderr.splitlines() for line in lines: if line(line) > 0: stderr.append(line) for line in stdout: if line[:5] == 'ERROR': returnhash['ERRORFLAG'] = 1 returnhash['STDOUT'] = stdout returnhash['STDERR'] = stderr returnhash['RESULT'] = sqlpluscmd.returncode return (returnhash)
def forcemkdir(path, **kwargs): quiet = True if 'quiet' in kwargs.keys(): quiet = kwargs['quiet'] if not os.path.exists(path): if not quiet: userio.message("Creating directory: " + path) try: os.makedirs(path) except Exception as e: if not quiet: userio.message("Unable to create directory: ") userio.message(str(e)) return (False) else: if not quiet: userio.message("Directory already exists: " + path) if 'user' in kwargs.keys(): if kwargs['user'] is None: if not quiet: userio.message("User passed was 'None'") return (False) if not quiet: userio.message("Setting user ownership of " + path + " to " + kwargs['user']) try: newuid = pwd.getpwnam(kwargs['user']).pw_uid except Exception as e: if not quiet: userio.message("Unknown user: "******"Unable to set user of " + path + " to " + kwargs['user']) userio.message(str(e)) return (False) if 'group' in kwargs.keys(): if kwargs['group'] is None: if not quiet: userio.message("Group passed was 'None'") return (False) if not quiet: userio.message("Setting group ownership of " + path + " to " + kwargs['group']) try: newgid = grp.getgrnam(kwargs['group']).gr_gid except Exception as e: if not quiet: userio.message("Unknown group: " + kwargs['group']) userio.message(str(e)) return (False) try: os.chown(path, -1, newgid) except Exception as e: if not quiet: userio.message("Unable to set group of " + path + " to " + kwargs['group']) userio.message(str(e)) return (False) if 'mode' in kwargs.keys(): try: octalmode = int(str(kwargs['mode']), 8) except Exception as e: if not quiet: userio.message("Invalid mode: " + str(kwargs['mode'])) userio.message(str(e)) return (False) return (False) if not quiet: userio.message("Setting mode of " + path + " to " + str(kwargs['mode'])) try: os.chmod(path, octalmode) except Exception as e: if not quiet: userio.message("Unable to set mode of " + path + " to " + str(kwargs['mode'])) userio.message(str(e)) return (False) return (True)
def checkfileprotection(filepath): servicename = 'checkfileprotection' returncode = 1 try: tempfilehandle = open(filepath, 'r') userio.message(servicename, "Found file at " + filepath) except Exception as e: userio.message(servicename, "Failed to open " + filepath + " for reading") userio.message(str(e)) return (0) if os.stat(filepath).st_uid == 0: userio.message(servicename, "File " + filepath + " is owned by root") else: userio.message(servicename, "File " + filepath + " not owned by root") return (0) mask = oct(os.stat(filepath).st_mode & 0777) if mask == '0600': userio.message(servicename, "File " + filepath + " has permissions 0600") else: userio.message(servicename, "File " + filepath + " is not secure") return (0) return (returncode)
def doprocess(command, **kwargs): passkwargs = {'bufsize': 1, 'stdin': subprocess.PIPE, 'stdout': subprocess.PIPE, 'stderr': subprocess.PIPE, 'shell': False} OAmmandblock = '' cmdargs = [] printstdout = False retryable = False showchange = False tryagain = True stdin = None trapsignals = False noparse = False returndict = {} mypath = "/bin:/usr/bin:/usr/local/bin" myldlibrarypath = "/lib" myenv = {"PATH": mypath, "LD_LIBRARY_PATH": myldlibrarypath} mylist = command.split(' ') debug = False for item in mylist: cmdargs.append(item) if 'debug' in kwargs.keys(): debug = kwargs['debug'] if 'noparse' in kwargs.keys(): noparse = kwargs['noparse'] if 'env' in kwargs.keys(): for key in kwargs['env'].keys(): if key in myenv.keys(): myenv[key] = myenv[key]+":"+kwargs['env'][key] else: myenv[key] = kwargs['env'][key] passkwargs['env'] = myenv if 'user' in kwargs.keys(): useraccount = kwargs['user'] if 'showchange' in kwargs.keys(): passkwargs['preexec_fn'] = changeuser(useraccount, showchange=kwargs['showchange']) else: passkwargs['preexec_fn'] = changeuser(useraccount, showchange=False) if 'printstdout' in kwargs.keys(): printstdout = kwargs['printstdout'] if 'retry' in kwargs.keys(): retryable = kwargs['retry'] if 'input' in kwargs.keys(): if type(kwargs['input']) is str: stdin = kwargs['input'] stdin = stdin + "\n" elif type(kwargs['input']) is list: stdin = '' for line in kwargs['input']: stdin = stdin + line if not stdin[-1] == "\n": stdin = stdin + "\n" if 'cwd' in kwargs.keys(): passkwargs['cwd'] = kwargs['cwd'] if 'trapsignals' in kwargs.keys(): signal.signal(signal.SIGINT, signal2exit) while tryagain: tryagain = False stdout = [] stderr = [] resultcode = None try: cmd = subprocess.Popen(cmdargs, **passkwargs) except Exception: resultcode = 1 if resultcode is None: if printstdout: if stdin is not None: cmd.stdin.write(stdin) while cmd.poll() is None: nextline = cmd.stdout.readline().rstrip() if len(nextline) > 0: userio.message(nextline) stdout.append(nextline) remainder = cmd.stdout.readlines() for nextline in remainder: if len(nextline) > 0: userio.message(nextline) stdout.append(nextline) stderr = cmd.stderr.readlines() else: if stdin is not None: cmdout, cmderr = cmd.communicate(stdin) else: cmdout, cmderr = cmd.communicate() if noparse: stdout = cmdout stderr = cmderr else: lines = cmdout.splitlines() for line in lines: if len(line) > 0: stdout.append(line) lines = cmderr.splitlines() for line in lines: if len(line) > 0: stderr.append(line) resultcode = cmd.returncode if retryable and resultcode > 0: userio.warn("Errors encountered during '" + command + "'") for line in stdout: userio.message("STDOUT: " + line) for line in stderr: userio.message("STDERR: " + line) tryagain = userio.yesno("Retry?") if debug: for line in stdout: userio.message("STDOUT-->" + line) for line in stderr: userio.message("STDERR-->" + line) returndict['STDOUT'] = stdout returndict['STDERR'] = stderr returndict['RESULT'] = resultcode return(returndict)