Exemplo n.º 1
0
def get_config():
    """
    Get the CRITs configuration.

    :returns: :class:`crits.config.config.CRITsConfig`
    """

    crits_config = CRITsConfig.objects().first()
    if not crits_config:
        crits_config = CRITsConfig()
        crits_config.save()
    return crits_config
Exemplo n.º 2
0
def get_config():
    """
    Get the CRITs configuration.

    :returns: :class:`crits.config.config.CRITsConfig`
    """

    crits_config = CRITsConfig.objects().first()
    if not crits_config:
        crits_config = CRITsConfig()
        crits_config.save()
    return crits_config
Exemplo n.º 3
0
def clean_db():
    """
    Clean up the DB after testing.
    """

    src = SourceAccess.objects(name=TSRC).first()
    if src:
        src.delete()
    user = CRITsUser.objects(username=TUSER_NAME).first()
    if user:
        user.delete()
    TestObject.drop_collection()
    TestSourceObject.drop_collection()
    CRITsConfig.drop_collection()
Exemplo n.º 4
0
def clean_db():
    """
    Clean up the DB after testing.
    """

    src = SourceAccess.objects(name=TSRC).first()
    if src:
        src.delete()
    user = CRITsUser.objects(username=TUSER_NAME).first()
    if user:
        user.delete()
    TestObject.drop_collection()
    TestSourceObject.drop_collection()
    CRITsConfig.drop_collection()
Exemplo n.º 5
0
    def _generate_request_instance(self, request_type):
        """Automatically generate a request instance to use.

        In the end, this saves us from having to load each request class in a
        explicit way. Loading via a string is helpful to reduce the code per
        call.
        """
        crits_config = CRITsConfig.objects().first()

        http_proxy_value = None

        if crits_config.http_proxy:
            http_proxy_value = crits_config.http_proxy

        class_lookup = {'dns': 'DnsRequest', 'whois': 'WhoisRequest',
                        'ssl': 'SslRequest', 'enrichment': 'EnrichmentRequest',
                        'attributes': 'AttributeRequest'}
        class_name = class_lookup[request_type]
        mod = __import__('passivetotal.libs.%s' % request_type,
                         fromlist=[class_name])
        loaded = getattr(mod, class_name)
        headers = {'PT-INTEGRATION': 'CRITs'}
        authenticated = loaded(self.username, self.api_key, headers=headers,
            http_proxy=http_proxy_value, https_proxy=http_proxy_value)

        return authenticated
Exemplo n.º 6
0
def change_user_password(username, current_p, new_p, new_p_c):
    """
    Change the password for a user.

    :param username: The user to query for.
    :type username: str
    :param current_p: The user's current password.
    :type current_p: str
    :param new_p: The new password.
    :type new_p: str
    :param new_p_c: New password confirmation.
    :type new_p_c: str
    :returns: dict with keys "success" (boolean) and "message" (str) if failed.
    """

    if new_p != new_p_c:
        return {'success': False, 'message': 'New password confirmation does not match.'}
    from crits.core.user import CRITsUser
    username = str(username)
    user = CRITsUser.objects(username=username).first()
    if not user:
        return {'success': False, 'message': 'Unknown user.'}
    if not user.check_password(current_p):
        return {'success': False, 'message': 'Current password invalid.'}
    if user.set_password(new_p, username):
        return {'success': True, 'message': 'Password Change Successful.'}
    else:
        from crits.config.config import CRITsConfig
        crits_config = CRITsConfig.objects().first()
        if crits_config:
            regex_desc = crits_config.password_complexity_desc
        else:
            regex_desc = settings.PASSWORD_COMPLEXITY_DESC
        return {'success': False,
                'message': 'Password not complex enough: %s' % regex_desc}
Exemplo n.º 7
0
    def _generate_request_instance(self, request_type):
        """Automatically generate a request instance to use.

        In the end, this saves us from having to load each request class in a
        explicit way. Loading via a string is helpful to reduce the code per
        call.
        """
        crits_config = CRITsConfig.objects().first()

        http_proxy_value = None

        if crits_config.http_proxy:
            http_proxy_value = crits_config.http_proxy

        class_lookup = {
            'dns': 'DnsRequest',
            'whois': 'WhoisRequest',
            'ssl': 'SslRequest',
            'enrichment': 'EnrichmentRequest',
            'attributes': 'AttributeRequest'
        }
        class_name = class_lookup[request_type]
        mod = __import__('passivetotal.libs.%s' % request_type,
                         fromlist=[class_name])
        loaded = getattr(mod, class_name)
        headers = {'PT-INTEGRATION': 'CRITs'}
        authenticated = loaded(self.username,
                               self.api_key,
                               headers=headers,
                               http_proxy=http_proxy_value,
                               https_proxy=http_proxy_value)

        return authenticated
Exemplo n.º 8
0
    def __init__(self, username=None, email=None):
        """
        Set the default subject, body, from address, and other bits.
        """

        # set the user and email address to send to
        self.username = username
        self.email = email

        # grab the CRITs url to use for links
        crits_config = CRITsConfig.objects().first()
        self.instance_url = crits_config.instance_url
        if self.instance_url.endswith("/"):
            self.instance_url = self.instance_url[:-1]

        # set the email address to send this email from
        self.from_address = crits_config.crits_email

        # setup the email subject
        if crits_config.crits_email_end_tag:
            self.subject = "CRITs: Subscriptions and Notifications" + crits_config.crits_email_subject_tag
        else:
            self.subject = crits_config.crits_email_subject_tag + "CRITs: Subscriptions and Notifications"

        # start the body of the email
        comments_url = self.instance_url + reverse('crits-comments-views-activity')
        self.body = "Here's info on the latest comments and updates to CRITs that you are subscribed to!\n\n"
        self.body += "For more info, check out the Activity page: %s\n\n" % comments_url
Exemplo n.º 9
0
    def __init__(self, username=None, email=None):
        """
        Set the default subject, body, from address, and other bits.
        """

        # set the user and email address to send to
        self.username = username
        self.email = email

        # grab the CRITs url to use for links
        crits_config = CRITsConfig.objects().first()
        self.instance_url = crits_config.instance_url
        if self.instance_url.endswith("/"):
            self.instance_url = self.instance_url[:-1]

        # set the email address to send this email from
        self.from_address = crits_config.crits_email

        # setup the email subject
        if crits_config.crits_email_end_tag:
            self.subject = "CRITs: Subscriptions and Notifications" + crits_config.crits_email_subject_tag
        else:
            self.subject = crits_config.crits_email_subject_tag + "CRITs: Subscriptions and Notifications"

        # start the body of the email
        comments_url = self.instance_url + reverse(
            'crits-comments-views-activity')
        self.body = "Here's info on the latest comments and updates to CRITs that you are subscribed to!\n\n"
        self.body += "For more info, check out the Activity page: %s\n\n" % comments_url
Exemplo n.º 10
0
    def reset_password(self, rcode, new_p, new_p_c, analyst):
        """
        Reset the user's password. Validate the reset code, ensure the two
        passwords are identical, and then set.

        :param rcode: Reset Code to validate.
        :type rcode: str
        :param new_p: New password.
        :type new_p: str
        :param new_p_c: New password confirmation.
        :type new_p_c: str
        :param analyst: The user.
        :type analyst: str
        :returns: dict with keys "success" (boolean) and "message" (str).
        """

        if self.validate_reset_code(rcode, analyst)['success']:
            if new_p == new_p_c:
                self.password_reset.reset_code = ""
                if self.set_password(new_p):
                    return {'success': True, 'message': 'Password reset.'}
                else:
                    crits_config = CRITsConfig.objects().first()
                    if crits_config:
                        pw_desc = crits_config.password_complexity_desc
                    else:
                        pw_desc = settings.PASSWORD_COMPLEXITY_DESC
                    message = 'Password not complex enough: %s' % pw_desc
                    return {'success': False, 'message': message}
            else:
                return {'success': False, 'message': 'Passwords do not match.'}
        else:
            self.password_reset.reset_code = ""
            self.save(username=analyst)
            return {'success': False, 'message': 'Reset Code Expired.'}
Exemplo n.º 11
0
def change_user_password(username, current_p, new_p, new_p_c):
    """
    Change the password for a user.

    :param username: The user to query for.
    :type username: str
    :param current_p: The user's current password.
    :type current_p: str
    :param new_p: The new password.
    :type new_p: str
    :param new_p_c: New password confirmation.
    :type new_p_c: str
    :returns: dict with keys "success" (boolean) and "message" (str) if failed.
    """

    if new_p != new_p_c:
        return {'success': False, 'message': 'New password confirmation does not match.'}
    from crits.core.user import CRITsUser
    username = str(username)
    user = CRITsUser.objects(username=username).first()
    if not user:
        return {'success': False, 'message': 'Unknown user.'}
    if not user.check_password(current_p):
        return {'success': False, 'message': 'Current password invalid.'}
    if user.set_password(new_p, username):
        return {'success': True, 'message': 'Password Change Successful.'}
    else:
        from crits.config.config import CRITsConfig
        crits_config = CRITsConfig.objects().first()
        if crits_config:
            regex_desc = crits_config.password_complexity_desc
        else:
            regex_desc = settings.PASSWORD_COMPLEXITY_DESC
        return {'success': False,
                'message': 'Password not complex enough: %s' % regex_desc}
Exemplo n.º 12
0
def upgrade(lv, options):
    """
    Perform the upgrade.

    :param lv: The CRITs version we are running.
    :type lv: str
    :param options: The options passed in for what to upgrade.
    :type options: dict
    """

    # eventually we will do something to check to see what the current version
    # of the CRITs DB is so we can upgrade through several versions at once.
    # this is important if prep scripts need to be run for certain upgrades
    # to work properly.
    mall = options.get('mall')
    campaigns = options.get('campaigns')
    domains = options.get('domains')
    emails = options.get('emails')
    events = options.get('events')
    indicators = options.get('indicators')
    ips = options.get('ips')
    pcaps = options.get('pcaps')
    samples = options.get('samples')
    targets = options.get('targets')
    skip = options.get('skip')
    sort_ids = options.get('sort_ids')

    # run prep migrations
    if not skip:
        prep_database()

    # run full migrations
    if mall or campaigns:
        migrate_collection(Campaign, sort_ids)
    if mall or domains:
        migrate_collection(Domain, sort_ids)
    if mall or emails:
        migrate_collection(Email, sort_ids)
    if mall or events:
        migrate_collection(Event, sort_ids)
    if mall or indicators:
        migrate_collection(Indicator, sort_ids)
    if mall or ips:
        migrate_collection(IP, sort_ids)
    if mall or pcaps:
        migrate_collection(PCAP, sort_ids)
    if mall or samples:
        migrate_collection(Sample, sort_ids)
    if mall or targets:
        migrate_collection(Target, sort_ids)

    # Always bump the version to the latest in settings.py
    config = CRITsConfig.objects()
    if len(config) > 1:
        print "You have more than one config object. This is really bad."
    else:
        config = config[0]
        config.crits_version = settings.CRITS_VERSION
        config.save()
Exemplo n.º 13
0
def upgrade(lv, options):
    """
    Perform the upgrade.

    :param lv: The CRITs version we are running.
    :type lv: str
    :param options: The options passed in for what to upgrade.
    :type options: dict
    """

    # eventually we will do something to check to see what the current version
    # of the CRITs DB is so we can upgrade through several versions at once.
    # this is important if prep scripts need to be run for certain upgrades
    # to work properly.
    mall = options.get('mall')
    campaigns = options.get('campaigns')
    domains = options.get('domains')
    emails = options.get('emails')
    events = options.get('events')
    indicators = options.get('indicators')
    ips = options.get('ips')
    pcaps = options.get('pcaps')
    samples = options.get('samples')
    targets = options.get('targets')
    skip = options.get('skip')
    sort_ids = options.get('sort_ids')

    # run prep migrations
    if not skip:
        prep_database()

    # run full migrations
    if mall or campaigns:
        migrate_collection(Campaign, sort_ids)
    if mall or domains:
        migrate_collection(Domain, sort_ids)
    if mall or emails:
        migrate_collection(Email, sort_ids)
    if mall or events:
        migrate_collection(Event, sort_ids)
    if mall or indicators:
        migrate_collection(Indicator, sort_ids)
    if mall or ips:
        migrate_collection(IP, sort_ids)
    if mall or pcaps:
        migrate_collection(PCAP, sort_ids)
    if mall or samples:
        migrate_collection(Sample, sort_ids)
    if mall or targets:
        migrate_collection(Target, sort_ids)

    # Always bump the version to the latest in settings.py
    config = CRITsConfig.objects()
    if len(config) > 1:
        print "You have more than one config object. This is really bad."
    else:
        config = config[0]
        config.crits_version = settings.CRITS_VERSION
        config.save()
Exemplo n.º 14
0
def modify_configuration(config_form, analyst):
    """
    Modify the configuration with the submitted changes.

    :param config_form: The form data.
    :type config_form: dict
    :param analyst: The user making the modifications.
    :type analyst: str
    :returns: dict with key "message"
    """

    config = CRITsConfig.objects().first()
    if not config:
        config = CRITsConfig()
    data = config_form.cleaned_data
    allowed_hosts_list = data['allowed_hosts'].split(',')
    allowed_hosts = ()
    for allowed_host in allowed_hosts_list:
        allowed_hosts = allowed_hosts + (allowed_host.strip(), )
    data['allowed_hosts'] = allowed_hosts
    service_dirs_list = data['service_dirs'].split(',')
    service_dirs = ()
    for service_dir in service_dirs_list:
        service_dirs = service_dirs + (service_dir.strip(), )
    data['service_dirs'] = service_dirs
    config.merge(data, overwrite=True)
    try:
        config.save(username=analyst)
        return {'message': "Success!"}
    except Exception, e:
        return {'message': "Failure: %s" % e}
Exemplo n.º 15
0
    def authenticate(self,
                     username,
                     password=None,
                     user_agent=None,
                     remote_addr=None,
                     accept_language=None,
                     totp_enabled='Disabled'):
        """
        Perform the authentication of the user.

        :param username: The user to authenticate.
        :type username: str
        :param password: The password provided to authenticate with.
        :type password: str
        :param user_agent: The user-agent in the request.
        :type user_agent: str
        :param remote_addr: The hostname/ip in the request.
        :type remote_addr: str
        :param accept_language: The Accept Language in the request.
        :type accept_language: str
        :param totp_enabled: If TOTP is enabled and should be checked as well.
        :type totp_enabled: str
        :returns: :class:`crits.core.user.CRITsUser`, None
        """

        e = EmbeddedLoginAttempt()
        e.user_agent = user_agent
        e.remote_addr = remote_addr
        e.accept_language = accept_language
        if not username:
            logger.warn("No username passed to CRITsRemoteUserBackend (auth)")
            return None
        config = CRITsConfig.objects().first()
        user = None
        username = self.clean_username(username)
        user = CRITsUser.objects(username=username).first()
        if user and user.is_active:
            if self._exceeded_login_threshold(user):
                return None

            # Log in user
            self._successful_settings(user, e, totp_enabled)
            if config.ldap_update_on_login:
                user.update_from_ldap("Auto LDAP update", config)
            return user
        elif not user and config.create_unknown_user:
            # Create the user
            user = CRITsUser.create_user(username=username, password=None)
            user.sources.append(config.company_name)
            # Attempt to update info from LDAP
            user.update_from_ldap("Auto LDAP update", config)
            user = self._successful_settings(user, e, totp_enabled)
            return user
        else:
            logger.warn("Unknown user and not creating accounts.")
            return None
Exemplo n.º 16
0
def create_config_if_not_exist():
    """
    If the CRITsConfig already exists then the CRITsConfig is returned,
    otherwise a new CRITsConfig will be created, saved, and returned.

    Returns:
        Returns the CRITsConfig if it already exists, otherwise a
        default CRITsConfig is returned.
    """

    crits_config = CRITsConfig.objects().first()
    if not crits_config:
        print "Creating a new CRITs configuration."
        crits_config = CRITsConfig()
        crits_config.save()
    else:
        print "A CRITs configuration already exists. Skipping default creation."

    return crits_config
Exemplo n.º 17
0
    def email_user(self, subject, message, from_email=None):
        """
        Sends an e-mail to this User.
        """

        from django.core.mail import send_mail
        if not from_email:
            crits_config = CRITsConfig.objects().first()
            if crits_config:
                from_email = crits_config.crits_email
        send_mail(subject, message, from_email, [self.email])
Exemplo n.º 18
0
def modify_configuration(config_form, analyst):
    """
    Modify the configuration with the submitted changes.

    :param config_form: The form data.
    :type config_form: dict
    :param analyst: The user making the modifications.
    :type analyst: str
    :returns: dict with key "message"
    """

    config = CRITsConfig.objects().first()
    if not config:
        config = CRITsConfig()
    data = config_form.cleaned_data
    allowed_hosts_list = data['allowed_hosts'].split(',')
    allowed_hosts = ()
    for allowed_host in allowed_hosts_list:
        allowed_hosts = allowed_hosts + (allowed_host.strip(),)
    data['allowed_hosts'] = allowed_hosts
    service_dirs_list = data['service_dirs'].split(',')
    service_dirs = ()
    for service_dir in service_dirs_list:
        service_dirs = service_dirs + (service_dir.strip(),)
    data['service_dirs'] = service_dirs
    config.merge(data, overwrite=True)
    try:
        config.save(username=analyst)
        return {'message': "Success!"}
    except Exception, e:
        return {'message': "Failure: %s" % e}
Exemplo n.º 19
0
    def handle(self, *args, **options):
        """
        Script execution.
        """

        username = options.get('username')
        firstname = options.get('firstname')
        lastname = options.get('lastname')
        email = options.get('email')
        sendemail = options.get('sendemail')
        admin = options.get('admin')
        organization = options.get('organization')
        password = self.temp_password()

        if not username:
            raise CommandError("Must provide a username.")
        if not email:
            raise CommandError("Must provide an email address.")
        user = CRITsUser.objects(username=username).first()
        if user:
            raise CommandError("User '%s' exists in CRITs!" % username)
        else:
            user = CRITsUser.create_user(username, password, email)
            user.first_name = firstname
            user.last_name = lastname
            user.is_staff = True
            user.save()
            user.organization = organization
            if admin:
                user.role = "Administrator"
            user.save()

            if sendemail:
                crits_config = CRITsConfig.objects().first()
                if crits_config.crits_email_end_tag:
                    subject = "New CRITs User Account" + crits_config.crits_email_subject_tag
                else:
                    subject = crits_config.crits_email_subject_tag + "New CRITs User Account"
                body = """You are receiving this email because someone has created a
CRITs account for you. If you feel like you have received this in
error, please ignore this email. Your account information is below:\n\n
"""
                body += "Username:\t%s\n" % username
                body += "Password:\t%s\n\n\n" % password
                body += """You should log in immediately and reset your password.\n
Thank you!
"""
                user.email_user(subject, body)

            self.stdout.write("User '%s' created successfully!" % username)
            self.stdout.write("\nTemp password: \t%s" % password)
            self.stdout.write("\n")
Exemplo n.º 20
0
    def handle(self, *args, **options):
        """
        Script execution.
        """

        username = options.get('username')
        firstname = options.get('firstname')
        lastname = options.get('lastname')
        email = options.get('email')
        sendemail = options.get('sendemail')
        admin = options.get('admin')
        organization = options.get('organization')
        password = self.temp_password()

        if not username:
            raise CommandError("Must provide a username.")
        if not email:
            raise CommandError("Must provide an email address.")
        user = CRITsUser.objects(username=username).first()
        if user:
            raise CommandError("User '%s' exists in CRITs!" % username)
        else:
            user = CRITsUser.create_user(username, password, email)
            user.first_name = firstname
            user.last_name = lastname
            user.is_staff = True
            user.save()
            user.organization = organization
            if admin:
                user.role = "Administrator"
            user.save()

            if sendemail:
                crits_config = CRITsConfig.objects().first()
                if crits_config.crits_email_end_tag:
                    subject = "New CRITs User Account" + crits_config.crits_email_subject_tag
                else:
                    subject = crits_config.crits_email_subject_tag + "New CRITs User Account"
                body = """You are receiving this email because someone has created a
CRITs account for you. If you feel like you have received this in
error, please ignore this email. Your account information is below:\n\n
"""
                body += "Username:\t%s\n" % username
                body += "Password:\t%s\n\n\n" % password
                body += """You should log in immediately and reset your password.\n
Thank you!
"""
                user.email_user(subject, body)

            self.stdout.write("User '%s' created successfully!" % username)
            self.stdout.write("\nTemp password: \t%s" % password)
            self.stdout.write("\n")
Exemplo n.º 21
0
    def authenticate(self, username, password=None, user_agent=None,
                     remote_addr=None, accept_language=None,
                     totp_enabled='Disabled'):
        """
        Perform the authentication of the user.

        :param username: The user to authenticate.
        :type username: str
        :param password: The password provided to authenticate with.
        :type password: str
        :param user_agent: The user-agent in the request.
        :type user_agent: str
        :param remote_addr: The hostname/ip in the request.
        :type remote_addr: str
        :param accept_language: The Accept Language in the request.
        :type accept_language: str
        :param totp_enabled: If TOTP is enabled and should be checked as well.
        :type totp_enabled: str
        :returns: :class:`crits.core.user.CRITsUser`, None
        """

        e = EmbeddedLoginAttempt()
        e.user_agent = user_agent
        e.remote_addr = remote_addr
        e.accept_language = accept_language
        if not username:
            logger.warn("No username passed to CRITsRemoteUserBackend (auth)")
            return None
        config = CRITsConfig.objects().first()
        user = None
        username = self.clean_username(username)
        user = CRITsUser.objects(username=username).first()
        if user and user.is_active:
            if self._exceeded_login_threshold(user):
                return None

            # Log in user
            self._successful_settings(user, e, totp_enabled)
            if config.ldap_update_on_login:
                user.update_from_ldap("Auto LDAP update", config)
            return user
        elif not user and config.create_unknown_user:
            # Create the user
            user = CRITsUser.create_user(username=username, password=None)
            user.sources.append(config.company_name)
            # Attempt to update info from LDAP
            user.update_from_ldap("Auto LDAP update", config)
            user = self._successful_settings(user, e, totp_enabled)
            return user
        else:
            logger.warn("Unknown user and not creating accounts.")
            return None
Exemplo n.º 22
0
def prep_db():
    """
    Prep the DB for testing.
    """

    clean_db()
    # Create a new default config
    crits_config = CRITsConfig()
    crits_config.save()
    # Add Source
    handlers.add_new_source(TSRC, TRANDUSER)

    # Add User
    user = CRITsUser.create_user(username=TUSER_NAME,
                                 password=TUSER_PASS,
                                 email=TUSER_EMAIL)
    user.first_name = TUSER_FNAME
    user.last_name = TUSER_LNAME
    user.save()

    # Add test source object
    '''
Exemplo n.º 23
0
def prep_db():
    """
    Prep the DB for testing.
    """

    clean_db()
    # Create a new default config
    crits_config = CRITsConfig()
    crits_config.save()
    # Add Source
    handlers.add_new_source(TSRC, TRANDUSER)

    # Add User
    user = CRITsUser.create_user(username=TUSER_NAME,
                                 password=TUSER_PASS,
                                 email=TUSER_EMAIL
                                 )
    user.first_name = TUSER_FNAME
    user.last_name = TUSER_LNAME
    user.save()

    # Add test source object
    '''
Exemplo n.º 24
0
def prep_db():
    """
    Prep the DB for testing.
    """

    clean_db()
    # Create a new default config
    crits_config = CRITsConfig()
    crits_config.save()
    # Add Source
    handlers.add_new_source(TSRC, TRANDUSER)
    # Add User
    user = CRITsUser.create_user(
        username=TUSER_NAME,
        password=TUSER_PASS,
        email=TUSER_EMAIL,
    )
    user.first_name = TUSER_FNAME
    user.last_name = TUSER_LNAME
    user.save()
    # Add test source object
    obj = TestSourceObject()
    obj.name = TOBJS_NAME
    obj.value = TOBJS_VALUE
    obj.add_source(source=TSRC, analyst=TUSER_NAME)
    obj.save()
    # Add another with Different source
    obj = TestSourceObject()
    obj.name = TOBJS_NAME
    obj.value = TOBJS_VALUE
    obj.add_source(source=TUNKSRC, analyst=TRANDUSER)
    obj.save()
    # Add test non-source object
    obj = TestObject()
    obj.name = TOBJ_NAME
    obj.value = TOBJ_VALUE
    obj.save()
Exemplo n.º 25
0
def crits_config(request):
    """
    Generate the CRITs Configuration template.

    :param request: Django request object (Required)
    :type request: :class:`django.http.HttpRequest`
    :returns: :class:`django.http.HttpResponse`
    """

    crits_config = CRITsConfig.objects().first()
    user = request.user

    if user.has_access_to(GeneralACL.CONTROL_PANEL_READ):
        if crits_config:
            crits_config = crits_config.to_dict()
            crits_config['allowed_hosts'] = ", ".join(crits_config['allowed_hosts'])
            crits_config['service_dirs'] = ", ".join(crits_config['service_dirs'])
            config_general_form = ConfigGeneralForm(initial=crits_config)
            config_LDAP_form = ConfigLDAPForm(initial=crits_config)
            config_security_form = ConfigSecurityForm(initial=crits_config)
            config_logging_form = ConfigLoggingForm(initial=crits_config)
            config_services_form = ConfigServicesForm(initial=crits_config)
            config_download_form = ConfigDownloadForm(initial=crits_config)
            config_CRITs_form = ConfigCritsForm(initial=crits_config)
        else:
            config_general_form = ConfigGeneralForm()
            config_LDAP_form = ConfigLDAPForm()
            config_security_form = ConfigSecurityForm()
            config_logging_form = ConfigLoggingForm()
            config_services_form = ConfigServicesForm()
            config_download_form = ConfigDownloadForm()
            config_CRITs_form = ConfigCritsForm()
        user_list = get_user_list()
        try:
            return render(request, 'config.html',
                                  {'config_general_form': config_general_form,
                                   'config_LDAP_form': config_LDAP_form,
                                   'config_security_form': config_security_form,
                                   'config_logging_form': config_logging_form,
                                   'config_services_form': config_services_form,
                                   'config_download_form': config_download_form,
                                   'config_CRITs_form': config_CRITs_form,
                                   'user_list': user_list})
        except Exception as e:
            # this should help troubleshooting config forms
            logger.error(e)
    else:
        return render(request, 'error.html',
                                  {'error': 'User does not have permission to view Control Panel.'})
Exemplo n.º 26
0
def crits_config(request):
    """
    Generate the CRITs Configuration template.

    :param request: Django request object (Required)
    :type request: :class:`django.http.HttpRequest`
    :returns: :class:`django.http.HttpResponse`
    """

    crits_config = CRITsConfig.objects().first()
    user = request.user

    if user.has_access_to(GeneralACL.CONTROL_PANEL_READ):
        if crits_config:
            crits_config = crits_config.to_dict()
            crits_config['allowed_hosts'] = ", ".join(
                crits_config['allowed_hosts'])
            crits_config['service_dirs'] = ", ".join(
                crits_config['service_dirs'])
            config_general_form = ConfigGeneralForm(initial=crits_config)
            config_LDAP_form = ConfigLDAPForm(initial=crits_config)
            config_security_form = ConfigSecurityForm(initial=crits_config)
            config_logging_form = ConfigLoggingForm(initial=crits_config)
            config_services_form = ConfigServicesForm(initial=crits_config)
            config_download_form = ConfigDownloadForm(initial=crits_config)
            config_CRITs_form = ConfigCritsForm(initial=crits_config)
        else:
            config_general_form = ConfigGeneralForm()
            config_LDAP_form = ConfigLDAPForm()
            config_security_form = ConfigSecurityForm()
            config_logging_form = ConfigLoggingForm()
            config_services_form = ConfigServicesForm()
            config_download_form = ConfigDownloadForm()
            config_CRITs_form = ConfigCritsForm()
        return render_to_response(
            'config.html', {
                'config_general_form': config_general_form,
                'config_LDAP_form': config_LDAP_form,
                'config_security_form': config_security_form,
                'config_logging_form': config_logging_form,
                'config_services_form': config_services_form,
                'config_download_form': config_download_form,
                'config_CRITs_form': config_CRITs_form,
            }, RequestContext(request))
    else:
        return render_to_response(
            'error.html',
            {'error': 'User does not have permission to view Control Panel.'},
            RequestContext(request))
Exemplo n.º 27
0
def prep_db():
    """
    Prep the DB for testing.
    """

    clean_db()
    # Create a new default config
    crits_config = CRITsConfig()
    crits_config.save()
    # Add Source
    handlers.add_new_source(TSRC, TRANDUSER)
    # Add User
    user = CRITsUser.create_user(username=TUSER_NAME,
                                 password=TUSER_PASS,
                                 email=TUSER_EMAIL,
                                 )
    user.first_name = TUSER_FNAME
    user.last_name = TUSER_LNAME
    user.save()
    # Add test source object
    obj = TestSourceObject()
    obj.name = TOBJS_NAME
    obj.value = TOBJS_VALUE
    obj.add_source(source=TSRC, analyst=TUSER_NAME)
    obj.save()
    # Add another with Different source
    obj = TestSourceObject()
    obj.name = TOBJS_NAME
    obj.value = TOBJS_VALUE
    obj.add_source(source=TUNKSRC, analyst=TRANDUSER)
    obj.save()
    # Add test non-source object
    obj = TestObject()
    obj.name = TOBJ_NAME
    obj.value = TOBJ_VALUE
    obj.save()
Exemplo n.º 28
0
def setup_access():
    sc = get_config('ThreatExchange')
    config = CRITsConfig.objects().first()
    access_token.access_token(app_id=sc['app_id'], app_secret=sc['app_secret'])
    headers = None
    if len(sc['headers']) > 0:
        hlist = sc['headers'].split(',')
        headers = {}
        for h in hlist:
            tmp = h.split(':')
            if len(tmp) == 2:
                headers[tmp[0].strip()] = tmp[1].strip()
    proxies = {'http': config.http_proxy, 'https': config.http_proxy}
    connection(headers=headers, proxies=proxies, verify=sc['verify'])
    return
Exemplo n.º 29
0
def force_reset_config():
    """
    Resets the values for the CRITsConfig class by dropping the
    database collection and then saving a new default CRITsConfig.
    """

    print "Resetting CRITs configuration settings."
    CRITsConfig.drop_collection();

    crits_config = CRITsConfig();
    crits_config.save();
Exemplo n.º 30
0
    def info_from_ldap(self, config=None, password=''):
        """
        Get information about this user from LDAP.
        """

        import ldap, ldapurl
        resp = {"result": "ERROR"}
        if not config:
            config = CRITsConfig.objects().first()
        # Make sure we have the rquired settings, else return failure
        if not config.ldap_server or not config.ldap_userdn:
            return resp
        ldap_server = config.ldap_server.split(':')
        scheme = "ldap"
        if config.ldap_tls:
            scheme = "ldaps"
        url = ldapurl.LDAPUrl('%s://%s' % (scheme, ldap_server[0]))
        if len(ldap_server) == 2:
            l = ldap.initialize('%s:%s' % (url.unparse(),
                                           ldap_server[1]))
        else:
            l = ldap.initialize(url.unparse())
        l.protocol_version = 3
        l.set_option(ldap.OPT_REFERRALS, 0)
        l.set_option(ldap.OPT_TIMEOUT, 10)
        # setup auth for custom cn's
        cn = "cn="
        if config.ldap_usercn:
            cn = config.ldap_usercn
        # setup auth for custom cn's
        if len(config.ldap_usercn) > 0:
            un = "%s%s,%s" % (config.ldap_usercn,
                              self.username,
                              config.ldap_userdn)
        elif "@" in config.ldap_userdn:
            un = "%s%s" % (self.username, config.ldap_userdn)
        else:
            un = self.username
	try:
            # Try auth bind first
            l.simple_bind_s(un, password)
            logger.info("Bound to LDAP for: %s" % self.username)
        except Exception, e:
            logger.error("Error binding to LDAP for: %s" % self.username)
            logger.error("ERR: %s" % e)
Exemplo n.º 31
0
 def __init__(self, *args, **kwargs):
     crits_config = CRITsConfig.objects().first()
     depth_max = getattr(crits_config, 'depth_max', settings.DEPTH_MAX)
     total_max = getattr(crits_config, 'total_max', settings.TOTAL_MAX)
     rel_max = getattr(crits_config, 'rel_max', settings.REL_MAX)
     super(DownloadFileForm, self).__init__(*args, **kwargs)
     self.fields['objects'].choices = [('Certificate', 'Certificates'),
                                       ('Domain', 'Domains'),
                                       ('Email', 'Emails'),
                                       ('Indicator', 'Indicators'),
                                       ('PCAP', 'PCAPs'),
                                       ('RawData', 'Raw Data'),
                                       ('Sample', 'Samples')]
     self.fields['total_limit'].initial = total_max
     self.fields['rel_limit'].initial = rel_max
     self.fields['depth_limit'].help_text = self.fields['depth_limit'].help_text % depth_max
     self.fields['total_limit'].help_text = self.fields['total_limit'].help_text % total_max
     self.fields['rel_limit'].help_text = self.fields['rel_limit'].help_text % rel_max
Exemplo n.º 32
0
def crits_config(request):
    """
    Generate the CRITs Configuration template.

    :param request: Django request object (Required)
    :type request: :class:`django.http.HttpRequest`
    :returns: :class:`django.http.HttpResponse`
    """

    crits_config = CRITsConfig.objects().first()
    if crits_config:
        crits_config = crits_config.to_dict()
        crits_config["allowed_hosts"] = ", ".join(crits_config["allowed_hosts"])
        crits_config["service_dirs"] = ", ".join(crits_config["service_dirs"])
        config_form = ConfigForm(initial=crits_config)
    else:
        config_form = ConfigForm()
    return render_to_response("config.html", {"config_form": config_form}, RequestContext(request))
Exemplo n.º 33
0
def setup_access():
    sc = get_config('ThreatExchange')
    config = CRITsConfig.objects().first()
    access_token.access_token(app_id=sc['app_id'],
                              app_secret=sc['app_secret'])
    headers = None
    if len(sc['headers']) > 0:
        hlist = sc['headers'].split(',')
        headers = {}
        for h in hlist:
            tmp = h.split(':')
            if len(tmp) == 2:
                headers[tmp[0].strip()] = tmp[1].strip()
    proxies = {'http': config.http_proxy,
               'https': config.http_proxy}
    connection(headers=headers,
               proxies=proxies,
               verify=sc['verify'])
    return
Exemplo n.º 34
0
    def is_password_complex(self, password):
        """
        Based on the CRITsConfig, is the password provided complex enough to be
        used?

        :param password: The password to check for complexity.
        :type password: str
        :returns: True, False
        """

        crits_config = CRITsConfig.objects().first()
        if crits_config:
            pw_regex = crits_config.password_complexity_regex
        else:
            pw_regex = settings.PASSWORD_COMPLEXITY_REGEX
        complex_regex = re.compile(pw_regex)
        if complex_regex.match(password):
            return True
        return False
Exemplo n.º 35
0
    def temp_password(self):
        """
        Temporary password must match the password complexity regex.
        If we don't have one in the DB use the one out of settings.
        """

        crits_config = CRITsConfig.objects().first()
        if crits_config:
            pw_regex = crits_config.password_complexity_regex
        else:
            pw_regex = settings.PASSWORD_COMPLEXITY_REGEX
        rex = re.compile(pw_regex)
        chars = string.letters + string.digits + string.punctuation
        for i in xrange(20):
            passwd = ''
            while len(passwd) < 50:
                passwd += choice(chars)
                if rex.match(passwd):
                    return passwd
        raise CommandError("Unable to generate complex enough password.")
Exemplo n.º 36
0
    def temp_password(self):
        """
        Temporary password must match the password complexity regex.
        If we don't have one in the DB use the one out of settings.
        """

        crits_config = CRITsConfig.objects().first()
        if crits_config:
            pw_regex = crits_config.password_complexity_regex
        else:
            pw_regex = settings.PASSWORD_COMPLEXITY_REGEX
        rex = re.compile(pw_regex)
        chars = string.letters + string.digits + string.punctuation
        for i in xrange(20):
            passwd = ''
            while len(passwd) < 50:
                passwd += choice(chars)
                if rex.match(passwd):
                    return passwd
        raise CommandError("Unable to generate complex enough password.")
Exemplo n.º 37
0
def crits_config(request):
    """
    Generate the CRITs Configuration template.

    :param request: Django request object (Required)
    :type request: :class:`django.http.HttpRequest`
    :returns: :class:`django.http.HttpResponse`
    """

    crits_config = CRITsConfig.objects().first()
    if crits_config:
        crits_config = crits_config.to_dict()
        crits_config['allowed_hosts'] = ", ".join(
            crits_config['allowed_hosts'])
        crits_config['service_dirs'] = ", ".join(crits_config['service_dirs'])
        config_form = ConfigForm(initial=crits_config)
    else:
        config_form = ConfigForm()
    return render_to_response('config.html', {'config_form': config_form},
                              RequestContext(request))
Exemplo n.º 38
0
def crits_config(request):
    """
    Generate the CRITs Configuration template.

    :param request: Django request object (Required)
    :type request: :class:`django.http.HttpRequest`
    :returns: :class:`django.http.HttpResponse`
    """

    crits_config = CRITsConfig.objects().first()
    if crits_config:
        crits_config = crits_config.to_dict()
        crits_config['allowed_hosts'] = ", ".join(
            crits_config['allowed_hosts'])
        crits_config['service_dirs'] = ", ".join(crits_config['service_dirs'])
        config_general_form = ConfigGeneralForm(initial=crits_config)
        config_LDAP_form = ConfigLDAPForm(initial=crits_config)
        config_security_form = ConfigSecurityForm(initial=crits_config)
        config_logging_form = ConfigLoggingForm(initial=crits_config)
        config_services_form = ConfigServicesForm(initial=crits_config)
        config_download_form = ConfigDownloadForm(initial=crits_config)
        config_CRITs_form = ConfigCritsForm(initial=crits_config)
    else:
        config_general_form = ConfigGeneralForm()
        config_LDAP_form = ConfigLDAPForm()
        config_security_form = ConfigSecurityForm()
        config_logging_form = ConfigLoggingForm()
        config_services_form = ConfigServicesForm()
        config_download_form = ConfigDownloadForm()
        config_CRITs_form = ConfigCritsForm()
    return render_to_response(
        'config.html', {
            'config_general_form': config_general_form,
            'config_LDAP_form': config_LDAP_form,
            'config_security_form': config_security_form,
            'config_logging_form': config_logging_form,
            'config_services_form': config_services_form,
            'config_download_form': config_download_form,
            'config_CRITs_form': config_CRITs_form
        }, RequestContext(request))
Exemplo n.º 39
0
 def __init__(self, *args, **kwargs):
     crits_config = CRITsConfig.objects().first()
     depth_max = getattr(crits_config, "depth_max", settings.DEPTH_MAX)
     total_max = getattr(crits_config, "total_max", settings.TOTAL_MAX)
     rel_max = getattr(crits_config, "rel_max", settings.REL_MAX)
     super(DownloadFileForm, self).__init__(*args, **kwargs)
     self.fields["objects"].choices = [
         ("Actor", "Actors"),
         ("Certificate", "Certificates"),
         ("Domain", "Domains"),
         ("Email", "Emails"),
         ("Indicator", "Indicators"),
         ("PCAP", "PCAPs"),
         ("RawData", "Raw Data"),
         ("Sample", "Samples"),
         ("Signature", "Signatures"),
     ]
     self.fields["total_limit"].initial = total_max
     self.fields["rel_limit"].initial = rel_max
     self.fields["depth_limit"].help_text = self.fields["depth_limit"].help_text % depth_max
     self.fields["total_limit"].help_text = self.fields["total_limit"].help_text % total_max
     self.fields["rel_limit"].help_text = self.fields["rel_limit"].help_text % rel_max
Exemplo n.º 40
0
Arquivo: views.py Projeto: 0x3a/crits
def crits_config(request):
    """
    Generate the CRITs Configuration template.

    :param request: Django request object (Required)
    :type request: :class:`django.http.HttpRequest`
    :returns: :class:`django.http.HttpResponse`
    """

    crits_config = CRITsConfig.objects().first()
    if crits_config:
        crits_config = crits_config.to_dict()
        crits_config['allowed_hosts'] = ", ".join(crits_config['allowed_hosts'])
        crits_config['service_dirs'] = ", ".join(crits_config['service_dirs'])
        config_general_form = ConfigGeneralForm(initial=crits_config)
        config_LDAP_form = ConfigLDAPForm(initial=crits_config)
        config_security_form = ConfigSecurityForm(initial=crits_config)
        config_logging_form = ConfigLoggingForm(initial=crits_config)
        config_services_form = ConfigServicesForm(initial=crits_config)
        config_download_form = ConfigDownloadForm(initial=crits_config)
        config_CRITs_form = ConfigCritsForm(initial=crits_config)
    else:
        config_general_form = ConfigGeneralForm()
        config_LDAP_form = ConfigLDAPForm()
        config_security_form = ConfigSecurityForm()
        config_logging_form = ConfigLoggingForm()
        config_services_form = ConfigServicesForm()
        config_download_form = ConfigDownloadForm()
        config_CRITs_form = ConfigCritsForm()
    return render_to_response('config.html',
                              {'config_general_form': config_general_form,
                               'config_LDAP_form': config_LDAP_form,
                               'config_security_form': config_security_form,
                               'config_logging_form': config_logging_form,
                               'config_services_form': config_services_form,
                               'config_download_form': config_download_form,
                               'config_CRITs_form': config_CRITs_form},
                              RequestContext(request))
Exemplo n.º 41
0
Arquivo: user.py Projeto: gfavre/crits
    def info_from_ldap(self, config=None, password=''):
        """
        Get information about this user from LDAP.
        """

        import ldap, ldapurl
        resp = {"result": "ERROR"}
        if not config:
            config = CRITsConfig.objects().first()
        # Make sure we have the rquired settings, else return failure
        if not config.ldap_server or not config.ldap_userdn:
            return resp
        ldap_server = config.ldap_server.split(':')
        scheme = "ldap"
        if config.ldap_tls:
            scheme = "ldaps"
        url = ldapurl.LDAPUrl('%s://%s' % (scheme, ldap_server[0]))
        if len(ldap_server) == 2:
            l = ldap.initialize('%s:%s' % (url.unparse(),
                                           ldap_server[1]))
        else:
            l = ldap.initialize(url.unparse())
        l.protocol_version = 3
        l.set_option(ldap.OPT_REFERRALS, 0)
        l.set_option(ldap.OPT_TIMEOUT, 10)
        # setup auth for custom cn's
        cn = "cn="
        if config.ldap_usercn:
            cn = config.ldap_usercn
        # two-step ldap binding
        if len(config.ldap_bind_dn) > 0:
            try:
            	logger.info("binding with bind_dn: %s" % config.ldap_bind_dn)
            	l.simple_bind_s(config.ldap_bind_dn, config.ldap_bind_password)
            	filter = '(|(cn='+self.username+')(uid='+self.username+')(mail='+self.username+'))'
            	# use the retrieved dn for the second bind
            	un = l.search_s(config.ldap_userdn,ldap.SCOPE_SUBTREE,filter,['dn'])[0][0]
            except Exception as err:
            	#logger.error("Error binding to LDAP for: %s" % config.ldap_bind_dn)
            	logger.error("Error in info_from_ldap: %s" % err)
            l.unbind()
            if len(ldap_server) == 2:
                l = ldap.initialize('%s:%s' % (url.unparse(),
                                               ldap_server[1]))
            else:
                l = ldap.initialize(url.unparse())
            l.protocol_version = 3
            l.set_option(ldap.OPT_REFERRALS, 0)
            l.set_option(ldap.OPT_TIMEOUT, 10)
        else:
            un = self.username
        # setup auth for custom cn's
        if len(config.ldap_usercn) > 0:
            un = "%s%s,%s" % (config.ldap_usercn,
                              self.username,
                              config.ldap_userdn)
        elif "@" in config.ldap_userdn:
            un = "%s%s" % (self.username, config.ldap_userdn)
	try:
            # Try auth bind first
            l.simple_bind_s(un, password)
            logger.info("Bound to LDAP for: %s" % un)
        except Exception as e:
            #logger.error("Error binding to LDAP for: %s" % self.username)
            logger.error("info_from_ldap:ERR: %s" % e)
        try:
            uatr = None
            uatr = l.search_s(config.ldap_userdn,
                              ldap.SCOPE_SUBTREE,
                              '(|(cn='+self.username+')(uid='+self.username+'))'
                              )[0][1]
            resp['first_name'] = uatr['givenName'][0]
            resp['last_name'] = uatr['sn'][0]
            resp['email'] = uatr['mail'][0]
            resp['result'] = "OK"
            logger.info("Retrieved LDAP info for: %s" % self.username)
        except Exception as e:
            #logger.error("Error retrieving LDAP info for: %s" % self.username)
            logger.error("info_from_ldap ERR: %s" % e)
        l.unbind()
        return resp
Exemplo n.º 42
0
    def authenticate(self, username=None, password=None, user_agent=None,
                     remote_addr=None, accept_language=None,
                     totp_enabled='Disabled'):
        """
        Perform the authentication of the user.

        :param username: The user to authenticate.
        :type username: str
        :param password: The password provided to authenticate with.
        :type password: str
        :param user_agent: The user-agent in the request.
        :type user_agent: str
        :param remote_addr: The hostname/ip in the request.
        :type remote_addr: str
        :param accept_language: The Accept Language in the request.
        :type accept_language: str
        :param totp_enabled: If TOTP is enabled and should be checked as well.
        :type totp_enabled: str
        :returns: :class:`crits.core.user.CRITsUser`, None
        """

        # Need username and password for logins, checkem both
        if not all([username, password]):
            return None

        e = EmbeddedLoginAttempt()
        e.user_agent = user_agent
        e.remote_addr = remote_addr
        e.accept_language = accept_language
        fusername = username
        if '\\' in username:
            username = username.split("\\")[1]
        user = CRITsUser.objects(username=username).first()
        if user:
            # If the user needs TOTP and it is not disabled system-wide, and
            # the user has exceeded the login threshold for this time period
            # don't go any further. Track the invalid login and return.
            if (((user.totp and totp_enabled == 'Optional') or
                    totp_enabled == 'Required') and
                    self._exceeded_login_threshold(user)):
                e.success = False
                self.track_login_attempt(user, e)
                user.reload()
                return None
            config = CRITsConfig.objects().first()
            if not config:
                return None
            if config.ldap_auth:
                import ldap, ldapurl
                try:
                    # If you are using Oracle's server that's based on
                    # Netscape's code, and your users can't login after
                    # password expiration warning kicks in, you need:
                    # python-ldap 2.4.15 installed and
                    # import ldap.controls.pwdpolicy to fix it
                    #
                    import ldap.controls.pwdpolicy
                except ImportError:
                    logger.info("ldap.controls.pwdpolicy not present.")
                try:
                    # don't parse the port if there is one
                    ldap_server = config.ldap_server.split(':')
                    scheme = "ldap"
                    if config.ldap_tls:
                        scheme = "ldaps"
                    url = ldapurl.LDAPUrl('%s://%s' % (scheme, ldap_server[0]))
                    if len(ldap_server) == 2:
                        l = ldap.initialize('%s:%s' % (url.unparse(),
                                                       ldap_server[1]))
                    else:
                        l = ldap.initialize(url.unparse())
                    l.protocol_version = 3
                    l.set_option(ldap.OPT_REFERRALS, 0)
                    l.set_option(ldap.OPT_TIMEOUT, 10)
                    # setup auth for custom cn's
                    if len(config.ldap_usercn) > 0:
                        un = "%s%s,%s" % (config.ldap_usercn,
                                          fusername,
                                          config.ldap_userdn)
                    elif "@" in config.ldap_userdn:
                        un = "%s%s" % (fusername, config.ldap_userdn)
                    else:
                        un = fusername
                    logger.info("Logging in user: %s" % un)
                    l.simple_bind_s(un, password)
                    user = self._successful_settings(user, e, totp_enabled)
                    if config.ldap_update_on_login:
                        user.update_from_ldap("Auto LDAP update", config, password)
                    l.unbind()
                    return user
                except ldap.INVALID_CREDENTIALS:
                    l.unbind()
                    logger.info("Invalid LDAP credentials for: %s" % un)
                except Exception, err:
                    logger.info("LDAP Auth error: %s" % err)
            # If LDAP auth fails, attempt normal CRITs auth.
            # This will help with being able to use local admin accounts when
            # you have LDAP auth enabled.
            if password and user.check_password(password):
                self._successful_settings(user, e, totp_enabled)
                if config.ldap_update_on_login:
                    user.update_from_ldap("Auto LDAP update", config)
                return user
            else:
                e.success = False
                user.invalid_login_attempts += 1

            if user.is_active and user.invalid_login_attempts > settings.INVALID_LOGIN_ATTEMPTS:
                user.is_active = False
                logger.info("Account disabled due to too many invalid login attempts: %s" %
                            user.username)

                if config.crits_email_end_tag:
                    subject = "CRITs Account Lockout" + config.crits_email_subject_tag
                else:
                    subject = config.crits_email_subject_tag + "CRITs Account Lockout"
                body = """

You are receiving this email because your CRITs account has been locked out due to
too many invalid login attempts.  If you did not perform this action,
someone may be attempting to access your account.

Please contact a site administrator to resolve.

"""
                user.email_user(subject, body)
            self.track_login_attempt(user, e)
            user.reload()
Exemplo n.º 43
0
def generate_indicator_jtable(request, option):
    """
    Generate the jtable data for rendering in the list template.

    :param request: The request for this jtable.
    :type request: :class:`django.http.HttpRequest`
    :param option: Action to take.
    :type option: str of either 'jtlist', 'jtdelete', or 'inline'.
    :returns: :class:`django.http.HttpResponse`
    """

    obj_type = Indicator
    type_ = "indicator"
    mapper = obj_type._meta['jtable_opts']
    if option == "jtlist":
        # Sets display url
        details_url = mapper['details_url']
        details_url_key = mapper['details_url_key']
        fields = mapper['fields']
        response = jtable_ajax_list(obj_type,
                                    details_url,
                                    details_url_key,
                                    request,
                                    includes=fields)
        return HttpResponse(json.dumps(response,
                                       default=json_handler),
                            content_type="application/json")
    if option == "jtdelete":
        response = {"Result": "ERROR"}
        if jtable_ajax_delete(obj_type, request):
            response = {"Result": "OK"}
        return HttpResponse(json.dumps(response,
                                       default=json_handler),
                            content_type="application/json")
    jtopts = {
        'title': "Indicators",
        'default_sort': mapper['default_sort'],
        'listurl': reverse('crits.%ss.views.%ss_listing' % (type_,
                                                            type_),
                           args=('jtlist',)),
        'deleteurl': reverse('crits.%ss.views.%ss_listing' % (type_,
                                                              type_),
                             args=('jtdelete',)),
        'searchurl': reverse(mapper['searchurl']),
        'fields': mapper['jtopts_fields'],
        'hidden_fields': mapper['hidden_fields'],
        'linked_fields': mapper['linked_fields'],
        'details_link': mapper['details_link'],
        'no_sort': mapper['no_sort']
    }
    config = CRITsConfig.objects().first()
    print config.splunk_search_url
    if not config.splunk_search_url:
        del jtopts['fields'][1]
    jtable = build_jtable(jtopts, request)
    jtable['toolbar'] = [
        {
            'tooltip': "'All Indicators'",
            'text': "'All'",
            'click': "function () {$('#indicator_listing').jtable('load', {'refresh': 'yes'});}",
            'cssClass': "'jtable-toolbar-center'",
        },
        {
            'tooltip': "'New Indicators'",
            'text': "'New'",
            'click': "function () {$('#indicator_listing').jtable('load', {'refresh': 'yes', 'status': 'New'});}",
            'cssClass': "'jtable-toolbar-center'",
        },
        {
            'tooltip': "'In Progress Indicators'",
            'text': "'In Progress'",
            'click': "function () {$('#indicator_listing').jtable('load', {'refresh': 'yes', 'status': 'In Progress'});}",
            'cssClass': "'jtable-toolbar-center'",
        },
        {
            'tooltip': "'Analyzed Indicators'",
            'text': "'Analyzed'",
            'click': "function () {$('#indicator_listing').jtable('load', {'refresh': 'yes', 'status': 'Analyzed'});}",
            'cssClass': "'jtable-toolbar-center'",
        },
        {
            'tooltip': "'Deprecated Indicators'",
            'text': "'Deprecated'",
            'click': "function () {$('#indicator_listing').jtable('load', {'refresh': 'yes', 'status': 'Deprecated'});}",
            'cssClass': "'jtable-toolbar-center'",
        },
        {
            'tooltip': "'Add Indicator'",
            'text': "'Add Indicator'",
            'click': "function () {$('#new-indicator').click()}",
        },
    ]
    if config.splunk_search_url:
        for field in jtable['fields']:
            if field['fieldname'].startswith("'splunk"):
                field['display'] = """ function (data) {
                return '<a href="%s' + data.record.value + '"><img src="/new_images/splunk.png" /></a>';
                }
                """ % config.splunk_search_url
    if option == "inline":
        return render_to_response("jtable.html",
                                  {'jtable': jtable,
                                   'jtid': '%s_listing' % type_,
                                   'button': '%ss_tab' % type_},
                                  RequestContext(request))
    else:
        return render_to_response("%s_listing.html" % type_,
                                  {'jtable': jtable,
                                   'jtid': '%s_listing' % type_},
                                  RequestContext(request))
Exemplo n.º 44
0
Arquivo: prep.py Projeto: 0x3a/crits
def update_database_version():

    c = CRITsConfig.objects().first()
    c.crits_version = "3.1.0"
    c.save()
Exemplo n.º 45
0
def create_zip(files, pw_protect=True):
    """
    Create a zip file. Creates a temporary directory to write files to on disk
    using :class:`tempfile`. Uses /usr/bin/zip as the zipping mechanism
    currently. Will password protect the zip file as a default. The password for
    the zip file defaults to "infected", but it can be changed in the config 
    under zip7_password.

    :param files: The files to add to the zip file.
    :type files: list of files which are in the format of a list or tuple of
                 (<filename>, <data>).
    :param pw_protect: To password protect the zip file or not.
    :type pw_protect: boolean
    :returns: :class:`crits.core.exceptions.ZipFileError`, str
    """

    dumpdir = ""
    try:
        # Zip can take data from stdin to compress, but
        # you can't define the filenames within the archive,
        # they show up as "-".  Therefore, we need to write
        # out the file, compress it and return the zip.
        # Save the sample as a file in a temp directory
        # NOTE: the following line was causing a "permission denied" exception.
        # Removed dir arg.
        from crits.config.config import CRITsConfig
        crits_config = CRITsConfig.objects().first()
        if crits_config:
            zip7_password = crits_config.zip7_password
        else:
            zip7_password = settings.ZIP7_PASSWORD
        dumpdir = tempfile.mkdtemp() #dir=temproot
        #write out binary files
        for f in files:
            filename = f[0]
            file_data = f[1]

            # make sure our desired path doesn't already exist (some files may
            # have the same name but different data)
            path = dumpdir + "/" + filename.encode("utf-8")
            i = 1
            tmp = path
            while os.path.exists(tmp):
                tmp = path+"("+str(i)+")"
                i += 1

            with open(tmp, "wb") as fh:
                fh.write(file_data)

        # Build the command line for zip
        # NOTE: forking subprocess instead of using Python's ZipFile library
        # because ZipFile does not allow us to create password-protected zip
        # archives, only read them.
        # -j don't include original filepath
        zipname = "zip.zip" #The name we give it doesn't really matter
        args = ["/usr/bin/zip", "-r", "-j", dumpdir+"/"+zipname, dumpdir]
        if pw_protect:
            args += ["-P", zip7_password]
        args += [dumpdir+"/"+zipname, dumpdir]

        proc = subprocess.Popen(args,
                                stdout=subprocess.PIPE,
                                stderr=subprocess.STDOUT)
        # Give the process 30 seconds to complete, otherwise kill it
        waitSeconds = 30
        while (proc.poll() is None and waitSeconds):
            time.sleep(1)
            waitSeconds -= 1

        zipdata = ""
        if proc.returncode:     # zip spit out an error
            errmsg = "Error while creating archive\n" + proc.stdout.read()
            raise ZipFileError, errmsg
        elif not waitSeconds:   # Process timed out
            proc.terminate()
            raise ZipFileError, "Error:\nProcess failed to terminate"
        else:
            with open(dumpdir + "/" + zipname, "rb") as fh:
                zipdata = fh.read()
        if not len(zipdata):
            raise ZipFileError, "Error:\nThe zip archive contains no data"
        return zipdata

    except ZipFileError:
        raise
    except Exception, ex:
        errmsg = ""
        for err in ex.args:
            errmsg = errmsg + " " + unicode(err)
        raise ZipFileError, errmsg
Exemplo n.º 46
0
class Command(BaseCommand):
    """
    Script Class.
    """

    option_list = BaseCommand.option_list + (
        make_option('--adduser',
                    '-a',
                    dest='adduser',
                    action='store_true',
                    default=False,
                    help='Add a new user to CRITs.'),
        make_option('--administrator',
                    '-A',
                    dest='admin',
                    action='store_true',
                    default=False,
                    help='Make this user an administrator.'),
        make_option('--clearsecret',
                    '-c',
                    dest='clearsecret',
                    action='store_true',
                    default=False,
                    help="Clear a user's secret."),
        make_option('--deactivateuser',
                    '-d',
                    dest='deactivate',
                    action='store_true',
                    default=False,
                    help='Deactivate a user account.'),
        make_option('--email',
                    '-e',
                    dest='email',
                    default=None,
                    help='Email address of new user.'),
        make_option('--sendemail',
                    '-E',
                    dest='sendemail',
                    action='store_true',
                    default=False,
                    help='Email new user their temporary password.'),
        make_option('--firstname',
                    '-f',
                    dest='firstname',
                    default='',
                    help='First name of new user.'),
        make_option('--invalidreset',
                    '-i',
                    dest='invalidreset',
                    action='store_true',
                    default=False,
                    help="Reset a user's invalid login attempts to 0."),
        make_option('--lastname',
                    '-l',
                    dest='lastname',
                    default='',
                    help='Last name of new user.'),
        make_option('--organization',
                    '-o',
                    dest='organization',
                    default='',
                    help='Assign user to an organization/source.'),
        make_option('--reset',
                    '-r',
                    dest='reset',
                    action='store_true',
                    default=False,
                    help='Assign a new temporary password to a user.'),
        make_option('--setactive',
                    '-s',
                    dest='setactive',
                    action='store_true',
                    default=False,
                    help='Set a user account to active.'),
        make_option('--enabletotp',
                    '-t',
                    dest='enabletotp',
                    action='store_true',
                    default=False,
                    help='Enable TOTP for a user.'),
        make_option('--disabletotp',
                    '-T',
                    dest='disabletotp',
                    action='store_true',
                    default=False,
                    help='Disable TOTP for a user.'),
        make_option('--username',
                    '-u',
                    dest='username',
                    default=None,
                    help='Username for new user.'),
    )
    help = 'Add and edit a CRITs user. If "-a" is not used, we will try to edit.'

    def handle(self, *args, **options):
        """
        Script execution.
        """

        adduser = options.get('adduser')
        admin = options.get('admin')
        clearsecret = options.get('clearsecret')
        deactivate = options.get('deactivate')
        disabletotp = options.get('disabletotp')
        email = options.get('email')
        enabletotp = options.get('enabletotp')
        firstname = options.get('firstname')
        invalidreset = options.get('invalidreset')
        lastname = options.get('lastname')
        sendemail = options.get('sendemail')
        organization = options.get('organization')
        password = self.temp_password()
        reset = options.get('reset')
        setactive = options.get('setactive')
        username = options.get('username')

        # We always need a username
        if not username:
            raise CommandError("Must provide a username.")
        user = CRITsUser.objects(username=username).first()

        # If we've found a user with that username and we aren't trying to add a
        # new user...
        if user and not adduser:
            if admin:
                user.role = "Adminstrator"
            if clearsecret:
                user.secret = ""
            if deactivate and not setactive:
                user.is_active = False
            if disabletotp and not enabletotp:
                user.totp = False
            if email:
                user.email = email
            if enabletotp and not disabletotp:
                user.totp = True
            if firstname:
                user.first_name = firstname
            if lastname:
                user.last_name = lastname
            if invalidreset:
                user.invalid_login_attempts = 0
            if organization:
                user.organization = organization
            if reset:
                user.set_password(password)
            if setactive and not deactivate:
                user.is_active = True
            try:
                user.save()
                if reset:
                    print "New temporary password for %s: %s" % (username,
                                                                 password)
                print "User %s has been updated!" % username
            except Exception, e:
                raise CommandError("Error saving changes: %s" % str(e))
            if adduser:
                raise CommandError("User '%s' exists in CRITs!" % username)
        elif adduser:
            if not email:
                raise CommandError("Must provide an email address!")
            user = CRITsUser.create_user(username, password, email)
            user.first_name = firstname
            user.last_name = lastname
            user.is_staff = True
            user.save()
            user.organization = organization
            if admin:
                user.role = "Administrator"
            user.save()

            if sendemail:
                crits_config = CRITsConfig.objects().first()
                if crits_config.crits_email_end_tag:
                    subject = "New CRITs User Account" + crits_config.crits_email_subject_tag
                else:
                    subject = crits_config.crits_email_subject_tag + "New CRITs User Account"
                body = """You are receiving this email because someone has created a
CRITs account for you. If you feel like you have received this in
error, please ignore this email. Your account information is below:\n\n
"""
                body += "Username:\t%s\n" % username
                body += "Password:\t%s\n\n\n" % password
                body += """You should log in immediately and reset your password.\n
Thank you!
"""
                user.email_user(subject, body)

            self.stdout.write("User '%s' created successfully!" % username)
            self.stdout.write("\nTemp password: \t%s" % password)
            self.stdout.write("\n")
Exemplo n.º 47
0
def modify_config(request):
    """
    Modify the CRITs Configuration. Should be an AJAX POST.

    :param request: Django request object (Required)
    :type request: :class:`django.http.HttpRequest`
    :returns: :class:`django.http.HttpResponse`
    """
    from django.forms.util import ErrorList

    # Get the current configuration, set as default unless user has permission to edit.
    crits_config = CRITsConfig.objects().first()
    config_data = crits_config.__dict__.get('_data')
    analyst = request.user.username
    user = request.user
    errors = []
    permission_error = False

    if request.method == "POST" and request.is_ajax():
        if user.has_access_to(GeneralACL.CONTROL_PANEL_GENERAL_EDIT):
            config_general_form = ConfigGeneralForm(request.POST)
        else:
            config_general_form = ConfigGeneralForm(config_data)
            permission_error = True
        if user.has_access_to(GeneralACL.CONTROL_PANEL_LDAP_EDIT):
            config_LDAP_form = ConfigLDAPForm(request.POST)
        else:
            config_LDAP_form = ConfigLDAPForm(config_data)
            permission_error = True
        if user.has_access_to(GeneralACL.CONTROL_PANEL_SECURITY_EDIT):
            config_security_form = ConfigSecurityForm(request.POST)
        else:
            new_allowed_hosts = []
            for host in config_data['allowed_hosts']:
                new_allowed_hosts.append(str(host))

            config_data['allowed_hosts'] = ','.join(new_allowed_hosts)

            config_security_form = ConfigSecurityForm(config_data)
            permission_error = True
        if user.has_access_to(GeneralACL.CONTROL_PANEL_LOGGING_EDIT):
            config_logging_form = ConfigLoggingForm(request.POST)
        else:
            config_logging_form = ConfigLoggingForm(config_data)
            permission_error = True
        if user.has_access_to(GeneralACL.CONTROL_PANEL_SYSTEM_SERVICES_EDIT):
            config_services_form = ConfigServicesForm(request.POST)
        else:
            new_service_dirs = []
            for directory in config_data['service_dirs']:
                new_service_dirs.append(str(directory))
            config_data['service_dirs'] = ','.join(new_service_dirs)

            config_services_form = ConfigServicesForm(config_data)
            permission_error = True
        if user.has_access_to(GeneralACL.CONTROL_PANEL_DOWNLOADING_EDIT):
            config_download_form = ConfigDownloadForm(request.POST)
        else:
            config_download_form = ConfigDownloadForm(config_data)
            permission_error = True
        if user.has_access_to(GeneralACL.CONTROL_PANEL_CRITS_EDIT):
            config_CRITs_form = ConfigCritsForm(request.POST)
        else:
            config_CRITs_form = ConfigCritsForm(config_data)
            permission_error = True

        forms = [
            config_general_form, config_LDAP_form, config_security_form,
            config_logging_form, config_services_form, config_download_form,
            config_CRITs_form
        ]
        #Used in defining the error message displayed to the user
        errorStringDict = {
            "ConfigGeneralForm": "General",
            "ConfigLDAPForm": "LDAP",
            "ConfigSecurityForm": "Security",
            "ConfigLoggingForm": "Logging",
            "ConfigServicesForm": "Services",
            "ConfigDownloadForm": "Downloading",
            "ConfigCritsForm": "CRITs",
        }

        #iterate over all the forms, checking if they're valid
        #if the form is valid, remove it from the errorStringDict
        for form in forms:
            if form.is_valid():
                formName = type(form).__name__
                errorStringDict.pop(formName, None)
            else:
                errors.extend(form.errors)

        #submit if the errorStringDict is empty
        if not errorStringDict and not permission_error:
            result = modify_configuration(forms, analyst)
            message = result['message']
        elif permission_error:
            message = "User does not have permission to edit form."
        elif len(errorStringDict) == 2:
            formsWithErrors = " and ".join(errorStringDict.values())
            message = "Invalid Form: The " + formsWithErrors + " tabs have errors."
        elif len(
                errorStringDict
        ) > 1:  #if there are multiple tabs with errors, pluralize the error message
            formsWithErrors = ", ".join(errorStringDict.values())
            lastWhiteSpace = formsWithErrors.rfind(" ")
            formsWithErrors = formsWithErrors[:
                                              lastWhiteSpace] + " and " + formsWithErrors[
                                                  lastWhiteSpace:]
            message = "Invalid Form: The " + formsWithErrors + " tabs have errors."
        else:  #if there is only one tab with errors, make the error message singular
            formsWithErrors = errorStringDict.values()[0]
            message = "Invalid Form: The " + formsWithErrors + " tab has errors."

        message = {'message': message, 'errors': errors}
        return HttpResponse(json.dumps(message),
                            content_type="application/json")
    else:
        return render_to_response('error.html',
                                  {'error': 'Expected AJAX POST'},
                                  RequestContext(request))
Exemplo n.º 48
0
def create_zip(files, pw_protect=True):
    """
    Create a zip file. Creates a temporary directory to write files to on disk
    using :class:`tempfile`. Uses /usr/bin/zip as the zipping mechanism
    currently. Will password protect the zip file as a default. The password for
    the zip file defaults to "infected", but it can be changed in the config 
    under zip7_password.

    :param files: The files to add to the zip file.
    :type files: list of files which are in the format of a list or tuple of
                 (<filename>, <data>).
    :param pw_protect: To password protect the zip file or not.
    :type pw_protect: boolean
    :returns: :class:`crits.core.exceptions.ZipFileError`, str
    """

    dumpdir = ""
    try:
        # Zip can take data from stdin to compress, but
        # you can't define the filenames within the archive,
        # they show up as "-".  Therefore, we need to write
        # out the file, compress it and return the zip.
        # Save the sample as a file in a temp directory
        # NOTE: the following line was causing a "permission denied" exception.
        # Removed dir arg.
        from crits.config.config import CRITsConfig
        crits_config = CRITsConfig.objects().first()
        if crits_config:
            zip7_password = crits_config.zip7_password
        else:
            zip7_password = settings.ZIP7_PASSWORD
        dumpdir = tempfile.mkdtemp()  #dir=temproot
        #write out binary files
        for f in files:
            filename = f[0]
            file_data = f[1]

            # make sure our desired path doesn't already exist (some files may
            # have the same name but different data)
            path = dumpdir + "/" + filename.encode("utf-8")
            i = 1
            tmp = path
            while os.path.exists(tmp):
                tmp = path + "(" + str(i) + ")"
                i += 1

            with open(tmp, "wb") as fh:
                fh.write(file_data)

        # Build the command line for zip
        # NOTE: forking subprocess instead of using Python's ZipFile library
        # because ZipFile does not allow us to create password-protected zip
        # archives, only read them.
        # -j don't include original filepath
        zipname = "zip.zip"  #The name we give it doesn't really matter
        args = ["/usr/bin/zip", "-r", "-j", dumpdir + "/" + zipname, dumpdir]
        if pw_protect:
            args += ["-P", zip7_password]
        args += [dumpdir + "/" + zipname, dumpdir]

        proc = subprocess.Popen(args,
                                stdout=subprocess.PIPE,
                                stderr=subprocess.STDOUT)
        # Give the process 30 seconds to complete, otherwise kill it
        waitSeconds = 30
        while (proc.poll() is None and waitSeconds):
            time.sleep(1)
            waitSeconds -= 1

        zipdata = ""
        if proc.returncode:  # zip spit out an error
            errmsg = "Error while creating archive\n" + proc.stdout.read()
            raise ZipFileError, errmsg
        elif not waitSeconds:  # Process timed out
            proc.terminate()
            raise ZipFileError, "Error:\nProcess failed to terminate"
        else:
            with open(dumpdir + "/" + zipname, "rb") as fh:
                zipdata = fh.read()
        if not len(zipdata):
            raise ZipFileError, "Error:\nThe zip archive contains no data"
        return zipdata

    except ZipFileError:
        raise
    except Exception, ex:
        errmsg = ""
        for err in ex.args:
            errmsg = errmsg + " " + unicode(err)
        raise ZipFileError, errmsg
Exemplo n.º 49
0
def update_database_version():

    c = CRITsConfig.objects().first()
    c.crits_version = "3.1.0"
    c.save()
Exemplo n.º 50
0
def modify_config(request):
    """
    Modify the CRITs Configuration. Should be an AJAX POST.

    :param request: Django request object (Required)
    :type request: :class:`django.http.HttpRequest`
    :returns: :class:`django.http.HttpResponse`
    """

    # Get the current configuration, set as default unless user has permission to edit.
    crits_config = CRITsConfig.objects().first()
    config_data = crits_config.__dict__.get('_data')
    analyst = request.user.username
    user = request.user
    errors = []
    permission_error = False

    if request.method == "POST" and request.is_ajax():
        if user.has_access_to(GeneralACL.CONTROL_PANEL_GENERAL_EDIT):
            config_general_form = ConfigGeneralForm(request.POST)
        else:
            config_general_form = ConfigGeneralForm(config_data)
            permission_error = True
        if user.has_access_to(GeneralACL.CONTROL_PANEL_LDAP_EDIT):
            config_LDAP_form = ConfigLDAPForm(request.POST)
        else:
            config_LDAP_form = ConfigLDAPForm(config_data)
            permission_error = True
        if user.has_access_to(GeneralACL.CONTROL_PANEL_SECURITY_EDIT):
            config_security_form = ConfigSecurityForm(request.POST)
        else:
            new_allowed_hosts = []
            for host in config_data['allowed_hosts']:
                new_allowed_hosts.append(str(host))

            config_data['allowed_hosts'] = ','.join(new_allowed_hosts)


            config_security_form = ConfigSecurityForm(config_data)
            permission_error = True
        if user.has_access_to(GeneralACL.CONTROL_PANEL_LOGGING_EDIT):
            config_logging_form = ConfigLoggingForm(request.POST)
        else:
            config_logging_form = ConfigLoggingForm(config_data)
            permission_error = True
        if user.has_access_to(GeneralACL.CONTROL_PANEL_SYSTEM_SERVICES_EDIT):
            config_services_form = ConfigServicesForm(request.POST)
        else:
            new_service_dirs = []
            for directory in config_data['service_dirs']:
                new_service_dirs.append(str(directory))
            config_data['service_dirs'] = ','.join(new_service_dirs)

            config_services_form = ConfigServicesForm(config_data)
            permission_error = True
        if user.has_access_to(GeneralACL.CONTROL_PANEL_DOWNLOADING_EDIT):
            config_download_form = ConfigDownloadForm(request.POST)
        else:
            config_download_form = ConfigDownloadForm(config_data)
            permission_error = True
        if user.has_access_to(GeneralACL.CONTROL_PANEL_CRITS_EDIT):
            config_CRITs_form = ConfigCritsForm(request.POST)
        else:
            config_CRITs_form = ConfigCritsForm(config_data)
            permission_error = True

        forms = [config_general_form,
                 config_LDAP_form,
                 config_security_form,
                 config_logging_form,
                 config_services_form,
                 config_download_form,
                 config_CRITs_form]
        #Used in defining the error message displayed to the user
        errorStringDict = {
            "ConfigGeneralForm": "General",
            "ConfigLDAPForm": "LDAP",
            "ConfigSecurityForm": "Security",
            "ConfigLoggingForm": "Logging",
            "ConfigServicesForm": "Services",
            "ConfigDownloadForm": "Downloading",
            "ConfigCritsForm": "CRITs",
        }

        #iterate over all the forms, checking if they're valid
        #if the form is valid, remove it from the errorStringDict
        for form in forms:
            if form.is_valid():
                formName = type(form).__name__
                errorStringDict.pop(formName, None)
            else:
                errors.extend(form.errors)

        #submit if the errorStringDict is empty
        if not errorStringDict and not permission_error:
            result = modify_configuration(forms, analyst)
            message = result['message']
        elif permission_error:
            message = "User does not have permission to edit form."
        elif len(errorStringDict) == 2:
            formsWithErrors = " and ".join(errorStringDict.values())
            message = "Invalid Form: The " + formsWithErrors + " tabs have errors."
        elif len(errorStringDict) > 1:      #if there are multiple tabs with errors, pluralize the error message
            formsWithErrors = ", ".join(errorStringDict.values())
            lastWhiteSpace = formsWithErrors.rfind(" ")
            formsWithErrors = formsWithErrors[:lastWhiteSpace] + " and " + formsWithErrors[lastWhiteSpace:]
            message = "Invalid Form: The " + formsWithErrors + " tabs have errors."
        else:   #if there is only one tab with errors, make the error message singular
            formsWithErrors = errorStringDict.values()[0]
            message = "Invalid Form: The " + formsWithErrors + " tab has errors."

        message = {'message': message,
                   'errors': errors}
        return HttpResponse(json.dumps(message), content_type="application/json")
    else:
        return render_to_response('error.html',
                                  {'error': 'Expected AJAX POST'},
                                  RequestContext(request))
Exemplo n.º 51
0
    def info_from_ldap(self, config=None, password=''):
        """
        Get information about this user from LDAP.
        """

        import ldap, ldapurl
        resp = {"result": "ERROR"}
        if not config:
            config = CRITsConfig.objects().first()
        # Make sure we have the rquired settings, else return failure
        if not config.ldap_server or not config.ldap_userdn:
            return resp
        ldap_server = config.ldap_server.split(':')
        scheme = "ldap"
        if config.ldap_tls:
            scheme = "ldaps"
        url = ldapurl.LDAPUrl('%s://%s' % (scheme, ldap_server[0]))
        if len(ldap_server) == 2:
            l = ldap.initialize('%s:%s' % (url.unparse(),
                                           ldap_server[1]))
        else:
            l = ldap.initialize(url.unparse())
        l.protocol_version = 3
        l.set_option(ldap.OPT_REFERRALS, 0)
        l.set_option(ldap.OPT_TIMEOUT, 10)
        # setup auth for custom cn's
        cn = "cn="
        if config.ldap_usercn:
            cn = config.ldap_usercn
        # two-step ldap binding
        if len(config.ldap_bind_dn) > 0:
            try:
            	logger.info("binding with bind_dn: %s" % config.ldap_bind_dn)
            	l.simple_bind_s(config.ldap_bind_dn, config.ldap_bind_password)
            	filter = '(|(cn='+self.username+')(uid='+self.username+')(mail='+self.username+'))'
            	# use the retrieved dn for the second bind
            	un = l.search_s(config.ldap_userdn,ldap.SCOPE_SUBTREE,filter,['dn'])[0][0]
            except Exception as err:
            	#logger.error("Error binding to LDAP for: %s" % config.ldap_bind_dn)
            	logger.error("Error in info_from_ldap: %s" % err)
            l.unbind()
            if len(ldap_server) == 2:
                l = ldap.initialize('%s:%s' % (url.unparse(),
                                               ldap_server[1]))
            else:
                l = ldap.initialize(url.unparse())
            l.protocol_version = 3
            l.set_option(ldap.OPT_REFERRALS, 0)
            l.set_option(ldap.OPT_TIMEOUT, 10)
        else:
            un = self.username
        # setup auth for custom cn's
        if len(config.ldap_usercn) > 0:
            un = "%s%s,%s" % (config.ldap_usercn,
                              self.username,
                              config.ldap_userdn)
        elif "@" in config.ldap_userdn:
            un = "%s%s" % (self.username, config.ldap_userdn)
	try:
            # Try auth bind first
            l.simple_bind_s(un, password)
            logger.info("Bound to LDAP for: %s" % un)
        except Exception as e:
            #logger.error("Error binding to LDAP for: %s" % self.username)
            logger.error("info_from_ldap:ERR: %s" % e)
        try:
            uatr = None
            uatr = l.search_s(config.ldap_userdn,
                              ldap.SCOPE_SUBTREE,
                              '(|(cn='+self.username+')(uid='+self.username+'))'
                              )[0][1]
            resp['first_name'] = uatr['givenName'][0]
            resp['last_name'] = uatr['sn'][0]
            resp['email'] = uatr['mail'][0]
            resp['result'] = "OK"
            logger.info("Retrieved LDAP info for: %s" % self.username)
        except Exception as e:
            #logger.error("Error retrieving LDAP info for: %s" % self.username)
            logger.error("info_from_ldap ERR: %s" % e)
        l.unbind()
        return resp