def _GetHuntObj(self, hunt_id, token=None): if data_store.RelationalDBEnabled(): try: return data_store.REL_DB.ReadHuntObject(str(hunt_id)) except db.UnknownHuntError: raise api_call_handler_base.ResourceNotFoundError( "Hunt with id %s could not be found" % hunt_id) else: hunt_urn = hunt_id.ToURN() try: return aff4.FACTORY.Open( hunt_urn, aff4_type=implementation.GRRHunt, token=token) except aff4.InstantiationError: raise api_call_handler_base.ResourceNotFoundError( "Hunt with id %s could not be found" % hunt_id)
def Handle(self, args, token=None): if not args.timestamp: age = rdfvalue.RDFDatetime.Now() else: age = rdfvalue.RDFDatetime(args.timestamp) api_client = None if data_store.RelationalDBReadEnabled(): client_id = unicode(args.client_id) info = data_store.REL_DB.ReadClientFullInfo(client_id) if info is None: raise api_call_handler_base.ResourceNotFoundError() if args.timestamp: # Assume that a snapshot for this particular timestamp exists. snapshots = data_store.REL_DB.ReadClientSnapshotHistory( client_id, timerange=(args.timestamp, args.timestamp)) if snapshots: info.last_snapshot = snapshots[0] info.last_startup_info = snapshots[0].startup_info api_client = ApiClient().InitFromClientInfo(info) else: client = aff4.FACTORY.Open(args.client_id.ToClientURN(), aff4_type=aff4_grr.VFSGRRClient, age=age, token=token) api_client = ApiClient().InitFromAff4Object(client) UpdateClientsFromFleetspeak([api_client]) return api_client
def _GetHuntObj(self, hunt_id, token=None): hunt_urn = hunt_id.ToURN() try: return aff4.FACTORY.Open( hunt_urn, aff4_type=implementation.GRRHunt, token=token) except aff4.InstantiationError: raise api_call_handler_base.ResourceNotFoundError( "Hunt with id %s could not be found" % hunt_id)
def Handle(self, args, token=None): if not args.username: raise ValueError("username can't be empty.") try: data_store.REL_DB.DeleteGRRUser(args.username) except db.UnknownGRRUserError as e: raise api_call_handler_base.ResourceNotFoundError(e)
def Handle(self, args, token=None): if not args.username: raise ValueError("username can't be empty.") try: user = data_store.REL_DB.ReadGRRUser(args.username) return api_user.ApiGrrUser().InitFromDatabaseObject(user) except db.UnknownGRRUserError as e: raise api_call_handler_base.ResourceNotFoundError(e)
def _HandleAff4(self, args, token=None): user_urn = aff4.ROOT_URN.Add("users").Add(args.username) try: fd = aff4.FACTORY.Open(user_urn, aff4_type=users.GRRUser, mode="r", token=token) return api_user.ApiGrrUser().InitFromAff4Object(fd) except aff4.InstantiationError: raise api_call_handler_base.ResourceNotFoundError( "GRR user with username '%s' could not be found." % args.username)
def _HandleAff4(self, args, token): user_urn = aff4.ROOT_URN.Add("users").Add(args.username) events.Events.PublishEvent("Audit", rdf_events.AuditEvent(user=token.username, action="USER_DELETE", urn=user_urn), token=token) if not aff4.FACTORY.ExistsWithType( user_urn, aff4_type=users.GRRUser, token=token): raise api_call_handler_base.ResourceNotFoundError( "GRR user with username '%s' could not be found." % args.username) aff4.FACTORY.Delete(user_urn, token=token)
def GetCollectedTimeline(self, args, token=None): try: flow = data_store.REL_DB.ReadFlowObject( str(args.client_id), str(args.flow_id)) except db.UnknownFlowError: raise api_call_handler_base.ResourceNotFoundError( "Flow with client id %s and flow id %s could not be found" % (args.client_id, args.flow_id)) if flow.flow_class_name != timeline.TimelineFlow.__name__: raise ValueError("Flow '{}' is not a timeline flow".format(flow.flow_id)) # Check for client access if this flow was not scheduled as part of a hunt. if flow.parent_hunt_id != flow.flow_id: self.access_checker.CheckClientAccess(token.username, args.client_id) return self.delegate.GetCollectedTimeline(args, token=token)
def Handle(self, args, context=None): client_id = str(args.client_id) info = data_store.REL_DB.ReadClientFullInfo(client_id) if info is None: raise api_call_handler_base.ResourceNotFoundError() if args.timestamp: # Assume that a snapshot for this particular timestamp exists. snapshots = data_store.REL_DB.ReadClientSnapshotHistory( client_id, timerange=(args.timestamp, args.timestamp)) if snapshots: info.last_snapshot = snapshots[0] info.last_startup_info = snapshots[0].startup_info api_client = ApiClient().InitFromClientInfo(info) UpdateClientsFromFleetspeak([api_client]) return api_client
def GetOsqueryResults( self, args: api_osquery.ApiGetOsqueryResultsArgs, context: Optional[api_call_context.ApiCallContext] = None, ): try: flow = data_store.REL_DB.ReadFlowObject(str(args.client_id), str(args.flow_id)) except db.UnknownFlowError: raise api_call_handler_base.ResourceNotFoundError( "Flow with client id %s and flow id %s could not be found" % (args.client_id, args.flow_id)) if flow.flow_class_name != osquery.OsqueryFlow.__name__: raise ValueError("Flow '{}' is not an osquery flow".format( flow.flow_id)) # Check for client access if this flow was not scheduled as part of a hunt. if flow.parent_hunt_id != flow.flow_id: self.access_checker.CheckClientAccess(context, args.client_id) return self.delegate.GetOsqueryResults(args, context=context)
def FailureNotFound(self, args, context=None): raise api_call_handler_base.ResourceNotFoundError()
def _GetHuntObj(self, hunt_id, token=None): try: return data_store.REL_DB.ReadHuntObject(str(hunt_id)) except db.UnknownHuntError: raise api_call_handler_base.ResourceNotFoundError( "Hunt with id %s could not be found" % hunt_id)
def _HandleRelational(self, args): try: user = data_store.REL_DB.ReadGRRUser(args.username) return api_user.ApiGrrUser().InitFromDatabaseObject(user) except db.UnknownGRRUserError as e: raise api_call_handler_base.ResourceNotFoundError(e)
def _HandleRelational(self, args): try: data_store.REL_DB.DeleteGRRUser(args.username) except db.UnknownGRRUserError as e: raise api_call_handler_base.ResourceNotFoundError(e)