def __validate(self, oid):
"""Validate and use the given id for this ObjectId.
Raises TypeError if id is not an instance of
(:class:`basestring` (:class:`str` or :class:`bytes`
in python 3), ObjectId) and InvalidId if it is not a
valid ObjectId.
:Parameters:
- `oid`: a valid ObjectId
"""
if isinstance(oid, ObjectId):
self.__id = oid.__id
elif isinstance(oid, string_types):
if len(oid) == 12:
if isinstance(oid, binary_type):
self.__id = oid
else:
raise InvalidId("%s is not a valid ObjectId" % oid)
elif len(oid) == 24:
try:
self.__id = bytes_from_hex(oid)
except (TypeError, ValueError):
raise InvalidId("%s is not a valid ObjectId" % oid)
else:
raise InvalidId("%s is not a valid ObjectId" % oid)
else:
raise TypeError(
"id must be an instance of (%s, %s, ObjectId), "
"not %s" %
(binary_type.__name__, text_type.__name__, type(oid)))
def haproxy_clone(request, object_id):
""" HAProxy view used to clone an HAProxySettings object
:param request: Django request object
:param object_id: MongoDB object_id of an HAProxySettings
"""
""" (try to) Retrieve object from id in MongoDB """
try:
haproxy_model = HAProxySettings.objects.get(pk=object_id)
if not haproxy_model:
raise InvalidId()
except InvalidId:
return HttpResponseForbidden("Injection detected")
except HAProxySettings.DoesNotExist:
return HttpResponseRedirect('/services/haproxy/')
# members = balancer.members
# members_list = list()
# for member in members:
# member.pk=None
# member.save()
# members_list.append(member)
haproxy_model.pk = None
haproxy_model.name = 'Copy of ' + str(haproxy_model.name)
# balancer.members = members_list
haproxy_model.save()
logger.info(haproxy_model.__dict__)
return HttpResponseRedirect("/services/haproxy/")
def authenticate(self, credentials, **kwargs):
urls = self.application.get_sso_urls()
redis_session = kwargs['redis_session']
kerberos_repo = KerberosRepository.objects.with_id(ObjectId(self.backend_id))
if not kerberos_repo:
raise InvalidId("")
# Set headers
kerberos_TGT = kerberos_repo.get_backend().create_tgt(self.backend_id, credentials['kerberos_username'], credentials['kerberos_password'], self.application.app_krb_service)
if kerberos_TGT:
logger.debug("SSOForwardKRB5::authenticate: TGT successfully created with credentials for user '{}'".format(credentials['kerberos_username']))
self.sso_client.session.headers.update({'Authorization':'Negotiate %s'%str(kerberos_TGT)})
url, response = self.sso_client.get(urls, self.application.sso_forward_follow_redirect)
logger.info("SSOForwardKRB5::authenticate: URL '{}' successfully gotten with Kerberos TGT".format(url))
#### POSSIBILITY OF VERIFY CREDENTIALS => IF RESPONSE.STATUS_CODE == 401
if not self.application.sso_forward_only_login:
redis_session.setKrb5Infos(credentials['kerberos_username'], self.application.app_krb_service, self.backend_id)
logger.debug("SSOForwardKRB5::authenticate: Kerberos infos for user '{}' successfully written in Redis session".format(credentials['kerberos_username']))
return response
def ntp_view(request, object_id=None):
""" """
# Retrieving cluster configuration
cluster = Cluster.objects.get()
ntp_status = {}
# Object_id is defined => we are configuring a Node
if object_id is not None:
try:
node = Node.objects.with_id(ObjectId(object_id))
if not node:
raise InvalidId()
except InvalidId:
return HttpResponseForbidden("Injection detected.")
system_settings = node.system_settings
status = node.api_request("/api/services/ntp/status/")
if isinstance(status, bool) and not status:
# API Request returned False
ntp_status[node.name] = ("ERROR", "Error on node {}.".format(node.name))
# We are configuring Cluster
else:
system_settings = cluster.system_settings
cluster_api_status = cluster.api_request("/api/services/ntp/status/")
for node in cluster.members:
# If node is down, result = False
node_res = (cluster_api_status.get(node.name, {}) or {}).get('result', False)
if isinstance(node_res, bool) and not node_res:
ntp_status[node.name] = ("ERROR", "Cannot contact node")
else:
ntp_status[node.name] = node_res
# Instantiate form
form = NTPSettingsForm(request.POST or None,
instance=system_settings.ntp_settings)
# form validation
if request.method == 'POST' and form.is_valid():
ntp_conf = form.save(commit=False)
system_settings.ntp_settings = ntp_conf
# We are configuring Node
if object_id:
# Node will use Cluster settings
if ntp_conf.cluster_based_conf:
node.system_settings.ntp_settings = None
node.save()
else:
cluster.save()
return render_to_response('ntp.html',
{'form': form, 'ntp_status': ntp_status,
'cluster': cluster, 'object_id': object_id},
context_instance=RequestContext(request))
def __validate(self, oid):
"""Validate and use the given id for this ObjectId.
Raises TypeError if id is not an instance of (str, ObjectId) and
InvalidId if it is not a valid ObjectId.
:Parameters:
- `oid`: a valid ObjectId
"""
if isinstance(oid, ObjectId):
self.__id = oid.__id
elif isinstance(oid, basestring):
if len(oid) == 12:
self.__id = oid
elif len(oid) == 24:
try:
self.__id = oid.decode("hex")
except TypeError:
raise InvalidId("%s is not a valid ObjectId" % oid)
else:
raise InvalidId("%s is not a valid ObjectId" % oid)
else:
raise TypeError("id must be an instance of (str, ObjectId), "
"not %s" % type(oid))
def store(_id, model_image_file):
model = models.find_one(_id)
if not model:
return InvalidId()
filename = model_filename(_id)
model_image_file.save(filename)
try:
torch.load(filename)
except:
os.remove(filename)
raise BadModelFormat
if model['attack_mode'] == 'black' or \
path.exists(dataset_filename(_id)):
models.set_ready(_id)
def logrotate_edit(request, object_id=None):
logrotate_model = None
if object_id:
try:
logrotate_model = LogRotateSettings.objects.get()
if not logrotate_model:
raise InvalidId()
except InvalidId:
return HttpResponseForbidden("Injection detected")
form = LogRotateForm(request.POST or None, instance=logrotate_model, error_class=DivErrorList)
if request.method == "POST" and form.is_valid():
logrotate_model = form.save(commit=False)
logrotate_model.save()
return HttpResponseRedirect('/services/logrotate/')
return render(request, 'services/logrotate_edit.html', {'form': form})
def haproxy_edit(request, object_id=None):
haproxy_model = None
if object_id:
try:
haproxy_model = HAProxySettings.objects.get(pk=object_id)
if not haproxy_model:
raise InvalidId()
except InvalidId:
return HttpResponseForbidden("Injection detected")
form = HAProxyForm(request.POST or None,
instance=haproxy_model,
error_class=DivErrorList)
if request.method == "POST" and form.is_valid():
haproxy_model = form.save(commit=False)
haproxy_model.save()
return HttpResponseRedirect('/services/haproxy/')
return render(request, 'services/haproxy_edit.html', {'form': form})
def convert_value_for_db(self, db_type, value):
if db_type is None or value is None:
return value
db_type, db_subtype = self._split_db_type(db_type)
if db_subtype is not None:
if isinstance(value, (set, list, tuple)):
# Sets are converted to lists here because MongoDB has no sets.
return [
self.convert_value_for_db(db_subtype, subvalue)
for subvalue in value
]
elif isinstance(value, dict):
return dict(
(key, self.convert_value_for_db(db_subtype, subvalue))
for key, subvalue in value.iteritems())
if isinstance(value, (set, list, tuple)):
# most likely a list of ObjectIds when doing a .delete() query
return [self.convert_value_for_db(db_type, val) for val in value]
if db_type == 'objectid':
try:
return ObjectId(value)
except InvalidId:
# Provide a better message for invalid IDs
assert isinstance(value, unicode)
if len(value) > 13:
value = value[:10] + '...'
msg = "AutoField (default primary key) values must be strings " \
"representing an ObjectId on MongoDB (got %r instead)" % value
if self.query.model._meta.db_table == 'django_site':
# Also provide some useful tips for (very common) issues
# with settings.SITE_ID.
msg += ". Please make sure your SITE_ID contains a valid ObjectId string."
raise InvalidId(msg)
# Pass values of any type not covered above as they are.
# PyMongo will complain if they can't be encoded.
return value
def _raise_invalid_id(oid):
raise InvalidId("%r is not a valid ObjectId, it must be a 12-byte input"
" of type %r or a 24-character hex string" %
(oid, binary_type.__name__))
def _raise_invalid_id(oid):
raise InvalidId(
"%r is not a valid ObjectId, it must be a 12-byte input"
" or a 24-character hex string" % oid)
def ssh_view(request, object_id = None):
""" """
ssh_status = {}
node_list = []
api_url = "/api/services/ssh"
popup = ""
# Retrieving cluster configuration
cluster = Cluster.objects.get()
# Object_id is defined => we are configuring a Node
if object_id is not None:
""" Verify if objectId id valid and exists in DB """
try:
node = Node.objects.with_id(ObjectId(object_id))
if not node:
raise InvalidId()
except InvalidId:
return HttpResponseForbidden('Injection detected')
system_settings = node.system_settings
node_or_cluster = node
node_list.append(node)
# Cluster configuration
else:
system_settings = cluster.system_settings
node_or_cluster = cluster
node_list = cluster.members
# Instantiate form
form = SSHSettingsForm(request.POST or None,
instance=system_settings.ssh_settings)
# form validation
if request.method == 'POST' and form.is_valid():
ssh_conf = form.save(commit=False)
node_or_cluster.system_settings.ssh_settings = ssh_conf
old_enabled = False if not system_settings.ssh_settings else system_settings.ssh_settings.enabled
# Save settings
node_or_cluster.save()
# If the admin wants to start the service
if not old_enabled and ssh_conf.enabled:
action_service = "start"
# If he wants to stop it
elif not ssh_conf.enabled:
action_service = "stop"
# Otherwise, restart it
else:
action_service = "restart"
api_result = node_or_cluster.api_request("{}/{}/".format(api_url, action_service))
if isinstance(node_or_cluster, Cluster):
for node in node_list:
node_result = api_result.get(node.name, {})
if not node_result:
popup = ("ERROR", "Error on node {}.".format(node.name))
else:
popup = node_result.get('result')
else:
if not api_result:
popup = ("ERROR", "Error on node {}.".format(node_or_cluster.name))
else:
popup = api_result.get('result')
# Sleep while service is stopping/starting before get its status
sleep(2)
# Service status part
if object_id:
status = node.api_request("{}/status/".format(api_url))
ssh_status[node.name] = ('ERROR', "Error on node {}.".format(node.name)) if not status else status.get('result')
if node.system_settings.ssh_settings and status and status.get('result'):
node.system_settings.ssh_settings.enabled = True if status.get('result', ['DOWN'])[0] == 'UP' else False
node.save(bootstrap=True)
else:
cluster_res = cluster.api_request("{}/status/".format(api_url))
for node in cluster.members:
# Keep database data up-to-date
node_info = cluster_res.get(node.name)
if node_info:
node_ssh_state = node_info.get('result', ['ERROR', "Error on node {}.".format(node.name)])
try:
ssh_status[node.name] = node_ssh_state
if node.system_settings.ssh_settings:
node.system_settings.ssh_settings.enabled = True if node_ssh_state[0] == 'UP' else False
node.save(bootstrap=True)
except AttributeError as e:
logger.error("SSH::view: Error while trying to parse for node {} status : {}".format(node.name, e))
else:
ssh_status[node.name] = ('ERROR', "Error on node {}.".format(node.name))
return render_to_response('ssh.html',
{'form': form, 'ssh_status': ssh_status, 'popup': popup,
'cluster': cluster, 'object_id': object_id},
context_instance=RequestContext(request))
def smtp_view(request, object_id=None):
"""
:param request:
:return:
"""
# Retrieving cluster configuration
cluster = Cluster.objects.get()
# Object_id is defined => we are configuring a Node
if object_id is not None:
try:
node = Node.objects.with_id(ObjectId(object_id))
if not node:
raise InvalidId()
except InvalidId:
return HttpResponseForbidden("Injection detected.")
system_settings = node.system_settings
# We are configuring Cluster
else:
system_settings = cluster.system_settings
# Instantiate form
form = SMTPSettingsForm(request.POST or None,
instance=system_settings.smtp_settings)
def perform_api_res(res, node_name):
if isinstance(res, bool) and not res:
return "ERROR", "Error on node {}.".format(node_name)
return res.get('result')
# form validation
popup = ""
if request.method == 'POST' and form.is_valid():
smtp_conf = form.save(commit=False)
system_settings.smtp_settings = smtp_conf
# We are configuring Node
if object_id:
# Node will use Cluster settings
if smtp_conf.cluster_based_conf:
node.system_settings.smtp_settings = None
node.save()
node_api_res = node.api_request("/api/services/smtp/restart/")
popup = perform_api_res(node_api_res, node.name)
else:
cluster.save()
cluster_api_res = cluster.api_request("/api/services/smtp/restart/")
for node in cluster.members:
popup = perform_api_res(cluster_api_res.get(node.name), node.name)
if popup[0] == "ERROR":
break
smtp_status = {}
if object_id:
node_api_res = node.api_request("/api/services/smtp/status/")
smtp_status[node.name] = perform_api_res(node_api_res, node.name)
else:
cluster.save()
cluster_api_res = cluster.api_request("/api/services/smtp/status/")
for node in cluster.members:
smtp_status[node.name] = perform_api_res(cluster_api_res.get(node.name), node.name)
return render_to_response('smtp.html',
{'form': form, 'cluster': cluster, 'smtp_status': smtp_status,
'object_id': object_id, 'popup': popup},
context_instance=RequestContext(request))
def dns_view(request, object_id=None):
""" """
# Retrieving cluster configuration
cluster = Cluster.objects.get()
# Object_id is defined => we are configuring a Node
if object_id:
try:
node = Node.objects.with_id(ObjectId(object_id))
if not node:
raise InvalidId()
except InvalidId:
return HttpResponseForbidden("Injection detected")
system_settings = node.system_settings
# We are configuring Cluster
else:
system_settings = cluster.system_settings
# Instantiate form
form = DNSSettingsForm(request.POST or None, instance=system_settings.dns_settings,
error_class=DivErrorList)
popup = ""
api_url_dns = "/api/services/dns"
# form validation
if request.method == 'POST' and form.is_valid():
dns_conf = form.save(commit=False)
system_settings.dns_settings = dns_conf
# We are configuring Node
if object_id:
# Node will use Cluster settings
if dns_conf.cluster_based_conf:
node.system_settings.dns_settings = None
node.save()
#
restart_res = node.api_request("{}/restart/".format(api_url_dns))
if not isinstance(restart_res, bool):
try:
popup = restart_res['result']
except:
popup = ['ERROR', "Cannot retrieve service results"]
elif not restart_res:
popup = ["ERROR", "Cannot contact node".format(node.name)]
else:
popup = ["UP", "Configuration applied"]
else:
cluster.save()
restart_cluster_res = cluster.api_request("/api/services/dns/restart/")
for node in cluster.members:
restart_res = restart_cluster_res.get(node.name)
if not isinstance(restart_res, bool):
try:
popup = restart_res.get('result')
except:
popup = ['ERROR', "Cannot retrieve service results"]
break
elif not restart_res:
popup = ["ERROR", "Cannot contact node ".format(node.name)]
break
else:
popup = ["UP", "Configuration applied"]
return render_to_response('dns.html',
{'form': form, 'cluster': cluster, 'popup': popup,
'object_id': object_id},
context_instance=RequestContext(request))
def agent_zabbix_view(request, object_id=None):
""" """
# API url of zabbix-agent status
api_url_zabbix = "/api/services/zabbix"
# Retrieving cluster configuration
cluster = Cluster.objects.get()
zabbix_status = {}
nodes = []
popup = ""
# Object_id is defined => we are configuring a Node
if object_id:
try:
node_or_cluster = Node.objects.with_id(ObjectId(object_id))
if not node_or_cluster:
raise InvalidId()
except InvalidId:
return HttpResponseForbidden("Injection detected")
system_settings = node_or_cluster.system_settings
nodes.append(node_or_cluster)
# Instantiate form
form = ZabbixAgentForm(request.POST or None, instance=system_settings.zabbix_settings, node=node_or_cluster,
error_class=DivErrorList)
# form validation
if request.method == 'POST' and form.is_valid():
zabbix_conf = form.save(commit=False)
zabbix_conf.save()
old_enabled = None
if system_settings.zabbix_settings:
old_enabled = system_settings.zabbix_settings.enabled
system_settings.zabbix_settings = zabbix_conf
# We are configuring Node
node_or_cluster.save()
action_service = ""
# If the admin wants to disable the service
if not zabbix_conf.enabled:
action_service = "stop"
elif not old_enabled:
# If the field enabled was True and is false: stop service
action_service = "start"
else:
action_service = "restart"
if action_service:
result = node_or_cluster.api_request("{}/{}/".format(api_url_zabbix, action_service))
if not isinstance(result, bool):
popup = result['result']
elif not result:
popup = ["ERROR", "Node {} is dead.".format(node_or_cluster.name)]
# Sleep while service is stopping/starting before get its status
sleep(2)
else:
form = ZabbixAgentForm(None)
node_or_cluster = cluster
nodes = node_or_cluster.members
# Get status of cluster or node if object_id
status = node_or_cluster.api_request("{}/status/".format(api_url_zabbix))
# Keep database data up-to-date
for node in nodes:
if isinstance(status, bool) and not status:
zabbix_status[node.name] = ("DEAD", "Cannot contact node ")
continue
node_info = status.get(node.name) or status
if node_info:
try:
# If the object Zabbix of SystemSettings is not None
if node.system_settings.zabbix_settings:
# Retrieve api/status result and set-it into Mongo
state = node_info.get('result', ["ERROR", "Cannot get api_request results"])
# And send the status to the HTML template
zabbix_status[node.name] = state
if node.system_settings.zabbix_settings.enabled and state[0] == "DOWN":
zabbix_status[node.name] = ["DOWN", "Please check zabbix log file"]
else:
state = ("NOT CONFIGURED", "Please SAVE to configure node ")
zabbix_status[node.name] = state
except Exception as e:
logger.error("Zabbix::view: Error while trying to parse zabbix status : {}".format(e))
return render_to_response('zabbix_agent.html',
{'form': form, 'zabbix_status': zabbix_status, 'cluster': cluster,
'object_id': object_id, 'popup': popup}, context_instance=RequestContext(request))
