def testGetAllUserSummaries(self):
config_updater_util.CreateUser(
"foo_user1", password="******", is_admin=False)
config_updater_util.CreateUser(
"foo_user2", password="******", is_admin=True)
expected_summaries = ("Username: foo_user1\nIs Admin: False\n\n"
"Username: foo_user2\nIs Admin: True")
self.assertMultiLineEqual(config_updater_util.GetAllUserSummaries(),
expected_summaries)
def testGetUserSummary(self):
config_updater_util.CreateUser("foo_user",
password="******",
is_admin=False)
self.assertMultiLineEqual(
config_updater_util.GetUserSummary("foo_user"),
"Username: foo_user\nIs Admin: False")
def testDeleteUser(self):
config_updater_util.CreateUser(
"foo_user", password="******", is_admin=False)
self.assertNotEmpty(config_updater_util.GetUserSummary("foo_user"))
config_updater_util.DeleteUser("foo_user")
with self.assertRaises(config_updater_util.UserNotFoundError):
config_updater_util.GetUserSummary("foo_user")
def testUpdateUser(self):
config_updater_util.CreateUser(
"foo_user", password="******", is_admin=False)
self._AssertStoredUserDetailsAre("foo_user", "foo_password1", False)
config_updater_util.UpdateUser(
"foo_user", password="******", is_admin=True)
self._AssertStoredUserDetailsAre("foo_user", "foo_password2", True)
def testCreateAlreadyExistingUser(self):
config_updater_util.CreateUser("foo_user", password="******")
with self.assertRaises(config_updater_util.UserAlreadyExistsError):
config_updater_util.CreateUser("foo_user",
password="******")
def testCreateStandardUser(self):
config_updater_util.CreateUser("foo_user",
password="******",
is_admin=False)
self._AssertStoredUserDetailsAre("foo_user", "foo_password", False)
def testCreateAdminUser(self, getpass_mock):
getpass_mock.return_value = "foo_password"
config_updater_util.CreateUser("foo_user", is_admin=True)
self._AssertStoredUserDetailsAre("foo_user", "foo_password", True)
def main(args):
"""Main."""
grr_config.CONFIG.AddContext(contexts.COMMAND_LINE_CONTEXT)
grr_config.CONFIG.AddContext(contexts.CONFIG_UPDATER_CONTEXT)
if args.subparser_name == "initialize":
config_lib.ParseConfigCommandLine()
if args.noprompt:
config_updater_util.InitializeNoPrompt(
grr_config.CONFIG,
external_hostname=args.external_hostname,
admin_password=args.admin_password,
mysql_hostname=args.mysql_hostname,
mysql_port=args.mysql_port,
mysql_username=args.mysql_username,
mysql_password=args.mysql_password,
mysql_db=args.mysql_db,
mysql_client_key_path=args.mysql_client_key_path,
mysql_client_cert_path=args.mysql_client_cert_path,
mysql_ca_cert_path=args.mysql_ca_cert_path,
redownload_templates=args.redownload_templates,
repack_templates=not args.norepack_templates)
else:
config_updater_util.Initialize(
grr_config.CONFIG,
external_hostname=args.external_hostname,
admin_password=args.admin_password,
redownload_templates=args.redownload_templates,
repack_templates=not args.norepack_templates)
return
server_startup.Init()
try:
print("Using configuration %s" % grr_config.CONFIG)
except AttributeError:
raise RuntimeError("No valid config specified.")
if args.subparser_name == "generate_keys":
try:
config_updater_keys_util.GenerateKeys(
grr_config.CONFIG, overwrite_keys=args.overwrite_keys)
except RuntimeError as e:
# GenerateKeys will raise if keys exist and overwrite_keys is not set.
print("ERROR: %s" % e)
sys.exit(1)
grr_config.CONFIG.Write()
elif args.subparser_name == "repack_clients":
upload = not args.noupload
repacking.TemplateRepacker().RepackAllTemplates(upload=upload)
elif args.subparser_name == "show_user":
if args.username:
print(config_updater_util.GetUserSummary(args.username))
else:
print(config_updater_util.GetAllUserSummaries())
elif args.subparser_name == "update_user":
config_updater_util.UpdateUser(args.username,
password=args.password,
is_admin=args.admin)
elif args.subparser_name == "delete_user":
config_updater_util.DeleteUser(args.username)
elif args.subparser_name == "add_user":
config_updater_util.CreateUser(args.username,
password=args.password,
is_admin=args.admin)
elif args.subparser_name == "upload_python":
config_updater_util.UploadSignedBinary(
args.file,
rdf_objects.SignedBinaryID.BinaryType.PYTHON_HACK,
args.platform,
upload_subdirectory=args.upload_subdirectory)
elif args.subparser_name == "upload_exe":
config_updater_util.UploadSignedBinary(
args.file,
rdf_objects.SignedBinaryID.BinaryType.EXECUTABLE,
args.platform,
upload_subdirectory=args.upload_subdirectory)
elif args.subparser_name == "set_var":
var = args.var
val = args.val
config = grr_config.CONFIG
print("Setting %s to %s" % (var, val))
if val.startswith("["): # Allow setting of basic lists.
val = val[1:-1].split(",")
config.Set(var, val)
config.Write()
elif args.subparser_name == "switch_datastore":
config_updater_util.SwitchToRelDB(grr_config.CONFIG)
grr_config.CONFIG.Write()
elif args.subparser_name == "upload_artifact":
with io.open(args.file, "r") as filedesc:
source = filedesc.read()
try:
artifact.UploadArtifactYamlFile(source,
overwrite=args.overwrite_artifact)
except rdf_artifacts.ArtifactDefinitionError as e:
print("Error %s. You may need to set --overwrite_artifact." % e)
elif args.subparser_name == "delete_artifacts":
artifact_list = args.artifact
if not artifact_list:
raise ValueError("No artifact to delete given.")
artifact_registry.DeleteArtifactsFromDatastore(artifact_list)
print("Artifacts %s deleted." % artifact_list)
elif args.subparser_name == "rotate_server_key":
print("""
You are about to rotate the server key. Note that:
- Clients might experience intermittent connection problems after
the server keys rotated.
- It's not possible to go back to an earlier key. Clients that see a
new certificate will remember the cert's serial number and refuse
to accept any certificate with a smaller serial number from that
point on.
""")
if input("Continue? [yN]: ").upper() == "Y":
if args.keylength:
keylength = int(args.keylength)
else:
keylength = grr_config.CONFIG["Server.rsa_key_length"]
maintenance_utils.RotateServerKey(cn=args.common_name,
keylength=keylength)
def main(argv):
"""Main."""
del argv # Unused.
if flags.FLAGS.subparser_name == "version":
version = config_server.VERSION["packageversion"]
print("GRR configuration updater {}".format(version))
return
token = config_updater_util.GetToken()
grr_config.CONFIG.AddContext(contexts.COMMAND_LINE_CONTEXT)
grr_config.CONFIG.AddContext(contexts.CONFIG_UPDATER_CONTEXT)
if flags.FLAGS.subparser_name == "initialize":
config_lib.ParseConfigCommandLine()
if flags.FLAGS.noprompt:
config_updater_util.InitializeNoPrompt(grr_config.CONFIG,
token=token)
else:
config_updater_util.Initialize(grr_config.CONFIG, token=token)
return
server_startup.Init()
try:
print("Using configuration %s" % grr_config.CONFIG)
except AttributeError:
raise RuntimeError("No valid config specified.")
if flags.FLAGS.subparser_name == "generate_keys":
try:
config_updater_util.GenerateKeys(
grr_config.CONFIG, overwrite_keys=flags.FLAGS.overwrite_keys)
except RuntimeError as e:
# GenerateKeys will raise if keys exist and overwrite_keys is not set.
print("ERROR: %s" % e)
sys.exit(1)
grr_config.CONFIG.Write()
elif flags.FLAGS.subparser_name == "repack_clients":
upload = not flags.FLAGS.noupload
repacking.TemplateRepacker().RepackAllTemplates(upload=upload,
token=token)
elif flags.FLAGS.subparser_name == "show_user":
if flags.FLAGS.username:
print(config_updater_util.GetUserSummary(flags.FLAGS.username))
else:
print(config_updater_util.GetAllUserSummaries())
elif flags.FLAGS.subparser_name == "update_user":
config_updater_util.UpdateUser(flags.FLAGS.username,
password=flags.FLAGS.password,
is_admin=flags.FLAGS.admin)
elif flags.FLAGS.subparser_name == "delete_user":
config_updater_util.DeleteUser(flags.FLAGS.username)
elif flags.FLAGS.subparser_name == "add_user":
config_updater_util.CreateUser(flags.FLAGS.username,
password=flags.FLAGS.password,
is_admin=flags.FLAGS.admin)
elif flags.FLAGS.subparser_name == "upload_python":
config_updater_util.UploadSignedBinary(
flags.FLAGS.file,
rdf_objects.SignedBinaryID.BinaryType.PYTHON_HACK,
flags.FLAGS.platform,
upload_subdirectory=flags.FLAGS.upload_subdirectory,
token=token)
elif flags.FLAGS.subparser_name == "upload_exe":
config_updater_util.UploadSignedBinary(
flags.FLAGS.file,
rdf_objects.SignedBinaryID.BinaryType.EXECUTABLE,
flags.FLAGS.platform,
upload_subdirectory=flags.FLAGS.upload_subdirectory,
token=token)
elif flags.FLAGS.subparser_name == "set_var":
config = grr_config.CONFIG
print("Setting %s to %s" % (flags.FLAGS.var, flags.FLAGS.val))
if flags.FLAGS.val.startswith("["): # Allow setting of basic lists.
flags.FLAGS.val = flags.FLAGS.val[1:-1].split(",")
config.Set(flags.FLAGS.var, flags.FLAGS.val)
config.Write()
elif flags.FLAGS.subparser_name == "upload_artifact":
yaml.load(open(flags.FLAGS.file, "rb")) # Check it will parse.
try:
artifact.UploadArtifactYamlFile(
open(flags.FLAGS.file, "rb").read(),
overwrite=flags.FLAGS.overwrite_artifact)
except rdf_artifacts.ArtifactDefinitionError as e:
print("Error %s. You may need to set --overwrite_artifact." % e)
elif flags.FLAGS.subparser_name == "delete_artifacts":
artifact_list = flags.FLAGS.artifact
if not artifact_list:
raise ValueError("No artifact to delete given.")
artifact_registry.DeleteArtifactsFromDatastore(artifact_list,
token=token)
print("Artifacts %s deleted." % artifact_list)
elif flags.FLAGS.subparser_name == "download_missing_rekall_profiles":
print("Downloading missing Rekall profiles.")
s = rekall_profile_server.GRRRekallProfileServer()
s.GetMissingProfiles()
elif flags.FLAGS.subparser_name == "rotate_server_key":
print("""
You are about to rotate the server key. Note that:
- Clients might experience intermittent connection problems after
the server keys rotated.
- It's not possible to go back to an earlier key. Clients that see a
new certificate will remember the cert's serial number and refuse
to accept any certificate with a smaller serial number from that
point on.
""")
if builtins.input("Continue? [yN]: ").upper() == "Y":
if flags.FLAGS.keylength:
keylength = int(flags.FLAGS.keylength)
else:
keylength = grr_config.CONFIG["Server.rsa_key_length"]
maintenance_utils.RotateServerKey(cn=flags.FLAGS.common_name,
keylength=keylength)
