// flyAction moves an action file to the InFlight directory and // write it to database func flyAction(ctx Context, a mig.Action, origin string) (err error) { defer func() { if e := recover(); e != nil { err = fmt.Errorf("flyAction() -> %v", e) } ctx.Channels.Log <- mig.Log{ActionID: a.ID, Desc: "leaving flyAction()"}.Debug() }() // move action to inflight dir jsonA, err := json.Marshal(a) if err != nil { panic(err) } dest := fmt.Sprintf("%s/%.0f.json", ctx.Directories.Action.InFlight, a.ID) err = safeWrite(ctx, dest, jsonA) if err != nil { panic(err) } // remove the action from its origin os.Remove(origin) if err != nil { panic(err) } a.Status = "inflight" err = ctx.DB.UpdateActionStatus(a) if err != nil { panic(err) } desc := fmt.Sprintf("flyAction(): Action '%s' is in flight", a.Name) ctx.Channels.Log <- mig.Log{OpID: ctx.OpID, ActionID: a.ID, Desc: desc}.Debug() return }
// invalidAction marks actions that have failed to run func invalidAction(ctx Context, a mig.Action, origin string) (err error) { defer func() { if e := recover(); e != nil { err = fmt.Errorf("invalidAction() -> %v", e) } ctx.Channels.Log <- mig.Log{ActionID: a.ID, Desc: "leaving invalidAction()"}.Debug() }() // move action to invalid dir jsonA, err := json.Marshal(a) if err != nil { panic(err) } dest := fmt.Sprintf("%s/%.0f.json", ctx.Directories.Action.Invalid, a.ID) err = safeWrite(ctx, dest, jsonA) if err != nil { panic(err) } // remove the action from its origin os.Remove(origin) if err != nil { panic(err) } a.Status = "invalid" a.LastUpdateTime = time.Now().UTC() a.FinishTime = time.Now().UTC() a.Counters.Sent = 0 err = ctx.DB.UpdateAction(a) if err != nil { panic(err) } desc := fmt.Sprintf("invalidAction(): Action '%s' has been marked as invalid.", a.Name) ctx.Channels.Log <- mig.Log{OpID: ctx.OpID, ActionID: a.ID, Desc: desc}.Debug() return }
// FinishAction updates the action fields to mark it as done func (db *DB) FinishAction(a mig.Action) (err error) { a.FinishTime = time.Now() a.Status = "completed" _, err = db.c.Exec(`UPDATE actions SET (finishtime, lastupdatetime, status) = ($1, $2, $3) WHERE id=$4`, a.FinishTime, a.LastUpdateTime, a.Status, a.ID) if err != nil { return fmt.Errorf("Failed to update action: '%v'", err) } return }
// landAction moves an action file to the Done directory and // updates it in database func landAction(ctx Context, a mig.Action) (err error) { defer func() { if e := recover(); e != nil { err = fmt.Errorf("landAction() -> %v", e) } ctx.Channels.Log <- mig.Log{ActionID: a.ID, Desc: "leaving landAction()"}.Debug() }() // update status and timestamps a.Status = "done" a.FinishTime = time.Now().UTC() duration := a.FinishTime.Sub(a.StartTime) // log desc := fmt.Sprintf("action has completed in %s", duration.String()) ctx.Channels.Log <- mig.Log{OpID: ctx.OpID, ActionID: a.ID, Desc: desc} // move action to done dir jsonA, err := json.Marshal(a) if err != nil { panic(err) } dest := fmt.Sprintf("%s/%.0f.json", ctx.Directories.Action.Done, a.ID) err = safeWrite(ctx, dest, jsonA) if err != nil { panic(err) } // remove the action from its origin origin := fmt.Sprintf("%s/%.0f.json", ctx.Directories.Action.InFlight, a.ID) os.Remove(origin) if err != nil { panic(err) } err = ctx.DB.FinishAction(a) if err != nil { panic(err) } desc = fmt.Sprintf("landAction(): Action '%s' has landed", a.Name) ctx.Channels.Log <- mig.Log{OpID: ctx.OpID, ActionID: a.ID, Desc: desc}.Debug() return }
// processNewAction is called when a new action is available. It pulls // the action from the directory, parse it, retrieve a list of targets from // the backend database, and create individual command for each target. func processNewAction(actionPath string, ctx Context) (err error) { var action mig.Action defer func() { if e := recover(); e != nil { err = fmt.Errorf("processNewAction() -> %v", e) } ctx.Channels.Log <- mig.Log{OpID: ctx.OpID, ActionID: action.ID, Desc: "leaving processNewAction()"}.Debug() }() // load the action file action, err = mig.ActionFromFile(actionPath) if err != nil { panic(err) } action.StartTime = time.Now() // generate an action id if action.ID < 1 { action.ID = mig.GenID() } desc := fmt.Sprintf("new action received: Name='%s' Target='%s' ValidFrom='%s' ExpireAfter='%s'", action.Name, action.Target, action.ValidFrom, action.ExpireAfter) ctx.Channels.Log <- mig.Log{OpID: ctx.OpID, ActionID: action.ID, Desc: desc} // TODO: replace with action.Validate(), to include signature verification if time.Now().Before(action.ValidFrom) { // queue new action desc := fmt.Sprintf("action '%s' is not ready for scheduling", action.Name) ctx.Channels.Log <- mig.Log{OpID: ctx.OpID, ActionID: action.ID, Desc: desc}.Debug() return } if time.Now().After(action.ExpireAfter) { ctx.Channels.Log <- mig.Log{OpID: ctx.OpID, ActionID: action.ID, Desc: fmt.Sprintf("action '%s' is expired. invalidating.", action.Name)} err = invalidAction(ctx, action, actionPath) if err != nil { panic(err) } return } // find target agents for the action agents, err := ctx.DB.ActiveAgentsByTarget(action.Target) if err != nil { panic(err) } action.Counters.Sent = len(agents) if action.Counters.Sent == 0 { err = fmt.Errorf("No agents found for target '%s'. invalidating action.", action.Target) err = invalidAction(ctx, action, actionPath) if err != nil { panic(err) } } ctx.Channels.Log <- mig.Log{OpID: ctx.OpID, ActionID: action.ID, Desc: fmt.Sprintf("Found %d target agents", action.Counters.Sent)} action.Status = "preparing" inserted, err := ctx.DB.InsertOrUpdateAction(action) if err != nil { panic(err) } if inserted { // action was inserted, and not updated, so we need to insert // the signatures as well astr, err := action.String() if err != nil { panic(err) } for _, sig := range action.PGPSignatures { pubring, err := getPubring(ctx) if err != nil { panic(err) } fp, err := pgp.GetFingerprintFromSignature(astr, sig, pubring) if err != nil { panic(err) } inv, err := ctx.DB.InvestigatorByFingerprint(fp) if err != nil { panic(err) } err = ctx.DB.InsertSignature(action.ID, inv.ID, sig) if err != nil { panic(err) } } } ctx.Channels.Log <- mig.Log{OpID: ctx.OpID, ActionID: action.ID, Desc: "Action written to database"}.Debug() // create an array of empty results to serve as default for all commands emptyResults := make([]modules.Result, len(action.Operations)) created := 0 for _, agent := range agents { err := createCommand(ctx, action, agent, emptyResults) if err != nil { ctx.Channels.Log <- mig.Log{OpID: ctx.OpID, ActionID: action.ID, Desc: "Failed to create commmand on agent" + agent.Name}.Err() continue } created++ } if created == 0 { // no command created found ctx.Channels.Log <- mig.Log{OpID: ctx.OpID, ActionID: action.ID, Desc: "No command created. Invalidating action."}.Err() err = invalidAction(ctx, action, actionPath) if err != nil { panic(err) } return nil } // move action to flying state err = flyAction(ctx, action, actionPath) if err != nil { panic(err) } return }
// createAction receives a signed action in a POST request, validates it, // and write it into the scheduler spool func createAction(respWriter http.ResponseWriter, request *http.Request) { var ( err error action mig.Action ) opid := getOpID(request) loc := fmt.Sprintf("%s%s", ctx.Server.Host, request.URL.String()) resource := cljs.New(loc) defer func() { if e := recover(); e != nil { ctx.Channels.Log <- mig.Log{OpID: opid, ActionID: action.ID, Desc: fmt.Sprintf("%v", e)}.Err() resource.SetError(cljs.Error{Code: fmt.Sprintf("%.0f", opid), Message: fmt.Sprintf("%v", e)}) respond(http.StatusInternalServerError, resource, respWriter, request) } ctx.Channels.Log <- mig.Log{OpID: opid, ActionID: action.ID, Desc: "leaving createAction()"}.Debug() }() // parse the POST body into a mig action err = request.ParseForm() if err != nil { panic(err) } postAction := request.FormValue("action") err = json.Unmarshal([]byte(postAction), &action) if err != nil { panic(err) } ctx.Channels.Log <- mig.Log{OpID: opid, Desc: fmt.Sprintf("Received action for creation '%s'", action)}.Debug() // Init action fields action.ID = mig.GenID() date0 := time.Date(0011, time.January, 11, 11, 11, 11, 11, time.UTC) date1 := time.Date(9998, time.January, 11, 11, 11, 11, 11, time.UTC) action.StartTime = date0 action.FinishTime = date1 action.LastUpdateTime = date0 action.Status = "pending" // load keyring and validate action keyring, err := getKeyring() if err != nil { panic(err) } err = action.Validate() if err != nil { panic(err) } err = action.VerifySignatures(keyring) if err != nil { panic(err) } ctx.Channels.Log <- mig.Log{OpID: opid, ActionID: action.ID, Desc: "Received new action with valid signature"} // write action to database err = ctx.DB.InsertAction(action) if err != nil { panic(err) } // write signatures to database astr, err := action.String() if err != nil { panic(err) } for _, sig := range action.PGPSignatures { k, err := getKeyring() if err != nil { panic(err) } fp, err := pgp.GetFingerprintFromSignature(astr, sig, k) if err != nil { panic(err) } inv, err := ctx.DB.InvestigatorByFingerprint(fp) if err != nil { panic(err) } err = ctx.DB.InsertSignature(action.ID, inv.ID, sig) if err != nil { panic(err) } } ctx.Channels.Log <- mig.Log{OpID: opid, ActionID: action.ID, Desc: "Action written to database"} err = resource.AddItem(cljs.Item{ Href: fmt.Sprintf("%s/action?actionid=%.0f", ctx.Server.BaseURL, action.ID), Data: []cljs.Data{{Name: "action ID " + fmt.Sprintf("%.0f", action.ID), Value: action}}, }) if err != nil { panic(err) } // return a 202 Accepted. the action will be processed asynchronously, and may fail later. respond(http.StatusAccepted, resource, respWriter, request) }