Merge pull request #28 from jmpsec/osctrl-api

Adding osctrl-api component

Makefile

@@ -10,6 +10,10 @@ ADMIN_DIR = cmd/admin
 ADMIN_NAME = osctrl-admin
 ADMIN_CODE = ${ADMIN_DIR:=/*.go}
 
+API_DIR = cmd/api
+API_NAME = osctrl-api
+API_CODE = ${API_DIR:=/*.go}
+
 CLI_DIR = cmd/cli
 CLI_NAME = osctrl-cli
 CLI_CODE = ${CLI_DIR:=/*.go}
@@ -30,6 +34,7 @@ build:
 	make plugins
 	make tls
 	make admin
+	make api
 	make cli
 
 # Build TLS endpoint
@@ -40,6 +45,10 @@ tls:
 admin:
 	go build -o $(OUTPUT)/$(ADMIN_NAME) $(ADMIN_CODE)
 
+# Build API
+api:
+	go build -o $(OUTPUT)/$(API_NAME) $(API_CODE)
+
 # Build the CLI
 cli:
 	go build -o $(OUTPUT)/$(CLI_NAME) $(CLI_CODE)
@@ -55,6 +64,7 @@ plugins:
 clean:
 	rm -rf $(OUTPUT)/$(TLS_NAME)
 	rm -rf $(OUTPUT)/$(ADMIN_NAME)
+	rm -rf $(OUTPUT)/$(API_NAME)
 	rm -rf $(OUTPUT)/$(CLI_NAME)
 	rm -rf $(PLUGINS_DIR)/*.so
 
@@ -70,6 +80,7 @@ install:
 	make build
 	make install_tls
 	make install_admin
+	make install_api
 	make install_cli
 
 # Install TLS server and restart service
@@ -86,6 +97,13 @@ install_admin:
 	sudo cp $(OUTPUT)/$(ADMIN_NAME) $(DEST)
 	sudo systemctl start $(ADMIN_NAME)
 
+# Install API server and restart service
+# optional DEST=destination_path
+install_api:
+	sudo systemctl stop $(API_NAME)
+	sudo cp $(OUTPUT)/$(API_NAME) $(DEST)
+	sudo systemctl start $(API_NAME)
+
 # Install CLI
 # optional DEST=destination_path
 install_cli:
@@ -99,6 +117,10 @@ logs_tls:
 logs_admin:
 	sudo journalctl -f -t $(ADMIN_NAME)
 
+# Display systemd logs for API server
+logs_api:
+	sudo journalctl -f -t $(API_NAME)
+
 # Build docker containers and run them (also generates new certificates)
 docker_all:
 	./docker/dockerize.sh -u -b -f
@@ -131,6 +153,9 @@ gofmt-tls:
 gofmt-admin:
 	gofmt $(GOFMT_ARGS) ./$(ADMIN_CODE)
 
+gofmt-api:
+	gofmt $(GOFMT_ARGS) ./$(API_CODE)
+
 gofmt-cli:
 	gofmt $(GOFMT_ARGS) ./$(CLI_CODE)
 
@@ -148,8 +173,12 @@ test:
 	cd $(TLS_DIR) && go test . -v
 	# Install dependencies for Admin
 	cd $(ADMIN_DIR) && go test -i . -v
-	# Run TLS tests
+	# Run Admin tests
 	cd $(ADMIN_DIR) && go test . -v
+	# Install dependencies for API
+	cd $(API_DIR) && go test -i . -v
+	# Run API tests
+	cd $(API_DIR) && go test . -v
 	# Install dependencies for CLI
 	cd $(CLI_DIR) && go test -i . -v
 	# Run CLI tests

Vagrantfile

@@ -3,18 +3,20 @@
 
 VAGRANTFILE_API_VERSION = "2"
 
+IP_ADDRESS = "10.10.10.6"
+
 Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
   config.vm.box = "ubuntu/bionic64"
-  config.vm.network "private_network", ip: "10.10.10.6"
+  config.vm.network "private_network", ip: IP_ADDRESS
   # If we want to enroll nodes in the same network
   #config.vm.network "forwarded_port", guest: 443, host: 443
   config.vm.hostname = "osctrl-Dev"
   config.ssh.shell = "bash -c 'BASH_ENV=/etc/profile exec bash'"
   config.vm.provision "shell" do |s|
     s.path = "deploy/provision.sh"
     s.args = [
-      "--nginx", "--postgres", "-E", "--metrics", "--tls-hostname",
-      "10.10.10.6", "--admin-hostname", "10.10.10.6", "--password", "admin"
+      "--nginx", "--postgres", "-E", "--metrics", "--all-hostname",
+      IP_ADDRESS, "--password", "admin"
     ]
     privileged = false
   end

cmd/admin/handlers-get.go

@@ -1068,7 +1068,8 @@ func usersGETHandler(w http.ResponseWriter, r *http.Request) {
 	}
 	// Custom functions to handle formatting
 	funcMap := template.FuncMap{
-		"pastTimeAgo": pastTimeAgo,
+		"pastTimeAgo":  pastTimeAgo,
+		"inFutureTime": inFutureTime,
 	}
 	// Prepare template
 	t, err := template.New("users.html").Funcs(funcMap).ParseFiles(

cmd/admin/handlers-post.go

@@ -153,19 +153,7 @@ func queryRunPOSTHandler(w http.ResponseWriter, r *http.Request) {
 			goto send_response
 		}
 		// Prepare and create new query
-		queryName := "query_" + generateQueryName()
-		newQuery := queries.DistributedQuery{
-			Query:      q.Query,
-			Name:       queryName,
-			Creator:    ctx[ctxUser],
-			Expected:   0,
-			Executions: 0,
-			Active:     true,
-			Completed:  false,
-			Deleted:    false,
-			Repeat:     0,
-			Type:       queries.StandardQueryType,
-		}
+		newQuery := newQueryReady(ctx[ctxUser], q.Query)
 		if err := queriesmgr.Create(newQuery); err != nil {
 			responseMessage = "error creating query"
 			responseCode = http.StatusInternalServerError
@@ -178,7 +166,7 @@ func queryRunPOSTHandler(w http.ResponseWriter, r *http.Request) {
 		if len(q.Environments) > 0 {
 			for _, e := range q.Environments {
 				if (e != "") && envs.Exists(e) {
-					if err := queriesmgr.CreateTarget(queryName, queries.QueryTargetEnvironment, e); err != nil {
+					if err := queriesmgr.CreateTarget(newQuery.Name, queries.QueryTargetEnvironment, e); err != nil {
 						responseMessage = "error creating query environment target"
 						responseCode = http.StatusInternalServerError
 						log.Printf("%s %v", responseMessage, err)
@@ -201,7 +189,7 @@ func queryRunPOSTHandler(w http.ResponseWriter, r *http.Request) {
 		if len(q.Platforms) > 0 {
 			for _, p := range q.Platforms {
 				if (p != "") && checkValidPlatform(p) {
-					if err := queriesmgr.CreateTarget(queryName, queries.QueryTargetPlatform, p); err != nil {
+					if err := queriesmgr.CreateTarget(newQuery.Name, queries.QueryTargetPlatform, p); err != nil {
 						responseMessage = "error creating query platform target"
 						responseCode = http.StatusInternalServerError
 						log.Printf("%s %v", responseMessage, err)
@@ -224,7 +212,7 @@ func queryRunPOSTHandler(w http.ResponseWriter, r *http.Request) {
 		if len(q.UUIDs) > 0 {
 			for _, u := range q.UUIDs {
 				if (u != "") && nodesmgr.CheckByUUID(u) {
-					if err := queriesmgr.CreateTarget(queryName, queries.QueryTargetUUID, u); err != nil {
+					if err := queriesmgr.CreateTarget(newQuery.Name, queries.QueryTargetUUID, u); err != nil {
 						responseMessage = "error creating query UUID target"
 						responseCode = http.StatusInternalServerError
 						log.Printf("%s %v", responseMessage, err)
@@ -238,7 +226,7 @@ func queryRunPOSTHandler(w http.ResponseWriter, r *http.Request) {
 		if len(q.Hosts) > 0 {
 			for _, h := range q.Hosts {
 				if (h != "") && nodesmgr.CheckByHost(h) {
-					if err := queriesmgr.CreateTarget(queryName, queries.QueryTargetLocalname, h); err != nil {
+					if err := queriesmgr.CreateTarget(newQuery.Name, queries.QueryTargetLocalname, h); err != nil {
 						responseMessage = "error creating query hostname target"
 						responseCode = http.StatusInternalServerError
 						log.Printf("%s %v", responseMessage, err)
@@ -251,7 +239,7 @@ func queryRunPOSTHandler(w http.ResponseWriter, r *http.Request) {
 		// Remove duplicates from expected
 		expectedClear := removeStringDuplicates(expected)
 		// Update value for expected
-		if err := queriesmgr.SetExpected(queryName, len(expectedClear)); err != nil {
+		if err := queriesmgr.SetExpected(newQuery.Name, len(expectedClear)); err != nil {
 			responseMessage = "error setting expected"
 			responseCode = http.StatusInternalServerError
 			log.Printf("%s %v", responseMessage, err)
@@ -313,7 +301,7 @@ func carvesRunPOSTHandler(w http.ResponseWriter, r *http.Request) {
 		}
 		query := generateCarveQuery(c.Path, false)
 		// Prepare and create new carve
-		carveName := "carve_" + generateQueryName()
+		carveName := generateCarveName()
 		newQuery := queries.DistributedQuery{
 			Query:      query,
 			Name:       carveName,
@@ -323,7 +311,6 @@ func carvesRunPOSTHandler(w http.ResponseWriter, r *http.Request) {
 			Active:     true,
 			Completed:  false,
 			Deleted:    false,
-			Repeat:     0,
 			Type:       queries.CarveQueryType,
 			Path:       c.Path,
 		}
@@ -1244,6 +1231,25 @@ func usersPOSTHandler(w http.ResponseWriter, r *http.Request) {
 								log.Printf("DebugService: %s %v", responseMessage, err)
 							}
 						}
+						if newUser.Admin {
+							token, exp, err := adminUsers.CreateToken(newUser.Username, jwtConfig.HoursToExpire, jwtConfig.JWTSecret)
+							if err != nil {
+								responseMessage = "error creating token"
+								responseCode = http.StatusInternalServerError
+								if settingsmgr.DebugService(settings.ServiceAdmin) {
+									log.Printf("DebugService: %s %v", responseMessage, err)
+								}
+								goto send_response
+							}
+							if err = adminUsers.UpdateToken(newUser.Username, token, exp); err != nil {
+								responseMessage = "error saving token"
+								responseCode = http.StatusInternalServerError
+								if settingsmgr.DebugService(settings.ServiceAdmin) {
+									log.Printf("DebugService: %s %v", responseMessage, err)
+								}
+								goto send_response
+							}
+						}
 						responseMessage = "User added successfully"
 					}
 				}
@@ -1279,9 +1285,27 @@ func usersPOSTHandler(w http.ResponseWriter, r *http.Request) {
 						if settingsmgr.DebugService(settings.ServiceAdmin) {
 							log.Printf("DebugService: %s %v", responseMessage, err)
 						}
-					} else {
-						responseMessage = "Admin changed"
 					}
+					if u.Admin {
+						token, exp, err := adminUsers.CreateToken(u.Username, jwtConfig.HoursToExpire, jwtConfig.JWTSecret)
+						if err != nil {
+							responseMessage = "error creating token"
+							responseCode = http.StatusInternalServerError
+							if settingsmgr.DebugService(settings.ServiceAdmin) {
+								log.Printf("DebugService: %s %v", responseMessage, err)
+							}
+							goto send_response
+						}
+						if err = adminUsers.UpdateToken(u.Username, token, exp); err != nil {
+							responseMessage = "error saving token"
+							responseCode = http.StatusInternalServerError
+							if settingsmgr.DebugService(settings.ServiceAdmin) {
+								log.Printf("DebugService: %s %v", responseMessage, err)
+							}
+							goto send_response
+						}
+					}
+					responseMessage = "Admin changed"
 				}
 			}
 		} else {