Split server sanity checks into root org and other orgs (Velocidex#2052)

The sanity checker ensured the server is running in a sane state. It
also starts things like initial server artifacts etc.

This PR split sanity checks to run on the root org (i.e. once when the
server is started) and on each org. For example the initial server
artifacts are only run on the root org and not on other orgs.

Added org rm command

artifacts/definitions/Demo/Plugins/GUI.yaml

@@ -262,7 +262,9 @@ sources:
           /*
           ## Adding timelines
 
-          Add a timeline from this time series data
+          Add a timeline from this time series data. (This only works
+          for root org because it relies on server health events).
+
           */
           SELECT timestamp(epoch=_ts) AS Timestamp, CPUPercent
           FROM monitoring(
@@ -325,9 +327,11 @@ sources:
           These apply to notebooks automatically without needing to
           define them again.
 
+          Hash column should right click to VT
+
           */
 
           LET ColumnTypes = dict(`StartDate`='timestamp')
 
-          SELECT Hex, StartDate
+          SELECT Hex, StartDate, hash(accessor="data", path="Hello") AS Hash
           FROM source()

bin/orgs.go

@@ -5,6 +5,7 @@ import (
 
 	api_proto "www.velocidex.com/golang/velociraptor/api/proto"
 	"www.velocidex.com/golang/velociraptor/json"
+	logging "www.velocidex.com/golang/velociraptor/logging"
 	"www.velocidex.com/golang/velociraptor/services"
 	"www.velocidex.com/golang/velociraptor/startup"
 )
@@ -18,6 +19,9 @@ var (
 
 	orgs_create_name = orgs_create.Arg("name", "Name of the new org").Required().String()
 
+	orgs_delete        = orgs_command.Command("rm", "Delete an org")
+	orgs_delete_org_id = orgs_delete.Arg("org_id", "Id of org to remove").Required().String()
+
 	orgs_user_add     = orgs_command.Command("user_add", "Add a user to the org")
 	orgs_user_add_org = orgs_user_add.Arg("org_id", "Org ID to add user to").
 				Required().String()
@@ -33,6 +37,7 @@ func doOrgLs() error {
 	if err != nil {
 		return fmt.Errorf("loading config file: %w", err)
 	}
+	config_obj.Frontend.ServerServices = services.GenericToolServices()
 
 	ctx, cancel := install_sig_handler()
 	defer cancel()
@@ -64,6 +69,7 @@ func doOrgUserAdd() error {
 	if err != nil {
 		return fmt.Errorf("loading config file: %w", err)
 	}
+	config_obj.Frontend.ServerServices = services.GenericToolServices()
 
 	ctx, cancel := install_sig_handler()
 	defer cancel()
@@ -109,6 +115,8 @@ func doOrgCreate() error {
 		return fmt.Errorf("loading config file: %w", err)
 	}
 
+	config_obj.Frontend.ServerServices = services.GenericToolServices()
+
 	ctx, cancel := install_sig_handler()
 	defer cancel()
 
@@ -134,6 +142,38 @@ func doOrgCreate() error {
 	return nil
 }
 
+func doOrgDelete() error {
+	config_obj, err := makeDefaultConfigLoader().
+		WithRequiredFrontend().
+		WithRequiredUser().
+		WithRequiredLogging().LoadAndValidate()
+	if err != nil {
+		return fmt.Errorf("loading config file: %w", err)
+	}
+
+	config_obj.Frontend.ServerServices = services.GenericToolServices()
+
+	ctx, cancel := install_sig_handler()
+	defer cancel()
+
+	sm, err := startup.StartToolServices(ctx, config_obj)
+	defer sm.Close()
+
+	if err != nil {
+		return err
+	}
+
+	org_manager, err := services.GetOrgManager()
+	if err != nil {
+		return err
+	}
+
+	logger := logging.GetLogger(config_obj, &logging.ToolComponent)
+	logger.Info("Will remove org %v\n", *orgs_delete_org_id)
+
+	return org_manager.DeleteOrg(*orgs_delete_org_id)
+}
+
 func init() {
 	command_handlers = append(command_handlers, func(command string) bool {
 		switch command {
@@ -143,6 +183,9 @@ func init() {
 		case orgs_create.FullCommand():
 			FatalIfError(orgs_create, doOrgCreate)
 
+		case orgs_delete.FullCommand():
+			FatalIfError(orgs_delete, doOrgDelete)
+
 		case orgs_user_add.FullCommand():
 			FatalIfError(orgs_user_add, doOrgUserAdd)
 

datastore/filebased.go

@@ -146,7 +146,8 @@ func (self *FileBaseDataStore) SetSubjectWithCompletion(
 	// Make sure to call the completer on all exit points
 	// (FileBaseDataStore is actually synchronous).
 	defer func() {
-		if completion != nil {
+		if completion != nil &&
+			!utils.CompareFuncs(completion, utils.SyncCompleter) {
 			completion()
 		}
 	}()
@@ -174,7 +175,8 @@ func (self *FileBaseDataStore) DeleteSubjectWithCompletion(
 	urn api.DSPathSpec, completion func()) error {
 
 	err := self.DeleteSubject(config_obj, urn)
-	if completion != nil {
+	if completion != nil &&
+		!utils.CompareFuncs(completion, utils.SyncCompleter) {
 		completion()
 	}
 
@@ -419,8 +421,8 @@ func (self *FileBaseDataStore) SetBuffer(
 	urn api.DSPathSpec, data []byte, completion func()) error {
 
 	err := writeContentToFile(config_obj, urn, data)
-
-	if completion != nil {
+	if completion != nil &&
+		!utils.CompareFuncs(completion, utils.SyncCompleter) {
 		completion()
 	}
 	return err

datastore/remote.go

@@ -18,6 +18,7 @@ import (
 	"www.velocidex.com/golang/velociraptor/file_store/path_specs"
 	"www.velocidex.com/golang/velociraptor/grpc_client"
 	"www.velocidex.com/golang/velociraptor/logging"
+	"www.velocidex.com/golang/velociraptor/utils"
 )
 
 var (
@@ -147,7 +148,8 @@ func (self *RemoteDataStore) SetSubjectWithCompletion(
 	// Make sure to always call the completion regardless of error
 	// paths.
 	defer func() {
-		if completion != nil {
+		if completion != nil &&
+			!utils.CompareFuncs(completion, utils.SyncCompleter) {
 			completion()
 		}
 	}()

gui/velociraptor/src/components/core/keyboard-help.js

@@ -24,8 +24,8 @@ const helpTextCol1 = [
         ["alt+p", T("Parameters configuration Step")],
         ["alt+r", T("Collection resource specification")],
         ["ctrl+l", T("Launch artifact")],
-        ["ctrl+right", T("Go to next step")],
-        ["ctrl+left", T("Go to previous step")],
+        ["ctrl+shift+right", T("Go to next step")],
+        ["ctrl+shift+left", T("Go to previous step")],
     ]],
 ];
 

gui/velociraptor/src/components/flows/new-collection.js

@@ -1014,8 +1014,10 @@ class NewCollectionWizard extends React.Component {
             GOTO_PREVIEW: "alt+v",
             GOTO_RESOURCES: "alt+r",
             GOTO_LAUNCH: "ctrl+l",
-            NEXT_STEP: "ctrl+right",
-            PREV_STEP: "ctrl+left",
+
+            // These do not work inside text entries.
+            NEXT_STEP: "ctrl+shift+right",
+            PREV_STEP: "ctrl+shift+left",
         };
         let handlers={
             GOTO_ARTIFACTS: this.gotoStep(1),

gui/velociraptor/src/components/forms/form.js

@@ -21,6 +21,7 @@ import BootstrapTable from 'react-bootstrap-table-next';
 import cellEditFactory, { Type } from 'react-bootstrap-table2-editor';
 import { parseCSV, serializeCSV } from '../utils/csv.js';
 import "./validated.css";
+import "./forms.css";
 
 const numberRegex = RegExp("^[0-9]+$");
 

gui/velociraptor/src/components/forms/forms.css

@@ -0,0 +1,24 @@
+/* react calendar */
+.react-calendar {
+    background: var(--color-calendar-background);
+}
+
+.react-calendar .react-calendar__navigation button,
+.react-calendar .react-calendar__tile {
+    color: var(--color-foreground-dimmed);
+}
+
+.react-calendar .react-calendar__tile--now {
+    background: var(--background-calendar-tile-now);
+    color: var(--color-calendar-tile);
+}
+
+.react-calendar .react-calendar__tile--active,
+.react-calendar .react-calendar__tile--active:hover {
+    background: var(--background-calendar-tile-active);
+    color: var(--color-calendar-tile);
+}
+
+.react-calendar .react-calendar__month-view__days__day--weekend {
+    color: var(--accent-color);
+}

gui/velociraptor/src/css/_variables.css

@@ -11,6 +11,11 @@
     --font-json: roboto-mono, Menlo, Monaco, Consolas, "Courier New", monospace;
     --font-monospace: roboto-mono, "Courier New", Courier, monospace;
 
+    --color-calendar-background: #f0f0f0;
+    --background-calendar-tile-now: #feffe0;
+    --background-calendar-tile-active: var(--color-table-row-selected);
+    --color-calendar-tile: var(--color-foreground);
+
     --color-canvas-background: #ffffff;
     --color-foreground: #000;
     --color-foreground-inverse: #fff;

gui/velociraptor/src/themes/coolgray-dark.css

@@ -103,7 +103,7 @@
   --color-timeline-7: #471ecb;
 
   --color-vfs-files-timestomped: #ed5d40;
-  --color-calendar-background: #121212;
+  --color-calendar-background: var(--color-canvas-background);
   --color-level-error: #ff0000;
 }
 
@@ -838,7 +838,7 @@ body.coolgray-dark {
 
 /* react timelines */
 .coolgray-dark .react-calendar-timeline .rct-sidebar {
-  color: var(--color-foreground);
+    color: var(--color-foreground);
 }
 
 /* file tree */
@@ -890,7 +890,7 @@ body.coolgray-dark {
 
 .coolgray-dark .react-datetime-picker__inputGroup__input,
 .coolgray-dark .react-datetime-picker__button {
-  filter: invert(0);
+  filter: invert(0.7);
 }
 
 .coolgray-dark .react-datepicker-popper {

gui/velociraptor/src/themes/github-dimmed-dark.css

@@ -95,6 +95,10 @@
 
   --color-vfs-files-timestomped: #ed5d40;
   --color-calendar-background: #121212;
+  --color-calendar-background: var(--color-canvas-background);
+
+  --background-calendar-tile-now: #feffe0;
+
   --color-level-error: #aa0000;
 }
 
@@ -740,19 +744,9 @@ body.github-dimmed-dark {
   background: var(--color-accent-50);
 }
 
-/* Datepicker */
-.github-dimmed-dark .react-datepicker,
-.github-dimmed-dark .react-datetime-picker input,
-.github-dimmed-dark .react-datetime-picker select,
-.github-dimmed-dark .react-datetime-picker button,
-.github-dimmed-dark .react-datetime-picker {
-  background: var(--color-canvas-background);
-  color: var(--color-foreground);
-}
-
 .github-dimmed-dark .react-datetime-picker__inputGroup__input,
 .github-dimmed-dark .react-datetime-picker__button {
-  filter: invert(0);
+  filter: invert(0.7);
 }
 
 .github-dimmed-dark .react-datepicker-popper {
@@ -926,18 +920,3 @@ input[type="radio"] {
   text-shadow: none;
   box-shadow: none;
 }
-
-
-/* react calendar */
-.github-dimmed-dark .react-calendar {
-    background: var(--color-calendar-background);
-}
-
-.github-dimmed-dark .react-calendar .react-calendar__navigation button,
-.github-dimmed-dark .react-calendar .react-calendar__tile {
-    color: var(--color-foreground-dimmed);
-}
-
-.github-dimmed-dark .react-calendar .react-calendar__month-view__days__day--weekend {
-    color: var(--accent-color);
-}

gui/velociraptor/src/themes/veloci-dark.css

@@ -77,7 +77,9 @@
   --color-card-heading-background: #444444;
   --color-table-heading-background: #444444;
   --color-monospace-color: #eeeeee;
+
   --color-calendar-background: #121212;
+  --color-calendar-tile: #121212;
 
   --color-timeline-header: #cdcdcd20;
   --color-timeline-table-shown: #dd4b3920;
@@ -601,20 +603,6 @@ body.veloci-dark {
   color: var(--color-foreground);
 }
 
-/* react calendar */
-.veloci-dark .react-calendar {
-    background: var(--color-calendar-background);
-}
-
-.veloci-dark .react-calendar .react-calendar__navigation button,
-.veloci-dark .react-calendar .react-calendar__tile {
-    color: var(--color-foreground-dimmed);
-}
-
-.veloci-dark .react-calendar .react-calendar__month-view__days__day--weekend {
-    color: var(--accent-color);
-}
-
 /* file tree */
 .veloci-dark .file-tree ul {
   background: var(--color-canvas-background);

gui/velociraptor/src/themes/veloci-light.css

@@ -74,6 +74,8 @@
   --color-table-row-hover: rgba(0, 0, 0, 0.01);
   --color-code: #990000;
 
+  --background-calendar-tile-active: #5cd00a80;
+
   --color-timeline-header: #cdcdcd20;
   --color-timeline-table-shown: #5cd00a80;
   --color-timeline-1: #dff0d820;

services/orgs/services.go

@@ -281,8 +281,7 @@ func (self *OrgManager) startRootOrgServices(
 
 	// The user manager is global across all orgs.
 	if spec.UserManager {
-		err := users.StartUserManager(
-			ctx, wg, org_config)
+		err := users.StartUserManager(ctx, wg, org_config)
 		if err != nil {
 			return err
 		}
@@ -536,13 +535,6 @@ func (self *OrgManager) startOrgFromContext(org_ctx *OrgContext) (err error) {
 		service_container.mu.Unlock()
 	}
 
-	if spec.SanityChecker {
-		err = sanity.NewSanityCheckService(ctx, wg, org_config)
-		if err != nil {
-			return err
-		}
-	}
-
 	if spec.ServerArtifacts {
 		err = server_artifacts.NewServerArtifactService(ctx, wg, org_config)
 		if err != nil {
@@ -572,6 +564,14 @@ func (self *OrgManager) startOrgFromContext(org_ctx *OrgContext) (err error) {
 		service_container.mu.Unlock()
 	}
 
+	// Must be run after all the other services are up
+	if spec.SanityChecker {
+		err = sanity.NewSanityCheckService(ctx, wg, org_config)
+		if err != nil {
+			return err
+		}
+	}
+
 	return maybeFlushFilesOnClose(ctx, wg, org_config)
 }