Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

0.6.7 sync #2239

Merged
merged 17 commits into from
Nov 14, 2022
Merged

0.6.7 sync #2239

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
6f383b1
Added an LRU for ACL manager (#2223)
scudette Nov 7, 2022
ec4cb3c
[Snyk] Upgrade moment-timezone from 0.5.37 to 0.5.38 (#2222)
scudette Nov 7, 2022
041286b
[Snyk] Upgrade ace-builds from 1.11.1 to 1.12.0 (#2221)
scudette Nov 7, 2022
ec71b94
Refactored user management code into a separate module. (#2224)
scudette Nov 8, 2022
49396d5
users: AddUserToOrg needs GetUserWithHashes or it will remove passwor…
jeffmahoney Nov 9, 2022
d13f897
Bump loader-utils from 1.4.0 to 1.4.1 in /gui/velociraptor (#2225)
dependabot[bot] Nov 9, 2022
be7ff6e
More documentation of the config file. (#2228)
scudette Nov 9, 2022
4c9a96e
MappingNameRegex fix (#2231)
mgreen27 Nov 10, 2022
553a03f
Propagate user's prefered timezone for export tables (#2232)
scudette Nov 10, 2022
8db20b5
[Snyk] Upgrade ace-builds from 1.12.0 to 1.12.3 (#2230)
snyk-bot Nov 10, 2022
7f85b0c
Bugfix: Allow client metadata with , (#2233)
scudette Nov 10, 2022
220f336
Add choice to config wizard for allow list (#2234)
scudette Nov 11, 2022
2cf8e50
Update parse_mft() and parse_usn() to allow drive prefix. (#2236)
scudette Nov 11, 2022
24042fd
Refactored Org to OrgRecord protobuf (#2237)
scudette Nov 11, 2022
b8d14d7
Update user delete VQL and grant (#2238)
scudette Nov 12, 2022
5948493
Theme improvements and alignment (#2240)
predictiple Nov 13, 2022
866f9f2
Refactor the Windows.NTFS.MFT artifact for back compatibility (#2241)
scudette Nov 14, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Update user delete VQL and grant (#2238) 
Previously user_delete() would delete from all orgs but this can lead
to an accident when the orgs parameter is omitted. The new behavior is
to delete from the current org when no orgs are specified.
  • Loading branch information
@scudette
scudette committed Nov 11, 2022
commit b8d14d78634cb1201773ff2ce5d4cb6a58071071
6 changes: 4 additions & 2 deletions artifacts/definitions/Admin/Client/Uninstall.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,14 +30,15 @@ sources:
SELECT OS From info() where OS = 'windows'

query: |
LET packages = SELECT KeyName, DisplayName,UninstallString FROM Artifact.Windows.Sys.Programs()
LET packages = SELECT KeyName, DisplayName,UninstallString
FROM Artifact.Windows.Sys.Programs()
WHERE DisplayName =~ DisplayNameRegex AND
log(message="Will uninstall " + DisplayName)

LET uninstall(UninstallString) = SELECT * FROM execve(
argv=commandline_split(command=UninstallString) + "/quiet")

SELECT Name, DisplayName, UninstallString,
SELECT KeyName, DisplayName, UninstallString,
if(condition=ReallyDoIt, then=uninstall(Name=UninstallString).Stdout) AS UninstallLog
FROM packages

Expand All @@ -55,6 +56,7 @@ sources:
then={
SELECT * FROM execve(argv=["dpkg", "--remove", "velociraptor-client"])
})

- name: RPMBased
precondition: |
-- Only run if dpkg is installed.
Expand Down
3 changes: 2 additions & 1 deletion artifacts/definitions/Server/Orgs/NewOrg.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,5 +22,6 @@ sources:
LET org_record <= org_create(name=OrgName)

SELECT org_record.name as Name, org_record.org_id AS OrgId,
user_create(orgs=org_record.org_id, roles="administrator", user=whoami()) AS AdminUser
user_create(orgs=org_record.org_id,
roles="administrator", user=whoami()) AS AdminUser
FROM scope()
50 changes: 50 additions & 0 deletions artifacts/testdata/server/testcases/orgs.out.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,11 @@ SELECT Name, OrgId FROM orgs() ORDER BY OrgId[
"roles": [
"administrator"
],
"_policy": {
"roles": [
"administrator"
]
},
"effective_policy": {
"all_query": true,
"any_query": true,
Expand Down Expand Up @@ -61,6 +66,11 @@ SELECT Name, OrgId FROM orgs() ORDER BY OrgId[
"roles": [
"administrator"
],
"_policy": {
"roles": [
"administrator"
]
},
"effective_policy": {
"all_query": true,
"any_query": true,
Expand Down Expand Up @@ -89,6 +99,11 @@ SELECT Name, OrgId FROM orgs() ORDER BY OrgId[
"roles": [
"reader"
],
"_policy": {
"roles": [
"reader"
]
},
"effective_policy": {
"read_results": true
}
Expand All @@ -102,6 +117,11 @@ SELECT Name, OrgId FROM orgs() ORDER BY OrgId[
"roles": [
"reader"
],
"_policy": {
"roles": [
"reader"
]
},
"effective_policy": {
"read_results": true
}
Expand All @@ -116,6 +136,11 @@ SELECT Name, OrgId FROM orgs() ORDER BY OrgId[
"roles": [
"administrator"
],
"_policy": {
"roles": [
"administrator"
]
},
"effective_policy": {
"all_query": true,
"any_query": true,
Expand Down Expand Up @@ -145,6 +170,11 @@ SELECT Name, OrgId FROM orgs() ORDER BY OrgId[
"roles": [
"reader"
],
"_policy": {
"roles": [
"reader"
]
},
"effective_policy": {
"read_results": true
}
Expand All @@ -159,6 +189,11 @@ SELECT Name, OrgId FROM orgs() ORDER BY OrgId[
"roles": [
"administrator"
],
"_policy": {
"roles": [
"administrator"
]
},
"effective_policy": {
"all_query": true,
"any_query": true,
Expand Down Expand Up @@ -187,6 +222,11 @@ SELECT Name, OrgId FROM orgs() ORDER BY OrgId[
"roles": [
"reader"
],
"_policy": {
"roles": [
"reader"
]
},
"effective_policy": {
"read_results": true
}
Expand Down Expand Up @@ -218,6 +258,11 @@ SELECT Name, OrgId FROM orgs() ORDER BY OrgId[
"roles": [
"administrator"
],
"_policy": {
"roles": [
"administrator"
]
},
"effective_policy": {
"all_query": true,
"any_query": true,
Expand Down Expand Up @@ -246,6 +291,11 @@ SELECT Name, OrgId FROM orgs() ORDER BY OrgId[
"roles": [
"reader"
],
"_policy": {
"roles": [
"reader"
]
},
"effective_policy": {
"read_results": true
}
Expand Down
25 changes: 21 additions & 4 deletions artifacts/testdata/server/testcases/users.in.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,12 +13,29 @@ Queries:

# Grant replaces all roles (should lose investigator).
- LET _ <= user_grant(user="TestUser", roles="reader")
- SELECT name, roles FROM gui_users(all_orgs=TRUE) WHERE name =~ "TestUser"
- SELECT user(user="TestUser") FROM scope()

# Grant supports adding policy with specific permissions
- LET _ <= user_grant(user="TestUser", roles="reader", policy=dict(label_clients=TRUE))
- SELECT user(user="TestUser") FROM scope()

# Create a new org
- LET _ <= org_create(name="MySecondOrg", org_id="ORGID2")
- LET _ <= user_grant(user="TestUser", roles="administrator", orgs="ORGID2")

# TestUser is an admin in ORGID2 and reader in root
- SELECT * FROM gui_users(all_orgs=TRUE) WHERE name =~ "TestUser"

# Now delete it from the root org
- SELECT user_delete(user="TestUser", really_do_it=TRUE) FROM scope()

# Should be gone now but the user still exists in the ORGID2
- SELECT * FROM gui_users(all_orgs=TRUE) WHERE name =~ "TestUser"

# Now delete it
- SELECT user_delete(user="TestUser") FROM scope()
# Now delete it from the org
- SELECT user_delete(user="TestUser", really_do_it=TRUE, orgs="ORGID2") FROM scope()

# Should be gone now.
# Should be gone now
- SELECT * FROM gui_users(all_orgs=TRUE) WHERE name =~ "TestUser"

# Grant a non existant user a role
Expand Down
137 changes: 133 additions & 4 deletions artifacts/testdata/server/testcases/users.out.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,16 +14,145 @@ SELECT whoami() FROM scope()[
"investigator"
]
}
]LET _ <= user_grant(user="TestUser", roles="reader")[]SELECT name, roles FROM gui_users(all_orgs=TRUE) WHERE name =~ "TestUser"[
]LET _ <= user_grant(user="TestUser", roles="reader")[]SELECT user(user="TestUser") FROM scope()[
{
"user(user=\"TestUser\")": {
"name": "TestUser",
"org_id": "",
"org_name": "",
"picture": "",
"email": false,
"roles": [
"reader"
],
"_policy": {
"roles": [
"reader"
]
},
"effective_policy": {
"read_results": true
}
}
}
]LET _ <= user_grant(user="TestUser", roles="reader", policy=dict(label_clients=TRUE))[]SELECT user(user="TestUser") FROM scope()[
{
"user(user=\"TestUser\")": {
"name": "TestUser",
"org_id": "",
"org_name": "",
"picture": "",
"email": false,
"roles": [
"reader"
],
"_policy": {
"label_clients": true,
"roles": [
"reader"
]
},
"effective_policy": {
"read_results": true,
"label_clients": true
}
}
}
]LET _ <= org_create(name="MySecondOrg", org_id="ORGID2")[]LET _ <= user_grant(user="TestUser", roles="administrator", orgs="ORGID2")[]SELECT * FROM gui_users(all_orgs=TRUE) WHERE name =~ "TestUser"[
{
"name": "TestUser",
"org_id": "root",
"org_name": "\u003croot\u003e",
"picture": "",
"email": false,
"roles": [
"reader"
]
],
"_policy": {
"label_clients": true,
"roles": [
"reader"
]
},
"effective_policy": {
"read_results": true,
"label_clients": true
}
},
{
"name": "TestUser",
"org_id": "ORGID2",
"org_name": "MySecondOrg",
"picture": "",
"email": false,
"roles": [
"administrator"
],
"_policy": {
"roles": [
"administrator"
]
},
"effective_policy": {
"all_query": true,
"any_query": true,
"read_results": true,
"label_clients": true,
"collect_client": true,
"collect_server": true,
"artifact_writer": true,
"server_artifact_writer": true,
"execve": true,
"notebook_editor": true,
"impersonation": true,
"server_admin": true,
"filesystem_read": true,
"filesystem_write": true,
"machine_state": true,
"prepare_results": true
}
}
]SELECT user_delete(user="TestUser", really_do_it=TRUE) FROM scope()[
{
"user_delete(user=\"TestUser\", really_do_it=TRUE)": "TestUser"
}
]SELECT * FROM gui_users(all_orgs=TRUE) WHERE name =~ "TestUser"[
{
"name": "TestUser",
"org_id": "ORGID2",
"org_name": "MySecondOrg",
"picture": "",
"email": false,
"roles": [
"administrator"
],
"_policy": {
"roles": [
"administrator"
]
},
"effective_policy": {
"all_query": true,
"any_query": true,
"read_results": true,
"label_clients": true,
"collect_client": true,
"collect_server": true,
"artifact_writer": true,
"server_artifact_writer": true,
"execve": true,
"notebook_editor": true,
"impersonation": true,
"server_admin": true,
"filesystem_read": true,
"filesystem_write": true,
"machine_state": true,
"prepare_results": true
}
}
]SELECT user_delete(user="TestUser") FROM scope()[
]SELECT user_delete(user="TestUser", really_do_it=TRUE, orgs="ORGID2") FROM scope()[
{
"user_delete(user=\"TestUser\")": "TestUser"
"user_delete(user=\"TestUser\", really_do_it=TRUE, orgs=\"ORGID2\")": "TestUser"
}
]SELECT * FROM gui_users(all_orgs=TRUE) WHERE name =~ "TestUser"[]SELECT user_grant(user="TestUserNotThere", roles="reader") FROM scope()[
{
Expand Down
Loading