forked from Velocidex/velociraptor
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathtools.go
72 lines (61 loc) · 2 KB
/
tools.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
package api
import (
context "golang.org/x/net/context"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
"www.velocidex.com/golang/velociraptor/acls"
artifacts_proto "www.velocidex.com/golang/velociraptor/artifacts/proto"
"www.velocidex.com/golang/velociraptor/services"
users "www.velocidex.com/golang/velociraptor/users"
)
func (self *ApiServer) GetToolInfo(ctx context.Context,
in *artifacts_proto.Tool) (*artifacts_proto.Tool, error) {
user_name := GetGRPCUserInfo(self.config, ctx).Name
user_record, err := users.GetUser(self.config, user_name)
if err != nil {
return nil, err
}
permissions := acls.READ_RESULTS
perm, err := acls.CheckAccess(self.config, user_record.Name, permissions)
if !perm || err != nil {
return nil, status.Error(codes.PermissionDenied,
"User is not allowed to view tools.")
}
if in.Materialize {
return services.GetInventory().GetToolInfo(ctx, self.config, in.Name)
}
return services.GetInventory().ProbeToolInfo(in.Name)
}
func (self *ApiServer) SetToolInfo(ctx context.Context,
in *artifacts_proto.Tool) (*artifacts_proto.Tool, error) {
user_name := GetGRPCUserInfo(self.config, ctx).Name
user_record, err := users.GetUser(self.config, user_name)
if err != nil {
return nil, err
}
// Minimum permission required. If the user can write
// artifacts they can already autoload tools by uploading an
// artifact definition.
permissions := acls.ARTIFACT_WRITER
perm, err := acls.CheckAccess(self.config, user_record.Name, permissions)
if !perm || err != nil {
return nil, status.Error(codes.PermissionDenied,
"User is not allowed to update tool definitions.")
}
materialize := in.Materialize
in.Materialize = false
err = services.GetInventory().AddTool(self.config, in,
services.ToolOptions{
AdminOverride: true,
})
if err != nil {
return nil, err
}
// If materialized we re-fetch the tool and send back the full
// record.
if materialize {
return services.GetInventory().GetToolInfo(ctx, self.config,
in.Name)
}
return in, nil
}