2016-09-26 18:48:55 +00:00
|
|
|
package service
|
2016-09-22 00:45:57 +00:00
|
|
|
|
|
|
|
|
import (
|
2017-03-15 15:55:30 +00:00
|
|
|
"context"
|
2017-01-11 02:00:46 +00:00
|
|
|
"fmt"
|
2019-08-02 21:08:42 +00:00
|
|
|
"html/template"
|
2017-03-22 19:40:01 +00:00
|
|
|
"strings"
|
2016-12-20 21:54:30 +00:00
|
|
|
|
2021-06-26 04:46:51 +00:00
|
|
|
"github.com/fleetdm/fleet/v4/server/contexts/viewer"
|
|
|
|
|
"github.com/fleetdm/fleet/v4/server/fleet"
|
|
|
|
|
"github.com/fleetdm/fleet/v4/server/mail"
|
2021-03-27 01:03:31 +00:00
|
|
|
"github.com/kolide/kit/version"
|
2017-01-30 17:48:43 +00:00
|
|
|
"github.com/pkg/errors"
|
2016-09-22 00:45:57 +00:00
|
|
|
)
|
|
|
|
|
|
2017-01-11 02:00:46 +00:00
|
|
|
// mailError is set when an error performing mail operations
|
|
|
|
|
type mailError struct {
|
|
|
|
|
message string
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (e mailError) Error() string {
|
|
|
|
|
return fmt.Sprintf("a mail error occurred: %s", e.message)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (e mailError) MailError() []map[string]string {
|
|
|
|
|
return []map[string]string{
|
2021-06-03 23:24:15 +00:00
|
|
|
{
|
2017-01-11 02:00:46 +00:00
|
|
|
"name": "base",
|
|
|
|
|
"reason": e.message,
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-06-06 22:07:29 +00:00
|
|
|
func (svc *Service) NewAppConfig(ctx context.Context, p fleet.AppConfigPayload) (*fleet.AppConfig, error) {
|
2021-06-03 23:24:15 +00:00
|
|
|
// skipauth: No user context yet when the app config is first created.
|
|
|
|
|
svc.authz.SkipAuthorization(ctx)
|
|
|
|
|
|
2016-12-20 21:54:30 +00:00
|
|
|
config, err := svc.ds.AppConfig()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2017-01-20 19:48:54 +00:00
|
|
|
fromPayload := appConfigFromAppConfigPayload(p, *config)
|
2020-05-29 16:12:39 +00:00
|
|
|
|
2021-06-23 01:02:20 +00:00
|
|
|
// Usage analytics are on by default in new installations.
|
|
|
|
|
fromPayload.EnableAnalytics = true
|
|
|
|
|
|
2017-01-20 19:48:54 +00:00
|
|
|
newConfig, err := svc.ds.NewAppConfig(fromPayload)
|
2016-09-22 00:45:57 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2020-05-29 16:12:39 +00:00
|
|
|
|
|
|
|
|
// Set up a default enroll secret
|
2021-06-06 22:07:29 +00:00
|
|
|
secret, err := fleet.RandomText(fleet.EnrollSecretDefaultLength)
|
2020-05-29 16:12:39 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, errors.Wrap(err, "generate enroll secret string")
|
|
|
|
|
}
|
2021-06-06 22:07:29 +00:00
|
|
|
secrets := []*fleet.EnrollSecret{
|
2021-05-31 16:02:05 +00:00
|
|
|
{
|
|
|
|
|
Secret: secret,
|
2020-05-29 16:12:39 +00:00
|
|
|
},
|
|
|
|
|
}
|
2021-05-31 16:02:05 +00:00
|
|
|
err = svc.ds.ApplyEnrollSecrets(nil, secrets)
|
2020-05-29 16:12:39 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, errors.Wrap(err, "save enroll secret")
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-04 20:44:38 +00:00
|
|
|
return newConfig, nil
|
2016-09-22 00:45:57 +00:00
|
|
|
}
|
|
|
|
|
|
2021-06-06 22:07:29 +00:00
|
|
|
func (svc *Service) AppConfig(ctx context.Context) (*fleet.AppConfig, error) {
|
|
|
|
|
if err := svc.authz.Authorize(ctx, &fleet.AppConfig{}, fleet.ActionRead); err != nil {
|
2021-06-03 23:24:15 +00:00
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-04 20:44:38 +00:00
|
|
|
return svc.ds.AppConfig()
|
2016-09-22 00:45:57 +00:00
|
|
|
}
|
|
|
|
|
|
2021-06-06 22:07:29 +00:00
|
|
|
func (svc *Service) sendTestEmail(ctx context.Context, config *fleet.AppConfig) error {
|
2017-01-11 08:27:09 +00:00
|
|
|
vc, ok := viewer.FromContext(ctx)
|
|
|
|
|
if !ok {
|
2021-06-06 22:07:29 +00:00
|
|
|
return fleet.ErrNoContext
|
2016-09-22 00:45:57 +00:00
|
|
|
}
|
2017-01-11 04:41:58 +00:00
|
|
|
|
2021-06-06 22:07:29 +00:00
|
|
|
testMail := fleet.Email{
|
2019-01-24 17:39:32 +00:00
|
|
|
Subject: "Hello from Fleet",
|
2017-01-11 08:27:09 +00:00
|
|
|
To: []string{vc.User.Email},
|
2020-03-30 02:22:04 +00:00
|
|
|
Mailer: &mail.SMTPTestMailer{
|
2021-06-06 23:58:23 +00:00
|
|
|
BaseURL: template.URL(config.ServerURL + svc.config.Server.URLPrefix),
|
2019-10-16 23:40:45 +00:00
|
|
|
AssetURL: getAssetURL(),
|
2017-01-11 08:27:09 +00:00
|
|
|
},
|
|
|
|
|
Config: config,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err := mail.Test(svc.mailService, testMail); err != nil {
|
|
|
|
|
return mailError{message: err.Error()}
|
|
|
|
|
}
|
|
|
|
|
return nil
|
2017-01-11 04:41:58 +00:00
|
|
|
|
2017-01-11 08:27:09 +00:00
|
|
|
}
|
2016-12-22 14:12:34 +00:00
|
|
|
|
2021-06-06 22:07:29 +00:00
|
|
|
func (svc *Service) ModifyAppConfig(ctx context.Context, p fleet.AppConfigPayload) (*fleet.AppConfig, error) {
|
|
|
|
|
if err := svc.authz.Authorize(ctx, &fleet.AppConfig{}, fleet.ActionWrite); err != nil {
|
2021-06-03 23:24:15 +00:00
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
2017-01-11 08:27:09 +00:00
|
|
|
oldAppConfig, err := svc.AppConfig(ctx)
|
|
|
|
|
if err != nil {
|
2017-01-18 15:05:09 +00:00
|
|
|
return nil, err
|
2017-01-11 08:27:09 +00:00
|
|
|
}
|
|
|
|
|
config := appConfigFromAppConfigPayload(p, *oldAppConfig)
|
2016-09-22 00:45:57 +00:00
|
|
|
|
2017-01-11 08:27:09 +00:00
|
|
|
if p.SMTPSettings != nil {
|
2018-09-07 22:37:35 +00:00
|
|
|
enabled := p.SMTPSettings.SMTPEnabled
|
|
|
|
|
if (enabled == nil && oldAppConfig.SMTPConfigured) || (enabled != nil && *enabled) {
|
2021-06-03 23:24:15 +00:00
|
|
|
if err = svc.sendTestEmail(ctx, config); err != nil {
|
2018-09-07 22:37:35 +00:00
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
config.SMTPConfigured = true
|
|
|
|
|
} else if enabled != nil && !*enabled {
|
|
|
|
|
config.SMTPConfigured = false
|
2016-12-20 21:54:30 +00:00
|
|
|
}
|
|
|
|
|
}
|
2017-01-11 04:41:58 +00:00
|
|
|
|
2017-01-11 08:27:09 +00:00
|
|
|
if err := svc.ds.SaveAppConfig(config); err != nil {
|
2017-01-18 15:05:09 +00:00
|
|
|
return nil, err
|
2016-09-22 00:45:57 +00:00
|
|
|
}
|
2017-01-18 15:05:09 +00:00
|
|
|
return config, nil
|
2016-11-04 20:44:38 +00:00
|
|
|
}
|
|
|
|
|
|
2017-03-22 19:40:01 +00:00
|
|
|
func cleanupURL(url string) string {
|
|
|
|
|
return strings.TrimRight(strings.Trim(url, " \t\n"), "/")
|
|
|
|
|
}
|
|
|
|
|
|
2021-06-06 22:07:29 +00:00
|
|
|
func appConfigFromAppConfigPayload(p fleet.AppConfigPayload, config fleet.AppConfig) *fleet.AppConfig {
|
2016-11-04 20:44:38 +00:00
|
|
|
if p.OrgInfo != nil && p.OrgInfo.OrgLogoURL != nil {
|
|
|
|
|
config.OrgLogoURL = *p.OrgInfo.OrgLogoURL
|
|
|
|
|
}
|
|
|
|
|
if p.OrgInfo != nil && p.OrgInfo.OrgName != nil {
|
|
|
|
|
config.OrgName = *p.OrgInfo.OrgName
|
|
|
|
|
}
|
2021-06-23 01:02:20 +00:00
|
|
|
if p.ServerSettings != nil {
|
|
|
|
|
if p.ServerSettings.ServerURL != nil {
|
|
|
|
|
config.ServerURL = cleanupURL(*p.ServerSettings.ServerURL)
|
|
|
|
|
}
|
|
|
|
|
if p.ServerSettings.LiveQueryDisabled != nil {
|
|
|
|
|
config.LiveQueryDisabled = *p.ServerSettings.LiveQueryDisabled
|
|
|
|
|
}
|
|
|
|
|
if p.ServerSettings.EnableAnalytics != nil {
|
|
|
|
|
config.EnableAnalytics = *p.ServerSettings.EnableAnalytics
|
|
|
|
|
}
|
2020-01-14 00:53:04 +00:00
|
|
|
}
|
2017-01-18 15:05:09 +00:00
|
|
|
|
2017-05-09 00:43:48 +00:00
|
|
|
if p.SSOSettings != nil {
|
|
|
|
|
if p.SSOSettings.EnableSSO != nil {
|
|
|
|
|
config.EnableSSO = *p.SSOSettings.EnableSSO
|
|
|
|
|
}
|
2021-03-30 19:56:20 +00:00
|
|
|
if p.SSOSettings.EnableSSOIdPLogin != nil {
|
|
|
|
|
config.EnableSSOIdPLogin = *p.SSOSettings.EnableSSOIdPLogin
|
|
|
|
|
}
|
2017-05-09 00:43:48 +00:00
|
|
|
if p.SSOSettings.EntityID != nil {
|
|
|
|
|
config.EntityID = *p.SSOSettings.EntityID
|
|
|
|
|
}
|
|
|
|
|
if p.SSOSettings.IDPImageURL != nil {
|
|
|
|
|
config.IDPImageURL = *p.SSOSettings.IDPImageURL
|
|
|
|
|
}
|
|
|
|
|
if p.SSOSettings.IDPName != nil {
|
|
|
|
|
config.IDPName = *p.SSOSettings.IDPName
|
|
|
|
|
}
|
|
|
|
|
if p.SSOSettings.IssuerURI != nil {
|
|
|
|
|
config.IssuerURI = *p.SSOSettings.IssuerURI
|
|
|
|
|
}
|
|
|
|
|
if p.SSOSettings.Metadata != nil {
|
|
|
|
|
config.Metadata = *p.SSOSettings.Metadata
|
|
|
|
|
}
|
|
|
|
|
if p.SSOSettings.MetadataURL != nil {
|
|
|
|
|
config.MetadataURL = *p.SSOSettings.MetadataURL
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-10-16 23:35:17 +00:00
|
|
|
if p.HostExpirySettings != nil {
|
|
|
|
|
if p.HostExpirySettings.HostExpiryEnabled != nil {
|
|
|
|
|
config.HostExpiryEnabled = *p.HostExpirySettings.HostExpiryEnabled
|
|
|
|
|
}
|
|
|
|
|
if p.HostExpirySettings.HostExpiryWindow != nil {
|
|
|
|
|
config.HostExpiryWindow = *p.HostExpirySettings.HostExpiryWindow
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-05-21 15:36:00 +00:00
|
|
|
if settings := p.HostSettings; settings != nil {
|
|
|
|
|
if settings.AdditionalQueries != nil {
|
|
|
|
|
config.AdditionalQueries = settings.AdditionalQueries
|
|
|
|
|
}
|
2021-07-09 18:13:11 +00:00
|
|
|
} else {
|
|
|
|
|
config.AdditionalQueries = nil
|
2020-05-21 15:36:00 +00:00
|
|
|
}
|
|
|
|
|
|
2021-06-17 20:47:15 +00:00
|
|
|
if p.AgentOptions != nil {
|
|
|
|
|
config.AgentOptions = p.AgentOptions
|
|
|
|
|
}
|
|
|
|
|
|
2021-06-06 22:07:29 +00:00
|
|
|
populateSMTP := func(p *fleet.SMTPSettingsPayload) {
|
2017-01-18 15:05:09 +00:00
|
|
|
if p.SMTPAuthenticationMethod != nil {
|
|
|
|
|
switch *p.SMTPAuthenticationMethod {
|
2021-06-06 22:07:29 +00:00
|
|
|
case fleet.AuthMethodNameCramMD5:
|
|
|
|
|
config.SMTPAuthenticationMethod = fleet.AuthMethodCramMD5
|
|
|
|
|
case fleet.AuthMethodNamePlain:
|
|
|
|
|
config.SMTPAuthenticationMethod = fleet.AuthMethodPlain
|
|
|
|
|
case fleet.AuthMethodNameLogin:
|
|
|
|
|
config.SMTPAuthenticationMethod = fleet.AuthMethodLogin
|
2017-01-18 15:05:09 +00:00
|
|
|
default:
|
|
|
|
|
panic("unknown SMTP AuthMethod: " + *p.SMTPAuthenticationMethod)
|
|
|
|
|
}
|
2016-12-22 14:12:34 +00:00
|
|
|
}
|
2017-01-18 15:05:09 +00:00
|
|
|
if p.SMTPAuthenticationType != nil {
|
|
|
|
|
switch *p.SMTPAuthenticationType {
|
2021-06-06 22:07:29 +00:00
|
|
|
case fleet.AuthTypeNameUserNamePassword:
|
|
|
|
|
config.SMTPAuthenticationType = fleet.AuthTypeUserNamePassword
|
|
|
|
|
case fleet.AuthTypeNameNone:
|
|
|
|
|
config.SMTPAuthenticationType = fleet.AuthTypeNone
|
2017-01-18 15:05:09 +00:00
|
|
|
default:
|
|
|
|
|
panic("unknown SMTP AuthType: " + *p.SMTPAuthenticationType)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if p.SMTPDomain != nil {
|
|
|
|
|
config.SMTPDomain = *p.SMTPDomain
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if p.SMTPEnableStartTLS != nil {
|
|
|
|
|
config.SMTPEnableStartTLS = *p.SMTPEnableStartTLS
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if p.SMTPEnableTLS != nil {
|
|
|
|
|
config.SMTPEnableTLS = *p.SMTPEnableTLS
|
|
|
|
|
}
|
|
|
|
|
|
2019-11-20 05:13:15 +00:00
|
|
|
if p.SMTPPassword != nil && *p.SMTPPassword != "********" {
|
2017-01-18 15:05:09 +00:00
|
|
|
config.SMTPPassword = *p.SMTPPassword
|
2016-12-22 14:12:34 +00:00
|
|
|
}
|
2016-12-20 21:54:30 +00:00
|
|
|
|
2017-01-18 15:05:09 +00:00
|
|
|
if p.SMTPPort != nil {
|
|
|
|
|
config.SMTPPort = *p.SMTPPort
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if p.SMTPSenderAddress != nil {
|
|
|
|
|
config.SMTPSenderAddress = *p.SMTPSenderAddress
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if p.SMTPServer != nil {
|
|
|
|
|
config.SMTPServer = *p.SMTPServer
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if p.SMTPUserName != nil {
|
|
|
|
|
config.SMTPUserName = *p.SMTPUserName
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if p.SMTPVerifySSLCerts != nil {
|
|
|
|
|
config.SMTPVerifySSLCerts = *p.SMTPVerifySSLCerts
|
|
|
|
|
}
|
2016-12-20 21:54:30 +00:00
|
|
|
}
|
|
|
|
|
|
2017-01-18 15:05:09 +00:00
|
|
|
if p.SMTPSettings != nil {
|
|
|
|
|
populateSMTP(p.SMTPSettings)
|
2016-12-20 21:54:30 +00:00
|
|
|
}
|
2017-01-18 15:05:09 +00:00
|
|
|
return &config
|
2016-12-20 21:54:30 +00:00
|
|
|
}
|
2020-05-29 16:12:39 +00:00
|
|
|
|
2021-06-06 22:07:29 +00:00
|
|
|
func (svc *Service) ApplyEnrollSecretSpec(ctx context.Context, spec *fleet.EnrollSecretSpec) error {
|
|
|
|
|
if err := svc.authz.Authorize(ctx, &fleet.EnrollSecret{}, fleet.ActionWrite); err != nil {
|
2021-06-03 23:24:15 +00:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-19 22:49:53 +00:00
|
|
|
for _, s := range spec.Secrets {
|
|
|
|
|
if s.Secret == "" {
|
|
|
|
|
return errors.New("enroll secret must not be empty")
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-05-31 16:02:05 +00:00
|
|
|
return svc.ds.ApplyEnrollSecrets(nil, spec.Secrets)
|
2020-05-29 16:12:39 +00:00
|
|
|
}
|
|
|
|
|
|
2021-06-06 22:07:29 +00:00
|
|
|
func (svc *Service) GetEnrollSecretSpec(ctx context.Context) (*fleet.EnrollSecretSpec, error) {
|
|
|
|
|
if err := svc.authz.Authorize(ctx, &fleet.EnrollSecret{}, fleet.ActionRead); err != nil {
|
2021-06-03 23:24:15 +00:00
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
2021-05-31 16:02:05 +00:00
|
|
|
secrets, err := svc.ds.GetEnrollSecrets(nil)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2021-06-06 22:07:29 +00:00
|
|
|
return &fleet.EnrollSecretSpec{Secrets: secrets}, nil
|
2020-05-29 16:12:39 +00:00
|
|
|
}
|
2021-03-27 01:03:31 +00:00
|
|
|
|
2021-06-01 00:07:51 +00:00
|
|
|
func (svc *Service) Version(ctx context.Context) (*version.Info, error) {
|
2021-06-06 22:07:29 +00:00
|
|
|
if err := svc.authz.Authorize(ctx, &fleet.AppConfig{}, fleet.ActionRead); err != nil {
|
2021-06-03 23:24:15 +00:00
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-27 01:03:31 +00:00
|
|
|
info := version.Version()
|
|
|
|
|
return &info, nil
|
|
|
|
|
}
|
2021-05-20 00:29:38 +00:00
|
|
|
|
2021-06-06 22:07:29 +00:00
|
|
|
func (svc *Service) License(ctx context.Context) (*fleet.LicenseInfo, error) {
|
|
|
|
|
if err := svc.authz.Authorize(ctx, &fleet.AppConfig{}, fleet.ActionRead); err != nil {
|
2021-06-03 23:24:15 +00:00
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
2021-05-20 00:29:38 +00:00
|
|
|
return &svc.license, nil
|
|
|
|
|
}
|
2021-06-03 23:24:15 +00:00
|
|
|
|
|
|
|
|
func (svc *Service) SetupRequired(ctx context.Context) (bool, error) {
|
2021-06-06 22:07:29 +00:00
|
|
|
users, err := svc.ds.ListUsers(fleet.UserListOptions{ListOptions: fleet.ListOptions{Page: 0, PerPage: 1}})
|
2021-06-03 23:24:15 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return false, err
|
|
|
|
|
}
|
|
|
|
|
if len(users) == 0 {
|
|
|
|
|
return true, nil
|
|
|
|
|
}
|
|
|
|
|
return false, nil
|
|
|
|
|
}
|
