public function getSshAccess($executionRecordUuid) { $permission = UserPermission::where('user_uid', '=', Session::get('user_uid'))->where('permission_code', '=', 'ssh-access')->first(); if (!$permission) { return Response::make('You do not have permission to access SSH information.', 401); } $record = ExecutionRecord::where('execution_record_uuid', '=', $executionRecordUuid)->first(); $attempts = 30; // look up ip // do { if ($attempts < 30) { sleep(1); } $dns = Config::get('app.nameserver'); $host = $record->vm_hostname; $ip = `nslookup {$host} {$dns}`; $vm_ip = array(); if (preg_match_all('/Address: ((?:\\d{1,3}\\.){3}\\d{1,3})/', $ip, $match) > 0) { $vm_ip = $match[1][0]; } $attempts--; } while (!$vm_ip && $attempts > 0); if (!$vm_ip) { return Response::make('Request timed out.', 500); } // floodlight rules // $address = Config::get('app.floodlight') . '/wm/core/controller/switches/json'; $result = `curl -X GET {$address}`; $switches = json_decode($result); $results = array(); $id = 1; foreach ($switches as $switch) { $results[] = $switch->dpid; $address = Config::get('app.floodlight') . '/wm/staticflowentrypusher/json'; $data = json_encode(array('switch' => $switch->dpid, 'name' => $record->vm_hostname . '-' . $_SERVER['REMOTE_ADDR'] . "-{$id}", 'priority' => '65', 'src-ip' => $_SERVER['REMOTE_ADDR'] . '/32', 'dst-ip' => $vm_ip . '/32', 'ether-type' => '2048', 'active' => 'true', 'actions' => 'output=flood')); $results[] = `curl -X POST -d '{$data}' {$address}`; $id++; $data = json_encode(array('switch' => $switch->dpid, 'name' => $record->vm_hostname . '-' . $_SERVER['REMOTE_ADDR'] . "-{$id}", 'priority' => '65', 'src-ip' => $vm_ip . '/32', 'dst-ip' => $_SERVER['REMOTE_ADDR'] . '/32', 'ether-type' => '2048', 'active' => 'true', 'actions' => 'output=flood')); $results[] = `curl -X POST -d '{$data}' {$address}`; $id++; } // make floodlight request // return array('src_ip' => $_SERVER['REMOTE_ADDR'], 'vm_hostname' => $record->vm_hostname, 'vm_ip' => $vm_ip, 'vm_username' => $record->vm_username, 'vm_password' => $record->vm_password); }
private function checkPermissions($assessmentRun) { $tool = Tool::where('tool_uuid', '=', $assessmentRun->tool_uuid)->first(); if ($tool->policy_code) { $user = User::getIndex(Session::get('user_uid')); switch ($tool->policy_code) { case 'parasoft-user-c-test-policy': case 'parasoft-user-j-test-policy': $permission = Permission::where('policy_code', '=', $tool->policy_code)->first(); $project = Project::where('project_uid', '=', $assessmentRun->project_uuid)->first(); $projectOwner = $project->owner; if (!$permission || !$project || !$projectOwner) { return Response::json(array('status' => 'error'), 404); } $userPermission = UserPermission::where('permission_code', '=', $permission->permission_code)->where('user_uid', '=', $projectOwner['user_uid'])->first(); $userPermissionProject = UserPermissionProject::where('user_permission_uid', '=', $userPermission->user_permission_uid)->where('project_uid', '=', $project->project_uid)->first(); // if the permission doesn't exist or isn't valid, return error // if (!$userPermission) { return Response::json(array('status' => 'owner_no_permission', 'project_name' => $project->full_name, 'tool_name' => $tool->name), 404); } if ($userPermission->status !== 'granted') { return Response::json(array('status' => 'owner_no_permission', 'project_name' => $project->full_name, 'tool_name' => $tool->name), 401); } // if the project hasn't been designated, return error // if (!$userPermissionProject) { return Response::json(array('status' => 'no_project', 'project_name' => $project->full_name, 'tool_name' => $tool->name), 404); } $userPolicy = UserPolicy::where('policy_code', '=', $tool->policy_code)->where('user_uid', '=', $user->user_uid)->first(); // if the policy hasn't been accepted, return error // $policyResponse = Response::json(array('status' => 'no_policy', 'policy' => $tool->policy, 'policy_code' => $tool->policy_code, 'tool' => $tool), 404); if ($userPolicy) { if ($userPolicy->accept_flag != '1') { return $policyResponse; } } else { return $policyResponse; } break; default: break; } } return true; }
public function designateProject($userPermissionUid, $projectUid) { $up = UserPermission::where('user_permission_uid', '=', $userPermissionUid)->first(); $p = Project::where('project_uid', '=', $projectUid)->first(); $user = User::getIndex(Session::get('user_uid')); if (!($up && $p && $user)) { return Response::make('Unable to find permission information.', 404); } if (!$user->isAdmin() && $user->user_uid != $p->owner['user_uid']) { return Response::make('User does not have permission to designate a project.', 401); } $upp = new UserPermissionProject(array('user_permission_project_uid' => GUID::create(), 'user_permission_uid' => $userPermissionUid, 'project_uid' => $projectUid)); $upp->save(); return $upp; }
public function getSshAccessFlagAttribute() { $sshAccessPermission = UserPermission::where('user_uid', '=', $this->user_uid)->where('permission_code', '=', 'ssh-access')->first(); return $sshAccessPermission ? $sshAccessPermission->getStatus() == 'granted' ? 1 : 0 : 0; }
public function getParasoftPermissionStatus($package, $project, $user) { // No project provided // if (!$project) { return Response::json(array('status' => 'no_project'), 404); } // Current user is the project owner // if ($user->user_uid === $project->owner['user_uid']) { $permission_code = $this->getParasoftPermissionCode(); // check for parasoft c test permission // $up = UserPermission::where('user_uid', '=', $user->user_uid)->where('permission_code', '=', $permission_code)->first(); // user has permission // if ($up && $up->status === 'granted') { // user parasoft permission is bound to this project // if (UserPermissionProject::where('user_permission_uid', '=', $up->user_permission_uid)->where('project_uid', '=', $project->project_uid)->first()) { $permission = Permission::where('permission_code', '=', $permission_code)->first(); if (UserPolicy::where('user_uid', '=', $user->user_uid)->where('policy_code', '=', $permission->policy_code)->where('accept_flag', '=', 1)->first()) { return Response::json(array('status' => 'granted', 'user_permission_uid' => $up->user_permission_uid), 200); } else { return Response::json(array('status' => 'no_user_policy', 'policy' => $permission->policy, 'policy_code' => $permission->policy_code), 404); } } else { // not bound, trigger user prompt on front end // return Response::json(array('status' => 'project_unbound', 'user_permission_uid' => $up->user_permission_uid), 404); } // user does not have permission // } else { return Response::json(array('status' => 'no_permission'), 401); } // current user is not the project owner // } else { // check that current user is a project member // $pm = ProjectMembership::where('user_uid', '=', $user->user_uid)->where('project_uid', '=', $project->project_uid)->first(); if (!$pm) { return Response::json(array('status' => 'no_project_membership'), 401); } // c test // $permission_code = $this->getParasoftPermissionCode(); // check for parasoft c test permission // $op = UserPermission::where('user_uid', '=', $project->owner['user_uid'])->where('permission_code', '=', $permission_code)->first(); // owner has permission // if ($op && $op->status === 'granted') { // user parasoft permission is bound to this project // if (UserPermissionProject::where('user_permission_uid', '=', $op->user_permission_uid)->where('project_uid', '=', $project->project_uid)->first()) { $permission = Permission::where('permission_code', '=', $permission_code)->first(); if (UserPolicy::where('user_uid', '=', $user->user_uid)->where('policy_code', '=', $permission->policy_code)->where('accept_flag', '=', 1)->first()) { return Response::json(array('status' => 'granted', 'user_permission_uid' => $op->user_permission_uid), 200); } else { return Response::json(array('status' => 'no_user_policy', 'policy' => $permission->policy, 'policy_code' => $permission->policy_code), 404); } } else { // not bound, trigger user prompt on front end // return Response::json(array('status' => 'member_project_unbound'), 404); } // owner does not have permission // } else { return Response::json(array('status' => 'owner_no_permission'), 401); } } }