forked from p15670423/monkey
Island: Decouple propagation credentials from per-agent config
This commit is contained in:
parent
ae5216bf02
commit
f5134f1d3b
|
@ -68,7 +68,7 @@ class ControlChannel(IControlChannel):
|
||||||
|
|
||||||
def get_credentials_for_propagation(self) -> PropagationCredentials:
|
def get_credentials_for_propagation(self) -> PropagationCredentials:
|
||||||
propagation_credentials_url = (
|
propagation_credentials_url = (
|
||||||
f"https://{self._control_channel_server}/api/propagation-credentials/{self._agent_id}"
|
f"https://{self._control_channel_server}/api/propagation-credentials"
|
||||||
)
|
)
|
||||||
try:
|
try:
|
||||||
response = requests.get( # noqa: DUO123
|
response = requests.get( # noqa: DUO123
|
||||||
|
|
|
@ -1,17 +1,15 @@
|
||||||
from monkey_island.cc.database import mongo
|
|
||||||
from monkey_island.cc.resources.AbstractResource import AbstractResource
|
from monkey_island.cc.resources.AbstractResource import AbstractResource
|
||||||
from monkey_island.cc.services.config import ConfigService
|
from monkey_island.cc.services.config import ConfigService
|
||||||
|
|
||||||
|
|
||||||
class PropagationCredentials(AbstractResource):
|
class PropagationCredentials(AbstractResource):
|
||||||
urls = ["/api/propagation-credentials/<string:guid>"]
|
urls = ["/api/propagation-credentials"]
|
||||||
|
|
||||||
def get(self, guid: str):
|
def get(self):
|
||||||
monkey_json = mongo.db.monkey.find_one_or_404({"guid": guid})
|
config = ConfigService.get_flat_config(should_decrypt=True)
|
||||||
ConfigService.decrypt_flat_config(monkey_json["config"])
|
|
||||||
|
|
||||||
propagation_credentials = ConfigService.get_config_propagation_credentials_from_flat_config(
|
propagation_credentials = ConfigService.get_config_propagation_credentials_from_flat_config(
|
||||||
monkey_json["config"]
|
config
|
||||||
)
|
)
|
||||||
|
|
||||||
return {"propagation_credentials": propagation_credentials}
|
return {"propagation_credentials": propagation_credentials}
|
||||||
|
|
|
@ -327,34 +327,6 @@ class ConfigService:
|
||||||
def encrypt_config(config):
|
def encrypt_config(config):
|
||||||
ConfigService._encrypt_or_decrypt_config(config, False)
|
ConfigService._encrypt_or_decrypt_config(config, False)
|
||||||
|
|
||||||
@staticmethod
|
|
||||||
def decrypt_flat_config(flat_config, is_island=False):
|
|
||||||
"""
|
|
||||||
Same as decrypt_config but for a flat configuration
|
|
||||||
"""
|
|
||||||
keys = [config_arr_as_array[-1] for config_arr_as_array in ENCRYPTED_CONFIG_VALUES]
|
|
||||||
|
|
||||||
for key in keys:
|
|
||||||
if isinstance(flat_config[key], collections.Sequence) and not isinstance(
|
|
||||||
flat_config[key], str
|
|
||||||
):
|
|
||||||
# Check if we are decrypting ssh key pair
|
|
||||||
if (
|
|
||||||
flat_config[key]
|
|
||||||
and isinstance(flat_config[key][0], dict)
|
|
||||||
and "public_key" in flat_config[key][0]
|
|
||||||
):
|
|
||||||
flat_config[key] = [
|
|
||||||
decrypt_dict(SENSITIVE_SSH_KEY_FIELDS, item) for item in flat_config[key]
|
|
||||||
]
|
|
||||||
else:
|
|
||||||
flat_config[key] = [
|
|
||||||
get_datastore_encryptor().decrypt(item) for item in flat_config[key]
|
|
||||||
]
|
|
||||||
else:
|
|
||||||
flat_config[key] = get_datastore_encryptor().decrypt(flat_config[key])
|
|
||||||
return flat_config
|
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def _encrypt_or_decrypt_config(config, is_decrypt=False):
|
def _encrypt_or_decrypt_config(config, is_decrypt=False):
|
||||||
for config_arr_as_array in ENCRYPTED_CONFIG_VALUES:
|
for config_arr_as_array in ENCRYPTED_CONFIG_VALUES:
|
||||||
|
|
Loading…
Reference in New Issue