From 889c8a23787a971d3d6fbf6944393ec6c820cdc3 Mon Sep 17 00:00:00 2001
From: Shay Nehmad <shay.nehmad@guardicore.com>
Date: Mon, 16 Sep 2019 13:53:33 +0300
Subject: [PATCH] Moved user add+delete commands into `utils/users`

---
 .../post_breach/actions/add_user.py           | 53 ++-----------------
 .../actions/communicate_as_new_user.py        | 10 ++--
 .../infection_monkey/utils/linux/__init__.py  |  0
 monkey/infection_monkey/utils/linux/users.py  | 21 ++++++++
 monkey/infection_monkey/utils/users.py        | 10 ++++
 .../windows/{new_user.py => auto_new_user.py} |  8 +--
 .../infection_monkey/utils/windows/users.py   | 18 +++++++
 7 files changed, 62 insertions(+), 58 deletions(-)
 create mode 100644 monkey/infection_monkey/utils/linux/__init__.py
 create mode 100644 monkey/infection_monkey/utils/linux/users.py
 create mode 100644 monkey/infection_monkey/utils/users.py
 rename monkey/infection_monkey/utils/windows/{new_user.py => auto_new_user.py} (89%)
 create mode 100644 monkey/infection_monkey/utils/windows/users.py

diff --git a/monkey/infection_monkey/post_breach/actions/add_user.py b/monkey/infection_monkey/post_breach/actions/add_user.py
index 9bb8cfcba..09c8d4796 100644
--- a/monkey/infection_monkey/post_breach/actions/add_user.py
+++ b/monkey/infection_monkey/post_breach/actions/add_user.py
@@ -1,61 +1,16 @@
-import datetime
-
 from common.data.post_breach_consts import POST_BREACH_BACKDOOR_USER
 from infection_monkey.post_breach.pba import PBA
 from infection_monkey.config import WormConfiguration
+from infection_monkey.utils.users import get_commands_to_add_user
 
 
 class BackdoorUser(PBA):
     def __init__(self):
-        linux_cmds, windows_cmds = BackdoorUser.get_commands_to_add_user(
-            WormConfiguration.user_to_add, WormConfiguration.remote_user_pass)
+        linux_cmds, windows_cmds = get_commands_to_add_user(
+            WormConfiguration.user_to_add,
+            WormConfiguration.remote_user_pass)
         super(BackdoorUser, self).__init__(
             POST_BREACH_BACKDOOR_USER,
             linux_cmd=' '.join(linux_cmds),
             windows_cmd=windows_cmds)
 
-    @staticmethod
-    def get_commands_to_add_user(username, password):
-        linux_cmds = BackdoorUser.get_linux_commands_to_add_user(username)
-        windows_cmds = BackdoorUser.get_windows_commands_to_add_user(username, password)
-        return linux_cmds, windows_cmds
-
-    @staticmethod
-    def get_linux_commands_to_add_user(username):
-        return [
-            'useradd',
-            '-M',  # Do not create homedir
-            '--expiredate',
-            datetime.datetime.today().strftime('%Y-%m-%d'),
-            '--inactive',
-            '0',
-            '-c',  # Comment
-            'MONKEY_USER',  # Comment
-            username]
-
-    @staticmethod
-    def get_linux_commands_to_delete_user(username):
-        return [
-            'deluser',
-            username
-        ]
-
-    @staticmethod
-    def get_windows_commands_to_add_user(username, password, should_be_active=False):
-        windows_cmds = [
-            'net',
-            'user',
-            username,
-            password,
-            '/add']
-        if not should_be_active:
-            windows_cmds.append('/ACTIVE:NO')
-        return windows_cmds
-
-    @staticmethod
-    def get_windows_commands_to_delete_user(username):
-        return [
-            'net',
-            'user',
-            username,
-            '/delete']
diff --git a/monkey/infection_monkey/post_breach/actions/communicate_as_new_user.py b/monkey/infection_monkey/post_breach/actions/communicate_as_new_user.py
index 49c2404de..725bf3bda 100644
--- a/monkey/infection_monkey/post_breach/actions/communicate_as_new_user.py
+++ b/monkey/infection_monkey/post_breach/actions/communicate_as_new_user.py
@@ -5,12 +5,12 @@ import string
 import subprocess
 import time
 
+from infection_monkey.utils.windows.auto_new_user import AutoNewUser, NewUserError
 from common.data.post_breach_consts import POST_BREACH_COMMUNICATE_AS_NEW_USER
-from infection_monkey.utils.windows.new_user import NewUser, NewUserError
-from infection_monkey.post_breach.actions.add_user import BackdoorUser
 from infection_monkey.post_breach.pba import PBA
 from infection_monkey.telemetry.post_breach_telem import PostBreachTelem
 from infection_monkey.utils.environment import is_windows_os
+from infection_monkey.utils.linux.users import get_linux_commands_to_delete_user, get_linux_commands_to_add_user
 
 PING_TEST_DOMAIN = "google.com"
 
@@ -44,7 +44,7 @@ class CommunicateAsNewUser(PBA):
     def communicate_as_new_user_linux(self, username):
         try:
             # add user + ping
-            linux_cmds = BackdoorUser.get_linux_commands_to_add_user(username)
+            linux_cmds = get_linux_commands_to_add_user(username)
             commandline = "ping -c 1 {}".format(PING_TEST_DOMAIN)
             linux_cmds.extend([";", "sudo", "-u", username, commandline])
             final_command = ' '.join(linux_cmds)
@@ -52,7 +52,7 @@ class CommunicateAsNewUser(PBA):
             self.send_ping_result_telemetry(exit_status, commandline, username)
             # delete the user, async in case it gets stuck.
             _ = subprocess.Popen(
-                BackdoorUser.get_linux_commands_to_delete_user(username), stderr=subprocess.STDOUT, shell=True)
+                get_linux_commands_to_delete_user(username), stderr=subprocess.STDOUT, shell=True)
             # Leaking the process on purpose - nothing we can do if it's stuck.
         except subprocess.CalledProcessError as e:
             PostBreachTelem(self, (e.output, False)).send()
@@ -64,7 +64,7 @@ class CommunicateAsNewUser(PBA):
         import win32api
 
         try:
-            with NewUser(username, PASSWORD) as new_user:
+            with AutoNewUser(username, PASSWORD) as new_user:
                 # Using os.path is OK, as this is on windows for sure
                 ping_app_path = os.path.join(os.environ["WINDIR"], "system32", "PING.exe")
                 if not os.path.exists(ping_app_path):
diff --git a/monkey/infection_monkey/utils/linux/__init__.py b/monkey/infection_monkey/utils/linux/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/monkey/infection_monkey/utils/linux/users.py b/monkey/infection_monkey/utils/linux/users.py
new file mode 100644
index 000000000..1acc87d72
--- /dev/null
+++ b/monkey/infection_monkey/utils/linux/users.py
@@ -0,0 +1,21 @@
+import datetime
+
+
+def get_linux_commands_to_add_user(username):
+    return [
+        'useradd',
+        '-M',  # Do not create homedir
+        '--expiredate',
+        datetime.datetime.today().strftime('%Y-%m-%d'),
+        '--inactive',
+        '0',
+        '-c',  # Comment
+        'MONKEY_USER',  # Comment
+        username]
+
+
+def get_linux_commands_to_delete_user(username):
+    return [
+        'deluser',
+        username
+    ]
diff --git a/monkey/infection_monkey/utils/users.py b/monkey/infection_monkey/utils/users.py
new file mode 100644
index 000000000..68148d9e9
--- /dev/null
+++ b/monkey/infection_monkey/utils/users.py
@@ -0,0 +1,10 @@
+from infection_monkey.utils.linux.users import get_linux_commands_to_add_user
+from infection_monkey.utils.windows.users import get_windows_commands_to_add_user
+
+
+def get_commands_to_add_user(username, password):
+    linux_cmds = get_linux_commands_to_add_user(username)
+    windows_cmds = get_windows_commands_to_add_user(username, password)
+    return linux_cmds, windows_cmds
+
+
diff --git a/monkey/infection_monkey/utils/windows/new_user.py b/monkey/infection_monkey/utils/windows/auto_new_user.py
similarity index 89%
rename from monkey/infection_monkey/utils/windows/new_user.py
rename to monkey/infection_monkey/utils/windows/auto_new_user.py
index 87d2da3b8..5cf840ad1 100644
--- a/monkey/infection_monkey/utils/windows/new_user.py
+++ b/monkey/infection_monkey/utils/windows/auto_new_user.py
@@ -2,7 +2,7 @@ import logging
 import subprocess
 
 from infection_monkey.post_breach.actions.add_user import BackdoorUser
-
+from infection_monkey.utils.windows.users import get_windows_commands_to_delete_user
 
 logger = logging.getLogger(__name__)
 
@@ -11,7 +11,7 @@ class NewUserError(Exception):
     pass
 
 
-class NewUser(object):
+class AutoNewUser(object):
     """
     RAII object to use for creating and using a new user in Windows. Use with `with`.
     User will be created when the instance is instantiated.
@@ -20,7 +20,7 @@ class NewUser(object):
 
     Example:
              # Created                           # Logged on
-        with NewUser("user", "pass") as new_user:
+        with AutoNewUser("user", "pass") as new_user:
             ...
             ...
         # Logged off and deleted
@@ -64,6 +64,6 @@ class NewUser(object):
         # Try to delete user
         try:
             _ = subprocess.Popen(
-                BackdoorUser.get_windows_commands_to_delete_user(self.username), stderr=subprocess.STDOUT, shell=True)
+                get_windows_commands_to_delete_user(self.username), stderr=subprocess.STDOUT, shell=True)
         except Exception as err:
             raise NewUserError("Can't delete user {}. Info: {}".format(self.username, err))
diff --git a/monkey/infection_monkey/utils/windows/users.py b/monkey/infection_monkey/utils/windows/users.py
new file mode 100644
index 000000000..0e6847cff
--- /dev/null
+++ b/monkey/infection_monkey/utils/windows/users.py
@@ -0,0 +1,18 @@
+def get_windows_commands_to_add_user(username, password, should_be_active=False):
+    windows_cmds = [
+        'net',
+        'user',
+        username,
+        password,
+        '/add']
+    if not should_be_active:
+        windows_cmds.append('/ACTIVE:NO')
+    return windows_cmds
+
+
+def get_windows_commands_to_delete_user(username):
+    return [
+        'net',
+        'user',
+        username,
+        '/delete']