Search in sources :

Example 1 with Parameter

use of org.graylog2.contentpacks.model.parameters.Parameter in project graylog2-server by Graylog2.

the class LdapConnector method findGroups.

public Set<String> findGroups(LdapNetworkConnection connection, String groupSearchBase, String groupSearchPattern, String groupIdAttribute, @Nullable LdapEntry ldapEntry) {
    final Set<String> groups = Sets.newHashSet();
    try (final EntryCursor groupSearch = connection.search(groupSearchBase, groupSearchPattern, SearchScope.SUBTREE, "objectClass", ATTRIBUTE_UNIQUE_MEMBER, ATTRIBUTE_MEMBER, ATTRIBUTE_MEMBER_UID, groupIdAttribute)) {
        LOG.trace("LDAP search for groups: {} starting at {}", groupSearchPattern, groupSearchBase);
        for (Entry e : groupSearch) {
            if (LOG.isTraceEnabled()) {
                LOG.trace("Group Entry: {}", e.toString("  "));
            }
            if (!e.containsAttribute(groupIdAttribute)) {
                LOG.warn("Unknown group id attribute {}, skipping group entry {}", groupIdAttribute, e);
                continue;
            }
            final String groupId = e.get(groupIdAttribute).getString();
            if (ldapEntry == null) {
                // no membership lookup possible (we have no user), simply collect the found group names
                groups.add(groupId);
            } else {
                // test if the given dn parameter is actually member of any of the found groups
                String memberAttribute;
                if (e.hasObjectClass("groupOfUniqueNames")) {
                    memberAttribute = ATTRIBUTE_UNIQUE_MEMBER;
                } else if (e.hasObjectClass("groupOfNames") || e.hasObjectClass("group")) {
                    memberAttribute = ATTRIBUTE_MEMBER;
                } else if (e.hasObjectClass("posixGroup")) {
                    memberAttribute = ATTRIBUTE_MEMBER_UID;
                } else {
                    // Trying auto detection of the member attribute. This should be configurable!
                    if (e.containsAttribute(ATTRIBUTE_UNIQUE_MEMBER)) {
                        memberAttribute = ATTRIBUTE_UNIQUE_MEMBER;
                    } else if (e.containsAttribute(ATTRIBUTE_MEMBER_UID)) {
                        memberAttribute = ATTRIBUTE_MEMBER_UID;
                    } else {
                        memberAttribute = ATTRIBUTE_MEMBER;
                    }
                    LOG.warn("Unable to auto-detect the LDAP group object class, assuming '{}' is the correct attribute.", memberAttribute);
                }
                final Attribute members = e.get(memberAttribute);
                if (members != null) {
                    final String dn = normalizedDn(ldapEntry.getDn());
                    final String uid = ldapEntry.get("uid");
                    for (Value<?> member : members) {
                        LOG.trace("DN {} == {} member?", dn, member.getString());
                        if (dn != null && dn.equalsIgnoreCase(normalizedDn(member.getString()))) {
                            groups.add(groupId);
                        } else {
                            // check against the uid attribute of the user.
                            if (!isNullOrEmpty(uid) && uid.equalsIgnoreCase(member.getString())) {
                                LOG.trace("UID {} == {} member?", uid, member.getString());
                                groups.add(groupId);
                            }
                        }
                    }
                }
            }
        }
    } catch (Exception e) {
        LOG.warn("Unable to iterate over user's groups, unable to perform group mapping. Graylog does not support " + "LDAP referrals at the moment. Please see " + DocsHelper.PAGE_LDAP_TROUBLESHOOTING.toString() + " for more information.", ExceptionUtils.getRootCause(e));
    }
    return groups;
}
Also used : EntryCursor(org.apache.directory.api.ldap.model.cursor.EntryCursor) Entry(org.apache.directory.api.ldap.model.entry.Entry) LdapEntry(org.graylog2.shared.security.ldap.LdapEntry) Attribute(org.apache.directory.api.ldap.model.entry.Attribute) CursorException(org.apache.directory.api.ldap.model.cursor.CursorException) UncheckedTimeoutException(com.google.common.util.concurrent.UncheckedTimeoutException) IOException(java.io.IOException) LdapInvalidDnException(org.apache.directory.api.ldap.model.exception.LdapInvalidDnException) LdapException(org.apache.directory.api.ldap.model.exception.LdapException)

Example 2 with Parameter

use of org.graylog2.contentpacks.model.parameters.Parameter in project graylog2-server by Graylog2.

the class JestUtilsTest method executeFailsWithCustomMessage.

@Test
public void executeFailsWithCustomMessage() throws Exception {
    final Ping request = new Ping.Builder().build();
    final JestResult resultMock = mock(JestResult.class);
    when(resultMock.isSucceeded()).thenReturn(false);
    final ObjectNode responseStub = objectMapper.createObjectNode();
    final ObjectNode errorStub = objectMapper.createObjectNode();
    responseStub.set("Message", new TextNode("Authorization header requires 'Credential' parameter."));
    errorStub.set("error", responseStub);
    when(resultMock.getJsonObject()).thenReturn(errorStub);
    when(clientMock.execute(request)).thenReturn(resultMock);
    try {
        JestUtils.execute(clientMock, request, () -> "BOOM");
        fail("Expected ElasticsearchException to be thrown");
    } catch (ElasticsearchException e) {
        assertThat(e).hasMessageStartingWith("BOOM").hasMessageEndingWith("{\"Message\":\"Authorization header requires 'Credential' parameter.\"}").hasNoSuppressedExceptions();
        assertThat(e.getErrorDetails()).containsExactly("{\"Message\":\"Authorization header requires 'Credential' parameter.\"}");
    }
}
Also used : ObjectNode(com.fasterxml.jackson.databind.node.ObjectNode) Ping(io.searchbox.core.Ping) TextNode(com.fasterxml.jackson.databind.node.TextNode) ElasticsearchException(org.graylog2.indexer.ElasticsearchException) JestResult(io.searchbox.client.JestResult) Test(org.junit.Test)

Example 3 with Parameter

use of org.graylog2.contentpacks.model.parameters.Parameter in project graylog2-server by Graylog2.

the class SearchMetadataResource method metadataForObject.

@POST
@ApiOperation(value = "Metadata for the posted Search object", notes = "Intended for search objects that aren't yet persisted (e.g. for validation or interactive purposes)")
@NoAuditEvent("Only returning metadata for given search, not changing any data")
public SearchMetadata metadataForObject(@ApiParam @NotNull(message = "Search body is mandatory") SearchDTO searchDTO) {
    if (searchDTO == null) {
        throw new IllegalArgumentException("Search must not be null.");
    }
    final Search search = searchDTO.toSearch();
    final Map<String, QueryMetadata> queryMetadatas = StreamEx.of(search.queries()).toMap(Query::id, query -> queryEngine.parse(search, query));
    return SearchMetadata.create(queryMetadatas, Maps.uniqueIndex(search.parameters(), Parameter::name));
}
Also used : QueryMetadata(org.graylog.plugins.views.search.QueryMetadata) Query(org.graylog.plugins.views.search.Query) Search(org.graylog.plugins.views.search.Search) POST(javax.ws.rs.POST) ApiOperation(io.swagger.annotations.ApiOperation) NoAuditEvent(org.graylog2.audit.jersey.NoAuditEvent)

Example 4 with Parameter

use of org.graylog2.contentpacks.model.parameters.Parameter in project graylog2-server by Graylog2.

the class QueryValidationServiceImpl method toExplanation.

private List<ValidationMessage> toExplanation(String query, SearchException searchException) {
    if (searchException.error() instanceof UnboundParameterError) {
        final UnboundParameterError error = (UnboundParameterError) searchException.error();
        final List<SubstringMultilinePosition> positions = SubstringMultilinePosition.compute(query, "$" + error.parameterName() + "$");
        if (!positions.isEmpty()) {
            return positions.stream().map(p -> ValidationMessage.builder().errorType("Parameter error").errorMessage(error.description()).beginLine(p.getLine()).endLine(p.getLine()).beginColumn(p.getBeginColumn()).endColumn(p.getEndColumn()).build()).collect(Collectors.toList());
        }
    }
    return Collections.singletonList(ValidationMessage.fromException(searchException));
}
Also used : ParseException(org.apache.lucene.queryparser.classic.ParseException) Query(org.graylog.plugins.views.search.Query) Set(java.util.Set) ParameterProvider(org.graylog.plugins.views.search.ParameterProvider) MappedFieldTypesService(org.graylog2.indexer.fieldtypes.MappedFieldTypesService) Streams(com.google.common.collect.Streams) Singleton(javax.inject.Singleton) StringUtils(org.apache.commons.lang3.StringUtils) SearchException(org.graylog.plugins.views.search.errors.SearchException) Collectors(java.util.stream.Collectors) UnboundParameterError(org.graylog.plugins.views.search.errors.UnboundParameterError) Inject(javax.inject.Inject) Objects(java.util.Objects) List(java.util.List) QueryStringDecorators(org.graylog.plugins.views.search.elasticsearch.QueryStringDecorators) Stream(java.util.stream.Stream) MappedFieldTypeDTO(org.graylog.plugins.views.search.rest.MappedFieldTypeDTO) Locale(java.util.Locale) Collections(java.util.Collections) UnboundParameterError(org.graylog.plugins.views.search.errors.UnboundParameterError)

Example 5 with Parameter

use of org.graylog2.contentpacks.model.parameters.Parameter in project graylog2-server by Graylog2.

the class GelfChunkAggregator method checkForCompletion.

/**
 * Checks whether the presented gelf message chunk completes the incoming raw message and returns it if it does.
 * If the message isn't complete, it adds the chunk to the internal buffer and waits for more incoming messages.
 * Outdated chunks are being purged regularly.
 *
 * @param gelfMessage the gelf message chunk
 * @return null or a {@link org.graylog2.plugin.journal.RawMessage raw message} object
 */
@Nullable
private ByteBuf checkForCompletion(GELFMessage gelfMessage) {
    if (!chunks.isEmpty() && log.isDebugEnabled()) {
        log.debug("Dumping GELF chunk map [chunks for {} messages]:\n{}", chunks.size(), humanReadableChunkMap());
    }
    // TODO second parameter
    final GELFMessageChunk chunk = new GELFMessageChunk(gelfMessage, null);
    final int sequenceCount = chunk.getSequenceCount();
    final String messageId = chunk.getId();
    ChunkEntry entry = new ChunkEntry(sequenceCount, chunk.getArrival(), messageId);
    final ChunkEntry existing = chunks.putIfAbsent(messageId, entry);
    if (existing == null) {
        // add this chunk entry to the eviction set
        waitingMessages.inc();
        sortedEvictionSet.add(entry);
    } else {
        // the entry is already in the eviction set and chunk map
        entry = existing;
    }
    final int sequenceNumber = chunk.getSequenceNumber();
    if (!entry.payloadArray.compareAndSet(sequenceNumber, null, chunk)) {
        log.error("Received duplicate chunk {} for message {} from {}", sequenceNumber, messageId, gelfMessage.getSourceAddress());
        duplicateChunks.inc();
        return null;
    }
    final int chunkWatermark = entry.chunkSlotsWritten.incrementAndGet();
    if (chunkWatermark > MAX_CHUNKS) {
        getAndCleanupEntry(messageId);
        throw new IllegalStateException("Maximum number of chunks reached, discarding message");
    }
    if (chunkWatermark == sequenceCount) {
        // message is complete by chunk count, assemble and return it.
        // it might still be corrupt etc, but we've seen enough chunks
        // remove before operating on it, to avoid racing too much with the clean up job, some race is inevitable, though.
        entry = getAndCleanupEntry(messageId);
        final byte[][] allChunks = new byte[sequenceCount][];
        for (int i = 0; i < entry.payloadArray.length(); i++) {
            final GELFMessageChunk messageChunk = entry.payloadArray.get(i);
            if (messageChunk == null) {
                log.debug("Couldn't read chunk {} of message {}, skipping this chunk.", i, messageId);
            } else {
                allChunks[i] = messageChunk.getData();
            }
        }
        completeMessages.inc();
        return Unpooled.wrappedBuffer(allChunks);
    }
    // message isn't complete yet, check if we should remove the other parts as well
    if (isOutdated(entry)) {
        // chunks are outdated, the oldest came in over 5 seconds ago, clean them all up
        log.debug("Not all chunks of <{}> arrived within {}ms. Dropping chunks.", messageId, VALIDITY_PERIOD);
        expireEntry(messageId);
    }
    return null;
}
Also used : GELFMessageChunk(org.graylog2.inputs.codecs.gelf.GELFMessageChunk) Nullable(javax.annotation.Nullable)

Aggregations

Test (org.junit.Test)4 ApiOperation (io.swagger.annotations.ApiOperation)3 Timed (com.codahale.metrics.annotation.Timed)2 ImmutableMap (com.google.common.collect.ImmutableMap)2 ApiResponses (io.swagger.annotations.ApiResponses)2 Collections (java.util.Collections)2 Map (java.util.Map)2 Set (java.util.Set)2 Collectors (java.util.stream.Collectors)2 Nullable (javax.annotation.Nullable)2 GET (javax.ws.rs.GET)2 CursorException (org.apache.directory.api.ldap.model.cursor.CursorException)2 LdapException (org.apache.directory.api.ldap.model.exception.LdapException)2 Query (org.graylog.plugins.views.search.Query)2 ValueReference (org.graylog2.contentpacks.model.entities.references.ValueReference)2 AlertSummary (org.graylog2.rest.models.streams.alerts.AlertSummary)2 DateTime (org.joda.time.DateTime)2 JsonAutoDetect (com.fasterxml.jackson.annotation.JsonAutoDetect)1 JsonCreator (com.fasterxml.jackson.annotation.JsonCreator)1 JsonIgnore (com.fasterxml.jackson.annotation.JsonIgnore)1