cabele/rmmagent
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add: Server variables are opt-out by default

Browse source 
- Pull the Nushell and Deno versions from the server.
- Support downloading Nushell and Deno from a url (not GitHUb).
- Add support for nu config.nu and env.nu files.
- Add support for default Deno permissions.
This commit is contained in:
David Randall 2023-12-03 23:14:27 -05:00
parent 87e1b29ef6
commit 2afdfd7ab8
11 changed files with 610 additions and 387 deletions
Download patch file Download diff file Expand all files Collapse all files

568
agent/agent_unix.go
View file

@ -167,7 +167,7 @@ func NewAgentConfig() *rmm.AgentConfig {
return ret
}
func (a *Agent) RunScript(code string, shell string, args []string, timeout int, runasuser bool, envVars []string) (stdout, stderr string, exitcode int, e error) {
func (a *Agent) RunScript(code string, shell string, args []string, timeout int, runasuser bool, envVars []string, nushellEnableConfig bool, denoDefaultPermissions string) (stdout, stderr string, exitcode int, e error) {
code = removeWinNewLines(code)
content := []byte(code)
@ -197,12 +197,21 @@ func (a *Agent) RunScript(code string, shell string, args []string, timeout int,
opts.IsScript = true
switch shell {
case "nushell":
var nushellArgs []string
if nushellEnableConfig {
nushellArgs = []string{
"--config",
path.Join(nixAgentEtcDir, "nushell", "config.nu"),
"--env-config",
path.Join(nixAgentEtcDir, "nushell", "env.nu"),
}
} else {
nushellArgs = []string{"--no-config-file"}
}
opts.Shell = a.NuBin
opts.Args = append([]string{
"--no-config-file",
f.Name(),
},
args...)
opts.Args = nushellArgs
opts.Args = append(opts.Args, f.Name())
opts.Args = append(opts.Args, args...)
if !trmm.FileExists(a.NuBin) {
a.Logger.Errorln("RunScript(): Executable does not exist. Install Nu and try again:", a.NuBin)
err := errors.New("File Not Found: " + a.NuBin)
@ -225,6 +234,8 @@ func (a *Agent) RunScript(code string, shell string, args []string, timeout int,
// https://docs.deno.com/runtime/manual/basics/permissions#permissions-list
// DENO_PERMISSIONS is not an official environment variable.
// https://docs.deno.com/runtime/manual/basics/env_variables
// DENO_DEFAULT_PERMISSIONS is used if not found in the environment variables.
found := false
for i, v := range envVars {
if strings.HasPrefix(v, "DENO_PERMISSIONS=") {
permissions := strings.Split(v, "=")[1]
@ -232,9 +243,13 @@ func (a *Agent) RunScript(code string, shell string, args []string, timeout int,
// Remove the DENO_PERMISSIONS variable from the environment variables slice.
// It's possible more variables may exist with the same prefix.
envVars = append(envVars[:i], envVars[i+1:]...)
found = true
break
}
}
if !found && denoDefaultPermissions != "" {
opts.Args = append(opts.Args, strings.Split(denoDefaultPermissions, " ")...)
}
// Can't append a variadic slice after a string arg.
// https://pkg.go.dev/builtin#append
@ -536,11 +551,321 @@ func (a *Agent) GetWMIInfo() map[string]interface{} {
return wmiInfo
}
// windows only below TODO add into stub file
// InstallNushell will download nushell from GitHub and install (copy) it to nixAgentBinDir
func (a *Agent) InstallNushell(force bool) {
conf := a.GetAgentCheckInConfig(a.GetCheckInConfFromAPI())
if !conf.InstallNushell {
return
}
if trmm.FileExists(a.NuBin) {
if force {
a.Logger.Debugln(a.NuBin, "InstallNushell(): Forced install. Removing nu binary.")
err := os.Remove(a.NuBin)
if err != nil {
a.Logger.Errorln("InstallNushell(): Error removing nu binary:", err)
return
}
} else {
return
}
}
if !trmm.FileExists(nixAgentBinDir) {
err := os.MkdirAll(nixAgentBinDir, 0755)
if err != nil {
a.Logger.Errorln("InstallNushell(): Error creating nixAgentBinDir:", err)
return
}
}
if conf.NushellEnableConfig {
// Create 0-byte config files for Nushell
nushellPath := path.Join(nixAgentEtcDir, "nushell")
nushellConfig := path.Join(nushellPath, "config.nu")
nushellEnv := path.Join(nushellPath, "env.nu")
if !trmm.FileExists(nushellPath) {
err := os.MkdirAll(nushellPath, 0755)
if err != nil {
a.Logger.Errorln("InstallNushell(): Error creating nixAgentEtcDir/nushell:", err)
return
}
}
if !trmm.FileExists(nushellConfig) {
_, err := os.Create(nushellConfig)
if err != nil {
a.Logger.Errorln("InstallNushell(): Error creating nushell config.nu:", err)
return
}
err = os.Chmod(nushellConfig, 0744)
if err != nil {
a.Logger.Errorln("InstallNushell(): Error changing permissions for nushell config.nu:", err)
return
}
}
if !trmm.FileExists(nushellEnv) {
_, err := os.Create(nushellEnv)
if err != nil {
a.Logger.Errorln("InstallNushell(): Error creating nushell env.nu:", err)
return
}
err = os.Chmod(nushellEnv, 0744)
if err != nil {
a.Logger.Errorln("InstallNushell(): Error changing permissions for nushell env.nu:", err)
return
}
}
}
var (
assetName string
url string
targzDirName string
)
if conf.InstallNushellUrl != "" {
url = conf.InstallNushellUrl
url = strings.Replace(url, "{OS}", runtime.GOOS, -1)
url = strings.Replace(url, "{ARCH}", runtime.GOARCH, -1)
url = strings.Replace(url, "{VERSION}", conf.InstallNushellVersion, -1)
} else {
switch runtime.GOOS {
case "darwin":
switch runtime.GOARCH {
case "arm64":
// https://github.com/nushell/nushell/releases/download/0.87.0/nu-0.87.0-aarch64-darwin-full.tar.gz
assetName = fmt.Sprintf("nu-%s-aarch64-darwin-full.tar.gz", conf.InstallNushellVersion)
default:
a.Logger.Debugln("InstallNushell(): Unsupported architecture and OS:", runtime.GOARCH, runtime.GOOS)
return
}
case "linux":
switch runtime.GOARCH {
case "amd64":
// https://github.com/nushell/nushell/releases/download/0.87.0/nu-0.87.0-x86_64-linux-musl-full.tar.gz
assetName = fmt.Sprintf("nu-%s-x86_64-linux-musl-full.tar.gz", conf.InstallNushellVersion)
case "arm64":
// https://github.com/nushell/nushell/releases/download/0.87.0/nu-0.87.0-aarch64-linux-gnu-full.tar.gz
assetName = fmt.Sprintf("nu-%s-aarch64-linux-gnu-full.tar.gz", conf.InstallNushellVersion)
default:
a.Logger.Debugln("InstallNushell(): Unsupported architecture and OS:", runtime.GOARCH, runtime.GOOS)
return
}
default:
a.Logger.Debugln("InstallNushell(): Unsupported OS:", runtime.GOOS)
return
}
url = fmt.Sprintf("https://github.com/nushell/nushell/releases/download/%s/%s", conf.InstallNushellVersion, assetName)
}
a.Logger.Debugln("InstallNushell(): Nu download url:", url)
tmpDir, err := os.MkdirTemp("", "trmm")
if err != nil {
a.Logger.Errorln("InstallNushell(): Error creating temp directory:", err)
return
}
defer func(path string) {
err := os.RemoveAll(path)
if err != nil {
a.Logger.Errorln("InstallNushell(): Error removing temp directory:", err)
}
}(tmpDir)
tmpAssetName := filepath.Join(tmpDir, assetName)
a.Logger.Debugln("InstallNushell(): tmpAssetName:", tmpAssetName)
rClient := resty.New()
rClient.SetTimeout(20 * time.Minute)
rClient.SetRetryCount(10)
rClient.SetRetryWaitTime(1 * time.Minute)
rClient.SetRetryMaxWaitTime(15 * time.Minute)
if len(a.Proxy) > 0 {
rClient.SetProxy(a.Proxy)
}
r, err := rClient.R().SetOutput(tmpAssetName).Get(url)
if err != nil {
a.Logger.Errorln("InstallNushell(): Unable to download nu:", err)
return
}
if r.IsError() {
a.Logger.Errorln("InstallNushell(): Unable to download nu. Status code:", r.StatusCode())
return
}
if conf.InstallNushellUrl != "" {
// InstallNushellUrl is not compressed.
err = copyFile(path.Join(tmpDir, tmpAssetName), a.NuBin)
if err != nil {
a.Logger.Errorln("InstallNushell(): Failed to copy nu file to install dir:", err)
return
}
} else {
// GitHub asset is tar.gz compressed.
targzDirName, err = a.ExtractTarGz(tmpAssetName, tmpDir)
if err != nil {
a.Logger.Errorln("InstallNushell(): Failed to extract downloaded tar.gz file:", err)
return
}
err = copyFile(path.Join(tmpDir, targzDirName, "nu"), a.NuBin)
if err != nil {
a.Logger.Errorln("InstallNushell(): Failed to copy nu file to install dir:", err)
return
}
}
err = os.Chmod(a.NuBin, 0755)
if err != nil {
a.Logger.Errorln("InstallNushell(): Failed to chmod nu binary:", err)
return
}
}
// InstallDeno will download deno from GitHub and install (copy) it to nixAgentBinDir
func (a *Agent) InstallDeno(force bool) {
conf := a.GetAgentCheckInConfig(a.GetCheckInConfFromAPI())
if !conf.InstallDeno {
return
}
if trmm.FileExists(a.DenoBin) {
if force {
a.Logger.Debugln(a.NuBin, "InstallDeno(): Forced install. Removing deno binary.")
err := os.Remove(a.DenoBin)
if err != nil {
a.Logger.Errorln("InstallDeno(): Error removing deno binary:", err)
return
}
} else {
return
}
}
if !trmm.FileExists(nixAgentBinDir) {
err := os.MkdirAll(nixAgentBinDir, 0755)
if err != nil {
a.Logger.Errorln("InstallDeno(): Error creating nixAgentBinDir:", err)
return
}
}
var (
assetName string
url string
)
if conf.InstallDenoUrl != "" {
url = conf.InstallDenoUrl
url = strings.Replace(url, "{OS}", runtime.GOOS, -1)
url = strings.Replace(url, "{ARCH}", runtime.GOARCH, -1)
url = strings.Replace(url, "{VERSION}", conf.InstallDenoVersion, -1)
} else {
switch runtime.GOOS {
case "darwin":
switch runtime.GOARCH {
case "arm64":
// https://github.com/denoland/deno/releases/download/v1.38.2/deno-aarch64-apple-darwin.zip
assetName = fmt.Sprintf("deno-aarch64-apple-darwin.zip")
case "amd64":
// https://github.com/denoland/deno/releases/download/v1.38.2/deno-x86_64-apple-darwin.zip
assetName = fmt.Sprintf("deno-x86_64-apple-darwin.zip")
default:
a.Logger.Debugln("InstallDeno(): Unsupported architecture and OS:", runtime.GOARCH, runtime.GOOS)
return
}
case "linux":
switch runtime.GOARCH {
case "amd64":
// https://github.com/denoland/deno/releases/download/v1.38.2/deno-x86_64-unknown-linux-gnu.zip
assetName = fmt.Sprintf("deno-x86_64-unknown-linux-gnu.zip")
default:
a.Logger.Debugln("InstallDeno(): Unsupported architecture and OS:", runtime.GOARCH, runtime.GOOS)
return
}
default:
a.Logger.Debugln("InstallDeno(): Unsupported OS:", runtime.GOOS)
return
}
url = fmt.Sprintf("https://github.com/denoland/deno/releases/download/%s/%s", conf.InstallDenoVersion, assetName)
}
a.Logger.Debugln("InstallDeno(): Deno download url:", url)
tmpDir, err := os.MkdirTemp("", "trmm")
if err != nil {
a.Logger.Errorln("InstallDeno(): Error creating temp directory:", err)
return
}
defer func(path string) {
err := os.RemoveAll(path)
if err != nil {
a.Logger.Errorln("InstallDeno(): Error removing temp directory:", err)
}
}(tmpDir)
tmpAssetName := filepath.Join(tmpDir, assetName)
a.Logger.Debugln("InstallDeno(): tmpAssetName:", tmpAssetName)
rClient := resty.New()
rClient.SetTimeout(20 * time.Minute)
rClient.SetRetryCount(10)
rClient.SetRetryWaitTime(1 * time.Minute)
rClient.SetRetryMaxWaitTime(15 * time.Minute)
if len(a.Proxy) > 0 {
rClient.SetProxy(a.Proxy)
}
r, err := rClient.R().SetOutput(tmpAssetName).Get(url)
if err != nil {
a.Logger.Errorln("InstallDeno(): Unable to download deno:", err)
return
}
if r.IsError() {
a.Logger.Errorln("InstallDeno(): Unable to download deno. Status code:", r.StatusCode())
return
}
if conf.InstallDenoUrl != "" {
// InstallDenoUrl is not compressed.
err = copyFile(path.Join(tmpDir, tmpAssetName), a.DenoBin)
if err != nil {
a.Logger.Errorln("InstallDeno(): Failed to copy deno file to install dir:", err)
return
}
} else {
// GitHub asset is zip compressed.
err = Unzip(tmpAssetName, tmpDir)
if err != nil {
a.Logger.Errorln("InstallDeno(): Failed to unzip downloaded zip file:", err)
return
}
err = copyFile(path.Join(tmpDir, "deno"), a.DenoBin)
if err != nil {
a.Logger.Errorln("InstallDeno(): Failed to copy deno file to install dir:", err)
return
}
}
err = os.Chmod(a.DenoBin, 0755)
if err != nil {
a.Logger.Errorln("InstallDeno(): Failed to chmod deno binary:", err)
return
}
}
// GetAgentCheckInConfig will get the agent configuration from the server.
// The Windows agent stores the configuration in the registry. The UNIX agent does not store the config.
// @return AgentCheckInConfig
func (a *Agent) GetAgentCheckInConfig(ret AgentCheckInConfig) AgentCheckInConfig {
// TODO: Persist the config to disk.
return ret
}
// windows only below TODO add into stub file
func (a *Agent) PlatVer() (string, error) { return "", nil }
func (a *Agent) SendSoftware() {}
@ -553,235 +878,6 @@ func GetServiceStatus(name string) (string, error) { return "", nil }
func (a *Agent) GetPython(force bool) {}
// GetNushell will download nushell from GitHub and install (copy) it to nixAgentBinDir
func (a *Agent) GetNushell(force bool) {
if trmm.FileExists(a.NuBin) {
if force {
err := os.Remove(a.NuBin)
if err != nil {
a.Logger.Errorln("GetNushell(): Error removing nu binary:", err)
return
}
} else {
return
}
}
if !trmm.FileExists(nixAgentBinDir) {
err := os.MkdirAll(nixAgentBinDir, 0755)
if err != nil {
a.Logger.Errorln("GetNushell(): Error creating nixAgentBinDir:", err)
return
}
}
var (
assetName string
url string
targzDirName string
)
switch runtime.GOOS {
case "darwin":
switch runtime.GOARCH {
case "arm64":
// https://github.com/nushell/nushell/releases/download/0.87.0/nu-0.87.0-aarch64-darwin-full.tar.gz
assetName = fmt.Sprintf("nu-%s-aarch64-darwin-full.tar.gz", nuVersion)
default:
a.Logger.Debugln("GetNushell(): Unsupported architecture and OS:", runtime.GOARCH, runtime.GOOS)
return
}
case "linux":
switch runtime.GOARCH {
case "amd64":
// https://github.com/nushell/nushell/releases/download/0.87.0/nu-0.87.0-x86_64-linux-musl-full.tar.gz
assetName = fmt.Sprintf("nu-%s-x86_64-linux-musl-full.tar.gz", nuVersion)
case "arm64":
// https://github.com/nushell/nushell/releases/download/0.87.0/nu-0.87.0-aarch64-linux-gnu-full.tar.gz
assetName = fmt.Sprintf("nu-%s-aarch64-linux-gnu-full.tar.gz", nuVersion)
default:
a.Logger.Debugln("GetNushell(): Unsupported architecture and OS:", runtime.GOARCH, runtime.GOOS)
return
}
default:
a.Logger.Debugln("GetNushell(): Unsupported OS:", runtime.GOOS)
return
}
url = fmt.Sprintf("https://github.com/nushell/nushell/releases/download/%s/%s", nuVersion, assetName)
a.Logger.Debugln("GetNushell(): Nu download url:", url)
tmpDir, err := os.MkdirTemp("", "trmm")
if err != nil {
a.Logger.Errorln("GetNushell(): Error creating temp directory:", err)
return
}
defer func(path string) {
err := os.RemoveAll(path)
if err != nil {
a.Logger.Errorln("GetNushell(): Error removing temp directory:", err)
}
}(tmpDir)
tmpAssetName := filepath.Join(tmpDir, assetName)
a.Logger.Debugln("GetNushell(): tmpAssetName:", tmpAssetName)
rClient := resty.New()
rClient.SetTimeout(20 * time.Minute)
rClient.SetRetryCount(10)
rClient.SetRetryWaitTime(1 * time.Minute)
rClient.SetRetryMaxWaitTime(15 * time.Minute)
if len(a.Proxy) > 0 {
rClient.SetProxy(a.Proxy)
}
r, err := rClient.R().SetOutput(tmpAssetName).Get(url)
if err != nil {
a.Logger.Errorln("GetNushell(): Unable to download nu from github.", err)
return
}
if r.IsError() {
a.Logger.Errorln("GetNushell(): Unable to download nu from github. Status code", r.StatusCode())
return
}
targzDirName, err = a.ExtractTarGz(tmpAssetName, tmpDir)
if err != nil {
a.Logger.Errorln("GetNushell(): Failed to extract downloaded tar.gz file:", err)
return
}
err = copyFile(path.Join(tmpDir, targzDirName, "nu"), a.NuBin)
if err != nil {
a.Logger.Errorln("GetNushell(): Failed to copy nu file to install dir:", err)
return
}
err = os.Chmod(a.NuBin, 0755)
if err != nil {
a.Logger.Errorln("GetNushell(): Failed to chmod nu binary:", err)
return
}
}
// GetDeno will download deno from GitHub and install (copy) it to nixAgentBinDir
func (a *Agent) GetDeno(force bool) {
if trmm.FileExists(a.DenoBin) {
if force {
err := os.Remove(a.DenoBin)
if err != nil {
a.Logger.Errorln("GetDeno(): Error removing deno binary:", err)
return
}
} else {
return
}
}
if !trmm.FileExists(nixAgentBinDir) {
err := os.MkdirAll(nixAgentBinDir, 0755)
if err != nil {
a.Logger.Errorln("GetDeno(): Error creating nixAgentBinDir:", err)
return
}
}
var (
assetName string
url string
)
switch runtime.GOOS {
case "darwin":
switch runtime.GOARCH {
case "arm64":
// https://github.com/denoland/deno/releases/download/v1.38.2/deno-aarch64-apple-darwin.zip
assetName = fmt.Sprintf("deno-aarch64-apple-darwin.zip")
case "amd64":
// https://github.com/denoland/deno/releases/download/v1.38.2/deno-x86_64-apple-darwin.zip
assetName = fmt.Sprintf("deno-x86_64-apple-darwin.zip")
default:
a.Logger.Debugln("GetDeno(): Unsupported architecture and OS:", runtime.GOARCH, runtime.GOOS)
return
}
case "linux":
switch runtime.GOARCH {
case "amd64":
// https://github.com/denoland/deno/releases/download/v1.38.2/deno-x86_64-unknown-linux-gnu.zip
assetName = fmt.Sprintf("deno-x86_64-unknown-linux-gnu.zip")
default:
a.Logger.Debugln("GetDeno(): Unsupported architecture and OS:", runtime.GOARCH, runtime.GOOS)
return
}
default:
a.Logger.Debugln("GetDeno(): Unsupported OS:", runtime.GOOS)
return
}
url = fmt.Sprintf("https://github.com/denoland/deno/releases/download/%s/%s", denoVersion, assetName)
a.Logger.Debugln("GetDeno(): Deno download url:", url)
tmpDir, err := os.MkdirTemp("", "trmm")
if err != nil {
a.Logger.Errorln("GetDeno(): Error creating temp directory:", err)
return
}
defer func(path string) {
err := os.RemoveAll(path)
if err != nil {
a.Logger.Errorln("GetDeno(): Error removing temp directory:", err)
}
}(tmpDir)
tmpAssetName := filepath.Join(tmpDir, assetName)
a.Logger.Debugln("GetDeno(): tmpAssetName:", tmpAssetName)
if !trmm.FileExists(nixAgentBinDir) {
err = os.MkdirAll(nixAgentBinDir, 0755)
if err != nil {
a.Logger.Errorln("GetDeno(): Error creating nixAgentBinDir:", err)
return
}
}
rClient := resty.New()
rClient.SetTimeout(20 * time.Minute)
rClient.SetRetryCount(10)
rClient.SetRetryWaitTime(1 * time.Minute)
rClient.SetRetryMaxWaitTime(15 * time.Minute)
if len(a.Proxy) > 0 {
rClient.SetProxy(a.Proxy)
}
r, err := rClient.R().SetOutput(tmpAssetName).Get(url)
if err != nil {
a.Logger.Errorln("GetDeno(): Unable to download deno from github.", err)
return
}
if r.IsError() {
a.Logger.Errorln("GetDeno(): Unable to download deno from github. Status code", r.StatusCode())
return
}
err = Unzip(tmpAssetName, tmpDir)
if err != nil {
a.Logger.Errorln("GetDeno(): Failed to unzip downloaded zip file:", err)
return
}
err = copyFile(path.Join(tmpDir, "deno"), a.DenoBin)
if err != nil {
a.Logger.Errorln("GetDeno(): Failed to copy deno file to install dir:", err)
return
}
err = os.Chmod(a.DenoBin, 0755)
if err != nil {
a.Logger.Errorln("GetDeno(): Failed to chmod deno binary:", err)
return
}
}
type SchedTask struct{ Name string }
func (a *Agent) PatchMgmnt(enable bool) error { return nil }