vertexproject · invisig0th · Jul 2, 2024 · Jul 2, 2024 · Jul 2, 2024 · Jul 3, 2024
diff --git a/synapse/cortex.py b/synapse/cortex.py
@@ -1292,6 +1292,13 @@ def _initCorePerms(self):
              'desc': 'Controls the ability to check if the Axon contains a file.'},
             {'perm': ('axon', 'del'), 'gate': 'cortex',
              'desc': 'Controls the ability to remove a file from the Axon.'},
+
+            {'perm': ('cron', 'kill'), 'gate': 'cronjob',
+             'desc': 'Controls the ability to terminate a running cron job.'},
+            {'perm': ('cron', 'set'), 'gate': 'cronjob',
+             'desc': 'Controls the ability to set any editable property on a cron job.'},
+            {'perm': ('cron', 'set', '<name>'), 'gate': 'cronjob',
+             'desc': 'Controls the ability to set the named editable property on a cron job.'},
         ))
         for pdef in self._cortex_permdefs:
             s_storm.reqValidPermDef(pdef)
@@ -5645,6 +5652,7 @@ async def delCronJob(self, iden):
         Args:
             iden (bytes):  The iden of the cron job to be deleted
         '''
+        await self._killCronTask(iden)
         try:
             await self.agenda.delete(iden)
         except s_exc.NoSuchIden:
@@ -5684,8 +5692,28 @@ async def disableCronJob(self, iden):
             iden (bytes):  The iden of the cron job to be changed
         '''
         await self.agenda.disable(iden)
+        await self._killCronTask(iden)
         await self.feedBeholder('cron:disable', {'iden': iden}, gates=[iden])
 
+    async def killCronTask(self, iden):
+        if self.agenda.appts.get(iden) is None:
+            return False
+        return await self._push('cron:task:kill', iden)
+
+    @s_nexus.Pusher.onPush('cron:task:kill')
+    async def _killCronTask(self, iden):
+
+        appt = self.agenda.appts.get(iden)
+        if appt is None:
+            return False
+
+        task = appt.task
+        if task is None:
+            return False
+
+        await task.kill()
+        return True
+
     async def listCronJobs(self):
         '''
         Get information about all the cron jobs accessible to the current user

diff --git a/synapse/lib/agenda.py b/synapse/lib/agenda.py
@@ -274,6 +274,7 @@ class _Appt:
     def __init__(self, stor, iden, recur, indx, query, creator, recs, nexttime=None, view=None, created=None, pool=False):
         self.doc = ''
         self.name = ''
+        self.task = None
         self.stor = stor
         self.pool = pool
         self.iden = iden
@@ -779,7 +780,12 @@ async def _execute(self, appt):
 
         coro = self._runJob(user, appt)
         task = self.core.runActiveTask(coro)
+
         appt.task = await self.core.boss.promotetask(task, f'Cron {appt.iden}', user, info=info)
+        async def fini():
+            appt.task = None
+
+        appt.task.onfini(fini)
 
     async def _markfailed(self, appt, reason):
         now = self._getNowTick()

diff --git a/synapse/lib/layer.py b/synapse/lib/layer.py
@@ -217,7 +217,7 @@ async def getIden(self):
 STOR_TYPE_LOC = 15
 STOR_TYPE_TAG = 16
 STOR_TYPE_FQDN = 17
-STOR_TYPE_IPV6 = 18
+STOR_TYPE_IPV6 = 18     # retired....
 
 STOR_TYPE_U128 = 19
 STOR_TYPE_I128 = 20
@@ -230,6 +230,8 @@ async def getIden(self):
 STOR_TYPE_MAXTIME = 24
 STOR_TYPE_NDEF = 25
 
+STOR_TYPE_IPADDR = 26
+
 STOR_FLAG_ARRAY = 0x8000
 
 # Edit types (etyp)
@@ -1378,6 +1380,79 @@ async def _liftMsgpEq(self, liftby, valu, reverse=False):
     def indx(self, valu):
         return (s_common.buid(valu),)
 
+class StorTypeIPAddr(StorType):
+
+    def __init__(self, layr):
+        StorType.__init__(self, layr, STOR_TYPE_IPADDR)
+        self.lifters.update({
+            '=': self._liftAddrEq,
+            '<': self._liftAddrLt,
+            '>': self._liftAddrGt,
+            '<=': self._liftAddrLe,
+            '>=': self._liftAddrGe,
+            'range=': self._liftAddrRange,
+        })
+
+    async def _liftAddrEq(self, liftby, valu, reverse=False):
+        indx = self._getIndxByts(valu)
+        for item in liftby.keyNidsByDups(indx, reverse=reverse):
+            yield item
+
+    def _getMaxIndx(self, valu):
+
+        if valu[0] == 4:
+            return b'\x04\xff\xff\xff\xff'
+
+        return b'\x06\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff'
+
+    def _getMinIndx(self, valu):
+
+        if valu[0] == 4:
+            return b'\x04\x00\x00\x00\x00'
+
+        return b'\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
+
+    async def _liftAddrLe(self, liftby, valu, reverse=False):
+        minindx = self._getMinIndx(valu)
+        maxindx = self._getIndxByts(valu)
+        for item in liftby.keyNidsByRange(minindx, maxindx, reverse=reverse):
+            yield item
+
+    async def _liftAddrGe(self, liftby, valu, reverse=False):
+        minindx = self._getIndxByts(valu)
+        maxindx = self._getMaxIndx(valu)
+        for item in liftby.keyNidsByRange(minindx, maxindx, reverse=reverse):
+            yield item
+
+    async def _liftAddrLt(self, liftby, valu, reverse=False):
+        async for item in self._liftAddrLe(liftby, (valu[0], valu[1] - 1), reverse=reverse):
+            yield item
+
+    async def _liftAddrGt(self, liftby, valu, reverse=False):
+        async for item in self._liftAddrGe(liftby, (valu[0], valu[1] + 1), reverse=reverse):
+            yield item
+
+    async def _liftAddrRange(self, liftby, valu, reverse=False):
+
+        minindx = self._getIndxByts(valu[0])
+        maxindx = self._getIndxByts(valu[1])
+        for item in liftby.keyNidsByRange(minindx, maxindx, reverse=reverse):
+            yield item
+
+    def indx(self, valu):
+        return (self._getIndxByts(valu),)
+
+    def _getIndxByts(self, valu):
+
+        if valu[0] == 4:
+            return b'\x04' + valu[1].to_bytes(4, 'big')
+
+        if valu[0] == 6:
+            return b'\x06' + valu[1].to_bytes(16, 'big')
+
+        mesg = 'Invalid STOR_TYPE_IPADDR: {valu}'
+        raise s_exc.BadTypeValu(mesg=mesg)
+
 class StorTypeNdef(StorType):
 
     def __init__(self, layr):
@@ -1566,6 +1641,7 @@ async def __anit__(self, core, layrinfo):
 
             StorTypeTime(self),  # STOR_TYPE_MAXTIME
             StorTypeNdef(self),
+            StorTypeIPAddr(self),
         ]
 
         self.ivaltimetype = self.stortypes[STOR_TYPE_IVAL].timetype

diff --git a/synapse/lib/stormtypes.py b/synapse/lib/stormtypes.py
@@ -8316,9 +8316,9 @@ async def set(self, name, valu):
             valu = await tostr(valu)
 
         if name == 'user':
-            self.runt.user.confirm(('trigger', 'set', 'user'))
+            self.runt.confirm(('trigger', 'set', 'user'))
         else:
-            self.runt.user.confirm(('trigger', 'set', name), gateiden=viewiden)
+            self.runt.confirm(('trigger', 'set', name), gateiden=viewiden)
 
         await self.runt.view.setTriggerInfo(trigiden, name, valu)
 
@@ -9143,14 +9143,19 @@ class CronJob(Prim):
                       {'name': 'valu', 'type': 'any', 'desc': 'The value to set on the definition.', },
                   ),
                   'returns': {'type': 'cronjob', 'desc': 'The ``cronjob``', }}},
+
+        {'name': 'kill', 'desc': 'If the job is currently running, terminate the task.',
+         'type': {'type': 'function', '_funcname': '_methCronJobKill',
+                  'returns': {'type': 'boolean', 'desc': 'A boolean value which is true if the task was terminated.'}}},
+
         {'name': 'pack', 'desc': 'Get the Cronjob definition.',
          'type': {'type': 'function', '_funcname': '_methCronJobPack',
-                  'returns': {'type': 'dict', 'desc': 'The definition.', }}},
+                  'returns': {'type': 'dict', 'desc': 'The definition.'}}},
         {'name': 'pprint', 'desc': 'Get a dictionary containing user friendly strings for printing the CronJob.',
          'type': {'type': 'function', '_funcname': '_methCronJobPprint',
                   'returns':
                       {'type': 'dict',
-                       'desc': 'A dictionary containing structured data about a cronjob for display purposes.', }}},
+                       'desc': 'A dictionary containing structured data about a cronjob for display purposes.'}}},
     )
     _storm_typename = 'cronjob'
     _ismutable = False
@@ -9167,10 +9172,16 @@ def __hash__(self):
     def getObjLocals(self):
         return {
             'set': self._methCronJobSet,
+            'kill': self._methCronJobKill,
             'pack': self._methCronJobPack,
             'pprint': self._methCronJobPprint,
         }
 
+    async def _methCronJobKill(self):
+        iden = self.valu.get('iden')
+        self.runt.confirm(('cron', 'kill'), gateiden=iden)
+        return await self.runt.snap.core.killCronTask(iden)
+
     async def _methCronJobSet(self, name, valu):
         name = await tostr(name)
         valu = await toprim(valu)
@@ -9179,9 +9190,9 @@ async def _methCronJobSet(self, name, valu):
         if name == 'creator':
             # this permission must be granted cortex wide
             # to prevent abuse...
-            self.runt.user.confirm(('cron', 'set', 'creator'))
+            self.runt.confirm(('cron', 'set', 'creator'))
         else:
-            self.runt.user.confirm(('cron', 'set', name), gateiden=iden)
+            self.runt.confirm(('cron', 'set', name), gateiden=iden)
 
         self.valu = await self.runt.view.core.editCronJob(iden, name, valu)
 

diff --git a/synapse/models/auth.py b/synapse/models/auth.py
@@ -6,6 +6,7 @@ def getModelDefs(self):
 
         modl = {
             'types': (
+                # FIXME i think we can do away with this whole model prefix
                 ('auth:creds', ('guid', {}), {
                     'doc': 'A unique set of credentials used to access a resource.',
                 }),
@@ -14,54 +15,57 @@ def getModelDefs(self):
                 }),
             ),
             'forms': (
-                ('auth:creds', {}, (
-                    ('email', ('inet:email', {}), {
-                        'doc': 'The email address used to identify the user.',
-                    }),
-                    ('user', ('inet:user', {}), {
-                        'doc': 'The user name used to identify the user.',
-                    }),
-                    ('phone', ('tel:phone', {}), {
-                        'doc': 'The phone number used to identify the user.',
-                    }),
-                    ('passwd', ('inet:passwd', {}), {
-                        'doc': 'The password used to authenticate.',
-                    }),
-                    ('passwdhash', ('it:auth:passwdhash', {}), {
-                        'doc': 'The password hash used to authenticate.',
-                    }),
-                    ('account', ('it:account', {}), {
-                        'doc': 'The account that the creds allow access to.',
-                    }),
-                    ('website', ('inet:url', {}), {
-                        'doc': 'The base URL of the website that the credentials allow access to.',
-                    }),
-                    ('host', ('it:host', {}), {
-                        'doc': 'The host that the credentials allow access to.',
-                    }),
-                    ('wifi:ssid', ('inet:wifi:ssid', {}), {
-                        'doc': 'The WiFi SSID that the credentials allow access to.',
-                    }),
-                    ('web:acct', ('inet:web:acct', {}), {
-                        'doc': 'The web account that the credentials allow access to.',
-                    }),
-                    # TODO x509, rfid, mat:item locks/keys
-                )),
 
-                ('auth:access', {}, (
-                    ('creds', ('auth:creds', {}), {
-                        'doc': 'The credentials used to attempt access.',
-                    }),
-                    ('time', ('time', {}), {
-                        'doc': 'The time of the access attempt.',
-                    }),
-                    ('success', ('bool', {}), {
-                        'doc': 'Set to true if the access was successful.',
-                    }),
-                    ('person', ('ps:person', {}), {
-                        'doc': 'The person who attempted access.',
-                    }),
-                )),
+                # FIXME deprecate
+                #('auth:creds', {}, (
+                #    ('email', ('inet:email', {}), {
+                #        'doc': 'The email address used to identify the user.',
+                #    }),
+                #    ('user', ('inet:user', {}), {
+                #        'doc': 'The user name used to identify the user.',
+                #    }),
+                #    ('phone', ('tel:phone', {}), {
+                #        'doc': 'The phone number used to identify the user.',
+                #    }),
+                #    ('passwd', ('inet:passwd', {}), {
+                #        'doc': 'The password used to authenticate.',
+                #    }),
+                #    ('passwdhash', ('it:auth:passwdhash', {}), {
+                #        'doc': 'The password hash used to authenticate.',
+                #    }),
+                #    ('account', ('it:account', {}), {
+                #        'doc': 'The account that the creds allow access to.',
+                #    }),
+                #    ('website', ('inet:url', {}), {
+                #        'doc': 'The base URL of the website that the credentials allow access to.',
+                #    }),
+                #    ('host', ('it:host', {}), {
+                #        'doc': 'The host that the credentials allow access to.',
+                #    }),
+                #    ('wifi:ssid', ('inet:wifi:ssid', {}), {
+                #        'doc': 'The WiFi SSID that the credentials allow access to.',
+                #    }),
+                #    #('web:acct', ('inet:web:acct', {}), {
+                #        #'doc': 'The web account that the credentials allow access to.',
+                #    #}),
+                #    # TODO x509, rfid, mat:item locks/keys
+                #)),
+
+                # FIXME deprecate
+                #('auth:access', {}, (
+                #    ('creds', ('auth:creds', {}), {
+                #        'doc': 'The credentials used to attempt access.',
+                #    }),
+                #    ('time', ('time', {}), {
+                #        'doc': 'The time of the access attempt.',
+                #    }),
+                #    ('success', ('bool', {}), {
+                #        'doc': 'Set to true if the access was successful.',
+                #    }),
+                #    ('person', ('ps:person', {}), {
+                #        'doc': 'The person who attempted access.',
+                #    }),
+                #)),
             ),
         }
         name = 'auth'