patronus_fati 0.8.0

data/lib/patronus_fati/data_mapper/crypt_flags.rb

@@ -0,0 +1,83 @@
+require 'dm-core'
+
+module DataMapper
+  class Property
+    class CryptFlags < DataMapper::Property::Integer
+      def self.flags
+        PatronusFati::SSID_CRYPT_MAP.values.map(&:to_sym)
+      end
+
+      attr_reader :flag_map
+
+      def custom?
+        true
+      end
+
+      #def dump(value)
+      #  unless value.nil?
+      #    flags = Array(value).map(&:to_s)
+      #    flags.uniq!
+
+      #    valid_values = flags & PatronusFati::SSID_CRYPT_MAP.values
+      #    PatronusFati::SSID_CRYPT_MAP.map { |k, v| valid_values.include?(v) ? k : 0 }.inject(&:+)
+      #  end
+      #end
+
+      def dump(value)
+        unless value.nil?
+          flags = Array(value).map { |flag| flag.to_sym }
+          flags.uniq!
+
+          flag = 0
+
+          flag_map.invert.values_at(*flags).each do |i|
+            next if i.nil?
+            flag += (1 << i)
+          end
+
+          flag
+        end
+      end
+
+      def initialize(model, name, options = {})
+        super
+
+        @flag_map = {}
+
+        flags = options.fetch(:flags, self.class.flags)
+        flags.each_with_index do |flag, i|
+          flag_map[i] = flag
+        end
+      end
+
+      #def load(value)
+      #  return [] if value.nil?
+      #  PatronusFati::SSID_CRYPT_MAP.select { |k, v| (k & value) == k }.map { |k, v| v }
+      #end
+
+      def load(value)
+        return [] if value.nil? || value <= 0
+
+        begin
+          matches = []
+
+          0.upto(flag_map.size - 1) do |i|
+            matches << flag_map[i] if value[i] == 1
+          end
+
+          matches.compact
+        rescue TypeError, Errno::EDOM
+          []
+        end
+      end
+
+      def typecast(value)
+        case value
+          when nil     then nil
+          when ::Array then value.map { |v| v.to_sym }
+          else [value.to_sym]
+        end
+      end
+    end
+  end
+end

data/lib/patronus_fati/data_mapper/null_table_prefix.rb

@@ -0,0 +1,7 @@
+module PatronusFati
+  module NullTablePrefix
+    def self.call(model_name)
+      DataMapper::NamingConventions::Resource::UnderscoredAndPluralized.call(model_name.to_s.split('::').last)
+    end
+  end
+end

data/lib/patronus_fati/data_models/access_point.rb

@@ -0,0 +1,74 @@
+module PatronusFati::DataModels
+  class AccessPoint
+    include DataMapper::Resource
+
+    include PatronusFati::DataModels::ExpirationAttributes
+    include PatronusFati::DataModels::ReportedAttributes
+
+    property  :id,                Serial
+
+    property  :bssid,             String, :length   => 17,
+                                          :required => true,
+                                          :unique   => true
+
+    property  :channel,           Integer
+    property  :max_seen_rate,     Integer
+    property  :type,              String, :required => true
+
+    property  :duplicate_iv_pkts, Integer,  :default => 0
+    property  :crypt_packets,     Integer,  :default => 0
+    property  :data_packets,      Integer,  :default => 0
+    property  :data_size,         Integer,  :default => 0
+
+    property  :fragments,         Integer,  :default => 0
+    property  :retries,           Integer,  :default => 0
+
+    property  :range_ip,          String
+    property  :netmask,           String
+    property  :gateway_ip,        String
+
+    has n, :clients,        :through    => :connections
+    has n, :connections,    :constraint => :destroy,
+                            :child_key  => :access_point_id
+    has n, :ssids,          :constraint => :destroy
+    has n, :ap_frequencies, :constraint => :destroy
+    has n, :ap_signals,     :constraint => :destroy
+
+    belongs_to :mac, :required => false
+    before :save do
+      self.mac = Mac.first_or_create(mac: bssid)
+    end
+
+    def self.current_expiration_threshold
+      Time.now.to_i - PatronusFati::AP_EXPIRATION
+    end
+
+    def connected_clients
+      connections.active.clients
+    end
+
+    def current_ssids
+      ssids.active
+    end
+
+    def disconnect_clients!
+      connections.connected.map(&:disconnect!)
+    end
+
+    def full_state
+      blacklisted_keys = %w(id last_seen_at reported_online).map(&:to_sym)
+      attributes.reject { |k, v| blacklisted_keys.include?(k) || v.nil? }.merge(vendor: mac.vendor)
+    end
+
+    def record_signal(dbm)
+      PatronusFati::DataModels::ApSignal.create(access_point: self, dbm: dbm)
+    end
+
+    def update_frequencies(freq_hsh)
+      freq_hsh.each do |freq, packet_count|
+        f = ap_frequencies.first_or_create({mhz: freq}, {packet_count: packet_count})
+        f.update({packet_count: packet_count})
+      end
+    end
+  end
+end

data/lib/patronus_fati/data_models/alert.rb

@@ -0,0 +1,24 @@
+module PatronusFati::DataModels
+  class Alert
+    include DataMapper::Resource
+
+    property :id,         Serial
+    property :created_at, Integer,  :default => Proc.new { Time.now.to_i }
+    property :message,    String,   :length => 255
+
+    belongs_to :src_mac,   :model => 'Mac', :required => false
+    belongs_to :dst_mac,   :model => 'Mac', :required => false
+    belongs_to :other_mac, :model => 'Mac', :required => false
+
+    def full_state
+      {
+        created_at: created_at,
+        message: message,
+
+        source: src_mac.mac,
+        destination: dst_mac.mac,
+        other: other_mac.mac
+      }
+    end
+  end
+end

data/lib/patronus_fati/data_models/ap_frequency.rb

@@ -0,0 +1,14 @@
+module PatronusFati::DataModels
+  class ApFrequency
+    include DataMapper::Resource
+
+    property :mhz,              Integer,  :key => true,
+                                          :required => true
+    property :access_point_id,  Integer,  :key => true,
+                                          :required => true
+    property :packet_count,     Integer,  :default => 0,
+                                          :required => true
+
+    belongs_to :access_point
+  end
+end

data/lib/patronus_fati/data_models/ap_signal.rb

@@ -0,0 +1,12 @@
+module PatronusFati::DataModels
+  class ApSignal
+    include DataMapper::Resource
+
+    property :id,           Serial
+    property :timestamp,    Integer,  :default => Proc.new { Time.now.to_i },
+                                      :required => true
+    property :dbm,          Integer,  :required => true
+
+    belongs_to :access_point
+  end
+end

data/lib/patronus_fati/data_models/client.rb

@@ -0,0 +1,69 @@
+module PatronusFati::DataModels
+  class Client
+    include DataMapper::Resource
+
+    include PatronusFati::DataModels::ExpirationAttributes
+    include PatronusFati::DataModels::ReportedAttributes
+
+    property  :id,              Serial
+    property  :bssid,           String,   :length => 17, :unique => true
+    property  :channel,         Integer
+
+    property  :crypt_packets,   Integer,  :default => 0
+    property  :data_packets,    Integer,  :default => 0
+    property  :data_size,       Integer,  :default => 0
+    property  :fragments,       Integer,  :default => 0
+    property  :retries,         Integer,  :default => 0
+
+    property  :max_seen_rate,   Integer
+
+    property  :ip,              String
+    property  :gateway_ip,      String
+    property  :dhcp_host,       String,   :length => 64
+
+    has n, :connections,    :constraint => :destroy
+    has n, :access_points,  :through    => :connections
+
+    has n, :client_frequencies, :constraint => :destroy
+    has n, :client_signals,     :constraint => :destroy
+    has n, :probes,             :constraint => :destroy
+
+    belongs_to :mac, :required => false
+    before :save do
+      self.mac = Mac.first_or_create(mac: bssid)
+    end
+
+    def self.current_expiration_threshold
+      Time.now.to_i - PatronusFati::CLIENT_EXPIRATION
+    end
+
+    def connected_access_points
+      connections.active.access_points
+    end
+
+    def disconnect!
+      connections.connected.map(&:disconnect!)
+    end
+
+    def full_state
+      blacklisted_keys = %w(id last_seen_at reported_online).map(&:to_sym)
+      base_attrs = attributes.reject { |k, v| blacklisted_keys.include?(k) || v.nil? }
+      base_attrs.merge(
+        connected_access_points: connected_access_points.map(&:bssid),
+        probes: probes.map(&:essid),
+        vendor: mac.vendor
+      )
+    end
+
+    def record_signal(dbm)
+      PatronusFati::DataModels::ClientSignal.create(client: self, dbm: dbm)
+    end
+
+    def update_frequencies(freq_hsh)
+      freq_hsh.each do |freq, packet_count|
+        f = client_frequencies.first_or_create({mhz: freq}, {packet_count: packet_count})
+        f.update({packet_count: packet_count})
+      end
+    end
+  end
+end

data/lib/patronus_fati/data_models/client_frequency.rb

@@ -0,0 +1,14 @@
+module PatronusFati::DataModels
+  class ClientFrequency
+    include DataMapper::Resource
+
+    property :mhz,          Integer,  :key => true,
+                                      :required => true
+    property :client_id,    Integer,  :key => true,
+                                      :required => true
+    property :packet_count, Integer,  :default => 0,
+                                      :required => true
+
+    belongs_to :client
+  end
+end

data/lib/patronus_fati/data_models/client_signal.rb

@@ -0,0 +1,12 @@
+module PatronusFati::DataModels
+  class ClientSignal
+    include DataMapper::Resource
+
+    property :id,           Serial
+    property :timestamp,    Integer,  :default => Proc.new { Time.now.to_i },
+                                      :required => true
+    property :dbm,          Integer,  :required => true
+
+    belongs_to :client
+  end
+end

data/lib/patronus_fati/data_models/common.rb

@@ -0,0 +1,49 @@
+module PatronusFati
+  module DataModels
+    module ReportedAttributes
+      def self.included(klass)
+        klass.extend RAClassMethods
+        klass.property  :reported_online, DataMapper::Property::Boolean,  :default  => false
+      end
+
+      module RAClassMethods
+        def reported_offline
+          all(:reported_online => false)
+        end
+
+        def reported_online
+          all(:reported_online => true)
+        end
+      end
+    end
+
+    module ExpirationAttributes
+      def self.included(klass)
+        klass.extend EAClassMethods
+        klass.property  :last_seen_at,  DataMapper::Property::Integer,  :default  => Proc.new { Time.now.to_i }
+      end
+
+      def active?
+        last_seen_at < self.class.current_expiration_threshold
+      end
+
+      def seen!
+        update(last_seen_at: Time.now.to_i)
+      end
+
+      def uptime
+        Time.now.to_i - last_seen_at
+      end
+
+      module EAClassMethods
+        def active
+          all(:last_seen_at.gte => current_expiration_threshold)
+        end
+
+        def inactive
+          all(:last_seen_at.lt => current_expiration_threshold)
+        end
+      end
+    end
+  end
+end

data/lib/patronus_fati/data_models/connection.rb

@@ -0,0 +1,48 @@
+module PatronusFati::DataModels
+  class Connection
+    include DataMapper::Resource
+
+    include PatronusFati::DataModels::ExpirationAttributes
+
+    property :id,               Serial
+
+    property :connected_at,     Integer, :default => Proc.new { Time.now.to_i }
+    property :disconnected_at,  Integer, :default => Proc.new { Time.now.to_i }
+    property :duration,         Integer
+
+    belongs_to :access_point
+    belongs_to :client
+
+    def self.connected
+      all(:disconnected_at => nil)
+    end
+
+    def self.disconnected
+      all(:disconnected_at.not => nil)
+    end
+
+    def self.current_expiration_threshold
+      Time.now.to_i - PatronusFati::CONNECTION_EXPIRATION
+    end
+
+    def connected?
+      disconnected_at.nil?
+    end
+
+    def disconnect!
+      update(disconnected_at: Time.now.to_i, duration: duration) if connected?
+    end
+
+    def duration
+      self[:duration] || (Time.now.to_i - connected_at)
+    end
+
+    def full_state
+      {
+        access_point: access_point.bssid,
+        client: client.bssid,
+        connected: connected?
+      }
+    end
+  end
+end

data/lib/patronus_fati/data_models/mac.rb

@@ -0,0 +1,48 @@
+module PatronusFati::DataModels
+  class Mac
+    include DataMapper::Resource
+
+    property :id,     Serial
+
+    property :mac,    String, :length => 17, :unique => true
+    property :vendor, String, :length => 255
+
+    property :alert_count,        Integer, :default => 0
+    property :clients_connected,  Integer, :default => 0
+    property :active_ssids,       Integer, :default => 0
+    property :is_client,          Boolean, :default => false
+    property :connections_to_ap,  Integer, :default => 0
+
+    has n, :access_points
+    has n, :clients
+
+    has n, :dst_alerts,   :model => 'Alert', :child_key => :dst_mac_id
+    has n, :other_alerts, :model => 'Alert', :child_key => :other_mac_id
+    has n, :src_alerts,   :model => 'Alert', :child_key => :src_mac_id
+
+    before :save do
+      next if self.vendor
+
+      result = Louis.lookup(mac)
+      self.vendor = result['long_vendor'] || result['short_vendor']
+    end
+
+    def is_ap?
+      access_points.active.any?
+    end
+
+    def is_client?
+      clients.active.any?
+    end
+
+    def update_cached_counts!
+      update(
+        alert_count:        (dst_alerts | other_alerts | src_alerts).count,
+        active_ssids:       access_points.ssids.active.count,
+        clients_connected:  access_points.connections.connected.count,
+        connections_to_ap:  clients.connections.connected.count,
+        is_client:          is_client?
+      )
+    end
+  end
+end

data/lib/patronus_fati/data_models/probe.rb

@@ -0,0 +1,13 @@
+module PatronusFati::DataModels
+  class Probe
+    include DataMapper::Resource
+
+    property :client_id, Integer, :key => true
+    property :essid,     String,  :key => true, :length => 64
+
+    property :first_seen_at, Integer, :default => Proc.new { Time.now.to_i }
+    property :last_seen_at,  Integer, :default => Proc.new { Time.now.to_i }
+
+    belongs_to :client
+  end
+end

data/lib/patronus_fati/data_models/ssid.rb

@@ -0,0 +1,35 @@
+module PatronusFati::DataModels
+  class Ssid
+    include DataMapper::Resource
+
+    include PatronusFati::DataModels::ExpirationAttributes
+    include PatronusFati::DataModels::ReportedAttributes
+
+    property :id,           Serial
+
+    property :beacon_rate,  Integer
+    property :beacon_info,  String
+
+    property :cloaked,      Boolean,  :default => false
+    property :essid,        String,   :length  => 64
+    property :crypt_set,    CryptFlags
+    property :max_rate,     Integer
+
+    belongs_to :access_point
+
+    def self.current_expiration_threshold
+      Time.now.to_i - PatronusFati::SSID_EXPIRATION
+    end
+
+    def full_state
+      {
+        beacon_info: beacon_info,
+        beacon_rate: beacon_rate,
+        cloaked: cloaked,
+        crypt_set: crypt_set,
+        essid: essid,
+        max_rate: max_rate
+      }
+    end
+  end
+end

data/lib/patronus_fati/data_observers/access_point_observer.rb

@@ -0,0 +1,53 @@
+module PatronusFati::DataObservers
+  class AccessPointObserver
+    include DataMapper::Observer
+
+    observe PatronusFati::DataModels::AccessPoint
+
+    before :save do
+      next unless self.valid?
+
+      self.reported_online = active?
+
+      @change_type = self.new? ? :new : :changed
+
+      if @change_type == :changed
+        dirty = self.dirty_attributes.map { |a| a.first.name }.map(&:to_s)
+        dirty.select! { |k, _| full_state.keys.include?(k) || k == 'reported_online' }
+
+        # If there weren't any meaningful changes, don't print out anything
+        # after we save.
+        if dirty.empty?
+          @change_type = nil
+          next
+        end
+
+        changes = dirty.map do |attr|
+          clean = original_attributes[PatronusFati::DataModels::AccessPoint.properties[attr]]
+          dirty = dirty_attributes[PatronusFati::DataModels::AccessPoint.properties[attr]]
+
+          [attr, [clean, dirty]]
+        end
+
+        @change_list = Hash[changes]
+        @change_list.delete('reported_online')
+      end
+    end
+
+    after :save do
+      next unless @change_type
+
+      mac.update_cached_counts!
+
+      PatronusFati.event_handler.event(
+        :access_point,
+        @change_type,
+        self.full_state,
+        @change_list || {}
+      )
+
+      @change_type = nil
+      @change_list = nil
+    end
+  end
+end

data/lib/patronus_fati/data_observers/alert_observer.rb

@@ -0,0 +1,12 @@
+module PatronusFati::DataObservers
+  class AlertObserver
+    include DataMapper::Observer
+
+    observe PatronusFati::DataModels::Alert
+
+    after :save do
+      [src_mac, dst_mac, other_mac].uniq.map(&:update_cached_counts!)
+      PatronusFati.event_handler.event(:alert, :new, self.full_state)
+    end
+  end
+end

data/lib/patronus_fati/data_observers/client_observer.rb

@@ -0,0 +1,52 @@
+module PatronusFati::DataObservers
+  class ClientObserver
+    include DataMapper::Observer
+
+    observe PatronusFati::DataModels::Client
+
+    before :save do
+      break unless self.valid?
+
+      self.reported_online = active?
+
+      @change_type = self.new? ? :new : :changed
+      if @change_type == :changed
+        dirty = self.dirty_attributes.map { |a| a.first.name }.map(&:to_s)
+        dirty.select! { |k, _| full_state.keys.include?(k) || k == 'reported_online' }
+
+        # If there weren't any meaningful changes, don't print out anything
+        # after we save.
+        if dirty.empty?
+          @change_type = nil
+          next
+        end
+
+        changes = dirty.map do |attr|
+          clean = original_attributes[PatronusFati::DataModels::Client.properties[attr]]
+          dirty = dirty_attributes[PatronusFati::DataModels::Client.properties[attr]]
+
+          [attr, [clean, dirty]]
+        end
+
+        @change_list = Hash[changes]
+        @change_list.delete('reported_online')
+      end
+    end
+
+    after :save do
+      next unless @change_type
+
+      mac.update_cached_counts!
+
+      PatronusFati.event_handler.event(
+        :client,
+        @change_type,
+        self.full_state,
+        @change_list || {}
+      )
+
+      @change_type = nil
+      @change_list = nil
+    end
+  end
+end