valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 10:23:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
3ded8491b2
osquery-1/osquery/remote/enroll/enroll.cpp
Jesse Kornblum c7355b19aa Update osquery licensing wording (#5452) 
Summary:
Pull Request resolved: https://github.com/facebook/osquery/pull/5452

As suggested in another diff, this diff updates the language we use to describe the osquery licensing terms. We are changing all instances of

//This source code is licensed as defined on the LICENSE file found in the root directory of this source tree.//

to

//This source code is licensed in accordance with the terms specified in the LICENSE file found in the root directory of this source tree.//

We accomplish this with a codemod:

  $ codemod -md xplat/osquery/oss --extensions cpp,h,in,py,sh,mm,ps1 "(.\s+)This source code is licensed as defined on the LICENSE file found in the(.*)root directory of this source tree\." "\1This source code is licensed in accordance with the terms specified in\2the LICENSE file found in the root directory of this source tree."

Reviewed By: fmanco

Differential Revision: D14131290

fbshipit-source-id: 52c90da342263e2a80f5a678ecd760c19cf7513e
2019-02-19 10:59:48 -08:00

144 lines
4.3 KiB
C++
Raw Blame History

/**
* Copyright (c) 2014-present, Facebook, Inc.
* All rights reserved.
*
* This source code is licensed in accordance with the terms specified in
* the LICENSE file found in the root directory of this source tree.
*/
#include <boost/algorithm/string/trim.hpp>
#include <osquery/core.h>
#include <osquery/database.h>
#include <osquery/enroll.h>
#include <osquery/filesystem/filesystem.h>
#include <osquery/flags.h>
#include <osquery/process/process.h>
#include <osquery/registry_factory.h>
#include <osquery/sql.h>
#include <osquery/utils/system/time.h>
namespace osquery {
/// At startup, always do a new enrollment instead of using a cached one
CLI_FLAG(bool,
enroll_always,
false,
"On startup, send a new enrollment request");
/// Allow users to disable enrollment features.
CLI_FLAG(bool,
disable_enrollment,
false,
"Disable enrollment functions on related config/logger plugins");
/// Path to optional enrollment secret data, sent with enrollment requests.
CLI_FLAG(string,
enroll_secret_path,
"",
"Path to an optional client enrollment-auth secret");
/// Name of optional environment variable holding enrollment secret data.
CLI_FLAG(string,
enroll_secret_env,
"",
"Name of environment variable holding enrollment-auth secret");
/// Allow users to disable reenrollment if a config/logger endpoint fails.
CLI_FLAG(bool,
disable_reenrollment,
false,
"Disable re-enrollment attempts if related plugins return invalid");
/**
* @brief Enroll plugin registry.
*
* This creates an osquery registry for "enroll" which may implement
* EnrollPlugin. Only strings are logged in practice, and EnrollPlugin
* provides a helper member for transforming PluginRequests to strings.
*/
CREATE_LAZY_REGISTRY(EnrollPlugin, "enroll");
const std::set<std::string> kEnrollHostDetails{
"os_version", "osquery_info", "system_info", "platform_info",
};
Status clearNodeKey() {
return deleteDatabaseValue(kPersistentSettings, "nodeKey");
}
std::string getNodeKey(const std::string& enroll_plugin) {
std::string node_key;
getDatabaseValue(kPersistentSettings, "nodeKey", node_key);
if (node_key.size() > 0) {
// A non-empty node key was found in the backing-store (cache).
return node_key;
}
// The node key request time is recorded before the enroll request occurs.
auto request_time = std::to_string(getUnixTime());
// Request the enroll plugin's node secret.
PluginResponse response;
Registry::call("enroll", enroll_plugin, {{"action", "enroll"}}, response);
if (response.size() > 0 && response[0].count("node_key") != 0) {
node_key = response[0].at("node_key");
setDatabaseValue(kPersistentSettings, "nodeKey", node_key);
// Set the last time a nodeKey was requested from an enrollment endpoint.
setDatabaseValue(kPersistentSettings, "nodeKeyTime", request_time);
}
return node_key;
}
const std::string getEnrollSecret() {
std::string enrollment_secret;
if (FLAGS_enroll_secret_path != "") {
readFile(FLAGS_enroll_secret_path, enrollment_secret);
boost::trim(enrollment_secret);
} else {
auto env_secret = getEnvVar(FLAGS_enroll_secret_env);
if (env_secret.is_initialized()) {
enrollment_secret = *env_secret;
}
}
return enrollment_secret;
}
void EnrollPlugin::genHostDetails(JSON& host_details) {
// Select from each table describing host details.
for (const auto& table : kEnrollHostDetails) {
auto results = SQL::selectAllFrom(table);
if (!results.empty()) {
JSON details;
for (const auto& detail : results[0]) {
details.add(detail.first, detail.second);
}
host_details.add(table, details.doc());
}
}
}
Status EnrollPlugin::call(const PluginRequest& request,
PluginResponse& response) {
if (FLAGS_disable_enrollment) {
return Status(0, "Enrollment disabled");
}
// Only support the 'enroll' action.
if (request.count("action") == 0 || request.at("action") != "enroll") {
return Status(1, "Enroll plugins require an action");
}
// The 'enroll' API should return a string and implement caching.
auto node_key = this->enroll();
response.push_back({{"node_key", node_key}});
if (node_key.size() == 0) {
return Status(1, "No enrollment key found/retrieved");
} else {
return Status(0, "OK");
}
}
}
Reference in New Issue View Git Blame Copy Permalink