valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 18:33:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
909db4f2db
osquery-1/include/osquery/enroll.h
Zachary Wasserman b71276a1ea Fix up doxygen docs and require correct docs in CI (#2280) 
This change causes Doxygen to error if there are unrecognized commands, or
undocumented/incorrect parameters in documented functions. It does not require
that every function be fully documented, just that those that are do not have
errors.

Old documentation with problems was fixed to comply.
2016-07-25 12:21:26 -04:00

98 lines
3.1 KiB
C++
Raw Blame History

/*
* Copyright (c) 2014-present, Facebook, Inc.
* All rights reserved.
*
* This source code is licensed under the BSD-style license found in the
* LICENSE file in the root directory of this source tree. An additional grant
* of patent rights can be found in the PATENTS file in the same directory.
*
*/
#pragma once
#include <string>
#include <osquery/flags.h>
#include <osquery/registry.h>
namespace osquery {
/// Allow users to disable enrollment features.
DECLARE_bool(disable_enrollment);
/**
* @brief Superclass for enroll plugins.
*
* Config and Logger plugins may use some remote API. In most cases an
* authentication and authorization step is needed. Enroll plugins are an
* easy wrapper-type facility that other osquery plugin types can choose to
* implement.
*
* An enrollment is useful when a "backend" config or logger facility requires
* a node or shared secret. The plugins that support this "backend" will
* request authentication secrets through their well-known enrollment plugin.
*
* Enrollment plugins and authentication models are complicated. It is best
* to use a "suite" of plugins that implement an enroll, config, and log flow.
* Please see the osquery wiki for more details on Enrollment.
*/
class EnrollPlugin : public Plugin {
public:
/// The EnrollPlugin PluginRequest action router.
Status call(const PluginRequest& request, PluginResponse& response);
protected:
/**
* @brief Perform enrollment on the request of a config/logger.
*
* The single 'enroll' plugin request action will call EnrollPlugin::enroll
*
* @return An enrollment secret or key material or identifier.
*/
virtual std::string enroll() = 0;
};
/**
* @brief Get a node key from the osquery RocksDB cache or perform node
* enrollment.
*
* Enrollment allows a new node to announce to an enrollment endpoint via an
* enroll plugin. While the details of authentication/authorization are up to
* the plugin implementation, the endpoint may return a "node secret".
*
* If a node_key is requested from an enroll plugin because no current key
* exists in the backing store, the result will be cached.
*
* @param enroll_plugin Name of the enroll plugin to use if no node_key set.
* @return A unique, often private, node secret key.
*/
std::string getNodeKey(const std::string& enroll_plugin);
/**
* @brief Delete the existing node key from the persistent storage
*
* @return a Status indicating the success or failure of the operation
*/
Status clearNodeKey();
/**
* @brief Read the enrollment secret from disk.
*
* We suspect multiple enrollment types may require an apriori, and enterprise
* shared, secret. Use of this enroll or deployment secret is an optional choice
* made by the enroll plugin type.
*
* @return enroll_secret The trimmed content read from FLAGS_enroll_secret_path.
*/
const std::string getEnrollSecret();
/**
* @brief Enroll plugin registry.
*
* This creates an osquery registry for "enroll" which may implement
* EnrollPlugin. Only strings are logged in practice, and EnrollPlugin
* provides a helper member for transforming PluginRequests to strings.
*/
CREATE_LAZY_REGISTRY(EnrollPlugin, "enroll");
}
Reference in New Issue View Git Blame Copy Permalink