Add transitive whitelisting.
Binaries may be identified with WHITELIST_COMPILER rules. Any executable they output will then be marked locally with a transitive whitelist rule and allowed to run if the TransitiveWhitelistingEnabled config key is true.
santa-driver: Switch to a struct for vnode IDs, holding both the filesystem ID and vnode ID.
Also drop the separate caches for root/non-root as this doesn't offer any benefit anymore.
* SantaCache: Add santactl command to print histogram of bucket distribution.
This currently only prints the distribution of the non-root cache. In the near future I'll unify the caches again which stops this being a problem.
* First draft, no UUID caching
* Cache UUID in SNTEventLog super class
* Add a configuration flag for UUID decoration
* Port from UUID to MachineID
* KVO complicance
* Remove extra newline I accidentally introduced
* Project: Update project to Xcode 9.1 and handle all the new warnings that entails.
* Project: Add library-validation and kill flags to codesigning options
* SNTConfigurator: use mobileconfigs
* use proper key groups
* remove state
* review updates
* review updates
* SNTConfigurator: Revert any out-of-band changes to the sync state file.
* SNTConfigurator move the file watcher to santad only
* sync: start reachability handler to retry to upload blocked event when initial upload fails
* fix indentation
* store related bundle events when server connection fails
* revert SNTBundleEventAction to BOOL
* go back to using SNTBundleEventAction in reply; make sure to send reply to avoid leaks
* fix indentation
* fix indentation
* Merged similar methods into one:
* SNTSyncdQueue addBundleEvents: and addEvent: became addEvents:isFromBundle:
* SNTSyncdQueue backoffForBundleHash: and backoffForEvent: became backoffForPrimaryHash:
* SNTCommandSyncManager postBundleEventsToSyncServer: and postEventToSyncServer: became postEventsToSyncServer:isFromBundle:
* fix style issue
* simplify condition
* temporarily gutted SNTCommandFileInfo. Added SNTCommand base class for all
of the SNTCommand* classes to inherit from. Changed commands so that they
are consistently instantiated before being run, with a common init method.
* Put most of SNTCommandFileInfo functionality back in
* follow symlinks
* added -r and --recursive flags and updated help text
* moved humanReadableFileType to SNTFileInfo
* added back JSON output
* Fixed bundle info. Grab directory color from ENV variable.
* fixed indentation, moved stuff around
* Added SNTCommandFileInfo * back as parameter to property getters so that rule getter
doesn't have to be a special case any more.
* fixed code review issues
* added SNTCommand.h and SNTCommand.m to project
* added SNTCommand.m to build phases
* removed trailing spaces
* fixed tests for SNTCommandFileInfo and added a few more
* fix end-of-line comment spacing to conform to style guide
* Use NSBundle instead of NSWorkspace to determine if path is a bundle.
* added autorelease pool inside recursive search loop to fix bug where file listing
would abruptly stop after so many files with mach header related keys.
* removed directory headers. don't separate entries with newline when printing single key. format output based on max key length.
* an attempt at speeding things up. also halfway fixed broken cert-index key.
* speedups via caching MOLCodeSignChecker & not using NSMutableString append*
* fix json ouput with cert-index, single key output, & cache SHA values
* reverted back to NSMutableString for building up output, since it seems slightly better
or at least no worse than using an NSMutableArray
* Don't print empty JSON objects
* fixed non-thread-safe JSON commas
* made the print dispatch group a property so it doesn't have to be passed around
* Fixed certIndex indexing bug & better error checking when parsing --cert-index argument
* prevent unsigned int overflow
* fixed logic tests broken by objc_setAssociatedObject with nil SNTFileInfo argument
* send error output to the serial print queue
* NSBundle bundleWithPath: returns an object even for non-bundle directories, so need to also check that there's a valid bundle identifier.
* Added TODO comment and fixed formatting issues
* added cached codeSignChecker property to SNTFileInfo
* rewrote SNTFileInfo's codesignChecker method to include an error reference parameter & removed @synchronized
* Removed caching of SHA values from SNTFileInfo
* use property getter/setter to access codesignCheckerError
* Change nil NSError ** arguments to NULL
* Don't try to create a new codesignChecker if there was previously an error
* Fix NSDirectoryEnumerator memory usage & don't retain self in rule getter.
The NSStrings grabbed from the directory enumerator needed a chance to be freed.
* fixed colon alignment
Split the kernel-land cache into 2 separate caches, one for the root
volume and one for secondary volumes. When an unmount happens, clear
the non-root cache to ensure no overlap with filesystem IDs.
The changes to bundle scanning mean this key isn't really necessary anymore - if a server supports bundles it tells the client during preflight, this in turn causes bundle hashes to be generated and these are used in place of the file hash when generating a detail URL. Keying bundles off the ID and version was never really a good idea anyway.
* santabs: Create Santa Bundle Service
* common: SNTXPCConnection add initClientWithServiceName:
* santad: add logic for blocked bundles
* SantaGUI: add ui elements and xpc connections to / from santabs
* santactl/sync: add api features for syncing bundle events
* santactl/bundleinfo: add bundleinfo command for debug builds
* common: prefer bundle hash over file hash for event urls
* common: remove syncBackoff property - this is now handled in santactl sync
* common: add properties to support the bundle event api
* common: find a bundle from a nested binary
* review updates
* sane bundle hash time outs
* post rebase updates
* post review updates
* common: capture fileSystemRepresentation in a local variable
* santactl/status: check for instant notification status only when there is a sync url
* s/FALSE/NO
NSString has longLongValue but not longValue, so switch to that then cast down. Check that the receiver responds to longLongValue before calling it just in case someone tries to set it to an NSData or something.
I'm not certain if this is a Sierra change or just that it was more rare before but changing a cancel handler on a dispatch source no longer seems to have any effect. This meant the file descriptor for the currently-active source was being closed instead of the one for the source that was just cancelled. It wasn't actually necessary to get the file handle from the source, we can just rely on capturing it in the block, which works just as well.
