Disable the preserve_proto_field_names option when marshalling JSON requests as this prevents the json_name attribute on fields from working properly. Add that attribute to all fields so that they marshal as expected. Stop setting the always_print_enums_as_ints field as the value we're setting to is the default anyway.
Also add a test that preflight request data looks as expected.
* Improve default value handling for sync proto processing
* Fix capitalization of new enum values in comments
* Fix/add tests, update some docs
* Update more docs
* Lint
* Remove comment. Add LEGACY_NAMES tag for the linter
* Handle non-200 HTTP responses in SNTSyncStage performRequest
If we receive a non-200 HTTP response, we should return an error
instead of parsing the response to an empty protobuf message.
* Fix nil check
---------
Co-authored-by: Matt W <436037+mlw@users.noreply.github.com>
* Convert santa::santad::logs::endpoint_security::serializers::Utilities
* Convert santa::santad::logs::endpoint_security::writers
* Convert santa::santad::logs::endpoint_security::serializers
* Convert santa::santad::logs::endpoint_security and santatest
* Lint
* Change type alias names to not conflict with sysinfo.h
* WIP Basic new enriched types, hooked up serializers
* WIP Expanded enriched types, finished basic string logging
* WIP Standardize instigator and event user strings.
* WIP Remove sudo event for now. Fix proto types.
* Update proto field names. Fix builds on older SDKs.
* Fix more issues with builds on older SDKs.
* Even more build fixes for older SDKs
* Fix basic string test build on older sdks
* More fixes for older SDKs
* WIP Started on proto encoding and tests
* WIP expanded proto support for new events
* Lint. Fix recorder tests for missing event types
* WIP continued expanding proto support for new events
* WIP finished proto support for all new event types
* WIP Comment all new messages and fields in santa.proto
* WIP Use different impl to set strings to sidestep internal absl issues
* Temporarily removing serializer impls and tests to reduce PR size
* Lint fixes
* PR feedback
* Use new Apple docs link for global proxy settings constants
* Missed a file...
* WIP test workflow change
* WIP Fix link
* Remove trailing whitespace
Prior to this change, root users could kill the com.google.santa.daemon process.
It would be immediately restarted by sysextd but this opens a very brief
window where protection is lost. Hooking AUTH_SIGNAL and blocking all
signals to the santad process except those sent by launchd lets us block
this without breaking upgrades, reboots, etc.
This leaves `launchctl kill` and friends as an avenue, so we're also
hooking for exec and blocking executions of launchctl that reference
com.google.santa.daemon except in known safe cases.
This PR is intended to have no impact on existing sync servers. The fields and enum values in the protobuf have been named such that their JSON equivalents match the existing constants we have in the codebase.
Adding this provides a few benefits:
1. The protobuf serves as canonical documentation of the protocol in a form that's much easier to read than the existing code.
2. Protobuf parsing of JSON is likely to be better than our hand-written version.
3. We can (in a later PR) add a configuration option to use binary encoding instead of JSON, saving network during syncs.
4. Servers written in other languages are easier to write and update as time goes on, especially as we extend the protocol.
* Add metrics for stat change detection
* Fix test related issues due to partially constructed messages
* lint
* Convert errno to enum class StatResult
* Cleanup from PR feedback
Bumping from BACKGROUND to DEFAULT had the desired impact of processing events faster and reducing memory usage but had a larger-than-expected increase in CPU usage. UTILITY is in the middle of these two and better fits the desired priority.
The use of the background queue is a historical artifact from when Santa had its own kernel extension with separate in-kernel queues for processing AUTH & NOTIFY type events. With the move to ES and the larger number of event types that we now notify on, running at the background QoS carries a small risk that the thread processing these events is not given a chance to run often enough that the queue grows and increases memory usage.
* Update SNTPolicyProcessor to use a map instead of a giant switch statement
Update SNTPolicyProcessor to use a map instead of a giant switch statement.
Add unit tests for the method that sets SNTCachedDecision values.
* Remove unneccessary OCMock dep in BUILD file.
* Fix typo in method signature.
* Incorporate review feedback.
* Upper case UpdateCachedDecisionSigningInfo
* Update SNTPolicyProcessor.h
Co-authored-by: Russell Hancox <russellhancox@users.noreply.github.com>
* Update SNTPolicyProcessor.mm
Co-authored-by: Russell Hancox <russellhancox@users.noreply.github.com>
* Fix typo
* Fix linter issues.
* Fixed up more linter issues.
---------
Co-authored-by: Russell Hancox <russellhancox@users.noreply.github.com>
