Jan_31_2024-Dev

2025-09-30 03:34:26 +03:00 · 2024-01-31 17:34:53 +00:00
parent 752a5785f0
commit 6d67818a94
376 changed files with 8101 additions and 7064 deletions
--- a/components/security_apps/orchestration/details_resolver/details_resolver.cc
+++ b/components/security_apps/orchestration/details_resolver/details_resolver.cc
@@ -41,7 +41,7 @@ public:
    string getAgentVersion() override;
    bool isKernelVersion3OrHigher() override;
    bool isGwNotVsx() override;
-    bool isVersionEqualOrAboveR8110() override;
+    bool isVersionAboveR8110() override;
    bool isReverseProxy() override;
    Maybe<tuple<string, string, string>> parseNginxMetadata() override;
 #if defined(gaia) || defined(smb)
@@ -193,10 +193,12 @@ DetailsResolver::Impl::getCheckpointVersion() const
 #endif // gaia || smb

 bool
-DetailsResolver::Impl::isVersionEqualOrAboveR8110()
+DetailsResolver::Impl::isVersionAboveR8110()
 {
-#if defined(gaia) || defined(smb)
-    return compareCheckpointVersion(8110, std::greater_equal<int>());
+#if defined(gaia)
+    return compareCheckpointVersion(8110, std::greater<int>());
+#elif defined(smb)
+    return true;
 #endif
    return false;
 }
--- a/components/security_apps/orchestration/details_resolver/details_resolver_handlers/checkpoint_product_handlers.h
+++ b/components/security_apps/orchestration/details_resolver/details_resolver_handlers/checkpoint_product_handlers.h
@@ -20,7 +20,7 @@
 #if defined(gaia)

 Maybe<string>
-checkHasSupportedBlade(const string &command_output)
+checkSAMLSupportedBlade(const string &command_output)
 {
    string supportedBlades[3] = {"identityServer", "vpn", "cvpn"};
    for(const string &blade : supportedBlades) {
@@ -29,11 +29,11 @@ checkHasSupportedBlade(const string &command_output)
        }
    }

-    return genError("Current host does not have IDA capability");
+    return genError("Current host does not have SAML capability");
 }

 Maybe<string>
-checkSamlPortal(const string &command_output)
+checkSAMLPortal(const string &command_output)
 {
    if (command_output.find("Portal is running") != string::npos) {
        return string("true");
@@ -43,9 +43,9 @@ checkSamlPortal(const string &command_output)
 }

 Maybe<string>
-getIDAGaia(const string &command_output)
+getIDASSamlGaia(const string &command_output)
 {
-    return string("ida_gaia");
+    return string("idaSaml_gaia");
 }

 Maybe<string>
@@ -211,6 +211,15 @@ getClusterObjectIP(const string &command_output)
    return getAttr(command_output, "Cluster object IP was not found");
 }

+Maybe<string>
+getFecApplicable(const string &command_output)
+{
+    if (command_output == "0") return string("true");
+    if (command_output == "1") return string("false");
+
+    return genError("Could not determine if fec applicable");
+}
+
 Maybe<string>
 getSmbObjectName(const string &command_output)
 {
--- a/components/security_apps/orchestration/details_resolver/details_resolver_handlers/details_resolver_impl.h
+++ b/components/security_apps/orchestration/details_resolver/details_resolver_handlers/details_resolver_impl.h
@@ -27,6 +27,15 @@
 // use SHELL_CMD_HANDLER(key as string, shell command as string, ptr to Maybe<string> handler(const string&))
 // to return a string value for an attribute key based on a logic executed in a handler that receives
 // shell command execution output as its input
+
+#ifdef SHELL_PRE_CMD
+#if defined(gaia) || defined(smb)
+SHELL_PRE_CMD("read sdwan data",
+    "(cpsdwan get_data > /tmp/cpsdwan_getdata_orch.json~) "
+    "&& (mv /tmp/cpsdwan_getdata_orch.json~ /tmp/cpsdwan_getdata_orch.json)")
+#endif
+#endif
+
 #ifdef SHELL_CMD_HANDLER
 #if defined(gaia) || defined(smb)
 SHELL_CMD_HANDLER("cpProductIntegrationMgmtObjectType", "cpprod_util CPPROD_IsMgmtMachine", getMgmtObjType)
@@ -41,7 +50,7 @@ SHELL_CMD_HANDLER("isCPotelcolGRET64",
 SHELL_CMD_HANDLER("hasSDWan", "[ -f $FWDIR/bin/sdwan_steering ] && echo '1' || echo '0'", checkHasSDWan)
 SHELL_CMD_HANDLER(
    "canUpdateSDWanData",
-    "CPSDWAN_NOLOGS=1 cpsdwan get_data -f can_update_sdwan_data | jq -r .can_update_sdwan_data",
+    "jq -r .can_update_sdwan_data /tmp/cpsdwan_getdata_orch.json",
    checkCanUpdateSDWanData
 )
 SHELL_CMD_HANDLER(
@@ -50,7 +59,8 @@ SHELL_CMD_HANDLER(
    checkIfSdwanRunning)
 SHELL_CMD_HANDLER(
    "IP Address",
-    "cpsdwan get_data | jq -r .main_ip",
+    "[ $(cpprod_util FWisDAG) -eq 1 ] && echo \"Dynamic Address\" "
+    "|| (jq -r .main_ip /tmp/cpsdwan_getdata_orch.json)",
    getGWIPAddress
 )
 SHELL_CMD_HANDLER(
@@ -60,18 +70,23 @@ SHELL_CMD_HANDLER(
 )
 SHELL_CMD_HANDLER(
    "cpProductIntegrationMgmtParentObjectIP",
-    "obj=\"$(cpsdwan get_data | jq -r .cluster_name)\";"
+    "obj=\"$(jq -r .cluster_name /tmp/cpsdwan_getdata_orch.json)\";"
    " awk -v obj=\"$obj\" '$1 == \":\" && $2 == \"(\" obj, $1 == \":ip_address\" { if ($1 == \":ip_address\")"
    " { gsub(/[()]/, \"\", $2); print $2; exit; } }'"
    " $FWDIR/state/local/FW1/local.gateway_cluster",
    getClusterObjectIP
 )
+SHELL_CMD_HANDLER(
+    "isFecApplicable",
+    "fw ctl get int support_fec |& grep -sq \"support_fec =\";echo $?",
+    getFecApplicable
+)
 #endif //gaia || smb

 #if defined(gaia)
-SHELL_CMD_HANDLER("hasSupportedBlade", "enabled_blades", checkHasSupportedBlade)
-SHELL_CMD_HANDLER("hasSamlPortal", "mpclient status saml-vpn", checkSamlPortal)
-SHELL_CMD_HANDLER("requiredNanoServices", "ida_gaia", getIDAGaia)
+SHELL_CMD_HANDLER("hasSAMLSupportedBlade", "enabled_blades", checkSAMLSupportedBlade)
+SHELL_CMD_HANDLER("hasSAMLPortal", "mpclient status saml-vpn", checkSAMLPortal)
+SHELL_CMD_HANDLER("requiredNanoServices", "ida_saml_gaia", getIDASSamlGaia)
 SHELL_CMD_HANDLER(
    "cpProductIntegrationMgmtParentObjectName",
    "cat $FWDIR/database/myself_objects.C "
@@ -109,12 +124,12 @@ SHELL_CMD_HANDLER(
 #if defined(smb)
 SHELL_CMD_HANDLER(
    "cpProductIntegrationMgmtParentObjectName",
-    "cpsdwan get_data | jq -r .cluster_name",
+    "jq -r .cluster_name /tmp/cpsdwan_getdata_orch.json",
    getSmbMgmtParentObjName
 )
 SHELL_CMD_HANDLER(
    "cpProductIntegrationMgmtParentObjectUid",
-    "cpsdwan get_data | jq -r .cluster_uuid",
+    "jq -r .cluster_uuid /tmp/cpsdwan_getdata_orch.json",
    getSmbMgmtParentObjUid
 )
 SHELL_CMD_HANDLER(
@@ -150,7 +165,11 @@ SHELL_CMD_OUTPUT("helloWorld", "cat /tmp/agentHelloWorld 2>/dev/null")

 #if defined(gaia)

-FILE_CONTENT_HANDLER("hasIdpConfigured", "/opt/CPSamlPortal/phpincs/spPortal/idpPolicy.xml", checkIDP)
+FILE_CONTENT_HANDLER(
+    "hasIdpConfigured",
+    (getenv("SAMLPORTAL_HOME") ? string(getenv("SAMLPORTAL_HOME")) : "") + "/phpincs/spPortal/idpPolicy.xml",
+    checkIDP
+)
 FILE_CONTENT_HANDLER(
    "cpProductIntegrationMgmtObjectName",
    (getenv("FWDIR") ? string(getenv("FWDIR")) : "") + "/database/myown.C",
--- a/components/security_apps/orchestration/details_resolver/details_resolving_handler.cc
+++ b/components/security_apps/orchestration/details_resolver/details_resolving_handler.cc
@@ -43,6 +43,12 @@ public:
    static Maybe<string> getCommandOutput(const string &cmd);

 private:
+#define SHELL_PRE_CMD(NAME, COMMAND) {NAME, COMMAND},
+    map<string, string> shell_pre_commands = {
+        #include "details_resolver_impl.h"
+    };
+#undef SHELL_PRE_CMD
+
 #define SHELL_CMD_OUTPUT(ATTRIBUTE, COMMAND) SHELL_CMD_HANDLER(ATTRIBUTE, COMMAND, [](const string &s) { return s; })
 #define SHELL_CMD_HANDLER(ATTRIBUTE, COMMAND, HANDLER) {ATTRIBUTE, {COMMAND, ShellCommandHandler(HANDLER)}},
    map<string, pair<string, ShellCommandHandler>> shell_command_handlers = {
@@ -61,6 +67,21 @@ private:
 map<string, string>
 DetailsResolvingHanlder::Impl::getResolvedDetails() const
 {
+    I_ShellCmd *shell = Singleton::Consume<I_ShellCmd>::by<DetailsResolvingHanlder>();
+    uint32_t timeout = getConfigurationWithDefault<uint32_t>(5000, "orchestration", "Details resolver time out");
+
+    for (auto &shell_pre_command : shell_pre_commands) {
+        const string &name = shell_pre_command.first;
+        const string &command = shell_pre_command.second;
+        Maybe<int> command_ret = shell->getExecReturnCode(command, timeout);
+
+        if (!command_ret.ok()) {
+            dbgWarning(D_AGENT_DETAILS) << "Failed to run pre-command " << name;
+        } else if (*command_ret) {
+            dbgWarning(D_AGENT_DETAILS) << "Pre-command " << name << " failed (rc: " << *command_ret << ")";
+        }
+    }
+
    map<string, string> resolved_details;
    for (auto shell_handler : shell_command_handlers) {
        const string &attr = shell_handler.first;
@@ -116,7 +137,6 @@ DetailsResolvingHanlder::Impl::getCommandOutput(const string &cmd)
 DetailsResolvingHanlder::DetailsResolvingHanlder() : pimpl(make_unique<Impl>()) {}
 DetailsResolvingHanlder::~DetailsResolvingHanlder() {}

-
 map<string, string>
 DetailsResolvingHanlder::getResolvedDetails() const
 {