Jun 16th update

2025-11-16 17:31:52 +03:00 · 2023-01-17 11:34:09 +02:00
parent 90bcc544a2
commit ad04b8d063
168 changed files with 64034 additions and 932 deletions
--- a/components/security_apps/orchestration/details_resolver/details_resolver_handlers/checkpoint_product_handlers.h
+++ b/components/security_apps/orchestration/details_resolver/details_resolver_handlers/checkpoint_product_handlers.h
@@ -17,7 +17,51 @@
 #include <algorithm>
 #include <boost/regex.hpp>

+#if defined(gaia)
+
+Maybe<string>
+checkHasSupportedBlade(const string &command_output)
+{
+    string supportedBlades[3] = {"identityServer", "vpn", "cvpn"};
+    for(const string &blade : supportedBlades) {
+        if (command_output.find(blade) != string::npos) {
+            return string("true");
+        }
+    }
+
+    return genError("Current host does not have IDA capability");
+}
+
+Maybe<string>
+checkSamlPortal(const string &command_output)
+{
+    if (command_output.find("Portal is running") != string::npos) {
+        return string("true");
+    }
+
+    return genError("Current host does not have SAML Portal configured");
+}
+
+Maybe<string>
+checkIDP(shared_ptr<istream> file_stream)
+{
+    string line;
+    while (getline(*file_stream, line)) {
+        if (line.find("<identity_portal/>") != string::npos) {
+            return string("false");
+        }
+        if (line.find("identity_provider") != string::npos) {
+            return string("true");
+        }
+    }
+
+    return genError("Identity Provider was not found");
+}
+
+#endif // gaia
+
 #if defined(gaia) || defined(smb)
+
 Maybe<string>
 checkHasSDWan(const string &command_output)
 {
@@ -72,6 +116,23 @@ getMgmtObjName(shared_ptr<istream> file_stream)
    return getMgmtObjAttr(file_stream, "name ");
 }

+Maybe<string>
+getSmbObjectName(const string &command_output)
+{
+    static const char centrally_managed_comd_output = '0';
+
+    if (command_output.empty() || command_output[0] != centrally_managed_comd_output) {
+        return genError("Object name was not found");
+    }
+    
+    static const string obj_path = (getenv("FWDIR") ? string(getenv("FWDIR")) : "") + "/database/myown.C";
+    auto ifs = std::make_shared<std::ifstream>(obj_path);
+    if (!ifs->is_open()) {
+        return genError("Failed to open the object file");
+    }
+    return getMgmtObjAttr(ifs, "name ");
+}
+
 Maybe<string>
 getMgmtParentObjAttr(shared_ptr<istream> file_stream, const string &parent_obj, const string &attr)
 {
@@ -89,7 +150,9 @@ getMgmtParentObjAttr(shared_ptr<istream> file_stream, const string &parent_obj,
    }
    return genError("Parent object attribute was not found. Attr: " + attr);
 }
+#endif // gaia || smb

+#if defined(gaia)
 Maybe<string>
 getMgmtParentObjUid(shared_ptr<istream> file_stream)
 {
@@ -117,7 +180,26 @@ getMgmtParentObjName(shared_ptr<istream> file_stream)
    const string &unparsed_name = maybe_unparsed_name.unpack();
    return chopHeadAndTail(unparsed_name, "(", ")");
 }
-#endif // gaia || smb
+
+#elif defined(smb)
+Maybe<string>
+getMgmtParentObjUid(const string &command_output)
+{
+    if (!command_output.empty()) {
+        return command_output;
+    }
+    return genError("Parent object uuid was not found.");
+}
+
+Maybe<string>
+getMgmtParentObjName(const string &command_output)
+{
+    if (!command_output.empty()) {
+        return command_output;
+    }
+    return genError("Parent object name was not found.");
+}
+#endif // end if gaia/smb

 Maybe<string>
 getOsRelease(shared_ptr<istream> file_stream)
--- a/components/security_apps/orchestration/details_resolver/details_resolver_handlers/details_resolver_impl.h
+++ b/components/security_apps/orchestration/details_resolver/details_resolver_handlers/details_resolver_impl.h
@@ -19,12 +19,33 @@
 // to return a string value for an attribute key based on a logic executed in a handler that receives
 // shell command execution output as its input
 #ifdef SHELL_CMD_HANDLER
-
 #if defined(gaia) || defined(smb)
 SHELL_CMD_HANDLER("cpProductIntegrationMgmtObjectType", "cpprod_util CPPROD_IsMgmtMachine", getMgmtObjType)
 SHELL_CMD_HANDLER("hasSDWan", "[ -f $FWDIR/bin/sdwan_steering ] && echo '1' || echo '0'", checkHasSDWan)
+#endif //gaia || smb
+
+#if defined(gaia)
+SHELL_CMD_HANDLER("hasSupportedBlade", "enabled_blades", checkHasSupportedBlade)
+SHELL_CMD_HANDLER("hasSamlPortal", "mpclient status saml-vpn", checkSamlPortal)
 #endif //gaia

+#if defined(smb)
+SHELL_CMD_HANDLER(
+    "cpProductIntegrationMgmtParentObjectName",
+    "cpsdwan get_data | jq -r .cluster_name",
+    getMgmtParentObjName
+)
+SHELL_CMD_HANDLER(
+    "cpProductIntegrationMgmtParentObjectUid",
+    "cpsdwan get_data | jq -r .cluster_uuid",
+    getMgmtParentObjUid
+)
+SHELL_CMD_HANDLER(
+    "cpProductIntegrationMgmtObjectName",
+    "cpprod_util FwIsLocalMgmt",
+    getSmbObjectName
+)
+#endif//smb
 #endif // SHELL_CMD_HANDLER


@@ -40,21 +61,10 @@ SHELL_CMD_OUTPUT("helloWorld", "cat /tmp/agentHelloWorld 2>/dev/null")
 // to return a string value for an attribute key based on a logic executed in a handler that receives file as input
 #ifdef FILE_CONTENT_HANDLER

-#if defined(alpine)
-FILE_CONTENT_HANDLER("alpine_tag", "/usr/share/build/cp-alpine-tag", getCPAlpineTag)
-#endif // alpine
-#if defined(gaia) || defined(smb)
-FILE_CONTENT_HANDLER("os_release", "/etc/cp-release", getOsRelease)
-FILE_CONTENT_HANDLER(
-    "cpProductIntegrationMgmtObjectUid",
-    (getenv("FWDIR") ? string(getenv("FWDIR")) : "") + "/database/myown.C",
-    getMgmtObjUid
-)
-FILE_CONTENT_HANDLER(
-    "cpProductIntegrationMgmtObjectName",
-    (getenv("FWDIR") ? string(getenv("FWDIR")) : "") + "/database/myown.C",
-    getMgmtObjName
-)
+#if defined(gaia)
+
+FILE_CONTENT_HANDLER("hasIdpConfigured", "/opt/CPSamlPortal/phpincs/spPortal/idpPolicy.xml", checkIDP)
+
 FILE_CONTENT_HANDLER(
    "cpProductIntegrationMgmtParentObjectUid",
    (getenv("FWDIR") ? string(getenv("FWDIR")) : "") + "/database/myself_objects.C",
@@ -65,6 +75,23 @@ FILE_CONTENT_HANDLER(
    (getenv("FWDIR") ? string(getenv("FWDIR")) : "") + "/database/myself_objects.C",
    getMgmtParentObjName
 )
+FILE_CONTENT_HANDLER(
+    "cpProductIntegrationMgmtObjectName",
+    (getenv("FWDIR") ? string(getenv("FWDIR")) : "") + "/database/myown.C",
+    getMgmtObjName
+)
+#endif //gaia
+
+#if defined(alpine)
+FILE_CONTENT_HANDLER("alpine_tag", "/usr/share/build/cp-alpine-tag", getCPAlpineTag)
+#endif // alpine
+#if defined(gaia) || defined(smb)
+FILE_CONTENT_HANDLER("os_release", "/etc/cp-release", getOsRelease)
+FILE_CONTENT_HANDLER(
+    "cpProductIntegrationMgmtObjectUid",
+    (getenv("FWDIR") ? string(getenv("FWDIR")) : "") + "/database/myown.C",
+    getMgmtObjUid
+)
 #else // !(gaia || smb)
 FILE_CONTENT_HANDLER("os_release", "/etc/os-release", getOsRelease)
 #endif // gaia || smb
--- a/components/security_apps/orchestration/details_resolver/details_resolving_handler.cc
+++ b/components/security_apps/orchestration/details_resolver/details_resolving_handler.cc
@@ -92,7 +92,7 @@ DetailsResolvingHanlder::Impl::getResolvedDetails() const
    }

    I_AgentDetailsReporter *reporter = Singleton::Consume<I_AgentDetailsReporter>::by<DetailsResolvingHanlder>();
-    reporter->addAttr(resolved_details);
+    reporter->addAttr(resolved_details, true);

    return resolved_details;
 }