Mar 21st 2024 update

2025-09-29 19:24:26 +03:00 · 2024-03-21 15:31:38 +00:00
parent 0d22790ebe
commit c20fa9f966
100 changed files with 3851 additions and 453 deletions
--- a/components/security_apps/orchestration/details_resolver/details_resolver_handlers/checkpoint_product_handlers.h
+++ b/components/security_apps/orchestration/details_resolver/details_resolver_handlers/checkpoint_product_handlers.h
@@ -216,6 +216,18 @@ getFecApplicable(const string &command_output)
    return genError("Could not determine if fec applicable");
 }

+Maybe<string>
+getSMCBasedMgmtId(const string &command_output)
+{
+    return getAttr(command_output, "Mgmt object UUID was not found");
+}
+
+Maybe<string>
+getSMCBasedMgmtName(const string &command_output)
+{
+    return getAttr(command_output, "Mgmt object Name was not found");
+}
+
 Maybe<string>
 getSmbObjectName(const string &command_output)
 {
--- a/components/security_apps/orchestration/details_resolver/details_resolver_handlers/details_resolver_impl.h
+++ b/components/security_apps/orchestration/details_resolver/details_resolver_handlers/details_resolver_impl.h
@@ -33,7 +33,10 @@
 SHELL_PRE_CMD("read sdwan data",
    "(cpsdwan get_data > /tmp/cpsdwan_getdata_orch.json~) "
    "&& (mv /tmp/cpsdwan_getdata_orch.json~ /tmp/cpsdwan_getdata_orch.json)")
-#endif
+#endif //gaia || smb
+#if defined(smb)
+SHELL_PRE_CMD("gunzip local.cfg", "gunzip -c $FWDIR/state/local/FW1/local.cfg.gz > /tmp/local.cfg")
+#endif  //smb
 #endif

 #ifdef SHELL_CMD_HANDLER
@@ -115,6 +118,22 @@ SHELL_CMD_HANDLER(
    "cat $FWDIR/database/myself_objects.C | awk -F '[:()]' '/:VPN_1/ {print $3}' | head -n 1",
    getGWIPSecVPNBlade
 )
+SHELL_CMD_HANDLER(
+    "SMCBasedMgmtId",
+    "domain_uuid=$(jq -r .domain_uuid /tmp/cpsdwan_getdata_orch.json);"
+    "[ \"$domain_uuid\" != \"null\" ] && echo \"$domain_uuid\" ||"
+    "cat $FWDIR/database/myself_objects.C "
+    "| awk -F'[{}]' '/:masters/ { found=1; next } found && /:Uid/ { uid=tolower($2); print uid; exit }'",
+    getSMCBasedMgmtId
+)
+SHELL_CMD_HANDLER(
+    "SMCBasedMgmtName",
+    "domain_name=$(jq -r .domain_name /tmp/cpsdwan_getdata_orch.json);"
+    "[ \"$domain_name\" != \"null\" ] && echo \"$domain_name\" ||"
+    "cat $FWDIR/database/myself_objects.C "
+    "| awk -F '[:()]' '/:masters/ {found=1; next} found && /:Name/ {print $3; exit}'",
+    getSMCBasedMgmtName
+)
 #endif //gaia

 #if defined(smb)
@@ -148,6 +167,23 @@ SHELL_CMD_HANDLER(
    "cat $FWDIR/conf/active_blades.txt | grep -o 'IPS [01]' | cut -d ' ' -f2",
    getSmbGWIPSecVPNBlade
 )
+SHELL_CMD_HANDLER(
+    "SMCBasedMgmtId",
+    "domain_uuid=$(jq -r .domain_uuid /tmp/cpsdwan_getdata_orch.json);"
+    "[ \"$domain_uuid\" != \"null\" ] && echo \"$domain_uuid\" ||"
+    "cat /tmp/local.cfg "
+    "| awk -F'[{}]' '/:masters/ { found=1; next } found && /:Uid/ { uid=tolower($2); print uid; exit }'",
+    getSMCBasedMgmtId
+)
+
+SHELL_CMD_HANDLER(
+    "SMCBasedMgmtName",
+    "domain_name=$(jq -r .domain_name /tmp/cpsdwan_getdata_orch.json);"
+    "[ \"$domain_name\" != \"null\" ] && echo \"$domain_name\" ||"
+    "cat /tmp/local.cfg "
+    "| awk -F '[:()]' '/:masters/ {found=1; next} found && /:Name/ {print $3; exit}'",
+    getSMCBasedMgmtName
+)
 #endif//smb

 SHELL_CMD_OUTPUT("kernel_version", "uname -r")
@@ -190,3 +226,9 @@ FILE_CONTENT_HANDLER("os_release", "/etc/os-release", getOsRelease)
 FILE_CONTENT_HANDLER("AppSecModelVersion", "/etc/cp/conf/waap/waap.data", getWaapModelVersion)

 #endif // FILE_CONTENT_HANDLER
+
+#ifdef SHELL_POST_CMD
+#if defined(smb)
+SHELL_POST_CMD("remove local.cfg", "rm -rf /tmp/local.cfg")
+#endif  //smb
+#endif
--- a/components/security_apps/orchestration/details_resolver/details_resolving_handler.cc
+++ b/components/security_apps/orchestration/details_resolver/details_resolving_handler.cc
@@ -64,6 +64,12 @@ private:
 #undef FILE_CONTENT_HANDLER
 };

+#define SHELL_POST_CMD(NAME, COMMAND) {NAME, COMMAND},
+    map<string, string> shell_post_commands = {
+        #include "details_resolver_impl.h"
+    };
+#undef SHELL_POST_CMD
+
 map<string, string>
 DetailsResolvingHanlder::Impl::getResolvedDetails() const
 {
@@ -114,6 +120,18 @@ DetailsResolvingHanlder::Impl::getResolvedDetails() const
        in_file->close();
    }

+    for (auto &shell_post_command : shell_post_commands) {
+        const string &name = shell_post_command.first;
+        const string &command = shell_post_command.second;
+        Maybe<int> command_ret = shell->getExecReturnCode(command, timeout);
+
+        if (!command_ret.ok()) {
+            dbgWarning(D_AGENT_DETAILS) << "Failed to run post-command " << name;
+        } else if (*command_ret) {
+            dbgWarning(D_AGENT_DETAILS) << "Post-command " << name << " failed (rc: " << *command_ret << ")";
+        }
+    }
+
    I_AgentDetailsReporter *reporter = Singleton::Consume<I_AgentDetailsReporter>::by<DetailsResolvingHanlder>();
    reporter->addAttr(resolved_details, true);

--- a/components/security_apps/orchestration/orchestration_comp.cc
+++ b/components/security_apps/orchestration/orchestration_comp.cc
@@ -1012,10 +1012,11 @@ private:
        HybridModeMetricEvent().notify();

        if (!response.ok()) {
+            dbgWarning(D_ORCHESTRATOR) << "Failed to get the update. Error: " << response.getErr();
            orch_status->setFieldStatus(
                OrchestrationStatusFieldType::LAST_UPDATE,
                OrchestrationStatusResult::FAILED,
-                response.getErr()
+                "Warning: Agent/Gateway failed during the update process. Contact Check Point support."
            );

            return genError(response.getErr());
--- a/components/security_apps/orchestration/orchestration_ut/orchestration_ut.cc
+++ b/components/security_apps/orchestration/orchestration_ut/orchestration_ut.cc
@@ -90,6 +90,7 @@ public:
            "/api/v1/agents/events",
            _,
            MessageCategory::LOG,
+            _,
            _
        )).WillRepeatedly(SaveArg<2>(&message_body));

--- a/components/security_apps/orchestration/update_communication/fog_authenticator.cc
+++ b/components/security_apps/orchestration/update_communication/fog_authenticator.cc
@@ -473,10 +473,11 @@ FogAuthenticator::authenticateAgent()
        auto orc_status = Singleton::Consume<I_OrchestrationStatus>::by<FogAuthenticator>();
        credentials = getCredentials();
        if (!credentials.ok()) {
+            dbgWarning(D_ORCHESTRATOR) << "Failed to authenticate the agent: " << credentials.getErr();
            orc_status->setFieldStatus(
                OrchestrationStatusFieldType::REGISTRATION,
                OrchestrationStatusResult::FAILED,
-                credentials.getErr()
+                "Warning: Agent/Gateway failed the authentication. Contact Check Point support."
            );
            return genError(credentials.getErr());
        }
@@ -516,7 +517,7 @@ FogAuthenticator::authenticateAgent()
                        orc_status->setFieldStatus(
                            OrchestrationStatusFieldType::REGISTRATION,
                            OrchestrationStatusResult::FAILED,
-                            access_token.getErr()
+                            "Warning: Agent/Gateway failed to receive access token. Contact Check Point support."
                        );
                    }
                    int next_session_req = max(