Skip to content

Commit

Permalink
Merge remote-tracking branch 'upstream/main' into becca/windows-hello
Browse files Browse the repository at this point in the history
  • Loading branch information
RebeccaMahany committed Sep 13, 2024
2 parents 31506a0 + 766d939 commit c62471b
Show file tree
Hide file tree
Showing 8 changed files with 101 additions and 47 deletions.
38 changes: 35 additions & 3 deletions cmd/launcher/svc_config_windows.go
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,7 @@ func checkServiceConfiguration(logger *slog.Logger, opts *launcher.Options) {

checkRestartActions(logger, launcherService)

setRecoveryActions(context.TODO(), logger, launcherService)
checkRecoveryActions(context.TODO(), logger, launcherService)
}

// checkDelayedAutostart checks the current value of `DelayedAutostart` (whether to wait ~2 minutes
Expand Down Expand Up @@ -192,9 +192,20 @@ func checkRestartActions(logger *slog.Logger, service *mgr.Service) {
logger.Log(context.TODO(), slog.LevelInfo, "successfully set RecoveryActionsOnNonCrashFailures flag")
}

// setRecoveryActions sets the recovery actions for the launcher service.
// checkRecoveryActions checks if the recovery actions for the launcher service are set.
// sets if one or more of the recovery actions are not set.
// previously defined via wix ServicConfig Element (Util Extension) https://wixtoolset.org/docs/v3/xsd/util/serviceconfig/
func setRecoveryActions(ctx context.Context, logger *slog.Logger, service *mgr.Service) {
func checkRecoveryActions(ctx context.Context, logger *slog.Logger, service *mgr.Service) {
curRecoveryActions, err := service.RecoveryActions()
if err != nil {
logger.Log(context.TODO(), slog.LevelError,
"querying for current RecoveryActions",
"err", err,
)

return
}

recoveryActions := []mgr.RecoveryAction{
{
// first failure
Expand All @@ -213,10 +224,31 @@ func setRecoveryActions(ctx context.Context, logger *slog.Logger, service *mgr.S
},
}

// If the recovery actions are already set, we don't need to do anything
if recoveryActionsAreSet(curRecoveryActions, recoveryActions) {
return
}

if err := service.SetRecoveryActions(recoveryActions, 24*60*60); err != nil { // 24 hours
logger.Log(ctx, slog.LevelError,
"setting RecoveryActions",
"err", err,
)
}
}

// recoveryActionsAreSet checks if the current recovery actions are set to the desired recovery actions
func recoveryActionsAreSet(curRecoveryActions, recoveryActions []mgr.RecoveryAction) bool {
if curRecoveryActions == nil || len(curRecoveryActions) != len(recoveryActions) {
return false
}
for i := range curRecoveryActions {
if curRecoveryActions[i].Type != recoveryActions[i].Type {
return false
}
if curRecoveryActions[i].Delay != recoveryActions[i].Delay {
return false
}
}
return true
}
2 changes: 1 addition & 1 deletion ee/tables/macos_software_update/SUSharedPrefs.h
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,7 @@
- (BOOL)bridgeOSUpdatesEnabled;
- (BOOL)skipAPFSSnapshotting;
- (BOOL)doesAllowBGStageWithoutInactivity;
- (BOOL)isMacOSAutoUpdateManaged;
- (BOOL)isAutomaticallyCheckForUpdatesManaged;
- (BOOL)isAutomaticallyCheckForUpdatesEnabled;
- (BOOL)adminDeferredInstallEnabled;
Expand Down Expand Up @@ -108,4 +109,3 @@
- (void)reloadPreferences;

@end

4 changes: 3 additions & 1 deletion ee/tables/macos_software_update/software_update_table.go
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@ func (table *osUpdateTable) generateMacUpdate(ctx context.Context, queryContext
}
var (
version = C.int(table.macOSBuildVersionPrefix)
isMacOSAutoUpdateManaged = C.int(0)
isAutomaticallyCheckForUpdatesManaged = C.int(0)
isAutomaticallyCheckForUpdatesEnabled = C.int(0)
doesBackgroundDownload = C.int(0)
Expand All @@ -59,6 +60,7 @@ func (table *osUpdateTable) generateMacUpdate(ctx context.Context, queryContext
)
C.getSoftwareUpdateConfiguration(
version,
&isMacOSAutoUpdateManaged,
&isAutomaticallyCheckForUpdatesManaged,
&isAutomaticallyCheckForUpdatesEnabled,
&doesBackgroundDownload,
Expand All @@ -70,7 +72,7 @@ func (table *osUpdateTable) generateMacUpdate(ctx context.Context, queryContext

resp := []map[string]string{
{
"autoupdate_managed": fmt.Sprintf("%d", isAutomaticallyCheckForUpdatesManaged),
"autoupdate_managed": fmt.Sprintf("%d", max(isMacOSAutoUpdateManaged, isAutomaticallyCheckForUpdatesManaged)),
"autoupdate_enabled": fmt.Sprintf("%d", isAutomaticallyCheckForUpdatesEnabled),
"download": fmt.Sprintf("%d", doesBackgroundDownload),
"app_updates": fmt.Sprintf("%d", doesAppStoreAutoUpdates),
Expand Down
1 change: 1 addition & 0 deletions ee/tables/macos_software_update/sus.h
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ extern void productNestedKeyValueFound(unsigned int, char*, char*, char*);

// Gets software update config flags from SUSharedPrefs API
void getSoftwareUpdateConfiguration(int os_version,
int* isMacOSAutoUpdateManaged,
int* isAutomaticallyCheckForUpdatesManaged,
int* isAutomaticallyCheckForUpdatesEnabled,
int* doesBackgroundDownload,
Expand Down
8 changes: 7 additions & 1 deletion ee/tables/macos_software_update/sus.m
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
#import <SUUpdateProduct.h>

void getSoftwareUpdateConfiguration(int os_version,
int* isMacOSAutoUpdateManaged,
int* isAutomaticallyCheckForUpdatesManaged,
int* isAutomaticallyCheckForUpdatesEnabled,
int* doesBackgroundDownload,
Expand All @@ -22,7 +23,12 @@ void getSoftwareUpdateConfiguration(int os_version,
Class SUSharedPrefs = [bundle classNamed:@"SUSharedPrefs"];
id manager = [SUSharedPrefs sharedPrefManager];

BOOL val = [manager isAutomaticallyCheckForUpdatesManaged];
BOOL val = [manager isMacOSAutoUpdateManaged];
if (val) {
*isMacOSAutoUpdateManaged = 1;
}

val = [manager isAutomaticallyCheckForUpdatesManaged];
if (val) {
*isAutomaticallyCheckForUpdatesManaged = 1;
}
Expand Down
13 changes: 11 additions & 2 deletions ee/wmi/wmi.go
Original file line number Diff line number Diff line change
Expand Up @@ -153,8 +153,17 @@ func Query(ctx context.Context, slogger *slog.Logger, className string, properti
}
defer serviceRaw.Clear()

// In testing, we find we do not need to `service.Release()`. The memory of result is released
// by `defer serviceRaw.Clear()` above, furthermore on windows arm64 machines, calling
// `service.Clear()` after `serviceRaw.Release()` causes a panic.
//
// Looking at the `serviceRaw.ToIDispatch()` implementation, it's just a cast that returns
// a pointer to the same memory. Which would explain why calling `serviceRaw.Release()` after
// `service.Clear()` causes a panic. It's unclear why this causes a panic on arm64 machines and
// not on amd64 machines.
//
// This also applies to the `resultRaw` and `results` variables below.
service := serviceRaw.ToIDispatch()
defer service.Release()

slogger.Log(ctx, slog.LevelDebug,
"running WMI query",
Expand All @@ -168,8 +177,8 @@ func Query(ctx context.Context, slogger *slog.Logger, className string, properti
}
defer resultRaw.Clear()

// see above comment about `service.Release()` to explain why `result.Release()` isn't called
result := resultRaw.ToIDispatch()
defer result.Release()

if err := oleutil.ForEach(result, handler.HandleVariant); err != nil {
return nil, fmt.Errorf("ole foreach: %w", err)
Expand Down
30 changes: 16 additions & 14 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,15 @@ module github.com/kolide/launcher

require (
github.com/Masterminds/semver v1.4.2
github.com/Microsoft/go-winio v0.6.1
github.com/Microsoft/go-winio v0.6.2
github.com/clbanning/mxj v1.8.4
github.com/go-ini/ini v1.61.0
github.com/go-kit/kit v0.9.0
github.com/go-ole/go-ole v1.2.6
github.com/go-ole/go-ole v1.3.0
github.com/godbus/dbus/v5 v5.1.0
github.com/golang/protobuf v1.5.3
github.com/google/fscrypt v0.3.3
github.com/google/uuid v1.3.0
github.com/google/uuid v1.6.0
github.com/gorilla/websocket v1.4.2
github.com/groob/plist v0.0.0-20190114192801-a99fbe489d03
github.com/knightsc/system_policy v1.1.1-0.20211029142728-5f4c0d5419cc
Expand All @@ -20,12 +20,12 @@ require (
github.com/mattn/go-sqlite3 v1.14.19
github.com/mixer/clock v0.0.0-20170901150240-b08e6b4da7ea
github.com/nfnt/resize v0.0.0-20180221191011-83c6a9932646
github.com/osquery/osquery-go v0.0.0-20231006172600-d6f325f636a9
github.com/osquery/osquery-go v0.0.0-20231130195733-61ac79279aaa
github.com/peterbourgon/ff/v3 v3.1.2
github.com/pkg/errors v0.9.1
github.com/scjalliance/comshim v0.0.0-20190308082608-cf06d2532c4e
github.com/serenize/snaker v0.0.0-20171204205717-a683aaf2d516
github.com/stretchr/testify v1.8.4
github.com/stretchr/testify v1.9.0
github.com/theupdateframework/go-tuf v0.5.2
github.com/tklauser/go-sysconf v0.3.11 // indirect
github.com/yusufpapurcu/wmi v1.2.2 // indirect
Expand All @@ -36,7 +36,7 @@ require (
golang.org/x/image v0.18.0
golang.org/x/net v0.25.0
golang.org/x/sync v0.7.0
golang.org/x/sys v0.20.0
golang.org/x/sys v0.25.0
golang.org/x/text v0.16.0
golang.org/x/time v0.0.0-20191024005414-555d28b269f0
google.golang.org/grpc v1.58.3
Expand All @@ -46,7 +46,7 @@ require (
)

require (
github.com/apache/thrift v0.16.0
github.com/apache/thrift v0.20.0
github.com/golang-jwt/jwt/v5 v5.0.0
github.com/golang-migrate/migrate/v4 v4.16.2
github.com/golang/snappy v0.0.4
Expand Down Expand Up @@ -94,7 +94,7 @@ require (
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/fsnotify/fsnotify v1.6.0 // indirect
github.com/go-logfmt/logfmt v0.5.1 // indirect
github.com/go-logr/logr v1.3.0 // indirect
github.com/go-logr/logr v1.4.2 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/google/go-tpm v0.3.3 // indirect
Expand All @@ -107,19 +107,21 @@ require (
github.com/secure-systems-lab/go-securesystemslib v0.5.0 // indirect
github.com/shoenig/go-m1cpu v0.1.6 // indirect
github.com/smartystreets/goconvey v1.6.4 // indirect
github.com/stretchr/objx v0.5.0 // indirect
github.com/stretchr/objx v0.5.2 // indirect
github.com/tevino/abool v1.2.0 // indirect
github.com/tklauser/numcpus v0.6.0 // indirect
github.com/vmihailenco/msgpack/v5 v5.3.5 // indirect
github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0
go.opentelemetry.io/otel v1.21.0
go.opentelemetry.io/otel/metric v1.21.0 // indirect
go.opentelemetry.io/otel/sdk v1.21.0
go.opentelemetry.io/otel/trace v1.21.0
go.opentelemetry.io/otel v1.30.0
go.opentelemetry.io/otel/metric v1.30.0 // indirect
go.opentelemetry.io/otel/sdk v1.30.0
go.opentelemetry.io/otel/trace v1.30.0
google.golang.org/protobuf v1.33.0
gopkg.in/ini.v1 v1.62.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
)

go 1.21
go 1.22

toolchain go1.22.2
Loading

0 comments on commit c62471b

Please sign in to comment.