From b9f7c57f52f06eec4fe73a35538e3ce79943ea48 Mon Sep 17 00:00:00 2001 From: Tom Burgin Date: Fri, 20 Jun 2025 11:44:41 -0400 Subject: [PATCH 1/2] primary user groups --- MODULE.bazel | 2 +- Source/common/SNTConfigurator.h | 5 ++++ Source/common/SNTConfigurator.m | 28 +++++++++++++++++++++ Source/santasyncservice/SNTSyncManager.m | 1 + Source/santasyncservice/SNTSyncPreflight.mm | 6 +++++ Source/santasyncservice/SNTSyncState.h | 1 + 6 files changed, 42 insertions(+), 1 deletion(-) diff --git a/MODULE.bazel b/MODULE.bazel index 9c504a32e..d5f4c071f 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -15,7 +15,7 @@ bazel_dep(name = "xxhash", version = "0.8.2") bazel_dep(name = "protos", version = "1.0.1", repo_name = "northpolesec_protos") git_override( module_name = "protos", - commit = "bd61ba67c96bb8983e1b1ecf51f0af0d9308ac63", + commit = "704246489aa55e6e2b60b47133a8668bc3656105", remote = "https://github.com/northpolesec/protos", ) diff --git a/Source/common/SNTConfigurator.h b/Source/common/SNTConfigurator.h index d0e69608a..78f2eec49 100644 --- a/Source/common/SNTConfigurator.h +++ b/Source/common/SNTConfigurator.h @@ -496,6 +496,11 @@ /// @property(nullable, readonly, nonatomic) NSString *machineOwner; +/// +/// The machine owner's groups. +/// +@property(nullable, readonly, nonatomic) NSArray *machineOwnerGroups; + /// /// The last date of a successful full sync. /// diff --git a/Source/common/SNTConfigurator.m b/Source/common/SNTConfigurator.m index 1cd2da1e3..3bb912e12 100644 --- a/Source/common/SNTConfigurator.m +++ b/Source/common/SNTConfigurator.m @@ -95,9 +95,11 @@ @implementation SNTConfigurator static NSString *const kStatsOrganizationID = @"StatsOrganizationID"; static NSString *const kMachineOwnerKey = @"MachineOwner"; +static NSString *const kMachineOwnerGroupsKey = @"MachineOwnerGroups"; static NSString *const kMachineIDKey = @"MachineID"; static NSString *const kMachineOwnerPlistFileKey = @"MachineOwnerPlist"; static NSString *const kMachineOwnerPlistKeyKey = @"MachineOwnerKey"; +static NSString *const kMachineOwnerGroupsPlistKeyKey = @"MachineOwnerGroupsKey"; static NSString *const kMachineIDPlistFileKey = @"MachineIDPlist"; static NSString *const kMachineIDPlistKeyKey = @"MachineIDKey"; @@ -284,9 +286,11 @@ - (instancetype)initWithSyncStateFile:(NSString *)syncStateFilePath kEnableStatsCollectionKey : number, kStatsOrganizationID : string, kMachineOwnerKey : string, + kMachineOwnerGroupsKey : array, kMachineIDKey : string, kMachineOwnerPlistFileKey : string, kMachineOwnerPlistKeyKey : string, + kMachineOwnerGroupsPlistKeyKey : string, kMachineIDPlistFileKey : string, kMachineIDPlistKeyKey : string, kEventLogType : string, @@ -542,6 +546,10 @@ + (NSSet *)keyPathsForValuesAffectingMachineOwner { return [self configStateSet]; } ++ (NSSet *)keyPathsForValuesAffectingMachineOwnerGroups { + return [self configStateSet]; +} + + (NSSet *)keyPathsForValuesAffectingMachineID { return [self configStateSet]; } @@ -1039,6 +1047,26 @@ - (NSString *)machineOwner { return machineOwner ?: @""; } +- (NSArray *)machineOwnerGroups { + NSArray *machineOwnerGroups = self.configState[kMachineOwnerGroupsKey]; + if (machineOwnerGroups.count) return machineOwnerGroups; + + NSString *plistPath = self.configState[kMachineOwnerPlistFileKey]; + NSString *plistKey = self.configState[kMachineOwnerGroupsPlistKeyKey]; + if (plistPath && plistKey) { + NSDictionary *plist = [NSDictionary dictionaryWithContentsOfFile:plistPath]; + machineOwnerGroups = [plist[plistKey] isKindOfClass:[NSArray class]] ? plist[plistKey] : nil; + for (NSString *group in machineOwnerGroups) { + if (![group isKindOfClass:[NSString class]]) { + machineOwnerGroups = nil; + break; + } + } + } + + return machineOwnerGroups; +} + - (NSString *)machineID { NSString *machineId = self.configState[kMachineIDKey]; if (machineId) return machineId; diff --git a/Source/santasyncservice/SNTSyncManager.m b/Source/santasyncservice/SNTSyncManager.m index b0722cc18..110684b92 100644 --- a/Source/santasyncservice/SNTSyncManager.m +++ b/Source/santasyncservice/SNTSyncManager.m @@ -398,6 +398,7 @@ - (SNTSyncState *)createSyncStateWithStatus:(SNTSyncStatusType *)status { syncState.machineOwner = @""; SLOGW(@"Missing Machine Owner."); } + syncState.machineOwnerGroups = config.machineOwnerGroups; syncState.xsrfToken = self.xsrfToken; syncState.xsrfTokenHeader = self.xsrfTokenHeader; diff --git a/Source/santasyncservice/SNTSyncPreflight.mm b/Source/santasyncservice/SNTSyncPreflight.mm index 112f7a325..cc03f0ee8 100644 --- a/Source/santasyncservice/SNTSyncPreflight.mm +++ b/Source/santasyncservice/SNTSyncPreflight.mm @@ -92,6 +92,12 @@ - (BOOL)sync { req->set_model_identifier(NSStringToUTF8String([SNTSystemInfo modelIdentifier])); req->set_santa_version(NSStringToUTF8String([SNTSystemInfo santaFullVersion])); req->set_primary_user(NSStringToUTF8String(self.syncState.machineOwner)); + if (self.syncState.machineOwnerGroups.count) { + google::protobuf::RepeatedPtrField *groups = req->mutable_primary_user_groups(); + for (NSString *group in self.syncState.machineOwnerGroups) { + groups->Add(NSStringToUTF8String(group)); + } + } req->set_sip_status([SNTSIPStatus currentStatus]); if (self.syncState.pushNotificationsToken) { diff --git a/Source/santasyncservice/SNTSyncState.h b/Source/santasyncservice/SNTSyncState.h index 3a30fbfda..6a7750b1e 100644 --- a/Source/santasyncservice/SNTSyncState.h +++ b/Source/santasyncservice/SNTSyncState.h @@ -58,6 +58,7 @@ /// Machine identifier and owner. @property(copy) NSString *machineID; @property(copy) NSString *machineOwner; +@property(copy) NSArray *machineOwnerGroups; /// Settings sent from server during preflight that are set during postflight. @property SNTClientMode clientMode; From c0d0cc644a734fbf6da4b851e0dd1f0d482d03fa Mon Sep 17 00:00:00 2001 From: Tom Burgin Date: Fri, 20 Jun 2025 13:22:55 -0400 Subject: [PATCH 2/2] len check --- Source/common/SNTConfigurator.m | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Source/common/SNTConfigurator.m b/Source/common/SNTConfigurator.m index 3bb912e12..230c6db8a 100644 --- a/Source/common/SNTConfigurator.m +++ b/Source/common/SNTConfigurator.m @@ -1039,7 +1039,7 @@ - (NSString *)machineOwner { NSString *plistPath = self.configState[kMachineOwnerPlistFileKey]; NSString *plistKey = self.configState[kMachineOwnerPlistKeyKey]; - if (plistPath && plistKey) { + if (plistPath.length && plistKey.length) { NSDictionary *plist = [NSDictionary dictionaryWithContentsOfFile:plistPath]; machineOwner = [plist[plistKey] isKindOfClass:[NSString class]] ? plist[plistKey] : nil; } @@ -1053,7 +1053,7 @@ - (NSString *)machineOwner { NSString *plistPath = self.configState[kMachineOwnerPlistFileKey]; NSString *plistKey = self.configState[kMachineOwnerGroupsPlistKeyKey]; - if (plistPath && plistKey) { + if (plistPath.length && plistKey.length) { NSDictionary *plist = [NSDictionary dictionaryWithContentsOfFile:plistPath]; machineOwnerGroups = [plist[plistKey] isKindOfClass:[NSArray class]] ? plist[plistKey] : nil; for (NSString *group in machineOwnerGroups) {