Fix Santa sync protocol for versions of Santa >= 2024.6 #53
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Starting to review this, going to propagate this to my test environment and will merge/approve once a sync occurs successfully. |
|
Testing confirmed to work on Santa versions prior to Test Logs: Last login: Sun Nov 17 11:12:41 on console
ryan_diers@small-xray-two-vm ~ % sudo santactl status
Password:
>>> Daemon Info
Mode | Monitor
Transitive Rules | Yes
Log Type | file
File Logging | Yes
USB Blocking | No
On Start USB Options | None
Watchdog CPU Events | 0 (Peak: 11.67%)
Watchdog RAM Events | 0 (Peak: 92.84MB)
>>> Cache Info
Root cache count | 28
Non-root cache count | 0
>>> Database Info
Binary Rules | 2964
Certificate Rules | 533
TeamID Rules | 12
SigningID Rules | 16
Compiler Rules | 295
Transitive Rules | 0
Events Pending Upload | 1
>>> Static Rules
Rules | 28
>>> Watch Items
Enabled | No
>>> Sync Info
Sync Server | https://rad-rudolph.XXX.XXX/
Clean Sync Required | No
Last Successful Full Sync | 2024/11/17 11:18:34 -0800
Last Successful Rule Sync | 2024/11/17 11:18:34 -0800
Push Notifications | Disconnected
Bundle Scanning | No
ryan_diers@small-xray-two-vm ~ % sudo santactl sync --clean-all
Password:
Preflight starting
Clean All sync requested by user
Performing request, attempt 1 (of 5 maximum)...
Server Trust: /O=(null)/OU=(null)/CN=rad-rudolph.XXX.XXX/SHA-1=XXX
Clean sync requested by server
Preflight complete
Event upload starting
Event upload complete
Rule download starting
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 16 rules
Performing request, attempt 1 (of 5 maximum)...
Received 0 rules
Processed 3116 rules
Rule download complete
Postflight starting
Performing request, attempt 1 (of 5 maximum)...
Postflight complete
Sync completed successfully
ryan_diers@small-xray-two-vm ~ % sudo santactl status
>>> Daemon Info
Mode | Lockdown
Log Type | file
File Logging | Yes
USB Blocking | No
On Start USB Options | None
Watchdog CPU Events | 0 (Peak: 11.67%)
Watchdog RAM Events | 0 (Peak: 113.69MB)
>>> Cache Info
Root cache count | 2
Non-root cache count | 0
>>> Database Info
Binary Rules | 2568
Certificate Rules | 522
TeamID Rules | 10
SigningID Rules | 16
Compiler Rules | 276
Transitive Rules | 0
Events Pending Upload | 2
>>> Static Rules
Rules | 28
>>> Watch Items
Enabled | No
>>> Sync Info
Sync Server | https://rad-rudolph.XXX.XXX/
Clean Sync Required | No
Last Successful Full Sync | 2024/11/17 11:26:24 -0800
Last Successful Rule Sync | 2024/11/17 11:26:24 -0800
Push Notifications | Disconnected
Bundle Scanning | No
ryan_diers@small-xray-two-vm ~ % sudo santactl version
santad | 2024.2 (build 605404402)
santactl | 2024.2 (build 605404402)
SantaGUI | 2024.2 (build 605404402)
ryan_diers@small-xray-two-vm ~ % sudo santactl version
santad | 2024.9 (build 674285143)
santactl | 2024.9 (build 674285143)
SantaGUI | 2024.9 (build 674285143)
ryan_diers@small-xray-two-vm ~ % sudo santactl sync --clean-all
Preflight starting
Clean All sync requested by user
Performing request, attempt 1 (of 5 maximum)...
Server Trust: /O=(null)/OU=(null)/CN=rad-rudolph.XXX.XXX/SHA-1=XXX
Clean sync requested by server
Preflight complete
Event upload starting
Event upload complete
Rule download starting
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 50 rules
Performing request, attempt 1 (of 5 maximum)...
Received 16 rules
Performing request, attempt 1 (of 5 maximum)...
Received 0 rules
Processed 3116 rules
Rule download complete
Postflight starting
Performing request, attempt 1 (of 5 maximum)...
Postflight complete
Sync completed successfully
ryan_diers@small-xray-two-vm ~ % sudo santactl sync
Preflight starting
Performing request, attempt 1 (of 5 maximum)...
Server Trust: /O=(null)/OU=(null)/CN=rad-rudolph.XXX.XXX/SHA-1=XXX
Preflight complete
Event upload starting
Performing request, attempt 1 (of 5 maximum)...
Uploaded 3 events
Event upload complete
Rule download starting
Performing request, attempt 1 (of 5 maximum)...
Received 0 rules
Performing request, attempt 1 (of 5 maximum)...
Received 0 rules
Rule download complete
Postflight starting
Performing request, attempt 1 (of 5 maximum)...
Postflight complete
Sync completed successfully
ryan_diers@small-xray-two-vm ~ % sudo santactl status
>>> Daemon Info
Mode | Lockdown
Log Type | file
File Logging | Yes
USB Blocking | No
On Start USB Options | None
Watchdog CPU Events | 0 (Peak: 1.33%)
Watchdog RAM Events | 0 (Peak: 55.80MB)
>>> Cache Info
Root cache count | 31
Non-root cache count | 0
>>> Database Info
Binary Rules | 2568
Certificate Rules | 522
TeamID Rules | 10
SigningID Rules | 16
CDHash Rules | 0
Compiler Rules | 276
Transitive Rules | 0
Events Pending Upload | 28
>>> Static Rules
Rules | 28
>>> Watch Items
Enabled | No
>>> Sync Info
Sync Server | https://rad-rudolph.XXX.XXX/
Clean Sync Required | No
Last Successful Full Sync | 2024/11/17 11:29:29 -0800
Last Successful Rule Sync | 2024/11/17 11:29:29 -0800
Push Notifications | Disconnected
Bundle Scanning | No |
radsec
approved these changes
Nov 17, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
to: @natesinger @mike-flowers-airbnb
cc: @airbnb/rudolph-maintainers
Background
In the Santa 2024.6 release the parsing of the JSON in the sync protocol was handed to the protobuf library which uses the Protobuf to JSON mapping. This had the side effect of making Santa more strict about the protocol fields than it was before.
The
cursorfield in the RuleDownload request is expected to be an opaque field of that's a string. However Rudolph is currently serializing the cursor object into the field directly in the request and the response. This mismatch causes Rudolph to be incompatible with Santa for versions >= 2024.6.Changes
Cursorfield is handled by the RuleDownloadRequestandResponsestructsCursorstructCursorstruct is first serialized to a json string then added to theResponsestruct.Testing
Manual Testing Steps
SyncBaseURLsantactl syncfrom the terminal