From c1e75d11a20c5bf0f4885f53cd59cec0937aae4d Mon Sep 17 00:00:00 2001
From: Matt Leinhos <matt.leinhos@twosixlabs.com>
Date: Mon, 4 Mar 2019 11:18:19 -0600
Subject: [PATCH] Allow nearly arbitrary strings for the virtue_id field.

Allow UUID and FQDNs, and other strings, for the virtue ID value
upon registration. Moreover, updated windows service code to pull
virtue ID from default registry location rather than overriding with
config value, which caused problems.
---
 control/api_server/lib/extraction_plug.ex     |  3 +-
 .../WinVirtUE/sensor_winvirtue.py             |  8 ++++-
 .../WinVirtUE/service_winvirtue.py            | 32 +++++++++----------
 3 files changed, 25 insertions(+), 18 deletions(-)

diff --git a/control/api_server/lib/extraction_plug.ex b/control/api_server/lib/extraction_plug.ex
index f0c371e..15fff8b 100644
--- a/control/api_server/lib/extraction_plug.ex
+++ b/control/api_server/lib/extraction_plug.ex
@@ -371,8 +371,9 @@ defmodule ApiServer.ExtractionPlug do
   end
 
   # Is the given string a valid Virtue ID?
+  # Per NC, a Virtue ID could be a FQDN, so this check is quite permissive
   def is_virtue_id(st) do
-    is_uuid?(st)
+    String.match?(st, ~r/^[a-zA-Z0-9\.\-_]+$/)
   end
 
   # Is the given string a valid Application ID?
diff --git a/targets/win-target/sensor_service/WinVirtUE/sensor_winvirtue.py b/targets/win-target/sensor_service/WinVirtUE/sensor_winvirtue.py
index 5c3bd06..2fe3f67 100644
--- a/targets/win-target/sensor_service/WinVirtUE/sensor_winvirtue.py
+++ b/targets/win-target/sensor_service/WinVirtUE/sensor_winvirtue.py
@@ -216,7 +216,13 @@ def _start_sensors(self):
                     sensor_id, sensor_name)
             paramdict = self._load_config_data(sensor_name)  # load the configuration data
             logger.info("loaded config data for sensor %s", sensor_id)
-            paramdict["sensor_id"] = sensor_id  # artificially inject the sensor id
+            # artificially inject the sensor id
+            paramdict["sensor_id"] = sensor_id
+            # artificially inject the virtue id; the
+            # actual value will be pulled from the registry:
+            # \HKLM\SYTEM\CSS\WinVirUE Service\Environment should contain
+            # VIRTUE_ID=the_virtue_id
+            paramdict["virtue_id"] = None
             paramdict["sensor_hostname"] = None  # artificially inject the sensor hostname
             paramdict['check_for_long_blocking'] = True
 
diff --git a/targets/win-target/sensor_service/WinVirtUE/service_winvirtue.py b/targets/win-target/sensor_service/WinVirtUE/service_winvirtue.py
index 1bde5f8..118a3e5 100644
--- a/targets/win-target/sensor_service/WinVirtUE/service_winvirtue.py
+++ b/targets/win-target/sensor_service/WinVirtUE/service_winvirtue.py
@@ -33,17 +33,20 @@ class WinVirtUE_service(win32serviceutil.ServiceFramework):
     Python service that retrieves message from the kernel driver and
     then converts it to json and sends it on its way to the api
     '''
-
+    # you can NET START/STOP the service by the following name
     _svc_name_ = "WinVirtUE Service"
+    # this text shows up as the service name in the Service
     _svc_display_name_ = "Windows Virtue Service"
+    # this text shows up as the description in the SCM
     _svc_description_ = "Windows Virtue Management Service"
+
     # This depends on the WinVirtUE driver service. Unfortunately a
     # bug (in win32serviceutil?) causes this string to be put in the
     # registry incorrectly, so we don't use it.
     #
     # Use instead: sc config "WinVirtUE Service" depend=WinVirtUE
     #_svc_deps_ = "WinVirtUE"
-    
+
     def __init__(self, args):
         '''
         construct an instance of the WinVirtUE service
@@ -104,7 +107,6 @@ def build_default_section_string(pkgbasedir):
     Build a default section. Exclude sensor_hostname, as we want
     sensor_wrapper's default behavior for that variable.
     '''
-    virtue_id = str(uuid4())
     delay_start = 5
     if "USERNAME" in os.environ:
         username = os.environ["USERNAME"]
@@ -113,17 +115,16 @@ def build_default_section_string(pkgbasedir):
     api_version='v1'
     default_section = '''
 [DEFAULT]
-base_dir = {0}
-config_dir = {1}
-log_dir = {2}
-cert_dir = {3}
-virtue_id = {4}
-delay_start = {5}
-username = {6}
-api_retry_max = {7}
-api_retry_wait = {8}
-api_version = {9}
-#sensor_hostname= {10} # excluded
+base_dir = {}
+config_dir = {}
+log_dir = {}
+cert_dir = {}
+delay_start = {}
+username = {}
+api_retry_max = {}
+api_retry_wait = {}
+api_version = {}
+#sensor_hostname= {} # excluded
 api_https_port = 17504
 api_http_port = 17141
 sensor_advertised_hostname = None
@@ -132,7 +133,7 @@ def build_default_section_string(pkgbasedir):
 backoff_delay = 30
     '''.format(pkgbasedir, os.path.join(pkgbasedir,"config"),
             os.path.join(pkgbasedir,"logs"), os.path.join(pkgbasedir,"certs"),
-            virtue_id, delay_start, username, api_retry_max, api_retry_wait,
+            delay_start, username, api_retry_max, api_retry_wait,
             api_version, socket.gethostname())
     return default_section
 
@@ -153,7 +154,6 @@ def build_default_section_string(pkgbasedir):
         or "config_dir" not in cfgparser["DEFAULT"]
         or "log_dir" not in cfgparser["DEFAULT"]
         or "cert_dir" not in cfgparser["DEFAULT"]
-        or "virtue_id" not in cfgparser["DEFAULT"]
         or "delay_start" not in cfgparser["DEFAULT"]
         or "username" not in cfgparser["DEFAULT"]
         or "api_retry_max" not in cfgparser["DEFAULT"]