Do not override root directory to point to another tenant (#1844)

kolide · Aug 26, 2024 · 7d68314 · 7d68314
1 parent e123f14
commit 7d68314
Show file tree

Hide file tree

Showing 4 changed files with 37 additions and 4 deletions.
diff --git a/ee/tuf/library_lookup.go b/ee/tuf/library_lookup.go
@@ -28,6 +28,7 @@ type autoupdateConfig struct {
 	channel              string
 	localDevelopmentPath string
 	hostname             string
+	identifier           string
 }
 
 // CheckOutLatestWithoutConfig returns information about the latest downloaded executable for our binary,
@@ -48,7 +49,7 @@ func CheckOutLatestWithoutConfig(binary autoupdatableBinary, slogger *slog.Logge
 	}
 
 	// check for old root directories before returning final config in case we've stomped over with windows MSI install
-	updatedRootDirectory := launcher.DetermineRootDirectoryOverride(cfg.rootDirectory, cfg.hostname)
+	updatedRootDirectory := launcher.DetermineRootDirectoryOverride(cfg.rootDirectory, cfg.hostname, cfg.identifier)
 	if updatedRootDirectory != cfg.rootDirectory {
 		slogger.Log(context.TODO(), slog.LevelInfo,
 			"old root directory contents detected, overriding for autoupdate config",
@@ -125,13 +126,14 @@ func getAutoupdateConfig(args []string) (*autoupdateConfig, error) {
 	pflagSet.ParseErrorsWhitelist = pflag.ParseErrorsWhitelist{UnknownFlags: true}
 
 	// Extract the config flag plus the autoupdate flags
-	var flConfigFilePath, flRootDirectory, flUpdateDirectory, flUpdateChannel, flLocalDevelopmentPath, flHostname string
+	var flConfigFilePath, flRootDirectory, flUpdateDirectory, flUpdateChannel, flLocalDevelopmentPath, flHostname, flIdentifier string
 	pflagSet.StringVar(&flConfigFilePath, "config", "", "")
 	pflagSet.StringVar(&flRootDirectory, "root_directory", "", "")
 	pflagSet.StringVar(&flUpdateDirectory, "update_directory", "", "")
 	pflagSet.StringVar(&flUpdateChannel, "update_channel", "", "")
 	pflagSet.StringVar(&flLocalDevelopmentPath, "localdev_path", "", "")
 	pflagSet.StringVar(&flHostname, "hostname", "", "")
+	pflagSet.StringVar(&flIdentifier, "identifier", "", "")
 
 	if err := pflagSet.Parse(argsToParse); err != nil {
 		return nil, fmt.Errorf("parsing command-line flags: %w", err)
@@ -156,6 +158,7 @@ func getAutoupdateConfig(args []string) (*autoupdateConfig, error) {
 		updateDirectory:      flUpdateDirectory,
 		channel:              flUpdateChannel,
 		localDevelopmentPath: flLocalDevelopmentPath,
+		identifier:           flIdentifier,
 	}
 
 	return cfg, nil
@@ -187,6 +190,8 @@ func getAutoupdateConfigFromFile(configFilePath string) (*autoupdateConfig, erro
 			cfg.localDevelopmentPath = value
 		case "hostname":
 			cfg.hostname = value
+		case "identifier":
+			cfg.identifier = value
 		}
 		return nil
 	}); err != nil {

diff --git a/pkg/launcher/options.go b/pkg/launcher/options.go
@@ -375,7 +375,7 @@ func ParseOptions(subcommandName string, args []string) (*Options, error) {
 
 	if runtime.GOOS == "windows" {
 		// check for old root directories before returning the configured option in case we've stomped over with windows MSI install
-		updatedRootDirectory := DetermineRootDirectoryOverride(*flRootDirectory, *flKolideServerURL)
+		updatedRootDirectory := DetermineRootDirectoryOverride(*flRootDirectory, *flKolideServerURL, *flPackageIdentifier)
 		if updatedRootDirectory != *flRootDirectory {
 			*flRootDirectory = updatedRootDirectory
 		}

diff --git a/pkg/launcher/paths.go b/pkg/launcher/paths.go
@@ -4,6 +4,7 @@ import (
 	"os"
 	"path/filepath"
 	"runtime"
+	"strings"
 )
 
 var (
@@ -37,6 +38,8 @@ const (
 )
 
 var likelyWindowsRootDirPaths = []string{
+	"C:\\ProgramData\\Kolide\\Launcher-kolide-nababe-k2\\data",
+	"C:\\Program Files\\Kolide\\Launcher-kolide-nababe-k2\\data",
 	"C:\\ProgramData\\Kolide\\Launcher-kolide-k2\\data",
 	"C:\\Program Files\\Kolide\\Launcher-kolide-k2\\data",
 }
@@ -87,7 +90,7 @@ func DefaultPath(path defaultPath) string {
 // configured root directory if another well known location containing a launcher DB already exists
 // This is used by ParseOptions which doesn't have access to a logger, we should add more logging here
 // when we have that available
-func DetermineRootDirectoryOverride(optsRootDirectory, kolideServerURL string) string {
+func DetermineRootDirectoryOverride(optsRootDirectory, kolideServerURL, packageIdentifier string) string {
 	if runtime.GOOS != "windows" {
 		return optsRootDirectory
 	}
@@ -119,6 +122,11 @@ func DetermineRootDirectoryOverride(optsRootDirectory, kolideServerURL string) s
 			continue
 		}
 
+		// If the identifier is set, the path MUST contain the identifier
+		if packageIdentifier != "" && !strings.Contains(path, packageIdentifier) {
+			continue
+		}
+
 		testingLocation := filepath.Join(path, "launcher.db")
 		dbExists, err := nonEmptyFileExists(testingLocation)
 		if err == nil && dbExists {

diff --git a/pkg/launcher/paths_other_test.go b/pkg/launcher/paths_other_test.go
@@ -0,0 +1,20 @@
+//go:build !windows
+// +build !windows
+
+package launcher
+
+import (
+	"path/filepath"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestDetermineRootDirectoryOverride(t *testing.T) {
+	t.Parallel()
+
+	// On non-Windows OSes, we don't override the root directory -- confirm we always return
+	// optsRootDir instead of an override
+	optsRootDir := filepath.Join("some", "dir", "somewhere")
+	require.Equal(t, optsRootDir, DetermineRootDirectoryOverride(optsRootDir, "", ""))
+}