roaming mode
- The server list check was incorrect
- When capturing, roaming mode was always defaulted to false
- The logs could not be written due to non-initialized class
- simply fetch all org objects for the ACL checks in one shot instead of doing it on demand
- has no real performance impact even on large sharing instances
- reduces the number of queries greatly making debugging easier
- added functions to manage the additions/removals of objects from sharing groups
- the following APIs are included:
- /sharingGroups/addOrg/[sg_id]/[org_id]/[extend]
- /sharingGroups/removeOrg/[sg_id]/[org_id]
- /sharingGroups/addServer/[sg_id]/[server_id]/[all_orgs]
- /sharingGroups/removeServer/[sg_id]/[server_id]
- All parameters are optional and can instead be passed as JSON objects such as:
{
"org_uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f",
"sg_id": "49",
"extend": 1
}
- The API is extremely flexible with how to name objects, the following parameters are allowed:
- Organisations:
- org_id (The organisation's local instance ID)
- org_uuid (The organisation's global UUID)
- org_name (The organisation's identifier as known to the curent instance)
- Server:
- server_id (The server's local instance ID)
- server_url (The URL of the server)
- server_name (The local name of the server as assigned when adding the server)
The sharing groups can also be addressed by ID or UUID.
- Add/Edit/Index/View now exposed to the API
- rework of the sharing group capturing process
- fix to an issue that could potentially block sharing groups from being synced (the creator org of the sharing group wasn't directly exposed and an edit to the organisation's UUID after creating the SG could make the SG non-syncable)
- various fixes to edge cases
- descriptors to the add/edit APIs via restresponse
- Operation "Just relaxing and looking at stuff for the baby online" - the x-mas covert development patch(tm)
- removed incorrect, useless boiler plate comments
- kept useful comments intact
- added some missing line breaks to make the codebase a bit more uniform
- removed some obviously obsolete TODO comments
- New setting roaming:
- Until now, users could unselect "Limit instances to which data in this sharing group should be pushed to"
- This lead to no servers added to the distribution list, and MISP would simply determine, based on the sync rules, whether the host organisation of the remote instance is eligible for the event
- This works well in most cases, but in some cases, the local instance is not kept after a sync (aliases for the local instance baseurl vs remote instance's view of the url)
- In these cases the sharing groups ended up being "unlimited", which was not the intent
- Generally this shouldn't cause any issues as MISP still requires the sync link's organisation to be directly contained in an SG before it would push the event further
- However, introducing the roaming setting this can be more clearly defined
- By default, sharing groups are set to non roaming
- Some further fixes to the sharing group update procedure for 2.4.49
- Update the roaming status of existing sharing groups. Local sharing groups with no instances attached will become roaming by default, all others are assumed to be non-roaming
Jakub Onderka