From 01e4e15b81a30c84eeae15f1a380876d2e6ffbd7 Mon Sep 17 00:00:00 2001
From: Tom Burgin <tburgin@users.noreply.github.com>
Date: Wed, 23 Dec 2020 10:36:39 -0500
Subject: [PATCH] santactl sync: add config option to enable legacy zlib
 content encoding (#522)

---
 Source/common/SNTConfigurator.h                      |  8 ++++++++
 Source/common/SNTConfigurator.m                      | 12 ++++++++++++
 .../santactl/Commands/sync/SNTCommandSyncManager.m   |  3 +++
 Source/santactl/Commands/sync/SNTCommandSyncStage.m  |  2 +-
 Source/santactl/Commands/sync/SNTCommandSyncState.h  |  4 ++++
 version.bzl                                          |  2 +-
 6 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/Source/common/SNTConfigurator.h b/Source/common/SNTConfigurator.h
index 6810fd8de..b3dd1dcf1 100644
--- a/Source/common/SNTConfigurator.h
+++ b/Source/common/SNTConfigurator.h
@@ -332,6 +332,14 @@
 ///
 @property(readonly, nonatomic) BOOL enableDebugLogging;
 
+///
+///  If true, compressed requests from "santactl sync" will set "Content-Encoding" to "zlib"
+///  instead of the new default "deflate". If syncing with Upvote deployed at commit 0b4477d
+///  or below, set this option to true.
+///  Defaults to false.
+///
+@property(readonly, nonatomic) BOOL enableBackwardsCompatibleContentEncoding;
+
 ///
 ///  Retrieve an initialized singleton configurator object using the default file path.
 ///
diff --git a/Source/common/SNTConfigurator.m b/Source/common/SNTConfigurator.m
index fd64d0b55..b72912a38 100644
--- a/Source/common/SNTConfigurator.m
+++ b/Source/common/SNTConfigurator.m
@@ -84,6 +84,8 @@ @implementation SNTConfigurator
 static NSString *const kIgnoreOtherEndpointSecurityClients = @"IgnoreOtherEndpointSecurityClients";
 static NSString *const kEnableDebugLogging = @"EnableDebugLogging";
 
+static NSString *const kEnableBackwardsCompatibleContentEncoding = @"EnableBackwardsCompatibleContentEncoding";
+
 // The keys managed by a sync server or mobileconfig.
 static NSString *const kClientModeKey = @"ClientMode";
 static NSString *const kEnableTransitiveRulesKey = @"EnableTransitiveRules";
@@ -158,6 +160,7 @@ - (instancetype)init {
       kEnableForkAndExitLogging : number,
       kIgnoreOtherEndpointSecurityClients : number,
       kEnableDebugLogging : number,
+      kEnableBackwardsCompatibleContentEncoding : number,
     };
     _defaults = [NSUserDefaults standardUserDefaults];
     [_defaults addSuiteNamed:@"com.google.santa"];
@@ -341,6 +344,10 @@ + (NSSet *)keyPathsForValuesAffectingEnableDebugLogging {
   return [self configStateSet];
 }
 
++ (NSSet *)keyPathsForValuesAffectingEnableBackwardsCompatibleContentEncoding {
+  return [self configStateSet];
+}
+
 #pragma mark Public Interface
 
 - (SNTClientMode)clientMode {
@@ -591,6 +598,11 @@ - (BOOL)enableDebugLogging {
   return [number boolValue] || self.debugFlag;
 }
 
+- (BOOL)enableBackwardsCompatibleContentEncoding {
+  NSNumber *number = self.configState[kEnableBackwardsCompatibleContentEncoding];
+  return number ? [number boolValue] : NO;
+}
+
 #pragma mark Private
 
 ///
diff --git a/Source/santactl/Commands/sync/SNTCommandSyncManager.m b/Source/santactl/Commands/sync/SNTCommandSyncManager.m
index c815edadb..7ec80e7d2 100644
--- a/Source/santactl/Commands/sync/SNTCommandSyncManager.m
+++ b/Source/santactl/Commands/sync/SNTCommandSyncManager.m
@@ -482,6 +482,9 @@ - (SNTCommandSyncState *)createSyncState {
   syncState.daemonConn = self.daemonConn;
   syncState.daemon = self.daemon;
 
+  syncState.compressedContentEncoding =
+      config.enableBackwardsCompatibleContentEncoding ? @"zlib" : @"deflate";
+
   dispatch_group_wait(group, dispatch_time(DISPATCH_TIME_NOW, 5 * NSEC_PER_SEC));
   return syncState;
 }
diff --git a/Source/santactl/Commands/sync/SNTCommandSyncStage.m b/Source/santactl/Commands/sync/SNTCommandSyncStage.m
index 68a2e6d5e..8290f1d65 100644
--- a/Source/santactl/Commands/sync/SNTCommandSyncStage.m
+++ b/Source/santactl/Commands/sync/SNTCommandSyncStage.m
@@ -70,7 +70,7 @@ - (NSMutableURLRequest *)requestWithDictionary:(NSDictionary *)dictionary {
   NSData *compressed = [requestBody zlibCompressed];
   if (compressed) {
     requestBody = compressed;
-    [req setValue:@"deflate" forHTTPHeaderField:@"Content-Encoding"];
+    [req setValue:self.syncState.compressedContentEncoding forHTTPHeaderField:@"Content-Encoding"];
   }
 
   [req setHTTPBody:requestBody];
diff --git a/Source/santactl/Commands/sync/SNTCommandSyncState.h b/Source/santactl/Commands/sync/SNTCommandSyncState.h
index 758bd524d..8544475d2 100644
--- a/Source/santactl/Commands/sync/SNTCommandSyncState.h
+++ b/Source/santactl/Commands/sync/SNTCommandSyncState.h
@@ -78,4 +78,8 @@
 /// Reference to the serial operation queue used for accessing allowlistNotifications.
 @property(weak) NSOperationQueue *allowlistNotificationQueue;
 
+/// The header value for ContentEncoding when sending compressed content.
+/// Either "deflate" (default) or "zlib".
+@property(copy) NSString *compressedContentEncoding;
+
 @end
diff --git a/version.bzl b/version.bzl
index 509d2e98b..6a4c182ce 100644
--- a/version.bzl
+++ b/version.bzl
@@ -1,3 +1,3 @@
 """The version for all Santa components."""
 
-SANTA_VERSION = "1.16"
+SANTA_VERSION = "1.17"