Add pandorawmic to the repo.

wmic does not support the hardening changes in DCOM that were introduced
for CVE-2021-26414. pandorawmic solves this problem while being backward
compatible with wmic. Ref. pandora_enterprise#8521.

pandora_server/.gitattributes

@@ -0,0 +1,2 @@
+*.exe filter=lfs diff=lfs merge=lfs -text
+pandorawmic filter=lfs diff=lfs merge=lfs -text

pandora_server/Makefile.PL

@@ -2,7 +2,7 @@ use 5.000;
 use ExtUtils::MakeMaker;
 
 my %ARGV = map { my @r = split /=/,$_; defined $r[1] or $r[1]=1; @r } @ARGV;
-my @exe_files = qw(bin/pandora_server bin/pandora_exec);
+my @exe_files = qw(bin/pandora_server bin/pandora_exec bin/pandorawmic);
 $ARGV{WITHOUT_TENTACLE} or push @exe_files, 'bin/tentacle_server';
 
 WriteMakefile(

pandora_server/bin/PandoraFMS

@@ -1 +0,0 @@
-../lib/PandoraFMS

pandora_server/bin/pandorawmic

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ddbbe474e77f02d5ff3fda0ed048fe1a1ca185cbc53094a14b77bd93eb838272
+size 10548264

pandora_server/bin/pandorawmic.exe

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:287a2caeb2b730eb3e10df3b90ccbb3aab0da8e8c8d4a39b60ded4b7b53b4087
+size 8898831

pandora_server/conf/pandora_server.conf.new

@@ -256,6 +256,10 @@ wmi_timeout 7
 
 wmi_threads 1
 
+# WMI client binary (wmic by default).
+
+#wmi_client pandorawmic
+
 # recon_threads. Each thread will scan a different scantask.
 
 recon_threads 1

pandora_server/conf/pandora_server.conf.windows

@@ -213,6 +213,10 @@ wmi_timeout 10
 
 wmi_threads 2
 
+# WMI client binary (wmic by default).
+
+#wmi_client pandorawmic.exe
+
 # recon_threads. Each thread will scan a different scantask.
 
 recon_threads 2

pandora_server/lib/PandoraFMS/WMIServer.pm

@@ -53,7 +53,7 @@ sub new ($$;$) {
 	return undef unless $config->{'wmiserver'} == 1;
 
 	# Check for a WMI client
-	if (system ($config->{'wmi_client'} . " >$DEVNULL 2>&1") >> 8 != 1) {
+	if (system ($config->{'wmi_client'} . " >$DEVNULL 2>&1") >> 8 == 127) {
 		logger ($config, ' [E] ' . $config->{'wmi_client'} . " not found. " . $config->{'rb_product_name'} . " WMI Server needs a DCOM/WMI client.", 1);
 		print_message ($config, ' [E] ' . $config->{'wmi_client'} . " not found. " . $config->{'rb_product_name'} . " WMI Server needs a DCOM/WMI client.", 1);
 		return undef;

pandora_server/pandora_server.redhat.spec

@@ -67,6 +67,7 @@ mkdir -p $RPM_BUILD_ROOT/usr/lib/perl5/
 # All binaries go to %{_bindir}
 cp -aRf bin/pandora_server $RPM_BUILD_ROOT%{_bindir}/
 cp -aRf bin/pandora_exec $RPM_BUILD_ROOT%{_bindir}/
+cp -aRf bin/pandorawmic $RPM_BUILD_ROOT%{_bindir}/
 install -m 0755 bin/tentacle_server $RPM_BUILD_ROOT%{_bindir}/
 
 cp -aRf conf/* $RPM_BUILD_ROOT%{prefix}/pandora_server/conf/
@@ -204,6 +205,7 @@ exit 0
 %{_bindir}/pandora_server
 %{_bindir}/tentacle_server
 %{_bindir}/pandora_ha
+%{_bindir}/pandorawmic
 
 %dir %{_sysconfdir}/pandora
 %dir %{_localstatedir}/spool/pandora

pandora_server/pandora_server.spec

@@ -73,6 +73,7 @@ mkdir -p $RPM_BUILD_ROOT/usr/share/man/man1/
 cp -aRf bin/pandora_server $RPM_BUILD_ROOT/usr/bin/
 cp -aRf bin/pandora_exec $RPM_BUILD_ROOT/usr/bin/
 cp -aRf bin/tentacle_server $RPM_BUILD_ROOT/usr/bin/
+cp -aRf bin/pandorawmic $RPM_BUILD_ROOT/usr/bin/
 
 cp -aRf conf/pandora_* $RPM_BUILD_ROOT%{prefix}/pandora_server/conf/
 cp -aRf conf/pandora_server.conf.new $RPM_BUILD_ROOT/etc/pandora/
@@ -193,7 +194,7 @@ rm -Rf /etc/pandora/pandora_server.conf*
 rm -Rf /etc/tentacle/tentacle_server.conf*
 rm -Rf /var/spool/pandora
 rm -Rf /etc/init.d/pandora_server /etc/init.d/tentacle_serverd 
-rm -Rf /usr/bin/pandora_exec /usr/bin/pandora_server /usr/bin/tentacle_server
+rm -Rf /usr/bin/pandora_exec /usr/bin/pandora_server /usr/bin/tentacle_server /usr/bin/pandorawmic
 rm -Rf /usr/bin/pandora_ha
 rm -Rf /etc/cron.hourly/pandora_db
 rm -Rf /etc/logrotate.d/pandora_server
@@ -211,6 +212,7 @@ rm -Rf /usr/share/man/man1/tentacle_server.1.gz
 /usr/bin/pandora_server
 /usr/bin/tentacle_server
 /usr/bin/pandora_ha
+/usr/bin/pandorawmic
 
 %defattr(755,pandora,root,755)
 /usr/lib/perl5/PandoraFMS/

pandora_server/pandora_server_installer

@@ -263,6 +263,7 @@ install () {
 				ln -s /usr/local/bin/pandora_exec $DESTDIR$PREFIX/bin
 				ln -s /usr/local/bin/tentacle_server $DESTDIR$PREFIX/bin
 				ln -s /usr/local/bin/tentacle_client $DESTDIR$PREFIX/bin
+				ln -s /usr/local/bin/pandorawmic $DESTDIR$PREFIX/bin
 			fi
 		fi
 	fi
@@ -534,6 +535,7 @@ uninstall () {
 	rm -f  $DESTDIR$PANDORA_SERVER 2> /dev/null 
 	rm -f  $DESTDIR$PREFIX/bin/pandora_server 2> /dev/null
 	rm -f  $DESTDIR$PREFIX/bin/pandora_exec 2> /dev/null
+	rm -f  $DESTDIR$PREFIX/bin/pandorawmic 2> /dev/null
 	# Do not remove tentacle files if agent is still installed...
 	[ -e $DESTDIR$PREFIX/bin/pandora_agent ] || rm -f  $DESTDIR$PREFIX/bin/tentacle_server 2> /dev/null
 	[ -e $DESTDIR$PREFIX/bin/pandora_agent ] || rm -f  $DESTDIR$PREFIX/bin/tentacle_client 2> /dev/null

pandora_server/pandora_server_upgrade

@@ -31,10 +31,9 @@ install () {
 	cp -R util /usr/share/pandora_server
 	
 	echo "Rebuilding links /usr/local/bin -> /usr/bin"
-	#rm /usr/local/bin/pandora_server 2> /dev/null
-	#rm /usr/local/bin/pandora_exec 2> /dev/null
 	ln -s /usr/local/bin/pandora_server /usr/bin/pandora_server 2> /dev/null
 	ln -s /usr/local/bin/pandora_exec /usr/bin/pandora_exec 2> /dev/null
+	ln -s /usr/local/bin/pandorawmic /usr/bin/pandorawmic 2> /dev/null
 
 	if [ -d /etc/logrotate.d ]; then
 		echo "Creating logrotate.d entry for Pandora FMS log management"