osquery-1/osquery/tables/system/linux/users.cpp

89 lines
2.0 KiB
C++
Raw Normal View History

/*
* Copyright (c) 2014-present, Facebook, Inc.
* All rights reserved.
*
* This source code is licensed under the BSD-style license found in the
2015-05-12 06:31:13 +00:00
* LICENSE file in the root directory of this source tree. An additional grant
* of patent rights can be found in the PATENTS file in the same directory.
*
*/
2014-10-09 19:50:34 +00:00
#include <pwd.h>
2014-10-09 19:50:34 +00:00
2016-08-29 13:55:22 +00:00
#include <mutex>
#include <osquery/core.h>
#include <osquery/tables.h>
2014-10-10 01:08:18 +00:00
2015-11-01 09:12:48 +00:00
#include "osquery/core/conversions.h"
2014-10-09 19:50:34 +00:00
namespace osquery {
namespace tables {
Mutex pwdEnumerationMutex;
2015-11-01 09:12:48 +00:00
void genUser(const struct passwd* pwd, QueryData& results) {
Row r;
r["uid"] = BIGINT(pwd->pw_uid);
r["gid"] = BIGINT(pwd->pw_gid);
r["uid_signed"] = BIGINT((int32_t)pwd->pw_uid);
r["gid_signed"] = BIGINT((int32_t)pwd->pw_gid);
2016-08-29 13:55:22 +00:00
if (pwd->pw_name != nullptr) {
r["username"] = TEXT(pwd->pw_name);
}
if (pwd->pw_gecos != nullptr) {
r["description"] = TEXT(pwd->pw_gecos);
}
if (pwd->pw_dir != nullptr) {
r["directory"] = TEXT(pwd->pw_dir);
}
if (pwd->pw_shell != nullptr) {
r["shell"] = TEXT(pwd->pw_shell);
}
2015-11-01 09:12:48 +00:00
results.push_back(r);
}
QueryData genUsers(QueryContext& context) {
2014-10-09 19:50:34 +00:00
QueryData results;
2016-08-29 13:55:22 +00:00
struct passwd* pwd = nullptr;
2015-11-01 09:12:48 +00:00
if (context.constraints["uid"].exists(EQUALS)) {
2016-08-29 13:55:22 +00:00
auto uids = context.constraints["uid"].getAll(EQUALS);
2015-11-01 09:12:48 +00:00
for (const auto& uid : uids) {
long auid{0};
2016-08-29 13:55:22 +00:00
if (safeStrtol(uid, 10, auid)) {
WriteLock lock(pwdEnumerationMutex);
pwd = getpwuid(auid);
if (pwd != nullptr) {
genUser(pwd, results);
}
2015-11-01 09:12:48 +00:00
}
}
} else if (context.constraints["username"].exists(EQUALS)) {
auto usernames = context.constraints["username"].getAll(EQUALS);
for (const auto& username : usernames) {
WriteLock lock(pwdEnumerationMutex);
pwd = getpwnam(username.c_str());
if (pwd != nullptr) {
genUser(pwd, results);
}
}
2015-11-01 09:12:48 +00:00
} else {
2016-08-29 13:55:22 +00:00
WriteLock lock(pwdEnumerationMutex);
pwd = getpwent();
while (pwd != nullptr) {
2015-11-01 09:12:48 +00:00
genUser(pwd, results);
2016-08-29 13:55:22 +00:00
pwd = getpwent();
2015-11-01 09:12:48 +00:00
}
endpwent();
2014-10-09 19:50:34 +00:00
}
return results;
}
}
}