osquery-1/include/osquery/posix/system.h

/**
 *  Copyright (c) 2014-present, Facebook, Inc.
 *  All rights reserved.
 *
 *  This source code is licensed under both the Apache 2.0 license (found in the
 *  LICENSE file in the root directory of this source tree) and the GPLv2 (found
 *  in the COPYING file in the root directory of this source tree).
 *  You may select, at your option, one of the above-listed licenses.
 */

#pragma once

#include <ctime>
#include <memory>
#include <string>

#include <boost/filesystem/path.hpp>

#include <osquery/core.h>

namespace osquery {

/// The osquery platform agnostic process identifier type.
using PlatformPidType = pid_t;

class DropPrivileges;
using DropPrivilegesRef = std::shared_ptr<DropPrivileges>;

class DropPrivileges : private boost::noncopyable {
 public:
  /// Make call sites use 'dropTo' booleans to improve the UI.
  static DropPrivilegesRef get();

  /**
   * @brief Attempt to drop privileges to that of the parent of a given path.
   *
   * This will return false if privileges could not be dropped or there was
   * an previous, and still active, request for dropped privileges.
   *
   * @return success if privileges were dropped, otherwise false.
   */
  bool dropToParent(const boost::filesystem::path& path);

  /// See DropPrivileges::dropToParent but explicitiy set the UID and GID.
  bool dropTo(const std::string& uid, const std::string& gid);

  /// See DropPrivileges::dropToParent but explicitly set the UID and GID.
  bool dropTo(uid_t uid, gid_t gid);

  /// See DropPrivileges::dropToParent but for a user's UID and GID.
  bool dropTo(const std::string& user);

  /// Check if effective privileges do not match real.
  bool dropped() {
    return (getuid() != geteuid() || getgid() != getegid());
  }

  /**
   * @brief The privilege/permissions dropper deconstructor will restore
   * effective permissions.
   *
   * There should only be a single drop of privilege/permission active.
   */
  virtual ~DropPrivileges();

 private:
  DropPrivileges() = default;

  /// Restore groups if dropping consecutively.
  void restoreGroups();

 private:
  /// Boolean to track if this instance needs to restore privileges.
  bool dropped_{false};

  /// The user this instance dropped privileges to.
  uid_t to_user_{0};

  /// The group this instance dropped privileges to.
  gid_t to_group_{0};

  /**
   * @brief If dropping explicitly to a user and group also drop groups.
   *
   * Original process groups before explicitly dropping privileges.
   * On restore, if there are any groups in this list, they will be added
   * to the processes group list.
   */
  gid_t* original_groups_{nullptr};

  /// The size of the original groups to backup when restoring privileges.
  size_t group_size_{0};

 private:
  FRIEND_TEST(PermissionsTests, test_explicit_drop);
  FRIEND_TEST(PermissionsTests, test_path_drop);
  FRIEND_TEST(PermissionsTests, test_nobody_drop);
};
} // namespace osquery
license: Change license to Apache 2.0 and GPLv2 (#4007) 2017-12-19 00:04:06 +00:00			`/**`
Combine osqueryi and osqueryd into single binary (#2742) 2017-08-27 18:09:25 +00:00			`* Copyright (c) 2014-present, Facebook, Inc.`
			`* All rights reserved.`
			`*`
license: Change license to Apache 2.0 and GPLv2 (#4007) 2017-12-19 00:04:06 +00:00			`* This source code is licensed under both the Apache 2.0 license (found in the`
			`* LICENSE file in the root directory of this source tree) and the GPLv2 (found`
			`* in the COPYING file in the root directory of this source tree).`
			`* You may select, at your option, one of the above-listed licenses.`
Combine osqueryi and osqueryd into single binary (#2742) 2017-08-27 18:09:25 +00:00			`*/`

			`#pragma once`

			`#include <ctime>`
			`#include <memory>`
			`#include <string>`

			`#include <boost/filesystem/path.hpp>`

process: Aesthetic changes to process and process_ops (#3678) 2017-09-10 17:58:38 +00:00			`#include <osquery/core.h>`

Combine osqueryi and osqueryd into single binary (#2742) 2017-08-27 18:09:25 +00:00			`namespace osquery {`

			`/// The osquery platform agnostic process identifier type.`
			`using PlatformPidType = pid_t;`

			`class DropPrivileges;`
			`using DropPrivilegesRef = std::shared_ptr<DropPrivileges>;`

			`class DropPrivileges : private boost::noncopyable {`
			`public:`
			`/// Make call sites use 'dropTo' booleans to improve the UI.`
Move singleton accessors into implementations (#4347) 2018-05-01 18:56:51 +00:00			`static DropPrivilegesRef get();`
Combine osqueryi and osqueryd into single binary (#2742) 2017-08-27 18:09:25 +00:00
			`/**`
			`* @brief Attempt to drop privileges to that of the parent of a given path.`
			`*`
			`* This will return false if privileges could not be dropped or there was`
			`* an previous, and still active, request for dropped privileges.`
			`*`
			`* @return success if privileges were dropped, otherwise false.`
			`*/`
			`bool dropToParent(const boost::filesystem::path& path);`

tables: Add dropTo with string UID and GID params (#3832) 2017-10-15 18:40:14 +00:00			`/// See DropPrivileges::dropToParent but explicitiy set the UID and GID.`
			`bool dropTo(const std::string& uid, const std::string& gid);`

Combine osqueryi and osqueryd into single binary (#2742) 2017-08-27 18:09:25 +00:00			`/// See DropPrivileges::dropToParent but explicitly set the UID and GID.`
			`bool dropTo(uid_t uid, gid_t gid);`

			`/// See DropPrivileges::dropToParent but for a user's UID and GID.`
			`bool dropTo(const std::string& user);`

			`/// Check if effective privileges do not match real.`
			`bool dropped() {`
			`return (getuid() != geteuid() \|\| getgid() != getegid());`
			`}`

			`/**`
			`* @brief The privilege/permissions dropper deconstructor will restore`
			`* effective permissions.`
			`*`
			`* There should only be a single drop of privilege/permission active.`
			`*/`
			`virtual ~DropPrivileges();`

			`private:`
tidy: Improve clang-tidy (modernize) list of checks and run across codebase (#3870) 2017-10-30 05:25:49 +00:00			`DropPrivileges() = default;`
Combine osqueryi and osqueryd into single binary (#2742) 2017-08-27 18:09:25 +00:00
			`/// Restore groups if dropping consecutively.`
			`void restoreGroups();`

			`private:`
			`/// Boolean to track if this instance needs to restore privileges.`
tidy: Improve clang-tidy (modernize) list of checks and run across codebase (#3870) 2017-10-30 05:25:49 +00:00			`bool dropped_{false};`
Combine osqueryi and osqueryd into single binary (#2742) 2017-08-27 18:09:25 +00:00
			`/// The user this instance dropped privileges to.`
tidy: Improve clang-tidy (modernize) list of checks and run across codebase (#3870) 2017-10-30 05:25:49 +00:00			`uid_t to_user_{0};`
Combine osqueryi and osqueryd into single binary (#2742) 2017-08-27 18:09:25 +00:00
			`/// The group this instance dropped privileges to.`
tidy: Improve clang-tidy (modernize) list of checks and run across codebase (#3870) 2017-10-30 05:25:49 +00:00			`gid_t to_group_{0};`
Combine osqueryi and osqueryd into single binary (#2742) 2017-08-27 18:09:25 +00:00
			`/**`
			`* @brief If dropping explicitly to a user and group also drop groups.`
			`*`
			`* Original process groups before explicitly dropping privileges.`
			`* On restore, if there are any groups in this list, they will be added`
			`* to the processes group list.`
			`*/`
			`gid_t* original_groups_{nullptr};`

			`/// The size of the original groups to backup when restoring privileges.`
			`size_t group_size_{0};`

			`private:`
			`FRIEND_TEST(PermissionsTests, test_explicit_drop);`
			`FRIEND_TEST(PermissionsTests, test_path_drop);`
			`FRIEND_TEST(PermissionsTests, test_nobody_drop);`
			`};`
			`} // namespace osquery`