2014-12-18 18:50:47 +00:00
|
|
|
/*
|
2016-02-11 19:48:58 +00:00
|
|
|
* Copyright (c) 2014-present, Facebook, Inc.
|
2014-12-18 18:50:47 +00:00
|
|
|
* All rights reserved.
|
|
|
|
|
*
|
|
|
|
|
* This source code is licensed under the BSD-style license found in the
|
2015-05-12 06:31:13 +00:00
|
|
|
* LICENSE file in the root directory of this source tree. An additional grant
|
2014-12-18 18:50:47 +00:00
|
|
|
* of patent rights can be found in the PATENTS file in the same directory.
|
|
|
|
|
*
|
|
|
|
|
*/
|
2014-10-09 19:50:34 +00:00
|
|
|
|
2014-11-26 00:28:10 +00:00
|
|
|
#include <pwd.h>
|
2014-10-09 19:50:34 +00:00
|
|
|
|
2016-08-29 13:55:22 +00:00
|
|
|
#include <mutex>
|
|
|
|
|
|
2014-12-03 23:14:02 +00:00
|
|
|
#include <osquery/core.h>
|
|
|
|
|
#include <osquery/tables.h>
|
2014-10-10 01:08:18 +00:00
|
|
|
|
2015-11-01 09:12:48 +00:00
|
|
|
#include "osquery/core/conversions.h"
|
|
|
|
|
|
2014-10-09 19:50:34 +00:00
|
|
|
namespace osquery {
|
|
|
|
|
namespace tables {
|
|
|
|
|
|
2014-10-10 22:09:14 +00:00
|
|
|
std::mutex pwdEnumerationMutex;
|
|
|
|
|
|
2015-11-01 09:12:48 +00:00
|
|
|
void genUser(const struct passwd* pwd, QueryData& results) {
|
|
|
|
|
Row r;
|
|
|
|
|
r["uid"] = BIGINT(pwd->pw_uid);
|
|
|
|
|
r["gid"] = BIGINT(pwd->pw_gid);
|
|
|
|
|
r["uid_signed"] = BIGINT((int32_t)pwd->pw_uid);
|
|
|
|
|
r["gid_signed"] = BIGINT((int32_t)pwd->pw_gid);
|
2016-08-29 13:55:22 +00:00
|
|
|
|
|
|
|
|
if (pwd->pw_name != nullptr) {
|
|
|
|
|
r["username"] = TEXT(pwd->pw_name);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (pwd->pw_gecos != nullptr) {
|
|
|
|
|
r["description"] = TEXT(pwd->pw_gecos);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (pwd->pw_dir != nullptr) {
|
|
|
|
|
r["directory"] = TEXT(pwd->pw_dir);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (pwd->pw_shell != nullptr) {
|
|
|
|
|
r["shell"] = TEXT(pwd->pw_shell);
|
|
|
|
|
}
|
2015-11-01 09:12:48 +00:00
|
|
|
results.push_back(r);
|
|
|
|
|
}
|
|
|
|
|
|
2014-11-26 00:28:10 +00:00
|
|
|
QueryData genUsers(QueryContext& context) {
|
2014-10-09 19:50:34 +00:00
|
|
|
QueryData results;
|
2014-10-10 01:55:25 +00:00
|
|
|
|
2016-08-29 13:55:22 +00:00
|
|
|
struct passwd* pwd = nullptr;
|
2015-11-01 09:12:48 +00:00
|
|
|
if (context.constraints["uid"].exists(EQUALS)) {
|
2016-08-29 13:55:22 +00:00
|
|
|
auto uids = context.constraints["uid"].getAll(EQUALS);
|
2015-11-01 09:12:48 +00:00
|
|
|
for (const auto& uid : uids) {
|
|
|
|
|
long auid{0};
|
2016-08-29 13:55:22 +00:00
|
|
|
if (safeStrtol(uid, 10, auid)) {
|
|
|
|
|
WriteLock lock(pwdEnumerationMutex);
|
|
|
|
|
pwd = getpwuid(auid);
|
|
|
|
|
if (pwd != nullptr) {
|
|
|
|
|
genUser(pwd, results);
|
|
|
|
|
}
|
2015-11-01 09:12:48 +00:00
|
|
|
}
|
|
|
|
|
}
|
2016-10-14 22:25:54 +00:00
|
|
|
} else if (context.constraints["username"].exists(EQUALS)) {
|
|
|
|
|
auto usernames = context.constraints["username"].getAll(EQUALS);
|
|
|
|
|
for (const auto& username : usernames) {
|
|
|
|
|
WriteLock lock(pwdEnumerationMutex);
|
|
|
|
|
pwd = getpwnam(username.c_str());
|
|
|
|
|
if (pwd != nullptr) {
|
|
|
|
|
genUser(pwd, results);
|
|
|
|
|
}
|
|
|
|
|
}
|
2015-11-01 09:12:48 +00:00
|
|
|
} else {
|
2016-08-29 13:55:22 +00:00
|
|
|
WriteLock lock(pwdEnumerationMutex);
|
|
|
|
|
pwd = getpwent();
|
|
|
|
|
while (pwd != nullptr) {
|
2015-11-01 09:12:48 +00:00
|
|
|
genUser(pwd, results);
|
2016-08-29 13:55:22 +00:00
|
|
|
pwd = getpwent();
|
2015-11-01 09:12:48 +00:00
|
|
|
}
|
|
|
|
|
endpwent();
|
2014-10-09 19:50:34 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return results;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
