2014-12-18 18:50:47 +00:00
|
|
|
/*
|
|
|
|
|
* Copyright (c) 2014, Facebook, Inc.
|
|
|
|
|
* All rights reserved.
|
|
|
|
|
*
|
|
|
|
|
* This source code is licensed under the BSD-style license found in the
|
|
|
|
|
* LICENSE file in the root directory of this source tree. An additional grant
|
|
|
|
|
* of patent rights can be found in the PATENTS file in the same directory.
|
|
|
|
|
*
|
|
|
|
|
*/
|
2014-11-23 04:49:37 +00:00
|
|
|
|
|
|
|
|
#include <mutex>
|
|
|
|
|
|
2014-12-03 23:14:02 +00:00
|
|
|
#include <osquery/core.h>
|
|
|
|
|
#include <osquery/tables.h>
|
2014-11-23 04:49:37 +00:00
|
|
|
|
|
|
|
|
#include <utmpx.h>
|
|
|
|
|
|
|
|
|
|
namespace osquery {
|
|
|
|
|
namespace tables {
|
|
|
|
|
|
|
|
|
|
std::mutex utmpxEnumerationMutex;
|
|
|
|
|
|
2014-11-30 06:40:11 +00:00
|
|
|
QueryData genLoggedInUsers(QueryContext& context) {
|
2014-11-23 04:49:37 +00:00
|
|
|
std::lock_guard<std::mutex> lock(utmpxEnumerationMutex);
|
|
|
|
|
QueryData results;
|
|
|
|
|
struct utmpx *entry = nullptr;
|
|
|
|
|
|
|
|
|
|
while ((entry = getutxent()) != NULL) {
|
|
|
|
|
if (entry->ut_pid == 1) {
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
Row r;
|
|
|
|
|
r["user"] = TEXT(entry->ut_user);
|
|
|
|
|
r["tty"] = TEXT(entry->ut_line);
|
|
|
|
|
r["host"] = TEXT(entry->ut_host);
|
|
|
|
|
r["time"] = INTEGER(entry->ut_tv.tv_sec);
|
|
|
|
|
r["pid"] = INTEGER(entry->ut_pid);
|
|
|
|
|
results.push_back(r);
|
|
|
|
|
}
|
|
|
|
|
endutxent();
|
|
|
|
|
|
|
|
|
|
return results;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
