database: Remove read only concept (#6637)

2024-11-07 01:55:20 +00:00 · 2020-09-10 19:58:38 -04:00 · 2020-09-10 19:58:38 -04:00 · d7d6c56473
commit d7d6c56473
parent 51d3833508
5 changed files with 29 additions and 112 deletions
--- a/osquery/core/init.cpp
+++ b/osquery/core/init.cpp
@ -521,9 +521,6 @@ void Initializer::start() const {

  if (!isWatcher()) {
    setDatabaseAllowOpen();
-    // A daemon must always have R/W access to the database.
-    setDatabaseRequireWrite(isDaemon());
-
    auto status = initDatabasePlugin();
    if (!status.ok()) {
      auto retcode = (isWorker()) ? EXIT_CATASTROPHIC : EXIT_FAILURE;
--- a/osquery/database/database.cpp
+++ b/osquery/database/database.cpp
@ -55,7 +55,6 @@ const std::vector<std::string> kDomains = {
    kPersistentSettings, kQueries, kEvents, kLogs, kCarves};

 std::atomic<bool> kDBAllowOpen(false);
-std::atomic<bool> kDBRequireWrite(false);
 std::atomic<bool> kDBInitialized(false);
 std::atomic<bool> kDBChecking(false);

@ -89,9 +88,6 @@ bool DatabasePlugin::checkDB() {
  bool result = true;
  try {
    auto status = setUp();
-    if (requireWrite() && read_only_) {
-      result = false;
-    }
    tearDown();
    result = status.ok();
  } catch (const std::exception& e) {
@ -102,10 +98,6 @@ bool DatabasePlugin::checkDB() {
  return result;
 }

-bool DatabasePlugin::requireWrite() const {
-  return kDBRequireWrite;
-}
-
 bool DatabasePlugin::allowOpen() const {
  return kDBAllowOpen;
 }
@ -468,10 +460,6 @@ void dumpDatabase() {
  fflush(stdout);
 }

-void setDatabaseRequireWrite(bool require_write) {
-  kDBRequireWrite = require_write;
-}
-
 void setDatabaseAllowOpen(bool allow_open) {
  kDBAllowOpen = allow_open;
 }
@ -483,34 +471,18 @@ Status initDatabasePlugin() {

  // Initialize the database plugin using the flag.
  auto plugin = (FLAGS_disable_database) ? "ephemeral" : kInternalDatabase;
-  {
-    Status status;
-    for (size_t i = 0; i < kDatabaseMaxRetryCount; i++) {
-      status = RegistryFactory::get().setActive("database", plugin);
-      if (status.ok()) {
-        kDBInitialized = true;
-        return status;
-      }
-
-      if (FLAGS_disable_database) {
-        // Do not try multiple times to initialize the emphemeral plugin.
-        break;
-      }
-      sleepFor(kDatabaseRetryDelay);
+  Status status;
+  for (size_t i = 0; i < kDatabaseMaxRetryCount; i++) {
+    status = RegistryFactory::get().setActive("database", plugin);
+    if (status.ok()) {
+      break;
    }
-    LOG(WARNING) << "Failed to activate database plugin "
-                 << boost::io::quoted(plugin) << ": " << status.what();
-  }

-  // If the database did not setUp override the active plugin.
-  if (FLAGS_disable_database) {
-    return Status::failure("Could not activate any database plugin");
-  }
-
-  auto const status = RegistryFactory::get().setActive("database", "ephemeral");
-  if (!status.ok()) {
-    LOG(ERROR) << "Failed to activate database plugin \"ephemeral\": "
-               << status.what();
+    if (FLAGS_disable_database) {
+      // Do not try multiple times to initialize the emphemeral plugin.
+      break;
+    }
+    sleepFor(kDatabaseRetryDelay);
  }

  kDBInitialized = status.ok();
--- a/osquery/database/database.h
+++ b/osquery/database/database.h
@ -166,9 +166,6 @@ class DatabasePlugin : public Plugin {
  bool checkDB();

 protected:
-  /// Check if the database requires write.
-  bool requireWrite() const;
-
  /// Check if the database allows opening.
  bool allowOpen() const;

@ -176,9 +173,6 @@ class DatabasePlugin : public Plugin {
  bool checkingDB() const;

 protected:
-  /// The database was opened in a ReadOnly mode.
-  bool read_only_{false};
-
  /// Original requested path on disk.
  std::string path_;
 };
@ -251,9 +245,6 @@ void resetDatabase();
 /// Allow callers to scan each column family and print each value.
 void dumpDatabase();

-/// Require all database accesses to open a read and write handle.
-void setDatabaseRequireWrite(bool require_write = true);
-
 /**
 * @brief Allow database usage.
 *
--- a/plugins/database/rocksdb.cpp
+++ b/plugins/database/rocksdb.cpp
@ -148,21 +148,12 @@ Status RocksDBDatabasePlugin::setUp() {
  if (!s.ok() || db_ == nullptr) {
    LOG(INFO) << "Rocksdb open failed (" << s.code() << ":" << s.subcode()
              << ") " << s.ToString();
-    if (requireWrite()) {
-      // A failed open in R/W mode is a runtime error.
-      return Status(1, s.ToString());
-    }
-
-    if (!checkingDB()) {
-      LOG(INFO) << "Opening RocksDB failed: Continuing with read-only support";
-    }
-    // Also disable event publishers.
-    Flag::updateValue("disable_events", "true");
-    read_only_ = true;
+    // A failed open in R/W mode is a runtime error.
+    return Status(1, s.ToString());
  }

  // RocksDB may not create/append a directory with acceptable permissions.
-  if (!read_only_ && platformSetSafeDbPerms(path_) == false) {
+  if (platformSetSafeDbPerms(path_) == false) {
    return Status(1, "Cannot set permissions on RocksDB path: " + path_);
  }

@ -315,10 +306,6 @@ Status RocksDBDatabasePlugin::put(const std::string& domain,

 Status RocksDBDatabasePlugin::putBatch(const std::string& domain,
                                       const DatabaseStringValueList& data) {
-  if (read_only_) {
-    return Status::success();
-  }
-
  auto cfh = getHandleForColumnFamily(domain);
  if (cfh == nullptr) {
    return Status(1, "Could not get column family for " + domain);
@ -362,10 +349,6 @@ Status RocksDBDatabasePlugin::put(const std::string& domain,

 Status RocksDBDatabasePlugin::remove(const std::string& domain,
                                     const std::string& key) {
-  if (read_only_) {
-    return Status::success();
-  }
-
  auto cfh = getHandleForColumnFamily(domain);
  if (cfh == nullptr) {
    return Status(1, "Could not get column family for " + domain);
@ -384,10 +367,6 @@ Status RocksDBDatabasePlugin::remove(const std::string& domain,
 Status RocksDBDatabasePlugin::removeRange(const std::string& domain,
                                          const std::string& low,
                                          const std::string& high) {
-  if (read_only_) {
-    return Status::success();
-  }
-
  auto cfh = getHandleForColumnFamily(domain);
  if (cfh == nullptr) {
    return Status(1, "Could not get column family for " + domain);
--- a/plugins/database/sqlite.cpp
+++ b/plugins/database/sqlite.cpp
@ -59,39 +59,29 @@ Status SQLiteDatabasePlugin::setUp() {
      nullptr);

  if (result != SQLITE_OK || db_ == nullptr) {
-    if (requireWrite()) {
+    close();
+    // A failed open in R/W mode is a runtime error.
+    return Status(1, "Cannot open database: " + std::to_string(result));
+  }
+
+  for (const auto& domain : kDomains) {
+    std::string q = "create table if not exists " + domain +
+                    " (key TEXT PRIMARY KEY, value TEXT);";
+    result = sqlite3_exec(db_, q.c_str(), nullptr, nullptr, nullptr);
+    if (result != SQLITE_OK) {
      close();
-      // A failed open in R/W mode is a runtime error.
-      return Status(1, "Cannot open database: " + std::to_string(result));
+      return Status(1, "Cannot create domain: " + domain);
    }
-
-    if (!checkingDB()) {
-      VLOG(1) << "Opening database failed: Continuing with read-only support";
-    }
-
-    read_only_ = true;
  }

-  if (!read_only_) {
-    for (const auto& domain : kDomains) {
-      std::string q = "create table if not exists " + domain +
-                      " (key TEXT PRIMARY KEY, value TEXT);";
-      result = sqlite3_exec(db_, q.c_str(), nullptr, nullptr, nullptr);
-      if (result != SQLITE_OK) {
-        close();
-        return Status(1, "Cannot create domain: " + domain);
-      }
-    }
-
-    std::string settings;
-    for (const auto& setting : kDBSettings) {
-      settings += "PRAGMA " + setting.first + "=" + setting.second + "; ";
-    }
-    sqlite3_exec(db_, settings.c_str(), nullptr, nullptr, nullptr);
+  std::string settings;
+  for (const auto& setting : kDBSettings) {
+    settings += "PRAGMA " + setting.first + "=" + setting.second + "; ";
  }
+  sqlite3_exec(db_, settings.c_str(), nullptr, nullptr, nullptr);

  // RocksDB may not create/append a directory with acceptable permissions.
-  if (!read_only_ && platformSetSafeDbPerms(path_) == false) {
+  if (platformSetSafeDbPerms(path_) == false) {
    close();
    return Status(1, "Cannot set permissions on database path: " + path_);
  }
@ -186,10 +176,6 @@ Status SQLiteDatabasePlugin::put(const std::string& domain,

 Status SQLiteDatabasePlugin::putBatch(const std::string& domain,
                                      const DatabaseStringValueList& data) {
-  if (read_only_) {
-    return Status::success();
-  }
-
  // Prepare the query, adding placeholders for all the rows we have in `data`
  std::stringstream buffer;
  buffer << "insert or replace into " + domain + " values ";
@ -240,10 +226,6 @@ Status SQLiteDatabasePlugin::putBatch(const std::string& domain,

 Status SQLiteDatabasePlugin::remove(const std::string& domain,
                                    const std::string& key) {
-  if (read_only_) {
-    return Status::success();
-  }
-
  sqlite3_stmt* stmt = nullptr;
  std::string q = "delete from " + domain + " where key IN (?1);";
  sqlite3_prepare_v2(db_, q.c_str(), -1, &stmt, nullptr);
@ -264,10 +246,6 @@ Status SQLiteDatabasePlugin::remove(const std::string& domain,
 Status SQLiteDatabasePlugin::removeRange(const std::string& domain,
                                         const std::string& low,
                                         const std::string& high) {
-  if (read_only_) {
-    return Status::success();
-  }
-
  sqlite3_stmt* stmt = nullptr;
  std::string q = "delete from " + domain + " where key >= ?1 and key <= ?2;";
  sqlite3_prepare_v2(db_, q.c_str(), -1, &stmt, nullptr);