diff --git a/osquery/core/init.cpp b/osquery/core/init.cpp index 4759c606..de8243c2 100644 --- a/osquery/core/init.cpp +++ b/osquery/core/init.cpp @@ -521,9 +521,6 @@ void Initializer::start() const { if (!isWatcher()) { setDatabaseAllowOpen(); - // A daemon must always have R/W access to the database. - setDatabaseRequireWrite(isDaemon()); - auto status = initDatabasePlugin(); if (!status.ok()) { auto retcode = (isWorker()) ? EXIT_CATASTROPHIC : EXIT_FAILURE; diff --git a/osquery/database/database.cpp b/osquery/database/database.cpp index a6b1c5ef..0e4b26af 100644 --- a/osquery/database/database.cpp +++ b/osquery/database/database.cpp @@ -55,7 +55,6 @@ const std::vector kDomains = { kPersistentSettings, kQueries, kEvents, kLogs, kCarves}; std::atomic kDBAllowOpen(false); -std::atomic kDBRequireWrite(false); std::atomic kDBInitialized(false); std::atomic kDBChecking(false); @@ -89,9 +88,6 @@ bool DatabasePlugin::checkDB() { bool result = true; try { auto status = setUp(); - if (requireWrite() && read_only_) { - result = false; - } tearDown(); result = status.ok(); } catch (const std::exception& e) { @@ -102,10 +98,6 @@ bool DatabasePlugin::checkDB() { return result; } -bool DatabasePlugin::requireWrite() const { - return kDBRequireWrite; -} - bool DatabasePlugin::allowOpen() const { return kDBAllowOpen; } @@ -468,10 +460,6 @@ void dumpDatabase() { fflush(stdout); } -void setDatabaseRequireWrite(bool require_write) { - kDBRequireWrite = require_write; -} - void setDatabaseAllowOpen(bool allow_open) { kDBAllowOpen = allow_open; } @@ -483,34 +471,18 @@ Status initDatabasePlugin() { // Initialize the database plugin using the flag. auto plugin = (FLAGS_disable_database) ? "ephemeral" : kInternalDatabase; - { - Status status; - for (size_t i = 0; i < kDatabaseMaxRetryCount; i++) { - status = RegistryFactory::get().setActive("database", plugin); - if (status.ok()) { - kDBInitialized = true; - return status; - } - - if (FLAGS_disable_database) { - // Do not try multiple times to initialize the emphemeral plugin. - break; - } - sleepFor(kDatabaseRetryDelay); + Status status; + for (size_t i = 0; i < kDatabaseMaxRetryCount; i++) { + status = RegistryFactory::get().setActive("database", plugin); + if (status.ok()) { + break; } - LOG(WARNING) << "Failed to activate database plugin " - << boost::io::quoted(plugin) << ": " << status.what(); - } - // If the database did not setUp override the active plugin. - if (FLAGS_disable_database) { - return Status::failure("Could not activate any database plugin"); - } - - auto const status = RegistryFactory::get().setActive("database", "ephemeral"); - if (!status.ok()) { - LOG(ERROR) << "Failed to activate database plugin \"ephemeral\": " - << status.what(); + if (FLAGS_disable_database) { + // Do not try multiple times to initialize the emphemeral plugin. + break; + } + sleepFor(kDatabaseRetryDelay); } kDBInitialized = status.ok(); diff --git a/osquery/database/database.h b/osquery/database/database.h index 2773d9ca..c48ca7c2 100644 --- a/osquery/database/database.h +++ b/osquery/database/database.h @@ -166,9 +166,6 @@ class DatabasePlugin : public Plugin { bool checkDB(); protected: - /// Check if the database requires write. - bool requireWrite() const; - /// Check if the database allows opening. bool allowOpen() const; @@ -176,9 +173,6 @@ class DatabasePlugin : public Plugin { bool checkingDB() const; protected: - /// The database was opened in a ReadOnly mode. - bool read_only_{false}; - /// Original requested path on disk. std::string path_; }; @@ -251,9 +245,6 @@ void resetDatabase(); /// Allow callers to scan each column family and print each value. void dumpDatabase(); -/// Require all database accesses to open a read and write handle. -void setDatabaseRequireWrite(bool require_write = true); - /** * @brief Allow database usage. * diff --git a/plugins/database/rocksdb.cpp b/plugins/database/rocksdb.cpp index f8b21ce4..bcf54fce 100644 --- a/plugins/database/rocksdb.cpp +++ b/plugins/database/rocksdb.cpp @@ -148,21 +148,12 @@ Status RocksDBDatabasePlugin::setUp() { if (!s.ok() || db_ == nullptr) { LOG(INFO) << "Rocksdb open failed (" << s.code() << ":" << s.subcode() << ") " << s.ToString(); - if (requireWrite()) { - // A failed open in R/W mode is a runtime error. - return Status(1, s.ToString()); - } - - if (!checkingDB()) { - LOG(INFO) << "Opening RocksDB failed: Continuing with read-only support"; - } - // Also disable event publishers. - Flag::updateValue("disable_events", "true"); - read_only_ = true; + // A failed open in R/W mode is a runtime error. + return Status(1, s.ToString()); } // RocksDB may not create/append a directory with acceptable permissions. - if (!read_only_ && platformSetSafeDbPerms(path_) == false) { + if (platformSetSafeDbPerms(path_) == false) { return Status(1, "Cannot set permissions on RocksDB path: " + path_); } @@ -315,10 +306,6 @@ Status RocksDBDatabasePlugin::put(const std::string& domain, Status RocksDBDatabasePlugin::putBatch(const std::string& domain, const DatabaseStringValueList& data) { - if (read_only_) { - return Status::success(); - } - auto cfh = getHandleForColumnFamily(domain); if (cfh == nullptr) { return Status(1, "Could not get column family for " + domain); @@ -362,10 +349,6 @@ Status RocksDBDatabasePlugin::put(const std::string& domain, Status RocksDBDatabasePlugin::remove(const std::string& domain, const std::string& key) { - if (read_only_) { - return Status::success(); - } - auto cfh = getHandleForColumnFamily(domain); if (cfh == nullptr) { return Status(1, "Could not get column family for " + domain); @@ -384,10 +367,6 @@ Status RocksDBDatabasePlugin::remove(const std::string& domain, Status RocksDBDatabasePlugin::removeRange(const std::string& domain, const std::string& low, const std::string& high) { - if (read_only_) { - return Status::success(); - } - auto cfh = getHandleForColumnFamily(domain); if (cfh == nullptr) { return Status(1, "Could not get column family for " + domain); diff --git a/plugins/database/sqlite.cpp b/plugins/database/sqlite.cpp index 53ae29e8..403c1000 100644 --- a/plugins/database/sqlite.cpp +++ b/plugins/database/sqlite.cpp @@ -59,39 +59,29 @@ Status SQLiteDatabasePlugin::setUp() { nullptr); if (result != SQLITE_OK || db_ == nullptr) { - if (requireWrite()) { + close(); + // A failed open in R/W mode is a runtime error. + return Status(1, "Cannot open database: " + std::to_string(result)); + } + + for (const auto& domain : kDomains) { + std::string q = "create table if not exists " + domain + + " (key TEXT PRIMARY KEY, value TEXT);"; + result = sqlite3_exec(db_, q.c_str(), nullptr, nullptr, nullptr); + if (result != SQLITE_OK) { close(); - // A failed open in R/W mode is a runtime error. - return Status(1, "Cannot open database: " + std::to_string(result)); + return Status(1, "Cannot create domain: " + domain); } - - if (!checkingDB()) { - VLOG(1) << "Opening database failed: Continuing with read-only support"; - } - - read_only_ = true; } - if (!read_only_) { - for (const auto& domain : kDomains) { - std::string q = "create table if not exists " + domain + - " (key TEXT PRIMARY KEY, value TEXT);"; - result = sqlite3_exec(db_, q.c_str(), nullptr, nullptr, nullptr); - if (result != SQLITE_OK) { - close(); - return Status(1, "Cannot create domain: " + domain); - } - } - - std::string settings; - for (const auto& setting : kDBSettings) { - settings += "PRAGMA " + setting.first + "=" + setting.second + "; "; - } - sqlite3_exec(db_, settings.c_str(), nullptr, nullptr, nullptr); + std::string settings; + for (const auto& setting : kDBSettings) { + settings += "PRAGMA " + setting.first + "=" + setting.second + "; "; } + sqlite3_exec(db_, settings.c_str(), nullptr, nullptr, nullptr); // RocksDB may not create/append a directory with acceptable permissions. - if (!read_only_ && platformSetSafeDbPerms(path_) == false) { + if (platformSetSafeDbPerms(path_) == false) { close(); return Status(1, "Cannot set permissions on database path: " + path_); } @@ -186,10 +176,6 @@ Status SQLiteDatabasePlugin::put(const std::string& domain, Status SQLiteDatabasePlugin::putBatch(const std::string& domain, const DatabaseStringValueList& data) { - if (read_only_) { - return Status::success(); - } - // Prepare the query, adding placeholders for all the rows we have in `data` std::stringstream buffer; buffer << "insert or replace into " + domain + " values "; @@ -240,10 +226,6 @@ Status SQLiteDatabasePlugin::putBatch(const std::string& domain, Status SQLiteDatabasePlugin::remove(const std::string& domain, const std::string& key) { - if (read_only_) { - return Status::success(); - } - sqlite3_stmt* stmt = nullptr; std::string q = "delete from " + domain + " where key IN (?1);"; sqlite3_prepare_v2(db_, q.c_str(), -1, &stmt, nullptr); @@ -264,10 +246,6 @@ Status SQLiteDatabasePlugin::remove(const std::string& domain, Status SQLiteDatabasePlugin::removeRange(const std::string& domain, const std::string& low, const std::string& high) { - if (read_only_) { - return Status::success(); - } - sqlite3_stmt* stmt = nullptr; std::string q = "delete from " + domain + " where key >= ?1 and key <= ?2;"; sqlite3_prepare_v2(db_, q.c_str(), -1, &stmt, nullptr);