osquery-1

mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 10:23:54 +00:00

History

Mark Mossberg a60b940290 windows/certificates: Fix enumeration bugs, add columns (#5631 ) * Initial implementation * Use case insensitive comparisons for all service names Fixes a bug where certificates for services that correspond to Local Service or Network Service may not have their sids appear correctly. This is because the services table is inconsistent with its user_account column. * Make service name cache query-local Previously, the service name cache existed for the lifetime of the osquery process, which made it susceptible to stale reads if a service restarted under a different user during osquery's lifetime. Now the cache is created for each query. Also refactor it to directly map to the sid, rather than the account name, which removes the need to translate from account name to sid every row. * Fix reference to destroyed object Previously, getCurrentUserInfo took a reference to data from a local vector, whose data is free'd after the function. This refactors the code to use a unique_ptr (similar to how getSidFromUsername) does it.	2019-07-16 17:34:39 +02:00
..
fileops.cpp	windows/certificates: Fix enumeration bugs, add columns (#5631 )	2019-07-16 17:34:39 +02:00

Mark Mossberg a60b940290 windows/certificates: Fix enumeration bugs, add columns (#5631 )

* Initial implementation

* Use case insensitive comparisons for all service names

Fixes a bug where certificates for services that correspond to Local Service or
Network Service may not have their sids appear correctly. This is because the
services table is inconsistent with its user_account column.

* Make service name cache query-local

Previously, the service name cache existed for the lifetime of the
osquery process, which made it susceptible to stale reads if a service
restarted under a different user during osquery's lifetime. Now the
cache is created for each query. Also refactor it to directly map to the
sid, rather than the account name, which removes the need to translate
from account name to sid every row.

* Fix reference to destroyed object

Previously, getCurrentUserInfo took a reference to data from a local
vector, whose data is free'd after the function. This refactors the code
to use a unique_ptr (similar to how getSidFromUsername) does it.

2019-07-16 17:34:39 +02:00

fileops.cpp

windows/certificates: Fix enumeration bugs, add columns (#5631 )

2019-07-16 17:34:39 +02:00