mirror of
https://github.com/valitydev/osquery-1.git
synced 2024-11-08 18:33:54 +00:00
a649bf6733
Fixed mislabled variable from line parsing Update authorized_keys.cpp Update authorized_keys.cpp Check if line is empty
80 lines
2.3 KiB
C++
80 lines
2.3 KiB
C++
/*
|
|
* Copyright (c) 2014, Facebook, Inc.
|
|
* All rights reserved.
|
|
*
|
|
* This source code is licensed under the BSD-style license found in the
|
|
* LICENSE file in the root directory of this source tree. An additional grant
|
|
* of patent rights can be found in the PATENTS file in the same directory.
|
|
*
|
|
*/
|
|
|
|
#include <string>
|
|
#include <vector>
|
|
|
|
#include <osquery/core.h>
|
|
#include <osquery/tables.h>
|
|
#include <osquery/filesystem.h>
|
|
#include <osquery/sql.h>
|
|
|
|
namespace osquery {
|
|
namespace tables {
|
|
|
|
const std::vector<std::string> kSSHAuthorizedkeys = {
|
|
".ssh/authorized_keys",".ssh/authorized_keys2"
|
|
};
|
|
|
|
void genSSHkeysForUser(const std::string& username,
|
|
const std::string& directory,
|
|
QueryData& results) {
|
|
for (const auto& kfile : kSSHAuthorizedkeys) {
|
|
boost::filesystem::path keys_file = directory;
|
|
keys_file /= kfile;
|
|
|
|
std::string keys_content;
|
|
if (!readFile(keys_file, keys_content).ok()) {
|
|
// Cannot read a specific keys file.
|
|
continue;
|
|
}
|
|
//Protocol 1 public key consist of: options, bits, exponent, modulus, comment
|
|
//Protocol 2 public key consist of: options, keytype, base64-encoded key, comment.
|
|
for (const auto& line : split(keys_content, "\n")) {
|
|
if (!line.empty() && line[0] != '#') {
|
|
Row r;
|
|
r["username"] = username;
|
|
r["key"] = line;
|
|
r["key_file"] = keys_file.string();
|
|
results.push_back(r);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
QueryData getAuthorizedKeys(QueryContext& context) {
|
|
QueryData results;
|
|
|
|
// Select only the home directory for this user.
|
|
QueryData users;
|
|
if (!context.constraints["username"].exists(EQUALS)) {
|
|
users =
|
|
SQL::selectAllFrom("users", "uid", EQUALS, std::to_string(getuid()));
|
|
} else {
|
|
auto usernames = context.constraints["username"].getAll(EQUALS);
|
|
for (const auto& username : usernames) {
|
|
// Use a predicated select all for each user.
|
|
auto user = SQL::selectAllFrom("users", "username", EQUALS, username);
|
|
users.insert(users.end(), user.begin(), user.end());
|
|
}
|
|
}
|
|
|
|
// Iterate over each user
|
|
for (const auto& row : users) {
|
|
if (row.count("username") > 0 && row.count("directory") > 0) {
|
|
genSSHkeysForUser(row.at("username"), row.at("directory"), results);
|
|
}
|
|
}
|
|
|
|
return results;
|
|
}
|
|
}
|
|
}
|