mirror of
https://github.com/valitydev/osquery-1.git
synced 2024-11-08 18:33:54 +00:00
260df0d6d0
See Github issue #1301. FreeBSD (which also uses this table) by default has two
users which are UID 0 -- both `toor` and `root`. 19a2d64959 made it so that we
would only get the first one from `getpwent`, but this feature is undesirable
in cases where two different users share the same UID.
49 lines
1.1 KiB
C++
49 lines
1.1 KiB
C++
/*
|
|
* Copyright (c) 2014, Facebook, Inc.
|
|
* All rights reserved.
|
|
*
|
|
* This source code is licensed under the BSD-style license found in the
|
|
* LICENSE file in the root directory of this source tree. An additional grant
|
|
* of patent rights can be found in the PATENTS file in the same directory.
|
|
*
|
|
*/
|
|
|
|
#include <set>
|
|
#include <mutex>
|
|
#include <vector>
|
|
#include <string>
|
|
|
|
#include <pwd.h>
|
|
|
|
#include <osquery/core.h>
|
|
#include <osquery/tables.h>
|
|
|
|
namespace osquery {
|
|
namespace tables {
|
|
|
|
std::mutex pwdEnumerationMutex;
|
|
|
|
QueryData genUsers(QueryContext& context) {
|
|
std::lock_guard<std::mutex> lock(pwdEnumerationMutex);
|
|
QueryData results;
|
|
struct passwd *pwd = nullptr;
|
|
|
|
while ((pwd = getpwent()) != nullptr) {
|
|
Row r;
|
|
r["uid"] = BIGINT(pwd->pw_uid);
|
|
r["gid"] = BIGINT(pwd->pw_gid);
|
|
r["uid_signed"] = BIGINT((int32_t) pwd->pw_uid);
|
|
r["gid_signed"] = BIGINT((int32_t) pwd->pw_gid);
|
|
r["username"] = TEXT(pwd->pw_name);
|
|
r["description"] = TEXT(pwd->pw_gecos);
|
|
r["directory"] = TEXT(pwd->pw_dir);
|
|
r["shell"] = TEXT(pwd->pw_shell);
|
|
results.push_back(r);
|
|
}
|
|
endpwent();
|
|
|
|
return results;
|
|
}
|
|
}
|
|
}
|