void genControlInfoFromName(const std::string& name, QueryData& results,
const std::map<std::string, std::string>& config) {
// Convert '.'-tokenized name to path.
std::string name_path = name;
std::replace(name_path.begin(), name_path.end(), '.', '/');
auto mib_path = fs::path(kSystemControlPath) / name_path;
genControlInfo(mib_path.string(), results, config);
}
void genControlInfoFromName(const std::string& name, QueryData& results,
const std::map<std::string, std::string>& config) {
int request[CTL_DEBUG_MAXID + 2] = {0};
size_t oid_size = CTL_DEBUG_MAXID;
if (sysctlnametomib(name.c_str(), request, &oid_size) != 0) {
// MIB lookup failed.
return;
}
genControlInfo((int*)request, oid_size, results, config);
}
void genControlInfo(const std::string& mib_path,
QueryData& results,
const std::map<std::string, std::string>& config) {
if (isDirectory(mib_path).ok()) {
// Iterate through the subitems and items.
std::vector<std::string> items;
if (listDirectoriesInDirectory(mib_path, items).ok()) {
for (const auto& item : items) {
genControlInfo(item, results, config);
}
}
if (listFilesInDirectory(mib_path, items).ok()) {
for (const auto& item : items) {
genControlInfo(item, results, config);
}
}
return;
}
// This is a file (leaf-control).
Row r;
r["name"] = mib_path.substr(kSystemControlPath.size());
std::replace(r["name"].begin(), r["name"].end(), '/', '.');
// No known way to convert name MIB to int array.
r["subsystem"] = osquery::split(r.at("name"), ".")[0];
if (isReadable(mib_path).ok()) {
std::string content;
readFile(mib_path, content);
boost::trim(content);
r["current_value"] = content;
}
if (config.count(r.at("name")) > 0) {
r["config_value"] = config.at(r.at("name"));
}
r["type"] = "string";
results.push_back(r);
}
void genControlInfoFromOIDString(const std::string& oid_string, QueryData& results,
const std::map<std::string, std::string>& config) {
int request[CTL_DEBUG_MAXID + 2] = {0};
auto tokens = osquery::split(oid_string, ".");
if (tokens.size() > CTL_DEBUG_MAXID) {
// OID input string was too large.
return;
}
// Convert the string into an int array.
for (size_t i = 0; i < tokens.size(); ++i) {
request[i] = atol(tokens.at(i).c_str());
}
genControlInfo((int*)request, tokens.size(), results, config);
}
void genAllControls(QueryData& results,
const std::map<std::string, std::string>& config,
const std::string& subsystem) {
// Linux sysctl subsystems are directories in /proc
std::vector<std::string> subsystems;
if (!listDirectoriesInDirectory("/proc/sys", subsystems).ok()) {
return;
}
for (const auto& sub : subsystems) {
if (subsystem.size() != 0 && fs::path(sub).filename().string() != subsystem) {
// Request is limiting subsystem.
continue;
}
genControlInfo(sub, results, config);
}
}
void genAllControls(QueryData& results,
const std::map<std::string, std::string>& config,
const std::string& subsystem) {
int subsystem_limit = 0;
if (subsystem.size() != 0) {
// If a subsystem was provided, limit the enumeration.
auto it = std::find(kControlNames.begin(), kControlNames.end(), subsystem);
if (it == kControlNames.end()) {
// Subsystem is not known.
return;
}
subsystem_limit = std::distance(kControlNames.begin(), it);
}
// Use the request to retrieve the MIB vector.
int request[CTL_DEBUG_MAXID + 2] = {0, CTL_DEBUG_ITERATE};
size_t request_size = 3;
// Write the OID into an integer vector to request the name/value.
int response[CTL_DEBUG_MAXID + 2] = {0};
size_t response_size = 0;
// Start iterating from OID=1 if no subsystem was provided.
request[2] = (subsystem_limit == 0) ? 1 : subsystem_limit;
size_t num_controls = 0;
while (num_controls++ < MAX_CONTROLS) {
// This will walk the MIBs, requesting the 'next' in the response.
response_size = sizeof(request);
if (sysctl(request, request_size, response, &response_size, 0, 0) != 0) {
// Request failed, unhandled serious error.
break;
}
if (subsystem_limit != 0 && response[0] != subsystem_limit) {
// The OID search was limited to a subsystem.
break;
}
response_size /= sizeof(int);
genControlInfo(response, response_size, results, config);
// Set the data for the next OID request.
memcpy(request + 2, response, CTL_DEBUG_MAXID * sizeof(int));
request_size = response_size + 2;
}
}