void createMockFileStructure() {
fs::create_directories(kFakeDirectory + "/toplevel/");
fs::create_directories(kFakeDirectory + "/toplevel/secondlevel1");
fs::create_directories(kFakeDirectory + "/toplevel/secondlevel2");
fs::create_directories(kFakeDirectory + "/toplevel/secondlevel3");
fs::create_directories(kFakeDirectory + "/toplevel/secondlevel3/thirdlevel1");
fs::create_directories(kFakeDirectory + "/deep11/deep2/deep3/");
fs::create_directories(kFakeDirectory + "/deep1/deep2/");
writeTextFile(kFakeDirectory + "/root.txt", "root");
writeTextFile(kFakeDirectory + "/door.txt", "toor");
writeTextFile(kFakeDirectory + "/roto.txt", "roto");
writeTextFile(kFakeDirectory + "/deep1/level1.txt", "l1");
writeTextFile(kFakeDirectory + "/deep11/not_bash", "l1");
writeTextFile(kFakeDirectory + "/deep1/deep2/level2.txt", "l2");
writeTextFile(kFakeDirectory + "/deep11/level1.txt", "l1");
writeTextFile(kFakeDirectory + "/deep11/deep2/level2.txt", "l2");
writeTextFile(kFakeDirectory + "/deep11/deep2/deep3/level3.txt", "l3");
#ifdef WIN32
writeTextFile(kFakeDirectory + "/root2.txt", "l1");
#else
boost::system::error_code ec;
fs::create_symlink(
kFakeDirectory + "/root.txt", kFakeDirectory + "/root2.txt", ec);
#endif
}
// exportClipFile(basepath)
static void exportClipFile(LPCWSTR basepath)
{
// CF_UNICODETEXT
HANDLE data = GetClipboardData(CF_UNICODETEXT);
if (data != NULL) {
LPWSTR text = (LPWSTR) GlobalLock(data);
if (text != NULL) {
WCHAR path[MAX_PATH];
StringCchPrintf(path, _countof(path), L"%s.txt", basepath);
setClipboardOrigin(path);
writeTextFile(path, text, wcslen(text));
GlobalUnlock(data);
}
}
// CF_DIB
data = GetClipboardData(CF_DIB);
if (data != NULL) {
LPVOID bytes = GlobalLock(data);
if (bytes != NULL) {
SIZE_T nbytes = GlobalSize(data);
WCHAR path[MAX_PATH];
StringCchPrintf(path, _countof(path), L"%s.bmp", basepath);
setClipboardOrigin(path);
writeBMPFile(path, bytes, nbytes);
GlobalUnlock(bytes);
}
}
}
Status createPidFile() {
// check if pidfile exists
auto exists = pathExists(FLAGS_pidfile);
if (exists.ok()) {
// if it exists, check if that pid is running.
std::string content;
auto read_status = readFile(FLAGS_pidfile, content);
if (!read_status.ok()) {
return Status(1, "Could not read pidfile: " + read_status.toString());
}
auto stale_status = checkStalePid(content);
if (!stale_status.ok()) {
return stale_status;
}
}
// Now the pidfile is either the wrong pid or the pid is not running.
try {
boost::filesystem::remove(FLAGS_pidfile);
} catch (boost::filesystem::filesystem_error& e) {
// Unable to remove old pidfile.
LOG(WARNING) << "Unable to remove the osqueryd pidfile";
}
// If no pidfile exists or the existing pid was stale, write, log, and run.
auto pid = boost::lexical_cast<std::string>(getpid());
LOG(INFO) << "Writing osqueryd pid (" << pid << ") to " << FLAGS_pidfile;
auto status = writeTextFile(FLAGS_pidfile, pid, 0644);
return status;
}
Status createPidFile() {
// check if pidfile exists
auto pidfile_path = fs::path(FLAGS_pidfile).make_preferred();
if (pathExists(pidfile_path).ok()) {
// if it exists, check if that pid is running.
std::string content;
auto read_status = readFile(pidfile_path, content, true);
if (!read_status.ok()) {
return Status(1, "Could not read pidfile: " + read_status.toString());
}
auto stale_status = checkStalePid(content);
if (!stale_status.ok()) {
return stale_status;
}
}
// Now the pidfile is either the wrong pid or the pid is not running.
try {
boost::filesystem::remove(pidfile_path);
} catch (const boost::filesystem::filesystem_error& /* e */) {
// Unable to remove old pidfile.
LOG(WARNING) << "Unable to remove the osqueryd pidfile";
}
// If no pidfile exists or the existing pid was stale, write, log, and run.
auto pid = boost::lexical_cast<std::string>(
PlatformProcess::getCurrentProcess()->pid());
VLOG(1) << "Writing osqueryd pid (" << pid << ") to "
<< pidfile_path.string();
auto status = writeTextFile(pidfile_path, pid, 0644);
return status;
}
TEST_F(EnrollTests, test_enroll_secret_retrieval) {
// Write an example secret (deploy key).
FLAGS_enroll_secret_path = kTestWorkingDirectory + "secret.txt";
writeTextFile(FLAGS_enroll_secret_path, "test_secret\n", 0600, false);
// Make sure the file content was read and trimmed.
auto secret = getEnrollSecret();
EXPECT_EQ(secret, "test_secret");
// Now change the file path.
FLAGS_enroll_secret_path = kTestWorkingDirectory + "not_a_secret.txt";
// And for good measure, write some content.
writeTextFile(FLAGS_enroll_secret_path, "test_not_a_secret", 0600, false);
// The enrollment key should not update.
secret = getEnrollSecret();
EXPECT_EQ(secret, "test_secret");
}
Row scanFile(const std::string& ruleContent) {
YR_RULES* rules = nullptr;
int result = yr_initialize();
EXPECT_TRUE(result == ERROR_SUCCESS);
writeTextFile(ruleFile, ruleContent);
Status status = compileSingleFile(ruleFile, &rules);
EXPECT_TRUE(status.ok());
Row r;
r["count"] = "0";
r["matches"] = "";
result = yr_rules_scan_file(rules,
ls.c_str(),
SCAN_FLAGS_FAST_MODE,
YARACallback,
(void*)&r,
0);
EXPECT_TRUE(result == ERROR_SUCCESS);
yr_rules_destroy(rules);
return r;
}
TEST_F(EnrollTests, test_enroll_secret_retrieval) {
// Write an example secret (deploy key).
FLAGS_enroll_secret_path = kTestWorkingDirectory + "secret.txt";
writeTextFile(FLAGS_enroll_secret_path, "test_secret\n", 0600, false);
// Make sure the file content was read and trimmed.
auto secret = getEnrollSecret();
EXPECT_EQ(secret, "test_secret");
}
virtual void start() override {
while (!interrupted()) {
if (!writeTextFile(kMultiThreadPermissionPath, "test")) {
throw std::runtime_error("Cannot write " + kMultiThreadPermissionPath);
}
ticks++;
}
}
void loadKernelExtension() {
// Check if the kernel extension package is installed.
auto results = SQL::selectAllFrom(
"package_receipts", "path", EQUALS, kKernelPackageReceipt);
if (results.size() == 0) {
// The kernel package is not installed.
return;
}
// Find the panic log file for the last panic if we are booting out of panic.
results =
SQL::SQL(
"SELECT f.path AS path FROM (SELECT * FROM nvram WHERE name like "
"'%panic%') AS nv JOIN (SELECT * FROM file WHERE "
"directory='/Library/Logs/DiagnosticReports/' AND path like "
"'%/Kernel%' ORDER BY ctime DESC LIMIT 1) as f;")
.rows();
// If a panic exists, check if it was caused by the osquery extension.
if (results.size() == 1) {
std::string panic_content;
if (readFile(results[0]["path"], panic_content).ok()) {
auto rx = xp::sregex::compile(kKernelBundleRegex);
xp::smatch matches;
// If so, write a blacklist file that prevents future load attempts.
if (xp::regex_search(panic_content, matches, rx)) {
LOG(ERROR) << "Panic was caused by osquery kernel extension";
writeTextFile(kBlockingFile, "");
}
}
}
// Check if the kernel extension is manually (or set from crash) blocked.
results = SQL::selectAllFrom("file", "path", EQUALS, kBlockingFile);
if (FLAGS_disable_kernel) {
LOG(INFO) << "Kernel extension is disabled";
return;
} else if (results.size() > 0) {
LOG(WARNING) << "Kernel extension disabled by file";
return;
}
CFURLRef urls[1];
CFArrayRef directoryArray;
urls[0] = CFURLCreateWithString(nullptr, kKernelExtensionDirectory, nullptr);
directoryArray =
CFArrayCreate(nullptr, (const void**)urls, 1, &kCFTypeArrayCallBacks);
if (KextManagerLoadKextWithIdentifier(kKernelBundleId, directoryArray) !=
kOSReturnSuccess) {
VLOG(1) << "Could not autoload kernel extension";
} else {
VLOG(1) << "Autoloaded osquery kernel extension";
}
CFRelease(directoryArray);
}
void createMockFileStructure() {
boost::filesystem::create_directories(kFakeDirectory +
"/deep11/deep2/deep3/");
boost::filesystem::create_directories(kFakeDirectory + "/deep1/deep2/");
writeTextFile(kFakeDirectory + "/root.txt", "root");
writeTextFile(kFakeDirectory + "/door.txt", "toor");
writeTextFile(kFakeDirectory + "/roto.txt", "roto");
writeTextFile(kFakeDirectory + "/deep1/level1.txt", "l1");
writeTextFile(kFakeDirectory + "/deep11/not_bash", "l1");
writeTextFile(kFakeDirectory + "/deep1/deep2/level2.txt", "l2");
writeTextFile(kFakeDirectory + "/deep11/level1.txt", "l1");
writeTextFile(kFakeDirectory + "/deep11/deep2/level2.txt", "l2");
writeTextFile(kFakeDirectory + "/deep11/deep2/deep3/level3.txt", "l3");
}
void Level::serializeGameObjects( const mkString& file_name )
{
JSONDataWriterString writer;
writer.writeInt32("SerializedWithIds", 1);
m_objectsMgr.serializeGameObjects(&writer);
mkString result;
writer.extractString(result);
writeTextFile(file_name.c_str(), result.c_str(), result.size());
}
int writeReadTextFile(){
char *str = "this\nis\na\ntest\nstring";
int result = writeTextFile("testTextFile.txt", str);
if(!result)
return 0;
char *readStr = readTextFile("testTextFile.txt");
if(!readStr)
return 0;
result = strcmp(str, readStr);
free(readStr);
return result == 0;
}
Status FilesystemLoggerPlugin::logString(const std::string& s) {
std::lock_guard<std::mutex> lock(filesystemLoggerPluginMutex);
try {
// The results log may contain sensitive information if run as root.
auto status = writeTextFile(log_path_.string(), s, 0640, true);
if (!status.ok()) {
return status;
}
} catch (const std::exception& e) {
return Status(1, e.what());
}
return Status(0, "OK");
}
Status FilesystemLoggerPlugin::logStringToFile(const std::string& s,
const std::string& filename,
bool empty) {
WriteLock lock(mutex_);
Status status;
try {
status = writeTextFile((log_path_ / filename).string(),
(empty) ? "" : s + '\n',
FLAGS_logger_mode,
true);
} catch (const std::exception& e) {
return Status(1, e.what());
}
return status;
}
/* Article indexer methods */
void *Indexer::indexArticles(void *ptr) {
pthread_setcanceltype(PTHREAD_CANCEL_DEFERRED, NULL);
kiwix::Indexer *self = (kiwix::Indexer *)ptr;
unsigned int indexedArticleCount = 0;
indexerToken token;
self->indexingPrelude(self->getIndexPath());
while (self->popFromToIndexQueue(token)) {
self->index(token.url,
token.accentedTitle,
token.title,
token.keywords,
token.content,
token.snippet,
token.size,
token.wordCount
);
indexedArticleCount += 1;
/* Make a hard-disk flush every 10.000 articles */
if (indexedArticleCount % 5000 == 0) {
self->flush();
}
/* Test if the thread should be cancelled */
pthread_testcancel();
}
self->indexingPostlude();
/* Write content id file */
string path = appendToDirectory(self->getIndexPath(), "content.id");
writeTextFile(path, self->getZimId());
self->setProgression(100);
#ifdef _WIN32
Sleep(100);
#else
usleep(100000);
#endif
self->articleIndexerRunning(false);
pthread_exit(NULL);
return NULL;
}
Status createPidFile() {
// check if pidfile exists
auto exists = pathExists(FLAGS_pidfile);
if (exists.ok()) {
// if it exists, check if that pid is running
std::string content;
auto read_status = readFile(FLAGS_pidfile, content);
if (!read_status.ok()) {
return Status(1, "Could not read pidfile: " + read_status.toString());
}
int osqueryd_pid;
try {
osqueryd_pid = stoi(content);
} catch (const std::invalid_argument& e) {
return Status(
1,
std::string("Could not convert pidfile content to an int: ") +
std::string(e.what()));
}
if (kill(osqueryd_pid, 0) == 0) {
// if the pid is running, return an "error" status
return Status(1, "osqueryd is already running");
} else if (errno == ESRCH) {
// if the pid isn't running, overwrite the pidfile
boost::filesystem::remove(FLAGS_pidfile);
goto write_new_pidfile;
} else {
return Status(
1,
std::string(
"An unknown error occured checking if the pid is running: ") +
std::string(strerror(errno)));
}
} else {
// if it doesn't exist, write a pid file and return a "success" status
write_new_pidfile:
auto current_pid = boost::lexical_cast<std::string>(getpid());
LOG(INFO) << "Writing pid (" << current_pid << ") to " << FLAGS_pidfile;
auto write_status = writeTextFile(FLAGS_pidfile, current_pid, 0755);
return write_status;
}
}
TEST_F(PermissionsTests, test_multi_thread_permissions) {
if (getuid() != 0) {
LOG(WARNING) << "Not root, skipping multi-thread deprivilege testing";
return;
}
ASSERT_EQ(0U, geteuid());
// Set the multi-thread path, which both threads will write into.
auto multi_thread_path = fs::path(kTestWorkingDirectory) / "threadperms.txt";
kMultiThreadPermissionPath = multi_thread_path.string();
// This thread has super-user permissions.
ASSERT_TRUE(writeTextFile(kMultiThreadPermissionPath, "test", 600));
// Start our permissions thread.
auto perms_thread = std::make_shared<PermissionsRunnable>();
Dispatcher::addService(perms_thread);
// Wait for the permissions thread to write once.
EXPECT_TRUE(waitForTick(perms_thread));
// Attempt to drop to nobody.
auto nobody = getpwnam("nobody");
EXPECT_NE(nobody, nullptr);
{
auto dropper = DropPrivileges::get();
EXPECT_TRUE(dropper->dropTo(nobody->pw_uid, nobody->pw_gid));
EXPECT_EQ(geteuid(), nobody->pw_uid);
// Now we wait for the permissions thread to write once while this thread's
// permissions are dropped.
EXPECT_TRUE(waitForTick(perms_thread));
}
Dispatcher::stopServices();
Dispatcher::joinServices();
}
TEST_F(PermissionsTests, test_functional_drop) {
if (getuid() != 0) {
LOG(WARNING) << "Not root, skipping (explicit) unprivileged testing";
return;
}
auto file_path = kTestWorkingDirectory + "permissions-file2";
{
writeTextFile(file_path, "data");
ASSERT_TRUE(platformChmod(file_path, 0400));
}
{
auto nobody = getpwnam("nobody");
auto dropper = DropPrivileges::get();
dropper->dropTo(nobody->pw_uid, nobody->pw_gid);
PlatformFile fd(file_path, PF_OPEN_EXISTING | PF_READ);
EXPECT_FALSE(fd.isValid());
}
osquery::removePath(file_path);
}
