// get filename bool SettingLoader::getFilename(const tstringi &i_name, tstringi *o_path, int i_debugLevel) const { // the default filename is ".mayu" const tstringi &name = i_name.empty() ? tstringi(_T(".mayu")) : i_name; bool isFirstTime = true; while (true) { // find file from registry if (i_name.empty()) { // called not from 'include' Setting::Symbols symbols; if (getFilenameFromRegistry(NULL, o_path, &symbols)) { if (o_path->empty()) // find file from home directory { HomeDirectories pathes; getHomeDirectories(&pathes); for (HomeDirectories::iterator i = pathes.begin(); i != pathes.end(); ++ i) { *o_path = *i + _T("\\") + name; if (isReadable(*o_path, i_debugLevel)) goto add_symbols; } return false; } else { if (!isReadable(*o_path, i_debugLevel)) return false; } add_symbols: for (Setting::Symbols::iterator i = symbols.begin(); i != symbols.end(); ++ i) m_setting->m_symbols.insert(*i); return true; } } if (!isFirstTime) return false; // find file from home directory HomeDirectories pathes; getHomeDirectories(&pathes); for (HomeDirectories::iterator i = pathes.begin(); i != pathes.end(); ++ i) { *o_path = *i + _T("\\") + name; if (isReadable(*o_path, i_debugLevel)) return true; } if (!i_name.empty()) return false; // called by 'include' if (!DialogBox(g_hInst, MAKEINTRESOURCE(IDD_DIALOG_setting), NULL, dlgSetting_dlgProc)) return false; } }
std::set<std::string> getKeychainPaths() { std::set<std::string> keychain_paths; for (const auto& path : kSystemKeychainPaths) { keychain_paths.insert(path); } auto homes = getHomeDirectories(); for (const auto& dir : homes) { for (const auto& keychains_dir : kUserKeychainPaths) { keychain_paths.insert((dir / keychains_dir).string()); } } return keychain_paths; }
QueryData genStartupItems(QueryContext& context) { QueryData results; // Get the login items available for all users genLoginItems("/", results); // Get the login items available in System Preferences for each user. for (const auto& dir : getHomeDirectories()) { genLoginItems(dir, results); } // Find system wide startup items in Library directories. for (const auto& dir : kLibraryStartupItemPaths) { genLibraryStartupItems(dir, results); } return results; }
/* * Get the login items available in System Preferences * * Based on * https://github.com/synack/knockknock/blob/master/plugins/loginItem.py */ void getLoginItems(QueryData& results) { for (const auto& dir : getHomeDirectories()) { pt::ptree tree; fs::path plist_path = dir / kLoginItemsPlistPath; try { if (!fs::exists(plist_path) || !fs::is_regular_file(plist_path)) { continue; } } catch (const fs::filesystem_error& e) { // Likely permission denied VLOG(1) << "Error checking path " << plist_path << ": " << e.what(); continue; } auto status = osquery::parsePlist(plist_path.string(), tree); if (!status.ok()) { VLOG(1) << "Error parsing " << plist_path << ": " << status.toString(); continue; } // Enumerate Login Items if we successfully opened the plist for (const auto& entry : tree.get_child(kLoginItemsKeyPath)) { Row r; auto name = entry.second.get<std::string>("Name"); r["name"] = name; r["type"] = "Login Item"; r["source"] = plist_path.string(); auto alias_data = entry.second.get<std::string>("Alias"); try { std::string bin_path; if (!parseAliasData(alias_data, bin_path).ok()) { VLOG(1) << "No valid path found for " << name << " in " << plist_path; } r["path"] = bin_path; } catch (const std::exception& e) { VLOG(1) << "Error parsing alias data for " << name << " in " << plist_path; } results.push_back(r); } } }