"Fossies" - the Fresh Open Source Software Archive

Member "osquery-4.3.0/osquery/tables/system/darwin/ad_config.cpp" (14 Apr 2020, 2793 Bytes) of package /linux/misc/osquery-4.3.0.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "ad_config.cpp" see the Fossies "Dox" file reference documentation.

    1 /**
    2  *  Copyright (c) 2014-present, Facebook, Inc.
    3  *  All rights reserved.
    4  *
    5  *  This source code is licensed in accordance with the terms specified in
    6  *  the LICENSE file found in the root directory of this source tree.
    7  */
    8 
    9 #include <osquery/filesystem/filesystem.h>
   10 #include <osquery/sql.h>
   11 #include <osquery/tables.h>
   12 
   13 namespace osquery {
   14 namespace tables {
   15 
   16 const std::string kADConfigPath =
   17     "/Library/Preferences/OpenDirectory/"
   18     "Configurations/Active Directory/";
   19 
   20 void genADConfig(const std::string& path, QueryData& results) {
   21   auto config = SQL::selectAllFrom("plist", "path", EQUALS, path);
   22   if (config.size() == 0 || config[0].count("key") == 0) {
   23     // Fail if the file could not be plist-parsed.
   24     return;
   25   }
   26 
   27   // Walk through module options quickly to find the trust domain.
   28   // The file name and domain will be included in every row.
   29   auto name = config[0].at("key");
   30   std::string domain;
   31   for (const auto& row : config) {
   32     if (row.count("subkey") > 0 &&
   33         row.at("subkey") == "ActiveDirectory/trust domain") {
   34       domain = row.count("value") > 0 ? row.at("value") : "";
   35       break;
   36     }
   37   }
   38 
   39   // Iterate again with the domain known, searching for options.
   40   for (const auto& row : config) {
   41     Row r;
   42     r["domain"] = domain;
   43     r["name"] = name;
   44 
   45     // Get references to common columns.
   46     if (row.count("key") == 0 || row.count("subkey") == 0) {
   47       continue;
   48     }
   49     const auto& key = row.at("key");
   50     const auto& subkey = row.at("subkey");
   51     if (key == "trustoptions" ||
   52         key == "trustkerberosprincipal" ||
   53         key == "trustaccount" ||
   54         key == "trusttype") {
   55       r["option"] = key;
   56       r["value"] = row.count("value") > 0 ? row.at("value") : "";
   57       results.push_back(r);
   58     } else if (key == "options") {
   59       // The options key has a single subkey with the option name.
   60       r["option"] = subkey;
   61       r["value"] = row.count("value") > 0 ? row.at("value") : "";
   62       results.push_back(r);
   63     } else if (key == "module options") {
   64       // Module options may contain 'managed client template', skip those.
   65       if (subkey.find("managed client template") != std::string::npos) {
   66         continue;
   67       }
   68 
   69       // Skip the "ActiveDirectory/" preamble.
   70       r["option"] = subkey.substr(16);
   71       r["value"] = row.count("value") > 0 ? row.at("value") : "";
   72       results.push_back(r);
   73     }
   74   }
   75 }
   76 
   77 QueryData genADConfig(QueryContext& context) {
   78   QueryData results;
   79 
   80   // Not common to have multiple domains configured, but iterate over any file
   81   // within the known-path for AD plists.
   82   std::vector<std::string> configs;
   83   if (listFilesInDirectory(kADConfigPath, configs).ok()) {
   84     for (const auto& path : configs) {
   85       genADConfig(path, results);
   86     }
   87   }
   88 
   89   return results;
   90 }
   91 }
   92 }