fix(userspace/libsinsp): get_user() and get_loginuser() need differen…

…t static pointer. Signed-off-by: Federico Di Pierro <[email protected]>
falcosecurity · Dec 2, 2024 · 12c8b09 · 12c8b09
1 parent a36c9ec
commit 12c8b09
Show file tree

Hide file tree

Showing 3 changed files with 79 additions and 24 deletions.
diff --git a/userspace/libsinsp/test/filterchecks/user.cpp b/userspace/libsinsp/test/filterchecks/user.cpp
@@ -28,7 +28,7 @@ TEST_F(sinsp_with_test_input, USER_FILTER_extract_from_existent_user_entry) {
 
 	open_inspector();
 
-	m_inspector.m_usergroup_manager.add_user("", INIT_TID, 1000, 1000, "foo", "/bar", "/bin/bash");
+	m_inspector.m_usergroup_manager.add_user("", INIT_TID, 1000, 1000, "foo", "/foo", "/bin/bash");
 
 	std::string path = "/home/file.txt";
 	int64_t fd = 3;
@@ -43,13 +43,33 @@ TEST_F(sinsp_with_test_input, USER_FILTER_extract_from_existent_user_entry) {
 	ASSERT_EQ(get_field_as_string(evt, "user.uid"), "1000");
 	ASSERT_EQ(get_field_as_string(evt, "user.loginuid"), "0");
 	ASSERT_EQ(get_field_as_string(evt, "user.name"), "foo");
+	ASSERT_EQ(get_field_as_string(evt, "user.homedir"), "/foo");
+	ASSERT_EQ(get_field_as_string(evt, "user.shell"), "/bin/bash");
+	// Loginname default at root for 0 uid without an user entry in user group manager.
+	ASSERT_EQ(get_field_as_string(evt, "user.loginname"), "root");
+
+	// Now remove the user
+	m_inspector.m_usergroup_manager.rm_user("", 1000);
+	ASSERT_EQ(get_field_as_string(evt, "user.uid"), "1000");
+	ASSERT_EQ(get_field_as_string(evt, "user.loginuid"), "0");
+	ASSERT_EQ(get_field_as_string(evt, "user.name"), "<NA>");
+	ASSERT_EQ(get_field_as_string(evt, "user.homedir"), "<NA>");
+	ASSERT_EQ(get_field_as_string(evt, "user.shell"), "<NA>");
+	// Loginname default at root for 0 uid without an user entry in user group manager.
+	ASSERT_EQ(get_field_as_string(evt, "user.loginname"), "root");
+
+	// Add back a new user
+	m_inspector.m_usergroup_manager.add_user("", INIT_TID, 1000, 1000, "bar", "/bar", "/bin/bash");
+	ASSERT_EQ(get_field_as_string(evt, "user.uid"), "1000");
+	ASSERT_EQ(get_field_as_string(evt, "user.loginuid"), "0");
+	ASSERT_EQ(get_field_as_string(evt, "user.name"), "bar");
 	ASSERT_EQ(get_field_as_string(evt, "user.homedir"), "/bar");
 	ASSERT_EQ(get_field_as_string(evt, "user.shell"), "/bin/bash");
 	// Loginname default at root for 0 uid without an user entry in user group manager.
 	ASSERT_EQ(get_field_as_string(evt, "user.loginname"), "root");
 }
 
-TEST_F(sinsp_with_test_input, USER_FILTER_extract_from_unexistent_user_entry) {
+TEST_F(sinsp_with_test_input, USER_FILTER_extract_from_default_user_entry) {
 	add_default_init_thread();
 
 	open_inspector();
@@ -58,6 +78,10 @@ TEST_F(sinsp_with_test_input, USER_FILTER_extract_from_unexistent_user_entry) {
 	// Since default thread uid is 0, the entry is created with "root" name and "/root" homedir.
 	ASSERT_NE(m_inspector.m_usergroup_manager.get_user("", 0), nullptr);
 
+	// remove the loaded "root" user to test defaults for uid 0
+	m_inspector.m_usergroup_manager.rm_user("", 0);
+	ASSERT_EQ(m_inspector.m_usergroup_manager.get_user("", 0), nullptr);
+
 	std::string path = "/home/file.txt";
 	int64_t fd = 3;
 
@@ -74,6 +98,7 @@ TEST_F(sinsp_with_test_input, USER_FILTER_extract_from_unexistent_user_entry) {
 	ASSERT_EQ(get_field_as_string(evt, "user.uid"), "0");
 	ASSERT_EQ(get_field_as_string(evt, "user.name"), "root");
 	ASSERT_EQ(get_field_as_string(evt, "user.homedir"), "/root");
+	ASSERT_EQ(get_field_as_string(evt, "user.shell"), "<NA>");
 }
 
 TEST_F(sinsp_with_test_input, USER_FILTER_extract_from_existent_user_entry_without_metadata) {
@@ -83,7 +108,7 @@ TEST_F(sinsp_with_test_input, USER_FILTER_extract_from_existent_user_entry_witho
 
 	// Creating the entry in the user group manager will override
 	// the one created by the inspector threadtable initial load.
-	// Since we set empty metadata, we don't expect any metadata in the output fields.
+	// Since we set "" metadatas, we don't expect any metadata in the output fields.
 	m_inspector.m_usergroup_manager.add_user("", INIT_TID, 0, 0, "", "", "");
 
 	std::string path = "/home/file.txt";
@@ -99,4 +124,30 @@ TEST_F(sinsp_with_test_input, USER_FILTER_extract_from_existent_user_entry_witho
 	ASSERT_EQ(get_field_as_string(evt, "user.uid"), "0");
 	ASSERT_EQ(get_field_as_string(evt, "user.name"), "");
 	ASSERT_EQ(get_field_as_string(evt, "user.homedir"), "");
+	ASSERT_EQ(get_field_as_string(evt, "user.shell"), "");
+}
+
+TEST_F(sinsp_with_test_input, USER_FILTER_extract_from_loaded_user_entry) {
+	add_default_init_thread();
+
+	open_inspector();
+
+	// Creating the entry in the user group manager will override
+	// the one created by the inspector threadtable initial load.
+	// Since we set **empty** metadata, we expect metadata to be loaded from the system.
+	m_inspector.m_usergroup_manager.add_user("", INIT_TID, 0, 0, {}, {}, {});
+
+	std::string path = "/home/file.txt";
+	int64_t fd = 3;
+
+	auto evt = add_event_advance_ts(increasing_ts(),
+	                                INIT_TID,
+	                                PPME_SYSCALL_OPEN_E,
+	                                fd,
+	                                path.c_str(),
+	                                (uint32_t)PPM_O_RDWR | PPM_O_CREAT,
+	                                (uint32_t)0);
+	ASSERT_EQ(get_field_as_string(evt, "user.uid"), "0");
+	ASSERT_EQ(get_field_as_string(evt, "user.name"), "root");
+	ASSERT_EQ(get_field_as_string(evt, "user.homedir"), "/root");
 }
diff --git a/userspace/libsinsp/threadinfo.cpp b/userspace/libsinsp/threadinfo.cpp
@@ -535,14 +535,14 @@ void sinsp_threadinfo::set_user(uint32_t uid) {
 	scap_userinfo* user = m_inspector->m_usergroup_manager.get_user(m_container_id, uid);
 	if(!user) {
 		auto notify = m_inspector->is_live() || m_inspector->is_syscall_plugin();
-		std::string name, home;
 		// For uid 0 force set root related infos
 		if(uid == 0) {
-			name = "root";
-			home = "/root";
+			m_inspector->m_usergroup_manager
+			        .add_user(m_container_id, m_pid, uid, m_gid, "root", "/root", {}, notify);
+		} else {
+			m_inspector->m_usergroup_manager
+			        .add_user(m_container_id, m_pid, uid, m_gid, {}, {}, {}, notify);
 		}
-		m_inspector->m_usergroup_manager
-		        .add_user(m_container_id, m_pid, uid, m_gid, name, home, {}, notify);
 	}
 }
 
@@ -551,37 +551,33 @@ void sinsp_threadinfo::set_group(uint32_t gid) {
 	scap_groupinfo* group = m_inspector->m_usergroup_manager.get_group(m_container_id, gid);
 	if(!group) {
 		auto notify = m_inspector->is_live() || m_inspector->is_syscall_plugin();
-		// For uid 0 force set root related infos
-		std::string name;
+		// For gid 0 force set root related info
 		if(gid == 0) {
-			name = "root";
+			m_inspector->m_usergroup_manager.add_group(m_container_id, m_pid, gid, "root", notify);
+		} else {
+			m_inspector->m_usergroup_manager.add_group(m_container_id, m_pid, gid, {}, notify);
 		}
-		m_inspector->m_usergroup_manager.add_group(m_container_id, m_pid, gid, name, notify);
 	}
 }
 
 void sinsp_threadinfo::set_loginuid(uint32_t loginuid) {
 	m_loginuid = loginuid;
 }
 
-scap_userinfo* sinsp_threadinfo::get_user(uint32_t id) const {
-	auto user = m_inspector->m_usergroup_manager.get_user(m_container_id, id);
+scap_userinfo* sinsp_threadinfo::get_user() const {
+	auto user = m_inspector->m_usergroup_manager.get_user(m_container_id, m_uid);
 	if(user != nullptr) {
 		return user;
 	}
 	static scap_userinfo usr{};
-	usr.uid = id;
+	usr.uid = m_uid;
 	usr.gid = m_gid;
-	strlcpy(usr.name, id == 0 ? "root" : "<NA>", sizeof(usr.name));
-	strlcpy(usr.homedir, id == 0 ? "/root" : "<NA>", sizeof(usr.homedir));
+	strlcpy(usr.name, m_uid == 0 ? "root" : "<NA>", sizeof(usr.name));
+	strlcpy(usr.homedir, m_uid == 0 ? "/root" : "<NA>", sizeof(usr.homedir));
 	strlcpy(usr.shell, "<NA>", sizeof(usr.shell));
 	return &usr;
 }
 
-scap_userinfo* sinsp_threadinfo::get_user() const {
-	return get_user(m_uid);
-}
-
 scap_groupinfo* sinsp_threadinfo::get_group() const {
 	auto group = m_inspector->m_usergroup_manager.get_group(m_container_id, m_gid);
 	if(group != nullptr) {
@@ -594,7 +590,17 @@ scap_groupinfo* sinsp_threadinfo::get_group() const {
 }
 
 scap_userinfo* sinsp_threadinfo::get_loginuser() const {
-	return get_user(m_loginuid);
+	auto user = m_inspector->m_usergroup_manager.get_user(m_container_id, m_loginuid);
+	if(user != nullptr) {
+		return user;
+	}
+	static scap_userinfo usr{};
+	usr.uid = m_loginuid;
+	usr.gid = m_gid;
+	strlcpy(usr.name, m_loginuid == 0 ? "root" : "<NA>", sizeof(usr.name));
+	strlcpy(usr.homedir, m_loginuid == 0 ? "/root" : "<NA>", sizeof(usr.homedir));
+	strlcpy(usr.shell, "<NA>", sizeof(usr.shell));
+	return &usr;
 }
 
 void sinsp_threadinfo::set_args(const char* args, size_t len) {

diff --git a/userspace/libsinsp/threadinfo.h b/userspace/libsinsp/threadinfo.h
@@ -608,8 +608,6 @@ class SINSP_PUBLIC sinsp_threadinfo : public libsinsp::state::table_entry {
 	                  uint32_t& alen,
 	                  std::string& rem) const;
 
-	scap_userinfo* get_user(uint32_t id) const;
-
 	//
 	// Parameters that can't be accessed directly because they could be in the
 	// parent thread info