diff --git a/userspace/libsinsp/test/filterchecks/user.cpp b/userspace/libsinsp/test/filterchecks/user.cpp index 251742ab4c..b1425b855c 100644 --- a/userspace/libsinsp/test/filterchecks/user.cpp +++ b/userspace/libsinsp/test/filterchecks/user.cpp @@ -28,7 +28,7 @@ TEST_F(sinsp_with_test_input, USER_FILTER_extract_from_existent_user_entry) { open_inspector(); - m_inspector.m_usergroup_manager.add_user("", INIT_TID, 1000, 1000, "foo", "/bar", "/bin/bash"); + m_inspector.m_usergroup_manager.add_user("", INIT_TID, 1000, 1000, "foo", "/foo", "/bin/bash"); std::string path = "/home/file.txt"; int64_t fd = 3; @@ -43,13 +43,33 @@ TEST_F(sinsp_with_test_input, USER_FILTER_extract_from_existent_user_entry) { ASSERT_EQ(get_field_as_string(evt, "user.uid"), "1000"); ASSERT_EQ(get_field_as_string(evt, "user.loginuid"), "0"); ASSERT_EQ(get_field_as_string(evt, "user.name"), "foo"); + ASSERT_EQ(get_field_as_string(evt, "user.homedir"), "/foo"); + ASSERT_EQ(get_field_as_string(evt, "user.shell"), "/bin/bash"); + // Loginname default at root for 0 uid without an user entry in user group manager. + ASSERT_EQ(get_field_as_string(evt, "user.loginname"), "root"); + + // Now remove the user + m_inspector.m_usergroup_manager.rm_user("", 1000); + ASSERT_EQ(get_field_as_string(evt, "user.uid"), "1000"); + ASSERT_EQ(get_field_as_string(evt, "user.loginuid"), "0"); + ASSERT_EQ(get_field_as_string(evt, "user.name"), ""); + ASSERT_EQ(get_field_as_string(evt, "user.homedir"), ""); + ASSERT_EQ(get_field_as_string(evt, "user.shell"), ""); + // Loginname default at root for 0 uid without an user entry in user group manager. + ASSERT_EQ(get_field_as_string(evt, "user.loginname"), "root"); + + // Add back a new user + m_inspector.m_usergroup_manager.add_user("", INIT_TID, 1000, 1000, "bar", "/bar", "/bin/bash"); + ASSERT_EQ(get_field_as_string(evt, "user.uid"), "1000"); + ASSERT_EQ(get_field_as_string(evt, "user.loginuid"), "0"); + ASSERT_EQ(get_field_as_string(evt, "user.name"), "bar"); ASSERT_EQ(get_field_as_string(evt, "user.homedir"), "/bar"); ASSERT_EQ(get_field_as_string(evt, "user.shell"), "/bin/bash"); // Loginname default at root for 0 uid without an user entry in user group manager. ASSERT_EQ(get_field_as_string(evt, "user.loginname"), "root"); } -TEST_F(sinsp_with_test_input, USER_FILTER_extract_from_unexistent_user_entry) { +TEST_F(sinsp_with_test_input, USER_FILTER_extract_from_default_user_entry) { add_default_init_thread(); open_inspector(); @@ -58,6 +78,10 @@ TEST_F(sinsp_with_test_input, USER_FILTER_extract_from_unexistent_user_entry) { // Since default thread uid is 0, the entry is created with "root" name and "/root" homedir. ASSERT_NE(m_inspector.m_usergroup_manager.get_user("", 0), nullptr); + // remove the loaded "root" user to test defaults for uid 0 + m_inspector.m_usergroup_manager.rm_user("", 0); + ASSERT_EQ(m_inspector.m_usergroup_manager.get_user("", 0), nullptr); + std::string path = "/home/file.txt"; int64_t fd = 3; @@ -74,6 +98,7 @@ TEST_F(sinsp_with_test_input, USER_FILTER_extract_from_unexistent_user_entry) { ASSERT_EQ(get_field_as_string(evt, "user.uid"), "0"); ASSERT_EQ(get_field_as_string(evt, "user.name"), "root"); ASSERT_EQ(get_field_as_string(evt, "user.homedir"), "/root"); + ASSERT_EQ(get_field_as_string(evt, "user.shell"), ""); } TEST_F(sinsp_with_test_input, USER_FILTER_extract_from_existent_user_entry_without_metadata) { @@ -83,7 +108,7 @@ TEST_F(sinsp_with_test_input, USER_FILTER_extract_from_existent_user_entry_witho // Creating the entry in the user group manager will override // the one created by the inspector threadtable initial load. - // Since we set empty metadata, we don't expect any metadata in the output fields. + // Since we set "" metadatas, we don't expect any metadata in the output fields. m_inspector.m_usergroup_manager.add_user("", INIT_TID, 0, 0, "", "", ""); std::string path = "/home/file.txt"; @@ -99,4 +124,30 @@ TEST_F(sinsp_with_test_input, USER_FILTER_extract_from_existent_user_entry_witho ASSERT_EQ(get_field_as_string(evt, "user.uid"), "0"); ASSERT_EQ(get_field_as_string(evt, "user.name"), ""); ASSERT_EQ(get_field_as_string(evt, "user.homedir"), ""); + ASSERT_EQ(get_field_as_string(evt, "user.shell"), ""); +} + +TEST_F(sinsp_with_test_input, USER_FILTER_extract_from_loaded_user_entry) { + add_default_init_thread(); + + open_inspector(); + + // Creating the entry in the user group manager will override + // the one created by the inspector threadtable initial load. + // Since we set **empty** metadata, we expect metadata to be loaded from the system. + m_inspector.m_usergroup_manager.add_user("", INIT_TID, 0, 0, {}, {}, {}); + + std::string path = "/home/file.txt"; + int64_t fd = 3; + + auto evt = add_event_advance_ts(increasing_ts(), + INIT_TID, + PPME_SYSCALL_OPEN_E, + fd, + path.c_str(), + (uint32_t)PPM_O_RDWR | PPM_O_CREAT, + (uint32_t)0); + ASSERT_EQ(get_field_as_string(evt, "user.uid"), "0"); + ASSERT_EQ(get_field_as_string(evt, "user.name"), "root"); + ASSERT_EQ(get_field_as_string(evt, "user.homedir"), "/root"); } diff --git a/userspace/libsinsp/threadinfo.cpp b/userspace/libsinsp/threadinfo.cpp index 9deffaad79..01d581f0c9 100644 --- a/userspace/libsinsp/threadinfo.cpp +++ b/userspace/libsinsp/threadinfo.cpp @@ -535,14 +535,14 @@ void sinsp_threadinfo::set_user(uint32_t uid) { scap_userinfo* user = m_inspector->m_usergroup_manager.get_user(m_container_id, uid); if(!user) { auto notify = m_inspector->is_live() || m_inspector->is_syscall_plugin(); - std::string name, home; // For uid 0 force set root related infos if(uid == 0) { - name = "root"; - home = "/root"; + m_inspector->m_usergroup_manager + .add_user(m_container_id, m_pid, uid, m_gid, "root", "/root", {}, notify); + } else { + m_inspector->m_usergroup_manager + .add_user(m_container_id, m_pid, uid, m_gid, {}, {}, {}, notify); } - m_inspector->m_usergroup_manager - .add_user(m_container_id, m_pid, uid, m_gid, name, home, {}, notify); } } @@ -551,12 +551,12 @@ void sinsp_threadinfo::set_group(uint32_t gid) { scap_groupinfo* group = m_inspector->m_usergroup_manager.get_group(m_container_id, gid); if(!group) { auto notify = m_inspector->is_live() || m_inspector->is_syscall_plugin(); - // For uid 0 force set root related infos - std::string name; + // For gid 0 force set root related info if(gid == 0) { - name = "root"; + m_inspector->m_usergroup_manager.add_group(m_container_id, m_pid, gid, "root", notify); + } else { + m_inspector->m_usergroup_manager.add_group(m_container_id, m_pid, gid, {}, notify); } - m_inspector->m_usergroup_manager.add_group(m_container_id, m_pid, gid, name, notify); } } @@ -564,24 +564,20 @@ void sinsp_threadinfo::set_loginuid(uint32_t loginuid) { m_loginuid = loginuid; } -scap_userinfo* sinsp_threadinfo::get_user(uint32_t id) const { - auto user = m_inspector->m_usergroup_manager.get_user(m_container_id, id); +scap_userinfo* sinsp_threadinfo::get_user() const { + auto user = m_inspector->m_usergroup_manager.get_user(m_container_id, m_uid); if(user != nullptr) { return user; } static scap_userinfo usr{}; - usr.uid = id; + usr.uid = m_uid; usr.gid = m_gid; - strlcpy(usr.name, id == 0 ? "root" : "", sizeof(usr.name)); - strlcpy(usr.homedir, id == 0 ? "/root" : "", sizeof(usr.homedir)); + strlcpy(usr.name, m_uid == 0 ? "root" : "", sizeof(usr.name)); + strlcpy(usr.homedir, m_uid == 0 ? "/root" : "", sizeof(usr.homedir)); strlcpy(usr.shell, "", sizeof(usr.shell)); return &usr; } -scap_userinfo* sinsp_threadinfo::get_user() const { - return get_user(m_uid); -} - scap_groupinfo* sinsp_threadinfo::get_group() const { auto group = m_inspector->m_usergroup_manager.get_group(m_container_id, m_gid); if(group != nullptr) { @@ -594,7 +590,17 @@ scap_groupinfo* sinsp_threadinfo::get_group() const { } scap_userinfo* sinsp_threadinfo::get_loginuser() const { - return get_user(m_loginuid); + auto user = m_inspector->m_usergroup_manager.get_user(m_container_id, m_loginuid); + if(user != nullptr) { + return user; + } + static scap_userinfo usr{}; + usr.uid = m_loginuid; + usr.gid = m_gid; + strlcpy(usr.name, m_loginuid == 0 ? "root" : "", sizeof(usr.name)); + strlcpy(usr.homedir, m_loginuid == 0 ? "/root" : "", sizeof(usr.homedir)); + strlcpy(usr.shell, "", sizeof(usr.shell)); + return &usr; } void sinsp_threadinfo::set_args(const char* args, size_t len) { diff --git a/userspace/libsinsp/threadinfo.h b/userspace/libsinsp/threadinfo.h index 8998ff38e8..e03953fa05 100644 --- a/userspace/libsinsp/threadinfo.h +++ b/userspace/libsinsp/threadinfo.h @@ -608,8 +608,6 @@ class SINSP_PUBLIC sinsp_threadinfo : public libsinsp::state::table_entry { uint32_t& alen, std::string& rem) const; - scap_userinfo* get_user(uint32_t id) const; - // // Parameters that can't be accessed directly because they could be in the // parent thread info