diff --git a/userspace/libsinsp/parsers.cpp b/userspace/libsinsp/parsers.cpp index 5975a75331..16cf2791c4 100644 --- a/userspace/libsinsp/parsers.cpp +++ b/userspace/libsinsp/parsers.cpp @@ -1311,7 +1311,7 @@ void sinsp_parser::parse_clone_exit_caller(sinsp_evt *evt, int64_t child_tid) { child_tinfo->m_tty = caller_tinfo->m_tty; - child_tinfo->set_loginuser(caller_tinfo->m_loginuid); + child_tinfo->set_loginuid(caller_tinfo->m_loginuid); child_tinfo->m_cap_permitted = caller_tinfo->m_cap_permitted; @@ -1349,11 +1349,10 @@ void sinsp_parser::parse_clone_exit_caller(sinsp_evt *evt, int64_t child_tid) { return; } - /* Refresh user / loginuser / group */ + /* Refresh user / group */ if(new_child->m_container_id.empty() == false) { new_child->set_group(new_child->m_gid); new_child->set_user(new_child->m_uid); - new_child->set_loginuser(new_child->m_loginuid); } /* If there's a listener, invoke it */ @@ -1626,7 +1625,7 @@ void sinsp_parser::parse_clone_exit_child(sinsp_evt *evt) { child_tinfo->m_tty = lookup_tinfo->m_tty; - child_tinfo->set_loginuser(lookup_tinfo->m_loginuid); + child_tinfo->set_loginuid(lookup_tinfo->m_loginuid); child_tinfo->m_cap_permitted = lookup_tinfo->m_cap_permitted; @@ -1840,11 +1839,10 @@ void sinsp_parser::parse_clone_exit_child(sinsp_evt *evt) { */ evt->set_tinfo(new_child.get()); - /* Refresh user / loginuser / group */ + /* Refresh user / group */ if(new_child->m_container_id.empty() == false) { new_child->set_group(new_child->m_gid); new_child->set_user(new_child->m_uid); - new_child->set_loginuser(new_child->m_loginuid); } // @@ -2227,7 +2225,7 @@ void sinsp_parser::parse_execve_exit(sinsp_evt *evt) { // Get the loginuid if(evt->get_num_params() > 18) { - evt->get_tinfo()->set_loginuser(evt->get_param(18)->as()); + evt->get_tinfo()->set_loginuid(evt->get_param(18)->as()); } // Get execve flags @@ -2317,13 +2315,12 @@ void sinsp_parser::parse_execve_exit(sinsp_evt *evt) { evt->get_tinfo()->compute_program_hash(); // - // Refresh user / loginuser / group + // Refresh user / group // if we happen to change container id // if(container_id != evt->get_tinfo()->m_container_id) { evt->get_tinfo()->set_group(evt->get_tinfo()->m_gid); evt->get_tinfo()->set_user(evt->get_tinfo()->m_uid); - evt->get_tinfo()->set_loginuser(evt->get_tinfo()->m_loginuid); } // @@ -5071,13 +5068,12 @@ void sinsp_parser::parse_chroot_exit(sinsp_evt *evt) { evt->get_tinfo(), m_inspector->is_live() || m_inspector->is_syscall_plugin()); // - // Refresh user / loginuser / group + // Refresh user / group // if we happen to change container id // if(container_id != evt->get_tinfo()->m_container_id) { evt->get_tinfo()->set_group(evt->get_tinfo()->m_gid); evt->get_tinfo()->set_user(evt->get_tinfo()->m_uid); - evt->get_tinfo()->set_loginuser(evt->get_tinfo()->m_loginuid); } } } diff --git a/userspace/libsinsp/threadinfo.cpp b/userspace/libsinsp/threadinfo.cpp index 45f54faf2d..0b023da43b 100644 --- a/userspace/libsinsp/threadinfo.cpp +++ b/userspace/libsinsp/threadinfo.cpp @@ -511,7 +511,7 @@ void sinsp_threadinfo::init(scap_threadinfo* pi) { set_group(pi->gid); set_user(pi->uid); - set_loginuser((uint32_t)pi->loginuid); + set_loginuid((uint32_t)pi->loginuid); } const sinsp_threadinfo::cgroups_t& sinsp_threadinfo::cgroups() const { @@ -549,24 +549,28 @@ void sinsp_threadinfo::set_group(uint32_t gid) { } } -void sinsp_threadinfo::set_loginuser(uint32_t loginuid) { +void sinsp_threadinfo::set_loginuid(uint32_t loginuid) { m_loginuid = loginuid; } -scap_userinfo* sinsp_threadinfo::get_user() const { - auto user = m_inspector->m_usergroup_manager.get_user(m_container_id, m_uid); +scap_userinfo* sinsp_threadinfo::get_user(uint32_t id) const { + auto user = m_inspector->m_usergroup_manager.get_user(m_container_id, id); if(user != nullptr) { return user; } static scap_userinfo usr{}; - usr.uid = m_uid; + usr.uid = id; usr.gid = m_gid; - strlcpy(usr.name, m_uid == 0 ? "root" : "", sizeof(usr.name)); - strlcpy(usr.homedir, m_uid == 0 ? "/root" : "", sizeof(usr.homedir)); + strlcpy(usr.name, id == 0 ? "root" : "", sizeof(usr.name)); + strlcpy(usr.homedir, id == 0 ? "/root" : "", sizeof(usr.homedir)); strlcpy(usr.shell, "", sizeof(usr.shell)); return &usr; } +scap_userinfo* sinsp_threadinfo::get_user() const { + return get_user(m_uid); +} + scap_groupinfo* sinsp_threadinfo::get_group() const { auto group = m_inspector->m_usergroup_manager.get_group(m_container_id, m_gid); if(group != nullptr) { @@ -579,17 +583,7 @@ scap_groupinfo* sinsp_threadinfo::get_group() const { } scap_userinfo* sinsp_threadinfo::get_loginuser() const { - auto user = m_inspector->m_usergroup_manager.get_user(m_container_id, m_loginuid); - if(user != nullptr) { - return user; - } - static scap_userinfo usr{}; - usr.uid = m_loginuid; - usr.gid = m_gid; - strlcpy(usr.name, m_loginuid == 0 ? "root" : "", sizeof(usr.name)); - strlcpy(usr.homedir, m_loginuid == 0 ? "/root" : "", sizeof(usr.homedir)); - strlcpy(usr.shell, "", sizeof(usr.shell)); - return &usr; + return get_user(m_loginuid); } void sinsp_threadinfo::set_args(const char* args, size_t len) { diff --git a/userspace/libsinsp/threadinfo.h b/userspace/libsinsp/threadinfo.h index 4e15fc3b3a..8998ff38e8 100644 --- a/userspace/libsinsp/threadinfo.h +++ b/userspace/libsinsp/threadinfo.h @@ -378,7 +378,7 @@ class SINSP_PUBLIC sinsp_threadinfo : public libsinsp::state::table_entry { void set_user(uint32_t uid); void set_group(uint32_t gid); - void set_loginuser(uint32_t loginuid); + void set_loginuid(uint32_t loginuid); using cgroups_t = std::vector>; const cgroups_t& cgroups() const; @@ -608,6 +608,8 @@ class SINSP_PUBLIC sinsp_threadinfo : public libsinsp::state::table_entry { uint32_t& alen, std::string& rem) const; + scap_userinfo* get_user(uint32_t id) const; + // // Parameters that can't be accessed directly because they could be in the // parent thread info