cleanup(userspace/libsinsp): drop user and group infos embedded in th…

…readinfo. Only store `uid`, `gid` and `loginuid` info. Signed-off-by: Federico Di Pierro <[email protected]>
falcosecurity · Nov 19, 2024 · 43754ca · 43754ca
1 parent facfcc3
commit 43754ca
Show file tree

Hide file tree

Showing 8 changed files with 115 additions and 203 deletions.
diff --git a/userspace/libsinsp/parsers.cpp b/userspace/libsinsp/parsers.cpp
@@ -1240,7 +1240,7 @@ void sinsp_parser::parse_clone_exit_caller(sinsp_evt *evt, int64_t child_tid) {
 	default:
 		ASSERT(false);
 	}
-	child_tinfo->set_user(uid);
+	child_tinfo->m_uid = uid;
 
 	/* gid */
 	int32_t gid = 0;
@@ -1267,7 +1267,7 @@ void sinsp_parser::parse_clone_exit_caller(sinsp_evt *evt, int64_t child_tid) {
 	default:
 		ASSERT(false);
 	}
-	child_tinfo->set_group(gid);
+	child_tinfo->m_gid = gid;
 
 	/* Set cgroups and heuristically detect container id */
 	switch(etype) {
@@ -1311,7 +1311,7 @@ void sinsp_parser::parse_clone_exit_caller(sinsp_evt *evt, int64_t child_tid) {
 
 		child_tinfo->m_tty = caller_tinfo->m_tty;
 
-		child_tinfo->m_loginuser = caller_tinfo->m_loginuser;
+		child_tinfo->m_loginuid = caller_tinfo->m_loginuid;
 
 		child_tinfo->m_cap_permitted = caller_tinfo->m_cap_permitted;
 
@@ -1349,13 +1349,6 @@ void sinsp_parser::parse_clone_exit_caller(sinsp_evt *evt, int64_t child_tid) {
 		return;
 	}
 
-	/* Refresh user / loginuser / group */
-	if(new_child->m_container_id.empty() == false) {
-		new_child->set_user(new_child->m_user.uid());
-		new_child->set_loginuser(new_child->m_loginuser.uid());
-		new_child->set_group(new_child->m_group.gid());
-	}
-
 	/* If there's a listener, invoke it */
 	if(m_inspector->get_observer()) {
 		m_inspector->get_observer()->on_clone(evt, new_child.get(), tid_collision);
@@ -1626,7 +1619,7 @@ void sinsp_parser::parse_clone_exit_child(sinsp_evt *evt) {
 
 		child_tinfo->m_tty = lookup_tinfo->m_tty;
 
-		child_tinfo->m_loginuser = lookup_tinfo->m_loginuser;
+		child_tinfo->m_loginuid = lookup_tinfo->m_loginuid;
 
 		child_tinfo->m_cap_permitted = lookup_tinfo->m_cap_permitted;
 
@@ -1767,7 +1760,7 @@ void sinsp_parser::parse_clone_exit_child(sinsp_evt *evt) {
 	default:
 		ASSERT(false);
 	}
-	child_tinfo->set_user(uid);
+	child_tinfo->m_uid = uid;
 
 	/* gid */
 	int32_t gid = 0;
@@ -1794,7 +1787,7 @@ void sinsp_parser::parse_clone_exit_child(sinsp_evt *evt) {
 	default:
 		ASSERT(false);
 	}
-	child_tinfo->set_group(gid);
+	child_tinfo->m_gid = gid;
 
 	/* Set cgroups and heuristically detect container id */
 	switch(etype) {
@@ -1840,13 +1833,6 @@ void sinsp_parser::parse_clone_exit_child(sinsp_evt *evt) {
 	 */
 	evt->set_tinfo(new_child.get());
 
-	/* Refresh user / loginuser / group */
-	if(new_child->m_container_id.empty() == false) {
-		new_child->set_user(new_child->m_user.uid());
-		new_child->set_loginuser(new_child->m_loginuser.uid());
-		new_child->set_group(new_child->m_group.gid());
-	}
-
 	//
 	// If there's a listener, invoke it
 	//
@@ -2227,7 +2213,7 @@ void sinsp_parser::parse_execve_exit(sinsp_evt *evt) {
 
 	// Get the loginuid
 	if(evt->get_num_params() > 18) {
-		evt->get_tinfo()->set_loginuser(evt->get_param(18)->as<uint32_t>());
+		evt->get_tinfo()->m_loginuid = evt->get_param(18)->as<uint32_t>();
 	}
 
 	// Get execve flags
@@ -2273,7 +2259,7 @@ void sinsp_parser::parse_execve_exit(sinsp_evt *evt) {
 
 	// Get uid
 	if(evt->get_num_params() > 26) {
-		evt->get_tinfo()->m_user.set_uid(evt->get_param(26)->as<uint32_t>());
+		evt->get_tinfo()->m_uid = evt->get_param(26)->as<uint32_t>();
 	}
 
 	// Get pgid
@@ -2316,16 +2302,6 @@ void sinsp_parser::parse_execve_exit(sinsp_evt *evt) {
 	//
 	evt->get_tinfo()->compute_program_hash();
 
-	//
-	// Refresh user / loginuser / group
-	// if we happen to change container id
-	//
-	if(container_id != evt->get_tinfo()->m_container_id) {
-		evt->get_tinfo()->set_user(evt->get_tinfo()->m_user.uid());
-		evt->get_tinfo()->set_loginuser(evt->get_tinfo()->m_loginuser.uid());
-		evt->get_tinfo()->set_group(evt->get_tinfo()->m_group.gid());
-	}
-
 	//
 	// If there's a listener, invoke it
 	//
@@ -4517,7 +4493,7 @@ void sinsp_parser::parse_setresuid_exit(sinsp_evt *evt) {
 		if(new_euid < std::numeric_limits<uint32_t>::max()) {
 			sinsp_threadinfo *ti = evt->get_thread_info();
 			if(ti) {
-				ti->set_user(new_euid);
+				ti->m_uid = new_euid;
 			}
 		}
 	}
@@ -4537,7 +4513,7 @@ void sinsp_parser::parse_setreuid_exit(sinsp_evt *evt) {
 		if(new_euid < std::numeric_limits<uint32_t>::max()) {
 			sinsp_threadinfo *ti = evt->get_thread_info();
 			if(ti) {
-				ti->set_user(new_euid);
+				ti->m_uid = new_euid;
 			}
 		}
 	}
@@ -4558,7 +4534,7 @@ void sinsp_parser::parse_setresgid_exit(sinsp_evt *evt) {
 		if(new_egid < std::numeric_limits<uint32_t>::max()) {
 			sinsp_threadinfo *ti = evt->get_thread_info();
 			if(ti) {
-				ti->set_group(new_egid);
+				ti->m_gid = new_egid;
 			}
 		}
 	}
@@ -4578,7 +4554,7 @@ void sinsp_parser::parse_setregid_exit(sinsp_evt *evt) {
 		if(new_egid < std::numeric_limits<uint32_t>::max()) {
 			sinsp_threadinfo *ti = evt->get_thread_info();
 			if(ti) {
-				ti->set_group(new_egid);
+				ti->m_gid = new_egid;
 			}
 		}
 	}
@@ -4597,7 +4573,7 @@ void sinsp_parser::parse_setuid_exit(sinsp_evt *evt) {
 		uint32_t new_euid = enter_evt->get_param(0)->as<uint32_t>();
 		sinsp_threadinfo *ti = evt->get_thread_info();
 		if(ti) {
-			ti->set_user(new_euid);
+			ti->m_uid = new_euid;
 		}
 	}
 }
@@ -4615,7 +4591,7 @@ void sinsp_parser::parse_setgid_exit(sinsp_evt *evt) {
 		uint32_t new_egid = enter_evt->get_param(0)->as<uint32_t>();
 		sinsp_threadinfo *ti = evt->get_thread_info();
 		if(ti) {
-			ti->set_group(new_egid);
+			ti->m_gid = new_egid;
 		}
 	}
 }
@@ -5070,15 +5046,6 @@ void sinsp_parser::parse_chroot_exit(sinsp_evt *evt) {
 		m_inspector->m_container_manager.resolve_container(
 		        evt->get_tinfo(),
 		        m_inspector->is_live() || m_inspector->is_syscall_plugin());
-		//
-		// Refresh user / loginuser / group
-		// if we happen to change container id
-		//
-		if(container_id != evt->get_tinfo()->m_container_id) {
-			evt->get_tinfo()->set_user(evt->get_tinfo()->m_user.uid());
-			evt->get_tinfo()->set_loginuser(evt->get_tinfo()->m_loginuser.uid());
-			evt->get_tinfo()->set_group(evt->get_tinfo()->m_group.gid());
-		}
 	}
 }
 

diff --git a/userspace/libsinsp/sinsp_filtercheck_group.cpp b/userspace/libsinsp/sinsp_filtercheck_group.cpp
@@ -67,11 +67,13 @@ uint8_t* sinsp_filter_check_group::extract_single(sinsp_evt* evt,
 
 	switch(m_field_id) {
 	case TYPE_GID:
-		m_gid = tinfo->m_group.gid();
+		m_gid = tinfo->m_gid;
 		RETURN_EXTRACT_VAR(m_gid);
-	case TYPE_NAME:
-		m_name = tinfo->m_group.name();
+	case TYPE_NAME: {
+		auto group = tinfo->get_group();
+		m_name = group->name;
 		RETURN_EXTRACT_STRING(m_name);
+	}
 	default:
 		ASSERT(false);
 		break;

diff --git a/userspace/libsinsp/sinsp_filtercheck_user.cpp b/userspace/libsinsp/sinsp_filtercheck_user.cpp
@@ -100,27 +100,29 @@ uint8_t* sinsp_filter_check_user::extract_single(sinsp_evt* evt,
 		RETURN_EXTRACT_STRING(container_info->m_container_user);
 	}
 
+	auto user = tinfo->get_user();
+	auto loginuser = tinfo->get_loginuser();
 	switch(m_field_id) {
 	case TYPE_UID:
-		m_val.u32 = tinfo->m_user.uid();
+		m_val.u32 = tinfo->m_uid;
 		RETURN_EXTRACT_VAR(m_val.u32);
 	case TYPE_NAME:
-		m_strval = tinfo->m_user.name();
+		m_strval = user->name;
 		RETURN_EXTRACT_STRING(m_strval);
 	case TYPE_HOMEDIR:
-		m_strval = tinfo->m_user.homedir();
+		m_strval = user->homedir;
 		RETURN_EXTRACT_STRING(m_strval);
 	case TYPE_SHELL:
-		m_strval = tinfo->m_user.shell();
+		m_strval = user->shell;
 		RETURN_EXTRACT_STRING(m_strval);
 	case TYPE_LOGINUID:
 		m_val.s64 = (int64_t)-1;
-		if(tinfo->m_loginuser.uid() < UINT32_MAX) {
-			m_val.s64 = (int64_t)tinfo->m_loginuser.uid();
+		if(tinfo->m_loginuid < UINT32_MAX) {
+			m_val.s64 = (int64_t)tinfo->m_loginuid;
 		}
 		RETURN_EXTRACT_VAR(m_val.s64);
 	case TYPE_LOGINNAME:
-		m_strval = tinfo->m_loginuser.name();
+		m_strval = loginuser->name;
 		RETURN_EXTRACT_STRING(m_strval);
 	default:
 		ASSERT(false);

diff --git a/userspace/libsinsp/test/parsers/parse_setregid.cpp b/userspace/libsinsp/test/parsers/parse_setregid.cpp
@@ -33,7 +33,7 @@ TEST_F(sinsp_with_test_input, SETREGID_failure) {
 
 	sinsp_threadinfo* ti = m_inspector.get_thread_ref(p2_t2_tid, false).get();
 	ASSERT_TRUE(ti);
-	ASSERT_TRUE(ti->m_user.gid() == 0);
+	ASSERT_TRUE(ti->m_gid == 0);
 }
 
 TEST_F(sinsp_with_test_input, SETREGID_success) {
@@ -50,5 +50,5 @@ TEST_F(sinsp_with_test_input, SETREGID_success) {
 
 	sinsp_threadinfo* ti = m_inspector.get_thread_ref(p2_t2_tid, false).get();
 	ASSERT_TRUE(ti);
-	ASSERT_TRUE(ti->m_user.gid() == 1337);
+	ASSERT_TRUE(ti->m_gid == 1337);
 }
diff --git a/userspace/libsinsp/test/parsers/parse_setreuid.cpp b/userspace/libsinsp/test/parsers/parse_setreuid.cpp
@@ -33,7 +33,7 @@ TEST_F(sinsp_with_test_input, SETREUID_failure) {
 
 	sinsp_threadinfo* ti = m_inspector.get_thread_ref(p2_t2_tid, false).get();
 	ASSERT_TRUE(ti);
-	ASSERT_TRUE(ti->m_user.uid() == 0);
+	ASSERT_TRUE(ti->m_uid == 0);
 }
 
 TEST_F(sinsp_with_test_input, SETREUID_success) {
@@ -50,5 +50,5 @@ TEST_F(sinsp_with_test_input, SETREUID_success) {
 
 	sinsp_threadinfo* ti = m_inspector.get_thread_ref(p2_t2_tid, false).get();
 	ASSERT_TRUE(ti);
-	ASSERT_TRUE(ti->m_user.uid() == 1337);
+	ASSERT_TRUE(ti->m_uid == 1337);
 }