-
-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added is_hidden column to the users and groups tables on macOS. #5368
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for working on it, @drakearonhalt !
And may I ask you to create a test for you changes? Or at least to modify existing integration tests for this tables in tests/integration/tables/
.
isHidden = std::string([isHiddenValue[0] UTF8String]); | ||
boost::algorithm::to_lower(isHidden); | ||
// isHiddenValue can be 1 || True || YES to hide the user or group | ||
if (isHidden == "yes" || isHidden == "1" || isHidden == "true") { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would it be better to use tryTo<bool>()
from osquery/utils/conversions/tryto.h
instead of manual parsing?
Something like:
tryTo<bool>(std::string([isHiddenValue[0] UTF8String])).takeOr(false);
} | ||
results.push_back(r); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
May I ask you to convert r
to rvalue for push_back, to prevent useless copy?
result.push_back(std::move(r));
@akindyakov I modified |
Perfect, let me run more tests on it and we good to go |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@akindyakov has imported this pull request. If you are a Facebook employee, you can view this diff on Phabricator.
All tests passed. Lets merge it |
…ery#5368) Summary: This PR is the result of the discussion in a previous PR (osquery#5348) after we determined account_policy_data was the wrong place for the column. Add `is_hidden` column to the users and groups tables in macOS. `is_hidden` is populated by looking for the `dsAttrTypeNative:IsHidden` attribute in the OpenDirectory record for the user/group if the value is `1`, `True`, or `Yes` is_hidden is 1. If the value is anything else it's set to 0. Invalid values have the same affect as the attribute not existing at all. The `dsAttrTypeNative:IsHidden` attribute controls whether a user account is is visible in the preferences panel similar to having a uid < 500. One test failed when running buck test: ``` ====STANDARD OUT==== tests/integration/tables/helper.cpp:159: Failure Value of: boost::get<CustomCheckerType>(validator)(value) Actual: false Expected: true Custom validator of the column "mask" with value "" failed ``` This also fails when I ran the test on the current experimental branch as well. Important to note I had to remove the optimization on both the user and group tables that just called `getpwnam` if the query specified the `uid` or `gid` since the struct returned doesn't contain the `IsHidden` attribute. I'm not sure if or how much this will affect performance since I wasn't able to get the profiling to work with the new version (very likely I'm just doing it incorrectly). Pull Request resolved: osquery#5368 Differential Revision: D13862375 Pulled By: akindyakov fbshipit-source-id: 1fec88a6ba71884f7e611e1d96ea00630c5be655
In osquery#5368 the optimization where the uid/gid constraint was removed. At the time, the PR states this might have adverse performance effects. I think, in fact, we have them. Debugging a performance regression in osquery#5656 I see that we're doing a lot of queries to this table, they are quite expensive. This fix may not be ideal. It removes the `is_hidden` attribute when constraining by uid/gid. Perhaps there's a better query planner related fix
…S. (osquery#5368)" This reverts commit e205458.
…S. (osquery#5368)" This reverts commit e205458.
…S. (osquery#5368)" This reverts commit e205458.
This PR supersedes osquery#5669 with an alternate approach of moving forward without a revert of osquery#5368.
This PR is the result of the discussion in a previous PR (#5348) after we determined account_policy_data was the wrong place for the column.
Add
is_hidden
column to the users and groups tables in macOS.is_hidden
is populated by looking for thedsAttrTypeNative:IsHidden
attribute in the OpenDirectory record for the user/group if the value is1
,True
, orYes
is_hidden is 1. If the value is anything else it's set to 0. Invalid values have the same affect as the attribute not existing at all.The
dsAttrTypeNative:IsHidden
attribute controls whether a user account is is visible in the preferences panel similar to having a uid < 500.One test failed when running buck test:
This also fails when I ran the test on the current experimental branch as well.
Important to note I had to remove the optimization on both the user and group tables that just called
getpwnam
if the query specified theuid
orgid
since the struct returned doesn't contain theIsHidden
attribute. I'm not sure if or how much this will affect performance since I wasn't able to get the profiling to work with the new version (very likely I'm just doing it incorrectly).