Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add screenlock table #619

Merged
merged 4 commits into from Jun 24, 2020
Merged

Add screenlock table #619

merged 4 commits into from Jun 24, 2020

Conversation

directionless
Copy link
Contributor

@directionless directionless commented Jun 23, 2020
edited

Adds a screenlock table. This is implemented by invoking osquery under launchctl runas to get the target user context.

This is implemented as requiring user, and not as iterating against the logged_in_users, because it feels more correct to keep that kind of logic in sql. Testing does not show incorrect data being returned. Though, if we uncover issues, this should be revisited.

It would be a cleaner to require the user specification as uid, and not user. But requiring joins against the user table becomes awkward. This may change in the furture.

Replaces: #618
Fixes: #614

@directionless
Add screenlock table
50713c9 
Adds a screenlock table. This is implemented by invoking osquery under `launchctl runas` to get the target user context.
@directionless directionless mentioned this pull request Jun 23, 2020
Closed
blaedj
blaedj reviewed Jun 24, 2020
View reviewed changes
Copy link
Contributor

@blaedj blaedj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should I expect this to work from make sudo-osqueryi-tables? I only get empty results, no matter which user I user as a constraint

pkg/osquery/tables/screenlock/screenlock.go Show resolved Hide resolved
@directionless
Copy link
Contributor Author

sudo won't really work, no. Try make launchas-osqueryi-tables Though, we should chat on slack, you should be able to get your user's info.

blaedj
blaedj approved these changes Jun 24, 2020
View reviewed changes
Copy link
Contributor

@blaedj blaedj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, as discussed elsewhere there are a lot of permission/path issues that are best tested in the beta channel

@directionless directionless merged commit 75b1a43 into kolide:master Jun 24, 2020
@directionless directionless deleted the seph/screenlock branch June 24, 2020 21:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@blaedj blaedj blaedj approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Table Request: macOS Screenlock from outside user-context
2 participants
@directionless @blaedj