diff --git a/Source/santad/Logs/EndpointSecurity/Serializers/Protobuf.mm b/Source/santad/Logs/EndpointSecurity/Serializers/Protobuf.mm index 2e06857ef..d8d0cf8af 100644 --- a/Source/santad/Logs/EndpointSecurity/Serializers/Protobuf.mm +++ b/Source/santad/Logs/EndpointSecurity/Serializers/Protobuf.mm @@ -139,6 +139,16 @@ static inline void EncodeUserInfo(::pbv1::UserInfo *pb_user_info, uid_t uid, } } +static inline void EncodeUserInfo(std::function<::pbv1::UserInfo *()> lazy_f, + std::optional uid, const es_string_token_t &name) { + if (uid.has_value()) { + lazy_f()->set_uid(uid.value()); + } + if (name.length > 0) { + lazy_f()->set_name(name.data, name.length); + } +} + static inline void EncodeGroupInfo(::pbv1::GroupInfo *pb_group_info, gid_t gid, const std::optional> &name) { pb_group_info->set_gid(gid); @@ -757,47 +767,222 @@ void EncodeEntitlements(::pbv1::Execution *pb_exec, SNTCachedDecision *cd) { #if HAVE_MACOS_13 +::pbv1::SocketAddress::Type GetSocketAddressType(es_address_type_t type) { + switch (type) { + case ES_ADDRESS_TYPE_NONE: return ::pbv1::SocketAddress::TYPE_NONE; + case ES_ADDRESS_TYPE_IPV4: return ::pbv1::SocketAddress::TYPE_IPV4; + case ES_ADDRESS_TYPE_IPV6: return ::pbv1::SocketAddress::TYPE_IPV6; + case ES_ADDRESS_TYPE_NAMED_SOCKET: return ::pbv1::SocketAddress::TYPE_NAMED_SOCKET; + default: return ::pbv1::SocketAddress::TYPE_UNKNOWN; + } +} + +::pbv1::OpenSSHLogin::Result GetOpenSSHLoginResultType(es_openssh_login_result_type_t type) { + switch (type) { + case ES_OPENSSH_LOGIN_EXCEED_MAXTRIES: + return ::pbv1::OpenSSHLogin::RESULT_LOGIN_EXCEED_MAXTRIES; + case ES_OPENSSH_LOGIN_ROOT_DENIED: return ::pbv1::OpenSSHLogin::RESULT_LOGIN_ROOT_DENIED; + case ES_OPENSSH_AUTH_SUCCESS: return ::pbv1::OpenSSHLogin::RESULT_AUTH_SUCCESS; + case ES_OPENSSH_AUTH_FAIL_NONE: return ::pbv1::OpenSSHLogin::RESULT_AUTH_FAIL_NONE; + case ES_OPENSSH_AUTH_FAIL_PASSWD: return ::pbv1::OpenSSHLogin::RESULT_AUTH_FAIL_PASSWD; + case ES_OPENSSH_AUTH_FAIL_KBDINT: return ::pbv1::OpenSSHLogin::RESULT_AUTH_FAIL_KBDINT; + case ES_OPENSSH_AUTH_FAIL_PUBKEY: return ::pbv1::OpenSSHLogin::RESULT_AUTH_FAIL_PUBKEY; + case ES_OPENSSH_AUTH_FAIL_HOSTBASED: return ::pbv1::OpenSSHLogin::RESULT_AUTH_FAIL_HOSTBASED; + case ES_OPENSSH_AUTH_FAIL_GSSAPI: return ::pbv1::OpenSSHLogin::RESULT_AUTH_FAIL_GSSAPI; + case ES_OPENSSH_INVALID_USER: return ::pbv1::OpenSSHLogin::RESULT_INVALID_USER; + default: return ::pbv1::OpenSSHLogin::RESULT_UNKNOWN; + } +} + +static inline void EncodeSocketAddress(::pbv1::SocketAddress *pb_socket_addr, std::string_view addr, + es_address_type_t type) { + EncodeString([pb_socket_addr] { return pb_socket_addr->mutable_address(); }, addr); + pb_socket_addr->set_type(GetSocketAddressType(type)); +} + +static inline void EncodeUserInfo(std::function<::pbv1::UserInfo *()> lazy_f, + const es_string_token_t &name) { + EncodeUserInfo(lazy_f, std::nullopt, name); +} + std::vector Protobuf::SerializeMessage(const EnrichedLoginWindowSessionLogin &msg) { - return {}; + Arena arena; + ::pbv1::SantaMessage *santa_msg = CreateDefaultProto(&arena, msg); + ::pbv1::LoginWindowSessionLogin *pb_lw_login = + santa_msg->mutable_login_window_session()->mutable_login(); + + EncodeProcessInfoLight(pb_lw_login->mutable_instigator(), msg); + EncodeUserInfo([pb_lw_login] { return pb_lw_login->mutable_user(); }, msg.UID(), + msg->event.lw_session_login->username); + + pb_lw_login->mutable_graphical_session()->set_id( + msg->event.lw_session_login->graphical_session_id); + + return FinalizeProto(santa_msg); } std::vector Protobuf::SerializeMessage(const EnrichedLoginWindowSessionLogout &msg) { - return {}; + Arena arena; + ::pbv1::SantaMessage *santa_msg = CreateDefaultProto(&arena, msg); + ::pbv1::LoginWindowSessionLogout *pb_lw_logout = + santa_msg->mutable_login_window_session()->mutable_logout(); + + EncodeProcessInfoLight(pb_lw_logout->mutable_instigator(), msg); + EncodeUserInfo([pb_lw_logout] { return pb_lw_logout->mutable_user(); }, msg.UID(), + msg->event.lw_session_logout->username); + + pb_lw_logout->mutable_graphical_session()->set_id( + msg->event.lw_session_logout->graphical_session_id); + + return FinalizeProto(santa_msg); } std::vector Protobuf::SerializeMessage(const EnrichedLoginWindowSessionLock &msg) { - return {}; + Arena arena; + ::pbv1::SantaMessage *santa_msg = CreateDefaultProto(&arena, msg); + ::pbv1::LoginWindowSessionLock *pb_lw_lock = + santa_msg->mutable_login_window_session()->mutable_lock(); + + EncodeProcessInfoLight(pb_lw_lock->mutable_instigator(), msg); + EncodeUserInfo([pb_lw_lock] { return pb_lw_lock->mutable_user(); }, msg.UID(), + msg->event.lw_session_lock->username); + + pb_lw_lock->mutable_graphical_session()->set_id(msg->event.lw_session_lock->graphical_session_id); + + return FinalizeProto(santa_msg); } std::vector Protobuf::SerializeMessage(const EnrichedLoginWindowSessionUnlock &msg) { - return {}; + Arena arena; + ::pbv1::SantaMessage *santa_msg = CreateDefaultProto(&arena, msg); + ::pbv1::LoginWindowSessionUnlock *pb_lw_unlock = + santa_msg->mutable_login_window_session()->mutable_unlock(); + + EncodeProcessInfoLight(pb_lw_unlock->mutable_instigator(), msg); + EncodeUserInfo([pb_lw_unlock] { return pb_lw_unlock->mutable_user(); }, msg.UID(), + msg->event.lw_session_unlock->username); + + pb_lw_unlock->mutable_graphical_session()->set_id( + msg->event.lw_session_unlock->graphical_session_id); + + return FinalizeProto(santa_msg); } std::vector Protobuf::SerializeMessage(const EnrichedScreenSharingAttach &msg) { - return {}; + Arena arena; + ::pbv1::SantaMessage *santa_msg = CreateDefaultProto(&arena, msg); + ::pbv1::ScreenSharingAttach *pb_attach = santa_msg->mutable_screen_sharing()->mutable_attach(); + + EncodeProcessInfoLight(pb_attach->mutable_instigator(), msg); + + pb_attach->set_success(msg->event.screensharing_attach->success); + + EncodeSocketAddress(pb_attach->mutable_source(), + StringTokenToStringView(msg->event.screensharing_attach->source_address), + msg->event.screensharing_attach->source_address_type); + EncodeString([pb_attach] { return pb_attach->mutable_viewer(); }, + StringTokenToStringView(msg->event.screensharing_attach->viewer_appleid)); + EncodeString([pb_attach] { return pb_attach->mutable_authentication_type(); }, + StringTokenToStringView(msg->event.screensharing_attach->authentication_type)); + EncodeUserInfo([pb_attach] { return pb_attach->mutable_authentication_user(); }, + msg->event.screensharing_attach->authentication_username); + EncodeUserInfo([pb_attach] { return pb_attach->mutable_session_user(); }, + msg->event.screensharing_attach->session_username); + + pb_attach->set_existing_session(msg->event.screensharing_attach->existing_session); + pb_attach->mutable_graphical_session()->set_id( + msg->event.screensharing_attach->graphical_session_id); + + return FinalizeProto(santa_msg); } std::vector Protobuf::SerializeMessage(const EnrichedScreenSharingDetach &msg) { - return {}; + Arena arena; + ::pbv1::SantaMessage *santa_msg = CreateDefaultProto(&arena, msg); + ::pbv1::ScreenSharingDetach *pb_detach = santa_msg->mutable_screen_sharing()->mutable_detach(); + + EncodeProcessInfoLight(pb_detach->mutable_instigator(), msg); + EncodeSocketAddress(pb_detach->mutable_source(), + StringTokenToStringView(msg->event.screensharing_detach->source_address), + msg->event.screensharing_detach->source_address_type); + EncodeString([pb_detach] { return pb_detach->mutable_viewer(); }, + StringTokenToStringView(msg->event.screensharing_detach->viewer_appleid)); + + pb_detach->mutable_graphical_session()->set_id( + msg->event.screensharing_detach->graphical_session_id); + + return FinalizeProto(santa_msg); } std::vector Protobuf::SerializeMessage(const EnrichedOpenSSHLogin &msg) { - return {}; + Arena arena; + ::pbv1::SantaMessage *santa_msg = CreateDefaultProto(&arena, msg); + ::pbv1::OpenSSHLogin *pb_ssh_login = santa_msg->mutable_open_ssh()->mutable_login(); + + EncodeProcessInfoLight(pb_ssh_login->mutable_instigator(), msg); + + pb_ssh_login->set_result(GetOpenSSHLoginResultType(msg->event.openssh_login->result_type)); + + EncodeSocketAddress(pb_ssh_login->mutable_source(), + StringTokenToStringView(msg->event.openssh_login->source_address), + msg->event.openssh_login->source_address_type); + EncodeUserInfo([pb_ssh_login] { return pb_ssh_login->mutable_user(); }, + msg->event.openssh_login->has_uid + ? std::make_optional(msg->event.openssh_login->uid.uid) + : std::nullopt, + msg->event.openssh_login->username); + + return FinalizeProto(santa_msg); } std::vector Protobuf::SerializeMessage(const EnrichedOpenSSHLogout &msg) { - return {}; + Arena arena; + ::pbv1::SantaMessage *santa_msg = CreateDefaultProto(&arena, msg); + ::pbv1::OpenSSHLogout *pb_ssh_logout = santa_msg->mutable_open_ssh()->mutable_logout(); + + EncodeProcessInfoLight(pb_ssh_logout->mutable_instigator(), msg); + + EncodeSocketAddress(pb_ssh_logout->mutable_source(), + StringTokenToStringView(msg->event.openssh_logout->source_address), + msg->event.openssh_logout->source_address_type); + EncodeUserInfo([pb_ssh_logout] { return pb_ssh_logout->mutable_user(); }, + msg->event.openssh_logout->uid, msg->event.openssh_logout->username); + + return FinalizeProto(santa_msg); } std::vector Protobuf::SerializeMessage(const EnrichedLoginLogin &msg) { - return {}; + Arena arena; + ::pbv1::SantaMessage *santa_msg = CreateDefaultProto(&arena, msg); + ::pbv1::Login *pb_login = santa_msg->mutable_login_logout()->mutable_login(); + + EncodeProcessInfoLight(pb_login->mutable_instigator(), msg); + pb_login->set_success(msg->event.login_login->success); + + EncodeString([pb_login] { return pb_login->mutable_failure_message(); }, + StringTokenToStringView(msg->event.login_login->failure_message)); + EncodeUserInfo([pb_login] { return pb_login->mutable_user(); }, + msg->event.login_login->has_uid + ? std::make_optional(msg->event.login_login->uid.uid) + : std::nullopt, + msg->event.login_login->username); + + return FinalizeProto(santa_msg); } std::vector Protobuf::SerializeMessage(const EnrichedLoginLogout &msg) { - return {}; + Arena arena; + ::pbv1::SantaMessage *santa_msg = CreateDefaultProto(&arena, msg); + ::pbv1::Logout *pb_logout = santa_msg->mutable_login_logout()->mutable_logout(); + + EncodeProcessInfoLight(pb_logout->mutable_instigator(), msg); + EncodeUserInfo([pb_logout] { return pb_logout->mutable_user(); }, msg->event.login_logout->uid, + msg->event.login_logout->username); + + return FinalizeProto(santa_msg); } -#endif +#endif // HAVE_MACOS_13 std::vector Protobuf::SerializeFileAccess(const std::string &policy_version, const std::string &policy_name, diff --git a/Source/santad/Logs/EndpointSecurity/Serializers/ProtobufTest.mm b/Source/santad/Logs/EndpointSecurity/Serializers/ProtobufTest.mm index d14bcb8bc..862d5a313 100644 --- a/Source/santad/Logs/EndpointSecurity/Serializers/ProtobufTest.mm +++ b/Source/santad/Logs/EndpointSecurity/Serializers/ProtobufTest.mm @@ -68,6 +68,10 @@ extern ::pbv1::FileDescriptor::FDType GetFileDescriptorType(uint32_t fdtype); extern ::pbv1::FileAccess::AccessType GetAccessType(es_event_type_t event_type); extern ::pbv1::FileAccess::PolicyDecision GetPolicyDecision(FileAccessPolicyDecision decision); +#if HAVE_MACOS_13 +extern ::pbv1::SocketAddress::Type GetSocketAddressType(es_address_type_t type); +extern ::pbv1::OpenSSHLogin::Result GetOpenSSHLoginResultType(es_openssh_login_result_type_t type); +#endif // HAVE_MACOS_13 } // namespace santa::santad::logs::endpoint_security::serializers using santa::santad::logs::endpoint_security::serializers::EncodeEntitlements; @@ -78,6 +82,10 @@ using santa::santad::logs::endpoint_security::serializers::GetModeEnum; using santa::santad::logs::endpoint_security::serializers::GetPolicyDecision; using santa::santad::logs::endpoint_security::serializers::GetReasonEnum; +#if HAVE_MACOS_13 +using santa::santad::logs::endpoint_security::serializers::GetOpenSSHLoginResultType; +using santa::santad::logs::endpoint_security::serializers::GetSocketAddressType; +#endif // HAVE_MACOS_13 @interface ProtobufTest : XCTestCase @property id mockConfigurator; @@ -788,6 +796,219 @@ - (void)testSerializeMessageCodesigningInvalidated { json:NO]; } +#if HAVE_MACOS_13 + +- (void)testSerializeMessageLoginWindowSessionLogin { + __block es_event_lw_session_login_t lwLogin = { + .username = MakeESStringToken("daemon"), + .graphical_session_id = 123, + }; + + [self serializeAndCheckEvent:ES_EVENT_TYPE_NOTIFY_LW_SESSION_LOGIN + messageSetup:^(std::shared_ptr mockESApi, + es_message_t *esMsg) { + esMsg->event.lw_session_login = &lwLogin; + }]; +} + +- (void)testSerializeMessageLoginWindowSessionLogout { + __block es_event_lw_session_logout_t lwLogout = { + .username = MakeESStringToken("daemon"), + .graphical_session_id = 123, + }; + + [self serializeAndCheckEvent:ES_EVENT_TYPE_NOTIFY_LW_SESSION_LOGOUT + messageSetup:^(std::shared_ptr mockESApi, + es_message_t *esMsg) { + esMsg->event.lw_session_logout = &lwLogout; + }]; +} + +- (void)testSerializeMessageLoginWindowSessionLock { + __block es_event_lw_session_lock_t lwLock = { + .username = MakeESStringToken("daemon"), + .graphical_session_id = 123, + }; + + [self serializeAndCheckEvent:ES_EVENT_TYPE_NOTIFY_LW_SESSION_LOCK + messageSetup:^(std::shared_ptr mockESApi, + es_message_t *esMsg) { + esMsg->event.lw_session_lock = &lwLock; + }]; +} + +- (void)testSerializeMessageLoginWindowSessionUnlock { + __block es_event_lw_session_unlock_t lwUnlock = { + .username = MakeESStringToken("daemon"), + .graphical_session_id = 123, + }; + + [self serializeAndCheckEvent:ES_EVENT_TYPE_NOTIFY_LW_SESSION_UNLOCK + messageSetup:^(std::shared_ptr mockESApi, + es_message_t *esMsg) { + esMsg->event.lw_session_unlock = &lwUnlock; + }]; +} + +- (void)testSerializeMessageScreensharingAttach { + __block es_event_screensharing_attach_t attach = { + .success = true, + .source_address_type = ES_ADDRESS_TYPE_IPV6, + .source_address = MakeESStringToken("::1"), + .viewer_appleid = MakeESStringToken("foo@example.com"), + .authentication_type = MakeESStringToken("idk"), + .authentication_username = MakeESStringToken("my_auth_user"), + .session_username = MakeESStringToken("my_session_user"), + .existing_session = true, + .graphical_session_id = 123, + }; + + [self serializeAndCheckEvent:ES_EVENT_TYPE_NOTIFY_SCREENSHARING_ATTACH + messageSetup:^(std::shared_ptr mockESApi, + es_message_t *esMsg) { + esMsg->event.screensharing_attach = &attach; + }]; + + attach.source_address_type = (es_address_type_t)1234; + attach.source_address = MakeESStringToken(NULL); + attach.viewer_appleid = MakeESStringToken(NULL); + attach.authentication_type = MakeESStringToken(NULL); + attach.authentication_username = MakeESStringToken(NULL); + attach.session_username = MakeESStringToken(NULL); + + [self serializeAndCheckEvent:ES_EVENT_TYPE_NOTIFY_SCREENSHARING_ATTACH + messageSetup:^(std::shared_ptr mockESApi, + es_message_t *esMsg) { + esMsg->event.screensharing_attach = &attach; + } + variant:@"unset_fields"]; +} + +- (void)testSerializeMessageScreensharingDetach { + __block es_event_screensharing_detach_t detach = { + .source_address_type = ES_ADDRESS_TYPE_IPV4, + .source_address = MakeESStringToken("1.2.3.4"), + .viewer_appleid = MakeESStringToken("foo@example.com"), + .graphical_session_id = 123, + }; + + [self serializeAndCheckEvent:ES_EVENT_TYPE_NOTIFY_SCREENSHARING_DETACH + messageSetup:^(std::shared_ptr mockESApi, + es_message_t *esMsg) { + esMsg->event.screensharing_detach = &detach; + }]; +} + +- (void)testSerializeMessageOpenSSHLogin { + __block es_event_openssh_login_t sshLogin = {.success = true, + .result_type = ES_OPENSSH_AUTH_SUCCESS, + .source_address_type = ES_ADDRESS_TYPE_IPV4, + .source_address = MakeESStringToken("1.2.3.4"), + .username = MakeESStringToken("foo_user"), + .has_uid = true, + .uid = { + .uid = 12345, + }}; + + [self serializeAndCheckEvent:ES_EVENT_TYPE_NOTIFY_OPENSSH_LOGIN + messageSetup:^(std::shared_ptr mockESApi, + es_message_t *esMsg) { + esMsg->event.openssh_login = &sshLogin; + }]; + + sshLogin.success = false; + sshLogin.result_type = ES_OPENSSH_AUTH_FAIL_HOSTBASED; + sshLogin.source_address_type = ES_ADDRESS_TYPE_IPV6; + sshLogin.source_address = MakeESStringToken("::1"); + sshLogin.has_uid = false; + sshLogin.username = MakeESStringToken(NULL); + + [self serializeAndCheckEvent:ES_EVENT_TYPE_NOTIFY_OPENSSH_LOGIN + messageSetup:^(std::shared_ptr mockESApi, + es_message_t *esMsg) { + esMsg->event.openssh_login = &sshLogin; + } + variant:@"failed_attempt"]; +} + +- (void)testSerializeMessageOpenSSHLogout { + __block es_event_openssh_logout_t sshLogout = { + .source_address_type = ES_ADDRESS_TYPE_IPV4, + .source_address = MakeESStringToken("1.2.3.4"), + .username = MakeESStringToken("foo_user"), + .uid = 12345, + }; + + [self serializeAndCheckEvent:ES_EVENT_TYPE_NOTIFY_OPENSSH_LOGOUT + messageSetup:^(std::shared_ptr mockESApi, + es_message_t *esMsg) { + esMsg->event.openssh_logout = &sshLogout; + }]; +} + +- (void)testSerializeMessageLoginLogin { + __block es_event_login_login_t login = {.success = true, + .failure_message = MakeESStringToken(NULL), + .username = MakeESStringToken("asdf"), + .has_uid = true, + .uid = { + .uid = 321, + }}; + + [self serializeAndCheckEvent:ES_EVENT_TYPE_NOTIFY_LOGIN_LOGIN + messageSetup:^(std::shared_ptr mockESApi, + es_message_t *esMsg) { + esMsg->event.login_login = &login; + }]; + + login.success = false; + login.failure_message = MakeESStringToken("my|failure"); + login.has_uid = false; + + [self serializeAndCheckEvent:ES_EVENT_TYPE_NOTIFY_LOGIN_LOGIN + messageSetup:^(std::shared_ptr mockESApi, + es_message_t *esMsg) { + esMsg->event.login_login = &login; + } + variant:@"failed_attempt"]; +} + +- (void)testGetSocketAddressType { + std::map esToSantaAddrType = { + {ES_ADDRESS_TYPE_NONE, ::pbv1::SocketAddress::TYPE_NONE}, + {ES_ADDRESS_TYPE_IPV4, ::pbv1::SocketAddress::TYPE_IPV4}, + {ES_ADDRESS_TYPE_IPV6, ::pbv1::SocketAddress::TYPE_IPV6}, + {ES_ADDRESS_TYPE_NAMED_SOCKET, ::pbv1::SocketAddress::TYPE_NAMED_SOCKET}, + {(es_address_type_t)1234, ::pbv1::SocketAddress::TYPE_UNKNOWN}, + }; + + for (const auto &kv : esToSantaAddrType) { + XCTAssertEqual(GetSocketAddressType(kv.first), kv.second); + } +} + +- (void)testGetOpenSSHLoginResultType { + std::map esToSantaOpenSSHResultType{ + {ES_OPENSSH_LOGIN_EXCEED_MAXTRIES, ::pbv1::OpenSSHLogin::RESULT_LOGIN_EXCEED_MAXTRIES}, + {ES_OPENSSH_LOGIN_ROOT_DENIED, ::pbv1::OpenSSHLogin::RESULT_LOGIN_ROOT_DENIED}, + {ES_OPENSSH_AUTH_SUCCESS, ::pbv1::OpenSSHLogin::RESULT_AUTH_SUCCESS}, + {ES_OPENSSH_AUTH_FAIL_NONE, ::pbv1::OpenSSHLogin::RESULT_AUTH_FAIL_NONE}, + {ES_OPENSSH_AUTH_FAIL_PASSWD, ::pbv1::OpenSSHLogin::RESULT_AUTH_FAIL_PASSWD}, + {ES_OPENSSH_AUTH_FAIL_KBDINT, ::pbv1::OpenSSHLogin::RESULT_AUTH_FAIL_KBDINT}, + {ES_OPENSSH_AUTH_FAIL_PUBKEY, ::pbv1::OpenSSHLogin::RESULT_AUTH_FAIL_PUBKEY}, + {ES_OPENSSH_AUTH_FAIL_HOSTBASED, ::pbv1::OpenSSHLogin::RESULT_AUTH_FAIL_HOSTBASED}, + {ES_OPENSSH_AUTH_FAIL_GSSAPI, ::pbv1::OpenSSHLogin::RESULT_AUTH_FAIL_GSSAPI}, + {ES_OPENSSH_INVALID_USER, ::pbv1::OpenSSHLogin::RESULT_INVALID_USER}, + {(es_openssh_login_result_type_t)1234, ::pbv1::OpenSSHLogin::RESULT_UNKNOWN}, + }; + + for (const auto &kv : esToSantaOpenSSHResultType) { + XCTAssertEqual(GetOpenSSHLoginResultType(kv.first), kv.second); + } +} + +#endif // HAVE_MACOS_13 + - (void)testGetAccessType { std::map eventTypeToAccessType = { {ES_EVENT_TYPE_AUTH_CLONE, ::pbv1::FileAccess::ACCESS_TYPE_CLONE}, diff --git a/Source/santad/testdata/protobuf/v6/login_login.json b/Source/santad/testdata/protobuf/v6/login_login.json new file mode 100644 index 000000000..89e62c7f5 --- /dev/null +++ b/Source/santad/testdata/protobuf/v6/login_login.json @@ -0,0 +1,42 @@ +{ + "login": { + "instigator": { + "id": { + "pid": 12, + "pidversion": 34 + }, + "parent_id": { + "pid": 56, + "pidversion": 78 + }, + "original_parent_pid": 56, + "group_id": 111, + "session_id": 222, + "effective_user": { + "uid": -2, + "name": "nobody" + }, + "effective_group": { + "gid": -1, + "name": "nogroup" + }, + "real_user": { + "uid": -2, + "name": "nobody" + }, + "real_group": { + "gid": -1, + "name": "nogroup" + }, + "executable": { + "path": "foo", + "truncated": false + } + }, + "success": true, + "user": { + "uid": 321, + "name": "asdf" + } + } +} diff --git a/Source/santad/testdata/protobuf/v6/login_login_failed_attempt.json b/Source/santad/testdata/protobuf/v6/login_login_failed_attempt.json new file mode 100644 index 000000000..9d24c6025 --- /dev/null +++ b/Source/santad/testdata/protobuf/v6/login_login_failed_attempt.json @@ -0,0 +1,42 @@ +{ + "login": { + "instigator": { + "id": { + "pid": 12, + "pidversion": 34 + }, + "parent_id": { + "pid": 56, + "pidversion": 78 + }, + "original_parent_pid": 56, + "group_id": 111, + "session_id": 222, + "effective_user": { + "uid": -2, + "name": "nobody" + }, + "effective_group": { + "gid": -1, + "name": "nogroup" + }, + "real_user": { + "uid": -2, + "name": "nobody" + }, + "real_group": { + "gid": -1, + "name": "nogroup" + }, + "executable": { + "path": "foo", + "truncated": false + } + }, + "success": false, + "failure_message": "bXl8ZmFpbHVyZQ==", + "user": { + "name": "asdf" + } + } +} diff --git a/Source/santad/testdata/protobuf/v6/lw_session_lock.json b/Source/santad/testdata/protobuf/v6/lw_session_lock.json new file mode 100644 index 000000000..07eb74f96 --- /dev/null +++ b/Source/santad/testdata/protobuf/v6/lw_session_lock.json @@ -0,0 +1,44 @@ +{ + "lock": { + "instigator": { + "id": { + "pid": 12, + "pidversion": 34 + }, + "parent_id": { + "pid": 56, + "pidversion": 78 + }, + "original_parent_pid": 56, + "group_id": 111, + "session_id": 222, + "effective_user": { + "uid": -2, + "name": "nobody" + }, + "effective_group": { + "gid": -1, + "name": "nogroup" + }, + "real_user": { + "uid": -2, + "name": "nobody" + }, + "real_group": { + "gid": -1, + "name": "nogroup" + }, + "executable": { + "path": "foo", + "truncated": false + } + }, + "user": { + "uid": 1, + "name": "daemon" + }, + "graphical_session": { + "id": 123 + } + } +} diff --git a/Source/santad/testdata/protobuf/v6/lw_session_login.json b/Source/santad/testdata/protobuf/v6/lw_session_login.json new file mode 100644 index 000000000..0a5d88888 --- /dev/null +++ b/Source/santad/testdata/protobuf/v6/lw_session_login.json @@ -0,0 +1,44 @@ +{ + "login": { + "instigator": { + "id": { + "pid": 12, + "pidversion": 34 + }, + "parent_id": { + "pid": 56, + "pidversion": 78 + }, + "original_parent_pid": 56, + "group_id": 111, + "session_id": 222, + "effective_user": { + "uid": -2, + "name": "nobody" + }, + "effective_group": { + "gid": -1, + "name": "nogroup" + }, + "real_user": { + "uid": -2, + "name": "nobody" + }, + "real_group": { + "gid": -1, + "name": "nogroup" + }, + "executable": { + "path": "foo", + "truncated": false + } + }, + "user": { + "uid": 1, + "name": "daemon" + }, + "graphical_session": { + "id": 123 + } + } +} diff --git a/Source/santad/testdata/protobuf/v6/lw_session_logout.json b/Source/santad/testdata/protobuf/v6/lw_session_logout.json new file mode 100644 index 000000000..9dd8ac174 --- /dev/null +++ b/Source/santad/testdata/protobuf/v6/lw_session_logout.json @@ -0,0 +1,44 @@ +{ + "logout": { + "instigator": { + "id": { + "pid": 12, + "pidversion": 34 + }, + "parent_id": { + "pid": 56, + "pidversion": 78 + }, + "original_parent_pid": 56, + "group_id": 111, + "session_id": 222, + "effective_user": { + "uid": -2, + "name": "nobody" + }, + "effective_group": { + "gid": -1, + "name": "nogroup" + }, + "real_user": { + "uid": -2, + "name": "nobody" + }, + "real_group": { + "gid": -1, + "name": "nogroup" + }, + "executable": { + "path": "foo", + "truncated": false + } + }, + "user": { + "uid": 1, + "name": "daemon" + }, + "graphical_session": { + "id": 123 + } + } +} diff --git a/Source/santad/testdata/protobuf/v6/lw_session_unlock.json b/Source/santad/testdata/protobuf/v6/lw_session_unlock.json new file mode 100644 index 000000000..d19040333 --- /dev/null +++ b/Source/santad/testdata/protobuf/v6/lw_session_unlock.json @@ -0,0 +1,44 @@ +{ + "unlock": { + "instigator": { + "id": { + "pid": 12, + "pidversion": 34 + }, + "parent_id": { + "pid": 56, + "pidversion": 78 + }, + "original_parent_pid": 56, + "group_id": 111, + "session_id": 222, + "effective_user": { + "uid": -2, + "name": "nobody" + }, + "effective_group": { + "gid": -1, + "name": "nogroup" + }, + "real_user": { + "uid": -2, + "name": "nobody" + }, + "real_group": { + "gid": -1, + "name": "nogroup" + }, + "executable": { + "path": "foo", + "truncated": false + } + }, + "user": { + "uid": 1, + "name": "daemon" + }, + "graphical_session": { + "id": 123 + } + } +} diff --git a/Source/santad/testdata/protobuf/v6/openssh_login.json b/Source/santad/testdata/protobuf/v6/openssh_login.json new file mode 100644 index 000000000..5abbba0c2 --- /dev/null +++ b/Source/santad/testdata/protobuf/v6/openssh_login.json @@ -0,0 +1,46 @@ +{ + "login": { + "instigator": { + "id": { + "pid": 12, + "pidversion": 34 + }, + "parent_id": { + "pid": 56, + "pidversion": 78 + }, + "original_parent_pid": 56, + "group_id": 111, + "session_id": 222, + "effective_user": { + "uid": -2, + "name": "nobody" + }, + "effective_group": { + "gid": -1, + "name": "nogroup" + }, + "real_user": { + "uid": -2, + "name": "nobody" + }, + "real_group": { + "gid": -1, + "name": "nogroup" + }, + "executable": { + "path": "foo", + "truncated": false + } + }, + "result": "RESULT_AUTH_SUCCESS", + "source": { + "address": "MS4yLjMuNA==", + "type": "TYPE_IPV4" + }, + "user": { + "uid": 12345, + "name": "foo_user" + } + } +} diff --git a/Source/santad/testdata/protobuf/v6/openssh_login_failed_attempt.json b/Source/santad/testdata/protobuf/v6/openssh_login_failed_attempt.json new file mode 100644 index 000000000..fbedd711e --- /dev/null +++ b/Source/santad/testdata/protobuf/v6/openssh_login_failed_attempt.json @@ -0,0 +1,42 @@ +{ + "login": { + "instigator": { + "id": { + "pid": 12, + "pidversion": 34 + }, + "parent_id": { + "pid": 56, + "pidversion": 78 + }, + "original_parent_pid": 56, + "group_id": 111, + "session_id": 222, + "effective_user": { + "uid": -2, + "name": "nobody" + }, + "effective_group": { + "gid": -1, + "name": "nogroup" + }, + "real_user": { + "uid": -2, + "name": "nobody" + }, + "real_group": { + "gid": -1, + "name": "nogroup" + }, + "executable": { + "path": "foo", + "truncated": false + } + }, + "result": "RESULT_AUTH_FAIL_HOSTBASED", + "source": { + "address": "Ojox", + "type": "TYPE_IPV6" + } + } +} diff --git a/Source/santad/testdata/protobuf/v6/openssh_logout.json b/Source/santad/testdata/protobuf/v6/openssh_logout.json new file mode 100644 index 000000000..8dec3b26c --- /dev/null +++ b/Source/santad/testdata/protobuf/v6/openssh_logout.json @@ -0,0 +1,45 @@ +{ + "logout": { + "instigator": { + "id": { + "pid": 12, + "pidversion": 34 + }, + "parent_id": { + "pid": 56, + "pidversion": 78 + }, + "original_parent_pid": 56, + "group_id": 111, + "session_id": 222, + "effective_user": { + "uid": -2, + "name": "nobody" + }, + "effective_group": { + "gid": -1, + "name": "nogroup" + }, + "real_user": { + "uid": -2, + "name": "nobody" + }, + "real_group": { + "gid": -1, + "name": "nogroup" + }, + "executable": { + "path": "foo", + "truncated": false + } + }, + "source": { + "address": "MS4yLjMuNA==", + "type": "TYPE_IPV4" + }, + "user": { + "uid": 12345, + "name": "foo_user" + } + } +} diff --git a/Source/santad/testdata/protobuf/v6/screensharing_attach.json b/Source/santad/testdata/protobuf/v6/screensharing_attach.json new file mode 100644 index 000000000..9d7df3c89 --- /dev/null +++ b/Source/santad/testdata/protobuf/v6/screensharing_attach.json @@ -0,0 +1,54 @@ +{ + "attach": { + "instigator": { + "id": { + "pid": 12, + "pidversion": 34 + }, + "parent_id": { + "pid": 56, + "pidversion": 78 + }, + "original_parent_pid": 56, + "group_id": 111, + "session_id": 222, + "effective_user": { + "uid": -2, + "name": "nobody" + }, + "effective_group": { + "gid": -1, + "name": "nogroup" + }, + "real_user": { + "uid": -2, + "name": "nobody" + }, + "real_group": { + "gid": -1, + "name": "nogroup" + }, + "executable": { + "path": "foo", + "truncated": false + } + }, + "success": true, + "source": { + "address": "Ojox", + "type": "TYPE_IPV6" + }, + "viewer": "Zm9vQGV4YW1wbGUuY29t", + "authentication_type": "aWRr", + "authentication_user": { + "name": "my_auth_user" + }, + "session_user": { + "name": "my_session_user" + }, + "existing_session": true, + "graphical_session": { + "id": 123 + } + } +} diff --git a/Source/santad/testdata/protobuf/v6/screensharing_attach_unset_fields.json b/Source/santad/testdata/protobuf/v6/screensharing_attach_unset_fields.json new file mode 100644 index 000000000..c6fc4dd51 --- /dev/null +++ b/Source/santad/testdata/protobuf/v6/screensharing_attach_unset_fields.json @@ -0,0 +1,45 @@ +{ + "attach": { + "instigator": { + "id": { + "pid": 12, + "pidversion": 34 + }, + "parent_id": { + "pid": 56, + "pidversion": 78 + }, + "original_parent_pid": 56, + "group_id": 111, + "session_id": 222, + "effective_user": { + "uid": -2, + "name": "nobody" + }, + "effective_group": { + "gid": -1, + "name": "nogroup" + }, + "real_user": { + "uid": -2, + "name": "nobody" + }, + "real_group": { + "gid": -1, + "name": "nogroup" + }, + "executable": { + "path": "foo", + "truncated": false + } + }, + "success": true, + "source": { + "type": "TYPE_UNKNOWN" + }, + "existing_session": true, + "graphical_session": { + "id": 123 + } + } +} diff --git a/Source/santad/testdata/protobuf/v6/screensharing_detach.json b/Source/santad/testdata/protobuf/v6/screensharing_detach.json new file mode 100644 index 000000000..e23ac5112 --- /dev/null +++ b/Source/santad/testdata/protobuf/v6/screensharing_detach.json @@ -0,0 +1,45 @@ +{ + "detach": { + "instigator": { + "id": { + "pid": 12, + "pidversion": 34 + }, + "parent_id": { + "pid": 56, + "pidversion": 78 + }, + "original_parent_pid": 56, + "group_id": 111, + "session_id": 222, + "effective_user": { + "uid": -2, + "name": "nobody" + }, + "effective_group": { + "gid": -1, + "name": "nogroup" + }, + "real_user": { + "uid": -2, + "name": "nobody" + }, + "real_group": { + "gid": -1, + "name": "nogroup" + }, + "executable": { + "path": "foo", + "truncated": false + } + }, + "source": { + "address": "MS4yLjMuNA==", + "type": "TYPE_IPV4" + }, + "viewer": "Zm9vQGV4YW1wbGUuY29t", + "graphical_session": { + "id": 123 + } + } +}