Extension server (#1)

Basic implementation of the extension server, and example table plugin.

Author: zwass

.gitignore

@@ -1,5 +1,7 @@
-example_query
+# Example binaries
+example_*
 
+# Glide vendor directory
 vendor/
 
 ## From https://github.com/github/gitignore/blob/master/Go.gitignore ##

Makefile

@@ -7,9 +7,15 @@ gen: ./osquery.thrift
 	rm -rf gen/osquery/extension-remote gen/osquery/extension_manager-remote
 	gofmt -w ./gen
 
-examples: example_query
+examples: example_query example_call example_table
 
 example_query: examples/query/*.go
-	go build -o example_query ./examples/query/main.go
+	go build -o example_query ./examples/query/*.go
+
+example_call: examples/call/*.go
+	go build -o example_call ./examples/call/*.go
+
+example_table: examples/table/*.go
+	go build -o example_table ./examples/table/*.go
 
 .PHONY: all

client/client.go

@@ -12,12 +12,12 @@ import (
 
 // ExtensionManagerClient is a wrapper for the osquery Thrift extensions API.
 type ExtensionManagerClient struct {
-	client    *osquery.ExtensionManagerClient
+	client    osquery.ExtensionManager
 	transport thrift.TTransport
 }
 
 // NewClient creates a new client communicating to osquery over the socket at
-// the provided path. If resolving the address or the connection to the socket
+// the provided path. If resolving the address or connecting to the socket
 // fails, this function will error.
 func NewClient(sockPath string, timeout time.Duration) (*ExtensionManagerClient, error) {
 	addr, err := net.ResolveUnixAddr("unix", sockPath)
@@ -49,11 +49,21 @@ func (c *ExtensionManagerClient) Ping() (*osquery.ExtensionStatus, error) {
 	return c.client.Ping()
 }
 
+// Call requests a call to an extension (or core) registry plugin.
+func (c *ExtensionManagerClient) Call(registry, item string, request osquery.ExtensionPluginRequest) (*osquery.ExtensionResponse, error) {
+	return c.client.Call(registry, item, request)
+}
+
 // Extensions requests the list of active registered extensions.
 func (c *ExtensionManagerClient) Extensions() (osquery.InternalExtensionList, error) {
 	return c.client.Extensions()
 }
 
+// RegisterExtension registers the extension plugins with the osquery process.
+func (c *ExtensionManagerClient) RegisterExtension(info *osquery.InternalExtensionInfo, registry osquery.ExtensionRegistry) (*osquery.ExtensionStatus, error) {
+	return c.client.RegisterExtension(info, registry)
+}
+
 // Options requests the list of bootstrap or configuration options.
 func (c *ExtensionManagerClient) Options() (osquery.InternalOptionList, error) {
 	return c.client.Options()

examples/call/main.go

@@ -0,0 +1,38 @@
+package main
+
+import (
+	"fmt"
+	"os"
+	"time"
+
+	"github.com/kolide/osquery-golang/client"
+)
+
+func main() {
+	if len(os.Args) != 3 {
+		fmt.Printf(`Usage: %s SOCKET_PATH TABLE_NAME
+
+Retrieves the columns for the given table by making a call to the plugin.
+`, os.Args[0])
+		os.Exit(1)
+	}
+
+	client, err := client.NewClient(os.Args[1], 10*time.Second)
+	if err != nil {
+		fmt.Println("Error creating Thrift client: " + err.Error())
+		os.Exit(1)
+	}
+	defer client.Close()
+
+	resp, err := client.Call("table", os.Args[2], map[string]string{"action": "columns"})
+	if err != nil {
+		fmt.Println("Error communicating with osqueryd: " + err.Error())
+		os.Exit(1)
+	}
+	if resp.Status.Code != 0 {
+		fmt.Println("osqueryd returned error: " + resp.Status.Message)
+		os.Exit(1)
+	}
+
+	fmt.Printf("Got results:\n%#v\n", resp.Response)
+}

examples/query/main.go

@@ -10,7 +10,10 @@ import (
 
 func main() {
 	if len(os.Args) != 3 {
-		fmt.Printf("Usage: %s SOCKET_PATH QUERY\n", os.Args[0])
+		fmt.Printf(`Usage: %s SOCKET_PATH QUERY\n
+
+Requests osqueryd to run the provided query and prints the results.
+`, os.Args[0])
 		os.Exit(1)
 	}
 

examples/table/main.go

@@ -0,0 +1,94 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"os/signal"
+	"syscall"
+	"time"
+
+	"github.com/kolide/osquery-golang/gen/osquery"
+	"github.com/kolide/osquery-golang/server"
+)
+
+func main() {
+	if len(os.Args) != 2 {
+		fmt.Printf(`Usage: %s SOCKET_PATH\n
+
+Registers an example table extension.
+`, os.Args[0])
+		os.Exit(1)
+	}
+
+	serv, err := server.NewExtensionManagerServer("foobar", os.Args[1], 1*time.Second)
+	if err != nil {
+		fmt.Printf("Error creating extension: %v\n", err)
+		os.Exit(1)
+	}
+	serv.RegisterPlugin(&FooTable{})
+
+	// Shut down server when process killed so that we don't leave the unix
+	// domain socket file on the filesystem.
+	sig := make(chan os.Signal, 1)
+	signal.Notify(sig, os.Interrupt, os.Kill, syscall.SIGTERM)
+	go func() {
+		<-sig
+		fmt.Println("Stopping extension server.")
+		err := serv.Shutdown()
+		if err != nil {
+			fmt.Println("Error shutting down server: " + err.Error())
+			os.Exit(1)
+		}
+		os.Exit(0)
+	}()
+
+	fmt.Println("Starting extension server...")
+	err = serv.Start()
+	if err != nil {
+		fmt.Println("Error starting server: " + err.Error())
+		os.Exit(1)
+	}
+}
+
+type FooTable struct{}
+
+func (f *FooTable) Name() string {
+	return "FooTable"
+}
+
+func (f *FooTable) RegistryName() string {
+	return "table"
+}
+
+func (f *FooTable) Routes() osquery.ExtensionPluginResponse {
+	return []map[string]string{
+		{"id": "column", "name": "foo", "type": "TEXT", "op": "0"},
+		{"id": "column", "name": "bar", "type": "TEXT", "op": "0"},
+	}
+}
+
+func (f *FooTable) Ping() osquery.ExtensionStatus {
+	return osquery.ExtensionStatus{Code: 0, Message: "OK"}
+}
+
+func (f *FooTable) Call(ctx context.Context, request osquery.ExtensionPluginRequest) osquery.ExtensionResponse {
+	switch request["action"] {
+	case "generate":
+		return osquery.ExtensionResponse{
+			Status: &osquery.ExtensionStatus{Code: 0, Message: "OK"},
+			Response: osquery.ExtensionPluginResponse{
+				{"foo": "hello", "bar": "world"},
+				{"foo": "some", "bar": "thing"},
+			},
+		}
+	default:
+		return osquery.ExtensionResponse{
+			Status:   &osquery.ExtensionStatus{Code: 0, Message: "OK"},
+			Response: f.Routes(),
+		}
+	}
+}
+
+func (f *FooTable) Shutdown() {
+}

glide.lock

@@ -1,7 +1,8 @@
 package: github.com/kolide/osquery-golang
 import:
 - package: git.apache.org/thrift.git
-  version: ^0.10.0
+  repo: [email protected]:kolide/thrift.git
+  version: server_socket_from_addr
   subpackages:
   - lib/go/thrift
 - package: github.com/pkg/errors