⭐️ os: list users on linux via getent passwd

When a linux machine is enrolled in an Active Directory, we do not
discover all the users on the system. This is affecting the
`ports.listening` resource.

This change uses `getent passwd` to fetch user information and, if that
doesn't work, we fallback to the old method.

https://man7.org/linux/man-pages/man1/getent.1.html

Closes #5341

Signed-off-by: Salim Afiune Maya <afiune@mondoo.com>

Author: afiune

providers/os/resources/users/etcpasswd.go

@@ -73,10 +73,29 @@ func (s *UnixUserManager) User(id string) (*User, error) {
 }
 
 func (s *UnixUserManager) List() ([]*User, error) {
+	users, err := s.listGetentPasswd()
+	if err == nil && len(users) != 0 {
+		return users, nil
+	}
+	// fallback to /etc/passwd
+	return s.listEtcPasswd()
+}
+
+func (s *UnixUserManager) listEtcPasswd() ([]*User, error) {
 	f, err := s.conn.FileSystem().Open("/etc/passwd")
 	if err != nil {
 		return nil, err
 	}
 	defer f.Close()
 	return ParseEtcPasswd(f)
 }
+
+// https://man7.org/linux/man-pages/man1/getent.1.html
+func (s *UnixUserManager) listGetentPasswd() ([]*User, error) {
+	getent, err := s.conn.RunCommand("getent passwd")
+	if err != nil {
+		return nil, err
+	}
+
+	return ParseEtcPasswd(getent.Stdout)
+}

providers/os/resources/users/etcpasswd_test.go

@@ -7,6 +7,7 @@ import (
 	"testing"
 
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 	"go.mondoo.com/cnquery/v11/providers-sdk/v1/inventory"
 	"go.mondoo.com/cnquery/v11/providers/os/connection/mock"
 	"go.mondoo.com/cnquery/v11/providers/os/resources/users"
@@ -59,3 +60,25 @@ func TestParseFreebsdLinuxEtcPasswd(t *testing.T) {
 	assert.Equal(t, "/root", m[0].Home, "detected user home")
 	assert.Equal(t, "/bin/csh", m[0].Shell, "detected user shell")
 }
+
+func TestParseLinuxGetentPasswd(t *testing.T) {
+	conn, err := mock.New(0, "./testdata/oraclelinux_getent_passwd.toml", &inventory.Asset{
+		Platform: &inventory.Platform{
+			Family: []string{"os", "unix", "linux", "redhat"},
+		},
+	})
+	require.NoError(t, err)
+	m, err := users.ResolveManager(conn)
+	require.Nil(t, err)
+
+	list, err := m.List()
+	require.Nil(t, err)
+	assert.Equal(t, 20, len(list), "detected the right amount of users")
+
+	assert.Equal(t, "root", list[0].Name, "detected user name")
+	assert.Equal(t, int64(0), list[0].Uid, "detected uid")
+	assert.Equal(t, int64(0), list[0].Gid, "detected gid")
+	assert.Equal(t, "root", list[0].Description, "user description")
+	assert.Equal(t, "/root", list[0].Home, "detected user home")
+	assert.Equal(t, "/bin/bash", list[0].Shell, "detected user shell")
+}

providers/os/resources/users/testdata/debian.toml

@@ -33,4 +33,4 @@ ID=debian
 HOME_URL="https://www.debian.org/"
 SUPPORT_URL="https://www.debian.org/support"
 BUG_REPORT_URL="https://bugs.debian.org/"
-"""
+"""

providers/os/resources/users/testdata/freebsd12.toml

@@ -30,12 +30,11 @@ nobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologin
 messagebus:*:556:556:D-BUS Daemon User:/nonexistent:/usr/sbin/nologin
 vagrant:*:1001:1001:Vagrant User:/home/vagrant:/bin/csh"""
 
-
 [commands."uname -s"]
 stdout = "FreeBSD"
 
 [commands."uname -m"]
 stdout = "amd64"
 
 [commands."uname -r"]
-stdout = "12.0-CURRENT"
+stdout = "12.0-CURRENT"

providers/os/resources/users/testdata/oraclelinux_getent_passwd.toml

@@ -0,0 +1,54 @@
+[commands."getent passwd"]
+stdout="""
+root:x:0:0:root:/root:/bin/bash
+bin:x:1:1:bin:/bin:/sbin/nologin
+daemon:x:2:2:daemon:/sbin:/sbin/nologin
+adm:x:3:4:adm:/var/adm:/sbin/nologin
+lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
+sync:x:5:0:sync:/sbin:/bin/sync
+shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
+halt:x:7:0:halt:/sbin:/sbin/halt
+mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
+operator:x:11:0:operator:/root:/sbin/nologin
+games:x:12:100:games:/usr/games:/sbin/nologin
+ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
+nobody:x:65534:65534:Kernel Overflow User:/:/sbin/nologin
+tss:x:59:59:Account used for TPM access:/:/usr/sbin/nologin
+systemd-coredump:x:999:997:systemd Core Dumper:/:/sbin/nologin
+dbus:x:81:81:System message bus:/:/sbin/nologin
+chrony:x:998:996:chrony system user:/var/lib/chrony:/sbin/nologin
+sshd:x:74:74:Privilege-separated SSH:/usr/share/empty.sshd:/usr/sbin/nologin
+vboxadd:x:997:1::/var/run/vboxadd:/bin/false
+vagrant:x:1000:1000::/home/vagrant:/bin/bash
+"""
+
+[commands."uname -r"]
+stdout = "5.15.0-306.177.4.el9uek.aarch64"
+
+[commands."uname -s"]
+stdout = "Linux"
+
+[commands."uname -m"]
+stdout = "aarch64"
+
+[files."/etc/os-release"]
+content = """
+NAME="Oracle Linux Server"
+VERSION="9.5"
+ID="ol"
+ID_LIKE="fedora"
+VARIANT="Server"
+VARIANT_ID="server"
+VERSION_ID="9.5"
+PLATFORM_ID="platform:el9"
+PRETTY_NAME="Oracle Linux Server 9.5"
+ANSI_COLOR="0;31"
+CPE_NAME="cpe:/o:oracle:linux:9:5:server"
+HOME_URL="https://linux.oracle.com/"
+BUG_REPORT_URL="https://github.com/oracle/oracle-linux"
+
+ORACLE_BUGZILLA_PRODUCT="Oracle Linux 9"
+ORACLE_BUGZILLA_PRODUCT_VERSION=9.5
+ORACLE_SUPPORT_PRODUCT="Oracle Linux"
+ORACLE_SUPPORT_PRODUCT_VERSION=9.5
+"""