diff --git a/Makefile b/Makefile index 8700321..7066bfd 100644 --- a/Makefile +++ b/Makefile @@ -100,6 +100,7 @@ LIBQUARK_DEPS+= $(EEBPF_FILES) include endif LIBQUARK_DEPS:= $(filter-out manpages.h, $(LIBQUARK_DEPS)) LIBQUARK_SRCS:= \ + base64.c \ bpf_queue.c \ btfhub.c \ compat.c \ diff --git a/base64.c b/base64.c new file mode 100644 index 0000000..f382680 --- /dev/null +++ b/base64.c @@ -0,0 +1,303 @@ +/* $OpenBSD: base64.c,v 1.5 2006/10/21 09:55:03 otto Exp $ */ + +/* + * Copyright (c) 1996 by Internet Software Consortium. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS + * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE + * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS + * SOFTWARE. + */ + +/* + * Portions Copyright (c) 1995 by International Business Machines, Inc. + * + * International Business Machines, Inc. (hereinafter called IBM) grants + * permission under its copyrights to use, copy, modify, and distribute this + * Software with or without fee, provided that the above copyright notice and + * all paragraphs of this notice appear in all copies, and that the name of IBM + * not be used in connection with the marketing of any product incorporating + * the Software or modifications thereof, without specific, written prior + * permission. + * + * To the extent it has a right to do so, IBM grants an immunity from suit + * under its patents, if any, for the use, sale or manufacture of products to + * the extent that such products are used for performing Domain Name System + * dynamic updates in TCP/IP networks by means of the Software. No immunity is + * granted for any product per se or for any other function of any product. + * + * THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL, + * DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN + * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES. + */ + +/* OPENBSD ORIGINAL: lib/libc/net/base64.c */ + +#include +#include +#include +#include + +#include +#include + +#include +#include + +#include "compat.h" + +static const char Base64[] = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; +static const char Pad64 = '='; + +/* (From RFC1521 and draft-ietf-dnssec-secext-03.txt) + The following encoding technique is taken from RFC 1521 by Borenstein + and Freed. It is reproduced here in a slightly edited form for + convenience. + + A 65-character subset of US-ASCII is used, enabling 6 bits to be + represented per printable character. (The extra 65th character, "=", + is used to signify a special processing function.) + + The encoding process represents 24-bit groups of input bits as output + strings of 4 encoded characters. Proceeding from left to right, a + 24-bit input group is formed by concatenating 3 8-bit input groups. + These 24 bits are then treated as 4 concatenated 6-bit groups, each + of which is translated into a single digit in the base64 alphabet. + + Each 6-bit group is used as an index into an array of 64 printable + characters. The character referenced by the index is placed in the + output string. + + Table 1: The Base64 Alphabet + + Value Encoding Value Encoding Value Encoding Value Encoding + 0 A 17 R 34 i 51 z + 1 B 18 S 35 j 52 0 + 2 C 19 T 36 k 53 1 + 3 D 20 U 37 l 54 2 + 4 E 21 V 38 m 55 3 + 5 F 22 W 39 n 56 4 + 6 G 23 X 40 o 57 5 + 7 H 24 Y 41 p 58 6 + 8 I 25 Z 42 q 59 7 + 9 J 26 a 43 r 60 8 + 10 K 27 b 44 s 61 9 + 11 L 28 c 45 t 62 + + 12 M 29 d 46 u 63 / + 13 N 30 e 47 v + 14 O 31 f 48 w (pad) = + 15 P 32 g 49 x + 16 Q 33 h 50 y + + Special processing is performed if fewer than 24 bits are available + at the end of the data being encoded. A full encoding quantum is + always completed at the end of a quantity. When fewer than 24 input + bits are available in an input group, zero bits are added (on the + right) to form an integral number of 6-bit groups. Padding at the + end of the data is performed using the '=' character. + + Since all base64 input is an integral number of octets, only the + ------------------------------------------------- + following cases can arise: + + (1) the final quantum of encoding input is an integral + multiple of 24 bits; here, the final unit of encoded + output will be an integral multiple of 4 characters + with no "=" padding, + (2) the final quantum of encoding input is exactly 8 bits; + here, the final unit of encoded output will be two + characters followed by two "=" padding characters, or + (3) the final quantum of encoding input is exactly 16 bits; + here, the final unit of encoded output will be three + characters followed by one "=" padding character. + */ + +int +qb64_ntop(u_char const *src, size_t srclength, char *target, size_t targsize) +{ + size_t datalength = 0; + u_char input[3]; + u_char output[4]; + u_int i; + + while (2 < srclength) { + input[0] = *src++; + input[1] = *src++; + input[2] = *src++; + srclength -= 3; + + output[0] = input[0] >> 2; + output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4); + output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6); + output[3] = input[2] & 0x3f; + + if (datalength + 4 > targsize) + return (-1); + target[datalength++] = Base64[output[0]]; + target[datalength++] = Base64[output[1]]; + target[datalength++] = Base64[output[2]]; + target[datalength++] = Base64[output[3]]; + } + + /* Now we worry about padding. */ + if (0 != srclength) { + /* Get what's left. */ + input[0] = input[1] = input[2] = '\0'; + for (i = 0; i < srclength; i++) + input[i] = *src++; + + output[0] = input[0] >> 2; + output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4); + output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6); + + if (datalength + 4 > targsize) + return (-1); + target[datalength++] = Base64[output[0]]; + target[datalength++] = Base64[output[1]]; + if (srclength == 1) + target[datalength++] = Pad64; + else + target[datalength++] = Base64[output[2]]; + target[datalength++] = Pad64; + } + if (datalength >= targsize) + return (-1); + target[datalength] = '\0'; /* Returned value doesn't count \0. */ + return (datalength); +} + +/* skips all whitespace anywhere. + converts characters, four at a time, starting at (or after) + src from base - 64 numbers into three 8 bit bytes in the target area. + it returns the number of data bytes stored at the target, or -1 on error. + */ + +int +qb64_pton(char const *src, u_char *target, size_t targsize) +{ + u_int tarindex, state; + int ch; + char *pos; + + state = 0; + tarindex = 0; + + while ((ch = *src++) != '\0') { + if (isspace(ch)) /* Skip whitespace anywhere. */ + continue; + + if (ch == Pad64) + break; + + pos = strchr(Base64, ch); + if (pos == 0) /* A non-base64 character. */ + return (-1); + + switch (state) { + case 0: + if (target) { + if (tarindex >= targsize) + return (-1); + target[tarindex] = (pos - Base64) << 2; + } + state = 1; + break; + case 1: + if (target) { + if (tarindex + 1 >= targsize) + return (-1); + target[tarindex] |= (pos - Base64) >> 4; + target[tarindex+1] = ((pos - Base64) & 0x0f) + << 4 ; + } + tarindex++; + state = 2; + break; + case 2: + if (target) { + if (tarindex + 1 >= targsize) + return (-1); + target[tarindex] |= (pos - Base64) >> 2; + target[tarindex+1] = ((pos - Base64) & 0x03) + << 6; + } + tarindex++; + state = 3; + break; + case 3: + if (target) { + if (tarindex >= targsize) + return (-1); + target[tarindex] |= (pos - Base64); + } + tarindex++; + state = 0; + break; + } + } + + /* + * We are done decoding Base-64 chars. Let's see if we ended + * on a byte boundary, and/or with erroneous trailing characters. + */ + + if (ch == Pad64) { /* We got a pad char. */ + ch = *src++; /* Skip it, get next. */ + switch (state) { + case 0: /* Invalid = in first position */ + case 1: /* Invalid = in second position */ + return (-1); + + case 2: /* Valid, means one byte of info */ + /* Skip any number of spaces. */ + for (; ch != '\0'; ch = *src++) + if (!isspace(ch)) + break; + /* Make sure there is another trailing = sign. */ + if (ch != Pad64) + return (-1); + ch = *src++; /* Skip the = */ + /* Fall through to "single trailing =" case. */ + /* FALLTHROUGH */ + + case 3: /* Valid, means two bytes of info */ + /* + * We know this char is an =. Is there anything but + * whitespace after it? + */ + for (; ch != '\0'; ch = *src++) + if (!isspace(ch)) + return (-1); + + /* + * Now make sure for cases 2 and 3 that the "extra" + * bits that slopped past the last full byte were + * zeros. If we don't check them, they become a + * subliminal channel. + */ + if (target && target[tarindex] != 0) + return (-1); + } + } else { + /* + * We ended by seeing the end of the string. Make sure we + * have no partial bytes lying around. + */ + if (state != 0) + return (-1); + } + + return (tarindex); +} diff --git a/compat.h b/compat.h index 0fcbe59..4a312eb 100644 --- a/compat.h +++ b/compat.h @@ -70,4 +70,10 @@ long long strtonum(const char *, long long, long long, const char **); */ void sshbuf_dump_data(const void *, size_t, FILE *); +/* + * Base64, portable version of b64_*, so we don't have to link with libresolv + */ +int qb64_ntop(u_char const *, size_t, char *, size_t); +int qb64_pton(char const *, u_char *, size_t); + #endif /* _COMPAT_H */ diff --git a/quark-test.c b/quark-test.c index 2b9d4a0..b78fba1 100644 --- a/quark-test.c +++ b/quark-test.c @@ -658,6 +658,7 @@ t_fork_exec_exit(const struct test *t, struct quark_queue_attr *qa) */ assert(qp->proc_entry_leader != 0); assert(qp->proc_entry_leader_type != QUARK_ELT_UNKNOWN); + assert(strlen(qp->proc_entity_id) == 16); /* XXX TODO check tty_major and tty_minor for self in the future */ #if 0 assert(qp->proc_tty_major != QUARK_TTY_UNKNOWN); diff --git a/quark.c b/quark.c index 0980397..9de0407 100644 --- a/quark.c +++ b/quark.c @@ -453,6 +453,30 @@ process_by_pid_cmp(struct quark_process *a, struct quark_process *b) return (0); } +static void +process_entity_id(struct quark_process *qp) +{ + u32 pid32_le; + u64 ns_le; + u8 digest[sizeof(pid32_le) + sizeof(ns_le)]; + + /* No proc_time_boot, bail */ + if ((qp->flags & QUARK_F_PROC) == 0) + return; + /* Already computed, bail */ + if (qp->proc_entity_id[0] != 0) + return; + + pid32_le = htole32(qp->pid); + ns_le = htole64(qp->proc_time_boot); + + memcpy(digest, &pid32_le, sizeof(pid32_le)); + memcpy(digest + sizeof(pid32_le), &ns_le, sizeof(ns_le)); + if (qb64_ntop(digest, sizeof(digest), qp->proc_entity_id, + sizeof(qp->proc_entity_id)) == -1) + qp->proc_entity_id[0] = 0; +} + /* * Socket stuff */ @@ -1079,7 +1103,8 @@ quark_event_dump(const struct quark_event *qev, FILE *f) flagname, qp->proc_uts_inonum, qp->proc_ipc_inonum); P(" %.4s\tmnt_inonum=%u net_inonum=%u\n", flagname, qp->proc_mnt_inonum, qp->proc_net_inonum); - P(" %.4s\tentry_leader_type=%s entry_leader=%d\n", flagname, + P(" %.4s\tentity_id=%s, entry_leader_type=%s entry_leader=%d\n", flagname, + qp->proc_entity_id, entry_leader_type_str(qp->proc_entry_leader_type), qp->proc_entry_leader); } @@ -1340,6 +1365,9 @@ raw_event_process(struct quark_queue *qq, struct raw_event *src) qp->cgroup = raw_task->cgroup; raw_task->cgroup = NULL; } + + /* Depends on QUARK_F_PROC, idempotent */ + process_entity_id(qp); } if (raw_comm != NULL) comm = raw_comm->comm; /* raw_comm always overrides */ @@ -1798,6 +1826,7 @@ sproc_pid(struct quark_queue *qq, struct sproc_socket_by_inode *by_inode, sproc_namespace(qp, "ns/ipc", &qp->proc_ipc_inonum, dfd); sproc_namespace(qp, "ns/mnt", &qp->proc_mnt_inonum, dfd); sproc_namespace(qp, "ns/net", &qp->proc_net_inonum, dfd); + process_entity_id(qp); /* QUARK_F_COMM */ if (readlineat(dfd, "comm", qp->comm, sizeof(qp->comm)) > 0) diff --git a/quark.h b/quark.h index 9964cd1..064553d 100644 --- a/quark.h +++ b/quark.h @@ -432,6 +432,7 @@ struct quark_process { u32 proc_ipc_inonum; u32 proc_mnt_inonum; u32 proc_net_inonum; + char proc_entity_id[17]; /* Source is base64(96bits), which is 16bytes + NUL */ /* QUARK_F_EXIT */ s32 exit_code; u64 exit_time_event;