rSequence
rpHcpI_hcpIdToSeq
(
rpHCPId id
)
{
rSequence seq = NULL;
if( NULL != ( seq = rSequence_new() ) )
{
if( !rSequence_addRU8( seq, RP_TAGS_HCP_ID_ORG, id.id.orgId ) ||
!rSequence_addRU8( seq, RP_TAGS_HCP_ID_SUBNET, id.id.subnetId ) ||
!rSequence_addRU32( seq, RP_TAGS_HCP_ID_UNIQUE, id.id.uniqueId ) ||
!rSequence_addRU8( seq, RP_TAGS_HCP_ID_PLATFORM, id.id.platformId ) ||
!rSequence_addRU8( seq, RP_TAGS_HCP_ID_CONFIG, id.id.configId ) )
{
DESTROY_AND_NULL( seq, rSequence_free );
}
}
return seq;
}
static
RVOID
processFileIo
(
rpcm_tag notifType,
rSequence event
)
{
ProcExtInfo* ctx = NULL;
RPNCHAR path = NULL;
RPVOID patternCtx = 0;
RU8 patternId = 0;
RPU8 atomId = NULL;
RU32 pid = 0;
rSequence newEvent = NULL;
UNREFERENCED_PARAMETER( notifType );
if( rSequence_getSTRINGN( event, RP_TAGS_FILE_PATH, &path ) &&
HbsGetParentAtom( event, &atomId ) &&
rSequence_getRU32( event, RP_TAGS_PROCESS_ID, &pid ) )
{
if( rMutex_lock( g_mutex ) )
{
obsLib_resetSearchState( g_extensions );
if( obsLib_setTargetBuffer( g_extensions,
path,
rpal_string_strsize( path ) ) )
{
while( obsLib_nextHit( g_extensions, &patternCtx, NULL ) )
{
if( NULL != ctx ||
NULL != ( ctx = getProcContext( atomId ) ) )
{
patternId = (RU8)PTR_TO_NUMBER( patternCtx );
if( !IS_FLAG_ENABLED( ctx->extBitMask, (RU64)1 << patternId ) )
{
rpal_debug_info( "process " RF_U32 " observed file io " RF_U64,
pid, patternId + 1 );
ENABLE_FLAG( ctx->extBitMask, (RU64)1 << patternId );
if( NULL != ( newEvent = rSequence_new() ) )
{
HbsSetParentAtom( newEvent, atomId );
rSequence_addRU32( newEvent, RP_TAGS_PROCESS_ID, pid );
rSequence_addRU8( newEvent, RP_TAGS_RULE_NAME, patternId + 1 );
rSequence_addSTRINGN( newEvent, RP_TAGS_FILE_PATH, ctx->processPath );
hbs_publish( RP_TAGS_NOTIFICATION_FILE_TYPE_ACCESSED, newEvent );
rSequence_free( newEvent );
}
}
}
else
{
rpal_debug_error( "error getting process context" );
break;
}
}
}
rMutex_unlock( g_mutex );
}
}
}
static
rList
assembleRequest
(
RPU8 optCrashCtx,
RU32 optCrashCtxSize
)
{
rSequence req = NULL;
RU32 moduleIndex = 0;
rList msgList = NULL;
rList modList = NULL;
rSequence modEntry = NULL;
if( NULL != ( req = rSequence_new() ) )
{
// Add some basic info
rSequence_addRU32( req, RP_TAGS_MEMORY_USAGE, rpal_memory_totalUsed() );
rSequence_addTIMESTAMP( req, RP_TAGS_TIMESTAMP, rpal_time_getGlobal() );
// If we have a crash context to report
if( NULL != optCrashCtx )
{
if( !rSequence_addBUFFER( req, RP_TAGS_HCP_CRASH_CONTEXT, optCrashCtx, optCrashCtxSize ) )
{
rpal_debug_error( "error adding crash context of size %d to hcp beacon", optCrashCtxSize );
}
else
{
rpal_debug_info( "crash context is being bundled in hcp beacon" );
}
}
// List of loaded modules
if( NULL != ( modList = rList_new( RP_TAGS_HCP_MODULE, RPCM_SEQUENCE ) ) )
{
for( moduleIndex = 0; moduleIndex < RP_HCP_CONTEXT_MAX_MODULES; moduleIndex++ )
{
if( NULL != g_hcpContext.modules[ moduleIndex ].hModule )
{
if( NULL != ( modEntry = rSequence_new() ) )
{
if( !rSequence_addBUFFER( modEntry,
RP_TAGS_HASH,
g_hcpContext.modules[ moduleIndex ].hash,
sizeof( g_hcpContext.modules[ moduleIndex ].hash ) ) ||
!rSequence_addRU8( modEntry,
RP_TAGS_HCP_MODULE_ID,
g_hcpContext.modules[ moduleIndex ].id ) ||
!rList_addSEQUENCE( modList, modEntry ) )
{
break;
}
// We take the opportunity to cleanup the list of modules...
if( rpal_thread_wait( g_hcpContext.modules[ moduleIndex ].hThread, 0 ) )
{
// This thread has exited, which is our signal that the module
// has stopped executing...
rEvent_free( g_hcpContext.modules[ moduleIndex ].isTimeToStop );
rpal_thread_free( g_hcpContext.modules[ moduleIndex ].hThread );
rpal_memory_zero( &(g_hcpContext.modules[ moduleIndex ]),
sizeof( g_hcpContext.modules[ moduleIndex ] ) );
if( !rSequence_addRU8( modEntry, RP_TAGS_HCP_MODULE_TERMINATED, 1 ) )
{
break;
}
}
}
}
}
if( !rSequence_addLIST( req, RP_TAGS_HCP_MODULES, modList ) )
{
rList_free( modList );
}
}
if( NULL != ( msgList = rList_new( RP_TAGS_MESSAGE, RPCM_SEQUENCE ) ) )
{
if( !rList_addSEQUENCE( msgList, req ) )
{
rList_free( msgList );
rSequence_free( req );
msgList = NULL;
}
}
else
{
rSequence_free( req );
}
}
return msgList;
}
static
rString
assembleOutboundStream
(
RpHcp_ModuleId moduleId,
rList payload,
RU8 sessionKey[ CRYPTOLIB_SYM_KEY_SIZE ],
RU8 sessionIv[ CRYPTOLIB_SYM_IV_SIZE ]
)
{
rString str = NULL;
rSequence hdrSeq = NULL;
rSequence hcpid = NULL;
rBlob blob = NULL;
RPCHAR encoded = NULL;
RPU8 encBuffer = NULL;
RU64 encSize = 0;
RPU8 finalBuffer = NULL;
RU32 finalSize = 0;
RPCHAR hostName = NULL;
RBOOL isSuccess = FALSE;
OBFUSCATIONLIB_DECLARE( payHdr, RP_HCP_CONFIG_PAYLOAD_HDR );
str = rpal_stringbuffer_new( 0, 0, FALSE );
if( NULL != str )
{
if( NULL != ( hdrSeq = rSequence_new() ) )
{
if( NULL != ( hcpid = hcpIdToSeq( g_hcpContext.currentId ) ) )
{
// System basic information
// Host Name
if( NULL != ( hostName = libOs_getHostName() ) )
{
rSequence_addSTRINGA( hdrSeq, RP_TAGS_HOST_NAME, hostName );
rpal_memory_free( hostName );
}
else
{
rpal_debug_warning( "could not determine hostname" );
}
// Internal IP
rSequence_addIPV4( hdrSeq, RP_TAGS_IP_ADDRESS, libOs_getMainIp() );
if( rSequence_addSEQUENCE( hdrSeq, RP_TAGS_HCP_ID, hcpid ) &&
rSequence_addRU8( hdrSeq, RP_TAGS_HCP_MODULE_ID, moduleId ) &&
rSequence_addBUFFER( hdrSeq, RP_TAGS_SYM_KEY, sessionKey, CRYPTOLIB_SYM_KEY_SIZE ) &&
rSequence_addBUFFER( hdrSeq, RP_TAGS_SYM_IV, sessionIv, CRYPTOLIB_SYM_IV_SIZE ) )
{
if( NULL != g_hcpContext.enrollmentToken &&
0 != g_hcpContext.enrollmentTokenSize )
{
rSequence_addBUFFER( hdrSeq, RP_TAGS_HCP_ENROLLMENT_TOKEN, g_hcpContext.enrollmentToken, g_hcpContext.enrollmentTokenSize );
}
if( NULL != payload )
{
blob = rpal_blob_create( 0, 0 );
}
if( NULL == payload ||
NULL != blob )
{
if( rSequence_serialise( hdrSeq, blob ) &&
( NULL == payload ||
rList_serialise( payload, blob ) ) )
{
encSize = compressBound( rpal_blob_getSize( blob ) );
encBuffer = rpal_memory_alloc( (RU32)encSize );
if( NULL == payload ||
NULL != encBuffer )
{
if( NULL == payload ||
Z_OK == compress( encBuffer, (uLongf*)&encSize, (RPU8)rpal_blob_getBuffer( blob ), rpal_blob_getSize( blob ) ) )
{
FREE_N_NULL( blob, rpal_blob_free );
if( NULL == payload ||
CryptoLib_fastAsymEncrypt( encBuffer, (RU32)encSize, getC2PublicKey(), &finalBuffer, &finalSize ) )
{
FREE_N_NULL( encBuffer, rpal_memory_free );
if( NULL == payload ||
base64_encode( finalBuffer, finalSize, &encoded, TRUE ) )
{
isSuccess = TRUE;
if( NULL != payload )
{
FREE_N_NULL( finalBuffer, rpal_memory_free );
DO_IFF( rpal_stringbuffer_add( str, "&" ), isSuccess );
OBFUSCATIONLIB_TOGGLE( payHdr );
DO_IFF( rpal_stringbuffer_add( str, (RPCHAR)payHdr ), isSuccess );
DO_IFF( rpal_stringbuffer_add( str, encoded ), isSuccess );
OBFUSCATIONLIB_TOGGLE( payHdr );
}
IF_VALID_DO( encoded, rpal_memory_free );
}
IF_VALID_DO( finalBuffer, rpal_memory_free );
}
}
IF_VALID_DO( encBuffer, rpal_memory_free );
}
}
IF_VALID_DO( blob, rpal_blob_free );
}
}
}
rSequence_free( hdrSeq );
}
if( !isSuccess )
{
rpal_stringbuffer_free( str );
str = NULL;
}
}
return str;
}
