static gboolean sscg_make_dummy_cert (const gchar *key_file, const gchar *cert_file, const gchar *ca_file, GError **error) { gboolean ret = FALSE; gint exit_status; gchar *stderr_str = NULL; gchar *command_line = NULL; gchar *cn = get_common_name (); gchar *machine_id = get_machine_id (); gchar *org; if (machine_id) org = machine_id; else org = ""; const gchar *argv[] = { "sscg", "--quiet", "--lifetime", "3650", "--key-strength", "2048", "--cert-key-file", key_file, "--cert-file", cert_file, "--ca-file", ca_file, "--hostname", cn, "--organization", org, "--subject-alt-name", "localhost", "--subject-alt-name", "IP:127.0.0.1/255.255.255.255", NULL }; command_line = g_strjoinv (" ", (gchar **)argv); g_info ("Generating temporary certificate using: %s", command_line); if (!g_spawn_sync (NULL, (gchar **)argv, NULL, G_SPAWN_SEARCH_PATH, NULL, NULL, NULL, &stderr_str, &exit_status, error) || !g_spawn_check_exit_status (exit_status, error)) { /* Failure of SSCG is non-fatal */ g_info ("Error generating temporary dummy cert using sscg, " "falling back to openssl"); g_clear_error (error); goto out; } ret = TRUE; out: g_free (stderr_str); g_free (command_line); g_free (machine_id); g_free (cn); return ret; }
DWORD request_core_machine_id(Remote* remote, Packet* packet) { DWORD res = ERROR_SUCCESS; Packet* response = packet_create_response(packet); if (response) { packet_add_tlv_string(response, TLV_TYPE_MACHINE_ID, get_machine_id()); packet_transmit_response(res, remote, response); } return ERROR_SUCCESS; }
static gchar * generate_subject (void) { gchar *cn; gchar *machine_id; gchar *subject; /* * HACK: We have to use a unique value in DN because otherwise * firefox hangs. * * https://bugzilla.redhat.com/show_bug.cgi?id=1204670 * * In addition we have to generate the certificate with CA:TRUE * because old versions of NSS refuse to process self-signed * certificates if that's not the case. * */ cn = get_common_name (); machine_id = get_machine_id (); if (machine_id && !g_str_equal (machine_id, "")) { subject = g_strdup_printf ("/O=%s/CN=%s", machine_id, cn); } else { subject = g_strdup_printf ("/CN=%s", cn); } g_free (cn); g_free (machine_id); return subject; }
static int load_config_file(DaemonConfig *c) { int r = -1; AvahiIniFile *f; AvahiIniFileGroup *g; assert(c); if (!(f = avahi_ini_file_load(c->config_file ? c->config_file : AVAHI_CONFIG_FILE))) goto finish; for (g = f->groups; g; g = g->groups_next) { if (strcasecmp(g->name, "server") == 0) { AvahiIniFilePair *p; for (p = g->pairs; p; p = p->pairs_next) { if (strcasecmp(p->key, "host-name") == 0) { avahi_free(c->server_config.host_name); c->server_config.host_name = avahi_strdup(p->value); } else if (strcasecmp(p->key, "domain-name") == 0) { avahi_free(c->server_config.domain_name); c->server_config.domain_name = avahi_strdup(p->value); } else if (strcasecmp(p->key, "browse-domains") == 0) { char **e, **t; e = avahi_split_csv(p->value); for (t = e; *t; t++) { char cleaned[AVAHI_DOMAIN_NAME_MAX]; if (!avahi_normalize_name(*t, cleaned, sizeof(cleaned))) { avahi_log_error("Invalid domain name \"%s\" for key \"%s\" in group \"%s\"\n", *t, p->key, g->name); avahi_strfreev(e); goto finish; } c->server_config.browse_domains = avahi_string_list_add(c->server_config.browse_domains, cleaned); } avahi_strfreev(e); c->server_config.browse_domains = filter_duplicate_domains(c->server_config.browse_domains); } else if (strcasecmp(p->key, "use-ipv4") == 0) c->server_config.use_ipv4 = is_yes(p->value); else if (strcasecmp(p->key, "use-ipv6") == 0) c->server_config.use_ipv6 = is_yes(p->value); else if (strcasecmp(p->key, "check-response-ttl") == 0) c->server_config.check_response_ttl = is_yes(p->value); else if (strcasecmp(p->key, "allow-point-to-point") == 0) c->server_config.allow_point_to_point = is_yes(p->value); else if (strcasecmp(p->key, "use-iff-running") == 0) c->server_config.use_iff_running = is_yes(p->value); else if (strcasecmp(p->key, "disallow-other-stacks") == 0) c->server_config.disallow_other_stacks = is_yes(p->value); else if (strcasecmp(p->key, "host-name-from-machine-id") == 0) { if (*(p->value) == 'y' || *(p->value) == 'Y') { char *machine_id = get_machine_id(); if (machine_id != NULL) { avahi_free(c->server_config.host_name); c->server_config.host_name = machine_id; } } } #ifdef HAVE_DBUS else if (strcasecmp(p->key, "enable-dbus") == 0) { if (*(p->value) == 'w' || *(p->value) == 'W') { c->fail_on_missing_dbus = 0; c->enable_dbus = 1; } else if (*(p->value) == 'y' || *(p->value) == 'Y') { c->fail_on_missing_dbus = 1; c->enable_dbus = 1; } else { c->enable_dbus = 0; } } #endif else if (strcasecmp(p->key, "allow-interfaces") == 0) { char **e, **t; avahi_string_list_free(c->server_config.allow_interfaces); c->server_config.allow_interfaces = NULL; e = avahi_split_csv(p->value); for (t = e; *t; t++) c->server_config.allow_interfaces = avahi_string_list_add(c->server_config.allow_interfaces, *t); avahi_strfreev(e); } else if (strcasecmp(p->key, "deny-interfaces") == 0) { char **e, **t; avahi_string_list_free(c->server_config.deny_interfaces); c->server_config.deny_interfaces = NULL; e = avahi_split_csv(p->value); for (t = e; *t; t++) c->server_config.deny_interfaces = avahi_string_list_add(c->server_config.deny_interfaces, *t); avahi_strfreev(e); } else if (strcasecmp(p->key, "ratelimit-interval-usec") == 0) { AvahiUsec k; if (parse_usec(p->value, &k) < 0) { avahi_log_error("Invalid ratelimit-interval-usec setting %s", p->value); goto finish; } c->server_config.ratelimit_interval = k; } else if (strcasecmp(p->key, "ratelimit-burst") == 0) { unsigned k; if (parse_unsigned(p->value, &k) < 0) { avahi_log_error("Invalid ratelimit-burst setting %s", p->value); goto finish; } c->server_config.ratelimit_burst = k; } else if (strcasecmp(p->key, "cache-entries-max") == 0) { unsigned k; if (parse_unsigned(p->value, &k) < 0) { avahi_log_error("Invalid cache-entries-max setting %s", p->value); goto finish; } c->server_config.n_cache_entries_max = k; #ifdef HAVE_DBUS } else if (strcasecmp(p->key, "clients-max") == 0) { unsigned k; if (parse_unsigned(p->value, &k) < 0) { avahi_log_error("Invalid clients-max setting %s", p->value); goto finish; } c->n_clients_max = k; } else if (strcasecmp(p->key, "objects-per-client-max") == 0) { unsigned k; if (parse_unsigned(p->value, &k) < 0) { avahi_log_error("Invalid objects-per-client-max setting %s", p->value); goto finish; } c->n_objects_per_client_max = k; } else if (strcasecmp(p->key, "entries-per-entry-group-max") == 0) { unsigned k; if (parse_unsigned(p->value, &k) < 0) { avahi_log_error("Invalid entries-per-entry-group-max setting %s", p->value); goto finish; } c->n_entries_per_entry_group_max = k; #endif } else { avahi_log_error("Invalid configuration key \"%s\" in group \"%s\"\n", p->key, g->name); goto finish; } } } else if (strcasecmp(g->name, "publish") == 0) { AvahiIniFilePair *p; for (p = g->pairs; p; p = p->pairs_next) { if (strcasecmp(p->key, "publish-addresses") == 0) c->server_config.publish_addresses = is_yes(p->value); else if (strcasecmp(p->key, "publish-hinfo") == 0) c->server_config.publish_hinfo = is_yes(p->value); else if (strcasecmp(p->key, "publish-workstation") == 0) c->server_config.publish_workstation = is_yes(p->value); else if (strcasecmp(p->key, "publish-domain") == 0) c->server_config.publish_domain = is_yes(p->value); else if (strcasecmp(p->key, "publish-resolv-conf-dns-servers") == 0) c->publish_resolv_conf = is_yes(p->value); else if (strcasecmp(p->key, "disable-publishing") == 0) c->server_config.disable_publishing = is_yes(p->value); else if (strcasecmp(p->key, "disable-user-service-publishing") == 0) c->disable_user_service_publishing = is_yes(p->value); else if (strcasecmp(p->key, "add-service-cookie") == 0) c->server_config.add_service_cookie = is_yes(p->value); else if (strcasecmp(p->key, "publish-dns-servers") == 0) { avahi_strfreev(c->publish_dns_servers); c->publish_dns_servers = avahi_split_csv(p->value); } else if (strcasecmp(p->key, "publish-a-on-ipv6") == 0) c->server_config.publish_a_on_ipv6 = is_yes(p->value); else if (strcasecmp(p->key, "publish-aaaa-on-ipv4") == 0) c->server_config.publish_aaaa_on_ipv4 = is_yes(p->value); else { avahi_log_error("Invalid configuration key \"%s\" in group \"%s\"\n", p->key, g->name); goto finish; } } } else if (strcasecmp(g->name, "wide-area") == 0) { AvahiIniFilePair *p; for (p = g->pairs; p; p = p->pairs_next) { if (strcasecmp(p->key, "enable-wide-area") == 0) c->server_config.enable_wide_area = is_yes(p->value); else { avahi_log_error("Invalid configuration key \"%s\" in group \"%s\"\n", p->key, g->name); goto finish; } } } else if (strcasecmp(g->name, "reflector") == 0) { AvahiIniFilePair *p; for (p = g->pairs; p; p = p->pairs_next) { if (strcasecmp(p->key, "enable-reflector") == 0) c->server_config.enable_reflector = is_yes(p->value); else if (strcasecmp(p->key, "reflect-ipv") == 0) c->server_config.reflect_ipv = is_yes(p->value); else { avahi_log_error("Invalid configuration key \"%s\" in group \"%s\"\n", p->key, g->name); goto finish; } } } else if (strcasecmp(g->name, "rlimits") == 0) { AvahiIniFilePair *p; for (p = g->pairs; p; p = p->pairs_next) { if (strcasecmp(p->key, "rlimit-as") == 0) { c->rlimit_as_set = 1; c->rlimit_as = atoi(p->value); } else if (strcasecmp(p->key, "rlimit-core") == 0) { c->rlimit_core_set = 1; c->rlimit_core = atoi(p->value); } else if (strcasecmp(p->key, "rlimit-data") == 0) { c->rlimit_data_set = 1; c->rlimit_data = atoi(p->value); } else if (strcasecmp(p->key, "rlimit-fsize") == 0) { c->rlimit_fsize_set = 1; c->rlimit_fsize = atoi(p->value); } else if (strcasecmp(p->key, "rlimit-nofile") == 0) { c->rlimit_nofile_set = 1; c->rlimit_nofile = atoi(p->value); } else if (strcasecmp(p->key, "rlimit-stack") == 0) { c->rlimit_stack_set = 1; c->rlimit_stack = atoi(p->value); } else if (strcasecmp(p->key, "rlimit-nproc") == 0) { #ifdef RLIMIT_NPROC c->rlimit_nproc_set = 1; c->rlimit_nproc = atoi(p->value); #else avahi_log_error("Ignoring configuration key \"%s\" in group \"%s\"\n", p->key, g->name); #endif } else { avahi_log_error("Invalid configuration key \"%s\" in group \"%s\"\n", p->key, g->name); goto finish; } } } else { avahi_log_error("Invalid configuration file group \"%s\".\n", g->name); goto finish; } } r = 0; finish: if (f) avahi_ini_file_free(f); return r; }
bool k8s_event_handler::handle_component(const Json::Value& json, const msg_data* data) { if(m_event_filter) { if(m_state) { if(data) { if((data->m_reason == k8s_component::COMPONENT_ADDED) || (data->m_reason == k8s_component::COMPONENT_MODIFIED)) { g_logger.log("K8s EVENT: handling event.", sinsp_logger::SEV_TRACE); const Json::Value& involved_object = json["involvedObject"]; if(!involved_object.isNull()) { bool is_aggregate = (get_json_string(json , "message").find("events with common reason combined") != std::string::npos); time_t last_ts = get_epoch_utc_seconds(get_json_string(json , "lastTimestamp")); time_t now_ts = get_epoch_utc_seconds_now(); g_logger.log("K8s EVENT: lastTimestamp=" + std::to_string(last_ts) + ", now_ts=" + std::to_string(now_ts), sinsp_logger::SEV_TRACE); if(((last_ts > 0) && (now_ts > 0)) && // we got good timestamps !is_aggregate && // not an aggregated cached event ((now_ts - last_ts) < 10)) // event not older than 10 seconds { const Json::Value& kind = involved_object["kind"]; const Json::Value& event_reason = json["reason"]; g_logger.log("K8s EVENT: involved object and event reason found:" + kind.asString() + '/' + event_reason.asString(), sinsp_logger::SEV_TRACE); if(!kind.isNull() && kind.isConvertibleTo(Json::stringValue) && !event_reason.isNull() && event_reason.isConvertibleTo(Json::stringValue)) { bool is_allowed = m_event_filter->allows_all(); std::string type = kind.asString(); if(!is_allowed && !type.empty()) { std::string reason = event_reason.asString(); is_allowed = m_event_filter->allows_all(type); if(!is_allowed && !reason.empty()) { is_allowed = m_event_filter->has(type, reason); } } if(is_allowed) { k8s_events& evts = m_state->get_events(); if(evts.size() < sinsp_user_event::max_events_per_cycle()) { k8s_event_t& evt = m_state->add_component<k8s_events, k8s_event_t>(evts, data->m_name, data->m_uid, data->m_namespace); m_state->update_event(evt, json); m_event_limit_exceeded = false; if(g_logger.get_severity() >= sinsp_logger::SEV_DEBUG) { g_logger.log("K8s EVENT: added event [" + data->m_name + "]. " "Queued events count=" + std::to_string(evts.size()), sinsp_logger::SEV_DEBUG); } } else if(!m_event_limit_exceeded) // only get in here once per cycle, to send event overflow warning { sinsp_user_event::emit_event_overflow("Kubernetes", get_machine_id()); m_event_limit_exceeded = true; return false; } else // event limit exceeded and overflow logged, nothing to do { return false; } } else // event not allowed by filter, ignore { if(g_logger.get_severity() >= sinsp_logger::SEV_TRACE) { g_logger.log("K8s EVENT: filter does not allow {\"" + type + "\", \"{" + event_reason.asString() + "\"} }", sinsp_logger::SEV_TRACE); g_logger.log(m_event_filter->to_string(), sinsp_logger::SEV_TRACE); } m_event_ignored = true; return false; } } else { g_logger.log("K8s EVENT: event type or involvedObject kind not found.", sinsp_logger::SEV_ERROR); if(g_logger.get_severity() >= sinsp_logger::SEV_TRACE) { g_logger.log(Json::FastWriter().write(json), sinsp_logger::SEV_TRACE); } return false; } } else // old event, ignore { g_logger.log("K8s EVENT: old event, ignoring: " ", lastTimestamp=" + std::to_string(last_ts) + ", now_ts=" + std::to_string(now_ts), sinsp_logger::SEV_DEBUG); m_event_ignored = true; return false; } } else { g_logger.log("K8s EVENT: involvedObject not found.", sinsp_logger::SEV_ERROR); g_logger.log(Json::FastWriter().write(json), sinsp_logger::SEV_TRACE); return false; } } else // not ADDED or MODIFIED event, ignore { m_event_ignored = true; return false; } } else { g_logger.log("K8s EVENT: msg data is null.", sinsp_logger::SEV_ERROR); g_logger.log(Json::FastWriter().write(json), sinsp_logger::SEV_TRACE); return false; } } else { g_logger.log("K8s EVENT: state is null.", sinsp_logger::SEV_ERROR); return false; } } else { g_logger.log("K8s EVENT: no filter, K8s events disabled.", sinsp_logger::SEV_TRACE); return false; } return true; }