/**
* Parse and execute a command.
*/
int parse_command( command_t *c, int level, command_t *father)
{
int returnare;
if (c->op == OP_NONE) {
/* execute a simple command */
if(c->scmd != NULL && c->cmd1 == NULL && c->cmd2 == NULL)
return parse_simple( c->scmd, level, c);
}
switch (c->op) {
case OP_SEQUENTIAL:
/* execute the commands one after the other */
returnare = parse_command( c->cmd1, level++, c);
returnare = parse_command( c->cmd2, level++, c);
return returnare;
break;
case OP_PARALLEL:
/* execute the commands simultaneously */
do_in_parallel( c->cmd1, c->cmd2, level++, c);
break;
case OP_CONDITIONAL_NZERO:
/* execute the second command only if the first one
* returns non zero */
returnare = parse_command( c->cmd1, level++,c);
if(returnare != 0)
returnare = parse_command( c->cmd2, level++, c);
return returnare;
break;
case OP_CONDITIONAL_ZERO:
/* execute the second command only if the first one
* returns zero */
returnare = parse_command(c->cmd1, level++, c);
if(returnare == 0)
returnare = parse_command( c->cmd2, level++, c);
return returnare;
break;
case OP_PIPE:
/* redirect the output of the first command to the
* input of the second */
return do_on_pipe( c->cmd1, c->cmd2, level++, c);
break;
default:
assert(false);
}
return 0; /* replace with actual exit code of command */
}
int read_expr(char *input, char **end, Atom *result)
{
char *token;
Error err = lex(input, &token, end);
if(err)
return err;
if(token[0] == '(')
return read_list(*end, end, result);
// else if(token[0] == ')')
// return ERROR_SYNTAX;
else
return parse_simple(token, *end, result);
}
sinsp_tracerparser::parse_result sinsp_tracerparser::process_event_data(char *data, uint32_t datalen, uint64_t ts)
{
ASSERT(data != NULL);
m_storlen = m_fragment_size + datalen;
//
// Make sure we have enough space in the buffer and copy the data into it
//
if(m_storage_size < m_storlen + 1)
{
set_storage_size(m_storlen + 1);
}
memcpy(m_storage + m_fragment_size, data, datalen);
m_storage[m_storlen] = 0;
if(m_fragment_size != 0)
{
m_fullfragment_storage_str = m_storage;
}
//
// Do the parsing
//
if(m_storlen > 0)
{
//
// Reset the content
//
m_res = sinsp_tracerparser::RES_OK;
m_tags.clear();
m_argnames.clear();
m_argvals.clear();
m_taglens.clear();
m_argnamelens.clear();
m_argvallens.clear();
m_tot_taglens = 0;
m_tot_argnamelens = 0;
m_tot_argvallens = 0;
if(m_storage[0] == '>' || m_storage[0] == '<')
{
parse_simple(m_storage);
}
else
{
parse_json(m_storage);
}
}
else
{
m_res = sinsp_tracerparser::RES_FAILED;
}
if(m_res == sinsp_tracerparser::RES_FAILED)
{
//
// Invalid syntax
//
m_fragment_size = 0;
m_fullfragment_storage_str.clear();
return m_res;
}
else if(m_res == sinsp_tracerparser::RES_TRUNCATED)
{
//
// Valid syntax, but the message is incomplete. Buffer it and wait for
// more fragments.
//
if(m_fragment_size > MAX_USER_EVT_BUFFER)
{
//
// Maximum buffering size reached, drop the event
//
m_fragment_size = 0;
return m_res;
}
if(m_fullfragment_storage_str.length() == 0)
{
memcpy(m_storage,
data,
datalen);
m_storage[datalen] = 0;
m_fragment_size += datalen;
}
else
{
uint32_t tlen = (uint32_t)m_fullfragment_storage_str.length();
memcpy(m_storage,
m_fullfragment_storage_str.c_str(),
tlen);
m_fragment_size = tlen;
}
return m_res;
}
m_fragment_size = 0;
m_fullfragment_storage_str.clear();
//
// Parser tests stop here
//
if(m_inspector == NULL)
{
return sinsp_tracerparser::RES_OK;
}
//
// Event decoding done. We do state tracking only if explicitly requested
// by one or more filters.
//
if(m_inspector->m_track_tracers_state == false)
{
return sinsp_tracerparser::RES_OK;
}
//
// If this is an enter event, allocate a sinsp_partial_tracer object and
// push it to the list
//
if(m_type_str[0] == '>')
{
sinsp_partial_tracer* pae = m_inspector->m_partial_tracers_pool->pop();
if(pae == NULL)
{
//
// The list is completely used. This likely means that there have been drops and
// the entries will be stuck there forever. Better clean the list, miss the 128
// events it contains, and start fresh.
//
list<sinsp_partial_tracer*>* partial_tracers_list = &m_inspector->m_partial_tracers_list;
list<sinsp_partial_tracer*>::iterator it;
for(it = partial_tracers_list->begin(); it != partial_tracers_list->end(); ++it)
{
m_inspector->m_partial_tracers_pool->push(*it);
}
partial_tracers_list->clear();
return sinsp_tracerparser::RES_OK;
}
init_partial_tracer(pae);
pae->m_time = ts;
m_inspector->m_partial_tracers_list.push_front(pae);
m_enter_pae = pae;
}
else
{
list<sinsp_partial_tracer*>* partial_tracers_list = &m_inspector->m_partial_tracers_list;
list<sinsp_partial_tracer*>::iterator it;
init_partial_tracer(&m_exit_pae);
for(it = partial_tracers_list->begin(); it != partial_tracers_list->end(); ++it)
{
if(m_exit_pae.compare(*it) == true)
{
m_exit_pae.m_time = ts;
//
// This is a bit tricky and deserves some explanation:
// despite removing the pae and returning it to the available pool,
// we link to it so that the filters will use it. We do that as an
// optimization (it avoids making a copy or implementing logic for
// delayed list removal), and we base it on the assumption that,
// since the processing is strictly sequential and single thread,
// nobody will modify the pae until the event is fully processed.
//
m_enter_pae = *it;
m_inspector->m_partial_tracers_pool->push(*it);
partial_tracers_list->erase(it);
return sinsp_tracerparser::RES_OK;
}
}
m_enter_pae = NULL;
}
return sinsp_tracerparser::RES_OK;
}
static hFILE * s3_rewrite(const char *s3url, const char *mode, va_list *argsp)
{
const char *bucket, *path;
char *header_list[4], **header = header_list;
kstring_t url = { 0, 0, NULL };
kstring_t profile = { 0, 0, NULL };
kstring_t host_base = { 0, 0, NULL };
kstring_t token_hdr = { 0, 0, NULL };
s3_auth_data *ad = calloc(1, sizeof(*ad));
if (!ad)
return NULL;
ad->mode = strchr(mode, 'r') ? 'r' : 'w';
// Our S3 URL format is s3[+SCHEME]://[ID[:SECRET[:TOKEN]]@]BUCKET/PATH
if (s3url[2] == '+') {
bucket = strchr(s3url, ':') + 1;
kputsn(&s3url[3], bucket - &s3url[3], &url);
}
else {
kputs("https:", &url);
bucket = &s3url[3];
}
while (*bucket == '/') kputc(*bucket++, &url);
path = bucket + strcspn(bucket, "/?#@");
if (*path == '@') {
const char *colon = strpbrk(bucket, ":@");
if (*colon != ':') {
urldecode_kput(bucket, colon - bucket, &profile);
}
else {
const char *colon2 = strpbrk(&colon[1], ":@");
urldecode_kput(bucket, colon - bucket, &ad->id);
urldecode_kput(&colon[1], colon2 - &colon[1], &ad->secret);
if (*colon2 == ':')
urldecode_kput(&colon2[1], path - &colon2[1], &ad->token);
}
bucket = &path[1];
path = bucket + strcspn(bucket, "/?#");
}
else {
// If the URL has no ID[:SECRET]@, consider environment variables.
const char *v;
if ((v = getenv("AWS_ACCESS_KEY_ID")) != NULL) kputs(v, &ad->id);
if ((v = getenv("AWS_SECRET_ACCESS_KEY")) != NULL) kputs(v, &ad->secret);
if ((v = getenv("AWS_SESSION_TOKEN")) != NULL) kputs(v, &ad->token);
if ((v = getenv("AWS_DEFAULT_PROFILE")) != NULL) kputs(v, &profile);
else if ((v = getenv("AWS_PROFILE")) != NULL) kputs(v, &profile);
else kputs("default", &profile);
}
if (ad->id.l == 0) {
const char *v = getenv("AWS_SHARED_CREDENTIALS_FILE");
parse_ini(v? v : "~/.aws/credentials", profile.s,
"aws_access_key_id", &ad->id,
"aws_secret_access_key", &ad->secret,
"aws_session_token", &ad->token, NULL);
}
if (ad->id.l == 0)
parse_ini("~/.s3cfg", profile.s, "access_key", &ad->id,
"secret_key", &ad->secret, "access_token", &ad->token,
"host_base", &host_base, NULL);
if (ad->id.l == 0)
parse_simple("~/.awssecret", &ad->id, &ad->secret);
if (host_base.l == 0)
kputs("s3.amazonaws.com", &host_base);
// Use virtual hosted-style access if possible, otherwise path-style.
if (is_dns_compliant(bucket, path)) {
kputsn(bucket, path - bucket, &url);
kputc('.', &url);
kputs(host_base.s, &url);
}
else {
kputs(host_base.s, &url);
kputc('/', &url);
kputsn(bucket, path - bucket, &url);
}
kputs(path, &url);
if (ad->token.l > 0) {
kputs("X-Amz-Security-Token: ", &token_hdr);
kputs(ad->token.s, &token_hdr);
*header++ = token_hdr.s;
}
ad->bucket = strdup(bucket);
if (!ad->bucket)
goto fail;
*header = NULL;
hFILE *fp = hopen(url.s, mode, "va_list", argsp, "httphdr:v", header_list,
"httphdr_callback", auth_header_callback,
"httphdr_callback_data", ad, NULL);
if (!fp) goto fail;
free(url.s);
free(profile.s);
free(host_base.s);
free(token_hdr.s);
return fp;
fail:
free(url.s);
free(profile.s);
free(host_base.s);
free(token_hdr.s);
free_auth_data(ad);
return NULL;
}
/**
* Parse and execute a command.
*/
int parse_command(command_t *c, int level, command_t *father, void *h)
{
/* TODO sanity checks */
if (c->op == OP_NONE) {
/* TODO execute a simple command */
/* TODO replace with actual exit code of command */
return parse_simple(c->scmd, level, father, (HANDLE*)h);
}
switch (c->op) {
case OP_SEQUENTIAL:
/* TODO execute the commands one after the other */
parse_command(c->cmd1, level+1, c, (HANDLE*)h);
return parse_command(c->cmd2, level+1, c, (HANDLE*)h);
break;
case OP_PARALLEL:
/* TODO execute the commands simultaneously */
if(do_in_parallel(c->cmd1, c->cmd2, level, father)){
return 0;
}
return -1;
break;
case OP_CONDITIONAL_NZERO:
/* TODO execute the second command only if the first one
* returns non zero */
if(parse_command(c->cmd1, level+1, c, (HANDLE*)h)){
return parse_command(c->cmd2, level+1, c, (HANDLE*)h);
}
break;
case OP_CONDITIONAL_ZERO:
/* TODO execute the second command only if the first one
* returns zero */
if(parse_command(c->cmd1, level+1, c, (HANDLE*)h) == FALSE){
return parse_command(c->cmd2, level+1, c, (HANDLE*)h);
}
break;
case OP_PIPE:{
/* TODO redirect the output of the first command to the
* input of the second */
struct simple_command_t *cmds[100];
unsigned int x = 0;
if (do_on_pipe(c, level, father, cmds, &x)){
return 0;
}
else{
return -1;
}
break;
}
default:
return SHELL_EXIT;
}
return 0; /* TODO replace with actual exit code of command */
}
static int release_parse_line(void *ptr, const char *line, uint mask)
{
release_t *release = (release_t *) ptr;
int ret = 0;
unsigned int count = 0;
char **list = 0;
static int reading_md5sums = 0;
#ifdef HAVE_SHA256
static int reading_sha256sums = 0;
#endif
switch (*line) {
case 'A':
if (is_field("Architectures", line)) {
release->architectures = parse_list(line, &release->architectures_count,
' ', 0);
}
break;
case 'C':
if (is_field("Codename", line)) {
release->name = parse_simple("Codename", line);
} else if (is_field("Components", line)) {
release->components = parse_list(line, &release->components_count,
' ', 0);
}
break;
case 'D':
if (is_field("Date", line)) {
release->datestring = parse_simple("Date", line);
}
break;
case 'M':
if (is_field("MD5sum", line)) {
reading_md5sums = 1;
if (release->md5sums == NULL) {
release->md5sums = xcalloc(1, sizeof(cksum_list_t));
cksum_list_init(release->md5sums);
}
goto dont_reset_flags;
}
break;
#ifdef HAVE_SHA256
case 'S':
if (is_field("SHA256", line)) {
reading_sha256sums = 1;
if (release->sha256sums == NULL) {
release->sha256sums = xcalloc(1, sizeof(cksum_list_t));
cksum_list_init(release->sha256sums);
}
goto dont_reset_flags;
}
break;
#endif
case ' ':
if (reading_md5sums) {
list = parse_list(line, &count, ' ', 1);
cksum_list_append(release->md5sums, list);
goto dont_reset_flags;
}
#ifdef HAVE_SHA256
else if (reading_sha256sums) {
list = parse_list(line, &count, ' ', 1);
cksum_list_append(release->sha256sums, list);
goto dont_reset_flags;
}
#endif
break;
default:
ret = 1;
}
reading_md5sums = 0;
#ifdef HAVE_SHA256
reading_sha256sums = 0;
#endif
dont_reset_flags:
return ret;
}
static int
add_s3_settings(hFILE_libcurl *fp, const char *s3url, kstring_t *message)
{
int ret, save;
const char *bucket, *path;
char date_hdr[40];
CURLcode err;
kstring_t url = { 0, 0, NULL };
kstring_t profile = { 0, 0, NULL };
kstring_t id = { 0, 0, NULL };
kstring_t secret = { 0, 0, NULL };
kstring_t token = { 0, 0, NULL };
kstring_t token_hdr = { 0, 0, NULL };
kstring_t auth_hdr = { 0, 0, NULL };
time_t now = time(NULL);
#ifdef HAVE_GMTIME_R
struct tm tm_buffer;
struct tm *tm = gmtime_r(&now, &tm_buffer);
#else
struct tm *tm = gmtime(&now);
#endif
strftime(date_hdr, sizeof date_hdr, "Date: %a, %d %b %Y %H:%M:%S GMT", tm);
if (add_header(fp, date_hdr) < 0) goto error;
kputs(&date_hdr[6], message);
kputc('\n', message);
// Our S3 URL format is s3[+SCHEME]://[ID[:SECRET[:TOKEN]]@]BUCKET/PATH
if (s3url[2] == '+') {
bucket = strchr(s3url, ':') + 1;
kputsn(&s3url[3], bucket - &s3url[3], &url);
}
else {
kputs("https:", &url);
bucket = &s3url[3];
}
while (*bucket == '/') kputc(*bucket++, &url);
path = bucket + strcspn(bucket, "/?#@");
if (*path == '@') {
const char *colon = strpbrk(bucket, ":@");
if (*colon != ':') {
urldecode_kput(bucket, colon - bucket, fp, &profile);
}
else {
const char *colon2 = strpbrk(&colon[1], ":@");
urldecode_kput(bucket, colon - bucket, fp, &id);
urldecode_kput(&colon[1], colon2 - &colon[1], fp, &secret);
if (*colon2 == ':')
urldecode_kput(&colon2[1], path - &colon2[1], fp, &token);
}
bucket = &path[1];
path = bucket + strcspn(bucket, "/?#");
}
else {
// If the URL has no ID[:SECRET]@, consider environment variables.
const char *v;
if ((v = getenv("AWS_ACCESS_KEY_ID")) != NULL) kputs(v, &id);
if ((v = getenv("AWS_SECRET_ACCESS_KEY")) != NULL) kputs(v, &secret);
if ((v = getenv("AWS_SESSION_TOKEN")) != NULL) kputs(v, &token);
if ((v = getenv("AWS_DEFAULT_PROFILE")) != NULL) kputs(v, &profile);
else if ((v = getenv("AWS_PROFILE")) != NULL) kputs(v, &profile);
else kputs("default", &profile);
}
// Use virtual hosted-style access if possible, otherwise path-style.
if (is_dns_compliant(bucket, path)) {
kputsn(bucket, path - bucket, &url);
kputs(".s3.amazonaws.com", &url);
}
else {
kputs("s3.amazonaws.com/", &url);
kputsn(bucket, path - bucket, &url);
}
kputs(path, &url);
if (id.l == 0) {
const char *v = getenv("AWS_SHARED_CREDENTIALS_FILE");
parse_ini(v? v : "~/.aws/credentials", profile.s,
"aws_access_key_id", &id, "aws_secret_access_key", &secret,
"aws_session_token", &token, NULL);
}
if (id.l == 0)
parse_ini("~/.s3cfg", profile.s, "access_key", &id,
"secret_key", &secret, "access_token", &token, NULL);
if (id.l == 0)
parse_simple("~/.awssecret", &id, &secret);
if (token.l > 0) {
kputs("x-amz-security-token:", message);
kputs(token.s, message);
kputc('\n', message);
kputs("X-Amz-Security-Token: ", &token_hdr);
kputs(token.s, &token_hdr);
if (add_header(fp, token_hdr.s) < 0) goto error;
}
kputc('/', message);
kputs(bucket, message); // CanonicalizedResource is '/' + bucket + path
err = curl_easy_setopt(fp->easy, CURLOPT_URL, url.s);
if (err != CURLE_OK) { errno = easy_errno(fp->easy, err); goto error; }
// If we have no id/secret, we can't sign the request but will
// still be able to access public data sets.
if (id.l > 0 && secret.l > 0) {
unsigned char digest[DIGEST_BUFSIZ];
size_t digest_len = s3_sign(digest, &secret, message);
kputs("Authorization: AWS ", &auth_hdr);
kputs(id.s, &auth_hdr);
kputc(':', &auth_hdr);
base64_kput(digest, digest_len, &auth_hdr);
if (add_header(fp, auth_hdr.s) < 0) goto error;
}
ret = 0;
goto free_and_return;
error:
ret = -1;
free_and_return:
save = errno;
free(url.s);
free(profile.s);
free(id.s);
free(secret.s);
free(token.s);
free(token_hdr.s);
free(auth_hdr.s);
free(message->s);
errno = save;
return ret;
}
