gfwleak/tango-maat
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix maat_redis_tool, fix some mem leaks, use (uuid_t *) type as para of function to avoid some problems

Browse Source
This commit is contained in:
root
2024-09-27 11:38:41 +00:00
parent 3315428974
commit 3bbbd53f39
21 changed files with 313 additions and 296 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/inc_internal/maat_redis_monitor.h
View File

@@ -34,7 +34,7 @@ struct foreign_key {
//rm= Redis Maat
struct serial_rule {
enum maat_operation op;//0: delete, 1: add.
long long rule_id;
char rule_uuid_str[UUID_STR_LEN];
long long timeout; // absolute unix time.
char table_name[MAX_NAME_STR_LEN];
char *table_line;
@@ -48,7 +48,7 @@ struct serial_rule {
void maat_clear_rule_cache(struct serial_rule *s_rule);
void maat_set_serial_rule(struct serial_rule *rule, enum maat_operation op,
long long rule_id, const char *table_name,
const char *rule_uuid_str, const char *table_name,
const char *line, long long timeout);
redisContext *maat_connect_redis(const char *redis_ip, int redis_port,

2
src/inc_internal/maat_rule.h
View File

@@ -104,7 +104,7 @@ size_t rule_compile_state_get_last_hit_objects(struct rule_compile_state *rule_c
size_t rule_compile_state_get_last_hit_object_cnt(struct rule_compile_state *rule_compile_state);
int rule_compile_state_get_rule_table_id(struct rule_compile_state *rule_compile_state,
uuid_t rule_id);
uuid_t *rule_id);
#ifdef __cplusplus
}

2
src/maat_api.c
View File

@@ -2034,7 +2034,7 @@ int maat_state_get_rule_table_names(struct maat_state *state, uuid_t *rule_ids,
}
for (size_t i = 0; i < n_rule_ids; i++) {
int table_id = rule_compile_state_get_rule_table_id(state->rule_compile_state, rule_ids[i]);
int table_id = rule_compile_state_get_rule_table_id(state->rule_compile_state, &rule_ids[i]);
rule_table_names[i] = (char *)table_manager_get_table_name(state->maat_inst->tbl_mgr, table_id);
}

2
src/maat_bool_plugin.c
View File

@@ -436,6 +436,8 @@ int bool_plugin_runtime_update(void *bool_plugin_runtime,
ex_data_runtime_cached_row_count(bool_plugin_rt->ex_data_rt);
}
cJSON_Delete(json);
return 0;
ERROR:

6
src/maat_command.c
View File

@@ -287,9 +287,9 @@ int maat_cmd_set_line(struct maat *maat_inst,
line_rule->table_name);
if (table_id < 0) {
log_fatal(maat_inst->logger, MODULE_MAAT_COMMAND,
"[%s:%d] Command set line id %lld failed: "
"[%s:%d] Command set line id %s failed: "
"unknown table %s", __FUNCTION__, __LINE__,
line_rule->rule_id, line_rule->table_name);
line_rule->rule_uuid_str, line_rule->table_name);
FREE(s_rule);
return -1;
}
@@ -299,7 +299,7 @@ int maat_cmd_set_line(struct maat *maat_inst,
}
maat_set_serial_rule(s_rule, op,
line_rule->rule_id, line_rule->table_name,
line_rule->rule_uuid_str, line_rule->table_name,
line_rule->table_line, absolute_expire_time);
int success_cnt = maat_cmd_write_rule(write_ctx, s_rule, 1, server_time,

13
src/maat_config_monitor.c
View File

@@ -98,13 +98,19 @@ static void config_load_json_content(const cJSON *json_root, const char *table_n
if (rule == NULL) {
continue;
}
cJSON *rule_table = cJSON_GetObjectItem(rule, "rule_table_name");
char *rule_str = cJSON_PrintUnformatted(rule);
if (rule_str == NULL) {
continue;
}
update_fn(table_name, rule_str, u_param, MAAT_OP_ADD);
if (rule_table != NULL) {
update_fn(rule_table->valuestring, rule_str, u_param, MAAT_OP_ADD);
} else {
update_fn(table_name, rule_str, u_param, MAAT_OP_ADD);
}
FREE(rule_str);
}
}
@@ -276,6 +282,11 @@ void convert_maat_json_rule(cJSON **json_root, unsigned char *json_buff)
continue;
}
cJSON *negate_option = cJSON_GetObjectItem(tmp_condition, "negate_option");
if (negate_option == NULL) {
cJSON_AddBoolToObject(tmp_condition, "negate_option", 0);
}
cJSON_ArrayForEach(tmp_object, object_array) {
//find items, generate item_id and object_id
cJSON *object_id_obj = cJSON_GetObjectItem(tmp_object, "uuid");

4
src/maat_core.c
View File

@@ -410,6 +410,7 @@ void *rule_monitor_loop(void *arg)
be null terminated if it contains fewer bytes. */
char maat_name[MAX_INSTANCE_NAME_LEN + 1] = {0};
struct maat *maat_inst = (struct maat *)arg;
struct stat attrib;
if (strlen(maat_inst->opts.inst_name) > 0) {
snprintf(maat_name, sizeof(maat_name), "%s", maat_inst->opts.inst_name);
@@ -428,11 +429,12 @@ void *rule_monitor_loop(void *arg)
__FUNCTION__, __LINE__);
maat_read_full_config(maat_inst);
}
stat(maat_inst->opts.json_ctx.json_file, &attrib);//maat has read fullconfig either in maat_new(deffer==0) or above(deffer==1)
maat_inst->opts.json_ctx.last_md5_time = attrib.st_ctim;
pthread_mutex_unlock(&(maat_inst->background_update_mutex));
char md5_tmp[MD5_DIGEST_LENGTH * 2 + 1] = {0};
char err_str[NAME_MAX] = {0};
struct stat attrib;
cJSON *json_root = NULL;
while (maat_inst->is_running) {

6
src/maat_expr.c
View File

@@ -133,10 +133,10 @@ expr_item_new(struct expr_schema *expr_schema, const char *table_name,
}
uuid_parse(tmp_obj->valuestring, expr_item->object_uuid);
tmp_obj = cJSON_GetObjectItem(json, "keywords");
tmp_obj = cJSON_GetObjectItem(json, "expression");
if (tmp_obj == NULL || tmp_obj->type != cJSON_String) {
log_fatal(expr_rt->logger, MODULE_EXPR,
"[%s:%d] expr table:<%s> has no keywords in line:%s",
"[%s:%d] expr table:<%s> has no expression in line:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
goto error;
}
@@ -144,7 +144,7 @@ expr_item_new(struct expr_schema *expr_schema, const char *table_name,
if (len > MAX_KEYWORDS_STR_LEN) {
log_fatal(expr_rt->logger, MODULE_EXPR,
"[%s:%d] expr table:<%s> keywords length too long in line:%s",
"[%s:%d] expr table:<%s> expression length too long in line:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
goto error;
}

12
src/maat_flag.c
View File

@@ -210,24 +210,24 @@ flag_item_new(struct flag_schema *schema, const char *table_name,
uuid_parse(tmp_obj->valuestring, item->object_uuid);
tmp_obj = cJSON_GetObjectItem(json, "flag");
if (tmp_obj == NULL || tmp_obj->type != cJSON_String) {
if (tmp_obj == NULL || tmp_obj->type != cJSON_Number) {
log_fatal(flag_rt->logger, MODULE_FLAG,
"[%s:%d] flag table:<%s> has no flag in json:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
goto error;
}
item->flag = strtoull(tmp_obj->valuestring, NULL, 0);
item->flag = tmp_obj->valueint;
tmp_obj = cJSON_GetObjectItem(json, "flag_mask");
if (tmp_obj == NULL || tmp_obj->type != cJSON_String) {
tmp_obj = cJSON_GetObjectItem(json, "mask");
if (tmp_obj == NULL || tmp_obj->type != cJSON_Number) {
log_fatal(flag_rt->logger, MODULE_FLAG,
"[%s:%d] flag table:<%s> has no flag_mask in json:%s",
"[%s:%d] flag table:<%s> has no mask in json:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
goto error;
}
item->flag_mask = strtoull(tmp_obj->valuestring, NULL, 0);
item->flag_mask = tmp_obj->valueint;
return item;
error:

2
src/maat_fqdn_plugin.c
View File

@@ -414,6 +414,8 @@ int fqdn_plugin_runtime_update(void *fqdn_plugin_runtime,
ex_data_runtime_cached_row_count(fqdn_plugin_rt->ex_data_rt);
}
cJSON_Delete(json);
return 0;
ERROR:

1
src/maat_ip_plugin.c
View File

@@ -412,6 +412,7 @@ int ip_plugin_runtime_update(void *ip_plugin_runtime, void *ip_plugin_schema,
ex_data_runtime_cached_row_count(ip_plugin_rt->ex_data_rt);
}
cJSON_Delete(json);
return 0;
ERROR:

2
src/maat_ipport_plugin.c
View File

@@ -416,6 +416,8 @@ int ipport_plugin_runtime_update(void *ipport_plugin_runtime,
ex_data_runtime_cached_row_count(ipport_plugin_rt->ex_data_rt);
}
cJSON_Delete(json);
return 0;
ERROR:

95
src/maat_object.c
View File

@@ -296,7 +296,7 @@ object2object_item_new(const char *line, struct object2object_schema *o2o_schema
}
uuid_parse(tmp_obj->valuestring, o2o_item->object_uuid);
tmp_obj = cJSON_GetObjectItem(json, "include_object_uuids");
tmp_obj = cJSON_GetObjectItem(json, "included_sub_object_uuids");
if (tmp_obj == NULL || tmp_obj->type != cJSON_Array) {
log_fatal(logger, MODULE_OBJECT,
"[%s:%d] o2o table:<%s> has no included_sub_object_ids or format is not array in line:%s",
@@ -324,7 +324,7 @@ object2object_item_new(const char *line, struct object2object_schema *o2o_schema
goto error;
}
tmp_obj = cJSON_GetObjectItem(json, "exclude_object_uuids");
tmp_obj = cJSON_GetObjectItem(json, "excluded_sub_object_uuids");
if (tmp_obj == NULL || tmp_obj->type != cJSON_Array) {
log_fatal(logger, MODULE_OBJECT,
"[%s:%d] o2o table:<%s> has no excluded_sub_object_ids or format is not array in line:%s",
@@ -352,8 +352,13 @@ object2object_item_new(const char *line, struct object2object_schema *o2o_schema
goto error;
}
cJSON_Delete(json);
return o2o_item;
error:
if (json) {
cJSON_Delete(json);
}
FREE(o2o_item);
return NULL;
}
@@ -390,12 +395,12 @@ static size_t print_igraph_vector(igraph_vector_t *v, char *buff, size_t sz) {
}
static struct maat_object *
object_topology_add_object(struct maat_object_topology *object_topo, uuid_t object_uuid)
object_topology_add_object(struct maat_object_topology *object_topo, uuid_t *object_uuid)
{
assert(object_topo != NULL);
struct maat_object *object = ALLOC(struct maat_object, 1);
uuid_copy(object->object_uuid, object_uuid);
uuid_copy(object->object_uuid, *object_uuid);
object->vertex_id = object_topo->grp_vertex_id_generator++;
utarray_new(object->incl_super_object_uuids, &ut_object_uuid_icd);
utarray_new(object->excl_super_object_uuids, &ut_object_uuid_icd);
@@ -444,73 +449,73 @@ static void object_topology_del_object(struct maat_object_topology *object_topo,
}
static struct maat_object *
object_topology_find_object(struct maat_object_topology *object_topo, uuid_t object_uuid)
object_topology_find_object(struct maat_object_topology *object_topo, uuid_t *object_uuid)
{
if (NULL == object_topo || uuid_is_null(object_uuid)) {
if (NULL == object_topo || uuid_is_null(*object_uuid)) {
return NULL;
}
struct maat_object *object = NULL;
HASH_FIND(hh_object_uuid, object_topo->hash_by_object_uuid, (char*)&object_uuid, sizeof(uuid_t), object);
HASH_FIND(hh_object_uuid, object_topo->hash_by_object_uuid, (char*)object_uuid, sizeof(uuid_t), object);
return object;
}
static void maat_object_reference_super_object(struct maat_object *object,
uuid_t super_object_uuid,
uuid_t *super_object_uuid,
int is_exclude)
{
if (NULL == object || uuid_is_null(super_object_uuid)) {
if (NULL == object || uuid_is_null(*super_object_uuid)) {
return;
}
if (0 == is_exclude) {
//include superior object
if (!utarray_find(object->incl_super_object_uuids, &super_object_uuid,
if (!utarray_find(object->incl_super_object_uuids, super_object_uuid,
compare_object_uuid)) {
utarray_push_back(object->incl_super_object_uuids, &super_object_uuid);
utarray_push_back(object->incl_super_object_uuids, super_object_uuid);
utarray_sort(object->incl_super_object_uuids, compare_object_uuid);
}
} else {
//exclude superior object
if (!utarray_find(object->excl_super_object_uuids, &super_object_uuid,
if (!utarray_find(object->excl_super_object_uuids, super_object_uuid,
compare_object_uuid)) {
utarray_push_back(object->excl_super_object_uuids, &super_object_uuid);
utarray_push_back(object->excl_super_object_uuids, super_object_uuid);
utarray_sort(object->excl_super_object_uuids, compare_object_uuid);
}
}
}
static void maat_object_reference_sub_object(struct maat_object *object,
uuid_t sub_object_uuid,
uuid_t *sub_object_uuid,
int is_exclude)
{
if (NULL == object || uuid_is_null(sub_object_uuid)) {
if (NULL == object || uuid_is_null(*sub_object_uuid)) {
return;
}
if (0 == is_exclude) {
//include sub object
if (!utarray_find(object->incl_sub_object_uuids, &sub_object_uuid,
if (!utarray_find(object->incl_sub_object_uuids, sub_object_uuid,
compare_object_uuid)) {
utarray_push_back(object->incl_sub_object_uuids, &sub_object_uuid);
utarray_push_back(object->incl_sub_object_uuids, sub_object_uuid);
utarray_sort(object->incl_sub_object_uuids, compare_object_uuid);
}
} else {
//exclude sub object
if (!utarray_find(object->excl_sub_object_uuids, &sub_object_uuid,
if (!utarray_find(object->excl_sub_object_uuids, sub_object_uuid,
compare_object_uuid)) {
utarray_push_back(object->excl_sub_object_uuids, &sub_object_uuid);
utarray_push_back(object->excl_sub_object_uuids, sub_object_uuid);
utarray_sort(object->excl_sub_object_uuids, compare_object_uuid);
}
}
}
static void maat_object_dereference_super_object(struct maat_object *object,
uuid_t super_object_uuid,
uuid_t *super_object_uuid,
int is_exclude)
{
if (NULL == object || uuid_is_null(super_object_uuid)) {
if (NULL == object || uuid_is_null(*super_object_uuid)) {
return;
}
@@ -518,7 +523,7 @@ static void maat_object_dereference_super_object(struct maat_object *object,
uuid_t *tmp_uuid = NULL;
if (0 == is_exclude) {
//include superior object
tmp_uuid = utarray_find(object->incl_super_object_uuids, &super_object_uuid,
tmp_uuid = utarray_find(object->incl_super_object_uuids, super_object_uuid,
compare_object_uuid);
if (tmp_uuid != NULL) {
remove_idx = utarray_eltidx(object->incl_super_object_uuids, tmp_uuid);
@@ -526,7 +531,7 @@ static void maat_object_dereference_super_object(struct maat_object *object,
}
} else {
//exclude superior object
tmp_uuid = utarray_find(object->excl_super_object_uuids, &super_object_uuid,
tmp_uuid = utarray_find(object->excl_super_object_uuids, super_object_uuid,
compare_object_uuid);
if (tmp_uuid != NULL) {
remove_idx = utarray_eltidx(object->excl_super_object_uuids, tmp_uuid);
@@ -536,10 +541,10 @@ static void maat_object_dereference_super_object(struct maat_object *object,
}
static void maat_object_dereference_sub_object(struct maat_object *object,
uuid_t sub_object_uuid,
uuid_t *sub_object_uuid,
int is_exclude)
{
if (NULL == object || uuid_is_null(sub_object_uuid)) {
if (NULL == object || uuid_is_null(*sub_object_uuid)) {
return;
}
@@ -547,7 +552,7 @@ static void maat_object_dereference_sub_object(struct maat_object *object,
uuid_t *tmp_uuid = NULL;
if (0 == is_exclude) {
//include superior object
tmp_uuid = utarray_find(object->incl_sub_object_uuids, &sub_object_uuid,
tmp_uuid = utarray_find(object->incl_sub_object_uuids, sub_object_uuid,
compare_object_uuid);
if (tmp_uuid != NULL) {
remove_idx = utarray_eltidx(object->incl_sub_object_uuids, tmp_uuid);
@@ -555,7 +560,7 @@ static void maat_object_dereference_sub_object(struct maat_object *object,
}
} else {
//exclude superior object
tmp_uuid = utarray_find(object->excl_sub_object_uuids, &sub_object_uuid,
tmp_uuid = utarray_find(object->excl_sub_object_uuids, sub_object_uuid,
compare_object_uuid);
if (tmp_uuid != NULL) {
remove_idx = utarray_eltidx(object->excl_sub_object_uuids, tmp_uuid);
@@ -565,7 +570,7 @@ static void maat_object_dereference_sub_object(struct maat_object *object,
}
static int object_topology_add_object_to_object(struct maat_object_topology *object_topo,
uuid_t object_uuid, uuid_t sub_object_uuid,
uuid_t *object_uuid, uuid_t *sub_object_uuid,
int is_exclude)
{
if (NULL == object_topo) {
@@ -593,8 +598,8 @@ static int object_topology_add_object_to_object(struct maat_object_topology *obj
if (edge_id > 0) {
char object_uuid_str[37] = {0};
char sub_object_uuid_str[37] = {0};
uuid_unparse(object_uuid, object_uuid_str);
uuid_unparse(sub_object_uuid, sub_object_uuid_str);
uuid_unparse(*object_uuid, object_uuid_str);
uuid_unparse(*sub_object_uuid, sub_object_uuid_str);
log_fatal(object_topo->logger, MODULE_OBJECT,
"[%s:%d] Add object %s to object %s failed, relation already existed.",
__FUNCTION__, __LINE__, sub_object_uuid_str, object_uuid_str);
@@ -612,8 +617,8 @@ static int object_topology_add_object_to_object(struct maat_object_topology *obj
if (!is_dag) {
char object_uuid_str[37] = {0};
char sub_object_uuid_str[37] = {0};
uuid_unparse(object_uuid, object_uuid_str);
uuid_unparse(sub_object_uuid, sub_object_uuid_str);
uuid_unparse(*object_uuid, object_uuid_str);
uuid_unparse(*sub_object_uuid, sub_object_uuid_str);
log_fatal(object_topo->logger, MODULE_OBJECT,
"[%s:%d] Sub object cycle detected, sub_object_id:%s, object_id:%s!",
__FUNCTION__, __LINE__, sub_object_uuid_str, object_uuid_str);
@@ -624,7 +629,7 @@ static int object_topology_add_object_to_object(struct maat_object_topology *obj
}
static int object_topology_del_object_from_object(struct maat_object_topology *object_topo,
uuid_t object_uuid, uuid_t sub_object_uuid,
uuid_t *object_uuid, uuid_t *sub_object_uuid,
int is_exclude)
{
if (NULL == object_topo) {
@@ -636,8 +641,8 @@ static int object_topology_del_object_from_object(struct maat_object_topology *o
if (NULL == sub_object) {
char object_uuid_str[37] = {0};
char sub_object_uuid_str[37] = {0};
uuid_unparse(object_uuid, object_uuid_str);
uuid_unparse(sub_object_uuid, sub_object_uuid_str);
uuid_unparse(*object_uuid, object_uuid_str);
uuid_unparse(*sub_object_uuid, sub_object_uuid_str);
log_fatal(object_topo->logger, MODULE_OBJECT,
"[%s:%d] Del object %s from object %s failed, object %s not existed.",
__FUNCTION__, __LINE__, sub_object_uuid_str, object_uuid_str, sub_object_uuid_str);
@@ -648,8 +653,8 @@ static int object_topology_del_object_from_object(struct maat_object_topology *o
if (NULL == object) {
char object_uuid_str[37] = {0};
char sub_object_uuid_str[37] = {0};
uuid_unparse(object_uuid, object_uuid_str);
uuid_unparse(sub_object_uuid, sub_object_uuid_str);
uuid_unparse(*object_uuid, object_uuid_str);
uuid_unparse(*sub_object_uuid, sub_object_uuid_str);
log_fatal(object_topo->logger, MODULE_OBJECT,
"[%s:%d] Del object %s from object %s failed, object %s not existed.",
__FUNCTION__, __LINE__, sub_object_uuid_str, object_uuid_str, object_uuid_str);
@@ -750,7 +755,7 @@ int object2object_runtime_update(void *o2o_runtime, void *o2o_schema,
for (i = 0; i < utarray_len(o2o_item->incl_sub_object_uuids); i++) {
sub_object_uuid = (uuid_t *)utarray_eltptr(o2o_item->incl_sub_object_uuids, i);
ret = object_topology_del_object_from_object(o2o_rt->updating_object_topo,
o2o_item->object_uuid, *sub_object_uuid, 0);
&o2o_item->object_uuid, sub_object_uuid, 0);
if (ret != 0) {
err_flag = 1;
}
@@ -759,7 +764,7 @@ int object2object_runtime_update(void *o2o_runtime, void *o2o_schema,
for (i = 0; i < utarray_len(o2o_item->excl_sub_object_uuids); i++) {
sub_object_uuid = (uuid_t *)utarray_eltptr(o2o_item->excl_sub_object_uuids, i);
ret = object_topology_del_object_from_object(o2o_rt->updating_object_topo,
o2o_item->object_uuid, *sub_object_uuid, 1);
&o2o_item->object_uuid, sub_object_uuid, 1);
if (ret != 0) {
err_flag = 1;
}
@@ -778,7 +783,7 @@ int object2object_runtime_update(void *o2o_runtime, void *o2o_schema,
for (i = 0; i < utarray_len(o2o_item->incl_sub_object_uuids); i++) {
sub_object_uuid = (uuid_t *)utarray_eltptr(o2o_item->incl_sub_object_uuids, i);
ret = object_topology_add_object_to_object(o2o_rt->updating_object_topo,
o2o_item->object_uuid, *sub_object_uuid, 0);
&o2o_item->object_uuid, sub_object_uuid, 0);
if (ret != 0) {
err_flag = 1;
}
@@ -787,7 +792,7 @@ int object2object_runtime_update(void *o2o_runtime, void *o2o_schema,
for (i = 0; i < utarray_len(o2o_item->excl_sub_object_uuids); i++) {
sub_object_uuid = (uuid_t *)utarray_eltptr(o2o_item->excl_sub_object_uuids, i);
ret = object_topology_add_object_to_object(o2o_rt->updating_object_topo,
o2o_item->object_uuid, *sub_object_uuid, 1);
&o2o_item->object_uuid, sub_object_uuid, 1);
if (ret != 0) {
err_flag = 1;
}
@@ -865,7 +870,7 @@ static void get_candidate_super_object_ids(struct maat_object_topology *object_t
//Find super candidates
for (p = (uuid_t *)utarray_front(hit_object_uuids); p != NULL;
p = (uuid_t *)utarray_next(hit_object_uuids, p)) {
struct maat_object *object = object_topology_find_object(object_topo, *p);
struct maat_object *object = object_topology_find_object(object_topo, p);
if (NULL == object) {
//object_id not in object2object table
continue;
@@ -986,7 +991,7 @@ static void verify_candidate_super_object_ids(struct maat_object_topology *objec
}
uuid_copy(prev_object_uuid, *p);
struct maat_object *object = object_topology_find_object(object_topo, *p);
struct maat_object *object = object_topology_find_object(object_topo, p);
if (NULL == object) {
continue;
}
@@ -1029,7 +1034,7 @@ static void verify_candidate_super_object_ids(struct maat_object_topology *objec
*/
for (p = (uuid_t *)utarray_front(candidate_object_uuids); p != NULL;
p = (uuid_t *)utarray_next(candidate_object_uuids, p)) {
struct maat_object *object = object_topology_find_object(object_topo, *p);
struct maat_object *object = object_topology_find_object(object_topo, p);
if (NULL == object) {
continue;
}
@@ -1174,7 +1179,7 @@ size_t object2object_runtime_get_super_objects(void *o2o_runtime, uuid_t *object
size_t o2o_object_uuids_cnt = 0;
for (size_t i = 0; i < n_object_uuids; i++) {
struct maat_object *object = object_topology_find_object(o2o_rt->object_topo, object_uuids[i]);
struct maat_object *object = object_topology_find_object(o2o_rt->object_topo, &object_uuids[i]);
if (NULL == object) {
continue;
}

1
src/maat_plugin.c
View File

@@ -622,6 +622,7 @@ int plugin_runtime_update(void *plugin_runtime, void *plugin_schema,
"plugin table:<%s> update one line, key:%s, key_len:%zu, maat_operation:%d",
table_name, print_key, raw_key_len, op);
yyjson_doc_free(doc);
return 0;
ERROR:

98
src/maat_redis_monitor.c
View File

@@ -50,13 +50,13 @@ struct expected_reply {
};
static char *
get_foreign_cont_filename(const char *table_name, long long rule_id,
get_foreign_cont_filename(const char *table_name, const char* rule_uuid_str,
const char *foreign_key, const char *dir)
{
char buffer[512] = {0};
snprintf(buffer, sizeof(buffer),"%s/%s-%lld-%s", dir,
table_name, rule_id, foreign_key);
snprintf(buffer, sizeof(buffer),"%s/%s-%s-%s", dir,
table_name, rule_uuid_str, foreign_key);
char *filename = ALLOC(char, strlen(buffer) + 1);
memcpy(filename, buffer, strlen(buffer));
@@ -82,9 +82,9 @@ get_foregin_keys(struct serial_rule *p_rule, const char foreign_names[MAX_FOREIG
if (0 != strncmp(p_foreign, foreign_source_prefix,
strlen(foreign_source_prefix))) {
log_fatal(logger, MODULE_REDIS_MONITOR,
"[%s:%d] Get %s,%lld foreign key failed: "
"[%s:%d] Get %s,%s foreign key failed: "
"Invalid source prefix %s", __FUNCTION__, __LINE__,
p_rule->table_name, p_rule->rule_id, p_foreign);
p_rule->table_name, p_rule->rule_uuid_str, p_foreign);
continue;
}
@@ -94,15 +94,15 @@ get_foregin_keys(struct serial_rule *p_rule, const char foreign_names[MAX_FOREIG
if (0 != strncmp(p_foreign, foreign_key_prefix,
strlen(foreign_key_prefix))) {
log_info(logger, MODULE_REDIS_MONITOR,
"[%s:%d] %s, %lld foreign key prefix %s is not recommended",
__FUNCTION__, __LINE__, p_rule->table_name, p_rule->rule_id,
"[%s:%d] %s, %s foreign key prefix %s is not recommended",
__FUNCTION__, __LINE__, p_rule->table_name, p_rule->rule_uuid_str,
p_foreign);
}
p_rule->f_keys[p_rule->n_foreign].key = ALLOC(char, foreign_key_size + 1);
memcpy(p_rule->f_keys[p_rule->n_foreign].key, p_foreign, foreign_key_size);
p_rule->f_keys[p_rule->n_foreign].filename =
get_foreign_cont_filename(p_rule->table_name, p_rule->rule_id,
get_foreign_cont_filename(p_rule->table_name, p_rule->rule_uuid_str,
p_rule->f_keys[p_rule->n_foreign].key, dir);
p_rule->n_foreign++;
}
@@ -209,9 +209,9 @@ get_maat_redis_value(redisContext *c, struct serial_rule *rule_list,
for (i = 0; i < rule_num; i++) {
snprintf(redis_cmd, sizeof(redis_cmd),
"GET %s:%s,%lld", mr_key_prefix[rule_list[i].op],
"GET %s:%s,%s", mr_key_prefix[rule_list[i].op],
rule_list[i].table_name,
rule_list[i].rule_id);
rule_list[i].rule_uuid_str);
ret = redisAppendCommand(c, redis_cmd);
assert(ret == REDIS_OK);
}
@@ -220,9 +220,9 @@ get_maat_redis_value(redisContext *c, struct serial_rule *rule_list,
ret = maat_wrap_redis_get_reply(c, &reply);
if (ret == REDIS_ERR) {
log_fatal(logger, MODULE_REDIS_MONITOR,
"[%s:%d] Redis GET %s:%s,%lld failed, redis server error",
"[%s:%d] Redis GET %s:%s,%s failed, redis server error",
__FUNCTION__, __LINE__, mr_key_prefix[rule_list[i].op],
rule_list[i].table_name, rule_list[i].rule_id);
rule_list[i].table_name, rule_list[i].rule_uuid_str);
error_happened = 1;
break;
}
@@ -235,9 +235,9 @@ get_maat_redis_value(redisContext *c, struct serial_rule *rule_list,
failed_cnt++;
} else {
log_fatal(logger, MODULE_REDIS_MONITOR,
"[%s:%d] Redis GET %s:%s,%lld failed",
"[%s:%d] Redis GET %s:%s,%s failed",
__FUNCTION__, __LINE__, mr_key_prefix[rule_list[i].op],
rule_list[i].table_name, rule_list[i].rule_id);
rule_list[i].table_name, rule_list[i].rule_uuid_str);
error_happened = 1;
}
}
@@ -255,9 +255,9 @@ get_maat_redis_value(redisContext *c, struct serial_rule *rule_list,
for (i = 0; i < failed_cnt; i++) {
idx = retry_ids[i];
snprintf(redis_cmd, sizeof(redis_cmd),
"GET %s:%s,%lld", mr_key_prefix[MAAT_OP_DEL],
"GET %s:%s,%s", mr_key_prefix[MAAT_OP_DEL],
rule_list[idx].table_name,
rule_list[idx].rule_id);
rule_list[idx].rule_uuid_str);
ret = redisAppendCommand(c, redis_cmd);
}
@@ -396,9 +396,9 @@ get_inc_key_list(long long instance_version, long long target_version,
for (i = 0, j = 0; i < (int)reply->elements; i++) {
assert(reply->element[i]->type == REDIS_REPLY_STRING);
int ret = sscanf(reply->element[i]->str, "%3s,%[^,],%lld",
op_str, s_rule[j].table_name, &(s_rule[j].rule_id));
if (ret != 3 || s_rule[j].rule_id < 0) {
int ret = sscanf(reply->element[i]->str, "%3s,%[^,],%s",
op_str, s_rule[j].table_name, s_rule[j].rule_uuid_str);
if (ret != 3 || s_rule[j].rule_uuid_str[0] == '\0') {
log_fatal(logger, MODULE_REDIS_MONITOR,
"[%s:%d] Invalid Redis Key: %s",
__FUNCTION__, __LINE__, reply->element[i]->str);
@@ -445,12 +445,12 @@ void maat_clear_rule_cache(struct serial_rule *s_rule)
}
void maat_set_serial_rule(struct serial_rule *rule, enum maat_operation op,
long long rule_id, const char *table_name,
const char *rule_uuid_str, const char *table_name,
const char *line, long long timeout)
{
memset(rule, 0, sizeof(struct serial_rule));
rule->op = op;
rule->rule_id = rule_id;
strncpy(rule->rule_uuid_str, rule_uuid_str, sizeof(rule->rule_uuid_str));
rule->timeout = timeout;
assert(strlen(table_name) < sizeof(rule->table_name));
strncpy(rule->table_name, table_name, sizeof(rule->table_name));
@@ -596,12 +596,12 @@ FULL_UPDATE:
continue;
}
ret = sscanf(sub_reply->element[i]->str, "%*[^:]:%[^,],%lld",
ret = sscanf(sub_reply->element[i]->str, "%*[^:]:%[^,],%s",
s_rule_array[full_idx].table_name,
&(s_rule_array[full_idx].rule_id));
s_rule_array[full_idx].rule_uuid_str);
s_rule_array[full_idx].op = MAAT_OP_ADD;
if (ret != 2 || s_rule_array[full_idx].rule_id < 0 ||
if (ret != 2 || s_rule_array[full_idx].rule_uuid_str[0] == '\0' ||
strlen(s_rule_array[full_idx].table_name) == 0) {
log_fatal(logger, MODULE_REDIS_MONITOR,
"[%s:%d] Invalid Redis Key Format: %s",
@@ -693,20 +693,20 @@ get_foreign_conts(redisContext *c, struct serial_rule *rule_list,
ret = maat_wrap_redis_get_reply(c, &reply);
if (ret == REDIS_ERR) {
log_fatal(logger, MODULE_REDIS_MONITOR,
"[%s:%d] Get %s,%lld foreign key %s content failed,"
"[%s:%d] Get %s,%s foreign key %s content failed,"
" redis server error", __FUNCTION__, __LINE__,
rule_list[track[i].rule_idx].table_name,
rule_list[track[i].rule_idx].rule_id,
rule_list[track[i].rule_idx].rule_uuid_str,
rule_list[track[i].rule_idx].f_keys[track[i].foreign_idx].key);
break;
}
if (reply->type != REDIS_REPLY_STRING) {
log_fatal(logger, MODULE_REDIS_MONITOR,
"[%s:%d] Get %s,%lld foreign key %s content failed",
"[%s:%d] Get %s,%s foreign key %s content failed",
__FUNCTION__, __LINE__,
rule_list[track[i].rule_idx].table_name,
rule_list[track[i].rule_idx].rule_id,
rule_list[track[i].rule_idx].rule_uuid_str,
rule_list[track[i].rule_idx].f_keys[track[i].foreign_idx].key);
continue;
} else {
@@ -906,29 +906,29 @@ exec_serial_rule(redisContext *c, const char *transaction_list,
for (i = 0; i < rule_num; i++) {
switch (s_rule[i].op) {
case MAAT_OP_ADD:
redisAppendCommand(c, "SET %s:%s,%lld %s",
redisAppendCommand(c, "SET %s:%s,%s %s",
mr_key_prefix[MAAT_OP_ADD],
s_rule[i].table_name,
s_rule[i].rule_id,
s_rule[i].rule_uuid_str,
s_rule[i].table_line);
expected_reply_add(expect_reply+*cnt, i+offset,
REDIS_REPLY_STATUS, 0);
(*cnt)++;
append_cmd_cnt++;
//Allowing add duplicated members for rule id recycling.
redisAppendCommand(c, "RPUSH %s ADD,%s,%lld",
redisAppendCommand(c, "RPUSH %s ADD,%s,%s",
transaction_list,
s_rule[i].table_name,
s_rule[i].rule_id);
s_rule[i].rule_uuid_str);
expected_reply_add(expect_reply+*cnt, -1, REDIS_REPLY_INTEGER, 0);
(*cnt)++;
append_cmd_cnt++;
if (s_rule[i].timeout > 0) {
redisAppendCommand(c, "ZADD %s %lld %s,%lld",
redisAppendCommand(c, "ZADD %s %lld %s,%s",
mr_expire_sset,
s_rule[i].timeout,
s_rule[i].table_name,
s_rule[i].rule_id);
s_rule[i].rule_uuid_str);
expected_reply_add(expect_reply+*cnt, i+offset,
REDIS_REPLY_INTEGER, 1);
expected_reply_add(expect_reply+*cnt, i+offset,
@@ -938,22 +938,22 @@ exec_serial_rule(redisContext *c, const char *transaction_list,
}
break;
case MAAT_OP_DEL:
redisAppendCommand(c, "RENAME %s:%s,%lld %s:%s,%lld",
redisAppendCommand(c, "RENAME %s:%s,%s %s:%s,%s",
mr_key_prefix[MAAT_OP_ADD],
s_rule[i].table_name,
s_rule[i].rule_id,
s_rule[i].rule_uuid_str,
mr_key_prefix[MAAT_OP_DEL],
s_rule[i].table_name,
s_rule[i].rule_id);
s_rule[i].rule_uuid_str);
expected_reply_add(expect_reply+*cnt, i+offset,
REDIS_REPLY_STATUS, 0);
(*cnt)++;
append_cmd_cnt++;
redisAppendCommand(c, "EXPIRE %s:%s,%lld %d",
redisAppendCommand(c, "EXPIRE %s:%s,%s %d",
mr_key_prefix[MAAT_OP_DEL],
s_rule[i].table_name,
s_rule[i].rule_id,
s_rule[i].rule_uuid_str,
MAAT_REDIS_SYNC_TIME);
expected_reply_add(expect_reply+*cnt, i+offset,
REDIS_REPLY_INTEGER, 1);
@@ -961,28 +961,28 @@ exec_serial_rule(redisContext *c, const char *transaction_list,
append_cmd_cnt++;
//NX: Don't update already existing elements. Always add new elements.
redisAppendCommand(c, "RPUSH %s DEL,%s,%lld",
redisAppendCommand(c, "RPUSH %s DEL,%s,%s",
transaction_list,
s_rule[i].table_name,
s_rule[i].rule_id);
s_rule[i].rule_uuid_str);
expected_reply_add(expect_reply+*cnt, -1, REDIS_REPLY_INTEGER, 0);
(*cnt)++;
append_cmd_cnt++;
// Try to remove from expiration sorted set, no matter wheather it exists or not.
redisAppendCommand(c, "ZREM %s %s,%lld",
redisAppendCommand(c, "ZREM %s %s,%s",
mr_expire_sset,
s_rule[i].table_name,
s_rule[i].rule_id);
s_rule[i].rule_uuid_str);
expected_reply_add(expect_reply+*cnt, -1, REDIS_REPLY_INTEGER, 0);
(*cnt)++;
append_cmd_cnt++;
// Try to remove from label sorted set, no matter wheather it exists or not.
redisAppendCommand(c, "ZREM %s %s,%lld",
redisAppendCommand(c, "ZREM %s %s,%s",
mr_label_sset,
s_rule[i].table_name,
s_rule[i].rule_id);
s_rule[i].rule_uuid_str);
expected_reply_add(expect_reply+*cnt, -1, REDIS_REPLY_INTEGER, 0);
(*cnt)++;
append_cmd_cnt++;
@@ -1085,11 +1085,11 @@ int maat_cmd_write_rule(redisContext *c, struct serial_rule *s_rule,
rule_seq = expected_reply[i].s_rule_seq;
log_fatal(logger, MODULE_REDIS_MONITOR,
"[%s:%d] %s %s %lld failed, rule id maybe conflict"
"[%s:%d] %s %s %s failed, rule id maybe conflict"
" or not exist", __FUNCTION__, __LINE__,
mr_op_str[s_rule[rule_seq].op],
s_rule[rule_seq].table_name,
s_rule[rule_seq].rule_id);
s_rule[rule_seq].rule_uuid_str);
success_cnt--;
last_failed = rule_seq;
}
@@ -1214,8 +1214,8 @@ check_maat_expiration(redisContext *c, struct log_handle *logger)
for (size_t i = 0; i < s_rule_num; i++) {
s_rule[i].op = MAAT_OP_DEL;
ret = sscanf(data_reply->element[i]->str, "%[^,],%lld",
s_rule[i].table_name, &(s_rule[i].rule_id));
ret = sscanf(data_reply->element[i]->str, "%[^,],%s",
s_rule[i].table_name, s_rule[i].rule_uuid_str);
assert(ret == 2);
}
freeReplyObject(data_reply);

61
src/maat_rule.c
View File

@@ -232,8 +232,18 @@ static struct maat_rule *maat_rule_new(struct rule_runtime *rule_rt, struct rule
struct maat_rule *rule = ALLOC(struct maat_rule, 1);
struct log_handle *logger = rule_rt->logger;
cJSON *tmp_obj = NULL;
cJSON *conditions = NULL;
cJSON *table_json = cJSON_Parse(table_line);
int table_id = table_manager_get_table_id(schema->ref_tbl_mgr, table_name);
if (table_id < 0) {
log_fatal(logger, MODULE_RULE,
"[%s:%d] table: <%s> not found in table manager",
__FUNCTION__, __LINE__, table_name);
goto error;
}
rule->table_id = table_id;
rule->magic_num = MAAT_RULE_MAGIC;
uuid_copy(rule->rule_uuid, rule_uuid);
@@ -242,15 +252,15 @@ static struct maat_rule *maat_rule_new(struct rule_runtime *rule_rt, struct rule
rule->conditions[i].condition_id = 0;
}
tmp_obj = cJSON_GetObjectItem(table_json, "conditions");
if (tmp_obj == NULL || tmp_obj->type != cJSON_Array) {
conditions = cJSON_GetObjectItem(table_json, "conditions");
if (conditions == NULL || conditions->type != cJSON_Array) {
log_fatal(logger, MODULE_RULE,
"[%s:%d] table: <%s> has no conditions or not array format",
__FUNCTION__, __LINE__, table_name);
goto error;
}
rule->condition_num = cJSON_GetArraySize(tmp_obj);
rule->condition_num = cJSON_GetArraySize(conditions);
if (rule->condition_num > MAX_ITEMS_PER_BOOL_EXPR) {
log_fatal(logger, MODULE_RULE,
"[%s:%d] table: <%s> condition_num:%d exceed maximum:%d",
@@ -259,7 +269,7 @@ static struct maat_rule *maat_rule_new(struct rule_runtime *rule_rt, struct rule
}
for (int i = 0; i < rule->condition_num; i++) {
cJSON *condition_obj = cJSON_GetArrayItem(tmp_obj, i);
cJSON *condition_obj = cJSON_GetArrayItem(conditions, i);
struct rule_condition *condition = rule->conditions + i;
tmp_obj = cJSON_GetObjectItem(condition_obj, "attribute_name");
@@ -283,16 +293,9 @@ static struct maat_rule *maat_rule_new(struct rule_runtime *rule_rt, struct rule
tmp_obj = cJSON_GetObjectItem(condition_obj, "negate_option");
if (tmp_obj) {
if (tmp_obj->type != cJSON_String) {
log_fatal(logger, MODULE_RULE,
"[%s:%d] table: <%s> has no negate_option or not string format",
__FUNCTION__, __LINE__, table_name);
goto error;
}
if (strncmp(tmp_obj->valuestring, "true", 4) == 0) {
if (tmp_obj->type == cJSON_True) {
condition->negate_option = CONDITION_NEGATE_OPTION_SET;
} else if (strncmp(tmp_obj->valuestring, "false", 5) == 0) {
} else if (tmp_obj->type == cJSON_False) {
condition->negate_option = CONDITION_NEGATE_OPTION_UNSET;
} else {
log_fatal(logger, MODULE_RULE,
@@ -398,8 +401,12 @@ rule_item_new(const char *table_line, struct rule_schema *schema,
rule_item->table_line = ALLOC(char, rule_item->table_line_len + 1);
memcpy(rule_item->table_line, table_line, rule_item->table_line_len);
cJSON_Delete(table_json);
return rule_item;
error:
if (table_json) {
cJSON_Delete(table_json);
}
FREE(rule_item);
return NULL;
}
@@ -1369,11 +1376,11 @@ rule_compile_state_cache_hit_not_objects(struct rule_compile_state *rule_compile
}
int rule_compile_state_get_rule_table_id(struct rule_compile_state *rule_compile_state,
uuid_t rule_id)
uuid_t *rule_id)
{
struct rule2table_id *tmp = NULL;
tmp = utarray_find(rule_compile_state->hit_rule_table_ids, &rule_id,
tmp = utarray_find(rule_compile_state->hit_rule_table_ids, rule_id,
compare_rule_uuid);
if (NULL == tmp) {
return -1;
@@ -1385,7 +1392,7 @@ int rule_compile_state_get_rule_table_id(struct rule_compile_state *rule_compile
static int
rule_runtime_add_rule(struct rule_runtime *rule_rt,
struct rule_schema *schema,
uuid_t rule_uuid, const char *table_name,
uuid_t *rule_uuid, const char *table_name,
const char *line, struct log_handle *logger)
{
struct maat_rule *rule = NULL;
@@ -1406,20 +1413,20 @@ rule_runtime_add_rule(struct rule_runtime *rule_rt,
int updating_flag = rcu_hash_is_updating(rule_rt->cfg_hash);
if (1 == updating_flag) {
rule = rcu_updating_hash_find(rule_rt->cfg_hash, (char *)&rule_uuid,
rule = rcu_updating_hash_find(rule_rt->cfg_hash, (char *)rule_uuid,
sizeof(uuid_t));
} else {
rule = rcu_hash_find(rule_rt->cfg_hash, (char *)&rule_uuid, sizeof(uuid_t));
rule = rcu_hash_find(rule_rt->cfg_hash, (char *)rule_uuid, sizeof(uuid_t));
}
if (rule != NULL) {
char rule_uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(rule_uuid, rule_uuid_str);
uuid_unparse(*rule_uuid, rule_uuid_str);
log_fatal(logger, MODULE_RULE,
"[%s:%d]rule_id:%s already existed in rule table, drop line:%s",
__FUNCTION__, __LINE__, rule_uuid_str, line);
}
rule = maat_rule_new(rule_rt, schema, table_name, rule_uuid, line, rule_item);
rule = maat_rule_new(rule_rt, schema, table_name, *rule_uuid, line, rule_item);
if (NULL == rule) {
log_fatal(logger, MODULE_RULE,
"[%s:%d]maat_rule_new failed, drop line:%s",
@@ -1427,14 +1434,14 @@ rule_runtime_add_rule(struct rule_runtime *rule_rt,
return -1;
}
rcu_hash_add(rule_rt->cfg_hash, (char *)&rule_uuid, sizeof(uuid_t), rule);
rcu_hash_add(rule_rt->cfg_hash, (char *)rule_uuid, sizeof(uuid_t), rule);
return 0;
}
static void rule_runtime_del_rule(struct rule_runtime *rule_rt,
struct rule_schema *schema,
uuid_t rule_uuid,
uuid_t *rule_uuid,
struct log_handle *logger)
{
struct maat_rule *rule = NULL;
@@ -1442,11 +1449,11 @@ static void rule_runtime_del_rule(struct rule_runtime *rule_rt,
int updating_flag = rcu_hash_is_updating(rule_rt->cfg_hash);
if (1 == updating_flag) {
// find in updating hash
rule = rcu_updating_hash_find(rule_rt->cfg_hash, (char *)&rule_uuid,
rule = rcu_updating_hash_find(rule_rt->cfg_hash, (char *)rule_uuid,
sizeof(uuid_t));
} else {
// find in effective hash
rule = rcu_hash_find(rule_rt->cfg_hash, (char *)&rule_uuid, sizeof(uuid_t));
rule = rcu_hash_find(rule_rt->cfg_hash, (char *)rule_uuid, sizeof(uuid_t));
}
if (rule != NULL) {
@@ -1457,7 +1464,7 @@ static void rule_runtime_del_rule(struct rule_runtime *rule_rt,
}
}
rcu_hash_del(rule_rt->cfg_hash, (char *)&rule_uuid, sizeof(uuid_t));
rcu_hash_del(rule_rt->cfg_hash, (char *)rule_uuid, sizeof(uuid_t));
}
}
@@ -1495,10 +1502,10 @@ int rule_runtime_update(void *rule_runtime, void *rule_schema,
if (MAAT_OP_DEL == op) {
// delete
rule_runtime_del_rule(rule_rt, schema, rule_uuid, rule_rt->logger);
rule_runtime_del_rule(rule_rt, schema, &rule_uuid, rule_rt->logger);
} else {
// add
int ret = rule_runtime_add_rule(rule_rt, schema, rule_uuid,
int ret = rule_runtime_add_rule(rule_rt, schema, &rule_uuid,
table_name, line, rule_rt->logger);
if (ret < 0) {
rule_rt->update_err_cnt++;