int probe_main(probe_ctx *ctx, void *mutex)
{
SEXP_t *probe_in;
SEXP_t *path, *filename, *behaviors, *filepath, *hash_type;
char hash_type_str[128];
int err = 0;
OVAL_FTS *ofts;
OVAL_FTSENT *ofts_ent;
if (mutex == NULL) {
return (PROBE_EINIT);
}
_A(mutex == &__filehash58_probe_mutex);
probe_in = probe_ctx_getobject(ctx);
path = probe_obj_getent (probe_in, "path", 1);
filename = probe_obj_getent (probe_in, "filename", 1);
behaviors = probe_obj_getent (probe_in, "behaviors", 1);
filepath = probe_obj_getent (probe_in, "filepath", 1);
hash_type = probe_obj_getent (probe_in, "hash_type", 1);
/* we want hash_type and either path+filename or filepath */
if ( ! hash_type ||
((path == NULL || filename == NULL) && filepath==NULL )
) {
err = PROBE_ENOENT;
goto cleanup;
}
PROBE_ENT_STRVAL(hash_type, hash_type_str, sizeof hash_type_str, err = PROBE_ENOVAL;, err = PROBE_ENOVAL;);
int probe_main (probe_ctx *ctx, void *arg)
{
SEXP_t *object;
struct runlevel_req request_st;
struct runlevel_rep *reply_st = NULL;
object = probe_ctx_getobject(ctx);
request_st.service_name_ent = probe_obj_getent(object, "service_name", 1);
if (request_st.service_name_ent == NULL) {
dI("%s: element not found", "service_name");
return PROBE_ENOELM;
}
request_st.runlevel_ent = probe_obj_getent(object, "runlevel", 1);
if (request_st.runlevel_ent == NULL) {
SEXP_free(request_st.service_name_ent);
dI("%s: element not found", "runlevel");
return PROBE_ENOELM;
}
if (get_runlevel(&request_st, &reply_st) == -1) {
SEXP_t *msg;
msg = probe_msg_creat(OVAL_MESSAGE_LEVEL_ERROR, "get_runlevel failed.");
probe_cobj_add_msg(probe_ctx_getresult(ctx), msg);
SEXP_free(msg);
probe_cobj_set_flag(probe_ctx_getresult(ctx), SYSCHAR_FLAG_ERROR);
} else {
struct runlevel_rep *next_rep;
SEXP_t *item;
while (reply_st != NULL) {
dI("get_runlevel: [0]=\"%s\", [1]=\"%s\", [2]=\"%d\", [3]=\"%d\"",
reply_st->service_name, reply_st->runlevel, reply_st->start, reply_st->kill);
item = probe_item_create(OVAL_UNIX_RUNLEVEL, NULL,
"service_name", OVAL_DATATYPE_STRING, reply_st->service_name,
"runlevel", OVAL_DATATYPE_STRING, reply_st->runlevel,
"start", OVAL_DATATYPE_BOOLEAN, reply_st->start,
"kill", OVAL_DATATYPE_BOOLEAN, reply_st->kill,
NULL);
probe_item_collect(ctx, item);
next_rep = reply_st->next;
oscap_free(reply_st->service_name);
oscap_free(reply_st->runlevel);
oscap_free(reply_st);
reply_st = next_rep;
}
}
SEXP_free(request_st.runlevel_ent);
SEXP_free(request_st.service_name_ent);
return 0;
}
int probe_main(probe_ctx *ctx, void *arg)
{
SEXP_t *command_line_ent, *pid_ent;
command_line_ent = probe_obj_getent(probe_ctx_getobject(ctx), "command_line", 1);
pid_ent = probe_obj_getent(probe_ctx_getobject(ctx), "pid", 1);
if (command_line_ent == NULL && pid_ent == NULL) {
return PROBE_ENOVAL;
}
if (read_process(command_line_ent, pid_ent, ctx)) {
SEXP_free(command_line_ent);
SEXP_free(pid_ent);
return PROBE_EACCESS;
}
SEXP_free(command_line_ent);
SEXP_free(pid_ent);
return 0;
}
int probe_main (probe_ctx *ctx, void *arg)
{
SEXP_t *probe_in, *name_ent, *file_ent, *bh_ent;
char file[PATH_MAX];
size_t file_len = sizeof file;
char name[64];
size_t name_len = sizeof name;
oval_operation_t name_op, file_op;
uint64_t collect_flags = 0;
unsigned int i;
// If probe_init() failed it's because there was no rpm config files
if (arg == NULL) {
probe_cobj_set_flag(probe_ctx_getresult(ctx), SYSCHAR_FLAG_NOT_APPLICABLE);
return 0;
}
/*
* Get refs to object entities
*/
probe_in = probe_ctx_getobject(ctx);
name_ent = probe_obj_getent(probe_in, "name", 1);
file_ent = probe_obj_getent(probe_in, "filepath", 1);
if (name_ent == NULL || file_ent == NULL) {
dE("Missing \"name\" (%p) or \"filepath\" (%p) entity", name_ent, file_ent);
SEXP_free(name_ent);
SEXP_free(file_ent);
return (PROBE_ENOENT);
}
/*
* Extract the requested operation for each entity
*/
name_op = probe_ent_getoperation(name_ent, OVAL_OPERATION_EQUALS);
file_op = probe_ent_getoperation(file_ent, OVAL_OPERATION_EQUALS);
if (name_op == OVAL_OPERATION_UNKNOWN ||
file_op == OVAL_OPERATION_UNKNOWN)
{
SEXP_free(name_ent);
SEXP_free(file_ent);
return (PROBE_EINVAL);
}
/*
* Extract entity values
*/
PROBE_ENT_STRVAL(name_ent, name, name_len, /* void */, strcpy(name, ""););
int probe_main(probe_ctx *ctx, void *arg)
{
SEXP_t *probe_in, *name;
int err;
probe_in = probe_ctx_getobject(ctx);
name = probe_obj_getent(probe_in, "name", 1);
if (name == NULL) {
return PROBE_ENOVAL;
}
err = get_selinuxboolean(name, ctx);
SEXP_free(name);
return err;
}
int probe_main(probe_ctx *ctx, void *probe_arg)
{
SEXP_t *unit_entity, *probe_in, *property_entity;
oval_version_t oval_version;
probe_in = probe_ctx_getobject(ctx);
oval_version = probe_obj_get_schema_version(probe_in);
if (oval_version_cmp(oval_version, OVAL_VERSION(5.11)) < 0) {
// OVAL 5.10 and less
return PROBE_EOPNOTSUPP;
}
unit_entity = probe_obj_getent(probe_in, "unit", 1);
property_entity = probe_obj_getent(probe_in, "property", 1);
DBusError dbus_error;
DBusConnection *dbus_conn;
dbus_error_init(&dbus_error);
dbus_conn = connect_dbus();
if (dbus_conn == NULL) {
dbus_error_free(&dbus_error);
SEXP_free(property_entity);
SEXP_free(unit_entity);
return PROBE_ESYSTEM;
}
struct unit_callback_vars vars;
vars.dbus_conn = dbus_conn;
vars.ctx = ctx;
vars.unit_entity = unit_entity;
vars.property_entity = property_entity;
get_all_systemd_units(dbus_conn, unit_callback, &vars);
SEXP_free(unit_entity);
SEXP_free(property_entity);
dbus_error_free(&dbus_error);
disconnect_dbus(dbus_conn);
return 0;
}
int probe_main(probe_ctx *ctx, void *arg)
{
SEXP_t *ent;
ent = probe_obj_getent(probe_ctx_getobject(ctx), "command", 1);
if (ent == NULL) {
return PROBE_ENOVAL;
}
if (read_process(ent, ctx)) {
SEXP_free(ent);
return PROBE_EACCESS;
}
SEXP_free(ent);
return 0;
}
int probe_main(probe_ctx *ctx, void *arg)
{
SEXP_t *probe_in, *name_ent, *pid_ent;
int pid, err;
probe_in = probe_ctx_getobject(ctx);
name_ent = probe_obj_getent(probe_in, "name", 1);
if (name_ent == NULL) {
return PROBE_ENOENT;
}
pid_ent = probe_obj_getent(probe_in, "pid", 1);
if (pid_ent == NULL) {
SEXP_free(name_ent);
return PROBE_ENOENT;
}
PROBE_ENT_I32VAL(pid_ent, pid, pid = -1;, pid = 0;);
int probe_main(probe_ctx *ctx, void *arg)
{
SEXP_t *obj, *ent;
obj = probe_ctx_getobject(ctx);
over = probe_obj_get_schema_version(obj);
ent = probe_obj_getent(obj, "command", 1);
if (ent == NULL) {
return PROBE_ENOVAL;
}
if (read_process(ent, ctx)) {
SEXP_free(ent);
return PROBE_EACCESS;
}
SEXP_free(ent);
return 0;
}
int accesstoken_probe_main(probe_ctx *ctx, void *arg)
{
SEXP_t *probe_in = probe_ctx_getobject(ctx);
SEXP_t *behaviors_ent = probe_obj_getent(probe_in, "behaviors", 1);
SEXP_t *security_principle_ent = probe_obj_getent(probe_in, "security_principle", 1);
SEXP_t *security_principle_val = probe_ent_getval(security_principle_ent);
bool include_group = accesstoken_behaviors_get_include_group(behaviors_ent);
bool resolve_group = accesstoken_behaviors_get_resolve_group(behaviors_ent);
oval_operation_t operation = probe_ent_getoperation(security_principle_ent, OVAL_OPERATION_EQUALS);
if (operation == OVAL_OPERATION_EQUALS) {
char *security_principle_str = SEXP_string_cstr(security_principle_val);
WCHAR *security_principle_wstr = oscap_windows_str_to_wstr(security_principle_str);
collect_access_rights(ctx, security_principle_wstr, include_group, resolve_group);
free(security_principle_str);
free(security_principle_wstr);
} else {
struct oscap_list *trustees_list = oscap_list_new();
get_all_trustee_names(trustees_list);
struct oscap_iterator *it = oscap_iterator_new(trustees_list);
while (oscap_iterator_has_more(it)) {
WCHAR *trustee_wstr = oscap_iterator_next(it);
char *trustee_str = oscap_windows_wstr_to_str(trustee_wstr);
SEXP_t *tmp = SEXP_string_new(trustee_str, strlen(trustee_str));
if (probe_entobj_cmp(security_principle_ent, tmp) == OVAL_RESULT_TRUE) {
collect_access_rights(ctx, trustee_wstr, include_group, resolve_group);
}
free(trustee_str);
SEXP_free(tmp);
}
oscap_iterator_free(it);
oscap_list_free(trustees_list, free);
}
SEXP_free(behaviors_ent);
SEXP_free(security_principle_ent);
SEXP_free(security_principle_val);
return 0;
}
int probe_main(probe_ctx *ctx, void *arg)
{
SEXP_t *object;
int err;
llist ll;
oval_schema_version_t over;
object = probe_ctx_getobject(ctx);
over = probe_obj_get_platform_schema_version(object);
interface_name_ent = probe_obj_getent(object, "interface_name", 1);
if (interface_name_ent == NULL) {
err = PROBE_ENOVAL;
goto cleanup;
}
// Now start collecting the info
list_create(&ll);
if (collect_process_info(&ll) || perm_warn) {
SEXP_t *msg;
msg = probe_msg_creat(OVAL_MESSAGE_LEVEL_ERROR, "Permission error.");
probe_cobj_add_msg(probe_ctx_getresult(ctx), msg);
SEXP_free(msg);
probe_cobj_set_flag(probe_ctx_getresult(ctx), SYSCHAR_FLAG_ERROR);
err = 0;
goto cleanup;
}
read_packet(&ll, ctx, over);
list_clear(&ll);
err = 0;
cleanup:
SEXP_vfree(interface_name_ent, NULL);
return err;
}
int probe_main(probe_ctx *ctx, void *arg)
{
SEXP_t *ent, *obj;
oval_schema_version_t over;
obj = probe_ctx_getobject(ctx);
if (obj == NULL)
return PROBE_ENOOBJ;
over = probe_obj_get_platform_schema_version(obj);
ent = probe_obj_getent(obj, "username", 1);
if (ent == NULL) {
return PROBE_ENOVAL;
}
// Now we check the file...
read_password(ent, ctx, over);
SEXP_free(ent);
return 0;
}
int probe_main (probe_ctx *ctx, void *mutex)
{
SEXP_t *path, *filename, *behaviors, *filepath, *probe_in;
OVAL_FTS *ofts;
OVAL_FTSENT *ofts_ent;
oval_schema_version_t over;
if (mutex == NULL) {
return (PROBE_EINIT);
}
_A(mutex == &__filehash_probe_mutex);
probe_in = probe_ctx_getobject(ctx);
path = probe_obj_getent (probe_in, "path", 1);
filename = probe_obj_getent (probe_in, "filename", 1);
behaviors = probe_obj_getent (probe_in, "behaviors", 1);
filepath = probe_obj_getent (probe_in, "filepath", 1);
over = probe_obj_get_platform_schema_version(probe_in);
/* we want either path+filename or filepath */
if ( (path == NULL || filename == NULL) && filepath==NULL ) {
SEXP_free (behaviors);
SEXP_free (path);
SEXP_free (filename);
SEXP_free (filepath);
return (PROBE_ENOELM);
}
probe_filebehaviors_canonicalize(&behaviors);
switch (pthread_mutex_lock (&__filehash_probe_mutex)) {
case 0:
break;
default:
dI("Can't lock mutex(%p): %u, %s.", &__filehash_probe_mutex, errno, strerror (errno));
SEXP_free (behaviors);
SEXP_free (path);
SEXP_free (filename);
SEXP_free (filepath);
return (PROBE_EFATAL);
}
if ((ofts = oval_fts_open(path, filename, filepath, behaviors)) != NULL) {
while ((ofts_ent = oval_fts_read(ofts)) != NULL) {
filehash_cb(ofts_ent->path, ofts_ent->file, ctx, over);
oval_ftsent_free(ofts_ent);
}
oval_fts_close(ofts);
}
SEXP_free (behaviors);
SEXP_free (path);
SEXP_free (filename);
SEXP_free (filepath);
switch (pthread_mutex_unlock (&__filehash_probe_mutex)) {
case 0:
break;
default:
dI("Can't unlock mutex(%p): %u, %s.", &__filehash_probe_mutex, errno, strerror (errno));
return (PROBE_EFATAL);
}
return 0;
}
int probe_main(probe_ctx *ctx, void *arg)
{
SEXP_t *object;
int err;
llist ll;
object = probe_ctx_getobject(ctx);
req.protocol_ent = probe_obj_getent(object, "protocol", 1);
if (req.protocol_ent == NULL) {
err = PROBE_ENOVAL;
goto cleanup;
}
req.local_address_ent = probe_obj_getent(object, "local_address", 1);
if (req.local_address_ent == NULL) {
err = PROBE_ENOVAL;
goto cleanup;
}
req.local_port_ent = probe_obj_getent(object, "local_port", 1);
if (req.local_port_ent == NULL) {
err = PROBE_ENOVAL;
goto cleanup;
}
// Now start collecting the info
list_create(&ll);
if (collect_process_info(&ll)) {
SEXP_t *msg;
msg = probe_msg_creat(OVAL_MESSAGE_LEVEL_ERROR, "Permission error.");
probe_cobj_add_msg(probe_ctx_getresult(ctx), msg);
SEXP_free(msg);
probe_cobj_set_flag(probe_ctx_getresult(ctx), SYSCHAR_FLAG_ERROR);
err = 0;
goto cleanup;
}
// Now we check the tcp socket list...
read_tcp("/proc/net/tcp", "tcp", &ll, ctx);
read_tcp("/proc/net/tcp6", "tcp", &ll, ctx);
// Next udp sockets...
read_udp("/proc/net/udp", "udp", &ll, ctx);
read_udp("/proc/net/udp6", "udp", &ll, ctx);
// Next, raw sockets...not exactly part of standard yet. They
// can be used to send datagrams, so we will pretend they are udp
read_raw("/proc/net/raw", "udp", &ll, ctx);
read_raw("/proc/net/raw6", "udp", &ll, ctx);
list_clear(&ll);
err = 0;
cleanup:
SEXP_vfree(req.protocol_ent, req.local_address_ent, req.local_port_ent, NULL);
return err;
}
static int read_process(SEXP_t *cmd_ent, SEXP_t *pid_ent, probe_ctx *ctx)
{
int err = 1, max_cap_id;
DIR *d;
struct dirent *ent;
oval_version_t oval_version;
d = opendir("/proc");
if (d == NULL)
return err;
// Get the time tick hertz
ticks = (unsigned long)sysconf(_SC_CLK_TCK);
get_boot_time();
oval_version = probe_obj_get_schema_version(probe_ctx_getobject(ctx));
if (oval_version_cmp(oval_version, OVAL_VERSION(5.11)) < 0) {
max_cap_id = OVAL_5_8_MAX_CAP_ID;
} else {
max_cap_id = OVAL_5_11_MAX_CAP_ID;
}
struct oscap_buffer *cmdline_buffer = oscap_buffer_new();
char cmd_buffer[1 + 15 + 11 + 1]; // Format:" [ cmd:15 ] <defunc>"
cmd_buffer[0] = '[';
// Scan the directories
while (( ent = readdir(d) )) {
int fd, len;
char buf[256];
char *tmp, state, tty_dev[128];
int pid, ppid, pgrp, session, tty_nr, tpgid;
unsigned flags, sched_policy;
unsigned long minflt, cminflt, majflt, cmajflt, uutime, ustime;
long cutime, cstime, priority, cnice, nthreads, itrealvalue;
unsigned long long start;
SEXP_t *cmd_sexp = NULL, *pid_sexp = NULL;
// Skip non-process58 dir entries
if(*ent->d_name<'0' || *ent->d_name>'9')
continue;
errno = 0;
pid = strtol(ent->d_name, NULL, 10);
if (errno || pid == 2) // skip err & kthreads
continue;
// Parse up the stat file for the proc
snprintf(buf, 32, "/proc/%d/stat", pid);
fd = open(buf, O_RDONLY, 0);
if (fd < 0)
continue;
len = read(fd, buf, sizeof buf - 1);
close(fd);
if (len < 40)
continue;
buf[len] = 0;
tmp = strrchr(buf, ')');
if (tmp)
*tmp = 0;
else
continue;
memset(cmd_buffer + 1, 0, sizeof(cmd_buffer)-1); // clear cmd after starting '['
sscanf(buf, "%d (%15c", &ppid, cmd_buffer + 1);
sscanf(tmp+2, "%c %d %d %d %d %d "
"%u %lu %lu %lu %lu "
"%lu %lu %lu %ld %ld "
"%ld %ld %ld %llu",
&state, &ppid, &pgrp, &session, &tty_nr, &tpgid,
&flags, &minflt, &cminflt, &majflt, &cmajflt,
&uutime, &ustime, &cutime, &cstime, &priority,
&cnice, &nthreads, &itrealvalue, &start
);
// Skip kthreads
if (ppid == 2)
continue;
const char* cmd;
if (state == 'Z') { // zombie
cmd = make_defunc_str(cmd_buffer);
} else {
snprintf(buf, 32, "/proc/%d/cmdline", pid);
if (get_process_cmdline(buf, cmdline_buffer)) {
cmd = oscap_buffer_get_raw(cmdline_buffer); // use full cmdline
} else {
cmd = cmd_buffer + 1;
}
}
err = 0; // If we get this far, no permission problems
dI("Have command: %s\n", cmd);
cmd_sexp = SEXP_string_newf("%s", cmd);
pid_sexp = SEXP_number_newu_32(pid);
if ((cmd_sexp == NULL || probe_entobj_cmp(cmd_ent, cmd_sexp) == OVAL_RESULT_TRUE) &&
(pid_sexp == NULL || probe_entobj_cmp(pid_ent, pid_sexp) == OVAL_RESULT_TRUE)
) {
struct result_info r;
unsigned long t = uutime/ticks + ustime/ticks;
char tbuf[32], sbuf[32], *selinux_domain_label, **posix_capabilities;
int tday,tyear;
time_t s_time;
struct tm *proc, *now;
const char *fmt;
// Now get scheduler policy
sched_policy = sched_getscheduler(pid);
switch (sched_policy) {
case SCHED_OTHER:
r.scheduling_class = "TS";
break;
case SCHED_BATCH:
r.scheduling_class = "B";
break;
#ifdef SCHED_IDLE
case SCHED_IDLE:
r.scheduling_class = "#5";
break;
#endif
case SCHED_FIFO:
r.scheduling_class = "FF";
break;
case SCHED_RR:
r.scheduling_class = "RR";
break;
default:
r.scheduling_class = "?";
break;
}
// Calculate the start time
s_time = time(NULL);
now = localtime(&s_time);
tyear = now->tm_year;
tday = now->tm_yday;
s_time = boot + (start / ticks);
proc = localtime(&s_time);
// Select format based on how long we've been running
//
// FROM THE SPEC:
// "This is the time of day the process started formatted in HH:MM:SS if
// the same day the process started or formatted as MMM_DD (Ex.: Feb_5)
// if process started the previous day or further in the past."
//
if (tday != proc->tm_yday || tyear != proc->tm_year)
fmt = "%b_%d";
else
fmt = "%H:%M:%S";
strftime(sbuf, sizeof(sbuf), fmt, proc);
r.command_line = cmd;
r.exec_time = convert_time(t, tbuf, sizeof(tbuf));
r.pid = pid;
r.ppid = ppid;
r.priority = priority;
r.start_time = sbuf;
dev_to_tty(tty_dev, sizeof(tty_dev), (dev_t) tty_nr, pid, ABBREV_DEV);
r.tty = tty_dev;
r.exec_shield = (get_exec_shield_status(pid) > 0);
selinux_domain_label = get_selinux_label(pid);
r.selinux_domain_label = selinux_domain_label;
posix_capabilities = get_posix_capability(pid, max_cap_id);
r.posix_capability = posix_capabilities;
r.session_id = session;
get_uids(pid, &r);
report_finding(&r, ctx);
if (selinux_domain_label != NULL)
free(selinux_domain_label);
if (posix_capabilities != NULL) {
char **posix_capabilities_p = posix_capabilities;
while (*posix_capabilities_p)
free(*posix_capabilities_p++);
free(posix_capabilities);
}
}
SEXP_free(cmd_sexp);
SEXP_free(pid_sexp);
}
closedir(d);
oscap_buffer_free(cmdline_buffer);
return err;
}
int textfilecontent_probe_main(probe_ctx *ctx, void *arg)
{
SEXP_t *path_ent, *filename_ent, *line_ent, *behaviors_ent, *filepath_ent, *probe_in;
char *pattern;
OVAL_FTS *ofts;
OVAL_FTSENT *ofts_ent;
(void)arg;
probe_in = probe_ctx_getobject(ctx);
oval_schema_version_t over = probe_obj_get_platform_schema_version(probe_in);
path_ent = probe_obj_getent(probe_in, "path", 1);
filename_ent = probe_obj_getent(probe_in, "filename", 1);
line_ent = probe_obj_getent(probe_in, "line", 1);
filepath_ent = probe_obj_getent(probe_in, "filepath", 1);
behaviors_ent = probe_obj_getent(probe_in, "behaviors", 1);
if ( ((path_ent == NULL || filename_ent == NULL) && filepath_ent==NULL) ||
line_ent==NULL ) {
SEXP_free (path_ent);
SEXP_free (filename_ent);
SEXP_free (line_ent);
SEXP_free (filepath_ent);
SEXP_free (behaviors_ent);
return PROBE_ENOELM;
}
/* get pattern from SEXP */
SEXP_t *ent_val;
ent_val = probe_ent_getval(line_ent);
pattern = SEXP_string_cstr(ent_val);
SEXP_free(line_ent);
SEXP_free(ent_val);
if (pattern == NULL) {
SEXP_free(path_ent);
SEXP_free(filename_ent);
SEXP_free(filepath_ent);
SEXP_free(behaviors_ent);
return -1;
}
/* behaviours are not important if filepath is used */
if(filepath_ent != NULL && behaviors_ent != NULL) {
SEXP_free (behaviors_ent);
behaviors_ent = NULL;
}
probe_filebehaviors_canonicalize(&behaviors_ent);
struct pfdata pfd;
pfd.pattern = pattern;
pfd.filename_ent = filename_ent;
pfd.ctx = ctx;
const char *prefix = getenv("OSCAP_PROBE_ROOT");
if ((ofts = oval_fts_open_prefixed(prefix, path_ent, filename_ent, filepath_ent, behaviors_ent, probe_ctx_getresult(ctx))) != NULL) {
while ((ofts_ent = oval_fts_read(ofts)) != NULL) {
if (ofts_ent->fts_info == FTS_F
|| ofts_ent->fts_info == FTS_SL) {
// todo: handle return code
process_file(prefix, ofts_ent->path, ofts_ent->file, &pfd, over);
}
oval_ftsent_free(ofts_ent);
}
oval_fts_close(ofts);
}
SEXP_free(path_ent);
SEXP_free(filename_ent);
SEXP_free(behaviors_ent);
SEXP_free(filepath_ent);
free(pattern);
return 0;
}
int partition_probe_main(probe_ctx *ctx, void *probe_arg)
{
int probe_ret = 0;
SEXP_t *mnt_entity, *mnt_opval, *mnt_entval, *probe_in;
char mnt_path[PATH_MAX];
oval_operation_t mnt_op;
FILE *mnt_fp;
oval_schema_version_t obj_over;
#if defined(PROC_CHECK) && defined(__linux__)
int mnt_fd;
struct statfs stfs;
mnt_fd = open(MTAB_PATH, O_RDONLY);
if (mnt_fd < 0)
return (PROBE_ESYSTEM);
if (fstatfs(mnt_fd, &stfs) != 0) {
close(mnt_fd);
return (PROBE_ESYSTEM);
}
if (stfs.f_type != PROC_SUPER_MAGIC) {
close(mnt_fd);
return (PROBE_EFATAL);
}
mnt_fp = fdopen(mnt_fd, "r");
if (mnt_fp == NULL) {
close(mnt_fd);
return (PROBE_ESYSTEM);
}
#else
mnt_fp = fopen(MTAB_PATH, "r");
if (mnt_fp == NULL)
return (PROBE_ESYSTEM);
#endif
probe_in = probe_ctx_getobject(ctx);
obj_over = probe_obj_get_platform_schema_version(probe_in);
mnt_entity = probe_obj_getent(probe_in, "mount_point", 1);
if (mnt_entity == NULL) {
fclose(mnt_fp);
return (PROBE_ENOENT);
}
mnt_opval = probe_ent_getattrval(mnt_entity, "operation");
if (mnt_opval != NULL) {
mnt_op = (oval_operation_t)SEXP_number_geti(mnt_opval);
SEXP_free(mnt_opval);
} else
mnt_op = OVAL_OPERATION_EQUALS;
mnt_entval = probe_ent_getval(mnt_entity);
if (!SEXP_stringp(mnt_entval)) {
SEXP_free(mnt_entval);
SEXP_free(mnt_entity);
fclose(mnt_fp);
return (PROBE_EINVAL);
}
SEXP_string_cstr_r(mnt_entval, mnt_path, sizeof mnt_path);
SEXP_free(mnt_entval);
SEXP_free(mnt_entity);
if (mnt_fp != NULL) {
char buffer[MTAB_LINE_MAX];
struct mntent mnt_ent, *mnt_entp;
pcre *re = NULL;
const char *estr = NULL;
int eoff = -1;
#if defined(HAVE_BLKID_GET_TAG_VALUE)
blkid_cache blkcache;
if (blkid_get_cache(&blkcache, NULL) != 0) {
endmntent(mnt_fp);
return (PROBE_EUNKNOWN);
}
#endif
if (mnt_op == OVAL_OPERATION_PATTERN_MATCH) {
re = pcre_compile(mnt_path, PCRE_UTF8, &estr, &eoff, NULL);
if (re == NULL) {
endmntent(mnt_fp);
return (PROBE_EINVAL);
}
}
while ((mnt_entp = getmntent_r(mnt_fp, &mnt_ent,
buffer, sizeof buffer)) != NULL)
{
if (strcmp(mnt_entp->mnt_type, "rootfs") == 0)
continue;
if (mnt_op == OVAL_OPERATION_EQUALS) {
if (strcmp(mnt_entp->mnt_dir, mnt_path) == 0) {
#if defined(HAVE_BLKID_GET_TAG_VALUE)
collect_item(ctx, obj_over, mnt_entp, blkcache);
#else
collect_item(ctx, obj_over, mnt_entp);
#endif
break;
}
} else if (mnt_op == OVAL_OPERATION_NOT_EQUAL) {
if (strcmp(mnt_entp->mnt_dir, mnt_path) != 0) {
if (
#if defined(HAVE_BLKID_GET_TAG_VALUE)
collect_item(ctx, obj_over, mnt_entp, blkcache)
#else
collect_item(ctx, obj_over, mnt_entp)
#endif
!= 0)
break;
}
} else if (mnt_op == OVAL_OPERATION_PATTERN_MATCH) {
int rc;
rc = pcre_exec(re, NULL, mnt_entp->mnt_dir,
strlen(mnt_entp->mnt_dir), 0, 0, NULL, 0);
if (rc == 0) {
if (
#if defined(HAVE_BLKID_GET_TAG_VALUE)
collect_item(ctx, obj_over, mnt_entp, blkcache)
#else
collect_item(ctx, obj_over, mnt_entp)
#endif
!= 0)
break;
}
/* XXX: check for pcre_exec error */
}
}
endmntent(mnt_fp);
if (mnt_op == OVAL_OPERATION_PATTERN_MATCH)
pcre_free(re);
}
return (probe_ret);
}
int probe_main(probe_ctx *ctx, void *arg)
{
SEXP_t *path_ent, *file_ent, *inst_ent, *bh_ent, *patt_ent, *filepath_ent, *probe_in;
SEXP_t *r0;
/* char *i_val, *m_val, *s_val; */
bool val;
struct pfdata pfd;
int ret = 0;
int errorffset = -1;
const char *error;
OVAL_FTS *ofts;
OVAL_FTSENT *ofts_ent;
char path_with_root[PATH_MAX + 1];
unsigned int root_len = 0;
(void)arg;
memset(&pfd, 0, sizeof(pfd));
probe_in = probe_ctx_getobject(ctx);
over = probe_obj_get_platform_schema_version(probe_in);
path_ent = probe_obj_getent(probe_in, "path", 1);
file_ent = probe_obj_getent(probe_in, "filename", 1);
inst_ent = probe_obj_getent(probe_in, "instance", 1);
patt_ent = probe_obj_getent(probe_in, "pattern", 1);
filepath_ent = probe_obj_getent(probe_in, "filepath", 1);
bh_ent = probe_obj_getent(probe_in, "behaviors", 1);
/* we want (path+filename or filepath) + instance + pattern*/
if ( ((path_ent == NULL || file_ent == NULL) && filepath_ent==NULL) ||
inst_ent==NULL ||
patt_ent==NULL) {
SEXP_free (patt_ent);
ret = PROBE_ENOELM;
goto cleanup;
}
/* get pattern from SEXP */
SEXP_t *ent_val;
ent_val = probe_ent_getval(patt_ent);
pfd.pattern = SEXP_string_cstr(ent_val);
assume_d(pfd.pattern != NULL, -1);
SEXP_free(patt_ent);
SEXP_free(ent_val);
/* wtf?
i_val = s_val = "0";
m_val = "1";
*/
/* reset filebehavior attributes if 'filepath' entity is used */
if (filepath_ent != NULL && bh_ent != NULL) {
SEXP_t *r1, *r2, *r3;
r1 = r2 = r3 = NULL;
if (probe_ent_attrexists(bh_ent, "ignore_case")) {
r1 = probe_ent_getattrval(bh_ent, "ignore_case");
}
if (probe_ent_attrexists(bh_ent, "multiline")) {
r2 = probe_ent_getattrval(bh_ent, "multiline");
}
if (probe_ent_attrexists(bh_ent, "singleline")) {
r3 = probe_ent_getattrval(bh_ent, "singleline");
}
r0 = SEXP_list_new(NULL);
SEXP_free(bh_ent);
bh_ent = probe_ent_creat1("behaviors", r0, NULL);
SEXP_free(r0);
if (r1) {
probe_ent_attr_add(bh_ent, "ignore_case", r1);
SEXP_free(r1);
}
if (r2) {
probe_ent_attr_add(bh_ent, "multiline", r2);
SEXP_free(r2);
}
if (r3) {
probe_ent_attr_add(bh_ent, "singleline", r3);
SEXP_free(r3);
}
}
probe_tfc54behaviors_canonicalize(&bh_ent);
pfd.instance_ent = inst_ent;
pfd.ctx = ctx;
pfd.re_opts = PCRE_UTF8;
r0 = probe_ent_getattrval(bh_ent, "ignore_case");
if (r0) {
val = SEXP_string_getb(r0);
SEXP_free(r0);
if (val)
pfd.re_opts |= PCRE_CASELESS;
}
r0 = probe_ent_getattrval(bh_ent, "multiline");
if (r0) {
val = SEXP_string_getb(r0);
SEXP_free(r0);
if (val)
pfd.re_opts |= PCRE_MULTILINE;
}
r0 = probe_ent_getattrval(bh_ent, "singleline");
if (r0) {
val = SEXP_string_getb(r0);
SEXP_free(r0);
if (val)
pfd.re_opts |= PCRE_DOTALL;
}
pfd.compiled_regex = pcre_compile(pfd.pattern, pfd.re_opts, &error,
&errorffset, NULL);
if (pfd.compiled_regex == NULL) {
SEXP_t *msg;
msg = probe_msg_creatf(OVAL_MESSAGE_LEVEL_ERROR, "pcre_compile() '%s' %s.", pfd.pattern, error);
probe_cobj_add_msg(probe_ctx_getresult(pfd.ctx), msg);
SEXP_free(msg);
probe_cobj_set_flag(probe_ctx_getresult(pfd.ctx), SYSCHAR_FLAG_ERROR);
goto cleanup;
}
path_with_root[PATH_MAX] = '\0';
if (OSCAP_GSYM(offline_mode) & PROBE_OFFLINE_OWN) {
strncpy(path_with_root, getenv("OSCAP_PROBE_ROOT"), PATH_MAX);
root_len = strlen(path_with_root);
if (path_with_root[root_len - 1] == FILE_SEPARATOR)
--root_len;
}
if ((ofts = oval_fts_open(path_ent, file_ent, filepath_ent, bh_ent, probe_ctx_getresult(ctx))) != NULL) {
while ((ofts_ent = oval_fts_read(ofts)) != NULL) {
if (ofts_ent->fts_info == FTS_F
|| ofts_ent->fts_info == FTS_SL) {
strncpy(path_with_root + root_len, ofts_ent->path, PATH_MAX - root_len);
// todo: handle return code
process_file(path_with_root, ofts_ent->file, &pfd);
}
oval_ftsent_free(ofts_ent);
}
oval_fts_close(ofts);
}
cleanup:
SEXP_free(file_ent);
SEXP_free(path_ent);
SEXP_free(inst_ent);
SEXP_free(bh_ent);
SEXP_free(filepath_ent);
if (pfd.pattern != NULL)
free(pfd.pattern);
if (pfd.compiled_regex != NULL)
pcre_free(pfd.compiled_regex);
return ret;
}
int probe_main (probe_ctx *ctx, void *mutex)
{
SEXP_t *path, *filename, *behaviors;
SEXP_t *filepath, *attribute_, *probe_in;
int err;
struct cbargs cbargs;
OVAL_FTS *ofts;
OVAL_FTSENT *ofts_ent;
if (mutex == NULL)
return PROBE_EINIT;
_A(mutex == &__file_probe_mutex);
probe_in = probe_ctx_getobject(ctx);
path = probe_obj_getent (probe_in, "path", 1);
filename = probe_obj_getent (probe_in, "filename", 1);
behaviors = probe_obj_getent (probe_in, "behaviors", 1);
filepath = probe_obj_getent (probe_in, "filepath", 1);
attribute_ = probe_obj_getent (probe_in, "attribute_name", 1);
/* we want either path+filename or filepath */
if (((path == NULL || filename == NULL) && filepath == NULL)
|| attribute_ == NULL)
{
SEXP_free (behaviors);
SEXP_free (path);
SEXP_free (filename);
SEXP_free (filepath);
SEXP_free (attribute_);
return PROBE_ENOELM;
}
probe_filebehaviors_canonicalize(&behaviors);
switch (pthread_mutex_lock (&__file_probe_mutex)) {
case 0:
break;
default:
dI("Can't lock mutex(%p): %u, %s.", &__file_probe_mutex, errno, strerror (errno));
SEXP_free(path);
SEXP_free(filename);
SEXP_free(filepath);
SEXP_free(behaviors);
SEXP_free(attribute_);
return PROBE_EFATAL;
}
cbargs.ctx = ctx;
cbargs.error = 0;
cbargs.attr_ent = attribute_;
if ((ofts = oval_fts_open(path, filename, filepath, behaviors)) != NULL) {
while ((ofts_ent = oval_fts_read(ofts)) != NULL) {
file_cb(ofts_ent->path, ofts_ent->file, &cbargs);
oval_ftsent_free(ofts_ent);
}
oval_fts_close(ofts);
}
err = 0;
SEXP_free(path);
SEXP_free(filename);
SEXP_free(filepath);
SEXP_free(behaviors);
SEXP_free(attribute_);
switch (pthread_mutex_unlock (&__file_probe_mutex)) {
case 0:
break;
default:
dI("Can't unlock mutex(%p): %u, %s.", &__file_probe_mutex, errno, strerror (errno));
return PROBE_EFATAL;
}
return err;
}
int probe_main(probe_ctx *ctx, void *mutex)
{
LDAP *ldp;
LDAPMessage *ldpres, *entry;
SEXP_t *se_ldap_behaviors = NULL, *se_relative_dn = NULL;
SEXP_t *se_suffix = NULL, *se_attribute = NULL;
SEXP_t *sa_scope, *sv_op;
SEXP_t *item;
SEXP_t *probe_in;
char *relative_dn = NULL;
char *suffix = NULL, *xattribute = NULL;
char *uri_list, *uri, *uri_save, *attr;
int scope;
char base[2048];
char *attrs[3];
bool a_pattern_match = false, rdn_pattern_match = false;
/* runtime */
#if defined(PROBE_LDAP_MUTEX)
assume_r(mutex != NULL, PROBE_EINIT);
#endif
probe_in = probe_ctx_getobject(ctx);
se_ldap_behaviors = probe_obj_getent(probe_in, "behaviors", 1);
if (se_ldap_behaviors != NULL) {
sa_scope = probe_ent_getattrval(se_ldap_behaviors, "scope");
SEXP_free(se_ldap_behaviors);
if (sa_scope == NULL) {
dE("Atrribute `scope' is missing!");
return (PROBE_ENOATTR);
}
if (!SEXP_stringp(sa_scope)) {
dE("Invalid value type of the `scope' attribute.");
SEXP_free(sa_scope);
return (PROBE_EINVAL);
}
if (SEXP_strcmp(sa_scope, "ONE") == 0)
scope = LDAP_SCOPE_ONELEVEL;
else if (SEXP_strcmp(sa_scope, "BASE") == 0)
scope = LDAP_SCOPE_BASE;
else if (SEXP_strcmp(sa_scope, "SUBTREE") == 0)
scope = LDAP_SCOPE_SUBTREE;
else {
dE("Invalid value of the `scope' attribute.");
SEXP_free(sa_scope);
return (PROBE_EINVAL);
}
SEXP_free(sa_scope);
} else
scope = LDAP_SCOPE_BASE;
#define get_string(dst, se_dst, obj, ent_name) \
do { \
SEXP_t *__sval; \
\
__sval = probe_obj_getentval (obj, ent_name, 1); \
\
if (__sval != NULL) { \
(dst) = SEXP_string_cstr (__sval); \
\
if ((dst) == NULL) { \
SEXP_free(__sval); \
return (PROBE_EINVAL); \
} \
\
(se_dst) = __sval; \
} else { \
return (PROBE_ENOATTR); \
} \
} while (0)
get_string(suffix, se_suffix, probe_in, "suffix");
get_string(relative_dn, se_relative_dn, probe_in, "relative_dn");
get_string(xattribute, se_attribute, probe_in, "attribute");
if ((sv_op = probe_ent_getattrval(se_relative_dn, "operation")) != NULL) {
if (SEXP_number_geti_32(sv_op) == OVAL_OPERATION_PATTERN_MATCH)
rdn_pattern_match = true;
SEXP_free(sv_op);
}
if ((sv_op = probe_ent_getattrval(se_attribute, "operation")) != NULL) {
if (SEXP_number_geti_32(sv_op) == OVAL_OPERATION_PATTERN_MATCH)
a_pattern_match = true;
SEXP_free(sv_op);
}
/*
* Construct the attribute array for ldap_search_*
*
* nil -> "1.1"
* .* -> "*"
* "foo" -> "foo"
*/
attrs[0] = "objectClass";
if (xattribute == NULL)
attrs[1] = strdup("1.1"); /* no attibutes */
else if (a_pattern_match)
attrs[1] = strdup("*"); /* collect all, we'll filter them afterwards */
else
attrs[1] = xattribute; /* no pattern match, use the string directly */
attrs[2] = NULL;
/*
* Construct `base'
*/
assume_r(((relative_dn ? strlen(relative_dn) : 0) +
( suffix ? strlen(suffix) : 0) + 2) < (sizeof base/sizeof(char)),
PROBE_ERANGE);
if (relative_dn != NULL) {
strcpy(base, relative_dn);
strcat(base, ",");
strcat(base, suffix);
} else
strcpy(base, suffix);
/*
* Get URIs
*/
if (ldap_get_option(NULL, LDAP_OPT_URI, &uri_list) != LDAP_OPT_SUCCESS) {
item = probe_item_creat("ldap57_item", NULL, NULL);
probe_item_setstatus(item, SYSCHAR_STATUS_ERROR);
probe_item_collect(ctx, item);
dE("ldap_get_option failed");
goto fail0;
}
/*
* Query each URI
*/
for (;;) {
char *entry_dn = NULL;
if ((uri = strtok_r(uri_list, " ,", &uri_save)) == NULL)
break;
ldp = NULL;
if (ldap_initialize(&ldp, uri) != LDAP_SUCCESS)
continue;
if (ldap_search_ext_s(ldp, base, scope, NULL, attrs, 0,
NULL /* serverctrls */,
NULL /* clientctrls */,
NULL /* timeout */,
0, &ldpres) != LDAP_SUCCESS)
{
item = probe_item_creat("ldap57_item", NULL, NULL);
probe_item_setstatus(item, SYSCHAR_STATUS_ERROR);
probe_item_collect(ctx, item);
dE("ldap_search_ext_s failed");
goto fail0;
}
entry = ldap_first_entry(ldp, ldpres);
entry_dn = ldap_get_dn(ldp, entry);
while (entry != NULL) {
BerElement *berelm = NULL;
attr = ldap_first_attribute(ldp, entry, &berelm);
/* XXX: pattern match filter */
while (attr != NULL) {
SEXP_t *se_value = NULL;
ber_tag_t bertag = LBER_DEFAULT;
ber_len_t berlen = 0;
Sockbuf *berbuf = NULL;
SEXP_t se_tmp_mem;
berbuf = ber_sockbuf_alloc();
/*
* Prepare the value (record) entity. Collect only
* primitive (i.e. simple) types.
*/
se_value = probe_ent_creat1("value", NULL, NULL);
probe_ent_setdatatype(se_value, OVAL_DATATYPE_RECORD);
/*
* XXX: does ber_get_next() return LBER_ERROR after the last value?
*/
while ((bertag = ber_get_next(berbuf, &berlen, berelm)) != LBER_ERROR) {
SEXP_t *field = NULL;
oval_datatype_t field_type = OVAL_DATATYPE_UNKNOWN;
switch(bertag & LBER_ENCODING_MASK) {
case LBER_PRIMITIVE:
dI("Found primitive value, bertag = %u", bertag);
break;
case LBER_CONSTRUCTED:
dW("Don't know how to handle LBER_CONSTRUCTED values");
/* FALLTHROUGH */
default:
dW("Skipping attribute value, bertag = %u", bertag);
continue;
}
assume_d(bertag & LBER_PRIMITIVE, NULL);
switch(bertag & LBER_BIG_TAG_MASK) {
case LBER_BOOLEAN:
{ /* LDAPTYPE_BOOLEAN */
ber_int_t val = -1;
if (ber_get_boolean(berelm, &val) == LBER_ERROR) {
dW("ber_get_boolean: LBER_ERROR");
/* XXX: set error status on field */
continue;
}
assume_d(val != -1, NULL);
field = probe_ent_creat1("field", NULL, SEXP_number_newb_r(&se_tmp_mem, (bool)val));
field_type = OVAL_DATATYPE_BOOLEAN;
SEXP_free_r(&se_tmp_mem);
} break;
case LBER_INTEGER:
{ /* LDAPTYPE_INTEGER */
ber_int_t val = -1;
if (ber_get_int(berelm, &val) == LBER_ERROR) {
dW("ber_get_int: LBER_ERROR");
/* XXX: set error status on field */
continue;
}
field = probe_ent_creat1("field", NULL, SEXP_number_newi_r(&se_tmp_mem, (int)val));
field_type = OVAL_DATATYPE_INTEGER;
SEXP_free_r(&se_tmp_mem);
} break;
case LBER_BITSTRING:
/* LDAPTYPE_BIT_STRING */
dW("LBER_BITSTRING: not implemented");
continue;
case LBER_OCTETSTRING:
{ /*
* LDAPTYPE_PRINTABLE_STRING
* LDAPTYPE_NUMERIC_STRING
* LDAPTYPE_DN_STRING
* LDAPTYPE_BINARY (?)
*/
char *val = NULL;
if (ber_get_stringa(berelm, &val) == LBER_ERROR) {
dW("ber_get_stringa: LBER_ERROR");
/* XXX: set error status on field */
continue;
}
assume_d(val != NULL, NULL);
field = probe_ent_creat1("field", NULL, SEXP_string_new_r(&se_tmp_mem, val, strlen(val)));
field_type = OVAL_DATATYPE_STRING;
SEXP_free_r(&se_tmp_mem);
ber_memfree(val);
} break;
case LBER_NULL:
/* XXX: no equivalent LDAPTYPE_? or empty */
dI("LBER_NULL: skipped");
continue;
case LBER_ENUMERATED:
/* XXX: no equivalent LDAPTYPE_? */
dW("Don't know how to handle LBER_ENUMERATED type");
continue;
default:
dW("Unknown attribute value type, bertag = %u", bertag);
continue;
}
if (field != NULL) {
assume_d(field_type != OVAL_DATATYPE_UNKNOWN, NULL);
probe_ent_setdatatype(field, field_type);
probe_ent_attr_add(field, "name", SEXP_string_new_r(&se_tmp_mem, attr, strlen(attr)));
SEXP_list_add(se_value, field);
SEXP_free_r(&se_tmp_mem);
SEXP_free(field);
}
}
ber_sockbuf_free(berbuf);
/*
* Create the item
*/
item = probe_item_create(OVAL_INDEPENDENT_LDAP57, NULL,
"suffix", OVAL_DATATYPE_STRING, suffix,
"relative_dn", OVAL_DATATYPE_STRING, relative_dn, /* XXX: pattern match */
"attribute", OVAL_DATATYPE_STRING, attr,
"object_class", OVAL_DATATYPE_STRING, "",
"ldaptype", OVAL_DATATYPE_STRING, "",
NULL);
SEXP_list_add(item, se_value);
SEXP_free(se_value);
probe_item_collect(ctx, item);
attr = ldap_next_attribute(ldp, entry, berelm);
}
ber_free(berelm, 0);
ldap_memfree(entry_dn);
entry = ldap_next_entry(ldp, entry);
entry_dn = ldap_get_dn(ldp, entry);
}
/*
* Close the LDAP connection and free resources
*/
ldap_unbind_ext_s(ldp, NULL, NULL);
}
ldap_memfree(uri_list);
fail0:
SEXP_free(se_suffix);
SEXP_free(se_relative_dn);
SEXP_free(se_attribute);
free(suffix);
free(relative_dn);
free(attrs[1]); /* attribute */
return (0);
}
int probe_main(probe_ctx *ctx, void *arg)
{
SEXP_t *path_ent, *file_ent, *inst_ent, *bh_ent, *patt_ent, *filepath_ent, *probe_in;
SEXP_t *r0;
/* char *i_val, *m_val, *s_val; */
bool val;
struct pfdata pfd;
int ret = 0;
#if defined USE_REGEX_PCRE
int errorffset = -1;
const char *error;
#elif defined USE_REGEX_POSIX
regex_t _re;
pfd.compiled_regex = &_re;
int err;
#endif
OVAL_FTS *ofts;
OVAL_FTSENT *ofts_ent;
(void)arg;
memset(&pfd, 0, sizeof(pfd));
probe_in = probe_ctx_getobject(ctx);
over = probe_obj_get_platform_schema_version(probe_in);
path_ent = probe_obj_getent(probe_in, "path", 1);
file_ent = probe_obj_getent(probe_in, "filename", 1);
inst_ent = probe_obj_getent(probe_in, "instance", 1);
patt_ent = probe_obj_getent(probe_in, "pattern", 1);
filepath_ent = probe_obj_getent(probe_in, "filepath", 1);
bh_ent = probe_obj_getent(probe_in, "behaviors", 1);
/* we want (path+filename or filepath) + instance + pattern*/
if ( ((path_ent == NULL || file_ent == NULL) && filepath_ent==NULL) ||
inst_ent==NULL ||
patt_ent==NULL) {
SEXP_free (patt_ent);
ret = PROBE_ENOELM;
goto cleanup;
}
/* get pattern from SEXP */
SEXP_t *ent_val;
ent_val = probe_ent_getval(patt_ent);
pfd.pattern = SEXP_string_cstr(ent_val);
assume_d(pfd.pattern != NULL, -1);
SEXP_free(patt_ent);
SEXP_free(ent_val);
/* wtf?
i_val = s_val = "0";
m_val = "1";
*/
/* reset filebehavior attributes if 'filepath' entity is used */
if (filepath_ent != NULL && bh_ent != NULL) {
SEXP_t *r1, *r2, *r3;
r1 = probe_ent_getattrval(bh_ent, "ignore_case");
r2 = probe_ent_getattrval(bh_ent, "multiline");
r3 = probe_ent_getattrval(bh_ent, "singleline");
r0 = probe_attr_creat("ignore_case", r1,
"multiline", r2,
"singleline", r3,
NULL);
SEXP_free(bh_ent);
bh_ent = probe_ent_creat1("behaviors", r0, NULL);
SEXP_vfree(r0, r1, r2, r3, NULL);
}
probe_tfc54behaviors_canonicalize(&bh_ent);
pfd.instance_ent = inst_ent;
pfd.ctx = ctx;
#if defined USE_REGEX_PCRE
pfd.re_opts = PCRE_UTF8;
r0 = probe_ent_getattrval(bh_ent, "ignore_case");
if (r0) {
val = SEXP_string_getb(r0);
SEXP_free(r0);
if (val)
pfd.re_opts |= PCRE_CASELESS;
}
r0 = probe_ent_getattrval(bh_ent, "multiline");
if (r0) {
val = SEXP_string_getb(r0);
SEXP_free(r0);
if (val)
pfd.re_opts |= PCRE_MULTILINE;
}
r0 = probe_ent_getattrval(bh_ent, "singleline");
if (r0) {
val = SEXP_string_getb(r0);
SEXP_free(r0);
if (val)
pfd.re_opts |= PCRE_DOTALL;
}
pfd.compiled_regex = pcre_compile(pfd.pattern, pfd.re_opts, &error,
&errorffset, NULL);
if (pfd.compiled_regex == NULL) {
SEXP_t *msg;
msg = probe_msg_creatf(OVAL_MESSAGE_LEVEL_ERROR, "pcre_compile() '%s' %s.", pfd.pattern, error);
probe_cobj_add_msg(probe_ctx_getresult(pfd.ctx), msg);
SEXP_free(msg);
probe_cobj_set_flag(probe_ctx_getresult(pfd.ctx), SYSCHAR_FLAG_ERROR);
goto cleanup;
}
#elif defined USE_REGEX_POSIX
pfd.re_opts = REG_EXTENDED | REG_NEWLINE;
r0 = probe_ent_getattrval(bh_ent, "ignore_case");
if (r0) {
val = SEXP_string_getb(r0);
SEXP_free(r0);
if (val)
pfd.re_opts |= REG_ICASE;
}
if ((err = regcomp(pfd.compiled_regex, pfd.pattern, pfd.re_opts)) != 0) {
SEXP_t *msg;
msg = probe_msg_creatf(OVAL_MESSAGE_LEVEL_ERROR, "regcomp() '%s' returned %d.", pfd.pattern, err);
probe_cobj_add_msg(probe_ctx_getresult(pfd.ctx), msg);
SEXP_free(msg);
probe_cobj_set_flag(probe_ctx_getresult(pfd.ctx), SYSCHAR_FLAG_ERROR);
goto cleanup;
}
#endif
if ((ofts = oval_fts_open(path_ent, file_ent, filepath_ent, bh_ent)) != NULL) {
while ((ofts_ent = oval_fts_read(ofts)) != NULL) {
if (ofts_ent->fts_info == FTS_F
|| ofts_ent->fts_info == FTS_SL) {
// todo: handle return code
process_file(ofts_ent->path, ofts_ent->file, &pfd);
}
oval_ftsent_free(ofts_ent);
}
oval_fts_close(ofts);
}
cleanup:
SEXP_free(file_ent);
SEXP_free(path_ent);
SEXP_free(inst_ent);
SEXP_free(bh_ent);
SEXP_free(filepath_ent);
if (pfd.pattern != NULL)
oscap_free(pfd.pattern);
#if defined USE_REGEX_PCRE
if (pfd.compiled_regex != NULL)
pcre_free(pfd.compiled_regex);
#elif defined USE_REGEX_POSIX
regfree(&_re);
#endif
return ret;
}
int routingtable_probe_main(probe_ctx *ctx, void *arg)
{
SEXP_t *probe_in, *dst_ent;
FILE *fp;
char *line_buf;
size_t line_len;
struct route_info rt;
int probe_ret = 0;
probe_in = probe_ctx_getobject(ctx);
dst_ent = probe_obj_getent(probe_in, "destination", 1);
if (dst_ent == NULL)
return (PROBE_ENOENT);
rt.ip_dst_ent = dst_ent;
line_len = 0;
line_buf = NULL;
fp = NULL;
switch(probe_ent_getdatatype(dst_ent)) {
case OVAL_DATATYPE_IPV4ADDR:
fp = fopen("/proc/net/route", "r");
/* Skip the header line */
if (getline(&line_buf, &line_len, fp) != -1) {
while(getline(&line_buf, &line_len, fp) != -1) {
if (process_line_ip4(line_buf, &rt) != 0)
break;
if (collect_item(&rt, ctx) != 0)
break;
}
}
if (!feof(fp)) {
/* error */
dE("An error ocured while reading /proc/net/route: %s", strerror(errno));
}
break;
case OVAL_DATATYPE_IPV6ADDR:
fp = fopen("/proc/net/ipv6_route", "r");
while(getline(&line_buf, &line_len, fp) != -1) {
if (process_line_ip6(line_buf, &rt) != 0)
break;
if (collect_item(&rt, ctx) != 0)
break;
}
if (!feof(fp)) {
/* error */
dE("An error ocured while reading /proc/net/ipv6_route: %s", strerror(errno));
}
break;
default:
probe_ret = EINVAL;
}
if (fp != NULL)
fclose(fp);
if (line_buf != NULL)
free(line_buf);
SEXP_free(dst_ent);
return (probe_ret);
}
