/** * Check file info from header against what's actually installed. * @param ts transaction set * @param h header to verify * @param omitMask bits to disable verify checks * @param ghosts should ghosts be verified? * @return 0 no problems, 1 problems found */ static int verifyHeader(rpmts ts, Header h, rpmVerifyAttrs omitMask, int ghosts) { rpmVerifyAttrs verifyResult = 0; int ec = 0; /* assume no problems */ rpmfi fi = rpmfiNew(ts, h, RPMTAG_BASENAMES, RPMFI_FLAGS_VERIFY); rpmfiInit(fi, 0); while (rpmfiNext(fi) >= 0) { rpmfileAttrs fileAttrs = rpmfiFFlags(fi); char *buf = NULL, *attrFormat; char ac; int rc; /* If not verifying %ghost, skip ghost files. */ if ((fileAttrs & RPMFILE_GHOST) && !ghosts) continue; rc = rpmVerifyFile(ts, fi, &verifyResult, omitMask); /* Filter out timestamp differences of shared files */ if (rc == 0 && (verifyResult & RPMVERIFY_MTIME)) { rpmdbMatchIterator mi; mi = rpmtsInitIterator(ts, RPMDBI_BASENAMES, rpmfiFN(fi), 0); if (rpmdbGetIteratorCount(mi) > 1) verifyResult &= ~RPMVERIFY_MTIME; rpmdbFreeIterator(mi); } attrFormat = rpmFFlagsString(fileAttrs, ""); ac = rstreq(attrFormat, "") ? ' ' : attrFormat[0]; if (rc) { if (!(fileAttrs & (RPMFILE_MISSINGOK|RPMFILE_GHOST)) || rpmIsVerbose()) { rasprintf(&buf, _("missing %c %s"), ac, rpmfiFN(fi)); if ((verifyResult & RPMVERIFY_LSTATFAIL) != 0 && errno != ENOENT) { char *app; rasprintf(&app, " (%s)", strerror(errno)); rstrcat(&buf, app); free(app); } ec = rc; } } else if (verifyResult || rpmIsVerbose()) { char *verifyFormat = rpmVerifyString(verifyResult, "."); rasprintf(&buf, "%s %c %s", verifyFormat, ac, rpmfiFN(fi)); free(verifyFormat); if (verifyResult) ec = 1; } free(attrFormat); if (buf) { rpmlog(RPMLOG_NOTICE, "%s\n", buf); buf = _free(buf); } } rpmfiFree(fi); return ec; }
static int rpmverify_collect(probe_ctx *ctx, const char *name, oval_operation_t name_op, const char *file, oval_operation_t file_op, SEXP_t *name_ent, SEXP_t *filepath_ent, uint64_t flags, void (*callback)(probe_ctx *, struct rpmverify_res *)) { rpmdbMatchIterator match; rpmVerifyAttrs omit = (rpmVerifyAttrs)(flags & RPMVERIFY_RPMATTRMASK); Header pkgh; pcre *re = NULL; int ret = -1; /* pre-compile regex if needed */ if (file_op == OVAL_OPERATION_PATTERN_MATCH) { const char *errmsg; int erroff; re = pcre_compile(file, PCRE_UTF8, &errmsg, &erroff, NULL); if (re == NULL) { /* TODO */ return (-1); } } RPMVERIFY_LOCK; switch (name_op) { case OVAL_OPERATION_EQUALS: match = rpmtsInitIterator (g_rpm.rpmts, RPMTAG_NAME, (const void *)name, 0); if (match == NULL) { ret = 0; goto ret; } ret = rpmdbGetIteratorCount (match); break; case OVAL_OPERATION_NOT_EQUAL: match = rpmtsInitIterator (g_rpm.rpmts, RPMDBI_PACKAGES, NULL, 0); if (match == NULL) { ret = 0; goto ret; } if (rpmdbSetIteratorRE (match, RPMTAG_NAME, RPMMIRE_GLOB, "*") != 0) { ret = -1; goto ret; } break; case OVAL_OPERATION_PATTERN_MATCH: match = rpmtsInitIterator (g_rpm.rpmts, RPMDBI_PACKAGES, NULL, 0); if (match == NULL) { ret = 0; goto ret; } if (rpmdbSetIteratorRE (match, RPMTAG_NAME, RPMMIRE_REGEX, (const char *)name) != 0) { ret = -1; goto ret; } break; default: /* not supported */ dE("package name: operation not supported"); ret = -1; goto ret; } assume_d(RPMTAG_BASENAMES != 0, -1); assume_d(RPMTAG_DIRNAMES != 0, -1); while ((pkgh = rpmdbNextIterator (match)) != NULL) { rpmfi fi; rpmTag tag[2] = { RPMTAG_BASENAMES, RPMTAG_DIRNAMES }; struct rpmverify_res res; errmsg_t rpmerr; int i; SEXP_t *name_sexp; res.name = headerFormat(pkgh, "%{NAME}", &rpmerr); name_sexp = SEXP_string_newf("%s", res.name); if (probe_entobj_cmp(name_ent, name_sexp) != OVAL_RESULT_TRUE) { SEXP_free(name_sexp); continue; } SEXP_free(name_sexp); /* * Inspect package files & directories */ for (i = 0; i < 2; ++i) { fi = rpmfiNew(g_rpm.rpmts, pkgh, tag[i], 1); while (rpmfiNext(fi) != -1) { SEXP_t *filepath_sexp; res.fflags = rpmfiFFlags(fi); res.oflags = omit; if (((res.fflags & RPMFILE_CONFIG) && (flags & RPMVERIFY_SKIP_CONFIG)) || ((res.fflags & RPMFILE_GHOST) && (flags & RPMVERIFY_SKIP_GHOST))) continue; res.file = strdup(rpmfiFN(fi)); filepath_sexp = SEXP_string_newf("%s", res.file); if (probe_entobj_cmp(filepath_ent, filepath_sexp) != OVAL_RESULT_TRUE) { SEXP_free(filepath_sexp); free(res.file); continue; } SEXP_free(filepath_sexp); if (rpmVerifyFile(g_rpm.rpmts, fi, &res.vflags, omit) != 0) res.vflags = RPMVERIFY_FAILURES; callback(ctx, &res); free(res.file); } rpmfiFree(fi); } } match = rpmdbFreeIterator (match); ret = 0; ret: if (re != NULL) pcre_free(re); RPMVERIFY_UNLOCK; return (ret); }
/** * Check file info from header against what's actually installed. * @param qva parsed query/verify options * @param ts transaction set * @param h header to verify * @return 0 no problems, 1 problems found */ static int verifyHeader(QVA_t qva, const rpmts ts, Header h) { rpmVerifyAttrs verifyResult = 0; /* FIX: union? */ rpmVerifyAttrs omitMask = ((qva->qva_flags & VERIFY_ATTRS) ^ VERIFY_ATTRS); int ec = 0; /* assume no problems */ char *buf = NULL; int i; rpmfi fi = rpmfiNew(ts, h, RPMTAG_BASENAMES, RPMFI_FLAGS_VERIFY); rpmfiInit(fi, 0); while ((i = rpmfiNext(fi)) >= 0) { rpmfileAttrs fileAttrs; int rc; fileAttrs = rpmfiFFlags(fi); /* If not verifying %ghost, skip ghost files. */ if (!(qva->qva_fflags & RPMFILE_GHOST) && (fileAttrs & RPMFILE_GHOST)) continue; rc = rpmVerifyFile(ts, fi, &verifyResult, omitMask); if (rc) { if (!(fileAttrs & (RPMFILE_MISSINGOK|RPMFILE_GHOST)) || rpmIsVerbose()) { rasprintf(&buf, _("missing %c %s"), ((fileAttrs & RPMFILE_CONFIG) ? 'c' : (fileAttrs & RPMFILE_DOC) ? 'd' : (fileAttrs & RPMFILE_GHOST) ? 'g' : (fileAttrs & RPMFILE_LICENSE) ? 'l' : (fileAttrs & RPMFILE_PUBKEY) ? 'P' : (fileAttrs & RPMFILE_README) ? 'r' : ' '), rpmfiFN(fi)); if ((verifyResult & RPMVERIFY_LSTATFAIL) != 0 && errno != ENOENT) { char *app; rasprintf(&app, " (%s)", strerror(errno)); rstrcat(&buf, app); free(app); } ec = rc; } } else if (verifyResult || rpmIsVerbose()) { const char * size, * MD5, * link, * mtime, * mode; const char * group, * user, * rdev, *caps; static const char *const aok = "."; static const char *const unknown = "?"; ec = 1; #define _verify(_RPMVERIFY_F, _C) \ ((verifyResult & _RPMVERIFY_F) ? _C : aok) #define _verifylink(_RPMVERIFY_F, _C) \ ((verifyResult & RPMVERIFY_READLINKFAIL) ? unknown : \ (verifyResult & _RPMVERIFY_F) ? _C : aok) #define _verifyfile(_RPMVERIFY_F, _C) \ ((verifyResult & RPMVERIFY_READFAIL) ? unknown : \ (verifyResult & _RPMVERIFY_F) ? _C : aok) MD5 = _verifyfile(RPMVERIFY_MD5, "5"); size = _verify(RPMVERIFY_FILESIZE, "S"); link = _verifylink(RPMVERIFY_LINKTO, "L"); mtime = _verify(RPMVERIFY_MTIME, "T"); rdev = _verify(RPMVERIFY_RDEV, "D"); user = _verify(RPMVERIFY_USER, "U"); group = _verify(RPMVERIFY_GROUP, "G"); mode = _verify(RPMVERIFY_MODE, "M"); caps = _verify(RPMVERIFY_CAPS, "P"); #undef _verifyfile #undef _verifylink #undef _verify rasprintf(&buf, "%s%s%s%s%s%s%s%s%s %c %s", size, mode, MD5, rdev, link, user, group, mtime, caps, ((fileAttrs & RPMFILE_CONFIG) ? 'c' : (fileAttrs & RPMFILE_DOC) ? 'd' : (fileAttrs & RPMFILE_GHOST) ? 'g' : (fileAttrs & RPMFILE_LICENSE) ? 'l' : (fileAttrs & RPMFILE_PUBKEY) ? 'P' : (fileAttrs & RPMFILE_README) ? 'r' : ' '), rpmfiFN(fi)); } if (buf) { rpmlog(RPMLOG_NOTICE, "%s\n", buf); buf = _free(buf); } } rpmfiFree(fi); return ec; }