static int create_filepath_sexpr(char *arg_operation, char *arg_argument, SEXP_t **result)
{
*result = NULL;
/* non-fatal error */
if (strlen(arg_operation) == 0 && strlen(arg_argument) == 0) {
return 0;
}
int operation_number = oval_operation_from_text(arg_operation);
if (operation_number <= 0 || operation_number > 255) {
fprintf(stderr, "Error parsing path->operation number -- not a valid OVAL_OPERATION enum string: %s\n", arg_operation);
return 1;
}
uint8_t operation_value = (uint8_t)(operation_number & 0xFF);
SEXP_t *s_filepath_str = SEXP_string_new("filepath", 8);
SEXP_t *s_operation_str = SEXP_string_new(":operation", 10);
SEXP_t *s_operation_number = SEXP_number_new(SEXP_NUM_UINT8, &operation_value);
SEXP_t *s_filepath_argument = SEXP_string_new(arg_argument, strlen(arg_argument));
SEXP_t *s_inner_list = SEXP_list_new(NULL);
SEXP_list_add(s_inner_list, s_filepath_str);
SEXP_list_add(s_inner_list, s_operation_str);
SEXP_list_add(s_inner_list, s_operation_number);
*result = SEXP_list_new(NULL);
SEXP_list_add(*result, s_inner_list);
SEXP_list_add(*result, s_filepath_argument);
return 0;
}
static SEXP_t *oval_entity_to_sexp(struct oval_entity *ent)
{
SEXP_t *elm, *elm_name;
SEXP_t *r0, *r1, *r2;
oval_datatype_t datatype;
oval_entity_varref_type_t vr_type;
elm_name = SEXP_list_new(r0 = SEXP_string_newf("%s", oval_entity_get_name(ent)),
/* operation */
r1 = SEXP_string_new(":operation", 10),
r2 = SEXP_number_newu_32(oval_entity_get_operation(ent)), NULL);
SEXP_vfree(r0, r1, r2, NULL);
if (oval_entity_get_mask(ent)) {
SEXP_list_add(elm_name, r0 = SEXP_string_new("mask", 4));
SEXP_free(r0);
}
elm = SEXP_list_new(NULL);
datatype = oval_entity_get_datatype(ent);
probe_ent_setdatatype(elm, datatype);
vr_type = oval_entity_get_varref_type(ent);
if (vr_type == OVAL_ENTITY_VARREF_ATTRIBUTE
|| vr_type == OVAL_ENTITY_VARREF_ELEMENT) {
/* var_ref */
struct oval_variable *var;
var = oval_entity_get_variable(ent);
SEXP_list_add(elm_name, r0 = SEXP_string_new(":var_ref", 8));
SEXP_list_add(elm_name, r1 = SEXP_string_newf("%s", oval_variable_get_id(var)));
SEXP_list_add(elm, elm_name);
SEXP_vfree(r0, r1, elm_name, NULL);
} else {
/* value */
struct oval_value *val;
SEXP_list_add(elm, elm_name);
SEXP_free(elm_name);
val = oval_entity_get_value(ent);
if (datatype != OVAL_DATATYPE_RECORD
&& val != NULL) {
SEXP_t *val_sexp;
val_sexp = oval_value_to_sexp(val, datatype);
if (val_sexp != NULL) {
SEXP_list_add(elm, val_sexp);
SEXP_free(val_sexp);
}
}
}
return (elm);
}
static SEXP_t *oval_behaviors_to_sexp(struct oval_behavior_iterator *bit)
{
char *attr_name, *attr_val;
SEXP_t *elm_name;
SEXP_t *r0;
struct oval_behavior *behavior;
elm_name = SEXP_list_new(r0 = SEXP_string_newf("behaviors"), NULL);
SEXP_free(r0);
while (oval_behavior_iterator_has_more(bit)) {
behavior = oval_behavior_iterator_next(bit);
attr_name = oval_behavior_get_key(behavior);
attr_val = oval_behavior_get_value(behavior);
SEXP_list_add(elm_name, r0 = SEXP_string_newf(":%s", attr_name));
SEXP_free(r0);
if (attr_val != NULL) {
SEXP_list_add(elm_name, r0 = SEXP_string_new(attr_val, strlen(attr_val)));
SEXP_free(r0);
}
}
r0 = SEXP_list_new(elm_name, NULL);
SEXP_free(elm_name);
return (r0);
}
static int collect_item(struct route_info *rt, probe_ctx *ctx)
{
SEXP_t *item, *rt_dst;
oval_datatype_t addr_type;
rt_dst = SEXP_string_new(rt->ip_dst, strlen(rt->ip_dst));
if (probe_entobj_cmp(rt->ip_dst_ent, rt_dst) != OVAL_RESULT_TRUE) {
SEXP_free(rt_dst);
return 0;
}
addr_type = rt->ip_version == 4 ? OVAL_DATATYPE_IPV4ADDR : OVAL_DATATYPE_IPV6ADDR;
/* create the item */
item = probe_item_create(OVAL_UNIX_ROUTINGTABLE, NULL,
"destination", addr_type, rt->ip_dst,
"gateway", addr_type, rt->ip_gw,
"flags", OVAL_DATATYPE_STRING_M, rt->rt_flags,
"interface_name", OVAL_DATATYPE_STRING, rt->if_name,
NULL);
SEXP_free(rt_dst);
return probe_item_collect(ctx, item) == 2 ? 1 : 0;
}
static int unit_callback(const char *unit, void *cbarg)
{
struct unit_callback_vars *vars = (struct unit_callback_vars *)cbarg;
SEXP_t *se_unit = SEXP_string_new(unit, strlen(unit));
if (probe_entobj_cmp(vars->unit_entity, se_unit) != OVAL_RESULT_TRUE) {
/* Do nothing, continue with the next unit */
SEXP_free(se_unit);
return 0;
}
vars->se_unit = se_unit;
vars->se_property = NULL;
vars->item = NULL;
char *unit_path = get_path_by_unit(vars->dbus_conn, unit);
if (unit_path == NULL) {
return 1;
}
get_all_properties_by_unit_path(vars->dbus_conn, unit_path,
property_callback, vars);
if (vars->item != NULL) {
probe_item_collect(vars->ctx, vars->item);
vars->item = NULL;
SEXP_free(vars->se_property);
vars->se_property = NULL;
}
SEXP_free(se_unit);
return 0;
}
static int property_callback(const char *property, const char *value, void *cbarg)
{
struct unit_callback_vars *vars = (struct unit_callback_vars *)cbarg;
if (vars->se_property != NULL) {
//
// Compare the previously matched entity to the current one
// If they are the same, continue to fill the current item
// with property values. If not, collect the item and create
// a new one for the current property.
//
if (SEXP_strcmp(vars->se_property, property) == 0) {
SEXP_t *se_value = SEXP_string_new(value, strlen(value));
probe_item_ent_add(vars->item, "value", NULL, se_value);
SEXP_free(se_value);
return 0;
} else {
probe_item_collect(vars->ctx, vars->item);
vars->item = NULL;
SEXP_free(vars->se_property);
vars->se_property = NULL;
}
}
SEXP_t *se_property = SEXP_string_new(property, strlen(property));
if (probe_entobj_cmp(vars->property_entity, se_property) != OVAL_RESULT_TRUE) {
SEXP_free(se_property);
return 0;
}
vars->se_property = se_property;
vars->item = probe_item_create(OVAL_LINUX_SYSTEMDUNITPROPERTY, NULL,
"unit", OVAL_DATATYPE_SEXP, vars->se_unit,
"property", OVAL_DATATYPE_SEXP, vars->se_property,
"value", OVAL_DATATYPE_STRING, value,
NULL);
return 0;
}
static SEXP_t *create_item(const char *path, const char *filename, char *pattern,
int instance, char **substrs, int substr_cnt, oval_schema_version_t over)
{
int i;
SEXP_t *item;
SEXP_t *r0;
SEXP_t *se_instance, *se_filepath;
char *text;
if (strlen(path) + strlen(filename) + 1 > PATH_MAX) {
dE("path+filename too long");
return (NULL);
}
if (oval_schema_version_cmp(over, OVAL_SCHEMA_VERSION(5.4)) < 0) {
pattern = text = NULL;
se_instance = NULL;
} else {
text = substrs[0];
se_instance = SEXP_number_newu_64((int64_t) instance);
}
if (oval_schema_version_cmp(over, OVAL_SCHEMA_VERSION(5.6)) < 0) {
se_filepath = NULL;
} else {
const size_t path_len = strlen(path);
/* Avoid 2 slashes */
if (path_len >= 1 && path[path_len - 1] == FILE_SEPARATOR) {
se_filepath = SEXP_string_newf("%s%s", path, filename);
} else {
se_filepath = SEXP_string_newf("%s%c%s", path, FILE_SEPARATOR, filename);
}
}
item = probe_item_create(OVAL_INDEPENDENT_TEXT_FILE_CONTENT, NULL,
"filepath", OVAL_DATATYPE_SEXP, se_filepath,
"path", OVAL_DATATYPE_STRING, path,
"filename", OVAL_DATATYPE_STRING, filename,
"pattern", OVAL_DATATYPE_STRING, pattern,
"instance", OVAL_DATATYPE_SEXP, se_instance,
"line", OVAL_DATATYPE_STRING, pattern,
"text", OVAL_DATATYPE_STRING, substrs[0],
NULL);
for (i = 1; i < substr_cnt; ++i) {
probe_item_ent_add (item, "subexpression", NULL, r0 = SEXP_string_new (substrs[i], strlen (substrs[i])));
SEXP_free (r0);
}
return item;
}
static void oval_probe_session_libinit(void)
{
/* HACK: Make sure S-exps are initialized before we initialize anything else
* that uses them. This is needed only if the S-exp library is compiled without
* atomic builtins. In that case it uses a fallback locking mechanism that uses
* a mutex array which needs to be initialized before S-exp are used and freed
* at exit(3). The later is done by registering an atexit(3) function.
* The ncache_libinit function also registers an atexit(3) function and we need
* to make sure that the S-exps are not deinitialized before the ncache atexit
* handler is called.
* TODO: Implement SEXP_libinit() and call it from oscap_init()?
*/
volatile SEXP_t *exp = SEXP_string_new("magic", 5);
SEXP_free((SEXP_t *)exp);
ncache_libinit();
oval_probe_tblinit();
}
static int create_behaviors_sexpr(char *arg_max_depth, char *arg_recurse, char *arg_recurse_direction, char *arg_recurse_file_system, SEXP_t **result)
{
*result = NULL;
/* non-fatal error */
if (strlen(arg_max_depth) == 0 && strlen(arg_recurse) == 0 && strlen(arg_recurse_direction) == 0 && strlen(arg_recurse_file_system) == 0) {
return 0;
}
SEXP_t *s_behaviors_str = SEXP_string_new("behaviors", 9);
SEXP_t *s_max_depth_str = SEXP_string_new(":max_depth", 10);
SEXP_t *s_max_depth_argument = SEXP_string_new(arg_max_depth, strlen(arg_max_depth));
SEXP_t *s_recurse_str = SEXP_string_new(":recurse", 8);
SEXP_t *s_recurse_argument = SEXP_string_new(arg_recurse, strlen(arg_recurse));
SEXP_t *s_recurse_direction_str = SEXP_string_new(":recurse_direction", 18);
SEXP_t *s_recurse_direction_argument = SEXP_string_new(arg_recurse_direction, strlen(arg_recurse_direction));
SEXP_t *s_recurse_file_system_str = SEXP_string_new(":recurse_file_system", 20);
SEXP_t *s_recurse_file_system_argument = SEXP_string_new(arg_recurse_file_system, strlen(arg_recurse_file_system));
SEXP_t *s_inner_list = SEXP_list_new(NULL);
SEXP_list_add(s_inner_list, s_behaviors_str);
SEXP_list_add(s_inner_list, s_max_depth_str);
SEXP_list_add(s_inner_list, s_max_depth_argument);
SEXP_list_add(s_inner_list, s_recurse_str);
SEXP_list_add(s_inner_list, s_recurse_argument);
SEXP_list_add(s_inner_list, s_recurse_direction_str);
SEXP_list_add(s_inner_list, s_recurse_direction_argument);
SEXP_list_add(s_inner_list, s_recurse_file_system_str);
SEXP_list_add(s_inner_list, s_recurse_file_system_argument);
*result = SEXP_list_new(NULL);
SEXP_list_add(*result, s_inner_list);
return 0;
}
int accesstoken_probe_main(probe_ctx *ctx, void *arg)
{
SEXP_t *probe_in = probe_ctx_getobject(ctx);
SEXP_t *behaviors_ent = probe_obj_getent(probe_in, "behaviors", 1);
SEXP_t *security_principle_ent = probe_obj_getent(probe_in, "security_principle", 1);
SEXP_t *security_principle_val = probe_ent_getval(security_principle_ent);
bool include_group = accesstoken_behaviors_get_include_group(behaviors_ent);
bool resolve_group = accesstoken_behaviors_get_resolve_group(behaviors_ent);
oval_operation_t operation = probe_ent_getoperation(security_principle_ent, OVAL_OPERATION_EQUALS);
if (operation == OVAL_OPERATION_EQUALS) {
char *security_principle_str = SEXP_string_cstr(security_principle_val);
WCHAR *security_principle_wstr = oscap_windows_str_to_wstr(security_principle_str);
collect_access_rights(ctx, security_principle_wstr, include_group, resolve_group);
free(security_principle_str);
free(security_principle_wstr);
} else {
struct oscap_list *trustees_list = oscap_list_new();
get_all_trustee_names(trustees_list);
struct oscap_iterator *it = oscap_iterator_new(trustees_list);
while (oscap_iterator_has_more(it)) {
WCHAR *trustee_wstr = oscap_iterator_next(it);
char *trustee_str = oscap_windows_wstr_to_str(trustee_wstr);
SEXP_t *tmp = SEXP_string_new(trustee_str, strlen(trustee_str));
if (probe_entobj_cmp(security_principle_ent, tmp) == OVAL_RESULT_TRUE) {
collect_access_rights(ctx, trustee_wstr, include_group, resolve_group);
}
free(trustee_str);
SEXP_free(tmp);
}
oscap_iterator_free(it);
oscap_list_free(trustees_list, free);
}
SEXP_free(behaviors_ent);
SEXP_free(security_principle_ent);
SEXP_free(security_principle_val);
return 0;
}
static int get_selinuxboolean(SEXP_t *ut_ent, probe_ctx *ctx)
{
int err = 1, active, pending, len, i;
SEXP_t *boolean, *item;
char **booleans;
if ( ! is_selinux_enabled()) {
probe_cobj_set_flag(probe_ctx_getresult(ctx), SYSCHAR_FLAG_NOT_APPLICABLE);
return 0;
}
if (security_get_boolean_names(&booleans, &len) == -1) {
probe_cobj_set_flag(probe_ctx_getresult(ctx), SYSCHAR_FLAG_ERROR);
return err;
}
for (i = 0; i < len; i++) {
boolean = SEXP_string_new(booleans[i], strlen(booleans[i]));
if (probe_entobj_cmp(ut_ent, boolean) == OVAL_RESULT_TRUE) {
active = security_get_boolean_active(booleans[i]);
pending = security_get_boolean_pending(booleans[i]);
item = probe_item_create(
OVAL_LINUX_SELINUXBOOLEAN, NULL,
"name", OVAL_DATATYPE_SEXP, boolean,
"current_status", OVAL_DATATYPE_BOOLEAN, active,
"pending_status", OVAL_DATATYPE_BOOLEAN, pending,
NULL);
probe_item_collect(ctx, item);
}
SEXP_free(boolean);
}
for (i = 0; i < len; i++)
free(booleans[i]);
free(booleans);
return 0;
}
int main (void)
{
SEXP_t *s_exp;
char *s1, *s2;
s1 = "Hello, world!";
s2 = "abcdefghijklmnopqrstuvwxyz";
setbuf (stdout, NULL);
s_exp = SEXP_string_new (s1, strlen (s1));
SEXP_fprintfa (stdout, s_exp);
putc ('\n', stdout);
SEXP_free (s_exp);
s_exp = SEXP_string_newf ("s2=%s", s2);
SEXP_fprintfa (stdout, s_exp);
putc ('\n', stdout);
SEXP_free (s_exp);
return (0);
}
static int read_environment(SEXP_t *pid_ent, SEXP_t *name_ent, probe_ctx *ctx)
{
int err = 1, pid, fd;
bool empty;
size_t env_name_size;
SEXP_t *env_name, *env_value, *item, *pid_sexp;
DIR *d;
struct dirent *d_entry;
char *buffer, env_file[256], *null_char;
ssize_t buffer_used;
size_t buffer_size;
d = opendir("/proc");
if (d == NULL) {
dE("Can't read /proc: errno=%d, %s.\n", errno, strerror (errno));
return PROBE_EACCESS;
}
if ((buffer = oscap_realloc(NULL, BUFFER_SIZE)) == NULL) {
dE("Can't allocate memory");
closedir(d);
return PROBE_EFAULT;
}
buffer_size = BUFFER_SIZE;
while ((d_entry = readdir(d))) {
if (strspn(d_entry->d_name, "0123456789") != strlen(d_entry->d_name))
continue;
pid = atoi(d_entry->d_name);
pid_sexp = SEXP_number_newi_32(pid);
if (probe_entobj_cmp(pid_ent, pid_sexp) != OVAL_RESULT_TRUE) {
SEXP_free(pid_sexp);
continue;
}
SEXP_free(pid_sexp);
sprintf(env_file, "/proc/%d/environ", pid);
if ((fd = open(env_file, O_RDONLY)) == -1) {
dE("Can't open \"%s\": errno=%d, %s.\n", env_file, errno, strerror (errno));
item = probe_item_create(
OVAL_INDEPENDENT_ENVIRONMENT_VARIABLE58, NULL,
"pid", OVAL_DATATYPE_INTEGER, (int64_t)pid,
NULL
);
probe_item_setstatus(item, SYSCHAR_STATUS_ERROR);
probe_item_add_msg(item, OVAL_MESSAGE_LEVEL_ERROR,
"Can't open \"%s\": errno=%d, %s.", env_file, errno, strerror (errno));
probe_item_collect(ctx, item);
continue;
}
empty = true;
if ((buffer_used = read(fd, buffer, buffer_size - 1)) > 0) {
empty = false;
}
while (! empty) {
while (! (null_char = memchr(buffer, 0, buffer_used))) {
ssize_t s;
if ((size_t)buffer_used >= buffer_size) {
buffer_size += BUFFER_SIZE;
buffer = oscap_realloc(buffer, buffer_size);
if (buffer == NULL) {
dE("Can't allocate memory");
exit(ENOMEM);
}
}
s = read(fd, buffer + buffer_used, buffer_size - buffer_used);
if (s <= 0) {
empty = true;
buffer[buffer_used++] = 0;
}
else {
buffer_used += s;
}
}
do {
char *eq_char = strchr(buffer, '=');
if (eq_char == NULL) {
/* strange but possible:
* $ strings /proc/1218/environ
/dev/input/event0 /dev/input/event1 /dev/input/event4 /dev/input/event3
*/
buffer_used -= null_char + 1 - buffer;
memmove(buffer, null_char + 1, buffer_used);
continue;
}
env_name_size = eq_char - buffer;
env_name = SEXP_string_new(buffer, env_name_size);
env_value = SEXP_string_newf("%s", buffer + env_name_size + 1);
if (probe_entobj_cmp(name_ent, env_name) == OVAL_RESULT_TRUE) {
item = probe_item_create(
OVAL_INDEPENDENT_ENVIRONMENT_VARIABLE58, NULL,
"pid", OVAL_DATATYPE_INTEGER, (int64_t)pid,
"name", OVAL_DATATYPE_SEXP, env_name,
"value", OVAL_DATATYPE_SEXP, env_value,
NULL);
probe_item_collect(ctx, item);
err = 0;
}
SEXP_free(env_name);
SEXP_free(env_value);
buffer_used -= null_char + 1 - buffer;
memmove(buffer, null_char + 1, buffer_used);
} while ((null_char = memchr(buffer, 0, buffer_used)));
}
close(fd);
}
closedir(d);
oscap_free(buffer);
if (err) {
SEXP_t *msg = probe_msg_creatf(OVAL_MESSAGE_LEVEL_ERROR,
"Can't find process with requested PID.");
probe_cobj_add_msg(probe_ctx_getresult(ctx), msg);
SEXP_free(msg);
err = 0;
}
return err;
}
static int oval_probe_variable_eval(oval_probe_session_t *sess, struct oval_syschar *syschar)
{
struct oval_value_iterator *vit;
struct oval_variable *var;
struct oval_object *obj;
oval_syschar_collection_flag_t flag = SYSCHAR_FLAG_ERROR;
int ret = 0;
obj = oval_syschar_get_object(syschar);
var = oval_probe_variable_objgetvar(obj);
if (var == NULL) {
oval_syschar_set_flag(syschar, SYSCHAR_FLAG_ERROR);
return(-1);
}
if (oval_probe_query_variable(sess, var) != 0) {
oval_syschar_set_flag(syschar, SYSCHAR_FLAG_ERROR);
return(-1);
}
flag = oval_variable_get_collection_flag(var);
switch (flag) {
case SYSCHAR_FLAG_COMPLETE:
case SYSCHAR_FLAG_INCOMPLETE:
break;
default:
{
char msg[100];
snprintf(msg, sizeof(msg), "There was a problem processing referenced variable (%s).", oval_variable_get_id(var));
dW("%s\n", msg);
oval_syschar_add_new_message(syschar, msg, OVAL_MESSAGE_LEVEL_WARNING);
oval_syschar_set_flag(syschar, SYSCHAR_FLAG_ERROR);
return(1);
}
}
vit = oval_variable_get_values(var);
if (vit == NULL) {
flag = SYSCHAR_FLAG_ERROR;
oval_syschar_set_flag(syschar, SYSCHAR_FLAG_ERROR);
return(1);
} else {
SEXP_t *r0, *item, *cobj, *vrent, *val_sexp, *valent;
char *var_ref;
cobj = probe_cobj_new(SYSCHAR_FLAG_UNKNOWN, NULL, NULL);
/* Create shared entity */
var_ref = oval_variable_get_id(var);
vrent = probe_ent_creat1("var_ref", NULL,
r0 = SEXP_string_new(var_ref, strlen(var_ref)));
SEXP_free(r0);
while (oval_value_iterator_has_more(vit)) {
oval_datatype_t dtype;
struct oval_value *val;
val = oval_value_iterator_next(vit);
oval_value_cast(val, OVAL_DATATYPE_STRING);
dtype = oval_value_get_datatype(val);
val_sexp = oval_value_to_sexp(val, dtype);
assume_d(val_sexp != NULL, -1);
valent = probe_ent_creat1("value", NULL, val_sexp);
item = probe_item_creat("variable_item", NULL,
NULL);
/* temporary workaround to generate ids */
_gen_item_id(item);
/* Add shared var_ref entity */
SEXP_list_add(item, vrent);
/* Add value entity */
SEXP_list_add(item, valent);
/* Add item to the item list */
probe_cobj_add_item(cobj, item);
SEXP_vfree(item, valent, val_sexp, NULL);
}
oval_value_iterator_free(vit);
probe_cobj_compute_flag(cobj);
ret = oval_sexp2sysch(cobj, syschar);
SEXP_vfree(cobj, vrent, NULL);
}
return(ret);
}
static SEXP_t *oval_set_to_sexp(struct oval_setobject *set)
{
SEXP_t *elm, *elm_name;
SEXP_t *r0, *r1, *r2;
elm_name = SEXP_list_new(r0 = SEXP_string_new("set", 3),
/* operation */
r1 = SEXP_string_new(":operation", 10),
r2 = SEXP_number_newu_32(oval_setobject_get_operation(set)), NULL);
SEXP_free(r0);
SEXP_free(r1);
SEXP_free(r2);
elm = SEXP_list_new(elm_name, NULL);
SEXP_free(elm_name);
switch (oval_setobject_get_type(set)) {
case OVAL_SET_AGGREGATE:{
struct oval_setobject_iterator *sit;
struct oval_setobject *subset;
sit = oval_setobject_get_subsets(set);
while (oval_setobject_iterator_has_more(sit)) {
subset = oval_setobject_iterator_next(sit);
SEXP_list_add(elm, r0 = oval_set_to_sexp(subset));
SEXP_free(r0);
}
oval_setobject_iterator_free(sit);
}
break;
case OVAL_SET_COLLECTIVE:{
struct oval_object_iterator *oit;
struct oval_filter_iterator *fit;
struct oval_object *obj;
SEXP_t *subelm;
oit = oval_setobject_get_objects(set);
while (oval_object_iterator_has_more(oit)) {
obj = oval_object_iterator_next(oit);
subelm = SEXP_list_new(r0 = SEXP_string_new("obj_ref", 7),
r1 = SEXP_string_newf("%s", oval_object_get_id(obj)), NULL);
SEXP_free(r0);
SEXP_free(r1);
SEXP_list_add(elm, subelm);
SEXP_free(subelm);
}
oval_object_iterator_free(oit);
fit = oval_setobject_get_filters(set);
while (oval_filter_iterator_has_more(fit)) {
struct oval_filter *fil;
fil = oval_filter_iterator_next(fit);
subelm = oval_filter_to_sexp(fil);
SEXP_list_add(elm, subelm);
SEXP_free(subelm);
}
oval_filter_iterator_free(fit);
}
break;
default:
abort();
}
return (elm);
}
int oval_object_to_sexp(void *sess, const char *typestr, struct oval_syschar *syschar, SEXP_t **out_sexp)
{
unsigned int ent_cnt, varref_cnt;
int ret;
SEXP_t *obj_sexp, *elm, *varrefs, *ent_lst, *lst, *stmp;
SEXP_t *r0, *r1, *r2, *obj_attr, sm0, sm1;
struct oval_object *object;
struct oval_object_content_iterator *cit;
struct oval_behavior_iterator *bit;
struct oval_object_content *content;
struct oval_entity *entity;
char obj_name[128];
const char *obj_id;
object = oval_syschar_get_object(syschar);
/*
* Object name & attributes (id)
*/
ret = snprintf(obj_name, sizeof obj_name, "%s_object", typestr);
if (ret<0 || (unsigned int) ret > sizeof obj_name) {
dE("obj_name length too short");
return -1;
}
// even though it returns const char* it has to be freed :-(
char *obj_over = (char*)oval_schema_version_to_cstr(oval_object_get_platform_schema_version(object));
obj_id = oval_object_get_id(object);
obj_attr = probe_attr_creat("id", SEXP_string_new_r(&sm0, obj_id, strlen(obj_id)),
"oval_version", SEXP_string_new_r(&sm1, obj_over, strlen(obj_over)),
NULL);
free(obj_over);
obj_sexp = probe_obj_new(obj_name, obj_attr);
SEXP_free_r(&sm0);
SEXP_free_r(&sm1);
SEXP_free(obj_attr);
/*
* Object content
*/
ent_lst = SEXP_list_new(NULL);
varrefs = NULL;
ent_cnt = varref_cnt = 0;
cit = oval_object_get_object_contents(object);
while (oval_object_content_iterator_has_more(cit)) {
oval_check_t ochk;
oval_entity_varref_type_t vr_type;
content = oval_object_content_iterator_next(cit);
elm = NULL;
lst = ent_lst;
switch (oval_object_content_get_type(content)) {
case OVAL_OBJECTCONTENT_ENTITY:
entity = oval_object_content_get_entity(content);
elm = oval_entity_to_sexp(entity);
if (elm == NULL)
break;
ochk = oval_object_content_get_varCheck(content);
if (ochk != OVAL_CHECK_UNKNOWN) {
probe_ent_attr_add(elm, "var_check",
r0 = SEXP_number_newu_32(ochk));
SEXP_free(r0);
}
ret = 0;
vr_type = oval_entity_get_varref_type(entity);
if (vr_type == OVAL_ENTITY_VARREF_ATTRIBUTE) {
const char *var_id = oval_variable_get_id(oval_entity_get_variable(entity));
const char *field_name = oval_object_content_get_field_name(content);
dI("Object '%s' references variable '%s' in '%s' field.", obj_id, var_id, field_name);
ret = oval_varref_attr_to_sexp(sess, entity, syschar, &stmp);
if (ret == 0) {
if (varrefs == NULL)
varrefs = SEXP_list_new(NULL);
SEXP_list_add(varrefs, stmp);
SEXP_free(stmp);
// todo: don't add duplicates
++varref_cnt;
lst = obj_sexp;
++ent_cnt;
}
} else if (vr_type == OVAL_ENTITY_VARREF_ELEMENT) {
SEXP_t *val_lst;
struct oval_variable *var;
oval_datatype_t dt;
var = oval_entity_get_variable(entity);
dt = oval_entity_get_datatype(entity);
ret = oval_varref_elm_to_sexp(sess, var, dt, &val_lst, syschar);
if (ret == 0) {
SEXP_list_add(elm, val_lst);
SEXP_free(val_lst);
}
}
if (ret != 0) {
SEXP_t s_flag;
SEXP_number_newi_32_r(&s_flag, SYSCHAR_FLAG_DOES_NOT_EXIST);
probe_item_attr_add(obj_sexp, "skip_eval", &s_flag);
SEXP_free_r(&s_flag);
SEXP_free(elm);
SEXP_free(ent_lst);
if (varrefs != NULL)
SEXP_free(varrefs);
oval_object_content_iterator_free(cit);
*out_sexp = obj_sexp;
return (0);
}
break;
case OVAL_OBJECTCONTENT_SET:
elm = oval_set_to_sexp(oval_object_content_get_setobject(content));
break;
case OVAL_OBJECTCONTENT_FILTER: {
struct oval_filter *filter = oval_object_content_get_filter(content);
struct oval_state *ste = oval_filter_get_state(filter);
const char *ste_id = oval_state_get_id(ste);
oval_filter_action_t action = oval_filter_get_filter_action(filter);
const char *action_text = oval_filter_action_get_text(action);
dI("Object '%s' has a filter that %ss items conforming to state '%s'.",
obj_id, action_text, ste_id);
elm = oval_filter_to_sexp(filter);
}
break;
case OVAL_OBJECTCONTENT_UNKNOWN:
break;
}
if (elm == NULL) {
SEXP_free(obj_sexp);
SEXP_free(ent_lst);
if (varrefs != NULL)
SEXP_free(varrefs);
oval_object_content_iterator_free(cit);
return -1;
}
SEXP_list_add(lst, elm);
SEXP_free(elm);
}
if (varrefs != NULL) {
// todo: SEXP_list_push()
stmp = SEXP_list_new(r0 = SEXP_string_new("varrefs", 7),
r1 = SEXP_number_newu(varref_cnt), r2 = SEXP_number_newu(ent_cnt), NULL);
SEXP_vfree(r0, r1, r2, NULL);
r0 = SEXP_list_join(stmp, varrefs);
SEXP_list_add(obj_sexp, r0);
SEXP_vfree(stmp, varrefs, r0, NULL);
}
stmp = SEXP_list_join(obj_sexp, ent_lst);
SEXP_free(obj_sexp);
SEXP_free(ent_lst);
obj_sexp = stmp;
oval_object_content_iterator_free(cit);
/*
* Object behaviors
*/
bit = oval_object_get_behaviors(object);
if (oval_behavior_iterator_has_more(bit)) {
elm = oval_behaviors_to_sexp(bit);
SEXP_list_add(obj_sexp, elm);
SEXP_free(elm);
}
oval_behavior_iterator_free(bit);
*out_sexp = obj_sexp;
return (0);
}
int oval_state_to_sexp(void *sess, struct oval_state *state, SEXP_t **out_sexp)
{
SEXP_t *ste, *ste_name, *ste_ent;
SEXP_t *r0, *r1, *r2, *r3, *r4;
char buffer[128];
size_t buflen;
const char *subtype_name;
struct oval_state_content_iterator *contents;
subtype_name = oval_subtype_to_str(oval_state_get_subtype(state));
if (subtype_name == NULL) {
dI("FAIL: unknown subtype: %d", oval_state_get_subtype(state));
return (-1);
}
buflen = snprintf(buffer, sizeof buffer, "%s_state", subtype_name);
_A(buflen < sizeof buffer);
ste_name = SEXP_list_new(r0 = SEXP_string_new(buffer, buflen),
r1 = SEXP_string_new(":id", 3),
r2 = SEXP_string_newf("%s", oval_state_get_id(state)),
r3 = SEXP_string_new(":operator", 9),
r4 = SEXP_number_newu(oval_state_get_operator(state)),
NULL);
ste = SEXP_list_new(ste_name, NULL);
SEXP_vfree(r0, r1, r2, r3, r4, ste_name, NULL);
contents = oval_state_get_contents(state);
while (oval_state_content_iterator_has_more(contents)) {
oval_check_t ochk;
oval_existence_t oext;
oval_entity_varref_type_t vr_type;
struct oval_entity *ent;
struct oval_state_content *content = oval_state_content_iterator_next(contents);
struct oval_record_field_iterator *rf_itr;
ent = oval_state_content_get_entity(content);
ste_ent = oval_entity_to_sexp(ent);
if (ste_ent == NULL) {
goto fail;
}
rf_itr = oval_state_content_get_record_fields(content);
while (oval_record_field_iterator_has_more(rf_itr)) {
struct oval_record_field *rf;
SEXP_t *rf_sexp;
rf = oval_record_field_iterator_next(rf_itr);
rf_sexp = oval_record_field_STATE_to_sexp(rf);
SEXP_list_add(ste_ent, rf_sexp);
SEXP_free(rf_sexp);
}
oval_record_field_iterator_free(rf_itr);
ochk = oval_state_content_get_var_check(content);
if (ochk != OVAL_CHECK_UNKNOWN) {
probe_ent_attr_add(ste_ent, "var_check", r0 = SEXP_number_newu_32(ochk));
SEXP_free(r0);
}
ochk = oval_state_content_get_ent_check(content);
if (ochk != OVAL_CHECK_UNKNOWN) {
probe_ent_attr_add(ste_ent, "entity_check", r0 = SEXP_number_newu_32(ochk));
SEXP_free(r0);
}
oext = oval_state_content_get_check_existence(content);
if (oext != OVAL_EXISTENCE_UNKNOWN) {
probe_ent_attr_add(ste_ent, "check_existence", r0 = SEXP_number_newu_32(oext));
SEXP_free(r0);
}
vr_type = oval_entity_get_varref_type(ent);
if (vr_type == OVAL_ENTITY_VARREF_ATTRIBUTE
|| vr_type == OVAL_ENTITY_VARREF_ELEMENT) {
SEXP_t *val_lst;
struct oval_variable *var;
oval_datatype_t dt;
var = oval_entity_get_variable(ent);
dt = oval_entity_get_datatype(ent);
if (oval_varref_elm_to_sexp(sess, var, dt, &val_lst, NULL) != 0)
goto fail;
SEXP_list_add(ste_ent, val_lst);
SEXP_free(val_lst);
}
SEXP_list_add(ste, ste_ent);
SEXP_free(ste_ent);
}
oval_state_content_iterator_free(contents);
*out_sexp = ste;
return (0);
fail:
oval_state_content_iterator_free(contents);
SEXP_vfree(ste, ste_ent, NULL);
return (-1);
}
