int probe_main(probe_ctx *ctx, void *arg) { SEXP_t *item_sexp; item_sexp = probe_item_creat ("process_item", NULL, NULL); probe_item_setstatus (item_sexp, SYSCHAR_STATUS_NOT_COLLECTED); probe_item_collect(ctx, item_sexp); return 0; }
static int read_environment(SEXP_t *pid_ent, SEXP_t *name_ent, probe_ctx *ctx) { int err = 1, pid, fd; bool empty; size_t env_name_size; SEXP_t *env_name, *env_value, *item, *pid_sexp; DIR *d; struct dirent *d_entry; char *buffer, env_file[256], *null_char; ssize_t buffer_used; size_t buffer_size; d = opendir("/proc"); if (d == NULL) { dE("Can't read /proc: errno=%d, %s.\n", errno, strerror (errno)); return PROBE_EACCESS; } if ((buffer = oscap_realloc(NULL, BUFFER_SIZE)) == NULL) { dE("Can't allocate memory"); closedir(d); return PROBE_EFAULT; } buffer_size = BUFFER_SIZE; while ((d_entry = readdir(d))) { if (strspn(d_entry->d_name, "0123456789") != strlen(d_entry->d_name)) continue; pid = atoi(d_entry->d_name); pid_sexp = SEXP_number_newi_32(pid); if (probe_entobj_cmp(pid_ent, pid_sexp) != OVAL_RESULT_TRUE) { SEXP_free(pid_sexp); continue; } SEXP_free(pid_sexp); sprintf(env_file, "/proc/%d/environ", pid); if ((fd = open(env_file, O_RDONLY)) == -1) { dE("Can't open \"%s\": errno=%d, %s.\n", env_file, errno, strerror (errno)); item = probe_item_create( OVAL_INDEPENDENT_ENVIRONMENT_VARIABLE58, NULL, "pid", OVAL_DATATYPE_INTEGER, (int64_t)pid, NULL ); probe_item_setstatus(item, SYSCHAR_STATUS_ERROR); probe_item_add_msg(item, OVAL_MESSAGE_LEVEL_ERROR, "Can't open \"%s\": errno=%d, %s.", env_file, errno, strerror (errno)); probe_item_collect(ctx, item); continue; } empty = true; if ((buffer_used = read(fd, buffer, buffer_size - 1)) > 0) { empty = false; } while (! empty) { while (! (null_char = memchr(buffer, 0, buffer_used))) { ssize_t s; if ((size_t)buffer_used >= buffer_size) { buffer_size += BUFFER_SIZE; buffer = oscap_realloc(buffer, buffer_size); if (buffer == NULL) { dE("Can't allocate memory"); exit(ENOMEM); } } s = read(fd, buffer + buffer_used, buffer_size - buffer_used); if (s <= 0) { empty = true; buffer[buffer_used++] = 0; } else { buffer_used += s; } } do { char *eq_char = strchr(buffer, '='); if (eq_char == NULL) { /* strange but possible: * $ strings /proc/1218/environ /dev/input/event0 /dev/input/event1 /dev/input/event4 /dev/input/event3 */ buffer_used -= null_char + 1 - buffer; memmove(buffer, null_char + 1, buffer_used); continue; } env_name_size = eq_char - buffer; env_name = SEXP_string_new(buffer, env_name_size); env_value = SEXP_string_newf("%s", buffer + env_name_size + 1); if (probe_entobj_cmp(name_ent, env_name) == OVAL_RESULT_TRUE) { item = probe_item_create( OVAL_INDEPENDENT_ENVIRONMENT_VARIABLE58, NULL, "pid", OVAL_DATATYPE_INTEGER, (int64_t)pid, "name", OVAL_DATATYPE_SEXP, env_name, "value", OVAL_DATATYPE_SEXP, env_value, NULL); probe_item_collect(ctx, item); err = 0; } SEXP_free(env_name); SEXP_free(env_value); buffer_used -= null_char + 1 - buffer; memmove(buffer, null_char + 1, buffer_used); } while ((null_char = memchr(buffer, 0, buffer_used))); } close(fd); } closedir(d); oscap_free(buffer); if (err) { SEXP_t *msg = probe_msg_creatf(OVAL_MESSAGE_LEVEL_ERROR, "Can't find process with requested PID."); probe_cobj_add_msg(probe_ctx_getresult(ctx), msg); SEXP_free(msg); err = 0; } return err; }
static int file_cb (const char *p, const char *f, void *ptr) { char path_buffer[PATH_MAX]; SEXP_t *item, xattr_name; struct cbargs *args = (struct cbargs *) ptr; const char *st_path; ssize_t xattr_count = -1; char *xattr_buf = NULL; size_t xattr_buflen = 0, i; if (f == NULL) { st_path = p; } else { snprintf (path_buffer, sizeof path_buffer, "%s/%s", p, f); st_path = path_buffer; } SEXP_init(&xattr_name); do { /* estimate the size of the buffer */ xattr_count = llistxattr(st_path, NULL, 0); if (xattr_count == 0) return (0); if (xattr_count < 0) { dI("FAIL: llistxattr(%s, %p, %zu): errno=%u, %s.", errno, strerror(errno)); return 0; } /* allocate space for xattr names */ xattr_buflen = xattr_count; xattr_buf = oscap_realloc(xattr_buf, sizeof(char) * xattr_buflen); /* fill the buffer */ xattr_count = llistxattr(st_path, xattr_buf, xattr_buflen); /* check & retry if needed */ } while (errno == ERANGE); if (xattr_count < 0) { dI("FAIL: llistxattr(%s, %p, %zu): errno=%u, %s.", errno, strerror(errno)); oscap_free(xattr_buf); } /* update lastpath if needed */ if (!SEXP_emptyp(&gr_lastpath)) { if (SEXP_strcmp(&gr_lastpath, p) != 0) { SEXP_free_r(&gr_lastpath); SEXP_string_new_r(&gr_lastpath, p, strlen(p)); } } else SEXP_string_new_r(&gr_lastpath, p, strlen(p)); i = 0; /* collect */ do { SEXP_string_new_r(&xattr_name, xattr_buf + i, strlen(xattr_buf +i)); if (probe_entobj_cmp(args->attr_ent, &xattr_name) == OVAL_RESULT_TRUE) { ssize_t xattr_vallen = -1; char *xattr_val = NULL; xattr_vallen = lgetxattr(st_path, xattr_buf + i, NULL, 0); retry_value: if (xattr_vallen >= 0) { // Check possible buffer overflow if (sizeof(char) * (xattr_vallen + 1) <= sizeof(char) * xattr_vallen) { dE("Attribute is too long."); abort(); } // Allocate buffer, '+1' is for trailing '\0' xattr_val = oscap_realloc(xattr_val, sizeof(char) * (xattr_vallen + 1)); // we don't want to override space for '\0' by call of 'lgetxattr' // we pass only 'xattr_vallen' instead of 'xattr_vallen + 1' xattr_vallen = lgetxattr(st_path, xattr_buf + i, xattr_val, xattr_vallen); if (xattr_vallen < 0 || errno == ERANGE) goto retry_value; xattr_val[xattr_vallen] = '\0'; item = probe_item_create(OVAL_UNIX_FILEEXTENDEDATTRIBUTE, NULL, "filepath", OVAL_DATATYPE_STRING, f == NULL ? NULL : st_path, "path", OVAL_DATATYPE_SEXP, &gr_lastpath, "filename", OVAL_DATATYPE_STRING, f == NULL ? "" : f, "attribute_name", OVAL_DATATYPE_SEXP, &xattr_name, "value", OVAL_DATATYPE_STRING, xattr_val, NULL); oscap_free(xattr_val); } else { dI("FAIL: lgetxattr(%s, %s, NULL, 0): errno=%u, %s.", errno, strerror(errno)); item = probe_item_create(OVAL_UNIX_FILEEXTENDEDATTRIBUTE, NULL, NULL); probe_item_setstatus(item, SYSCHAR_STATUS_ERROR); if (xattr_val != NULL) oscap_free(xattr_val); } probe_item_collect(args->ctx, item); /* XXX: handle ENOMEM */ } SEXP_free_r(&xattr_name); /* skip to next name */ while (i < xattr_buflen && xattr_buf[i] != '\0') ++i; ++i; } while (xattr_buf + i < xattr_buf + xattr_buflen - 1); oscap_free(xattr_buf); return (0); }
static int filehash_cb (const char *p, const char *f, probe_ctx *ctx, oval_schema_version_t over) { SEXP_t *itm; char pbuf[PATH_MAX+1]; size_t plen, flen; bool include_filepath; int fd; if (f == NULL) return (0); /* * Prepare path */ plen = strlen (p); flen = strlen (f); if (plen + flen + 1 > PATH_MAX) return (-1); memcpy (pbuf, p, sizeof (char) * plen); if (p[plen - 1] != FILE_SEPARATOR) { pbuf[plen] = FILE_SEPARATOR; ++plen; } memcpy (pbuf + plen, f, sizeof (char) * flen); pbuf[plen+flen] = '\0'; include_filepath = oval_schema_version_cmp(over, OVAL_SCHEMA_VERSION(5.6)) >= 0; /* * Open the file */ fd = open (pbuf, O_RDONLY); if (fd < 0) { strerror_r (errno, pbuf, PATH_MAX); pbuf[PATH_MAX] = '\0'; itm = probe_item_create(OVAL_INDEPENDENT_FILE_HASH, NULL, "filepath", OVAL_DATATYPE_STRING, include_filepath ? pbuf : NULL, "path", OVAL_DATATYPE_STRING, p, "filename", OVAL_DATATYPE_STRING, f, NULL ); probe_item_add_msg(itm, OVAL_MESSAGE_LEVEL_ERROR, "Can't open \"%s\": errno=%d, %s.", pbuf, errno, strerror (errno)); probe_item_setstatus(itm, SYSCHAR_STATUS_ERROR); } else { uint8_t md5_dst[16]; size_t md5_dstlen = sizeof md5_dst; char md5_str[(sizeof md5_dst * 2) + 1]; uint8_t sha1_dst[20]; size_t sha1_dstlen = sizeof sha1_dst; char sha1_str[(sizeof sha1_dst * 2) + 1]; /* * Compute hash values */ if (crapi_mdigest_fd (fd, 2, CRAPI_DIGEST_MD5, md5_dst, &md5_dstlen, CRAPI_DIGEST_SHA1, sha1_dst, &sha1_dstlen) != 0) { close (fd); return (-1); } close (fd); md5_str[0] = '\0'; sha1_str[0] = '\0'; mem2hex (md5_dst, md5_dstlen, md5_str, sizeof md5_str); mem2hex (sha1_dst, sha1_dstlen, sha1_str, sizeof sha1_str); /* * Create and add the item */ itm = probe_item_create(OVAL_INDEPENDENT_FILE_HASH, NULL, "filepath", OVAL_DATATYPE_STRING, include_filepath ? pbuf : NULL, "path", OVAL_DATATYPE_STRING, p, "filename", OVAL_DATATYPE_STRING, f, "md5", OVAL_DATATYPE_STRING, md5_str, "sha1", OVAL_DATATYPE_STRING, sha1_str, NULL); if (md5_dstlen == 0 || sha1_dstlen == 0) probe_item_setstatus(itm, SYSCHAR_STATUS_ERROR); if (md5_dstlen == 0) probe_item_add_msg(itm, OVAL_MESSAGE_LEVEL_ERROR, "Unable to compute md5 hash value of \"%s\".", pbuf); if (sha1_dstlen == 0) probe_item_add_msg(itm, OVAL_MESSAGE_LEVEL_ERROR, "Unable to compute sha1 hash value of \"%s\".", pbuf); } probe_item_collect(ctx, itm); return (0); }
static int filehash58_cb (const char *p, const char *f, const char *h, probe_ctx *ctx) { SEXP_t *itm; char pbuf[PATH_MAX+1]; size_t plen, flen; int fd; if (f == NULL) return (0); /* * Prepare path */ plen = strlen (p); flen = strlen (f); if (plen + flen + 1 > PATH_MAX) return (-1); memcpy (pbuf, p, sizeof (char) * plen); if (p[plen - 1] != FILE_SEPARATOR) { pbuf[plen] = FILE_SEPARATOR; ++plen; } memcpy (pbuf + plen, f, sizeof (char) * flen); pbuf[plen+flen] = '\0'; /* * Open the file */ fd = open (pbuf, O_RDONLY); if (fd < 0) { strerror_r (errno, pbuf, PATH_MAX); pbuf[PATH_MAX] = '\0'; itm = probe_item_create (OVAL_INDEPENDENT_FILE_HASH58, NULL, "filepath", OVAL_DATATYPE_STRING, pbuf, "path", OVAL_DATATYPE_STRING, p, "filename", OVAL_DATATYPE_STRING, f, "hash_type",OVAL_DATATYPE_STRING, h, NULL); probe_item_add_msg(itm, OVAL_MESSAGE_LEVEL_ERROR, "Can't open \"%s\": errno=%d, %s.", pbuf, errno, strerror (errno)); probe_item_setstatus(itm, SYSCHAR_STATUS_ERROR); } else { uint8_t hash_dst[1025]; size_t hash_dstlen = sizeof hash_dst; char hash_str[2051]; crapi_alg_t hash_type; hash_type = oscap_string_to_enum(CRAPI_ALG_MAP, h); hash_dstlen = oscap_string_to_enum(CRAPI_ALG_MAP_SIZE, h); /* * Compute hash value */ if (crapi_mdigest_fd (fd, 1, hash_type, hash_dst, &hash_dstlen) != 0) { close (fd); return (-1); } close (fd); hash_str[0] = '\0'; mem2hex (hash_dst, hash_dstlen, hash_str, sizeof hash_str); /* * Create and add the item */ itm = probe_item_create(OVAL_INDEPENDENT_FILE_HASH58, NULL, "filepath", OVAL_DATATYPE_STRING, pbuf, "path", OVAL_DATATYPE_STRING, p, "filename", OVAL_DATATYPE_STRING, f, "hash_type",OVAL_DATATYPE_STRING, h, "hash", OVAL_DATATYPE_STRING, hash_str, NULL); if (hash_dstlen == 0) { probe_item_add_msg(itm, OVAL_MESSAGE_LEVEL_ERROR, "Unable to compute %s hash value of \"%s\".", h, pbuf); probe_item_setstatus(itm, SYSCHAR_STATUS_ERROR); } } probe_item_collect(ctx, itm); return (0); }
int probe_main(probe_ctx *ctx, void *mutex) { LDAP *ldp; LDAPMessage *ldpres, *entry; SEXP_t *se_ldap_behaviors = NULL, *se_relative_dn = NULL; SEXP_t *se_suffix = NULL, *se_attribute = NULL; SEXP_t *sa_scope, *sv_op; SEXP_t *item; SEXP_t *probe_in; char *relative_dn = NULL; char *suffix = NULL, *xattribute = NULL; char *uri_list, *uri, *uri_save, *attr; int scope; char base[2048]; char *attrs[3]; bool a_pattern_match = false, rdn_pattern_match = false; /* runtime */ #if defined(PROBE_LDAP_MUTEX) assume_r(mutex != NULL, PROBE_EINIT); #endif probe_in = probe_ctx_getobject(ctx); se_ldap_behaviors = probe_obj_getent(probe_in, "behaviors", 1); if (se_ldap_behaviors != NULL) { sa_scope = probe_ent_getattrval(se_ldap_behaviors, "scope"); SEXP_free(se_ldap_behaviors); if (sa_scope == NULL) { dE("Atrribute `scope' is missing!"); return (PROBE_ENOATTR); } if (!SEXP_stringp(sa_scope)) { dE("Invalid value type of the `scope' attribute."); SEXP_free(sa_scope); return (PROBE_EINVAL); } if (SEXP_strcmp(sa_scope, "ONE") == 0) scope = LDAP_SCOPE_ONELEVEL; else if (SEXP_strcmp(sa_scope, "BASE") == 0) scope = LDAP_SCOPE_BASE; else if (SEXP_strcmp(sa_scope, "SUBTREE") == 0) scope = LDAP_SCOPE_SUBTREE; else { dE("Invalid value of the `scope' attribute."); SEXP_free(sa_scope); return (PROBE_EINVAL); } SEXP_free(sa_scope); } else scope = LDAP_SCOPE_BASE; #define get_string(dst, se_dst, obj, ent_name) \ do { \ SEXP_t *__sval; \ \ __sval = probe_obj_getentval (obj, ent_name, 1); \ \ if (__sval != NULL) { \ (dst) = SEXP_string_cstr (__sval); \ \ if ((dst) == NULL) { \ SEXP_free(__sval); \ return (PROBE_EINVAL); \ } \ \ (se_dst) = __sval; \ } else { \ return (PROBE_ENOATTR); \ } \ } while (0) get_string(suffix, se_suffix, probe_in, "suffix"); get_string(relative_dn, se_relative_dn, probe_in, "relative_dn"); get_string(xattribute, se_attribute, probe_in, "attribute"); if ((sv_op = probe_ent_getattrval(se_relative_dn, "operation")) != NULL) { if (SEXP_number_geti_32(sv_op) == OVAL_OPERATION_PATTERN_MATCH) rdn_pattern_match = true; SEXP_free(sv_op); } if ((sv_op = probe_ent_getattrval(se_attribute, "operation")) != NULL) { if (SEXP_number_geti_32(sv_op) == OVAL_OPERATION_PATTERN_MATCH) a_pattern_match = true; SEXP_free(sv_op); } /* * Construct the attribute array for ldap_search_* * * nil -> "1.1" * .* -> "*" * "foo" -> "foo" */ attrs[0] = "objectClass"; if (xattribute == NULL) attrs[1] = strdup("1.1"); /* no attibutes */ else if (a_pattern_match) attrs[1] = strdup("*"); /* collect all, we'll filter them afterwards */ else attrs[1] = xattribute; /* no pattern match, use the string directly */ attrs[2] = NULL; /* * Construct `base' */ assume_r(((relative_dn ? strlen(relative_dn) : 0) + ( suffix ? strlen(suffix) : 0) + 2) < (sizeof base/sizeof(char)), PROBE_ERANGE); if (relative_dn != NULL) { strcpy(base, relative_dn); strcat(base, ","); strcat(base, suffix); } else strcpy(base, suffix); /* * Get URIs */ if (ldap_get_option(NULL, LDAP_OPT_URI, &uri_list) != LDAP_OPT_SUCCESS) { item = probe_item_creat("ldap57_item", NULL, NULL); probe_item_setstatus(item, SYSCHAR_STATUS_ERROR); probe_item_collect(ctx, item); dE("ldap_get_option failed"); goto fail0; } /* * Query each URI */ for (;;) { char *entry_dn = NULL; if ((uri = strtok_r(uri_list, " ,", &uri_save)) == NULL) break; ldp = NULL; if (ldap_initialize(&ldp, uri) != LDAP_SUCCESS) continue; if (ldap_search_ext_s(ldp, base, scope, NULL, attrs, 0, NULL /* serverctrls */, NULL /* clientctrls */, NULL /* timeout */, 0, &ldpres) != LDAP_SUCCESS) { item = probe_item_creat("ldap57_item", NULL, NULL); probe_item_setstatus(item, SYSCHAR_STATUS_ERROR); probe_item_collect(ctx, item); dE("ldap_search_ext_s failed"); goto fail0; } entry = ldap_first_entry(ldp, ldpres); entry_dn = ldap_get_dn(ldp, entry); while (entry != NULL) { BerElement *berelm = NULL; attr = ldap_first_attribute(ldp, entry, &berelm); /* XXX: pattern match filter */ while (attr != NULL) { SEXP_t *se_value = NULL; ber_tag_t bertag = LBER_DEFAULT; ber_len_t berlen = 0; Sockbuf *berbuf = NULL; SEXP_t se_tmp_mem; berbuf = ber_sockbuf_alloc(); /* * Prepare the value (record) entity. Collect only * primitive (i.e. simple) types. */ se_value = probe_ent_creat1("value", NULL, NULL); probe_ent_setdatatype(se_value, OVAL_DATATYPE_RECORD); /* * XXX: does ber_get_next() return LBER_ERROR after the last value? */ while ((bertag = ber_get_next(berbuf, &berlen, berelm)) != LBER_ERROR) { SEXP_t *field = NULL; oval_datatype_t field_type = OVAL_DATATYPE_UNKNOWN; switch(bertag & LBER_ENCODING_MASK) { case LBER_PRIMITIVE: dI("Found primitive value, bertag = %u", bertag); break; case LBER_CONSTRUCTED: dW("Don't know how to handle LBER_CONSTRUCTED values"); /* FALLTHROUGH */ default: dW("Skipping attribute value, bertag = %u", bertag); continue; } assume_d(bertag & LBER_PRIMITIVE, NULL); switch(bertag & LBER_BIG_TAG_MASK) { case LBER_BOOLEAN: { /* LDAPTYPE_BOOLEAN */ ber_int_t val = -1; if (ber_get_boolean(berelm, &val) == LBER_ERROR) { dW("ber_get_boolean: LBER_ERROR"); /* XXX: set error status on field */ continue; } assume_d(val != -1, NULL); field = probe_ent_creat1("field", NULL, SEXP_number_newb_r(&se_tmp_mem, (bool)val)); field_type = OVAL_DATATYPE_BOOLEAN; SEXP_free_r(&se_tmp_mem); } break; case LBER_INTEGER: { /* LDAPTYPE_INTEGER */ ber_int_t val = -1; if (ber_get_int(berelm, &val) == LBER_ERROR) { dW("ber_get_int: LBER_ERROR"); /* XXX: set error status on field */ continue; } field = probe_ent_creat1("field", NULL, SEXP_number_newi_r(&se_tmp_mem, (int)val)); field_type = OVAL_DATATYPE_INTEGER; SEXP_free_r(&se_tmp_mem); } break; case LBER_BITSTRING: /* LDAPTYPE_BIT_STRING */ dW("LBER_BITSTRING: not implemented"); continue; case LBER_OCTETSTRING: { /* * LDAPTYPE_PRINTABLE_STRING * LDAPTYPE_NUMERIC_STRING * LDAPTYPE_DN_STRING * LDAPTYPE_BINARY (?) */ char *val = NULL; if (ber_get_stringa(berelm, &val) == LBER_ERROR) { dW("ber_get_stringa: LBER_ERROR"); /* XXX: set error status on field */ continue; } assume_d(val != NULL, NULL); field = probe_ent_creat1("field", NULL, SEXP_string_new_r(&se_tmp_mem, val, strlen(val))); field_type = OVAL_DATATYPE_STRING; SEXP_free_r(&se_tmp_mem); ber_memfree(val); } break; case LBER_NULL: /* XXX: no equivalent LDAPTYPE_? or empty */ dI("LBER_NULL: skipped"); continue; case LBER_ENUMERATED: /* XXX: no equivalent LDAPTYPE_? */ dW("Don't know how to handle LBER_ENUMERATED type"); continue; default: dW("Unknown attribute value type, bertag = %u", bertag); continue; } if (field != NULL) { assume_d(field_type != OVAL_DATATYPE_UNKNOWN, NULL); probe_ent_setdatatype(field, field_type); probe_ent_attr_add(field, "name", SEXP_string_new_r(&se_tmp_mem, attr, strlen(attr))); SEXP_list_add(se_value, field); SEXP_free_r(&se_tmp_mem); SEXP_free(field); } } ber_sockbuf_free(berbuf); /* * Create the item */ item = probe_item_create(OVAL_INDEPENDENT_LDAP57, NULL, "suffix", OVAL_DATATYPE_STRING, suffix, "relative_dn", OVAL_DATATYPE_STRING, relative_dn, /* XXX: pattern match */ "attribute", OVAL_DATATYPE_STRING, attr, "object_class", OVAL_DATATYPE_STRING, "", "ldaptype", OVAL_DATATYPE_STRING, "", NULL); SEXP_list_add(item, se_value); SEXP_free(se_value); probe_item_collect(ctx, item); attr = ldap_next_attribute(ldp, entry, berelm); } ber_free(berelm, 0); ldap_memfree(entry_dn); entry = ldap_next_entry(ldp, entry); entry_dn = ldap_get_dn(ldp, entry); } /* * Close the LDAP connection and free resources */ ldap_unbind_ext_s(ldp, NULL, NULL); } ldap_memfree(uri_list); fail0: SEXP_free(se_suffix); SEXP_free(se_relative_dn); SEXP_free(se_attribute); free(suffix); free(relative_dn); free(attrs[1]); /* attribute */ return (0); }
static int filehash_cb (const char *p, const char *f, void *ptr, const SEXP_t *filters) { SEXP_t *itm, *r0, *r1; SEXP_t *cobj = (SEXP_t *) ptr; char pbuf[PATH_MAX+1]; size_t plen, flen; int fd; if (f == NULL) return (0); /* * Prepare path */ plen = strlen (p); flen = strlen (f); if (plen + flen + 1 > PATH_MAX) return (-1); memcpy (pbuf, p, sizeof (char) * plen); if (p[plen - 1] != FILE_SEPARATOR) { pbuf[plen] = FILE_SEPARATOR; ++plen; } memcpy (pbuf + plen, f, sizeof (char) * flen); pbuf[plen+flen] = '\0'; /* * Open the file */ fd = open (pbuf, O_RDONLY); if (fd < 0) { itm = probe_item_create(OVAL_INDEPENDENT_FILE_MD5, NULL, "filepath", OVAL_DATATYPE_STRING, pbuf, "path", OVAL_DATATYPE_STRING, p, "filename", OVAL_DATATYPE_STRING, f, NULL); probe_item_add_msg(itm, OVAL_MESSAGE_LEVEL_ERROR, "Can't get context for %s: %s\n", pbuf, strerror(errno)); probe_item_setstatus(itm, SYSCHAR_STATUS_ERROR); } else { uint8_t md5_dst[16]; size_t md5_dstlen = sizeof md5_dst; char md5_str[32+1]; /* * Compute hash values */ if (crapi_digest_fd (fd, CRAPI_DIGEST_MD5, &md5_dst, &md5_dstlen) != 0) { close (fd); return (-1); } close (fd); mem2hex (md5_dst, sizeof md5_dst, md5_str, sizeof md5_str); /* * Create and add the item */ itm = probe_item_create(OVAL_INDEPENDENT_FILE_MD5, NULL, "filepath", OVAL_DATATYPE_STRING, pbuf, "path", OVAL_DATATYPE_STRING, p, "filename", OVAL_DATATYPE_STRING, f, "md5", OVAL_DATATYPE_STRING, md5_str, NULL); } probe_cobj_add_item(cobj, itm, filters); SEXP_free (itm); return (0); }