Example #1
0
static int unit_callback(const char *unit, void *cbarg)
{
	struct unit_callback_vars *vars = (struct unit_callback_vars *)cbarg;
	SEXP_t *se_unit = SEXP_string_new(unit, strlen(unit));

	if (probe_entobj_cmp(vars->unit_entity, se_unit) != OVAL_RESULT_TRUE) {
		/* Do nothing, continue with the next unit */
		SEXP_free(se_unit);
		return 0;
	}

	vars->se_unit = se_unit;
	vars->se_property = NULL;
	vars->item = NULL;

	char *unit_path = get_path_by_unit(vars->dbus_conn, unit);

	if (unit_path == NULL) {
		return 1;
	}

	get_all_properties_by_unit_path(vars->dbus_conn, unit_path,
					property_callback, vars);

	if (vars->item != NULL) {
		probe_item_collect(vars->ctx, vars->item);
		vars->item = NULL;
		SEXP_free(vars->se_property);
		vars->se_property = NULL;
	}

	SEXP_free(se_unit);
	return 0;
}
Example #2
0
static SEXP_t *oval_behaviors_to_sexp(struct oval_behavior_iterator *bit)
{
	char *attr_name, *attr_val;
	SEXP_t *elm_name;
	SEXP_t *r0;

	struct oval_behavior *behavior;

	elm_name = SEXP_list_new(r0 = SEXP_string_newf("behaviors"), NULL);
	SEXP_free(r0);

	while (oval_behavior_iterator_has_more(bit)) {
		behavior = oval_behavior_iterator_next(bit);
		attr_name = oval_behavior_get_key(behavior);
		attr_val = oval_behavior_get_value(behavior);

		SEXP_list_add(elm_name, r0 = SEXP_string_newf(":%s", attr_name));
		SEXP_free(r0);

		if (attr_val != NULL) {
			SEXP_list_add(elm_name, r0 = SEXP_string_new(attr_val, strlen(attr_val)));
			SEXP_free(r0);
		}
	}

	r0 = SEXP_list_new(elm_name, NULL);
	SEXP_free(elm_name);

	return (r0);
}
Example #3
0
static int collect_item(struct route_info *rt, probe_ctx *ctx)
{
	SEXP_t *item, *rt_dst;
        oval_datatype_t addr_type;

	rt_dst = SEXP_string_new(rt->ip_dst, strlen(rt->ip_dst));

	if (probe_entobj_cmp(rt->ip_dst_ent, rt_dst) != OVAL_RESULT_TRUE) {
		SEXP_free(rt_dst);
		return 0;
	}

        addr_type = rt->ip_version == 4 ? OVAL_DATATYPE_IPV4ADDR : OVAL_DATATYPE_IPV6ADDR;
	
	/* create the item */
	item = probe_item_create(OVAL_UNIX_ROUTINGTABLE, NULL,
				"destination",    addr_type, rt->ip_dst,
				"gateway",        addr_type, rt->ip_gw,
				"flags",          OVAL_DATATYPE_STRING_M, rt->rt_flags,
				"interface_name", OVAL_DATATYPE_STRING,   rt->if_name,
				NULL);

        SEXP_free(rt_dst);
	return probe_item_collect(ctx, item) == 2 ? 1 : 0;
}
Example #4
0
int probe_main (probe_ctx *ctx, void *arg)
{
        SEXP_t *object;
        struct runlevel_req request_st;
        struct runlevel_rep *reply_st = NULL;

        object = probe_ctx_getobject(ctx);

	request_st.service_name_ent = probe_obj_getent(object, "service_name", 1);
	if (request_st.service_name_ent == NULL) {
		dI("%s: element not found", "service_name");

		return PROBE_ENOELM;
	}

	request_st.runlevel_ent = probe_obj_getent(object, "runlevel", 1);
	if (request_st.runlevel_ent == NULL) {
		SEXP_free(request_st.service_name_ent);
		dI("%s: element not found", "runlevel");

		return PROBE_ENOELM;
	}

	if (get_runlevel(&request_st, &reply_st) == -1) {
		SEXP_t *msg;

		msg = probe_msg_creat(OVAL_MESSAGE_LEVEL_ERROR, "get_runlevel failed.");
		probe_cobj_add_msg(probe_ctx_getresult(ctx), msg);
		SEXP_free(msg);
		probe_cobj_set_flag(probe_ctx_getresult(ctx), SYSCHAR_FLAG_ERROR);
	} else {
		struct runlevel_rep *next_rep;
		SEXP_t *item;

		while (reply_st != NULL) {
			dI("get_runlevel: [0]=\"%s\", [1]=\"%s\", [2]=\"%d\", [3]=\"%d\"",
			   reply_st->service_name, reply_st->runlevel, reply_st->start, reply_st->kill);

                        item = probe_item_create(OVAL_UNIX_RUNLEVEL, NULL,
                                                 "service_name", OVAL_DATATYPE_STRING,  reply_st->service_name,
                                                 "runlevel",     OVAL_DATATYPE_STRING,  reply_st->runlevel,
                                                 "start",        OVAL_DATATYPE_BOOLEAN, reply_st->start,
                                                 "kill",         OVAL_DATATYPE_BOOLEAN, reply_st->kill,
                                                 NULL);

                        probe_item_collect(ctx, item);

			next_rep = reply_st->next;
			oscap_free(reply_st->service_name);
			oscap_free(reply_st->runlevel);
			oscap_free(reply_st);
			reply_st = next_rep;
		}
        }

        SEXP_free(request_st.runlevel_ent);
        SEXP_free(request_st.service_name_ent);

	return 0;
}
Example #5
0
static SEXP_t *oval_probe_cmd_obj_eval(SEXP_t *sexp, void *arg)
{
	char *id_str;
	struct oval_definition_model *defs;
	struct oval_object  *obj;
	struct oval_syschar *res;
	oval_pext_t *pext = (oval_pext_t *) arg;
	SEXP_t *ret, *ret_code;
	int r;

	if (sexp == NULL || arg == NULL) {
		return NULL;
	}

	if (!SEXP_stringp(sexp)) {
		dE("Invalid argument: type=%s.", SEXP_strtype(sexp));
		return (NULL);
	}

	id_str = SEXP_string_cstr(sexp);
	defs   = oval_syschar_model_get_definition_model(*(pext->model));
	obj    = oval_definition_model_get_object(defs, id_str);
	ret    = SEXP_list_new (sexp, NULL);

	dI("Get_object: %s.", id_str);

	if (obj == NULL) {
		dE("Can't find obj: id=%s.", id_str);
		free(id_str);
                SEXP_free(ret);

		return (NULL);
	}

	oscap_clearerr();
	r = oval_probe_query_object(pext->sess_ptr, obj, OVAL_PDFLAG_NOREPLY|OVAL_PDFLAG_SLAVE, &res);
	if (r < 0)
		ret_code = SEXP_number_newu((unsigned int) SYSCHAR_FLAG_COMPLETE);
	else
		ret_code = SEXP_number_newu((unsigned int) oval_syschar_get_flag(res));

	SEXP_list_add(ret, ret_code);
	SEXP_free(ret_code);

	if (oscap_err()) {
		dE("Failed: id: %s, err: %d, %s.",
			       id_str, oscap_err_family(), oscap_err_desc());
		oscap_clearerr();
		free(id_str);
		SEXP_free(ret);

		return (NULL);
	}

	free(id_str);

	return (ret);
}
Example #6
0
static SEXP_t *oval_entity_to_sexp(struct oval_entity *ent)
{
	SEXP_t *elm, *elm_name;
	SEXP_t *r0, *r1, *r2;
	oval_datatype_t datatype;
	oval_entity_varref_type_t vr_type;

	elm_name = SEXP_list_new(r0 = SEXP_string_newf("%s", oval_entity_get_name(ent)),
				 /* operation */
				 r1 = SEXP_string_new(":operation", 10),
				 r2 = SEXP_number_newu_32(oval_entity_get_operation(ent)), NULL);
	SEXP_vfree(r0, r1, r2, NULL);

        if (oval_entity_get_mask(ent)) {
            SEXP_list_add(elm_name, r0 = SEXP_string_new("mask", 4));
            SEXP_free(r0);
        }

	elm = SEXP_list_new(NULL);
	datatype = oval_entity_get_datatype(ent);
	probe_ent_setdatatype(elm, datatype);

	vr_type = oval_entity_get_varref_type(ent);
	if (vr_type == OVAL_ENTITY_VARREF_ATTRIBUTE
	    || vr_type == OVAL_ENTITY_VARREF_ELEMENT) {
		/* var_ref */
		struct oval_variable *var;

		var = oval_entity_get_variable(ent);
		SEXP_list_add(elm_name, r0 = SEXP_string_new(":var_ref", 8));
		SEXP_list_add(elm_name, r1 = SEXP_string_newf("%s", oval_variable_get_id(var)));
		SEXP_list_add(elm, elm_name);
		SEXP_vfree(r0, r1, elm_name, NULL);
	} else {
		/* value */
		struct oval_value *val;

		SEXP_list_add(elm, elm_name);
		SEXP_free(elm_name);
		val = oval_entity_get_value(ent);

		if (datatype != OVAL_DATATYPE_RECORD
		    && val != NULL) {
			SEXP_t *val_sexp;

			val_sexp = oval_value_to_sexp(val, datatype);
			if (val_sexp != NULL) {
				SEXP_list_add(elm, val_sexp);
				SEXP_free(val_sexp);
			}
		}
	}

	return (elm);
}
Example #7
0
static int read_packet(llist *l, probe_ctx *ctx, oval_schema_version_t over)
{
	int line = 0;
	FILE *f;
	char buf[256];

	void *s;
	int refcnt, sk_type, ifindex, running;
	unsigned long inode;
	unsigned rmem, uid, proto_num;
	struct interface_t interface;


	f = fopen("/proc/net/packet", "rt");
	if (f == NULL) {
		if (errno != ENOENT)
			return 1;
		else
			return 0;
	}
	__fsetlocking(f, FSETLOCKING_BYCALLER);
	while (fgets(buf, sizeof(buf), f)) {
		if (line == 0) {
			line++;
			continue;
		}
		/* follow structure from net/packet/af_packet.c */
		sscanf(buf,
			"%p %d %d %04x %d %d %u %u %lu\n",
			&s, &refcnt, &sk_type, &proto_num, &ifindex, &running, &rmem, &uid, &inode
		);
		if (list_find_inode(l, inode) && get_interface(ifindex, &interface)) {
			struct result_info r;
			SEXP_t *r0;
			dI("Have interface_name: %s, hw_address: %s\n",
					interface.interface_name, interface.hw_address);

			r0 = SEXP_string_newf("%s", interface.interface_name);
			if (probe_entobj_cmp(interface_name_ent, r0) != OVAL_RESULT_TRUE) {
				SEXP_free(r0);
				continue;
			}
			SEXP_free(r0);

			r.interface_name = interface.interface_name;
			r.protocol = oscap_enum_to_string(ProtocolType, proto_num);
			r.hw_address = interface.hw_address;
			report_finding(&r, l, ctx, over);
		}
	}
	fclose(f);
	return 0;
}
Example #8
0
/**
 * Collect an item
 * This function adds an item the collected object assosiated
 * with the given probe context.
 *
 * Returns:
 * 0 ... the item was succesfully added to the collected object
 * 1 ... the item was filtered out
 * 2 ... the item was not added because of memory constraints
 *       and the collected object was flagged as incomplete
 *-1 ... unexpected/internal error
 *
 * The caller must not free the item, it's freed automatically
 * by this function or by the icache worker thread.
 */
int probe_item_collect(struct probe_ctx *ctx, SEXP_t *item)
{
	SEXP_t *cobj_content;
	size_t  cobj_itemcnt;

	assume_d(ctx != NULL, -1);
	assume_d(ctx->probe_out != NULL, -1);
	assume_d(item != NULL, -1);

	cobj_content = SEXP_listref_nth(ctx->probe_out, 3);
	cobj_itemcnt = SEXP_list_length(cobj_content);
	SEXP_free(cobj_content);

	if (probe_cobj_memcheck(cobj_itemcnt) != 0) {

		/*
		 * Don't set the message again if the collected object is
		 * already flagged as incomplete.
		 */
		if (probe_cobj_get_flag(ctx->probe_out) != SYSCHAR_FLAG_INCOMPLETE) {
			SEXP_t *msg;
			/*
			 * Sync with the icache thread before modifying the
			 * collected object.
			 */
			if (probe_icache_nop(ctx->icache) != 0)
				return -1;

			msg = probe_msg_creat(OVAL_MESSAGE_LEVEL_WARNING,
			                      "Object is incomplete due to memory constraints.");

			probe_cobj_add_msg(ctx->probe_out, msg);
			probe_cobj_set_flag(ctx->probe_out, SYSCHAR_FLAG_INCOMPLETE);

			SEXP_free(msg);
		}

		return 2;
	}

        if (ctx->filters != NULL && probe_item_filtered(item, ctx->filters)) {
                SEXP_free(item);
		return (1);
        }

        if (probe_icache_add(ctx->icache, ctx->probe_out, item) != 0) {
                dE("Can't add item (%p) to the item cache (%p)", item, ctx->icache);
                SEXP_free(item);
                return (-1);
        }

        return (0);
}
Example #9
0
int probe_main (probe_ctx *ctx, void *arg)
{
        SEXP_t *probe_in, *name_ent, *file_ent, *bh_ent;
        char   file[PATH_MAX];
        size_t file_len = sizeof file;
        char   name[64];
        size_t name_len = sizeof name;
        oval_operation_t name_op, file_op;
        uint64_t collect_flags = 0;
        unsigned int i;

	// If probe_init() failed it's because there was no rpm config files
	if (arg == NULL) {
		probe_cobj_set_flag(probe_ctx_getresult(ctx), SYSCHAR_FLAG_NOT_APPLICABLE);
		return 0;
	}

        /*
         * Get refs to object entities
         */
        probe_in = probe_ctx_getobject(ctx);
        name_ent = probe_obj_getent(probe_in, "name", 1);
        file_ent = probe_obj_getent(probe_in, "filepath", 1);

        if (name_ent == NULL || file_ent == NULL) {
                dE("Missing \"name\" (%p) or \"filepath\" (%p) entity", name_ent, file_ent);

                SEXP_free(name_ent);
                SEXP_free(file_ent);

                return (PROBE_ENOENT);
        }

        /*
         * Extract the requested operation for each entity
         */
        name_op = probe_ent_getoperation(name_ent, OVAL_OPERATION_EQUALS);
        file_op = probe_ent_getoperation(file_ent, OVAL_OPERATION_EQUALS);

        if (name_op == OVAL_OPERATION_UNKNOWN ||
            file_op == OVAL_OPERATION_UNKNOWN)
        {
                SEXP_free(name_ent);
                SEXP_free(file_ent);

                return (PROBE_EINVAL);
        }

        /*
         * Extract entity values
         */
        PROBE_ENT_STRVAL(name_ent, name, name_len, /* void */, strcpy(name, ""););
Example #10
0
static int oval_varref_elm_to_sexp(void *sess, struct oval_variable *var, oval_datatype_t dt, SEXP_t **out_sexp, struct oval_syschar *syschar)
{
	SEXP_t *val_lst;
	struct oval_value_iterator *val_itr;
	oval_syschar_collection_flag_t flag;

	if (oval_probe_query_variable(sess, var) != 0)
		return -1;

	flag = oval_variable_get_collection_flag(var);
	if (flag == SYSCHAR_FLAG_DOES_NOT_EXIST) {
		char msg[100];
		snprintf(msg, sizeof(msg), "Referenced variable has no values (%s).", oval_variable_get_id(var));
		dI("%s", msg);
		if (syschar != NULL)  {
			oval_syschar_add_new_message(syschar, msg, OVAL_MESSAGE_LEVEL_WARNING);
			oval_syschar_set_flag(syschar, SYSCHAR_FLAG_DOES_NOT_EXIST);
		}
		return 1;
	}
	if (flag != SYSCHAR_FLAG_COMPLETE
	    && flag != SYSCHAR_FLAG_INCOMPLETE) {
		*out_sexp = SEXP_list_new(NULL);
		return 0;
	}

	val_lst = SEXP_list_new(NULL);

	val_itr = oval_variable_get_values(var);
	while (oval_value_iterator_has_more(val_itr)) {
		struct oval_value *val;
		SEXP_t *vs;

		val = oval_value_iterator_next(val_itr);
		vs = oval_value_to_sexp(val, dt);
		if (vs == NULL) {
			oscap_seterr(OSCAP_EFAMILY_OVAL, "Failed to convert OVAL value to SEXP: "
                                       "datatype: %s, text: %s.", oval_datatype_get_text(dt),
                                       oval_value_get_text(val));
			oval_value_iterator_free(val_itr);
			SEXP_free(val_lst);
			return -1;
		}
		SEXP_list_add(val_lst, vs);
		SEXP_free(vs);
	}
	oval_value_iterator_free(val_itr);

	*out_sexp = val_lst;
	return 0;
}
Example #11
0
static SEXP_t *oval_probe_cmd_ste_fetch(SEXP_t *sexp, void *arg)
{
	SEXP_t *id, *ste_list, *ste_sexp;
	char *id_str;
	struct oval_state *ste;
	struct oval_definition_model *definition_model;
	oval_pext_t *pext = (oval_pext_t *)arg;
	int ret;

	if (sexp == NULL || arg == NULL) {
		return NULL;
	}

	ste_list = SEXP_list_new(NULL);

	SEXP_list_foreach(id, sexp) {
		if (SEXP_stringp(id)) {
			id_str = SEXP_string_cstr(id);
			definition_model = oval_syschar_model_get_definition_model(*(pext->model));
			ste = oval_definition_model_get_state(definition_model, id_str);

			if (ste == NULL) {
				dE("Can't find ste: id: %s.", id_str);
				SEXP_list_free(ste_list);
				free(id_str);
                                SEXP_free(id);

				return (NULL);
			}

			ret = oval_state_to_sexp(pext->sess_ptr, ste, &ste_sexp);
			if (ret !=0) {
				dE("Failed to convert OVAL state to SEXP, id: %s.",
					       id_str);
				SEXP_list_free(ste_list);
				free(id_str);
                                SEXP_free(id);

				return (NULL);
			}

			SEXP_list_add(ste_list, ste_sexp);
                        SEXP_free(ste_sexp);

			free(id_str);
		}
	}

	return (ste_list);
}
Example #12
0
void SEAP_error_free(SEAP_err_t *e)
{
	if (e->data == NULL)
		SEXP_free(e->data);
	free(e);
	return;
}
Example #13
0
int probe_main(probe_ctx *ctx, void *probe_arg)
{
	SEXP_t *unit_entity, *probe_in, *property_entity;
	oval_version_t oval_version;

	probe_in = probe_ctx_getobject(ctx);
	oval_version = probe_obj_get_schema_version(probe_in);

	if (oval_version_cmp(oval_version, OVAL_VERSION(5.11)) < 0) {
		// OVAL 5.10 and less
		return PROBE_EOPNOTSUPP;
	}

	unit_entity = probe_obj_getent(probe_in, "unit", 1);
	property_entity = probe_obj_getent(probe_in, "property", 1);

	DBusError dbus_error;
	DBusConnection *dbus_conn;

	dbus_error_init(&dbus_error);
	dbus_conn = connect_dbus();

	if (dbus_conn == NULL) {
		dbus_error_free(&dbus_error);
		SEXP_free(property_entity);
		SEXP_free(unit_entity);
		return PROBE_ESYSTEM;
	}

	struct unit_callback_vars vars;

	vars.dbus_conn = dbus_conn;
	vars.ctx = ctx;
	vars.unit_entity = unit_entity;
	vars.property_entity = property_entity;

	get_all_systemd_units(dbus_conn, unit_callback, &vars);

	SEXP_free(unit_entity);
	SEXP_free(property_entity);
	dbus_error_free(&dbus_error);
	disconnect_dbus(dbus_conn);

	return 0;
}
Example #14
0
int probe_main(probe_ctx *ctx, void *arg)
{
	SEXP_t *ent;

	ent = probe_obj_getent(probe_ctx_getobject(ctx), "command", 1);
	if (ent == NULL) {
		return PROBE_ENOVAL;
	}

	if (read_process(ent, ctx)) {
		SEXP_free(ent);
		return PROBE_EACCESS;
	}

	SEXP_free(ent);

	return 0;
}
Example #15
0
static bool accesstoken_behaviors_get_resolve_group(SEXP_t *behaviors_ent)
{
	bool resolve_group = false; // Default value of resolve_group behaviors
	if (behaviors_ent != NULL && probe_ent_attrexists(behaviors_ent, "resolve_group")) {
		SEXP_t *resolve_group_attrval = probe_ent_getattrval(behaviors_ent, "resolve_group");
		resolve_group = SEXP_string_getb(resolve_group_attrval);
		SEXP_free(resolve_group_attrval);
	}
	return resolve_group;
}
Example #16
0
static bool accesstoken_behaviors_get_include_group(SEXP_t *behaviors_ent)
{
	bool include_group = true; // Default value of include_group behaviors
	if (behaviors_ent != NULL && probe_ent_attrexists(behaviors_ent, "include_group")) {
		SEXP_t *include_group_attrval = probe_ent_getattrval(behaviors_ent, "include_group");
		include_group = SEXP_string_getb(include_group_attrval);
		SEXP_free(include_group_attrval);
	}
	return include_group;
}
Example #17
0
int probe_main(probe_ctx *ctx, void *arg)
{
	SEXP_t *obj, *ent;

	obj = probe_ctx_getobject(ctx);
	over = probe_obj_get_schema_version(obj);
	ent = probe_obj_getent(obj, "command", 1);
	if (ent == NULL) {
		return PROBE_ENOVAL;
	}

	if (read_process(ent, ctx)) {
		SEXP_free(ent);
		return PROBE_EACCESS;
	}

	SEXP_free(ent);

	return 0;
}
Example #18
0
static struct oval_message *oval_sexp_to_msg(const SEXP_t *msg)
{
	struct oval_message *message;
	SEXP_t *r0;
	oval_message_level_t lvl;
	char *str;

	message = oval_message_new();
	r0 = SEXP_list_first(msg);
	lvl = SEXP_number_getu(r0);
	SEXP_free(r0);
	oval_message_set_level(message, lvl);
	r0 = SEXP_list_nth(msg, 2);
	str = SEXP_string_cstr(r0);
	SEXP_free(r0);
	oval_message_set_text(message, str);
	free(str);

	return message;
}
Example #19
0
static SEXP_t *oval_record_field_STATE_to_sexp(struct oval_record_field *rf)
{
	struct oval_entity *rf_ent;
	struct oval_variable *var;
	oval_check_t ochk;
	oval_datatype_t dt;
	SEXP_t *rf_sexp, *r0;

	rf_ent = oval_entity_new(NULL);
	oval_entity_set_name(rf_ent, oval_record_field_get_name(rf));
	oval_entity_set_operation(rf_ent, oval_record_field_get_operation(rf));
	dt = oval_record_field_get_datatype(rf);
	oval_entity_set_datatype(rf_ent, dt);

	var = oval_record_field_get_variable(rf);
	if (var != NULL) {
		oval_entity_set_varref_type(rf_ent, OVAL_ENTITY_VARREF_ATTRIBUTE);
		oval_entity_set_variable(rf_ent, var);
	} else {
		struct oval_value *val;

		val = oval_value_new(dt, oval_record_field_get_value(rf));
		oval_entity_set_value(rf_ent, val);
	}

	rf_sexp = oval_entity_to_sexp(rf_ent);

	ochk = oval_record_field_get_var_check(rf);
	if (ochk != OVAL_CHECK_UNKNOWN) {
		probe_ent_attr_add(rf_sexp, "var_check", r0 = SEXP_number_newu_32(ochk));
		SEXP_free(r0);
	}
	ochk = oval_record_field_get_ent_check(rf);
	if (ochk != OVAL_CHECK_UNKNOWN) {
		probe_ent_attr_add(rf_sexp, "entity_check", r0 = SEXP_number_newu_32(ochk));
		SEXP_free(r0);
	}

	oval_entity_free(rf_ent);
	return rf_sexp;
}
Example #20
0
int accesstoken_probe_main(probe_ctx *ctx, void *arg)
{
	SEXP_t *probe_in = probe_ctx_getobject(ctx);
	SEXP_t *behaviors_ent = probe_obj_getent(probe_in, "behaviors", 1);
	SEXP_t *security_principle_ent = probe_obj_getent(probe_in, "security_principle", 1);
	SEXP_t *security_principle_val = probe_ent_getval(security_principle_ent);

	bool include_group = accesstoken_behaviors_get_include_group(behaviors_ent);
	bool resolve_group = accesstoken_behaviors_get_resolve_group(behaviors_ent);

	oval_operation_t operation = probe_ent_getoperation(security_principle_ent, OVAL_OPERATION_EQUALS);
	if (operation == OVAL_OPERATION_EQUALS) {
		char *security_principle_str = SEXP_string_cstr(security_principle_val);
		WCHAR *security_principle_wstr = oscap_windows_str_to_wstr(security_principle_str);
		collect_access_rights(ctx, security_principle_wstr, include_group, resolve_group);
		free(security_principle_str);
		free(security_principle_wstr);
	} else {
		struct oscap_list *trustees_list = oscap_list_new();
		get_all_trustee_names(trustees_list);

		struct oscap_iterator *it = oscap_iterator_new(trustees_list);
		while (oscap_iterator_has_more(it)) {
			WCHAR *trustee_wstr = oscap_iterator_next(it);
			char *trustee_str = oscap_windows_wstr_to_str(trustee_wstr);
			SEXP_t *tmp = SEXP_string_new(trustee_str, strlen(trustee_str));
			if (probe_entobj_cmp(security_principle_ent, tmp) == OVAL_RESULT_TRUE) {
				collect_access_rights(ctx, trustee_wstr, include_group, resolve_group);
			}
			free(trustee_str);
			SEXP_free(tmp);
		}
		oscap_iterator_free(it);
		oscap_list_free(trustees_list, free);
	}

	SEXP_free(behaviors_ent);
	SEXP_free(security_principle_ent);
	SEXP_free(security_principle_val);
	return 0;
}
Example #21
0
int probe_main(probe_ctx *ctx, void *arg)
{
	SEXP_t *command_line_ent, *pid_ent;

	command_line_ent = probe_obj_getent(probe_ctx_getobject(ctx), "command_line", 1);
	pid_ent = probe_obj_getent(probe_ctx_getobject(ctx), "pid", 1);
	if (command_line_ent == NULL && pid_ent == NULL) {
		return PROBE_ENOVAL;
	}

	if (read_process(command_line_ent, pid_ent, ctx)) {
		SEXP_free(command_line_ent);
		SEXP_free(pid_ent);
		return PROBE_EACCESS;
	}

	SEXP_free(command_line_ent);
	SEXP_free(pid_ent);

	return 0;
}
Example #22
0
static int eval_data(const char *type, const char *local_address,
	unsigned int local_port)
{
	SEXP_t *r0;

	r0 = SEXP_string_newf("%s", type);
	if (probe_entobj_cmp(req.protocol_ent, r0) != OVAL_RESULT_TRUE) {
		SEXP_free(r0);
		return 0;
	}
	SEXP_free(r0);

	r0 = SEXP_string_newf("%s", local_address);
	if (probe_entobj_cmp(req.local_address_ent, r0) != OVAL_RESULT_TRUE) {
		SEXP_free(r0);
		return 0;
	}
	SEXP_free(r0);

	r0 = SEXP_number_newu_32(local_port);
	if (probe_entobj_cmp(req.local_port_ent, r0) != OVAL_RESULT_TRUE) {
		SEXP_free(r0);
		return 0;
	}
	SEXP_free(r0);

	return 1;
}
Example #23
0
static void probe_icache_free_node(struct rbt_i64_node *n)
{
        probe_citem_t *ci = (probe_citem_t *)n->data;

        while (ci->count > 0) {
                SEXP_free(ci->item[ci->count - 1]);
                --ci->count;
        }

        oscap_free(ci->item);
        oscap_free(ci);
        return;
}
Example #24
0
static int property_callback(const char *property, const char *value, void *cbarg)
{
	struct unit_callback_vars *vars = (struct unit_callback_vars *)cbarg;

	if (vars->se_property != NULL) {
		//
		// Compare the previously matched entity to the current one
		// If they are the same, continue to fill the current item
		// with property values. If not, collect the item and create
		// a new one for the current property.
		//
		if (SEXP_strcmp(vars->se_property, property) == 0) {
			SEXP_t *se_value = SEXP_string_new(value, strlen(value));
			probe_item_ent_add(vars->item, "value", NULL, se_value);
			SEXP_free(se_value);
			return 0;
		} else {
			probe_item_collect(vars->ctx, vars->item);
			vars->item = NULL;
			SEXP_free(vars->se_property);
			vars->se_property = NULL;
		}
	}

	SEXP_t *se_property = SEXP_string_new(property, strlen(property));

	if (probe_entobj_cmp(vars->property_entity, se_property) != OVAL_RESULT_TRUE) {
		SEXP_free(se_property);
		return 0;
	}

	vars->se_property = se_property;
	vars->item = probe_item_create(OVAL_LINUX_SYSTEMDUNITPROPERTY, NULL,
				       "unit", OVAL_DATATYPE_SEXP, vars->se_unit,
				       "property", OVAL_DATATYPE_SEXP, vars->se_property,
				       "value", OVAL_DATATYPE_STRING, value,
				       NULL);
	return 0;
}
Example #25
0
static SEXP_t *create_item(const char *path, const char *filename, char *pattern,
			   int instance, char **substrs, int substr_cnt, oval_schema_version_t over)
{
	int i;
	SEXP_t *item;
        SEXP_t *r0;
	SEXP_t *se_instance, *se_filepath;
	char *text;

        if (strlen(path) + strlen(filename) + 1 > PATH_MAX) {
                dE("path+filename too long");
                return (NULL);
        }

	if (oval_schema_version_cmp(over, OVAL_SCHEMA_VERSION(5.4)) < 0) {
		pattern = text = NULL;
		se_instance = NULL;
	} else {
		text = substrs[0];
		se_instance = SEXP_number_newu_64((int64_t) instance);
	}
	if (oval_schema_version_cmp(over, OVAL_SCHEMA_VERSION(5.6)) < 0) {
		se_filepath = NULL;
	} else {
		const size_t path_len = strlen(path);
		/* Avoid 2 slashes */
		if (path_len >= 1 && path[path_len - 1] == FILE_SEPARATOR) {
			se_filepath = SEXP_string_newf("%s%s", path, filename);
		} else {
			se_filepath = SEXP_string_newf("%s%c%s", path, FILE_SEPARATOR, filename);
		}
	}

        item = probe_item_create(OVAL_INDEPENDENT_TEXT_FILE_CONTENT, NULL,
                                 "filepath", OVAL_DATATYPE_SEXP, se_filepath,
                                 "path",     OVAL_DATATYPE_STRING, path,
                                 "filename", OVAL_DATATYPE_STRING, filename,
                                 "pattern",  OVAL_DATATYPE_STRING, pattern,
                                 "instance", OVAL_DATATYPE_SEXP, se_instance,
                                 "line",     OVAL_DATATYPE_STRING, pattern,
                                 "text",     OVAL_DATATYPE_STRING, substrs[0],
                                 NULL);

	for (i = 1; i < substr_cnt; ++i) {
                probe_item_ent_add (item, "subexpression", NULL, r0 = SEXP_string_new (substrs[i], strlen (substrs[i])));
                SEXP_free (r0);
	}

	return item;
}
Example #26
0
static void probe_icache_item_setID(SEXP_t *item, SEXP_ID_t item_ID)
{
        SEXP_t  *name_ref, *prev_id;
        SEXP_t   uniq_id;
        uint32_t local_id;

        /* ((foo_item :id "<int>") ... ) */

        assume_d(item != NULL, /* void */);
        assume_d(SEXP_listp(item), /* void */);

#if defined(HAVE_ATOMIC_FUNCTIONS)
        local_id = __sync_fetch_and_add(&next_ID, 1);
#else
        if (pthread_mutex_lock(&next_ID_mutex) != 0) {
                dE("Can't lock the next_ID_mutex: %u, %s", errno, strerror(errno));
                abort();
        }

        local_id = ++next_ID;

        if (pthread_mutex_unlock(&next_ID_mutex) != 0) {
                dE("Can't unlock the next_ID_mutex: %u, %s", errno, strerror(errno));
                abort();
        }
#endif
        SEXP_string_newf_r(&uniq_id, "1%05u%u", getpid(), local_id);

        name_ref = SEXP_listref_first(item);
        prev_id  = SEXP_list_replace(name_ref, 3, &uniq_id);

        SEXP_free(prev_id);
        SEXP_free_r(&uniq_id);
        SEXP_free(name_ref);

        return;
}
Example #27
0
int main (void)
{
        SEXP_t *s_exp;
        char   *s1, *s2;

        s1 = "Hello, world!";
        s2 = "abcdefghijklmnopqrstuvwxyz";

        setbuf (stdout, NULL);
        
        s_exp = SEXP_string_new (s1, strlen (s1));
        SEXP_fprintfa (stdout, s_exp);
        putc ('\n', stdout);

        SEXP_free (s_exp);
        
        s_exp = SEXP_string_newf ("s2=%s", s2);
        SEXP_fprintfa (stdout, s_exp);
        putc ('\n', stdout);
        
        SEXP_free (s_exp);
        
        return (0);
}
Example #28
0
static void report_finding(struct result_info *res, llist *l, probe_ctx *ctx)
{
        SEXP_t *item;
        SEXP_t se_lport_mem, se_rport_mem, se_lfull_mem, se_ffull_mem, *se_uid_mem = NULL;
	lnode *n = NULL;

	if (l) {
		n = list_get_cur(l);
	}

	if (n) {
                item = probe_item_create(OVAL_LINUX_INET_LISTENING_SERVER, NULL,
                                 "protocol",             OVAL_DATATYPE_STRING,  res->proto,
                                 "local_address",        OVAL_DATATYPE_STRING,  res->laddr,
				 "local_port",           OVAL_DATATYPE_SEXP, SEXP_number_newu_64_r(&se_lport_mem, res->lport),
                                 "local_full_address",   OVAL_DATATYPE_SEXP,    SEXP_string_newf_r(&se_lfull_mem,
                                                                                                   "%s:%u", res->laddr, res->lport),
                                 "program_name",         OVAL_DATATYPE_STRING,  n->cmd,
                                 "foreign_address",      OVAL_DATATYPE_STRING,  res->raddr,
				 "foreign_port",         OVAL_DATATYPE_SEXP, SEXP_number_newu_64_r(&se_rport_mem, res->rport),
                                 "foreign_full_address", OVAL_DATATYPE_SEXP,    SEXP_string_newf_r(&se_ffull_mem,
                                                                                                   "%s:%u", res->raddr, res->rport),
                                 "pid",                  OVAL_DATATYPE_INTEGER, (int64_t)n->pid,
				 "user_id",              OVAL_DATATYPE_SEXP, se_uid_mem = SEXP_number_newu_64(n->uid),
                                 NULL);
	} else {
                item = probe_item_create(OVAL_LINUX_INET_LISTENING_SERVER, NULL,
                                 "protocol",             OVAL_DATATYPE_STRING,  res->proto,
                                 "local_address",        OVAL_DATATYPE_STRING,  res->laddr,
				 "local_port",           OVAL_DATATYPE_SEXP, SEXP_number_newu_64_r(&se_lport_mem, res->lport),
                                 "local_full_address",   OVAL_DATATYPE_SEXP,    SEXP_string_newf_r(&se_lfull_mem,
                                                                                                   "%s:%u", res->laddr, res->lport),
                                 "foreign_address",      OVAL_DATATYPE_STRING,  res->raddr,
				 "foreign_port",         OVAL_DATATYPE_SEXP, SEXP_number_newu_64_r(&se_rport_mem, res->rport),
                                 "foreign_full_address", OVAL_DATATYPE_SEXP,    SEXP_string_newf_r(&se_ffull_mem,
                                                                                                   "%s:%u", res->raddr, res->rport),
                                 NULL);
	}

        probe_item_collect(ctx, item);

        SEXP_free_r(&se_lport_mem);
        SEXP_free_r(&se_rport_mem);
        SEXP_free_r(&se_lfull_mem);
        SEXP_free_r(&se_ffull_mem);
        SEXP_free(se_uid_mem);
}
Example #29
0
int probe_main(probe_ctx *ctx, void *arg)
{
	SEXP_t *probe_in, *name;
	int err;

	probe_in  = probe_ctx_getobject(ctx);
	name = probe_obj_getent(probe_in, "name", 1);

	if (name == NULL) {
		return PROBE_ENOVAL;
	}

	err = get_selinuxboolean(name, ctx);
	SEXP_free(name);

	return err;
}
Example #30
0
static void oval_probe_session_libinit(void)
{
	/* HACK: Make sure S-exps are initialized before we initialize anything else
	 * that uses them. This is needed only if the S-exp library is compiled without
	 * atomic builtins. In that case it uses a fallback locking mechanism that uses
	 * a mutex array which needs to be initialized before S-exp are used and freed
	 * at exit(3). The later is done by registering an atexit(3) function.
	 * The ncache_libinit function also registers an atexit(3) function and we need
	 * to make sure that the S-exps are not deinitialized before the ncache atexit
	 * handler is called.
	 * TODO: Implement SEXP_libinit() and call it from oscap_init()?
	 */
	volatile SEXP_t *exp = SEXP_string_new("magic", 5);
	SEXP_free((SEXP_t *)exp);

        ncache_libinit();
        oval_probe_tblinit();
}