static int unit_callback(const char *unit, void *cbarg) { struct unit_callback_vars *vars = (struct unit_callback_vars *)cbarg; SEXP_t *se_unit = SEXP_string_new(unit, strlen(unit)); if (probe_entobj_cmp(vars->unit_entity, se_unit) != OVAL_RESULT_TRUE) { /* Do nothing, continue with the next unit */ SEXP_free(se_unit); return 0; } vars->se_unit = se_unit; vars->se_property = NULL; vars->item = NULL; char *unit_path = get_path_by_unit(vars->dbus_conn, unit); if (unit_path == NULL) { return 1; } get_all_properties_by_unit_path(vars->dbus_conn, unit_path, property_callback, vars); if (vars->item != NULL) { probe_item_collect(vars->ctx, vars->item); vars->item = NULL; SEXP_free(vars->se_property); vars->se_property = NULL; } SEXP_free(se_unit); return 0; }
static SEXP_t *oval_behaviors_to_sexp(struct oval_behavior_iterator *bit) { char *attr_name, *attr_val; SEXP_t *elm_name; SEXP_t *r0; struct oval_behavior *behavior; elm_name = SEXP_list_new(r0 = SEXP_string_newf("behaviors"), NULL); SEXP_free(r0); while (oval_behavior_iterator_has_more(bit)) { behavior = oval_behavior_iterator_next(bit); attr_name = oval_behavior_get_key(behavior); attr_val = oval_behavior_get_value(behavior); SEXP_list_add(elm_name, r0 = SEXP_string_newf(":%s", attr_name)); SEXP_free(r0); if (attr_val != NULL) { SEXP_list_add(elm_name, r0 = SEXP_string_new(attr_val, strlen(attr_val))); SEXP_free(r0); } } r0 = SEXP_list_new(elm_name, NULL); SEXP_free(elm_name); return (r0); }
static int collect_item(struct route_info *rt, probe_ctx *ctx) { SEXP_t *item, *rt_dst; oval_datatype_t addr_type; rt_dst = SEXP_string_new(rt->ip_dst, strlen(rt->ip_dst)); if (probe_entobj_cmp(rt->ip_dst_ent, rt_dst) != OVAL_RESULT_TRUE) { SEXP_free(rt_dst); return 0; } addr_type = rt->ip_version == 4 ? OVAL_DATATYPE_IPV4ADDR : OVAL_DATATYPE_IPV6ADDR; /* create the item */ item = probe_item_create(OVAL_UNIX_ROUTINGTABLE, NULL, "destination", addr_type, rt->ip_dst, "gateway", addr_type, rt->ip_gw, "flags", OVAL_DATATYPE_STRING_M, rt->rt_flags, "interface_name", OVAL_DATATYPE_STRING, rt->if_name, NULL); SEXP_free(rt_dst); return probe_item_collect(ctx, item) == 2 ? 1 : 0; }
int probe_main (probe_ctx *ctx, void *arg) { SEXP_t *object; struct runlevel_req request_st; struct runlevel_rep *reply_st = NULL; object = probe_ctx_getobject(ctx); request_st.service_name_ent = probe_obj_getent(object, "service_name", 1); if (request_st.service_name_ent == NULL) { dI("%s: element not found", "service_name"); return PROBE_ENOELM; } request_st.runlevel_ent = probe_obj_getent(object, "runlevel", 1); if (request_st.runlevel_ent == NULL) { SEXP_free(request_st.service_name_ent); dI("%s: element not found", "runlevel"); return PROBE_ENOELM; } if (get_runlevel(&request_st, &reply_st) == -1) { SEXP_t *msg; msg = probe_msg_creat(OVAL_MESSAGE_LEVEL_ERROR, "get_runlevel failed."); probe_cobj_add_msg(probe_ctx_getresult(ctx), msg); SEXP_free(msg); probe_cobj_set_flag(probe_ctx_getresult(ctx), SYSCHAR_FLAG_ERROR); } else { struct runlevel_rep *next_rep; SEXP_t *item; while (reply_st != NULL) { dI("get_runlevel: [0]=\"%s\", [1]=\"%s\", [2]=\"%d\", [3]=\"%d\"", reply_st->service_name, reply_st->runlevel, reply_st->start, reply_st->kill); item = probe_item_create(OVAL_UNIX_RUNLEVEL, NULL, "service_name", OVAL_DATATYPE_STRING, reply_st->service_name, "runlevel", OVAL_DATATYPE_STRING, reply_st->runlevel, "start", OVAL_DATATYPE_BOOLEAN, reply_st->start, "kill", OVAL_DATATYPE_BOOLEAN, reply_st->kill, NULL); probe_item_collect(ctx, item); next_rep = reply_st->next; oscap_free(reply_st->service_name); oscap_free(reply_st->runlevel); oscap_free(reply_st); reply_st = next_rep; } } SEXP_free(request_st.runlevel_ent); SEXP_free(request_st.service_name_ent); return 0; }
static SEXP_t *oval_probe_cmd_obj_eval(SEXP_t *sexp, void *arg) { char *id_str; struct oval_definition_model *defs; struct oval_object *obj; struct oval_syschar *res; oval_pext_t *pext = (oval_pext_t *) arg; SEXP_t *ret, *ret_code; int r; if (sexp == NULL || arg == NULL) { return NULL; } if (!SEXP_stringp(sexp)) { dE("Invalid argument: type=%s.", SEXP_strtype(sexp)); return (NULL); } id_str = SEXP_string_cstr(sexp); defs = oval_syschar_model_get_definition_model(*(pext->model)); obj = oval_definition_model_get_object(defs, id_str); ret = SEXP_list_new (sexp, NULL); dI("Get_object: %s.", id_str); if (obj == NULL) { dE("Can't find obj: id=%s.", id_str); free(id_str); SEXP_free(ret); return (NULL); } oscap_clearerr(); r = oval_probe_query_object(pext->sess_ptr, obj, OVAL_PDFLAG_NOREPLY|OVAL_PDFLAG_SLAVE, &res); if (r < 0) ret_code = SEXP_number_newu((unsigned int) SYSCHAR_FLAG_COMPLETE); else ret_code = SEXP_number_newu((unsigned int) oval_syschar_get_flag(res)); SEXP_list_add(ret, ret_code); SEXP_free(ret_code); if (oscap_err()) { dE("Failed: id: %s, err: %d, %s.", id_str, oscap_err_family(), oscap_err_desc()); oscap_clearerr(); free(id_str); SEXP_free(ret); return (NULL); } free(id_str); return (ret); }
static SEXP_t *oval_entity_to_sexp(struct oval_entity *ent) { SEXP_t *elm, *elm_name; SEXP_t *r0, *r1, *r2; oval_datatype_t datatype; oval_entity_varref_type_t vr_type; elm_name = SEXP_list_new(r0 = SEXP_string_newf("%s", oval_entity_get_name(ent)), /* operation */ r1 = SEXP_string_new(":operation", 10), r2 = SEXP_number_newu_32(oval_entity_get_operation(ent)), NULL); SEXP_vfree(r0, r1, r2, NULL); if (oval_entity_get_mask(ent)) { SEXP_list_add(elm_name, r0 = SEXP_string_new("mask", 4)); SEXP_free(r0); } elm = SEXP_list_new(NULL); datatype = oval_entity_get_datatype(ent); probe_ent_setdatatype(elm, datatype); vr_type = oval_entity_get_varref_type(ent); if (vr_type == OVAL_ENTITY_VARREF_ATTRIBUTE || vr_type == OVAL_ENTITY_VARREF_ELEMENT) { /* var_ref */ struct oval_variable *var; var = oval_entity_get_variable(ent); SEXP_list_add(elm_name, r0 = SEXP_string_new(":var_ref", 8)); SEXP_list_add(elm_name, r1 = SEXP_string_newf("%s", oval_variable_get_id(var))); SEXP_list_add(elm, elm_name); SEXP_vfree(r0, r1, elm_name, NULL); } else { /* value */ struct oval_value *val; SEXP_list_add(elm, elm_name); SEXP_free(elm_name); val = oval_entity_get_value(ent); if (datatype != OVAL_DATATYPE_RECORD && val != NULL) { SEXP_t *val_sexp; val_sexp = oval_value_to_sexp(val, datatype); if (val_sexp != NULL) { SEXP_list_add(elm, val_sexp); SEXP_free(val_sexp); } } } return (elm); }
static int read_packet(llist *l, probe_ctx *ctx, oval_schema_version_t over) { int line = 0; FILE *f; char buf[256]; void *s; int refcnt, sk_type, ifindex, running; unsigned long inode; unsigned rmem, uid, proto_num; struct interface_t interface; f = fopen("/proc/net/packet", "rt"); if (f == NULL) { if (errno != ENOENT) return 1; else return 0; } __fsetlocking(f, FSETLOCKING_BYCALLER); while (fgets(buf, sizeof(buf), f)) { if (line == 0) { line++; continue; } /* follow structure from net/packet/af_packet.c */ sscanf(buf, "%p %d %d %04x %d %d %u %u %lu\n", &s, &refcnt, &sk_type, &proto_num, &ifindex, &running, &rmem, &uid, &inode ); if (list_find_inode(l, inode) && get_interface(ifindex, &interface)) { struct result_info r; SEXP_t *r0; dI("Have interface_name: %s, hw_address: %s\n", interface.interface_name, interface.hw_address); r0 = SEXP_string_newf("%s", interface.interface_name); if (probe_entobj_cmp(interface_name_ent, r0) != OVAL_RESULT_TRUE) { SEXP_free(r0); continue; } SEXP_free(r0); r.interface_name = interface.interface_name; r.protocol = oscap_enum_to_string(ProtocolType, proto_num); r.hw_address = interface.hw_address; report_finding(&r, l, ctx, over); } } fclose(f); return 0; }
/** * Collect an item * This function adds an item the collected object assosiated * with the given probe context. * * Returns: * 0 ... the item was succesfully added to the collected object * 1 ... the item was filtered out * 2 ... the item was not added because of memory constraints * and the collected object was flagged as incomplete *-1 ... unexpected/internal error * * The caller must not free the item, it's freed automatically * by this function or by the icache worker thread. */ int probe_item_collect(struct probe_ctx *ctx, SEXP_t *item) { SEXP_t *cobj_content; size_t cobj_itemcnt; assume_d(ctx != NULL, -1); assume_d(ctx->probe_out != NULL, -1); assume_d(item != NULL, -1); cobj_content = SEXP_listref_nth(ctx->probe_out, 3); cobj_itemcnt = SEXP_list_length(cobj_content); SEXP_free(cobj_content); if (probe_cobj_memcheck(cobj_itemcnt) != 0) { /* * Don't set the message again if the collected object is * already flagged as incomplete. */ if (probe_cobj_get_flag(ctx->probe_out) != SYSCHAR_FLAG_INCOMPLETE) { SEXP_t *msg; /* * Sync with the icache thread before modifying the * collected object. */ if (probe_icache_nop(ctx->icache) != 0) return -1; msg = probe_msg_creat(OVAL_MESSAGE_LEVEL_WARNING, "Object is incomplete due to memory constraints."); probe_cobj_add_msg(ctx->probe_out, msg); probe_cobj_set_flag(ctx->probe_out, SYSCHAR_FLAG_INCOMPLETE); SEXP_free(msg); } return 2; } if (ctx->filters != NULL && probe_item_filtered(item, ctx->filters)) { SEXP_free(item); return (1); } if (probe_icache_add(ctx->icache, ctx->probe_out, item) != 0) { dE("Can't add item (%p) to the item cache (%p)", item, ctx->icache); SEXP_free(item); return (-1); } return (0); }
int probe_main (probe_ctx *ctx, void *arg) { SEXP_t *probe_in, *name_ent, *file_ent, *bh_ent; char file[PATH_MAX]; size_t file_len = sizeof file; char name[64]; size_t name_len = sizeof name; oval_operation_t name_op, file_op; uint64_t collect_flags = 0; unsigned int i; // If probe_init() failed it's because there was no rpm config files if (arg == NULL) { probe_cobj_set_flag(probe_ctx_getresult(ctx), SYSCHAR_FLAG_NOT_APPLICABLE); return 0; } /* * Get refs to object entities */ probe_in = probe_ctx_getobject(ctx); name_ent = probe_obj_getent(probe_in, "name", 1); file_ent = probe_obj_getent(probe_in, "filepath", 1); if (name_ent == NULL || file_ent == NULL) { dE("Missing \"name\" (%p) or \"filepath\" (%p) entity", name_ent, file_ent); SEXP_free(name_ent); SEXP_free(file_ent); return (PROBE_ENOENT); } /* * Extract the requested operation for each entity */ name_op = probe_ent_getoperation(name_ent, OVAL_OPERATION_EQUALS); file_op = probe_ent_getoperation(file_ent, OVAL_OPERATION_EQUALS); if (name_op == OVAL_OPERATION_UNKNOWN || file_op == OVAL_OPERATION_UNKNOWN) { SEXP_free(name_ent); SEXP_free(file_ent); return (PROBE_EINVAL); } /* * Extract entity values */ PROBE_ENT_STRVAL(name_ent, name, name_len, /* void */, strcpy(name, ""););
static int oval_varref_elm_to_sexp(void *sess, struct oval_variable *var, oval_datatype_t dt, SEXP_t **out_sexp, struct oval_syschar *syschar) { SEXP_t *val_lst; struct oval_value_iterator *val_itr; oval_syschar_collection_flag_t flag; if (oval_probe_query_variable(sess, var) != 0) return -1; flag = oval_variable_get_collection_flag(var); if (flag == SYSCHAR_FLAG_DOES_NOT_EXIST) { char msg[100]; snprintf(msg, sizeof(msg), "Referenced variable has no values (%s).", oval_variable_get_id(var)); dI("%s", msg); if (syschar != NULL) { oval_syschar_add_new_message(syschar, msg, OVAL_MESSAGE_LEVEL_WARNING); oval_syschar_set_flag(syschar, SYSCHAR_FLAG_DOES_NOT_EXIST); } return 1; } if (flag != SYSCHAR_FLAG_COMPLETE && flag != SYSCHAR_FLAG_INCOMPLETE) { *out_sexp = SEXP_list_new(NULL); return 0; } val_lst = SEXP_list_new(NULL); val_itr = oval_variable_get_values(var); while (oval_value_iterator_has_more(val_itr)) { struct oval_value *val; SEXP_t *vs; val = oval_value_iterator_next(val_itr); vs = oval_value_to_sexp(val, dt); if (vs == NULL) { oscap_seterr(OSCAP_EFAMILY_OVAL, "Failed to convert OVAL value to SEXP: " "datatype: %s, text: %s.", oval_datatype_get_text(dt), oval_value_get_text(val)); oval_value_iterator_free(val_itr); SEXP_free(val_lst); return -1; } SEXP_list_add(val_lst, vs); SEXP_free(vs); } oval_value_iterator_free(val_itr); *out_sexp = val_lst; return 0; }
static SEXP_t *oval_probe_cmd_ste_fetch(SEXP_t *sexp, void *arg) { SEXP_t *id, *ste_list, *ste_sexp; char *id_str; struct oval_state *ste; struct oval_definition_model *definition_model; oval_pext_t *pext = (oval_pext_t *)arg; int ret; if (sexp == NULL || arg == NULL) { return NULL; } ste_list = SEXP_list_new(NULL); SEXP_list_foreach(id, sexp) { if (SEXP_stringp(id)) { id_str = SEXP_string_cstr(id); definition_model = oval_syschar_model_get_definition_model(*(pext->model)); ste = oval_definition_model_get_state(definition_model, id_str); if (ste == NULL) { dE("Can't find ste: id: %s.", id_str); SEXP_list_free(ste_list); free(id_str); SEXP_free(id); return (NULL); } ret = oval_state_to_sexp(pext->sess_ptr, ste, &ste_sexp); if (ret !=0) { dE("Failed to convert OVAL state to SEXP, id: %s.", id_str); SEXP_list_free(ste_list); free(id_str); SEXP_free(id); return (NULL); } SEXP_list_add(ste_list, ste_sexp); SEXP_free(ste_sexp); free(id_str); } } return (ste_list); }
void SEAP_error_free(SEAP_err_t *e) { if (e->data == NULL) SEXP_free(e->data); free(e); return; }
int probe_main(probe_ctx *ctx, void *probe_arg) { SEXP_t *unit_entity, *probe_in, *property_entity; oval_version_t oval_version; probe_in = probe_ctx_getobject(ctx); oval_version = probe_obj_get_schema_version(probe_in); if (oval_version_cmp(oval_version, OVAL_VERSION(5.11)) < 0) { // OVAL 5.10 and less return PROBE_EOPNOTSUPP; } unit_entity = probe_obj_getent(probe_in, "unit", 1); property_entity = probe_obj_getent(probe_in, "property", 1); DBusError dbus_error; DBusConnection *dbus_conn; dbus_error_init(&dbus_error); dbus_conn = connect_dbus(); if (dbus_conn == NULL) { dbus_error_free(&dbus_error); SEXP_free(property_entity); SEXP_free(unit_entity); return PROBE_ESYSTEM; } struct unit_callback_vars vars; vars.dbus_conn = dbus_conn; vars.ctx = ctx; vars.unit_entity = unit_entity; vars.property_entity = property_entity; get_all_systemd_units(dbus_conn, unit_callback, &vars); SEXP_free(unit_entity); SEXP_free(property_entity); dbus_error_free(&dbus_error); disconnect_dbus(dbus_conn); return 0; }
int probe_main(probe_ctx *ctx, void *arg) { SEXP_t *ent; ent = probe_obj_getent(probe_ctx_getobject(ctx), "command", 1); if (ent == NULL) { return PROBE_ENOVAL; } if (read_process(ent, ctx)) { SEXP_free(ent); return PROBE_EACCESS; } SEXP_free(ent); return 0; }
static bool accesstoken_behaviors_get_resolve_group(SEXP_t *behaviors_ent) { bool resolve_group = false; // Default value of resolve_group behaviors if (behaviors_ent != NULL && probe_ent_attrexists(behaviors_ent, "resolve_group")) { SEXP_t *resolve_group_attrval = probe_ent_getattrval(behaviors_ent, "resolve_group"); resolve_group = SEXP_string_getb(resolve_group_attrval); SEXP_free(resolve_group_attrval); } return resolve_group; }
static bool accesstoken_behaviors_get_include_group(SEXP_t *behaviors_ent) { bool include_group = true; // Default value of include_group behaviors if (behaviors_ent != NULL && probe_ent_attrexists(behaviors_ent, "include_group")) { SEXP_t *include_group_attrval = probe_ent_getattrval(behaviors_ent, "include_group"); include_group = SEXP_string_getb(include_group_attrval); SEXP_free(include_group_attrval); } return include_group; }
int probe_main(probe_ctx *ctx, void *arg) { SEXP_t *obj, *ent; obj = probe_ctx_getobject(ctx); over = probe_obj_get_schema_version(obj); ent = probe_obj_getent(obj, "command", 1); if (ent == NULL) { return PROBE_ENOVAL; } if (read_process(ent, ctx)) { SEXP_free(ent); return PROBE_EACCESS; } SEXP_free(ent); return 0; }
static struct oval_message *oval_sexp_to_msg(const SEXP_t *msg) { struct oval_message *message; SEXP_t *r0; oval_message_level_t lvl; char *str; message = oval_message_new(); r0 = SEXP_list_first(msg); lvl = SEXP_number_getu(r0); SEXP_free(r0); oval_message_set_level(message, lvl); r0 = SEXP_list_nth(msg, 2); str = SEXP_string_cstr(r0); SEXP_free(r0); oval_message_set_text(message, str); free(str); return message; }
static SEXP_t *oval_record_field_STATE_to_sexp(struct oval_record_field *rf) { struct oval_entity *rf_ent; struct oval_variable *var; oval_check_t ochk; oval_datatype_t dt; SEXP_t *rf_sexp, *r0; rf_ent = oval_entity_new(NULL); oval_entity_set_name(rf_ent, oval_record_field_get_name(rf)); oval_entity_set_operation(rf_ent, oval_record_field_get_operation(rf)); dt = oval_record_field_get_datatype(rf); oval_entity_set_datatype(rf_ent, dt); var = oval_record_field_get_variable(rf); if (var != NULL) { oval_entity_set_varref_type(rf_ent, OVAL_ENTITY_VARREF_ATTRIBUTE); oval_entity_set_variable(rf_ent, var); } else { struct oval_value *val; val = oval_value_new(dt, oval_record_field_get_value(rf)); oval_entity_set_value(rf_ent, val); } rf_sexp = oval_entity_to_sexp(rf_ent); ochk = oval_record_field_get_var_check(rf); if (ochk != OVAL_CHECK_UNKNOWN) { probe_ent_attr_add(rf_sexp, "var_check", r0 = SEXP_number_newu_32(ochk)); SEXP_free(r0); } ochk = oval_record_field_get_ent_check(rf); if (ochk != OVAL_CHECK_UNKNOWN) { probe_ent_attr_add(rf_sexp, "entity_check", r0 = SEXP_number_newu_32(ochk)); SEXP_free(r0); } oval_entity_free(rf_ent); return rf_sexp; }
int accesstoken_probe_main(probe_ctx *ctx, void *arg) { SEXP_t *probe_in = probe_ctx_getobject(ctx); SEXP_t *behaviors_ent = probe_obj_getent(probe_in, "behaviors", 1); SEXP_t *security_principle_ent = probe_obj_getent(probe_in, "security_principle", 1); SEXP_t *security_principle_val = probe_ent_getval(security_principle_ent); bool include_group = accesstoken_behaviors_get_include_group(behaviors_ent); bool resolve_group = accesstoken_behaviors_get_resolve_group(behaviors_ent); oval_operation_t operation = probe_ent_getoperation(security_principle_ent, OVAL_OPERATION_EQUALS); if (operation == OVAL_OPERATION_EQUALS) { char *security_principle_str = SEXP_string_cstr(security_principle_val); WCHAR *security_principle_wstr = oscap_windows_str_to_wstr(security_principle_str); collect_access_rights(ctx, security_principle_wstr, include_group, resolve_group); free(security_principle_str); free(security_principle_wstr); } else { struct oscap_list *trustees_list = oscap_list_new(); get_all_trustee_names(trustees_list); struct oscap_iterator *it = oscap_iterator_new(trustees_list); while (oscap_iterator_has_more(it)) { WCHAR *trustee_wstr = oscap_iterator_next(it); char *trustee_str = oscap_windows_wstr_to_str(trustee_wstr); SEXP_t *tmp = SEXP_string_new(trustee_str, strlen(trustee_str)); if (probe_entobj_cmp(security_principle_ent, tmp) == OVAL_RESULT_TRUE) { collect_access_rights(ctx, trustee_wstr, include_group, resolve_group); } free(trustee_str); SEXP_free(tmp); } oscap_iterator_free(it); oscap_list_free(trustees_list, free); } SEXP_free(behaviors_ent); SEXP_free(security_principle_ent); SEXP_free(security_principle_val); return 0; }
int probe_main(probe_ctx *ctx, void *arg) { SEXP_t *command_line_ent, *pid_ent; command_line_ent = probe_obj_getent(probe_ctx_getobject(ctx), "command_line", 1); pid_ent = probe_obj_getent(probe_ctx_getobject(ctx), "pid", 1); if (command_line_ent == NULL && pid_ent == NULL) { return PROBE_ENOVAL; } if (read_process(command_line_ent, pid_ent, ctx)) { SEXP_free(command_line_ent); SEXP_free(pid_ent); return PROBE_EACCESS; } SEXP_free(command_line_ent); SEXP_free(pid_ent); return 0; }
static int eval_data(const char *type, const char *local_address, unsigned int local_port) { SEXP_t *r0; r0 = SEXP_string_newf("%s", type); if (probe_entobj_cmp(req.protocol_ent, r0) != OVAL_RESULT_TRUE) { SEXP_free(r0); return 0; } SEXP_free(r0); r0 = SEXP_string_newf("%s", local_address); if (probe_entobj_cmp(req.local_address_ent, r0) != OVAL_RESULT_TRUE) { SEXP_free(r0); return 0; } SEXP_free(r0); r0 = SEXP_number_newu_32(local_port); if (probe_entobj_cmp(req.local_port_ent, r0) != OVAL_RESULT_TRUE) { SEXP_free(r0); return 0; } SEXP_free(r0); return 1; }
static void probe_icache_free_node(struct rbt_i64_node *n) { probe_citem_t *ci = (probe_citem_t *)n->data; while (ci->count > 0) { SEXP_free(ci->item[ci->count - 1]); --ci->count; } oscap_free(ci->item); oscap_free(ci); return; }
static int property_callback(const char *property, const char *value, void *cbarg) { struct unit_callback_vars *vars = (struct unit_callback_vars *)cbarg; if (vars->se_property != NULL) { // // Compare the previously matched entity to the current one // If they are the same, continue to fill the current item // with property values. If not, collect the item and create // a new one for the current property. // if (SEXP_strcmp(vars->se_property, property) == 0) { SEXP_t *se_value = SEXP_string_new(value, strlen(value)); probe_item_ent_add(vars->item, "value", NULL, se_value); SEXP_free(se_value); return 0; } else { probe_item_collect(vars->ctx, vars->item); vars->item = NULL; SEXP_free(vars->se_property); vars->se_property = NULL; } } SEXP_t *se_property = SEXP_string_new(property, strlen(property)); if (probe_entobj_cmp(vars->property_entity, se_property) != OVAL_RESULT_TRUE) { SEXP_free(se_property); return 0; } vars->se_property = se_property; vars->item = probe_item_create(OVAL_LINUX_SYSTEMDUNITPROPERTY, NULL, "unit", OVAL_DATATYPE_SEXP, vars->se_unit, "property", OVAL_DATATYPE_SEXP, vars->se_property, "value", OVAL_DATATYPE_STRING, value, NULL); return 0; }
static SEXP_t *create_item(const char *path, const char *filename, char *pattern, int instance, char **substrs, int substr_cnt, oval_schema_version_t over) { int i; SEXP_t *item; SEXP_t *r0; SEXP_t *se_instance, *se_filepath; char *text; if (strlen(path) + strlen(filename) + 1 > PATH_MAX) { dE("path+filename too long"); return (NULL); } if (oval_schema_version_cmp(over, OVAL_SCHEMA_VERSION(5.4)) < 0) { pattern = text = NULL; se_instance = NULL; } else { text = substrs[0]; se_instance = SEXP_number_newu_64((int64_t) instance); } if (oval_schema_version_cmp(over, OVAL_SCHEMA_VERSION(5.6)) < 0) { se_filepath = NULL; } else { const size_t path_len = strlen(path); /* Avoid 2 slashes */ if (path_len >= 1 && path[path_len - 1] == FILE_SEPARATOR) { se_filepath = SEXP_string_newf("%s%s", path, filename); } else { se_filepath = SEXP_string_newf("%s%c%s", path, FILE_SEPARATOR, filename); } } item = probe_item_create(OVAL_INDEPENDENT_TEXT_FILE_CONTENT, NULL, "filepath", OVAL_DATATYPE_SEXP, se_filepath, "path", OVAL_DATATYPE_STRING, path, "filename", OVAL_DATATYPE_STRING, filename, "pattern", OVAL_DATATYPE_STRING, pattern, "instance", OVAL_DATATYPE_SEXP, se_instance, "line", OVAL_DATATYPE_STRING, pattern, "text", OVAL_DATATYPE_STRING, substrs[0], NULL); for (i = 1; i < substr_cnt; ++i) { probe_item_ent_add (item, "subexpression", NULL, r0 = SEXP_string_new (substrs[i], strlen (substrs[i]))); SEXP_free (r0); } return item; }
static void probe_icache_item_setID(SEXP_t *item, SEXP_ID_t item_ID) { SEXP_t *name_ref, *prev_id; SEXP_t uniq_id; uint32_t local_id; /* ((foo_item :id "<int>") ... ) */ assume_d(item != NULL, /* void */); assume_d(SEXP_listp(item), /* void */); #if defined(HAVE_ATOMIC_FUNCTIONS) local_id = __sync_fetch_and_add(&next_ID, 1); #else if (pthread_mutex_lock(&next_ID_mutex) != 0) { dE("Can't lock the next_ID_mutex: %u, %s", errno, strerror(errno)); abort(); } local_id = ++next_ID; if (pthread_mutex_unlock(&next_ID_mutex) != 0) { dE("Can't unlock the next_ID_mutex: %u, %s", errno, strerror(errno)); abort(); } #endif SEXP_string_newf_r(&uniq_id, "1%05u%u", getpid(), local_id); name_ref = SEXP_listref_first(item); prev_id = SEXP_list_replace(name_ref, 3, &uniq_id); SEXP_free(prev_id); SEXP_free_r(&uniq_id); SEXP_free(name_ref); return; }
int main (void) { SEXP_t *s_exp; char *s1, *s2; s1 = "Hello, world!"; s2 = "abcdefghijklmnopqrstuvwxyz"; setbuf (stdout, NULL); s_exp = SEXP_string_new (s1, strlen (s1)); SEXP_fprintfa (stdout, s_exp); putc ('\n', stdout); SEXP_free (s_exp); s_exp = SEXP_string_newf ("s2=%s", s2); SEXP_fprintfa (stdout, s_exp); putc ('\n', stdout); SEXP_free (s_exp); return (0); }
static void report_finding(struct result_info *res, llist *l, probe_ctx *ctx) { SEXP_t *item; SEXP_t se_lport_mem, se_rport_mem, se_lfull_mem, se_ffull_mem, *se_uid_mem = NULL; lnode *n = NULL; if (l) { n = list_get_cur(l); } if (n) { item = probe_item_create(OVAL_LINUX_INET_LISTENING_SERVER, NULL, "protocol", OVAL_DATATYPE_STRING, res->proto, "local_address", OVAL_DATATYPE_STRING, res->laddr, "local_port", OVAL_DATATYPE_SEXP, SEXP_number_newu_64_r(&se_lport_mem, res->lport), "local_full_address", OVAL_DATATYPE_SEXP, SEXP_string_newf_r(&se_lfull_mem, "%s:%u", res->laddr, res->lport), "program_name", OVAL_DATATYPE_STRING, n->cmd, "foreign_address", OVAL_DATATYPE_STRING, res->raddr, "foreign_port", OVAL_DATATYPE_SEXP, SEXP_number_newu_64_r(&se_rport_mem, res->rport), "foreign_full_address", OVAL_DATATYPE_SEXP, SEXP_string_newf_r(&se_ffull_mem, "%s:%u", res->raddr, res->rport), "pid", OVAL_DATATYPE_INTEGER, (int64_t)n->pid, "user_id", OVAL_DATATYPE_SEXP, se_uid_mem = SEXP_number_newu_64(n->uid), NULL); } else { item = probe_item_create(OVAL_LINUX_INET_LISTENING_SERVER, NULL, "protocol", OVAL_DATATYPE_STRING, res->proto, "local_address", OVAL_DATATYPE_STRING, res->laddr, "local_port", OVAL_DATATYPE_SEXP, SEXP_number_newu_64_r(&se_lport_mem, res->lport), "local_full_address", OVAL_DATATYPE_SEXP, SEXP_string_newf_r(&se_lfull_mem, "%s:%u", res->laddr, res->lport), "foreign_address", OVAL_DATATYPE_STRING, res->raddr, "foreign_port", OVAL_DATATYPE_SEXP, SEXP_number_newu_64_r(&se_rport_mem, res->rport), "foreign_full_address", OVAL_DATATYPE_SEXP, SEXP_string_newf_r(&se_ffull_mem, "%s:%u", res->raddr, res->rport), NULL); } probe_item_collect(ctx, item); SEXP_free_r(&se_lport_mem); SEXP_free_r(&se_rport_mem); SEXP_free_r(&se_lfull_mem); SEXP_free_r(&se_ffull_mem); SEXP_free(se_uid_mem); }
int probe_main(probe_ctx *ctx, void *arg) { SEXP_t *probe_in, *name; int err; probe_in = probe_ctx_getobject(ctx); name = probe_obj_getent(probe_in, "name", 1); if (name == NULL) { return PROBE_ENOVAL; } err = get_selinuxboolean(name, ctx); SEXP_free(name); return err; }
static void oval_probe_session_libinit(void) { /* HACK: Make sure S-exps are initialized before we initialize anything else * that uses them. This is needed only if the S-exp library is compiled without * atomic builtins. In that case it uses a fallback locking mechanism that uses * a mutex array which needs to be initialized before S-exp are used and freed * at exit(3). The later is done by registering an atexit(3) function. * The ncache_libinit function also registers an atexit(3) function and we need * to make sure that the S-exps are not deinitialized before the ncache atexit * handler is called. * TODO: Implement SEXP_libinit() and call it from oscap_init()? */ volatile SEXP_t *exp = SEXP_string_new("magic", 5); SEXP_free((SEXP_t *)exp); ncache_libinit(); oval_probe_tblinit(); }