int probe_main (probe_ctx *ctx, void *arg)
{
SEXP_t *object;
struct runlevel_req request_st;
struct runlevel_rep *reply_st = NULL;
object = probe_ctx_getobject(ctx);
request_st.service_name_ent = probe_obj_getent(object, "service_name", 1);
if (request_st.service_name_ent == NULL) {
dI("%s: element not found", "service_name");
return PROBE_ENOELM;
}
request_st.runlevel_ent = probe_obj_getent(object, "runlevel", 1);
if (request_st.runlevel_ent == NULL) {
SEXP_free(request_st.service_name_ent);
dI("%s: element not found", "runlevel");
return PROBE_ENOELM;
}
if (get_runlevel(&request_st, &reply_st) == -1) {
SEXP_t *msg;
msg = probe_msg_creat(OVAL_MESSAGE_LEVEL_ERROR, "get_runlevel failed.");
probe_cobj_add_msg(probe_ctx_getresult(ctx), msg);
SEXP_free(msg);
probe_cobj_set_flag(probe_ctx_getresult(ctx), SYSCHAR_FLAG_ERROR);
} else {
struct runlevel_rep *next_rep;
SEXP_t *item;
while (reply_st != NULL) {
dI("get_runlevel: [0]=\"%s\", [1]=\"%s\", [2]=\"%d\", [3]=\"%d\"",
reply_st->service_name, reply_st->runlevel, reply_st->start, reply_st->kill);
item = probe_item_create(OVAL_UNIX_RUNLEVEL, NULL,
"service_name", OVAL_DATATYPE_STRING, reply_st->service_name,
"runlevel", OVAL_DATATYPE_STRING, reply_st->runlevel,
"start", OVAL_DATATYPE_BOOLEAN, reply_st->start,
"kill", OVAL_DATATYPE_BOOLEAN, reply_st->kill,
NULL);
probe_item_collect(ctx, item);
next_rep = reply_st->next;
oscap_free(reply_st->service_name);
oscap_free(reply_st->runlevel);
oscap_free(reply_st);
reply_st = next_rep;
}
}
SEXP_free(request_st.runlevel_ent);
SEXP_free(request_st.service_name_ent);
return 0;
}
int probe_main(probe_ctx *ctx, void *unused)
{
(void)unused;
probe_cobj_set_flag(probe_ctx_getresult(ctx), SYSCHAR_FLAG_NOT_APPLICABLE);
return (0);
}
int probe_main(probe_ctx *ctx, void *arg)
{
SEXP_t *object;
int err;
llist ll;
oval_schema_version_t over;
object = probe_ctx_getobject(ctx);
over = probe_obj_get_platform_schema_version(object);
interface_name_ent = probe_obj_getent(object, "interface_name", 1);
if (interface_name_ent == NULL) {
err = PROBE_ENOVAL;
goto cleanup;
}
// Now start collecting the info
list_create(&ll);
if (collect_process_info(&ll) || perm_warn) {
SEXP_t *msg;
msg = probe_msg_creat(OVAL_MESSAGE_LEVEL_ERROR, "Permission error.");
probe_cobj_add_msg(probe_ctx_getresult(ctx), msg);
SEXP_free(msg);
probe_cobj_set_flag(probe_ctx_getresult(ctx), SYSCHAR_FLAG_ERROR);
err = 0;
goto cleanup;
}
read_packet(&ll, ctx, over);
list_clear(&ll);
err = 0;
cleanup:
SEXP_vfree(interface_name_ent, NULL);
return err;
}
int probe_main (probe_ctx *ctx, void *arg)
{
SEXP_t *probe_in, *name_ent, *file_ent, *bh_ent;
char file[PATH_MAX];
size_t file_len = sizeof file;
char name[64];
size_t name_len = sizeof name;
oval_operation_t name_op, file_op;
uint64_t collect_flags = 0;
unsigned int i;
// If probe_init() failed it's because there was no rpm config files
if (arg == NULL) {
probe_cobj_set_flag(probe_ctx_getresult(ctx), SYSCHAR_FLAG_NOT_APPLICABLE);
return 0;
}
/*
* Get refs to object entities
*/
probe_in = probe_ctx_getobject(ctx);
name_ent = probe_obj_getent(probe_in, "name", 1);
file_ent = probe_obj_getent(probe_in, "filepath", 1);
if (name_ent == NULL || file_ent == NULL) {
dE("Missing \"name\" (%p) or \"filepath\" (%p) entity", name_ent, file_ent);
SEXP_free(name_ent);
SEXP_free(file_ent);
return (PROBE_ENOENT);
}
/*
* Extract the requested operation for each entity
*/
name_op = probe_ent_getoperation(name_ent, OVAL_OPERATION_EQUALS);
file_op = probe_ent_getoperation(file_ent, OVAL_OPERATION_EQUALS);
if (name_op == OVAL_OPERATION_UNKNOWN ||
file_op == OVAL_OPERATION_UNKNOWN)
{
SEXP_free(name_ent);
SEXP_free(file_ent);
return (PROBE_EINVAL);
}
/*
* Extract entity values
*/
PROBE_ENT_STRVAL(name_ent, name, name_len, /* void */, strcpy(name, ""););
static int get_selinuxboolean(SEXP_t *ut_ent, probe_ctx *ctx)
{
int err = 1, active, pending, len, i;
SEXP_t *boolean, *item;
char **booleans;
if ( ! is_selinux_enabled()) {
probe_cobj_set_flag(probe_ctx_getresult(ctx), SYSCHAR_FLAG_NOT_APPLICABLE);
return 0;
}
if (security_get_boolean_names(&booleans, &len) == -1) {
probe_cobj_set_flag(probe_ctx_getresult(ctx), SYSCHAR_FLAG_ERROR);
return err;
}
for (i = 0; i < len; i++) {
boolean = SEXP_string_new(booleans[i], strlen(booleans[i]));
if (probe_entobj_cmp(ut_ent, boolean) == OVAL_RESULT_TRUE) {
active = security_get_boolean_active(booleans[i]);
pending = security_get_boolean_pending(booleans[i]);
item = probe_item_create(
OVAL_LINUX_SELINUXBOOLEAN, NULL,
"name", OVAL_DATATYPE_SEXP, boolean,
"current_status", OVAL_DATATYPE_BOOLEAN, active,
"pending_status", OVAL_DATATYPE_BOOLEAN, pending,
NULL);
probe_item_collect(ctx, item);
}
SEXP_free(boolean);
}
for (i = 0; i < len; i++)
free(booleans[i]);
free(booleans);
return 0;
}
int probe_main(probe_ctx *ctx, void *arg)
{
SEXP_t *path_ent, *file_ent, *inst_ent, *bh_ent, *patt_ent, *filepath_ent, *probe_in;
SEXP_t *r0;
/* char *i_val, *m_val, *s_val; */
bool val;
struct pfdata pfd;
int ret = 0;
#if defined USE_REGEX_PCRE
int errorffset = -1;
const char *error;
#elif defined USE_REGEX_POSIX
regex_t _re;
pfd.compiled_regex = &_re;
int err;
#endif
OVAL_FTS *ofts;
OVAL_FTSENT *ofts_ent;
(void)arg;
memset(&pfd, 0, sizeof(pfd));
probe_in = probe_ctx_getobject(ctx);
over = probe_obj_get_platform_schema_version(probe_in);
path_ent = probe_obj_getent(probe_in, "path", 1);
file_ent = probe_obj_getent(probe_in, "filename", 1);
inst_ent = probe_obj_getent(probe_in, "instance", 1);
patt_ent = probe_obj_getent(probe_in, "pattern", 1);
filepath_ent = probe_obj_getent(probe_in, "filepath", 1);
bh_ent = probe_obj_getent(probe_in, "behaviors", 1);
/* we want (path+filename or filepath) + instance + pattern*/
if ( ((path_ent == NULL || file_ent == NULL) && filepath_ent==NULL) ||
inst_ent==NULL ||
patt_ent==NULL) {
SEXP_free (patt_ent);
ret = PROBE_ENOELM;
goto cleanup;
}
/* get pattern from SEXP */
SEXP_t *ent_val;
ent_val = probe_ent_getval(patt_ent);
pfd.pattern = SEXP_string_cstr(ent_val);
assume_d(pfd.pattern != NULL, -1);
SEXP_free(patt_ent);
SEXP_free(ent_val);
/* wtf?
i_val = s_val = "0";
m_val = "1";
*/
/* reset filebehavior attributes if 'filepath' entity is used */
if (filepath_ent != NULL && bh_ent != NULL) {
SEXP_t *r1, *r2, *r3;
r1 = probe_ent_getattrval(bh_ent, "ignore_case");
r2 = probe_ent_getattrval(bh_ent, "multiline");
r3 = probe_ent_getattrval(bh_ent, "singleline");
r0 = probe_attr_creat("ignore_case", r1,
"multiline", r2,
"singleline", r3,
NULL);
SEXP_free(bh_ent);
bh_ent = probe_ent_creat1("behaviors", r0, NULL);
SEXP_vfree(r0, r1, r2, r3, NULL);
}
probe_tfc54behaviors_canonicalize(&bh_ent);
pfd.instance_ent = inst_ent;
pfd.ctx = ctx;
#if defined USE_REGEX_PCRE
pfd.re_opts = PCRE_UTF8;
r0 = probe_ent_getattrval(bh_ent, "ignore_case");
if (r0) {
val = SEXP_string_getb(r0);
SEXP_free(r0);
if (val)
pfd.re_opts |= PCRE_CASELESS;
}
r0 = probe_ent_getattrval(bh_ent, "multiline");
if (r0) {
val = SEXP_string_getb(r0);
SEXP_free(r0);
if (val)
pfd.re_opts |= PCRE_MULTILINE;
}
r0 = probe_ent_getattrval(bh_ent, "singleline");
if (r0) {
val = SEXP_string_getb(r0);
SEXP_free(r0);
if (val)
pfd.re_opts |= PCRE_DOTALL;
}
pfd.compiled_regex = pcre_compile(pfd.pattern, pfd.re_opts, &error,
&errorffset, NULL);
if (pfd.compiled_regex == NULL) {
SEXP_t *msg;
msg = probe_msg_creatf(OVAL_MESSAGE_LEVEL_ERROR, "pcre_compile() '%s' %s.", pfd.pattern, error);
probe_cobj_add_msg(probe_ctx_getresult(pfd.ctx), msg);
SEXP_free(msg);
probe_cobj_set_flag(probe_ctx_getresult(pfd.ctx), SYSCHAR_FLAG_ERROR);
goto cleanup;
}
#elif defined USE_REGEX_POSIX
pfd.re_opts = REG_EXTENDED | REG_NEWLINE;
r0 = probe_ent_getattrval(bh_ent, "ignore_case");
if (r0) {
val = SEXP_string_getb(r0);
SEXP_free(r0);
if (val)
pfd.re_opts |= REG_ICASE;
}
if ((err = regcomp(pfd.compiled_regex, pfd.pattern, pfd.re_opts)) != 0) {
SEXP_t *msg;
msg = probe_msg_creatf(OVAL_MESSAGE_LEVEL_ERROR, "regcomp() '%s' returned %d.", pfd.pattern, err);
probe_cobj_add_msg(probe_ctx_getresult(pfd.ctx), msg);
SEXP_free(msg);
probe_cobj_set_flag(probe_ctx_getresult(pfd.ctx), SYSCHAR_FLAG_ERROR);
goto cleanup;
}
#endif
if ((ofts = oval_fts_open(path_ent, file_ent, filepath_ent, bh_ent)) != NULL) {
while ((ofts_ent = oval_fts_read(ofts)) != NULL) {
if (ofts_ent->fts_info == FTS_F
|| ofts_ent->fts_info == FTS_SL) {
// todo: handle return code
process_file(ofts_ent->path, ofts_ent->file, &pfd);
}
oval_ftsent_free(ofts_ent);
}
oval_fts_close(ofts);
}
cleanup:
SEXP_free(file_ent);
SEXP_free(path_ent);
SEXP_free(inst_ent);
SEXP_free(bh_ent);
SEXP_free(filepath_ent);
if (pfd.pattern != NULL)
oscap_free(pfd.pattern);
#if defined USE_REGEX_PCRE
if (pfd.compiled_regex != NULL)
pcre_free(pfd.compiled_regex);
#elif defined USE_REGEX_POSIX
regfree(&_re);
#endif
return ret;
}
static int process_file(const char *path, const char *file, void *arg)
{
struct pfdata *pfd = (struct pfdata *) arg;
int ret = 0, path_len, file_len, cur_inst = 0, fd = -1, substr_cnt,
buf_size = 0, buf_used = 0, ofs = 0, buf_inc = 4096;
char *whole_path = NULL, *buf = NULL;
SEXP_t *next_inst = NULL;
struct stat st;
if (file == NULL)
goto cleanup;
path_len = strlen(path);
file_len = strlen(file);
whole_path = oscap_alloc(path_len + file_len + 2);
memcpy(whole_path, path, path_len);
if (whole_path[path_len - 1] != FILE_SEPARATOR) {
whole_path[path_len] = FILE_SEPARATOR;
++path_len;
}
memcpy(whole_path + path_len, file, file_len + 1);
/*
* If stat() fails, don't report an error and just skip the file.
* This is an expected situation, because the fts_*() functions
* are called with the 'FTS_PHYSICAL' option. Normally, stumbling
* upon a symlink without a target would cause fts_read() to return
* the 'FTS_SLNONE' flag, but the 'FTS_PHYSICAL' option causes it
* to return 'FTS_SL' and the presence of a valid target has to
* be determined with stat().
*/
if (stat(whole_path, &st) == -1)
goto cleanup;
if (!S_ISREG(st.st_mode))
goto cleanup;
fd = open(whole_path, O_RDONLY);
if (fd == -1) {
SEXP_t *msg;
msg = probe_msg_creatf(OVAL_MESSAGE_LEVEL_ERROR, "open(): '%s' %s.", whole_path, strerror(errno));
probe_cobj_add_msg(probe_ctx_getresult(pfd->ctx), msg);
SEXP_free(msg);
probe_cobj_set_flag(probe_ctx_getresult(pfd->ctx), SYSCHAR_FLAG_ERROR);
ret = -1;
goto cleanup;
}
do {
buf_size += buf_inc;
buf = oscap_realloc(buf, buf_size);
ret = read(fd, buf + buf_used, buf_inc);
if (ret == -1) {
SEXP_t *msg;
msg = probe_msg_creatf(OVAL_MESSAGE_LEVEL_ERROR, "read(): '%s' %s.", whole_path, strerror(errno));
probe_cobj_add_msg(probe_ctx_getresult(pfd->ctx), msg);
SEXP_free(msg);
probe_cobj_set_flag(probe_ctx_getresult(pfd->ctx), SYSCHAR_FLAG_ERROR);
ret = -2;
goto cleanup;
}
buf_used += ret;
} while (ret == buf_inc);
if (buf_used == buf_size)
buf = realloc(buf, ++buf_size);
buf[buf_used++] = '\0';
do {
char **substrs;
int want_instance;
next_inst = SEXP_number_newi_32(cur_inst + 1);
if (probe_entobj_cmp(pfd->instance_ent, next_inst) == OVAL_RESULT_TRUE)
want_instance = 1;
else
want_instance = 0;
SEXP_free(next_inst);
substr_cnt = get_substrings(buf, &ofs, pfd->compiled_regex, want_instance, &substrs);
if (substr_cnt > 0) {
++cur_inst;
if (want_instance) {
int k;
SEXP_t *item;
item = create_item(path, file, pfd->pattern,
cur_inst, substrs, substr_cnt);
probe_item_collect(pfd->ctx, item);
for (k = 0; k < substr_cnt; ++k)
oscap_free(substrs[k]);
oscap_free(substrs);
}
}
} while (substr_cnt > 0 && ofs < buf_used);
cleanup:
if (fd != -1)
close(fd);
oscap_free(buf);
if (whole_path != NULL)
oscap_free(whole_path);
return ret;
}
static int read_environment(SEXP_t *pid_ent, SEXP_t *name_ent, probe_ctx *ctx)
{
int err = 1, pid, fd;
bool empty;
size_t env_name_size;
SEXP_t *env_name, *env_value, *item, *pid_sexp;
DIR *d;
struct dirent *d_entry;
char *buffer, env_file[256], *null_char;
ssize_t buffer_used;
size_t buffer_size;
d = opendir("/proc");
if (d == NULL) {
dE("Can't read /proc: errno=%d, %s.\n", errno, strerror (errno));
return PROBE_EACCESS;
}
if ((buffer = oscap_realloc(NULL, BUFFER_SIZE)) == NULL) {
dE("Can't allocate memory");
closedir(d);
return PROBE_EFAULT;
}
buffer_size = BUFFER_SIZE;
while ((d_entry = readdir(d))) {
if (strspn(d_entry->d_name, "0123456789") != strlen(d_entry->d_name))
continue;
pid = atoi(d_entry->d_name);
pid_sexp = SEXP_number_newi_32(pid);
if (probe_entobj_cmp(pid_ent, pid_sexp) != OVAL_RESULT_TRUE) {
SEXP_free(pid_sexp);
continue;
}
SEXP_free(pid_sexp);
sprintf(env_file, "/proc/%d/environ", pid);
if ((fd = open(env_file, O_RDONLY)) == -1) {
dE("Can't open \"%s\": errno=%d, %s.\n", env_file, errno, strerror (errno));
item = probe_item_create(
OVAL_INDEPENDENT_ENVIRONMENT_VARIABLE58, NULL,
"pid", OVAL_DATATYPE_INTEGER, (int64_t)pid,
NULL
);
probe_item_setstatus(item, SYSCHAR_STATUS_ERROR);
probe_item_add_msg(item, OVAL_MESSAGE_LEVEL_ERROR,
"Can't open \"%s\": errno=%d, %s.", env_file, errno, strerror (errno));
probe_item_collect(ctx, item);
continue;
}
empty = true;
if ((buffer_used = read(fd, buffer, buffer_size - 1)) > 0) {
empty = false;
}
while (! empty) {
while (! (null_char = memchr(buffer, 0, buffer_used))) {
ssize_t s;
if ((size_t)buffer_used >= buffer_size) {
buffer_size += BUFFER_SIZE;
buffer = oscap_realloc(buffer, buffer_size);
if (buffer == NULL) {
dE("Can't allocate memory");
exit(ENOMEM);
}
}
s = read(fd, buffer + buffer_used, buffer_size - buffer_used);
if (s <= 0) {
empty = true;
buffer[buffer_used++] = 0;
}
else {
buffer_used += s;
}
}
do {
char *eq_char = strchr(buffer, '=');
if (eq_char == NULL) {
/* strange but possible:
* $ strings /proc/1218/environ
/dev/input/event0 /dev/input/event1 /dev/input/event4 /dev/input/event3
*/
buffer_used -= null_char + 1 - buffer;
memmove(buffer, null_char + 1, buffer_used);
continue;
}
env_name_size = eq_char - buffer;
env_name = SEXP_string_new(buffer, env_name_size);
env_value = SEXP_string_newf("%s", buffer + env_name_size + 1);
if (probe_entobj_cmp(name_ent, env_name) == OVAL_RESULT_TRUE) {
item = probe_item_create(
OVAL_INDEPENDENT_ENVIRONMENT_VARIABLE58, NULL,
"pid", OVAL_DATATYPE_INTEGER, (int64_t)pid,
"name", OVAL_DATATYPE_SEXP, env_name,
"value", OVAL_DATATYPE_SEXP, env_value,
NULL);
probe_item_collect(ctx, item);
err = 0;
}
SEXP_free(env_name);
SEXP_free(env_value);
buffer_used -= null_char + 1 - buffer;
memmove(buffer, null_char + 1, buffer_used);
} while ((null_char = memchr(buffer, 0, buffer_used)));
}
close(fd);
}
closedir(d);
oscap_free(buffer);
if (err) {
SEXP_t *msg = probe_msg_creatf(OVAL_MESSAGE_LEVEL_ERROR,
"Can't find process with requested PID.");
probe_cobj_add_msg(probe_ctx_getresult(ctx), msg);
SEXP_free(msg);
err = 0;
}
return err;
}
int textfilecontent_probe_main(probe_ctx *ctx, void *arg)
{
SEXP_t *path_ent, *filename_ent, *line_ent, *behaviors_ent, *filepath_ent, *probe_in;
char *pattern;
OVAL_FTS *ofts;
OVAL_FTSENT *ofts_ent;
(void)arg;
probe_in = probe_ctx_getobject(ctx);
oval_schema_version_t over = probe_obj_get_platform_schema_version(probe_in);
path_ent = probe_obj_getent(probe_in, "path", 1);
filename_ent = probe_obj_getent(probe_in, "filename", 1);
line_ent = probe_obj_getent(probe_in, "line", 1);
filepath_ent = probe_obj_getent(probe_in, "filepath", 1);
behaviors_ent = probe_obj_getent(probe_in, "behaviors", 1);
if ( ((path_ent == NULL || filename_ent == NULL) && filepath_ent==NULL) ||
line_ent==NULL ) {
SEXP_free (path_ent);
SEXP_free (filename_ent);
SEXP_free (line_ent);
SEXP_free (filepath_ent);
SEXP_free (behaviors_ent);
return PROBE_ENOELM;
}
/* get pattern from SEXP */
SEXP_t *ent_val;
ent_val = probe_ent_getval(line_ent);
pattern = SEXP_string_cstr(ent_val);
SEXP_free(line_ent);
SEXP_free(ent_val);
if (pattern == NULL) {
SEXP_free(path_ent);
SEXP_free(filename_ent);
SEXP_free(filepath_ent);
SEXP_free(behaviors_ent);
return -1;
}
/* behaviours are not important if filepath is used */
if(filepath_ent != NULL && behaviors_ent != NULL) {
SEXP_free (behaviors_ent);
behaviors_ent = NULL;
}
probe_filebehaviors_canonicalize(&behaviors_ent);
struct pfdata pfd;
pfd.pattern = pattern;
pfd.filename_ent = filename_ent;
pfd.ctx = ctx;
const char *prefix = getenv("OSCAP_PROBE_ROOT");
if ((ofts = oval_fts_open_prefixed(prefix, path_ent, filename_ent, filepath_ent, behaviors_ent, probe_ctx_getresult(ctx))) != NULL) {
while ((ofts_ent = oval_fts_read(ofts)) != NULL) {
if (ofts_ent->fts_info == FTS_F
|| ofts_ent->fts_info == FTS_SL) {
// todo: handle return code
process_file(prefix, ofts_ent->path, ofts_ent->file, &pfd, over);
}
oval_ftsent_free(ofts_ent);
}
oval_fts_close(ofts);
}
SEXP_free(path_ent);
SEXP_free(filename_ent);
SEXP_free(behaviors_ent);
SEXP_free(filepath_ent);
free(pattern);
return 0;
}
int probe_main(probe_ctx *ctx, void *arg)
{
SEXP_t *path_ent, *file_ent, *inst_ent, *bh_ent, *patt_ent, *filepath_ent, *probe_in;
SEXP_t *r0;
/* char *i_val, *m_val, *s_val; */
bool val;
struct pfdata pfd;
int ret = 0;
int errorffset = -1;
const char *error;
OVAL_FTS *ofts;
OVAL_FTSENT *ofts_ent;
char path_with_root[PATH_MAX + 1];
unsigned int root_len = 0;
(void)arg;
memset(&pfd, 0, sizeof(pfd));
probe_in = probe_ctx_getobject(ctx);
over = probe_obj_get_platform_schema_version(probe_in);
path_ent = probe_obj_getent(probe_in, "path", 1);
file_ent = probe_obj_getent(probe_in, "filename", 1);
inst_ent = probe_obj_getent(probe_in, "instance", 1);
patt_ent = probe_obj_getent(probe_in, "pattern", 1);
filepath_ent = probe_obj_getent(probe_in, "filepath", 1);
bh_ent = probe_obj_getent(probe_in, "behaviors", 1);
/* we want (path+filename or filepath) + instance + pattern*/
if ( ((path_ent == NULL || file_ent == NULL) && filepath_ent==NULL) ||
inst_ent==NULL ||
patt_ent==NULL) {
SEXP_free (patt_ent);
ret = PROBE_ENOELM;
goto cleanup;
}
/* get pattern from SEXP */
SEXP_t *ent_val;
ent_val = probe_ent_getval(patt_ent);
pfd.pattern = SEXP_string_cstr(ent_val);
assume_d(pfd.pattern != NULL, -1);
SEXP_free(patt_ent);
SEXP_free(ent_val);
/* wtf?
i_val = s_val = "0";
m_val = "1";
*/
/* reset filebehavior attributes if 'filepath' entity is used */
if (filepath_ent != NULL && bh_ent != NULL) {
SEXP_t *r1, *r2, *r3;
r1 = r2 = r3 = NULL;
if (probe_ent_attrexists(bh_ent, "ignore_case")) {
r1 = probe_ent_getattrval(bh_ent, "ignore_case");
}
if (probe_ent_attrexists(bh_ent, "multiline")) {
r2 = probe_ent_getattrval(bh_ent, "multiline");
}
if (probe_ent_attrexists(bh_ent, "singleline")) {
r3 = probe_ent_getattrval(bh_ent, "singleline");
}
r0 = SEXP_list_new(NULL);
SEXP_free(bh_ent);
bh_ent = probe_ent_creat1("behaviors", r0, NULL);
SEXP_free(r0);
if (r1) {
probe_ent_attr_add(bh_ent, "ignore_case", r1);
SEXP_free(r1);
}
if (r2) {
probe_ent_attr_add(bh_ent, "multiline", r2);
SEXP_free(r2);
}
if (r3) {
probe_ent_attr_add(bh_ent, "singleline", r3);
SEXP_free(r3);
}
}
probe_tfc54behaviors_canonicalize(&bh_ent);
pfd.instance_ent = inst_ent;
pfd.ctx = ctx;
pfd.re_opts = PCRE_UTF8;
r0 = probe_ent_getattrval(bh_ent, "ignore_case");
if (r0) {
val = SEXP_string_getb(r0);
SEXP_free(r0);
if (val)
pfd.re_opts |= PCRE_CASELESS;
}
r0 = probe_ent_getattrval(bh_ent, "multiline");
if (r0) {
val = SEXP_string_getb(r0);
SEXP_free(r0);
if (val)
pfd.re_opts |= PCRE_MULTILINE;
}
r0 = probe_ent_getattrval(bh_ent, "singleline");
if (r0) {
val = SEXP_string_getb(r0);
SEXP_free(r0);
if (val)
pfd.re_opts |= PCRE_DOTALL;
}
pfd.compiled_regex = pcre_compile(pfd.pattern, pfd.re_opts, &error,
&errorffset, NULL);
if (pfd.compiled_regex == NULL) {
SEXP_t *msg;
msg = probe_msg_creatf(OVAL_MESSAGE_LEVEL_ERROR, "pcre_compile() '%s' %s.", pfd.pattern, error);
probe_cobj_add_msg(probe_ctx_getresult(pfd.ctx), msg);
SEXP_free(msg);
probe_cobj_set_flag(probe_ctx_getresult(pfd.ctx), SYSCHAR_FLAG_ERROR);
goto cleanup;
}
path_with_root[PATH_MAX] = '\0';
if (OSCAP_GSYM(offline_mode) & PROBE_OFFLINE_OWN) {
strncpy(path_with_root, getenv("OSCAP_PROBE_ROOT"), PATH_MAX);
root_len = strlen(path_with_root);
if (path_with_root[root_len - 1] == FILE_SEPARATOR)
--root_len;
}
if ((ofts = oval_fts_open(path_ent, file_ent, filepath_ent, bh_ent, probe_ctx_getresult(ctx))) != NULL) {
while ((ofts_ent = oval_fts_read(ofts)) != NULL) {
if (ofts_ent->fts_info == FTS_F
|| ofts_ent->fts_info == FTS_SL) {
strncpy(path_with_root + root_len, ofts_ent->path, PATH_MAX - root_len);
// todo: handle return code
process_file(path_with_root, ofts_ent->file, &pfd);
}
oval_ftsent_free(ofts_ent);
}
oval_fts_close(ofts);
}
cleanup:
SEXP_free(file_ent);
SEXP_free(path_ent);
SEXP_free(inst_ent);
SEXP_free(bh_ent);
SEXP_free(filepath_ent);
if (pfd.pattern != NULL)
free(pfd.pattern);
if (pfd.compiled_regex != NULL)
pcre_free(pfd.compiled_regex);
return ret;
}
int probe_main(probe_ctx *ctx, void *arg)
{
SEXP_t *object;
int err;
llist ll;
object = probe_ctx_getobject(ctx);
req.protocol_ent = probe_obj_getent(object, "protocol", 1);
if (req.protocol_ent == NULL) {
err = PROBE_ENOVAL;
goto cleanup;
}
req.local_address_ent = probe_obj_getent(object, "local_address", 1);
if (req.local_address_ent == NULL) {
err = PROBE_ENOVAL;
goto cleanup;
}
req.local_port_ent = probe_obj_getent(object, "local_port", 1);
if (req.local_port_ent == NULL) {
err = PROBE_ENOVAL;
goto cleanup;
}
// Now start collecting the info
list_create(&ll);
if (collect_process_info(&ll)) {
SEXP_t *msg;
msg = probe_msg_creat(OVAL_MESSAGE_LEVEL_ERROR, "Permission error.");
probe_cobj_add_msg(probe_ctx_getresult(ctx), msg);
SEXP_free(msg);
probe_cobj_set_flag(probe_ctx_getresult(ctx), SYSCHAR_FLAG_ERROR);
err = 0;
goto cleanup;
}
// Now we check the tcp socket list...
read_tcp("/proc/net/tcp", "tcp", &ll, ctx);
read_tcp("/proc/net/tcp6", "tcp", &ll, ctx);
// Next udp sockets...
read_udp("/proc/net/udp", "udp", &ll, ctx);
read_udp("/proc/net/udp6", "udp", &ll, ctx);
// Next, raw sockets...not exactly part of standard yet. They
// can be used to send datagrams, so we will pretend they are udp
read_raw("/proc/net/raw", "udp", &ll, ctx);
read_raw("/proc/net/raw6", "udp", &ll, ctx);
list_clear(&ll);
err = 0;
cleanup:
SEXP_vfree(req.protocol_ent, req.local_address_ent, req.local_port_ent, NULL);
return err;
}
int probe_main (probe_ctx *ctx, void *mutex)
{
SEXP_t *path, *filename, *behaviors;
SEXP_t *filepath, *attribute_, *probe_in;
int err;
struct cbargs cbargs;
OVAL_FTS *ofts;
OVAL_FTSENT *ofts_ent;
if (mutex == NULL)
return PROBE_EINIT;
_A(mutex == &__file_probe_mutex);
probe_in = probe_ctx_getobject(ctx);
path = probe_obj_getent (probe_in, "path", 1);
filename = probe_obj_getent (probe_in, "filename", 1);
behaviors = probe_obj_getent (probe_in, "behaviors", 1);
filepath = probe_obj_getent (probe_in, "filepath", 1);
attribute_ = probe_obj_getent (probe_in, "attribute_name", 1);
/* we want either path+filename or filepath */
if (((path == NULL || filename == NULL) && filepath == NULL)
|| attribute_ == NULL)
{
SEXP_free (behaviors);
SEXP_free (path);
SEXP_free (filename);
SEXP_free (filepath);
SEXP_free (attribute_);
return PROBE_ENOELM;
}
probe_filebehaviors_canonicalize(&behaviors);
switch (pthread_mutex_lock (&__file_probe_mutex)) {
case 0:
break;
default:
dI("Can't lock mutex(%p): %u, %s.", &__file_probe_mutex, errno, strerror (errno));
SEXP_free(path);
SEXP_free(filename);
SEXP_free(filepath);
SEXP_free(behaviors);
SEXP_free(attribute_);
return PROBE_EFATAL;
}
cbargs.ctx = ctx;
cbargs.error = 0;
cbargs.attr_ent = attribute_;
if ((ofts = oval_fts_open(path, filename, filepath, behaviors, probe_ctx_getresult(ctx))) != NULL) {
while ((ofts_ent = oval_fts_read(ofts)) != NULL) {
file_cb(ofts_ent->path, ofts_ent->file, &cbargs);
oval_ftsent_free(ofts_ent);
}
oval_fts_close(ofts);
}
err = 0;
SEXP_free(path);
SEXP_free(filename);
SEXP_free(filepath);
SEXP_free(behaviors);
SEXP_free(attribute_);
switch (pthread_mutex_unlock (&__file_probe_mutex)) {
case 0:
break;
default:
dI("Can't unlock mutex(%p): %u, %s.", &__file_probe_mutex, errno, strerror (errno));
return PROBE_EFATAL;
}
return err;
}