oval_result_t probe_ent_cmp_version(SEXP_t * val1, SEXP_t * val2, oval_operation_t op)
{
const char *state_version = SEXP_string_cstr(val1);
const char *sys_version = SEXP_string_cstr(val2);
oval_result_t result = oval_versiontype_cmp(state_version, sys_version, op);
oscap_free(state_version);
oscap_free(sys_version);
return result;
}
oval_result_t probe_ent_cmp_evr(SEXP_t * val1, SEXP_t * val2, oval_operation_t op)
{
oval_result_t result = OVAL_RESULT_ERROR;
char *s1 = SEXP_string_cstr(val1);
char *s2 = SEXP_string_cstr(val2);
result = oval_evr_string_cmp(s1, s2, op);
oscap_free(s1);
oscap_free(s2);
return result;
}
static oval_result_t probe_ent_cmp_ipaddr(int af, SEXP_t *val1, SEXP_t *val2, oval_operation_t op)
{
oval_result_t result = OVAL_RESULT_ERROR;
char *addr1 = SEXP_string_cstr(val1);
char *addr2 = SEXP_string_cstr(val2);
result = oval_ipaddr_cmp(af, addr1, addr2, op);
oscap_free(addr1);
oscap_free(addr2);
return result;
}
static SEXP_t *oval_probe_cmd_obj_eval(SEXP_t *sexp, void *arg)
{
char *id_str;
struct oval_definition_model *defs;
struct oval_object *obj;
struct oval_syschar *res;
oval_pext_t *pext = (oval_pext_t *) arg;
SEXP_t *ret, *ret_code;
int r;
if (sexp == NULL || arg == NULL) {
return NULL;
}
if (!SEXP_stringp(sexp)) {
dE("Invalid argument: type=%s.", SEXP_strtype(sexp));
return (NULL);
}
id_str = SEXP_string_cstr(sexp);
defs = oval_syschar_model_get_definition_model(*(pext->model));
obj = oval_definition_model_get_object(defs, id_str);
ret = SEXP_list_new (sexp, NULL);
dI("Get_object: %s.", id_str);
if (obj == NULL) {
dE("Can't find obj: id=%s.", id_str);
free(id_str);
SEXP_free(ret);
return (NULL);
}
oscap_clearerr();
r = oval_probe_query_object(pext->sess_ptr, obj, OVAL_PDFLAG_NOREPLY|OVAL_PDFLAG_SLAVE, &res);
if (r < 0)
ret_code = SEXP_number_newu((unsigned int) SYSCHAR_FLAG_COMPLETE);
else
ret_code = SEXP_number_newu((unsigned int) oval_syschar_get_flag(res));
SEXP_list_add(ret, ret_code);
SEXP_free(ret_code);
if (oscap_err()) {
dE("Failed: id: %s, err: %d, %s.",
id_str, oscap_err_family(), oscap_err_desc());
oscap_clearerr();
free(id_str);
SEXP_free(ret);
return (NULL);
}
free(id_str);
return (ret);
}
static SEXP_t *oval_probe_cmd_ste_fetch(SEXP_t *sexp, void *arg)
{
SEXP_t *id, *ste_list, *ste_sexp;
char *id_str;
struct oval_state *ste;
struct oval_definition_model *definition_model;
oval_pext_t *pext = (oval_pext_t *)arg;
int ret;
if (sexp == NULL || arg == NULL) {
return NULL;
}
ste_list = SEXP_list_new(NULL);
SEXP_list_foreach(id, sexp) {
if (SEXP_stringp(id)) {
id_str = SEXP_string_cstr(id);
definition_model = oval_syschar_model_get_definition_model(*(pext->model));
ste = oval_definition_model_get_state(definition_model, id_str);
if (ste == NULL) {
dE("Can't find ste: id: %s.", id_str);
SEXP_list_free(ste_list);
free(id_str);
SEXP_free(id);
return (NULL);
}
ret = oval_state_to_sexp(pext->sess_ptr, ste, &ste_sexp);
if (ret !=0) {
dE("Failed to convert OVAL state to SEXP, id: %s.",
id_str);
SEXP_list_free(ste_list);
free(id_str);
SEXP_free(id);
return (NULL);
}
SEXP_list_add(ste_list, ste_sexp);
SEXP_free(ste_sexp);
free(id_str);
}
}
return (ste_list);
}
SEXP_t *probe_rcache_sexp_get(probe_rcache_t *cache, const SEXP_t * id)
{
char b[128], *k = b;
SEXP_t *r = NULL;
if (SEXP_string_cstr_r(id, k, sizeof b) == ((size_t)-1))
k = SEXP_string_cstr(id);
if (k == NULL)
return(NULL);
rbt_str_get(cache->tree, k, (void *)&r);
if (k != b)
free(k);
return (r != NULL ? SEXP_ref(r) : NULL);
}
int probe_rcache_sexp_add(probe_rcache_t *cache, const SEXP_t *id, SEXP_t *item)
{
SEXP_t *r;
char *k;
assume_d(cache != NULL, -1);
assume_d(id != NULL, -1);
assume_d(item != NULL, -1);
k = SEXP_string_cstr(id);
r = SEXP_ref(item);
if (rbt_str_add(cache->tree, k, (void *)r) != 0) {
SEXP_free(r);
free(k);
return (-1);
}
return (0);
}
static struct oval_message *oval_sexp_to_msg(const SEXP_t *msg)
{
struct oval_message *message;
SEXP_t *r0;
oval_message_level_t lvl;
char *str;
message = oval_message_new();
r0 = SEXP_list_first(msg);
lvl = SEXP_number_getu(r0);
SEXP_free(r0);
oval_message_set_level(message, lvl);
r0 = SEXP_list_nth(msg, 2);
str = SEXP_string_cstr(r0);
SEXP_free(r0);
oval_message_set_text(message, str);
free(str);
return message;
}
int accesstoken_probe_main(probe_ctx *ctx, void *arg)
{
SEXP_t *probe_in = probe_ctx_getobject(ctx);
SEXP_t *behaviors_ent = probe_obj_getent(probe_in, "behaviors", 1);
SEXP_t *security_principle_ent = probe_obj_getent(probe_in, "security_principle", 1);
SEXP_t *security_principle_val = probe_ent_getval(security_principle_ent);
bool include_group = accesstoken_behaviors_get_include_group(behaviors_ent);
bool resolve_group = accesstoken_behaviors_get_resolve_group(behaviors_ent);
oval_operation_t operation = probe_ent_getoperation(security_principle_ent, OVAL_OPERATION_EQUALS);
if (operation == OVAL_OPERATION_EQUALS) {
char *security_principle_str = SEXP_string_cstr(security_principle_val);
WCHAR *security_principle_wstr = oscap_windows_str_to_wstr(security_principle_str);
collect_access_rights(ctx, security_principle_wstr, include_group, resolve_group);
free(security_principle_str);
free(security_principle_wstr);
} else {
struct oscap_list *trustees_list = oscap_list_new();
get_all_trustee_names(trustees_list);
struct oscap_iterator *it = oscap_iterator_new(trustees_list);
while (oscap_iterator_has_more(it)) {
WCHAR *trustee_wstr = oscap_iterator_next(it);
char *trustee_str = oscap_windows_wstr_to_str(trustee_wstr);
SEXP_t *tmp = SEXP_string_new(trustee_str, strlen(trustee_str));
if (probe_entobj_cmp(security_principle_ent, tmp) == OVAL_RESULT_TRUE) {
collect_access_rights(ctx, trustee_wstr, include_group, resolve_group);
}
free(trustee_str);
SEXP_free(tmp);
}
oscap_iterator_free(it);
oscap_list_free(trustees_list, free);
}
SEXP_free(behaviors_ent);
SEXP_free(security_principle_ent);
SEXP_free(security_principle_val);
return 0;
}
int probe_main(probe_ctx *ctx, void *arg)
{
SEXP_t *path_ent, *file_ent, *inst_ent, *bh_ent, *patt_ent, *filepath_ent, *probe_in;
SEXP_t *r0;
/* char *i_val, *m_val, *s_val; */
bool val;
struct pfdata pfd;
int ret = 0;
#if defined USE_REGEX_PCRE
int errorffset = -1;
const char *error;
#elif defined USE_REGEX_POSIX
regex_t _re;
pfd.compiled_regex = &_re;
int err;
#endif
OVAL_FTS *ofts;
OVAL_FTSENT *ofts_ent;
(void)arg;
memset(&pfd, 0, sizeof(pfd));
probe_in = probe_ctx_getobject(ctx);
over = probe_obj_get_platform_schema_version(probe_in);
path_ent = probe_obj_getent(probe_in, "path", 1);
file_ent = probe_obj_getent(probe_in, "filename", 1);
inst_ent = probe_obj_getent(probe_in, "instance", 1);
patt_ent = probe_obj_getent(probe_in, "pattern", 1);
filepath_ent = probe_obj_getent(probe_in, "filepath", 1);
bh_ent = probe_obj_getent(probe_in, "behaviors", 1);
/* we want (path+filename or filepath) + instance + pattern*/
if ( ((path_ent == NULL || file_ent == NULL) && filepath_ent==NULL) ||
inst_ent==NULL ||
patt_ent==NULL) {
SEXP_free (patt_ent);
ret = PROBE_ENOELM;
goto cleanup;
}
/* get pattern from SEXP */
SEXP_t *ent_val;
ent_val = probe_ent_getval(patt_ent);
pfd.pattern = SEXP_string_cstr(ent_val);
assume_d(pfd.pattern != NULL, -1);
SEXP_free(patt_ent);
SEXP_free(ent_val);
/* wtf?
i_val = s_val = "0";
m_val = "1";
*/
/* reset filebehavior attributes if 'filepath' entity is used */
if (filepath_ent != NULL && bh_ent != NULL) {
SEXP_t *r1, *r2, *r3;
r1 = probe_ent_getattrval(bh_ent, "ignore_case");
r2 = probe_ent_getattrval(bh_ent, "multiline");
r3 = probe_ent_getattrval(bh_ent, "singleline");
r0 = probe_attr_creat("ignore_case", r1,
"multiline", r2,
"singleline", r3,
NULL);
SEXP_free(bh_ent);
bh_ent = probe_ent_creat1("behaviors", r0, NULL);
SEXP_vfree(r0, r1, r2, r3, NULL);
}
probe_tfc54behaviors_canonicalize(&bh_ent);
pfd.instance_ent = inst_ent;
pfd.ctx = ctx;
#if defined USE_REGEX_PCRE
pfd.re_opts = PCRE_UTF8;
r0 = probe_ent_getattrval(bh_ent, "ignore_case");
if (r0) {
val = SEXP_string_getb(r0);
SEXP_free(r0);
if (val)
pfd.re_opts |= PCRE_CASELESS;
}
r0 = probe_ent_getattrval(bh_ent, "multiline");
if (r0) {
val = SEXP_string_getb(r0);
SEXP_free(r0);
if (val)
pfd.re_opts |= PCRE_MULTILINE;
}
r0 = probe_ent_getattrval(bh_ent, "singleline");
if (r0) {
val = SEXP_string_getb(r0);
SEXP_free(r0);
if (val)
pfd.re_opts |= PCRE_DOTALL;
}
pfd.compiled_regex = pcre_compile(pfd.pattern, pfd.re_opts, &error,
&errorffset, NULL);
if (pfd.compiled_regex == NULL) {
SEXP_t *msg;
msg = probe_msg_creatf(OVAL_MESSAGE_LEVEL_ERROR, "pcre_compile() '%s' %s.", pfd.pattern, error);
probe_cobj_add_msg(probe_ctx_getresult(pfd.ctx), msg);
SEXP_free(msg);
probe_cobj_set_flag(probe_ctx_getresult(pfd.ctx), SYSCHAR_FLAG_ERROR);
goto cleanup;
}
#elif defined USE_REGEX_POSIX
pfd.re_opts = REG_EXTENDED | REG_NEWLINE;
r0 = probe_ent_getattrval(bh_ent, "ignore_case");
if (r0) {
val = SEXP_string_getb(r0);
SEXP_free(r0);
if (val)
pfd.re_opts |= REG_ICASE;
}
if ((err = regcomp(pfd.compiled_regex, pfd.pattern, pfd.re_opts)) != 0) {
SEXP_t *msg;
msg = probe_msg_creatf(OVAL_MESSAGE_LEVEL_ERROR, "regcomp() '%s' returned %d.", pfd.pattern, err);
probe_cobj_add_msg(probe_ctx_getresult(pfd.ctx), msg);
SEXP_free(msg);
probe_cobj_set_flag(probe_ctx_getresult(pfd.ctx), SYSCHAR_FLAG_ERROR);
goto cleanup;
}
#endif
if ((ofts = oval_fts_open(path_ent, file_ent, filepath_ent, bh_ent)) != NULL) {
while ((ofts_ent = oval_fts_read(ofts)) != NULL) {
if (ofts_ent->fts_info == FTS_F
|| ofts_ent->fts_info == FTS_SL) {
// todo: handle return code
process_file(ofts_ent->path, ofts_ent->file, &pfd);
}
oval_ftsent_free(ofts_ent);
}
oval_fts_close(ofts);
}
cleanup:
SEXP_free(file_ent);
SEXP_free(path_ent);
SEXP_free(inst_ent);
SEXP_free(bh_ent);
SEXP_free(filepath_ent);
if (pfd.pattern != NULL)
oscap_free(pfd.pattern);
#if defined USE_REGEX_PCRE
if (pfd.compiled_regex != NULL)
pcre_free(pfd.compiled_regex);
#elif defined USE_REGEX_POSIX
regfree(&_re);
#endif
return ret;
}
int textfilecontent_probe_main(probe_ctx *ctx, void *arg)
{
SEXP_t *path_ent, *filename_ent, *line_ent, *behaviors_ent, *filepath_ent, *probe_in;
char *pattern;
OVAL_FTS *ofts;
OVAL_FTSENT *ofts_ent;
(void)arg;
probe_in = probe_ctx_getobject(ctx);
oval_schema_version_t over = probe_obj_get_platform_schema_version(probe_in);
path_ent = probe_obj_getent(probe_in, "path", 1);
filename_ent = probe_obj_getent(probe_in, "filename", 1);
line_ent = probe_obj_getent(probe_in, "line", 1);
filepath_ent = probe_obj_getent(probe_in, "filepath", 1);
behaviors_ent = probe_obj_getent(probe_in, "behaviors", 1);
if ( ((path_ent == NULL || filename_ent == NULL) && filepath_ent==NULL) ||
line_ent==NULL ) {
SEXP_free (path_ent);
SEXP_free (filename_ent);
SEXP_free (line_ent);
SEXP_free (filepath_ent);
SEXP_free (behaviors_ent);
return PROBE_ENOELM;
}
/* get pattern from SEXP */
SEXP_t *ent_val;
ent_val = probe_ent_getval(line_ent);
pattern = SEXP_string_cstr(ent_val);
SEXP_free(line_ent);
SEXP_free(ent_val);
if (pattern == NULL) {
SEXP_free(path_ent);
SEXP_free(filename_ent);
SEXP_free(filepath_ent);
SEXP_free(behaviors_ent);
return -1;
}
/* behaviours are not important if filepath is used */
if(filepath_ent != NULL && behaviors_ent != NULL) {
SEXP_free (behaviors_ent);
behaviors_ent = NULL;
}
probe_filebehaviors_canonicalize(&behaviors_ent);
struct pfdata pfd;
pfd.pattern = pattern;
pfd.filename_ent = filename_ent;
pfd.ctx = ctx;
const char *prefix = getenv("OSCAP_PROBE_ROOT");
if ((ofts = oval_fts_open_prefixed(prefix, path_ent, filename_ent, filepath_ent, behaviors_ent, probe_ctx_getresult(ctx))) != NULL) {
while ((ofts_ent = oval_fts_read(ofts)) != NULL) {
if (ofts_ent->fts_info == FTS_F
|| ofts_ent->fts_info == FTS_SL) {
// todo: handle return code
process_file(prefix, ofts_ent->path, ofts_ent->file, &pfd, over);
}
oval_ftsent_free(ofts_ent);
}
oval_fts_close(ofts);
}
SEXP_free(path_ent);
SEXP_free(filename_ent);
SEXP_free(behaviors_ent);
SEXP_free(filepath_ent);
free(pattern);
return 0;
}
int probe_main(probe_ctx *ctx, void *arg)
{
SEXP_t *path_ent, *file_ent, *inst_ent, *bh_ent, *patt_ent, *filepath_ent, *probe_in;
SEXP_t *r0;
/* char *i_val, *m_val, *s_val; */
bool val;
struct pfdata pfd;
int ret = 0;
int errorffset = -1;
const char *error;
OVAL_FTS *ofts;
OVAL_FTSENT *ofts_ent;
char path_with_root[PATH_MAX + 1];
unsigned int root_len = 0;
(void)arg;
memset(&pfd, 0, sizeof(pfd));
probe_in = probe_ctx_getobject(ctx);
over = probe_obj_get_platform_schema_version(probe_in);
path_ent = probe_obj_getent(probe_in, "path", 1);
file_ent = probe_obj_getent(probe_in, "filename", 1);
inst_ent = probe_obj_getent(probe_in, "instance", 1);
patt_ent = probe_obj_getent(probe_in, "pattern", 1);
filepath_ent = probe_obj_getent(probe_in, "filepath", 1);
bh_ent = probe_obj_getent(probe_in, "behaviors", 1);
/* we want (path+filename or filepath) + instance + pattern*/
if ( ((path_ent == NULL || file_ent == NULL) && filepath_ent==NULL) ||
inst_ent==NULL ||
patt_ent==NULL) {
SEXP_free (patt_ent);
ret = PROBE_ENOELM;
goto cleanup;
}
/* get pattern from SEXP */
SEXP_t *ent_val;
ent_val = probe_ent_getval(patt_ent);
pfd.pattern = SEXP_string_cstr(ent_val);
assume_d(pfd.pattern != NULL, -1);
SEXP_free(patt_ent);
SEXP_free(ent_val);
/* wtf?
i_val = s_val = "0";
m_val = "1";
*/
/* reset filebehavior attributes if 'filepath' entity is used */
if (filepath_ent != NULL && bh_ent != NULL) {
SEXP_t *r1, *r2, *r3;
r1 = r2 = r3 = NULL;
if (probe_ent_attrexists(bh_ent, "ignore_case")) {
r1 = probe_ent_getattrval(bh_ent, "ignore_case");
}
if (probe_ent_attrexists(bh_ent, "multiline")) {
r2 = probe_ent_getattrval(bh_ent, "multiline");
}
if (probe_ent_attrexists(bh_ent, "singleline")) {
r3 = probe_ent_getattrval(bh_ent, "singleline");
}
r0 = SEXP_list_new(NULL);
SEXP_free(bh_ent);
bh_ent = probe_ent_creat1("behaviors", r0, NULL);
SEXP_free(r0);
if (r1) {
probe_ent_attr_add(bh_ent, "ignore_case", r1);
SEXP_free(r1);
}
if (r2) {
probe_ent_attr_add(bh_ent, "multiline", r2);
SEXP_free(r2);
}
if (r3) {
probe_ent_attr_add(bh_ent, "singleline", r3);
SEXP_free(r3);
}
}
probe_tfc54behaviors_canonicalize(&bh_ent);
pfd.instance_ent = inst_ent;
pfd.ctx = ctx;
pfd.re_opts = PCRE_UTF8;
r0 = probe_ent_getattrval(bh_ent, "ignore_case");
if (r0) {
val = SEXP_string_getb(r0);
SEXP_free(r0);
if (val)
pfd.re_opts |= PCRE_CASELESS;
}
r0 = probe_ent_getattrval(bh_ent, "multiline");
if (r0) {
val = SEXP_string_getb(r0);
SEXP_free(r0);
if (val)
pfd.re_opts |= PCRE_MULTILINE;
}
r0 = probe_ent_getattrval(bh_ent, "singleline");
if (r0) {
val = SEXP_string_getb(r0);
SEXP_free(r0);
if (val)
pfd.re_opts |= PCRE_DOTALL;
}
pfd.compiled_regex = pcre_compile(pfd.pattern, pfd.re_opts, &error,
&errorffset, NULL);
if (pfd.compiled_regex == NULL) {
SEXP_t *msg;
msg = probe_msg_creatf(OVAL_MESSAGE_LEVEL_ERROR, "pcre_compile() '%s' %s.", pfd.pattern, error);
probe_cobj_add_msg(probe_ctx_getresult(pfd.ctx), msg);
SEXP_free(msg);
probe_cobj_set_flag(probe_ctx_getresult(pfd.ctx), SYSCHAR_FLAG_ERROR);
goto cleanup;
}
path_with_root[PATH_MAX] = '\0';
if (OSCAP_GSYM(offline_mode) & PROBE_OFFLINE_OWN) {
strncpy(path_with_root, getenv("OSCAP_PROBE_ROOT"), PATH_MAX);
root_len = strlen(path_with_root);
if (path_with_root[root_len - 1] == FILE_SEPARATOR)
--root_len;
}
if ((ofts = oval_fts_open(path_ent, file_ent, filepath_ent, bh_ent, probe_ctx_getresult(ctx))) != NULL) {
while ((ofts_ent = oval_fts_read(ofts)) != NULL) {
if (ofts_ent->fts_info == FTS_F
|| ofts_ent->fts_info == FTS_SL) {
strncpy(path_with_root + root_len, ofts_ent->path, PATH_MAX - root_len);
// todo: handle return code
process_file(path_with_root, ofts_ent->file, &pfd);
}
oval_ftsent_free(ofts_ent);
}
oval_fts_close(ofts);
}
cleanup:
SEXP_free(file_ent);
SEXP_free(path_ent);
SEXP_free(inst_ent);
SEXP_free(bh_ent);
SEXP_free(filepath_ent);
if (pfd.pattern != NULL)
free(pfd.pattern);
if (pfd.compiled_regex != NULL)
pcre_free(pfd.compiled_regex);
return ret;
}