int probe_main(probe_ctx *ctx, void *mutex) { SEXP_t *probe_in; SEXP_t *path, *filename, *behaviors, *filepath, *hash_type; char hash_type_str[128]; int err = 0; OVAL_FTS *ofts; OVAL_FTSENT *ofts_ent; if (mutex == NULL) { return (PROBE_EINIT); } _A(mutex == &__filehash58_probe_mutex); probe_in = probe_ctx_getobject(ctx); path = probe_obj_getent (probe_in, "path", 1); filename = probe_obj_getent (probe_in, "filename", 1); behaviors = probe_obj_getent (probe_in, "behaviors", 1); filepath = probe_obj_getent (probe_in, "filepath", 1); hash_type = probe_obj_getent (probe_in, "hash_type", 1); /* we want hash_type and either path+filename or filepath */ if ( ! hash_type || ((path == NULL || filename == NULL) && filepath==NULL ) ) { err = PROBE_ENOENT; goto cleanup; } PROBE_ENT_STRVAL(hash_type, hash_type_str, sizeof hash_type_str, err = PROBE_ENOVAL;, err = PROBE_ENOVAL;);
int probe_main (probe_ctx *ctx, void *arg) { SEXP_t *object; struct runlevel_req request_st; struct runlevel_rep *reply_st = NULL; object = probe_ctx_getobject(ctx); request_st.service_name_ent = probe_obj_getent(object, "service_name", 1); if (request_st.service_name_ent == NULL) { dI("%s: element not found", "service_name"); return PROBE_ENOELM; } request_st.runlevel_ent = probe_obj_getent(object, "runlevel", 1); if (request_st.runlevel_ent == NULL) { SEXP_free(request_st.service_name_ent); dI("%s: element not found", "runlevel"); return PROBE_ENOELM; } if (get_runlevel(&request_st, &reply_st) == -1) { SEXP_t *msg; msg = probe_msg_creat(OVAL_MESSAGE_LEVEL_ERROR, "get_runlevel failed."); probe_cobj_add_msg(probe_ctx_getresult(ctx), msg); SEXP_free(msg); probe_cobj_set_flag(probe_ctx_getresult(ctx), SYSCHAR_FLAG_ERROR); } else { struct runlevel_rep *next_rep; SEXP_t *item; while (reply_st != NULL) { dI("get_runlevel: [0]=\"%s\", [1]=\"%s\", [2]=\"%d\", [3]=\"%d\"", reply_st->service_name, reply_st->runlevel, reply_st->start, reply_st->kill); item = probe_item_create(OVAL_UNIX_RUNLEVEL, NULL, "service_name", OVAL_DATATYPE_STRING, reply_st->service_name, "runlevel", OVAL_DATATYPE_STRING, reply_st->runlevel, "start", OVAL_DATATYPE_BOOLEAN, reply_st->start, "kill", OVAL_DATATYPE_BOOLEAN, reply_st->kill, NULL); probe_item_collect(ctx, item); next_rep = reply_st->next; oscap_free(reply_st->service_name); oscap_free(reply_st->runlevel); oscap_free(reply_st); reply_st = next_rep; } } SEXP_free(request_st.runlevel_ent); SEXP_free(request_st.service_name_ent); return 0; }
int probe_main(probe_ctx *ctx, void *arg) { SEXP_t *command_line_ent, *pid_ent; command_line_ent = probe_obj_getent(probe_ctx_getobject(ctx), "command_line", 1); pid_ent = probe_obj_getent(probe_ctx_getobject(ctx), "pid", 1); if (command_line_ent == NULL && pid_ent == NULL) { return PROBE_ENOVAL; } if (read_process(command_line_ent, pid_ent, ctx)) { SEXP_free(command_line_ent); SEXP_free(pid_ent); return PROBE_EACCESS; } SEXP_free(command_line_ent); SEXP_free(pid_ent); return 0; }
int probe_main (probe_ctx *ctx, void *arg) { SEXP_t *probe_in, *name_ent, *file_ent, *bh_ent; char file[PATH_MAX]; size_t file_len = sizeof file; char name[64]; size_t name_len = sizeof name; oval_operation_t name_op, file_op; uint64_t collect_flags = 0; unsigned int i; // If probe_init() failed it's because there was no rpm config files if (arg == NULL) { probe_cobj_set_flag(probe_ctx_getresult(ctx), SYSCHAR_FLAG_NOT_APPLICABLE); return 0; } /* * Get refs to object entities */ probe_in = probe_ctx_getobject(ctx); name_ent = probe_obj_getent(probe_in, "name", 1); file_ent = probe_obj_getent(probe_in, "filepath", 1); if (name_ent == NULL || file_ent == NULL) { dE("Missing \"name\" (%p) or \"filepath\" (%p) entity", name_ent, file_ent); SEXP_free(name_ent); SEXP_free(file_ent); return (PROBE_ENOENT); } /* * Extract the requested operation for each entity */ name_op = probe_ent_getoperation(name_ent, OVAL_OPERATION_EQUALS); file_op = probe_ent_getoperation(file_ent, OVAL_OPERATION_EQUALS); if (name_op == OVAL_OPERATION_UNKNOWN || file_op == OVAL_OPERATION_UNKNOWN) { SEXP_free(name_ent); SEXP_free(file_ent); return (PROBE_EINVAL); } /* * Extract entity values */ PROBE_ENT_STRVAL(name_ent, name, name_len, /* void */, strcpy(name, ""););
int probe_main(probe_ctx *ctx, void *arg) { SEXP_t *probe_in, *name; int err; probe_in = probe_ctx_getobject(ctx); name = probe_obj_getent(probe_in, "name", 1); if (name == NULL) { return PROBE_ENOVAL; } err = get_selinuxboolean(name, ctx); SEXP_free(name); return err; }
int probe_main(probe_ctx *ctx, void *probe_arg) { SEXP_t *unit_entity, *probe_in, *property_entity; oval_version_t oval_version; probe_in = probe_ctx_getobject(ctx); oval_version = probe_obj_get_schema_version(probe_in); if (oval_version_cmp(oval_version, OVAL_VERSION(5.11)) < 0) { // OVAL 5.10 and less return PROBE_EOPNOTSUPP; } unit_entity = probe_obj_getent(probe_in, "unit", 1); property_entity = probe_obj_getent(probe_in, "property", 1); DBusError dbus_error; DBusConnection *dbus_conn; dbus_error_init(&dbus_error); dbus_conn = connect_dbus(); if (dbus_conn == NULL) { dbus_error_free(&dbus_error); SEXP_free(property_entity); SEXP_free(unit_entity); return PROBE_ESYSTEM; } struct unit_callback_vars vars; vars.dbus_conn = dbus_conn; vars.ctx = ctx; vars.unit_entity = unit_entity; vars.property_entity = property_entity; get_all_systemd_units(dbus_conn, unit_callback, &vars); SEXP_free(unit_entity); SEXP_free(property_entity); dbus_error_free(&dbus_error); disconnect_dbus(dbus_conn); return 0; }
int probe_main(probe_ctx *ctx, void *arg) { SEXP_t *ent; ent = probe_obj_getent(probe_ctx_getobject(ctx), "command", 1); if (ent == NULL) { return PROBE_ENOVAL; } if (read_process(ent, ctx)) { SEXP_free(ent); return PROBE_EACCESS; } SEXP_free(ent); return 0; }
int probe_main(probe_ctx *ctx, void *arg) { SEXP_t *probe_in, *name_ent, *pid_ent; int pid, err; probe_in = probe_ctx_getobject(ctx); name_ent = probe_obj_getent(probe_in, "name", 1); if (name_ent == NULL) { return PROBE_ENOENT; } pid_ent = probe_obj_getent(probe_in, "pid", 1); if (pid_ent == NULL) { SEXP_free(name_ent); return PROBE_ENOENT; } PROBE_ENT_I32VAL(pid_ent, pid, pid = -1;, pid = 0;);
int probe_main(probe_ctx *ctx, void *arg) { SEXP_t *obj, *ent; obj = probe_ctx_getobject(ctx); over = probe_obj_get_schema_version(obj); ent = probe_obj_getent(obj, "command", 1); if (ent == NULL) { return PROBE_ENOVAL; } if (read_process(ent, ctx)) { SEXP_free(ent); return PROBE_EACCESS; } SEXP_free(ent); return 0; }
int accesstoken_probe_main(probe_ctx *ctx, void *arg) { SEXP_t *probe_in = probe_ctx_getobject(ctx); SEXP_t *behaviors_ent = probe_obj_getent(probe_in, "behaviors", 1); SEXP_t *security_principle_ent = probe_obj_getent(probe_in, "security_principle", 1); SEXP_t *security_principle_val = probe_ent_getval(security_principle_ent); bool include_group = accesstoken_behaviors_get_include_group(behaviors_ent); bool resolve_group = accesstoken_behaviors_get_resolve_group(behaviors_ent); oval_operation_t operation = probe_ent_getoperation(security_principle_ent, OVAL_OPERATION_EQUALS); if (operation == OVAL_OPERATION_EQUALS) { char *security_principle_str = SEXP_string_cstr(security_principle_val); WCHAR *security_principle_wstr = oscap_windows_str_to_wstr(security_principle_str); collect_access_rights(ctx, security_principle_wstr, include_group, resolve_group); free(security_principle_str); free(security_principle_wstr); } else { struct oscap_list *trustees_list = oscap_list_new(); get_all_trustee_names(trustees_list); struct oscap_iterator *it = oscap_iterator_new(trustees_list); while (oscap_iterator_has_more(it)) { WCHAR *trustee_wstr = oscap_iterator_next(it); char *trustee_str = oscap_windows_wstr_to_str(trustee_wstr); SEXP_t *tmp = SEXP_string_new(trustee_str, strlen(trustee_str)); if (probe_entobj_cmp(security_principle_ent, tmp) == OVAL_RESULT_TRUE) { collect_access_rights(ctx, trustee_wstr, include_group, resolve_group); } free(trustee_str); SEXP_free(tmp); } oscap_iterator_free(it); oscap_list_free(trustees_list, free); } SEXP_free(behaviors_ent); SEXP_free(security_principle_ent); SEXP_free(security_principle_val); return 0; }
int probe_main(probe_ctx *ctx, void *arg) { SEXP_t *object; int err; llist ll; oval_schema_version_t over; object = probe_ctx_getobject(ctx); over = probe_obj_get_platform_schema_version(object); interface_name_ent = probe_obj_getent(object, "interface_name", 1); if (interface_name_ent == NULL) { err = PROBE_ENOVAL; goto cleanup; } // Now start collecting the info list_create(&ll); if (collect_process_info(&ll) || perm_warn) { SEXP_t *msg; msg = probe_msg_creat(OVAL_MESSAGE_LEVEL_ERROR, "Permission error."); probe_cobj_add_msg(probe_ctx_getresult(ctx), msg); SEXP_free(msg); probe_cobj_set_flag(probe_ctx_getresult(ctx), SYSCHAR_FLAG_ERROR); err = 0; goto cleanup; } read_packet(&ll, ctx, over); list_clear(&ll); err = 0; cleanup: SEXP_vfree(interface_name_ent, NULL); return err; }
int probe_main(probe_ctx *ctx, void *arg) { SEXP_t *ent, *obj; oval_schema_version_t over; obj = probe_ctx_getobject(ctx); if (obj == NULL) return PROBE_ENOOBJ; over = probe_obj_get_platform_schema_version(obj); ent = probe_obj_getent(obj, "username", 1); if (ent == NULL) { return PROBE_ENOVAL; } // Now we check the file... read_password(ent, ctx, over); SEXP_free(ent); return 0; }
int probe_main (probe_ctx *ctx, void *mutex) { SEXP_t *path, *filename, *behaviors, *filepath, *probe_in; OVAL_FTS *ofts; OVAL_FTSENT *ofts_ent; oval_schema_version_t over; if (mutex == NULL) { return (PROBE_EINIT); } _A(mutex == &__filehash_probe_mutex); probe_in = probe_ctx_getobject(ctx); path = probe_obj_getent (probe_in, "path", 1); filename = probe_obj_getent (probe_in, "filename", 1); behaviors = probe_obj_getent (probe_in, "behaviors", 1); filepath = probe_obj_getent (probe_in, "filepath", 1); over = probe_obj_get_platform_schema_version(probe_in); /* we want either path+filename or filepath */ if ( (path == NULL || filename == NULL) && filepath==NULL ) { SEXP_free (behaviors); SEXP_free (path); SEXP_free (filename); SEXP_free (filepath); return (PROBE_ENOELM); } probe_filebehaviors_canonicalize(&behaviors); switch (pthread_mutex_lock (&__filehash_probe_mutex)) { case 0: break; default: dI("Can't lock mutex(%p): %u, %s.", &__filehash_probe_mutex, errno, strerror (errno)); SEXP_free (behaviors); SEXP_free (path); SEXP_free (filename); SEXP_free (filepath); return (PROBE_EFATAL); } if ((ofts = oval_fts_open(path, filename, filepath, behaviors)) != NULL) { while ((ofts_ent = oval_fts_read(ofts)) != NULL) { filehash_cb(ofts_ent->path, ofts_ent->file, ctx, over); oval_ftsent_free(ofts_ent); } oval_fts_close(ofts); } SEXP_free (behaviors); SEXP_free (path); SEXP_free (filename); SEXP_free (filepath); switch (pthread_mutex_unlock (&__filehash_probe_mutex)) { case 0: break; default: dI("Can't unlock mutex(%p): %u, %s.", &__filehash_probe_mutex, errno, strerror (errno)); return (PROBE_EFATAL); } return 0; }
int probe_main(probe_ctx *ctx, void *arg) { SEXP_t *object; int err; llist ll; object = probe_ctx_getobject(ctx); req.protocol_ent = probe_obj_getent(object, "protocol", 1); if (req.protocol_ent == NULL) { err = PROBE_ENOVAL; goto cleanup; } req.local_address_ent = probe_obj_getent(object, "local_address", 1); if (req.local_address_ent == NULL) { err = PROBE_ENOVAL; goto cleanup; } req.local_port_ent = probe_obj_getent(object, "local_port", 1); if (req.local_port_ent == NULL) { err = PROBE_ENOVAL; goto cleanup; } // Now start collecting the info list_create(&ll); if (collect_process_info(&ll)) { SEXP_t *msg; msg = probe_msg_creat(OVAL_MESSAGE_LEVEL_ERROR, "Permission error."); probe_cobj_add_msg(probe_ctx_getresult(ctx), msg); SEXP_free(msg); probe_cobj_set_flag(probe_ctx_getresult(ctx), SYSCHAR_FLAG_ERROR); err = 0; goto cleanup; } // Now we check the tcp socket list... read_tcp("/proc/net/tcp", "tcp", &ll, ctx); read_tcp("/proc/net/tcp6", "tcp", &ll, ctx); // Next udp sockets... read_udp("/proc/net/udp", "udp", &ll, ctx); read_udp("/proc/net/udp6", "udp", &ll, ctx); // Next, raw sockets...not exactly part of standard yet. They // can be used to send datagrams, so we will pretend they are udp read_raw("/proc/net/raw", "udp", &ll, ctx); read_raw("/proc/net/raw6", "udp", &ll, ctx); list_clear(&ll); err = 0; cleanup: SEXP_vfree(req.protocol_ent, req.local_address_ent, req.local_port_ent, NULL); return err; }
static int read_process(SEXP_t *cmd_ent, SEXP_t *pid_ent, probe_ctx *ctx) { int err = 1, max_cap_id; DIR *d; struct dirent *ent; oval_version_t oval_version; d = opendir("/proc"); if (d == NULL) return err; // Get the time tick hertz ticks = (unsigned long)sysconf(_SC_CLK_TCK); get_boot_time(); oval_version = probe_obj_get_schema_version(probe_ctx_getobject(ctx)); if (oval_version_cmp(oval_version, OVAL_VERSION(5.11)) < 0) { max_cap_id = OVAL_5_8_MAX_CAP_ID; } else { max_cap_id = OVAL_5_11_MAX_CAP_ID; } struct oscap_buffer *cmdline_buffer = oscap_buffer_new(); char cmd_buffer[1 + 15 + 11 + 1]; // Format:" [ cmd:15 ] <defunc>" cmd_buffer[0] = '['; // Scan the directories while (( ent = readdir(d) )) { int fd, len; char buf[256]; char *tmp, state, tty_dev[128]; int pid, ppid, pgrp, session, tty_nr, tpgid; unsigned flags, sched_policy; unsigned long minflt, cminflt, majflt, cmajflt, uutime, ustime; long cutime, cstime, priority, cnice, nthreads, itrealvalue; unsigned long long start; SEXP_t *cmd_sexp = NULL, *pid_sexp = NULL; // Skip non-process58 dir entries if(*ent->d_name<'0' || *ent->d_name>'9') continue; errno = 0; pid = strtol(ent->d_name, NULL, 10); if (errno || pid == 2) // skip err & kthreads continue; // Parse up the stat file for the proc snprintf(buf, 32, "/proc/%d/stat", pid); fd = open(buf, O_RDONLY, 0); if (fd < 0) continue; len = read(fd, buf, sizeof buf - 1); close(fd); if (len < 40) continue; buf[len] = 0; tmp = strrchr(buf, ')'); if (tmp) *tmp = 0; else continue; memset(cmd_buffer + 1, 0, sizeof(cmd_buffer)-1); // clear cmd after starting '[' sscanf(buf, "%d (%15c", &ppid, cmd_buffer + 1); sscanf(tmp+2, "%c %d %d %d %d %d " "%u %lu %lu %lu %lu " "%lu %lu %lu %ld %ld " "%ld %ld %ld %llu", &state, &ppid, &pgrp, &session, &tty_nr, &tpgid, &flags, &minflt, &cminflt, &majflt, &cmajflt, &uutime, &ustime, &cutime, &cstime, &priority, &cnice, &nthreads, &itrealvalue, &start ); // Skip kthreads if (ppid == 2) continue; const char* cmd; if (state == 'Z') { // zombie cmd = make_defunc_str(cmd_buffer); } else { snprintf(buf, 32, "/proc/%d/cmdline", pid); if (get_process_cmdline(buf, cmdline_buffer)) { cmd = oscap_buffer_get_raw(cmdline_buffer); // use full cmdline } else { cmd = cmd_buffer + 1; } } err = 0; // If we get this far, no permission problems dI("Have command: %s\n", cmd); cmd_sexp = SEXP_string_newf("%s", cmd); pid_sexp = SEXP_number_newu_32(pid); if ((cmd_sexp == NULL || probe_entobj_cmp(cmd_ent, cmd_sexp) == OVAL_RESULT_TRUE) && (pid_sexp == NULL || probe_entobj_cmp(pid_ent, pid_sexp) == OVAL_RESULT_TRUE) ) { struct result_info r; unsigned long t = uutime/ticks + ustime/ticks; char tbuf[32], sbuf[32], *selinux_domain_label, **posix_capabilities; int tday,tyear; time_t s_time; struct tm *proc, *now; const char *fmt; // Now get scheduler policy sched_policy = sched_getscheduler(pid); switch (sched_policy) { case SCHED_OTHER: r.scheduling_class = "TS"; break; case SCHED_BATCH: r.scheduling_class = "B"; break; #ifdef SCHED_IDLE case SCHED_IDLE: r.scheduling_class = "#5"; break; #endif case SCHED_FIFO: r.scheduling_class = "FF"; break; case SCHED_RR: r.scheduling_class = "RR"; break; default: r.scheduling_class = "?"; break; } // Calculate the start time s_time = time(NULL); now = localtime(&s_time); tyear = now->tm_year; tday = now->tm_yday; s_time = boot + (start / ticks); proc = localtime(&s_time); // Select format based on how long we've been running // // FROM THE SPEC: // "This is the time of day the process started formatted in HH:MM:SS if // the same day the process started or formatted as MMM_DD (Ex.: Feb_5) // if process started the previous day or further in the past." // if (tday != proc->tm_yday || tyear != proc->tm_year) fmt = "%b_%d"; else fmt = "%H:%M:%S"; strftime(sbuf, sizeof(sbuf), fmt, proc); r.command_line = cmd; r.exec_time = convert_time(t, tbuf, sizeof(tbuf)); r.pid = pid; r.ppid = ppid; r.priority = priority; r.start_time = sbuf; dev_to_tty(tty_dev, sizeof(tty_dev), (dev_t) tty_nr, pid, ABBREV_DEV); r.tty = tty_dev; r.exec_shield = (get_exec_shield_status(pid) > 0); selinux_domain_label = get_selinux_label(pid); r.selinux_domain_label = selinux_domain_label; posix_capabilities = get_posix_capability(pid, max_cap_id); r.posix_capability = posix_capabilities; r.session_id = session; get_uids(pid, &r); report_finding(&r, ctx); if (selinux_domain_label != NULL) free(selinux_domain_label); if (posix_capabilities != NULL) { char **posix_capabilities_p = posix_capabilities; while (*posix_capabilities_p) free(*posix_capabilities_p++); free(posix_capabilities); } } SEXP_free(cmd_sexp); SEXP_free(pid_sexp); } closedir(d); oscap_buffer_free(cmdline_buffer); return err; }
int textfilecontent_probe_main(probe_ctx *ctx, void *arg) { SEXP_t *path_ent, *filename_ent, *line_ent, *behaviors_ent, *filepath_ent, *probe_in; char *pattern; OVAL_FTS *ofts; OVAL_FTSENT *ofts_ent; (void)arg; probe_in = probe_ctx_getobject(ctx); oval_schema_version_t over = probe_obj_get_platform_schema_version(probe_in); path_ent = probe_obj_getent(probe_in, "path", 1); filename_ent = probe_obj_getent(probe_in, "filename", 1); line_ent = probe_obj_getent(probe_in, "line", 1); filepath_ent = probe_obj_getent(probe_in, "filepath", 1); behaviors_ent = probe_obj_getent(probe_in, "behaviors", 1); if ( ((path_ent == NULL || filename_ent == NULL) && filepath_ent==NULL) || line_ent==NULL ) { SEXP_free (path_ent); SEXP_free (filename_ent); SEXP_free (line_ent); SEXP_free (filepath_ent); SEXP_free (behaviors_ent); return PROBE_ENOELM; } /* get pattern from SEXP */ SEXP_t *ent_val; ent_val = probe_ent_getval(line_ent); pattern = SEXP_string_cstr(ent_val); SEXP_free(line_ent); SEXP_free(ent_val); if (pattern == NULL) { SEXP_free(path_ent); SEXP_free(filename_ent); SEXP_free(filepath_ent); SEXP_free(behaviors_ent); return -1; } /* behaviours are not important if filepath is used */ if(filepath_ent != NULL && behaviors_ent != NULL) { SEXP_free (behaviors_ent); behaviors_ent = NULL; } probe_filebehaviors_canonicalize(&behaviors_ent); struct pfdata pfd; pfd.pattern = pattern; pfd.filename_ent = filename_ent; pfd.ctx = ctx; const char *prefix = getenv("OSCAP_PROBE_ROOT"); if ((ofts = oval_fts_open_prefixed(prefix, path_ent, filename_ent, filepath_ent, behaviors_ent, probe_ctx_getresult(ctx))) != NULL) { while ((ofts_ent = oval_fts_read(ofts)) != NULL) { if (ofts_ent->fts_info == FTS_F || ofts_ent->fts_info == FTS_SL) { // todo: handle return code process_file(prefix, ofts_ent->path, ofts_ent->file, &pfd, over); } oval_ftsent_free(ofts_ent); } oval_fts_close(ofts); } SEXP_free(path_ent); SEXP_free(filename_ent); SEXP_free(behaviors_ent); SEXP_free(filepath_ent); free(pattern); return 0; }
int partition_probe_main(probe_ctx *ctx, void *probe_arg) { int probe_ret = 0; SEXP_t *mnt_entity, *mnt_opval, *mnt_entval, *probe_in; char mnt_path[PATH_MAX]; oval_operation_t mnt_op; FILE *mnt_fp; oval_schema_version_t obj_over; #if defined(PROC_CHECK) && defined(__linux__) int mnt_fd; struct statfs stfs; mnt_fd = open(MTAB_PATH, O_RDONLY); if (mnt_fd < 0) return (PROBE_ESYSTEM); if (fstatfs(mnt_fd, &stfs) != 0) { close(mnt_fd); return (PROBE_ESYSTEM); } if (stfs.f_type != PROC_SUPER_MAGIC) { close(mnt_fd); return (PROBE_EFATAL); } mnt_fp = fdopen(mnt_fd, "r"); if (mnt_fp == NULL) { close(mnt_fd); return (PROBE_ESYSTEM); } #else mnt_fp = fopen(MTAB_PATH, "r"); if (mnt_fp == NULL) return (PROBE_ESYSTEM); #endif probe_in = probe_ctx_getobject(ctx); obj_over = probe_obj_get_platform_schema_version(probe_in); mnt_entity = probe_obj_getent(probe_in, "mount_point", 1); if (mnt_entity == NULL) { fclose(mnt_fp); return (PROBE_ENOENT); } mnt_opval = probe_ent_getattrval(mnt_entity, "operation"); if (mnt_opval != NULL) { mnt_op = (oval_operation_t)SEXP_number_geti(mnt_opval); SEXP_free(mnt_opval); } else mnt_op = OVAL_OPERATION_EQUALS; mnt_entval = probe_ent_getval(mnt_entity); if (!SEXP_stringp(mnt_entval)) { SEXP_free(mnt_entval); SEXP_free(mnt_entity); fclose(mnt_fp); return (PROBE_EINVAL); } SEXP_string_cstr_r(mnt_entval, mnt_path, sizeof mnt_path); SEXP_free(mnt_entval); SEXP_free(mnt_entity); if (mnt_fp != NULL) { char buffer[MTAB_LINE_MAX]; struct mntent mnt_ent, *mnt_entp; pcre *re = NULL; const char *estr = NULL; int eoff = -1; #if defined(HAVE_BLKID_GET_TAG_VALUE) blkid_cache blkcache; if (blkid_get_cache(&blkcache, NULL) != 0) { endmntent(mnt_fp); return (PROBE_EUNKNOWN); } #endif if (mnt_op == OVAL_OPERATION_PATTERN_MATCH) { re = pcre_compile(mnt_path, PCRE_UTF8, &estr, &eoff, NULL); if (re == NULL) { endmntent(mnt_fp); return (PROBE_EINVAL); } } while ((mnt_entp = getmntent_r(mnt_fp, &mnt_ent, buffer, sizeof buffer)) != NULL) { if (strcmp(mnt_entp->mnt_type, "rootfs") == 0) continue; if (mnt_op == OVAL_OPERATION_EQUALS) { if (strcmp(mnt_entp->mnt_dir, mnt_path) == 0) { #if defined(HAVE_BLKID_GET_TAG_VALUE) collect_item(ctx, obj_over, mnt_entp, blkcache); #else collect_item(ctx, obj_over, mnt_entp); #endif break; } } else if (mnt_op == OVAL_OPERATION_NOT_EQUAL) { if (strcmp(mnt_entp->mnt_dir, mnt_path) != 0) { if ( #if defined(HAVE_BLKID_GET_TAG_VALUE) collect_item(ctx, obj_over, mnt_entp, blkcache) #else collect_item(ctx, obj_over, mnt_entp) #endif != 0) break; } } else if (mnt_op == OVAL_OPERATION_PATTERN_MATCH) { int rc; rc = pcre_exec(re, NULL, mnt_entp->mnt_dir, strlen(mnt_entp->mnt_dir), 0, 0, NULL, 0); if (rc == 0) { if ( #if defined(HAVE_BLKID_GET_TAG_VALUE) collect_item(ctx, obj_over, mnt_entp, blkcache) #else collect_item(ctx, obj_over, mnt_entp) #endif != 0) break; } /* XXX: check for pcre_exec error */ } } endmntent(mnt_fp); if (mnt_op == OVAL_OPERATION_PATTERN_MATCH) pcre_free(re); } return (probe_ret); }
int probe_main(probe_ctx *ctx, void *arg) { SEXP_t *path_ent, *file_ent, *inst_ent, *bh_ent, *patt_ent, *filepath_ent, *probe_in; SEXP_t *r0; /* char *i_val, *m_val, *s_val; */ bool val; struct pfdata pfd; int ret = 0; int errorffset = -1; const char *error; OVAL_FTS *ofts; OVAL_FTSENT *ofts_ent; char path_with_root[PATH_MAX + 1]; unsigned int root_len = 0; (void)arg; memset(&pfd, 0, sizeof(pfd)); probe_in = probe_ctx_getobject(ctx); over = probe_obj_get_platform_schema_version(probe_in); path_ent = probe_obj_getent(probe_in, "path", 1); file_ent = probe_obj_getent(probe_in, "filename", 1); inst_ent = probe_obj_getent(probe_in, "instance", 1); patt_ent = probe_obj_getent(probe_in, "pattern", 1); filepath_ent = probe_obj_getent(probe_in, "filepath", 1); bh_ent = probe_obj_getent(probe_in, "behaviors", 1); /* we want (path+filename or filepath) + instance + pattern*/ if ( ((path_ent == NULL || file_ent == NULL) && filepath_ent==NULL) || inst_ent==NULL || patt_ent==NULL) { SEXP_free (patt_ent); ret = PROBE_ENOELM; goto cleanup; } /* get pattern from SEXP */ SEXP_t *ent_val; ent_val = probe_ent_getval(patt_ent); pfd.pattern = SEXP_string_cstr(ent_val); assume_d(pfd.pattern != NULL, -1); SEXP_free(patt_ent); SEXP_free(ent_val); /* wtf? i_val = s_val = "0"; m_val = "1"; */ /* reset filebehavior attributes if 'filepath' entity is used */ if (filepath_ent != NULL && bh_ent != NULL) { SEXP_t *r1, *r2, *r3; r1 = r2 = r3 = NULL; if (probe_ent_attrexists(bh_ent, "ignore_case")) { r1 = probe_ent_getattrval(bh_ent, "ignore_case"); } if (probe_ent_attrexists(bh_ent, "multiline")) { r2 = probe_ent_getattrval(bh_ent, "multiline"); } if (probe_ent_attrexists(bh_ent, "singleline")) { r3 = probe_ent_getattrval(bh_ent, "singleline"); } r0 = SEXP_list_new(NULL); SEXP_free(bh_ent); bh_ent = probe_ent_creat1("behaviors", r0, NULL); SEXP_free(r0); if (r1) { probe_ent_attr_add(bh_ent, "ignore_case", r1); SEXP_free(r1); } if (r2) { probe_ent_attr_add(bh_ent, "multiline", r2); SEXP_free(r2); } if (r3) { probe_ent_attr_add(bh_ent, "singleline", r3); SEXP_free(r3); } } probe_tfc54behaviors_canonicalize(&bh_ent); pfd.instance_ent = inst_ent; pfd.ctx = ctx; pfd.re_opts = PCRE_UTF8; r0 = probe_ent_getattrval(bh_ent, "ignore_case"); if (r0) { val = SEXP_string_getb(r0); SEXP_free(r0); if (val) pfd.re_opts |= PCRE_CASELESS; } r0 = probe_ent_getattrval(bh_ent, "multiline"); if (r0) { val = SEXP_string_getb(r0); SEXP_free(r0); if (val) pfd.re_opts |= PCRE_MULTILINE; } r0 = probe_ent_getattrval(bh_ent, "singleline"); if (r0) { val = SEXP_string_getb(r0); SEXP_free(r0); if (val) pfd.re_opts |= PCRE_DOTALL; } pfd.compiled_regex = pcre_compile(pfd.pattern, pfd.re_opts, &error, &errorffset, NULL); if (pfd.compiled_regex == NULL) { SEXP_t *msg; msg = probe_msg_creatf(OVAL_MESSAGE_LEVEL_ERROR, "pcre_compile() '%s' %s.", pfd.pattern, error); probe_cobj_add_msg(probe_ctx_getresult(pfd.ctx), msg); SEXP_free(msg); probe_cobj_set_flag(probe_ctx_getresult(pfd.ctx), SYSCHAR_FLAG_ERROR); goto cleanup; } path_with_root[PATH_MAX] = '\0'; if (OSCAP_GSYM(offline_mode) & PROBE_OFFLINE_OWN) { strncpy(path_with_root, getenv("OSCAP_PROBE_ROOT"), PATH_MAX); root_len = strlen(path_with_root); if (path_with_root[root_len - 1] == FILE_SEPARATOR) --root_len; } if ((ofts = oval_fts_open(path_ent, file_ent, filepath_ent, bh_ent, probe_ctx_getresult(ctx))) != NULL) { while ((ofts_ent = oval_fts_read(ofts)) != NULL) { if (ofts_ent->fts_info == FTS_F || ofts_ent->fts_info == FTS_SL) { strncpy(path_with_root + root_len, ofts_ent->path, PATH_MAX - root_len); // todo: handle return code process_file(path_with_root, ofts_ent->file, &pfd); } oval_ftsent_free(ofts_ent); } oval_fts_close(ofts); } cleanup: SEXP_free(file_ent); SEXP_free(path_ent); SEXP_free(inst_ent); SEXP_free(bh_ent); SEXP_free(filepath_ent); if (pfd.pattern != NULL) free(pfd.pattern); if (pfd.compiled_regex != NULL) pcre_free(pfd.compiled_regex); return ret; }
int probe_main (probe_ctx *ctx, void *mutex) { SEXP_t *path, *filename, *behaviors; SEXP_t *filepath, *attribute_, *probe_in; int err; struct cbargs cbargs; OVAL_FTS *ofts; OVAL_FTSENT *ofts_ent; if (mutex == NULL) return PROBE_EINIT; _A(mutex == &__file_probe_mutex); probe_in = probe_ctx_getobject(ctx); path = probe_obj_getent (probe_in, "path", 1); filename = probe_obj_getent (probe_in, "filename", 1); behaviors = probe_obj_getent (probe_in, "behaviors", 1); filepath = probe_obj_getent (probe_in, "filepath", 1); attribute_ = probe_obj_getent (probe_in, "attribute_name", 1); /* we want either path+filename or filepath */ if (((path == NULL || filename == NULL) && filepath == NULL) || attribute_ == NULL) { SEXP_free (behaviors); SEXP_free (path); SEXP_free (filename); SEXP_free (filepath); SEXP_free (attribute_); return PROBE_ENOELM; } probe_filebehaviors_canonicalize(&behaviors); switch (pthread_mutex_lock (&__file_probe_mutex)) { case 0: break; default: dI("Can't lock mutex(%p): %u, %s.", &__file_probe_mutex, errno, strerror (errno)); SEXP_free(path); SEXP_free(filename); SEXP_free(filepath); SEXP_free(behaviors); SEXP_free(attribute_); return PROBE_EFATAL; } cbargs.ctx = ctx; cbargs.error = 0; cbargs.attr_ent = attribute_; if ((ofts = oval_fts_open(path, filename, filepath, behaviors)) != NULL) { while ((ofts_ent = oval_fts_read(ofts)) != NULL) { file_cb(ofts_ent->path, ofts_ent->file, &cbargs); oval_ftsent_free(ofts_ent); } oval_fts_close(ofts); } err = 0; SEXP_free(path); SEXP_free(filename); SEXP_free(filepath); SEXP_free(behaviors); SEXP_free(attribute_); switch (pthread_mutex_unlock (&__file_probe_mutex)) { case 0: break; default: dI("Can't unlock mutex(%p): %u, %s.", &__file_probe_mutex, errno, strerror (errno)); return PROBE_EFATAL; } return err; }
int probe_main(probe_ctx *ctx, void *mutex) { LDAP *ldp; LDAPMessage *ldpres, *entry; SEXP_t *se_ldap_behaviors = NULL, *se_relative_dn = NULL; SEXP_t *se_suffix = NULL, *se_attribute = NULL; SEXP_t *sa_scope, *sv_op; SEXP_t *item; SEXP_t *probe_in; char *relative_dn = NULL; char *suffix = NULL, *xattribute = NULL; char *uri_list, *uri, *uri_save, *attr; int scope; char base[2048]; char *attrs[3]; bool a_pattern_match = false, rdn_pattern_match = false; /* runtime */ #if defined(PROBE_LDAP_MUTEX) assume_r(mutex != NULL, PROBE_EINIT); #endif probe_in = probe_ctx_getobject(ctx); se_ldap_behaviors = probe_obj_getent(probe_in, "behaviors", 1); if (se_ldap_behaviors != NULL) { sa_scope = probe_ent_getattrval(se_ldap_behaviors, "scope"); SEXP_free(se_ldap_behaviors); if (sa_scope == NULL) { dE("Atrribute `scope' is missing!"); return (PROBE_ENOATTR); } if (!SEXP_stringp(sa_scope)) { dE("Invalid value type of the `scope' attribute."); SEXP_free(sa_scope); return (PROBE_EINVAL); } if (SEXP_strcmp(sa_scope, "ONE") == 0) scope = LDAP_SCOPE_ONELEVEL; else if (SEXP_strcmp(sa_scope, "BASE") == 0) scope = LDAP_SCOPE_BASE; else if (SEXP_strcmp(sa_scope, "SUBTREE") == 0) scope = LDAP_SCOPE_SUBTREE; else { dE("Invalid value of the `scope' attribute."); SEXP_free(sa_scope); return (PROBE_EINVAL); } SEXP_free(sa_scope); } else scope = LDAP_SCOPE_BASE; #define get_string(dst, se_dst, obj, ent_name) \ do { \ SEXP_t *__sval; \ \ __sval = probe_obj_getentval (obj, ent_name, 1); \ \ if (__sval != NULL) { \ (dst) = SEXP_string_cstr (__sval); \ \ if ((dst) == NULL) { \ SEXP_free(__sval); \ return (PROBE_EINVAL); \ } \ \ (se_dst) = __sval; \ } else { \ return (PROBE_ENOATTR); \ } \ } while (0) get_string(suffix, se_suffix, probe_in, "suffix"); get_string(relative_dn, se_relative_dn, probe_in, "relative_dn"); get_string(xattribute, se_attribute, probe_in, "attribute"); if ((sv_op = probe_ent_getattrval(se_relative_dn, "operation")) != NULL) { if (SEXP_number_geti_32(sv_op) == OVAL_OPERATION_PATTERN_MATCH) rdn_pattern_match = true; SEXP_free(sv_op); } if ((sv_op = probe_ent_getattrval(se_attribute, "operation")) != NULL) { if (SEXP_number_geti_32(sv_op) == OVAL_OPERATION_PATTERN_MATCH) a_pattern_match = true; SEXP_free(sv_op); } /* * Construct the attribute array for ldap_search_* * * nil -> "1.1" * .* -> "*" * "foo" -> "foo" */ attrs[0] = "objectClass"; if (xattribute == NULL) attrs[1] = strdup("1.1"); /* no attibutes */ else if (a_pattern_match) attrs[1] = strdup("*"); /* collect all, we'll filter them afterwards */ else attrs[1] = xattribute; /* no pattern match, use the string directly */ attrs[2] = NULL; /* * Construct `base' */ assume_r(((relative_dn ? strlen(relative_dn) : 0) + ( suffix ? strlen(suffix) : 0) + 2) < (sizeof base/sizeof(char)), PROBE_ERANGE); if (relative_dn != NULL) { strcpy(base, relative_dn); strcat(base, ","); strcat(base, suffix); } else strcpy(base, suffix); /* * Get URIs */ if (ldap_get_option(NULL, LDAP_OPT_URI, &uri_list) != LDAP_OPT_SUCCESS) { item = probe_item_creat("ldap57_item", NULL, NULL); probe_item_setstatus(item, SYSCHAR_STATUS_ERROR); probe_item_collect(ctx, item); dE("ldap_get_option failed"); goto fail0; } /* * Query each URI */ for (;;) { char *entry_dn = NULL; if ((uri = strtok_r(uri_list, " ,", &uri_save)) == NULL) break; ldp = NULL; if (ldap_initialize(&ldp, uri) != LDAP_SUCCESS) continue; if (ldap_search_ext_s(ldp, base, scope, NULL, attrs, 0, NULL /* serverctrls */, NULL /* clientctrls */, NULL /* timeout */, 0, &ldpres) != LDAP_SUCCESS) { item = probe_item_creat("ldap57_item", NULL, NULL); probe_item_setstatus(item, SYSCHAR_STATUS_ERROR); probe_item_collect(ctx, item); dE("ldap_search_ext_s failed"); goto fail0; } entry = ldap_first_entry(ldp, ldpres); entry_dn = ldap_get_dn(ldp, entry); while (entry != NULL) { BerElement *berelm = NULL; attr = ldap_first_attribute(ldp, entry, &berelm); /* XXX: pattern match filter */ while (attr != NULL) { SEXP_t *se_value = NULL; ber_tag_t bertag = LBER_DEFAULT; ber_len_t berlen = 0; Sockbuf *berbuf = NULL; SEXP_t se_tmp_mem; berbuf = ber_sockbuf_alloc(); /* * Prepare the value (record) entity. Collect only * primitive (i.e. simple) types. */ se_value = probe_ent_creat1("value", NULL, NULL); probe_ent_setdatatype(se_value, OVAL_DATATYPE_RECORD); /* * XXX: does ber_get_next() return LBER_ERROR after the last value? */ while ((bertag = ber_get_next(berbuf, &berlen, berelm)) != LBER_ERROR) { SEXP_t *field = NULL; oval_datatype_t field_type = OVAL_DATATYPE_UNKNOWN; switch(bertag & LBER_ENCODING_MASK) { case LBER_PRIMITIVE: dI("Found primitive value, bertag = %u", bertag); break; case LBER_CONSTRUCTED: dW("Don't know how to handle LBER_CONSTRUCTED values"); /* FALLTHROUGH */ default: dW("Skipping attribute value, bertag = %u", bertag); continue; } assume_d(bertag & LBER_PRIMITIVE, NULL); switch(bertag & LBER_BIG_TAG_MASK) { case LBER_BOOLEAN: { /* LDAPTYPE_BOOLEAN */ ber_int_t val = -1; if (ber_get_boolean(berelm, &val) == LBER_ERROR) { dW("ber_get_boolean: LBER_ERROR"); /* XXX: set error status on field */ continue; } assume_d(val != -1, NULL); field = probe_ent_creat1("field", NULL, SEXP_number_newb_r(&se_tmp_mem, (bool)val)); field_type = OVAL_DATATYPE_BOOLEAN; SEXP_free_r(&se_tmp_mem); } break; case LBER_INTEGER: { /* LDAPTYPE_INTEGER */ ber_int_t val = -1; if (ber_get_int(berelm, &val) == LBER_ERROR) { dW("ber_get_int: LBER_ERROR"); /* XXX: set error status on field */ continue; } field = probe_ent_creat1("field", NULL, SEXP_number_newi_r(&se_tmp_mem, (int)val)); field_type = OVAL_DATATYPE_INTEGER; SEXP_free_r(&se_tmp_mem); } break; case LBER_BITSTRING: /* LDAPTYPE_BIT_STRING */ dW("LBER_BITSTRING: not implemented"); continue; case LBER_OCTETSTRING: { /* * LDAPTYPE_PRINTABLE_STRING * LDAPTYPE_NUMERIC_STRING * LDAPTYPE_DN_STRING * LDAPTYPE_BINARY (?) */ char *val = NULL; if (ber_get_stringa(berelm, &val) == LBER_ERROR) { dW("ber_get_stringa: LBER_ERROR"); /* XXX: set error status on field */ continue; } assume_d(val != NULL, NULL); field = probe_ent_creat1("field", NULL, SEXP_string_new_r(&se_tmp_mem, val, strlen(val))); field_type = OVAL_DATATYPE_STRING; SEXP_free_r(&se_tmp_mem); ber_memfree(val); } break; case LBER_NULL: /* XXX: no equivalent LDAPTYPE_? or empty */ dI("LBER_NULL: skipped"); continue; case LBER_ENUMERATED: /* XXX: no equivalent LDAPTYPE_? */ dW("Don't know how to handle LBER_ENUMERATED type"); continue; default: dW("Unknown attribute value type, bertag = %u", bertag); continue; } if (field != NULL) { assume_d(field_type != OVAL_DATATYPE_UNKNOWN, NULL); probe_ent_setdatatype(field, field_type); probe_ent_attr_add(field, "name", SEXP_string_new_r(&se_tmp_mem, attr, strlen(attr))); SEXP_list_add(se_value, field); SEXP_free_r(&se_tmp_mem); SEXP_free(field); } } ber_sockbuf_free(berbuf); /* * Create the item */ item = probe_item_create(OVAL_INDEPENDENT_LDAP57, NULL, "suffix", OVAL_DATATYPE_STRING, suffix, "relative_dn", OVAL_DATATYPE_STRING, relative_dn, /* XXX: pattern match */ "attribute", OVAL_DATATYPE_STRING, attr, "object_class", OVAL_DATATYPE_STRING, "", "ldaptype", OVAL_DATATYPE_STRING, "", NULL); SEXP_list_add(item, se_value); SEXP_free(se_value); probe_item_collect(ctx, item); attr = ldap_next_attribute(ldp, entry, berelm); } ber_free(berelm, 0); ldap_memfree(entry_dn); entry = ldap_next_entry(ldp, entry); entry_dn = ldap_get_dn(ldp, entry); } /* * Close the LDAP connection and free resources */ ldap_unbind_ext_s(ldp, NULL, NULL); } ldap_memfree(uri_list); fail0: SEXP_free(se_suffix); SEXP_free(se_relative_dn); SEXP_free(se_attribute); free(suffix); free(relative_dn); free(attrs[1]); /* attribute */ return (0); }
int probe_main(probe_ctx *ctx, void *arg) { SEXP_t *path_ent, *file_ent, *inst_ent, *bh_ent, *patt_ent, *filepath_ent, *probe_in; SEXP_t *r0; /* char *i_val, *m_val, *s_val; */ bool val; struct pfdata pfd; int ret = 0; #if defined USE_REGEX_PCRE int errorffset = -1; const char *error; #elif defined USE_REGEX_POSIX regex_t _re; pfd.compiled_regex = &_re; int err; #endif OVAL_FTS *ofts; OVAL_FTSENT *ofts_ent; (void)arg; memset(&pfd, 0, sizeof(pfd)); probe_in = probe_ctx_getobject(ctx); over = probe_obj_get_platform_schema_version(probe_in); path_ent = probe_obj_getent(probe_in, "path", 1); file_ent = probe_obj_getent(probe_in, "filename", 1); inst_ent = probe_obj_getent(probe_in, "instance", 1); patt_ent = probe_obj_getent(probe_in, "pattern", 1); filepath_ent = probe_obj_getent(probe_in, "filepath", 1); bh_ent = probe_obj_getent(probe_in, "behaviors", 1); /* we want (path+filename or filepath) + instance + pattern*/ if ( ((path_ent == NULL || file_ent == NULL) && filepath_ent==NULL) || inst_ent==NULL || patt_ent==NULL) { SEXP_free (patt_ent); ret = PROBE_ENOELM; goto cleanup; } /* get pattern from SEXP */ SEXP_t *ent_val; ent_val = probe_ent_getval(patt_ent); pfd.pattern = SEXP_string_cstr(ent_val); assume_d(pfd.pattern != NULL, -1); SEXP_free(patt_ent); SEXP_free(ent_val); /* wtf? i_val = s_val = "0"; m_val = "1"; */ /* reset filebehavior attributes if 'filepath' entity is used */ if (filepath_ent != NULL && bh_ent != NULL) { SEXP_t *r1, *r2, *r3; r1 = probe_ent_getattrval(bh_ent, "ignore_case"); r2 = probe_ent_getattrval(bh_ent, "multiline"); r3 = probe_ent_getattrval(bh_ent, "singleline"); r0 = probe_attr_creat("ignore_case", r1, "multiline", r2, "singleline", r3, NULL); SEXP_free(bh_ent); bh_ent = probe_ent_creat1("behaviors", r0, NULL); SEXP_vfree(r0, r1, r2, r3, NULL); } probe_tfc54behaviors_canonicalize(&bh_ent); pfd.instance_ent = inst_ent; pfd.ctx = ctx; #if defined USE_REGEX_PCRE pfd.re_opts = PCRE_UTF8; r0 = probe_ent_getattrval(bh_ent, "ignore_case"); if (r0) { val = SEXP_string_getb(r0); SEXP_free(r0); if (val) pfd.re_opts |= PCRE_CASELESS; } r0 = probe_ent_getattrval(bh_ent, "multiline"); if (r0) { val = SEXP_string_getb(r0); SEXP_free(r0); if (val) pfd.re_opts |= PCRE_MULTILINE; } r0 = probe_ent_getattrval(bh_ent, "singleline"); if (r0) { val = SEXP_string_getb(r0); SEXP_free(r0); if (val) pfd.re_opts |= PCRE_DOTALL; } pfd.compiled_regex = pcre_compile(pfd.pattern, pfd.re_opts, &error, &errorffset, NULL); if (pfd.compiled_regex == NULL) { SEXP_t *msg; msg = probe_msg_creatf(OVAL_MESSAGE_LEVEL_ERROR, "pcre_compile() '%s' %s.", pfd.pattern, error); probe_cobj_add_msg(probe_ctx_getresult(pfd.ctx), msg); SEXP_free(msg); probe_cobj_set_flag(probe_ctx_getresult(pfd.ctx), SYSCHAR_FLAG_ERROR); goto cleanup; } #elif defined USE_REGEX_POSIX pfd.re_opts = REG_EXTENDED | REG_NEWLINE; r0 = probe_ent_getattrval(bh_ent, "ignore_case"); if (r0) { val = SEXP_string_getb(r0); SEXP_free(r0); if (val) pfd.re_opts |= REG_ICASE; } if ((err = regcomp(pfd.compiled_regex, pfd.pattern, pfd.re_opts)) != 0) { SEXP_t *msg; msg = probe_msg_creatf(OVAL_MESSAGE_LEVEL_ERROR, "regcomp() '%s' returned %d.", pfd.pattern, err); probe_cobj_add_msg(probe_ctx_getresult(pfd.ctx), msg); SEXP_free(msg); probe_cobj_set_flag(probe_ctx_getresult(pfd.ctx), SYSCHAR_FLAG_ERROR); goto cleanup; } #endif if ((ofts = oval_fts_open(path_ent, file_ent, filepath_ent, bh_ent)) != NULL) { while ((ofts_ent = oval_fts_read(ofts)) != NULL) { if (ofts_ent->fts_info == FTS_F || ofts_ent->fts_info == FTS_SL) { // todo: handle return code process_file(ofts_ent->path, ofts_ent->file, &pfd); } oval_ftsent_free(ofts_ent); } oval_fts_close(ofts); } cleanup: SEXP_free(file_ent); SEXP_free(path_ent); SEXP_free(inst_ent); SEXP_free(bh_ent); SEXP_free(filepath_ent); if (pfd.pattern != NULL) oscap_free(pfd.pattern); #if defined USE_REGEX_PCRE if (pfd.compiled_regex != NULL) pcre_free(pfd.compiled_regex); #elif defined USE_REGEX_POSIX regfree(&_re); #endif return ret; }
int routingtable_probe_main(probe_ctx *ctx, void *arg) { SEXP_t *probe_in, *dst_ent; FILE *fp; char *line_buf; size_t line_len; struct route_info rt; int probe_ret = 0; probe_in = probe_ctx_getobject(ctx); dst_ent = probe_obj_getent(probe_in, "destination", 1); if (dst_ent == NULL) return (PROBE_ENOENT); rt.ip_dst_ent = dst_ent; line_len = 0; line_buf = NULL; fp = NULL; switch(probe_ent_getdatatype(dst_ent)) { case OVAL_DATATYPE_IPV4ADDR: fp = fopen("/proc/net/route", "r"); /* Skip the header line */ if (getline(&line_buf, &line_len, fp) != -1) { while(getline(&line_buf, &line_len, fp) != -1) { if (process_line_ip4(line_buf, &rt) != 0) break; if (collect_item(&rt, ctx) != 0) break; } } if (!feof(fp)) { /* error */ dE("An error ocured while reading /proc/net/route: %s", strerror(errno)); } break; case OVAL_DATATYPE_IPV6ADDR: fp = fopen("/proc/net/ipv6_route", "r"); while(getline(&line_buf, &line_len, fp) != -1) { if (process_line_ip6(line_buf, &rt) != 0) break; if (collect_item(&rt, ctx) != 0) break; } if (!feof(fp)) { /* error */ dE("An error ocured while reading /proc/net/ipv6_route: %s", strerror(errno)); } break; default: probe_ret = EINVAL; } if (fp != NULL) fclose(fp); if (line_buf != NULL) free(line_buf); SEXP_free(dst_ent); return (probe_ret); }