int probe_main (probe_ctx *ctx, void *arg) { SEXP_t *probe_in, *name_ent, *file_ent, *bh_ent; char file[PATH_MAX]; size_t file_len = sizeof file; char name[64]; size_t name_len = sizeof name; oval_operation_t name_op, file_op; uint64_t collect_flags = 0; unsigned int i; // If probe_init() failed it's because there was no rpm config files if (arg == NULL) { probe_cobj_set_flag(probe_ctx_getresult(ctx), SYSCHAR_FLAG_NOT_APPLICABLE); return 0; } /* * Get refs to object entities */ probe_in = probe_ctx_getobject(ctx); name_ent = probe_obj_getent(probe_in, "name", 1); file_ent = probe_obj_getent(probe_in, "filepath", 1); if (name_ent == NULL || file_ent == NULL) { dE("Missing \"name\" (%p) or \"filepath\" (%p) entity", name_ent, file_ent); SEXP_free(name_ent); SEXP_free(file_ent); return (PROBE_ENOENT); } /* * Extract the requested operation for each entity */ name_op = probe_ent_getoperation(name_ent, OVAL_OPERATION_EQUALS); file_op = probe_ent_getoperation(file_ent, OVAL_OPERATION_EQUALS); if (name_op == OVAL_OPERATION_UNKNOWN || file_op == OVAL_OPERATION_UNKNOWN) { SEXP_free(name_ent); SEXP_free(file_ent); return (PROBE_EINVAL); } /* * Extract entity values */ PROBE_ENT_STRVAL(name_ent, name, name_len, /* void */, strcpy(name, ""););
int accesstoken_probe_main(probe_ctx *ctx, void *arg) { SEXP_t *probe_in = probe_ctx_getobject(ctx); SEXP_t *behaviors_ent = probe_obj_getent(probe_in, "behaviors", 1); SEXP_t *security_principle_ent = probe_obj_getent(probe_in, "security_principle", 1); SEXP_t *security_principle_val = probe_ent_getval(security_principle_ent); bool include_group = accesstoken_behaviors_get_include_group(behaviors_ent); bool resolve_group = accesstoken_behaviors_get_resolve_group(behaviors_ent); oval_operation_t operation = probe_ent_getoperation(security_principle_ent, OVAL_OPERATION_EQUALS); if (operation == OVAL_OPERATION_EQUALS) { char *security_principle_str = SEXP_string_cstr(security_principle_val); WCHAR *security_principle_wstr = oscap_windows_str_to_wstr(security_principle_str); collect_access_rights(ctx, security_principle_wstr, include_group, resolve_group); free(security_principle_str); free(security_principle_wstr); } else { struct oscap_list *trustees_list = oscap_list_new(); get_all_trustee_names(trustees_list); struct oscap_iterator *it = oscap_iterator_new(trustees_list); while (oscap_iterator_has_more(it)) { WCHAR *trustee_wstr = oscap_iterator_next(it); char *trustee_str = oscap_windows_wstr_to_str(trustee_wstr); SEXP_t *tmp = SEXP_string_new(trustee_str, strlen(trustee_str)); if (probe_entobj_cmp(security_principle_ent, tmp) == OVAL_RESULT_TRUE) { collect_access_rights(ctx, trustee_wstr, include_group, resolve_group); } free(trustee_str); SEXP_free(tmp); } oscap_iterator_free(it); oscap_list_free(trustees_list, free); } SEXP_free(behaviors_ent); SEXP_free(security_principle_ent); SEXP_free(security_principle_val); return 0; }