int probe_main (probe_ctx *ctx, void *arg) { SEXP_t *object; struct runlevel_req request_st; struct runlevel_rep *reply_st = NULL; object = probe_ctx_getobject(ctx); request_st.service_name_ent = probe_obj_getent(object, "service_name", 1); if (request_st.service_name_ent == NULL) { dI("%s: element not found", "service_name"); return PROBE_ENOELM; } request_st.runlevel_ent = probe_obj_getent(object, "runlevel", 1); if (request_st.runlevel_ent == NULL) { SEXP_free(request_st.service_name_ent); dI("%s: element not found", "runlevel"); return PROBE_ENOELM; } if (get_runlevel(&request_st, &reply_st) == -1) { SEXP_t *msg; msg = probe_msg_creat(OVAL_MESSAGE_LEVEL_ERROR, "get_runlevel failed."); probe_cobj_add_msg(probe_ctx_getresult(ctx), msg); SEXP_free(msg); probe_cobj_set_flag(probe_ctx_getresult(ctx), SYSCHAR_FLAG_ERROR); } else { struct runlevel_rep *next_rep; SEXP_t *item; while (reply_st != NULL) { dI("get_runlevel: [0]=\"%s\", [1]=\"%s\", [2]=\"%d\", [3]=\"%d\"", reply_st->service_name, reply_st->runlevel, reply_st->start, reply_st->kill); item = probe_item_create(OVAL_UNIX_RUNLEVEL, NULL, "service_name", OVAL_DATATYPE_STRING, reply_st->service_name, "runlevel", OVAL_DATATYPE_STRING, reply_st->runlevel, "start", OVAL_DATATYPE_BOOLEAN, reply_st->start, "kill", OVAL_DATATYPE_BOOLEAN, reply_st->kill, NULL); probe_item_collect(ctx, item); next_rep = reply_st->next; oscap_free(reply_st->service_name); oscap_free(reply_st->runlevel); oscap_free(reply_st); reply_st = next_rep; } } SEXP_free(request_st.runlevel_ent); SEXP_free(request_st.service_name_ent); return 0; }
/** * Collect an item * This function adds an item the collected object assosiated * with the given probe context. * * Returns: * 0 ... the item was succesfully added to the collected object * 1 ... the item was filtered out * 2 ... the item was not added because of memory constraints * and the collected object was flagged as incomplete *-1 ... unexpected/internal error * * The caller must not free the item, it's freed automatically * by this function or by the icache worker thread. */ int probe_item_collect(struct probe_ctx *ctx, SEXP_t *item) { SEXP_t *cobj_content; size_t cobj_itemcnt; assume_d(ctx != NULL, -1); assume_d(ctx->probe_out != NULL, -1); assume_d(item != NULL, -1); cobj_content = SEXP_listref_nth(ctx->probe_out, 3); cobj_itemcnt = SEXP_list_length(cobj_content); SEXP_free(cobj_content); if (probe_cobj_memcheck(cobj_itemcnt) != 0) { /* * Don't set the message again if the collected object is * already flagged as incomplete. */ if (probe_cobj_get_flag(ctx->probe_out) != SYSCHAR_FLAG_INCOMPLETE) { SEXP_t *msg; /* * Sync with the icache thread before modifying the * collected object. */ if (probe_icache_nop(ctx->icache) != 0) return -1; msg = probe_msg_creat(OVAL_MESSAGE_LEVEL_WARNING, "Object is incomplete due to memory constraints."); probe_cobj_add_msg(ctx->probe_out, msg); probe_cobj_set_flag(ctx->probe_out, SYSCHAR_FLAG_INCOMPLETE); SEXP_free(msg); } return 2; } if (ctx->filters != NULL && probe_item_filtered(item, ctx->filters)) { SEXP_free(item); return (1); } if (probe_icache_add(ctx->icache, ctx->probe_out, item) != 0) { dE("Can't add item (%p) to the item cache (%p)", item, ctx->icache); SEXP_free(item); return (-1); } return (0); }
int probe_main(probe_ctx *ctx, void *arg) { SEXP_t *object; int err; llist ll; oval_schema_version_t over; object = probe_ctx_getobject(ctx); over = probe_obj_get_platform_schema_version(object); interface_name_ent = probe_obj_getent(object, "interface_name", 1); if (interface_name_ent == NULL) { err = PROBE_ENOVAL; goto cleanup; } // Now start collecting the info list_create(&ll); if (collect_process_info(&ll) || perm_warn) { SEXP_t *msg; msg = probe_msg_creat(OVAL_MESSAGE_LEVEL_ERROR, "Permission error."); probe_cobj_add_msg(probe_ctx_getresult(ctx), msg); SEXP_free(msg); probe_cobj_set_flag(probe_ctx_getresult(ctx), SYSCHAR_FLAG_ERROR); err = 0; goto cleanup; } read_packet(&ll, ctx, over); list_clear(&ll); err = 0; cleanup: SEXP_vfree(interface_name_ent, NULL); return err; }
int probe_main(probe_ctx *ctx, void *arg) { SEXP_t *object; int err; llist ll; object = probe_ctx_getobject(ctx); req.protocol_ent = probe_obj_getent(object, "protocol", 1); if (req.protocol_ent == NULL) { err = PROBE_ENOVAL; goto cleanup; } req.local_address_ent = probe_obj_getent(object, "local_address", 1); if (req.local_address_ent == NULL) { err = PROBE_ENOVAL; goto cleanup; } req.local_port_ent = probe_obj_getent(object, "local_port", 1); if (req.local_port_ent == NULL) { err = PROBE_ENOVAL; goto cleanup; } // Now start collecting the info list_create(&ll); if (collect_process_info(&ll)) { SEXP_t *msg; msg = probe_msg_creat(OVAL_MESSAGE_LEVEL_ERROR, "Permission error."); probe_cobj_add_msg(probe_ctx_getresult(ctx), msg); SEXP_free(msg); probe_cobj_set_flag(probe_ctx_getresult(ctx), SYSCHAR_FLAG_ERROR); err = 0; goto cleanup; } // Now we check the tcp socket list... read_tcp("/proc/net/tcp", "tcp", &ll, ctx); read_tcp("/proc/net/tcp6", "tcp", &ll, ctx); // Next udp sockets... read_udp("/proc/net/udp", "udp", &ll, ctx); read_udp("/proc/net/udp6", "udp", &ll, ctx); // Next, raw sockets...not exactly part of standard yet. They // can be used to send datagrams, so we will pretend they are udp read_raw("/proc/net/raw", "udp", &ll, ctx); read_raw("/proc/net/raw6", "udp", &ll, ctx); list_clear(&ll); err = 0; cleanup: SEXP_vfree(req.protocol_ent, req.local_address_ent, req.local_port_ent, NULL); return err; }