int oval_probe_query_test(oval_probe_session_t *sess, struct oval_test *test)
{
struct oval_object *object;
struct oval_state_iterator *ste_itr;
const char *type, *test_id, *comment;
int ret;
type = oval_subtype_get_text(oval_test_get_subtype(test));
test_id = oval_test_get_id(test);
comment = oval_test_get_comment(test);
dI("Evaluating %s test '%s': %s.", type, test_id, comment);
object = oval_test_get_object(test);
if (object == NULL)
return 0;
/* probe object */
ret = oval_probe_query_object(sess, object, 0, NULL);
if (ret == -1)
return ret;
/* probe objects referenced like this: test->state->variable->object */
ste_itr = oval_test_get_states(test);
while (oval_state_iterator_has_more(ste_itr)) {
struct oval_state *state = oval_state_iterator_next(ste_itr);
ret = oval_probe_query_var_ref(sess, state);
if (ret < 1) {
oval_state_iterator_free(ste_itr);
return ret;
}
}
oval_state_iterator_free(ste_itr);
return 0;
}
static SEXP_t *oval_probe_cmd_obj_eval(SEXP_t *sexp, void *arg)
{
char *id_str;
struct oval_definition_model *defs;
struct oval_object *obj;
struct oval_syschar *res;
oval_pext_t *pext = (oval_pext_t *) arg;
SEXP_t *ret, *ret_code;
int r;
if (sexp == NULL || arg == NULL) {
return NULL;
}
if (!SEXP_stringp(sexp)) {
dE("Invalid argument: type=%s.", SEXP_strtype(sexp));
return (NULL);
}
id_str = SEXP_string_cstr(sexp);
defs = oval_syschar_model_get_definition_model(*(pext->model));
obj = oval_definition_model_get_object(defs, id_str);
ret = SEXP_list_new (sexp, NULL);
dI("Get_object: %s.", id_str);
if (obj == NULL) {
dE("Can't find obj: id=%s.", id_str);
free(id_str);
SEXP_free(ret);
return (NULL);
}
oscap_clearerr();
r = oval_probe_query_object(pext->sess_ptr, obj, OVAL_PDFLAG_NOREPLY|OVAL_PDFLAG_SLAVE, &res);
if (r < 0)
ret_code = SEXP_number_newu((unsigned int) SYSCHAR_FLAG_COMPLETE);
else
ret_code = SEXP_number_newu((unsigned int) oval_syschar_get_flag(res));
SEXP_list_add(ret, ret_code);
SEXP_free(ret_code);
if (oscap_err()) {
dE("Failed: id: %s, err: %d, %s.",
id_str, oscap_err_family(), oscap_err_desc());
oscap_clearerr();
free(id_str);
SEXP_free(ret);
return (NULL);
}
free(id_str);
return (ret);
}
int oval_probe_query_test(oval_probe_session_t *sess, struct oval_test *test)
{
struct oval_object *object;
struct oval_state_iterator *ste_itr;
int ret;
oval_subtype_t test_subtype, object_subtype;
object = oval_test_get_object(test);
if (object == NULL)
return 0;
test_subtype = oval_test_get_subtype(test);
object_subtype = oval_object_get_subtype(object);
if (test_subtype != object_subtype) {
oscap_seterr(OSCAP_EFAMILY_OVAL, "%s_test '%s' is not compatible with %s_object '%s'.",
oval_subtype_to_str(test_subtype), oval_test_get_id(test),
oval_subtype_to_str(object_subtype), oval_object_get_id(object));
return 0;
}
/* probe object */
ret = oval_probe_query_object(sess, object, 0, NULL);
if (ret == -1)
return ret;
/* probe objects referenced like this: test->state->variable->object */
ste_itr = oval_test_get_states(test);
while (oval_state_iterator_has_more(ste_itr)) {
struct oval_state *state = oval_state_iterator_next(ste_itr);
ret = oval_probe_query_var_ref(sess, state);
if (ret < 1) {
oval_state_iterator_free(ste_itr);
return ret;
}
}
oval_state_iterator_free(ste_itr);
return 0;
}
/**
* @returns 0 on success; -1 on error; 1 on warning
*/
static int oval_probe_query_criteria(oval_probe_session_t *sess, struct oval_criteria_node *cnode) {
int ret;
switch (oval_criteria_node_get_type(cnode)) {
/* Criterion node is the final node that has a reference to a test */
case OVAL_NODETYPE_CRITERION:{
/* There should be a test .. */
struct oval_test *test;
struct oval_object *object;
struct oval_state_iterator *ste_itr;
test = oval_criteria_node_get_test(cnode);
if (test == NULL)
return 0;
object = oval_test_get_object(test);
if (object == NULL)
return 0;
/* probe object */
ret = oval_probe_query_object(sess, object, 0, NULL);
if (ret == -1)
return ret;
/* probe objects referenced like this: test->state->variable->object */
ste_itr = oval_test_get_states(test);
while (oval_state_iterator_has_more(ste_itr)) {
struct oval_state *state = oval_state_iterator_next(ste_itr);
struct oval_state_content_iterator *contents = oval_state_get_contents(state);
while (oval_state_content_iterator_has_more(contents)) {
struct oval_state_content *content = oval_state_content_iterator_next(contents);
struct oval_entity * entity = oval_state_content_get_entity(content);
if (oval_entity_get_varref_type(entity) == OVAL_ENTITY_VARREF_ATTRIBUTE) {
oval_syschar_collection_flag_t flag;
struct oval_variable *var = oval_entity_get_variable(entity);
ret = oval_probe_query_variable(sess, var);
if (ret == -1) {
oval_state_content_iterator_free(contents);
oval_state_iterator_free(ste_itr);
return ret;
}
flag = oval_variable_get_collection_flag(var);
switch (flag) {
case SYSCHAR_FLAG_COMPLETE:
case SYSCHAR_FLAG_INCOMPLETE:
break;
default:
oval_state_content_iterator_free(contents);
oval_state_iterator_free(ste_itr);
return 0;
}
}
}
oval_state_content_iterator_free(contents);
}
oval_state_iterator_free(ste_itr);
return 0;
}
break;
/* Criteria node is type of set that contains more criterias. Criteria node
* child can be also type of criteria, criterion or extended definition */
case OVAL_NODETYPE_CRITERIA:{
/* group of criterion nodes, get subnodes, continue recursive */
struct oval_criteria_node_iterator *cnode_it = oval_criteria_node_get_subnodes(cnode);
if (cnode_it == NULL)
return 0;
/* we have subnotes */
struct oval_criteria_node *node;
while (oval_criteria_node_iterator_has_more(cnode_it)) {
node = oval_criteria_node_iterator_next(cnode_it);
ret = oval_probe_query_criteria(sess, node);
if (ret != 0) {
oval_criteria_node_iterator_free(cnode_it);
return ret;
}
}
oval_criteria_node_iterator_free(cnode_it);
return 0;
}
break;
/* Extended definition contains reference to definition, we need criteria of this
* definition to be evaluated completely */
case OVAL_NODETYPE_EXTENDDEF:{
struct oval_definition *oval_def = oval_criteria_node_get_definition(cnode);
struct oval_criteria_node *node = oval_definition_get_criteria(oval_def);
if (node == NULL) {
oscap_seterr(OSCAP_EFAMILY_OSCAP, "Could not find extended definition: %s.",
oval_definition_get_id(oval_def));
return -1;
}
return oval_probe_query_criteria(sess, node);
}
break;
case OVAL_NODETYPE_UNKNOWN:
break;
}
/* we shouldn't get here */
return -1;
}
int app_collect_oval(const struct oscap_action *action)
{
struct oval_definition_model *def_model = NULL;
struct oval_variable_model *var_model = NULL;
struct oval_syschar_model *sys_model = NULL;
struct oval_sysinfo *sysinfo = NULL;
struct oval_probe_session *pb_sess = NULL;
struct oval_generator *generator = NULL;
int ret = OSCAP_ERROR;
/* Turn on verbosity */
if (!oscap_set_verbose(action->verbosity_level, action->f_verbose_log, false)) {
goto cleanup;
}
/* validate inputs */
if (action->validate) {
if (!valid_inputs(action)) {
goto cleanup;
}
}
/* import definitions */
struct oscap_source *source = oscap_source_new_from_file(action->f_oval);
def_model = oval_definition_model_import_source(source);
oscap_source_free(source);
if (def_model == NULL) {
fprintf(stderr, "Failed to import the OVAL Definitions from '%s'.\n", action->f_oval);
goto cleanup;
}
/* bind external variables */
if(action->f_variables) {
struct oscap_source *var_source = oscap_source_new_from_file(action->f_variables);
var_model = oval_variable_model_import_source(var_source);
oscap_source_free(var_source);
if (var_model == NULL) {
fprintf(stderr, "Failed to import the OVAL Variables from '%s'.\n", action->f_variables);
goto cleanup;
}
if (oval_definition_model_bind_variable_model(def_model, var_model)) {
fprintf(stderr, "Failed to bind Variables to Definitions\n");
goto cleanup;
}
}
/* create empty syschar model */
sys_model = oval_syschar_model_new(def_model);
/* set product name */
generator = oval_syschar_model_get_generator(sys_model);
oval_generator_set_product_name(generator, OSCAP_PRODUCTNAME);
/* create probe session */
pb_sess = oval_probe_session_new(sys_model);
/* query sysinfo */
ret = oval_probe_query_sysinfo(pb_sess, &sysinfo);
if (ret != 0) {
fprintf(stderr, "Failed to query sysinfo\n");
goto cleanup;
}
oval_syschar_model_set_sysinfo(sys_model, sysinfo);
/* query objects */
struct oval_object *object;
struct oval_syschar *syschar;
oval_syschar_collection_flag_t sc_flg;
if (action->id) {
object = oval_definition_model_get_object(def_model, action->id);
if (!object) {
fprintf(stderr, "Object ID(%s) does not exist in '%s'.\n", action->id, action->f_oval);
goto cleanup;
}
printf("Collected: \"%s\" : ", oval_object_get_id(object));
oval_probe_query_object(pb_sess, object, 0, &syschar);
sc_flg = oval_syschar_get_flag(syschar);
printf("%s\n", oval_syschar_collection_flag_get_text(sc_flg));
}
else {
struct oval_object_iterator *objects = oval_definition_model_get_objects(def_model);
while (oval_object_iterator_has_more(objects)) {
object = oval_object_iterator_next(objects);
printf("Collected: \"%s\" : ", oval_object_get_id(object));
oval_probe_query_object(pb_sess, object, 0, &syschar);
sc_flg = oval_syschar_get_flag(syschar);
printf("%s\n", oval_syschar_collection_flag_get_text(sc_flg));
}
oval_object_iterator_free(objects);
}
const char* full_validation = getenv("OSCAP_FULL_VALIDATION");
/* output */
if (action->f_syschar != NULL) {
/* export OVAL System Characteristics */
oval_syschar_model_export(sys_model, action->f_syschar);
/* validate OVAL System Characteristics */
if (action->validate && full_validation) {
struct oscap_source *syschar_source = oscap_source_new_from_file(action->f_syschar);
if (oscap_source_validate(syschar_source, reporter, (void *)action)) {
oscap_source_free(syschar_source);
goto cleanup;
}
fprintf(stdout, "OVAL System Characteristics are exported correctly.\n");
oscap_source_free(syschar_source);
}
}
ret = OSCAP_OK;
cleanup:
if(oscap_err())
fprintf(stderr, "%s %s\n", OSCAP_ERR_MSG, oscap_err_desc());
if (sysinfo) oval_sysinfo_free(sysinfo);
if (pb_sess) oval_probe_session_destroy(pb_sess);
if (sys_model) oval_syschar_model_free(sys_model);
if (def_model) oval_definition_model_free(def_model);
return ret;
}
