Пример #1
0
void apol_portcon_query_destroy(apol_portcon_query_t ** po)
{
	if (*po != NULL) {
		apol_context_destroy(&((*po)->context));
		free(*po);
		*po = NULL;
	}
}
Пример #2
0
apol_context_t *apol_context_create_from_qpol_context(const apol_policy_t * p, const qpol_context_t * context)
{
	apol_context_t *c = NULL;
	const qpol_user_t *user;
	const qpol_role_t *role;
	const qpol_type_t *type;
	const qpol_mls_range_t *range;
	const char *user_name, *role_name, *type_name;
	apol_mls_range_t *apol_range = NULL;
	if ((c = apol_context_create()) == NULL) {
		ERR(p, "%s", strerror(ENOMEM));
		goto err;
	}
	if (qpol_context_get_user(p->p, context, &user) < 0 ||
	    qpol_context_get_role(p->p, context, &role) < 0 ||
	    qpol_context_get_type(p->p, context, &type) < 0 || qpol_context_get_range(p->p, context, &range) < 0) {
		goto err;
	}
	if (qpol_user_get_name(p->p, user, &user_name) < 0 ||
	    qpol_role_get_name(p->p, role, &role_name) < 0 || qpol_type_get_name(p->p, type, &type_name) < 0) {
		goto err;
	}
	if (qpol_policy_has_capability(p->p, QPOL_CAP_MLS)) {
		/* if the policy is MLS then convert the range, else
		 * rely upon the default value of NULL */
		if ((apol_range = apol_mls_range_create_from_qpol_mls_range(p, range)) == NULL) {
			goto err;
		}
	}
	if (apol_context_set_user(p, c, user_name) < 0 ||
	    apol_context_set_role(p, c, role_name) < 0 ||
	    apol_context_set_type(p, c, type_name) < 0 || apol_context_set_range(p, c, apol_range) < 0) {
		goto err;
	}
	return c;
      err:
	apol_mls_range_destroy(&apol_range);
	apol_context_destroy(&c);
	return NULL;
}
Пример #3
0
/**
 * Get statistics regarding a policy's ports.
 * If this function is given a name, it will attempt to
 * get statistics about a particular port; otherwise
 * the function get statistics about all of the policy's ports.
 *
 * @param name Reference to an port's name; if NULL,
 * all ports will be considered
 * @param policydb Reference to a policy
 *
 * @return 0 on success, < 0 on error.
 */
static PyObject*  get_ports(const char *num, const apol_policy_t * policydb)
{
	const qpol_portcon_t *portcon = NULL;
	qpol_iterator_t *iter = NULL;
	uint16_t low_port, high_port;
	uint8_t ocon_proto;
	qpol_policy_t *q = apol_policy_get_qpol(policydb);
	const qpol_context_t *ctxt = NULL;
	const char *proto_str = NULL;
	const char *type = NULL;
	const apol_mls_range_t *range = NULL;
	char *range_str = NULL;
	apol_context_t *c = NULL;
	int error = 0;
	int rt = 0;
	PyObject *dict = NULL;
	PyObject *list = PyList_New(0);
	if (!list) goto err;

	if (qpol_policy_get_portcon_iter(q, &iter))
		goto err;

	for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
		if (qpol_iterator_get_item(iter, (void **)&portcon))
			goto err;
		if (qpol_portcon_get_low_port(q, portcon, &low_port))
			goto err;
		if (qpol_portcon_get_high_port(q, portcon, &high_port))
			goto err;
		if (qpol_portcon_get_protocol(q, portcon, &ocon_proto))
			goto err;
		if (num) {
			if (atoi(num) < low_port || atoi(num) > high_port)
				continue;
		}

		if ((ocon_proto != IPPROTO_TCP) &&
		    (ocon_proto != IPPROTO_UDP)) 
			goto err;

		if (qpol_portcon_get_context(q, portcon, &ctxt)) {
			PyErr_SetString(PyExc_RuntimeError, "Could not get for port context.");
			goto err;
		}

		if ((proto_str = apol_protocol_to_str(ocon_proto)) == NULL) {
			PyErr_SetString(PyExc_RuntimeError, "Invalid protocol for port");
			goto err;
		}

		if ((c = apol_context_create_from_qpol_context(policydb, ctxt)) == NULL) {
			goto err;
		}
		
		if((type = apol_context_get_type(c)) == NULL) {
			apol_context_destroy(&c);
			goto err;
		}
			
		dict = PyDict_New(); 
		if (!dict) goto err;
		if (py_insert_string(dict, "type", type))
			goto err;

		if((range = apol_context_get_range(c)) != NULL) {
			range_str = apol_mls_range_render(policydb, range);
			if (range_str == NULL) {
				goto err;
			}
			if (py_insert_string(dict, "range", range_str))
				goto err;
		}

		if (py_insert_string(dict, "protocol", proto_str))
			goto err;

		if (py_insert_long(dict, "high", high_port))
			goto err;

		if (py_insert_long(dict, "low", low_port))
			goto err;

		rt = py_append_obj(list, dict);
		Py_DECREF(dict); dict = NULL;
		if (rt) goto err;
	}
	goto cleanup;

err:
	error = errno;
	PyErr_SetString(PyExc_RuntimeError,strerror(errno));
	py_decref(list); list = NULL;
	py_decref(dict); dict = NULL;

cleanup:
	free(range_str);
	apol_context_destroy(&c);
	qpol_iterator_destroy(&iter);
	errno = error;
	return list;
}
Пример #4
0
apol_context_t *apol_context_create_from_literal(const char *context_string)
{
	apol_context_t *c = NULL;
	bool is_context_compiled = false;
	regex_t context_regex;
	const size_t nmatch = 5;
	regmatch_t pmatch[nmatch];

	if ((c = apol_context_create()) == NULL) {
		goto err;
	}

	if (regcomp(&context_regex, "^([^:]*):([^:]*):([^:]*):?(.*)$", REG_EXTENDED) != 0) {
		goto err;
	}
	is_context_compiled = true;

	if (regexec(&context_regex, context_string, nmatch, pmatch, 0) != 0) {
		errno = EIO;
		goto err;
	}

	const char *s;
	size_t len;

	assert(pmatch[1].rm_so == 0);
	s = context_string + pmatch[1].rm_so;
	len = pmatch[1].rm_eo - pmatch[1].rm_so;	// no +1 to avoid copying colon
	if (len != 0 && *s != '*' && (c->user = strndup(s, len)) == NULL) {
		goto err;
	}

	assert(pmatch[2].rm_so != -1);
	s = context_string + pmatch[2].rm_so;
	len = pmatch[2].rm_eo - pmatch[2].rm_so;	// no +1 to avoid copying colon
	if (len != 0 && *s != '*' && (c->role = strndup(s, len)) == NULL) {
		goto err;
	}

	assert(pmatch[3].rm_so != -1);
	s = context_string + pmatch[3].rm_so;
	len = pmatch[3].rm_eo - pmatch[3].rm_so;	// no +1 to avoid copying colon
	if (len != 0 && *s != '*' && (c->type = strndup(s, len)) == NULL) {
		goto err;
	}

	if (pmatch[4].rm_so != -1) {
		s = context_string + pmatch[4].rm_so;
		len = pmatch[4].rm_eo - pmatch[4].rm_so;
		if (len != 0 && *s != '*' && (c->range = apol_mls_range_create_from_literal(s)) == NULL) {
			goto err;
		}
	}

	regfree(&context_regex);
	return c;

      err:
	apol_context_destroy(&c);
	if (is_context_compiled) {
		regfree(&context_regex);
	}
	return NULL;
}