int probe_main (probe_ctx *ctx, void *arg) { SEXP_t *object; struct runlevel_req request_st; struct runlevel_rep *reply_st = NULL; object = probe_ctx_getobject(ctx); request_st.service_name_ent = probe_obj_getent(object, "service_name", 1); if (request_st.service_name_ent == NULL) { dI("%s: element not found", "service_name"); return PROBE_ENOELM; } request_st.runlevel_ent = probe_obj_getent(object, "runlevel", 1); if (request_st.runlevel_ent == NULL) { SEXP_free(request_st.service_name_ent); dI("%s: element not found", "runlevel"); return PROBE_ENOELM; } if (get_runlevel(&request_st, &reply_st) == -1) { SEXP_t *msg; msg = probe_msg_creat(OVAL_MESSAGE_LEVEL_ERROR, "get_runlevel failed."); probe_cobj_add_msg(probe_ctx_getresult(ctx), msg); SEXP_free(msg); probe_cobj_set_flag(probe_ctx_getresult(ctx), SYSCHAR_FLAG_ERROR); } else { struct runlevel_rep *next_rep; SEXP_t *item; while (reply_st != NULL) { dI("get_runlevel: [0]=\"%s\", [1]=\"%s\", [2]=\"%d\", [3]=\"%d\"", reply_st->service_name, reply_st->runlevel, reply_st->start, reply_st->kill); item = probe_item_create(OVAL_UNIX_RUNLEVEL, NULL, "service_name", OVAL_DATATYPE_STRING, reply_st->service_name, "runlevel", OVAL_DATATYPE_STRING, reply_st->runlevel, "start", OVAL_DATATYPE_BOOLEAN, reply_st->start, "kill", OVAL_DATATYPE_BOOLEAN, reply_st->kill, NULL); probe_item_collect(ctx, item); next_rep = reply_st->next; oscap_free(reply_st->service_name); oscap_free(reply_st->runlevel); oscap_free(reply_st); reply_st = next_rep; } } SEXP_free(request_st.runlevel_ent); SEXP_free(request_st.service_name_ent); return 0; }
// GUI calls this function when a user left-clicks on an image pixel while in "Region" mode // The method computes a 'region' of pixels connected to 'seed'. The region is grown by adding // to each pixel p (starting at 'seed') all neighbors q such that intensity difference is small, // that is, |Ip-Iq|<T where T is some fixed threshold. Use Queue for active front. // HINT: to compute intensity difference Ip-Iq, use function dI(RGB,RGB) defined in "Image2D.h" void regionGrow(Point seed, double T) { if (!image.pointIn(seed)) return; int counter = 0; Queue<Point> active; active.enqueue(seed); // use BREADTH-FIRST_SEARCH (FIFO order) traversal - "Queue" //.. while (!active.isEmpty()) { Point p = active.dequeue(); region[p]=1; counter++; for (int i=0; i<4; i++) { Point q = p + shift[i]; if (image.pointIn(q) && region[q]==0 && dI(image[q], image[seed])>(T*-1) && dI(image[q], image[seed])<T) { active.enqueue(q); region[q]=2; } } if (view && counter%60==0) {draw(); Pause(20);} } cout << "grown region of volume " << counter << " pixels (threshold " << T << ")" << endl; }
int oval_probe_query_sysinfo(oval_probe_session_t *sess, struct oval_sysinfo **out_sysinfo) { struct oval_sysinfo *sysinf; oval_ph_t *ph; int ret; dI("Querying system information."); ph = oval_probe_handler_get(sess->ph, OVAL_SUBTYPE_SYSINFO); if (ph == NULL) { oscap_seterr (OSCAP_EFAMILY_OVAL, "OVAL object not supported"); return(-1); } if (ph->func == NULL) { oscap_seterr (OSCAP_EFAMILY_OVAL, "OVAL object not correctly defined"); return(-1); } sysinf = NULL; ret = ph->func(OVAL_SUBTYPE_SYSINFO, ph->uptr, PROBE_HANDLER_ACT_EVAL, NULL, &sysinf, 0); if (ret != 0) return(ret); *out_sysinfo = sysinf; return(0); }
static int oval_probe_query_extend_definition(oval_probe_session_t *sess, struct oval_criteria_node *cnode) { struct oval_definition *oval_def = oval_criteria_node_get_definition(cnode); const char *def_id = oval_definition_get_id(oval_def); dI("Criteria are extended by definition '%s'.", def_id); return oval_probe_query_definition(sess, def_id); }
/* this function will gather all the necessary ingredients and call 'evaluate_items' when it finds them */ static oval_result_t _oval_result_test_result(struct oval_result_test *rtest, void **args) { __attribute__nonnull__(rtest); /* is the test already evaluated? */ if (rtest->result != OVAL_RESULT_NOT_EVALUATED) { dI("Found result from previous evaluation: %d, returning without further processing.\n", rtest->result); return (rtest->result); } /* get syschar of rtest */ struct oval_test *test = oval_result_test_get_test(rtest); struct oval_object * object = oval_test_get_object(test); char * object_id = oval_object_get_id(object); struct oval_result_system *sys = oval_result_test_get_system(rtest); struct oval_syschar_model *syschar_model = oval_result_system_get_syschar_model(sys); struct oval_syschar * syschar = oval_syschar_model_get_syschar(syschar_model, object_id); if (syschar == NULL) { dW("No syschar for object: %s\n", object_id); return OVAL_RESULT_UNKNOWN; } /* evaluate items */ oval_result_t result = _oval_result_test_evaluate_items(test, syschar, args); return result; }
void Matrix::lu(Matrix& L, Matrix& U) const { if (m_nrows != m_ncols) throw Error(" matrix is not square "); Matrix A = *this; Matrix Lf(m_nrows), dI(m_nrows), P(m_nrows); dI = dI + dI; for (size_t i = 0; i < m_nrows - 1; i++) { /* // check if pivot == 0 // if so, try to find a valid pivot // if no valid pivot found, matrix isn't invertible (quit) // update permutation matrix // */ Matrix Lt(m_nrows); for (size_t j = i + 1; j < m_nrows; j++) Lt(j, i) = -A(j, i) / A(i, i); A = Lt * A; Lf = Lf * (dI - Lt); } U = A; L = Lf; }
static int _oval_affected_parse_tag(xmlTextReaderPtr reader, struct oval_parser_context *context, void *user) { struct oval_affected *affected = (struct oval_affected *)user; int return_code; xmlChar *tagname = xmlTextReaderLocalName(reader); //xmlChar *namespace = xmlTextReaderNamespaceUri(reader); if (strcmp((char *)tagname, "platform") == 0) { char *platform = NULL; return_code = oscap_parser_text_value(reader, &oscap_text_consumer, &platform); if (platform != NULL) { oval_affected_add_platform(affected, platform); oscap_free(platform); } } else if (strcmp((char *)tagname, "product") == 0) { char *product = NULL; return_code = oscap_parser_text_value(reader, &oscap_text_consumer, &product); if (product != NULL) { oval_affected_add_product(affected, product); oscap_free(product); } } else { dI("Skipping tag: %s", tagname); return_code = oval_parser_skip_tag(reader, context); } oscap_free(tagname); return return_code; }
int oval_probe_query_test(oval_probe_session_t *sess, struct oval_test *test) { struct oval_object *object; struct oval_state_iterator *ste_itr; const char *type, *test_id, *comment; int ret; type = oval_subtype_get_text(oval_test_get_subtype(test)); test_id = oval_test_get_id(test); comment = oval_test_get_comment(test); dI("Evaluating %s test '%s': %s.", type, test_id, comment); object = oval_test_get_object(test); if (object == NULL) return 0; /* probe object */ ret = oval_probe_query_object(sess, object, 0, NULL); if (ret == -1) return ret; /* probe objects referenced like this: test->state->variable->object */ ste_itr = oval_test_get_states(test); while (oval_state_iterator_has_more(ste_itr)) { struct oval_state *state = oval_state_iterator_next(ste_itr); ret = oval_probe_query_var_ref(sess, state); if (ret < 1) { oval_state_iterator_free(ste_itr); return ret; } } oval_state_iterator_free(ste_itr); return 0; }
static SEXP_t *oval_probe_cmd_obj_eval(SEXP_t *sexp, void *arg) { char *id_str; struct oval_definition_model *defs; struct oval_object *obj; struct oval_syschar *res; oval_pext_t *pext = (oval_pext_t *) arg; SEXP_t *ret, *ret_code; int r; if (sexp == NULL || arg == NULL) { return NULL; } if (!SEXP_stringp(sexp)) { dE("Invalid argument: type=%s.", SEXP_strtype(sexp)); return (NULL); } id_str = SEXP_string_cstr(sexp); defs = oval_syschar_model_get_definition_model(*(pext->model)); obj = oval_definition_model_get_object(defs, id_str); ret = SEXP_list_new (sexp, NULL); dI("Get_object: %s.", id_str); if (obj == NULL) { dE("Can't find obj: id=%s.", id_str); free(id_str); SEXP_free(ret); return (NULL); } oscap_clearerr(); r = oval_probe_query_object(pext->sess_ptr, obj, OVAL_PDFLAG_NOREPLY|OVAL_PDFLAG_SLAVE, &res); if (r < 0) ret_code = SEXP_number_newu((unsigned int) SYSCHAR_FLAG_COMPLETE); else ret_code = SEXP_number_newu((unsigned int) oval_syschar_get_flag(res)); SEXP_list_add(ret, ret_code); SEXP_free(ret_code); if (oscap_err()) { dE("Failed: id: %s, err: %d, %s.", id_str, oscap_err_family(), oscap_err_desc()); oscap_clearerr(); free(id_str); SEXP_free(ret); return (NULL); } free(id_str); return (ret); }
static int read_packet(llist *l, probe_ctx *ctx, oval_schema_version_t over) { int line = 0; FILE *f; char buf[256]; void *s; int refcnt, sk_type, ifindex, running; unsigned long inode; unsigned rmem, uid, proto_num; struct interface_t interface; f = fopen("/proc/net/packet", "rt"); if (f == NULL) { if (errno != ENOENT) return 1; else return 0; } __fsetlocking(f, FSETLOCKING_BYCALLER); while (fgets(buf, sizeof(buf), f)) { if (line == 0) { line++; continue; } /* follow structure from net/packet/af_packet.c */ sscanf(buf, "%p %d %d %04x %d %d %u %u %lu\n", &s, &refcnt, &sk_type, &proto_num, &ifindex, &running, &rmem, &uid, &inode ); if (list_find_inode(l, inode) && get_interface(ifindex, &interface)) { struct result_info r; SEXP_t *r0; dI("Have interface_name: %s, hw_address: %s\n", interface.interface_name, interface.hw_address); r0 = SEXP_string_newf("%s", interface.interface_name); if (probe_entobj_cmp(interface_name_ent, r0) != OVAL_RESULT_TRUE) { SEXP_free(r0); continue; } SEXP_free(r0); r.interface_name = interface.interface_name; r.protocol = oscap_enum_to_string(ProtocolType, proto_num); r.hw_address = interface.hw_address; report_finding(&r, l, ctx, over); } } fclose(f); return 0; }
int oval_agent_eval_system(oval_agent_session_t * ag_sess, agent_reporter cb, void *arg) { struct oval_definition *oval_def; struct oval_definition_iterator *oval_def_it; char *id; int ret = 0; dI("OVAL agent started to evaluate OVAL definitions on your system."); oval_def_it = oval_definition_model_get_definitions(ag_sess->def_model); while (oval_definition_iterator_has_more(oval_def_it)) { oval_def = oval_definition_iterator_next(oval_def_it); id = oval_definition_get_id(oval_def); /* probe and eval */ ret = oval_agent_eval_definition(ag_sess, id); if (ret==-1) { goto cleanup; } /* callback */ if (cb != NULL) { struct oval_result_definition * res_def = oval_agent_get_result_definition(ag_sess, id); ret = cb(res_def,arg); /* stop? */ if (ret!=0) goto cleanup; } /* probe evaluation terminated by signal */ if (ret == -2) { ret = 1; break; } } cleanup: oval_definition_iterator_free(oval_def_it); dI("OVAL agent finished evaluation."); return ret; }
static int oval_varref_elm_to_sexp(void *sess, struct oval_variable *var, oval_datatype_t dt, SEXP_t **out_sexp, struct oval_syschar *syschar) { SEXP_t *val_lst; struct oval_value_iterator *val_itr; oval_syschar_collection_flag_t flag; if (oval_probe_query_variable(sess, var) != 0) return -1; flag = oval_variable_get_collection_flag(var); if (flag == SYSCHAR_FLAG_DOES_NOT_EXIST) { char msg[100]; snprintf(msg, sizeof(msg), "Referenced variable has no values (%s).", oval_variable_get_id(var)); dI("%s", msg); if (syschar != NULL) { oval_syschar_add_new_message(syschar, msg, OVAL_MESSAGE_LEVEL_WARNING); oval_syschar_set_flag(syschar, SYSCHAR_FLAG_DOES_NOT_EXIST); } return 1; } if (flag != SYSCHAR_FLAG_COMPLETE && flag != SYSCHAR_FLAG_INCOMPLETE) { *out_sexp = SEXP_list_new(NULL); return 0; } val_lst = SEXP_list_new(NULL); val_itr = oval_variable_get_values(var); while (oval_value_iterator_has_more(val_itr)) { struct oval_value *val; SEXP_t *vs; val = oval_value_iterator_next(val_itr); vs = oval_value_to_sexp(val, dt); if (vs == NULL) { oscap_seterr(OSCAP_EFAMILY_OVAL, "Failed to convert OVAL value to SEXP: " "datatype: %s, text: %s.", oval_datatype_get_text(dt), oval_value_get_text(val)); oval_value_iterator_free(val_itr); SEXP_free(val_lst); return -1; } SEXP_list_add(val_lst, vs); SEXP_free(vs); } oval_value_iterator_free(val_itr); *out_sexp = val_lst; return 0; }
static int read_tcp(const char *proc, const char *type, llist *l, probe_ctx *ctx) { int line = 0; FILE *f; char buf[256]; unsigned long rxq, txq, time_len, retr, inode; unsigned local_port, rem_port, uid; int d, state, timer_run, timeout; char rem_addr[128], local_addr[128], more[512]; f = fopen(proc, "rt"); if (f == NULL) { if (errno != ENOENT) return 1; else return 0; } __fsetlocking(f, FSETLOCKING_BYCALLER); while (fgets(buf, sizeof(buf), f)) { if (line == 0) { line++; continue; } more[0] = 0; sscanf(buf, "%d: %64[0-9A-Fa-f]:%X %64[0-9A-Fa-f]:%X %X " "%lX:%lX %X:%lX %lX %d %d %lu %512s\n", &d, local_addr, &local_port, rem_addr, &rem_port, &state, &txq, &rxq, &timer_run, &time_len, &retr, &uid, &timeout, &inode, more); char src[NI_MAXHOST], dest[NI_MAXHOST]; addr_convert(local_addr, src, NI_MAXHOST); addr_convert(rem_addr, dest, NI_MAXHOST); dI("Have tcp port: %s:%u\n", src, local_port); if (eval_data(type, src, local_port)) { struct result_info r; r.proto = type; r.laddr = src; r.lport = local_port; r.raddr = dest; r.rport = rem_port; if (list_find_inode(l, inode)) { report_finding(&r, l, ctx); } else { report_finding(&r, NULL, ctx); } } } fclose(f); return 0; }
oval_agent_session_t * oval_agent_new_session(struct oval_definition_model *model, const char * name) { oval_agent_session_t *ag_sess; struct oval_sysinfo *sysinfo; struct oval_generator *generator; int ret; dI("Started new OVAL agent.", name); /* Optimalization */ oval_definition_model_optimize_by_filter_propagation(model); ag_sess = oscap_talloc(oval_agent_session_t); ag_sess->filename = oscap_strdup(name); ag_sess->def_model = model; ag_sess->cur_var_model = NULL; ag_sess->sys_model = oval_syschar_model_new(model); #if defined(OVAL_PROBES_ENABLED) ag_sess->psess = oval_probe_session_new(ag_sess->sys_model); #endif #if defined(OVAL_PROBES_ENABLED) /* probe sysinfo */ ret = oval_probe_query_sysinfo(ag_sess->psess, &sysinfo); if (ret != 0) { oval_probe_session_destroy(ag_sess->psess); oval_syschar_model_free(ag_sess->sys_model); oscap_free(ag_sess); return NULL; } #else /* TODO */ sysinfo = oval_sysinfo_new(ag_sess->sys_model); #endif /* OVAL_PROBES_ENABLED */ oval_syschar_model_set_sysinfo(ag_sess->sys_model, sysinfo); oval_sysinfo_free(sysinfo); /* one system only */ ag_sess->sys_models[0] = ag_sess->sys_model; ag_sess->sys_models[1] = NULL; #if defined(OVAL_PROBES_ENABLED) ag_sess->res_model = oval_results_model_new_with_probe_session( model, ag_sess->sys_models, ag_sess->psess); generator = oval_results_model_get_generator(ag_sess->res_model); oval_generator_set_product_version(generator, oscap_get_version()); #endif ag_sess->product_name = NULL; return ag_sess; }
unsigned int Matrix::lup(Matrix& L, Matrix& U, Matrix& P) const { if (m_nrows != m_ncols) throw Error(" matrix is not square "); unsigned int permutations = 0; Matrix A = *this; Matrix Lf(m_nrows), dI(m_nrows), Per(m_nrows); dI = dI + dI; for (size_t i = 0; i < m_nrows - 1; i++) { if (Matrix::precision >= std::fabs(A(i, i))) { bool p = 0; for (size_t k = i + 1; k < m_nrows; k++) if (Matrix::precision >= std::fabs(A(k, i))) { A.swapRows(i, k); Per.swapRows(i, k); p = true; break; } if (!p) throw Error("matrix is not invertible"); else permutations++; } Matrix Lt(m_nrows); // gaussian matrix for (size_t j = i + 1; j < m_nrows; j++) Lt(j, i) = -A(j, i) / A(i, i); /* A = Lt * A; Lf = Lf * (dI - Lt); */ A = Lt.multiply(A); Lf = Lf.multiply((dI - Lt)); // dI-Lt is the inverse of Lt (gaussian matrix) } P = Per; U = A; L = Lf; return permutations; }
void oval_probe_meta_list(FILE *output, int flags) { register size_t i; const char *probe_dir; oval_probe_meta_t *meta = OSCAP_GSYM(__probe_meta); size_t probe_dirlen; char probe_path[PATH_MAX+1]; if (output == NULL) output = stdout; probe_dir = oval_probe_ext_getdir(); assume_d(probe_dir != NULL, /* void */); probe_dirlen = strlen(probe_dir); assume_r(probe_dirlen + 1 <= PATH_MAX, /* void */); for (i = 0; i < OSCAP_GSYM(__probe_meta_count); ++i) { if (meta[i].flags & OVAL_PROBEMETA_EXTERNAL) { strncpy(probe_path, probe_dir, PATH_MAX); probe_path[probe_dirlen] = '/'; probe_path[probe_dirlen+1] = '\0'; strncat(probe_path, meta[i].pname, PATH_MAX - strlen(probe_dir) - 1); if (flags & OVAL_PROBEMETA_LIST_DYNAMIC) { dI("Checking access to \"%s\"\n", probe_path); if (access(probe_path, X_OK) != 0) { dW("access: errno=%d, %s\n", errno, strerror(errno)); continue; } } } fprintf(output, "%-28s %-28s", meta[i].stype, meta[i].pname); if (flags & OVAL_PROBEMETA_LIST_VERBOSE) { if (meta[i].flags & OVAL_PROBEMETA_EXTERNAL) { fprintf(output, " %-5u %s\n", meta[i].otype, probe_path); } else { fprintf(output, " %-5u\n", meta[i].otype); } } else fprintf(output, "\n"); } return; }
void __SEXP_free_r (SEXP_t *s_exp, const char *file, uint32_t line, const char *func) #endif { #if !defined(NDEBUG) && defined(SEAP_VERBOSE_DEBUG) dI("s_exp=%p (%s:%u:%s)", s_exp, file, line, func); #endif if (s_exp == NULL) return; if (!SEXP_softrefp(s_exp) && SEXP_typeof(s_exp) != SEXP_TYPE_EMPTY) { SEXP_val_t v_dsc; SEXP_VALIDATE(s_exp); SEXP_val_dsc (&v_dsc, s_exp->s_valp); if (SEXP_rawval_decref (s_exp->s_valp)) { switch (v_dsc.type) { case SEXP_VALTYPE_STRING: oscap_aligned_free(v_dsc.hdr); break; case SEXP_VALTYPE_NUMBER: oscap_aligned_free(v_dsc.hdr); break; case SEXP_VALTYPE_LIST: if (SEXP_LCASTP(v_dsc.mem)->b_addr != NULL) SEXP_rawval_lblk_free ((uintptr_t)SEXP_LCASTP(v_dsc.mem)->b_addr, SEXP_free_r); oscap_aligned_free(v_dsc.hdr); break; default: abort (); } } } #if !defined(NDEBUG) || defined(VALIDATE_SEXP) s_exp->s_valp = 0; s_exp->s_type = NULL; s_exp->__magic0 = SEXP_MAGIC0_INV; s_exp->__magic1 = SEXP_MAGIC1_INV; #endif return; }
void *probe_init (void) { SEXP_init(&gr_lastpath); /* * Initialize mutex. */ switch (pthread_mutex_init (&__file_probe_mutex, NULL)) { case 0: return ((void *)&__file_probe_mutex); default: dI("Can't initialize mutex: errno=%u, %s.", errno, strerror (errno)); } #if 0 probe_setoption(PROBEOPT_VARREF_HANDLING, false, "path"); probe_setoption(PROBEOPT_VARREF_HANDLING, false, "filename"); #endif probe_setoption(PROBEOPT_OFFLINE_MODE_SUPPORTED, PROBE_OFFLINE_CHROOT); return (NULL); }
static int read_password(SEXP_t *un_ent, probe_ctx *ctx, oval_schema_version_t over) { struct passwd *pw; while ((pw = getpwent())) { SEXP_t *un; dI("Have user: %s", pw->pw_name); un = SEXP_string_newf("%s", pw->pw_name); if (probe_entobj_cmp(un_ent, un) == OVAL_RESULT_TRUE) { struct result_info r; r.username = pw->pw_name; r.password = pw->pw_passwd; r.user_id = pw->pw_uid; r.group_id = pw->pw_gid; r.gcos = pw->pw_gecos; r.home_dir = pw->pw_dir; r.login_shell = pw->pw_shell; r.last_login = -1; if (oval_schema_version_cmp(over, OVAL_SCHEMA_VERSION(5.10)) >= 0) { FILE *ll_fp = fopen(_PATH_LASTLOG, "r"); if (ll_fp != NULL) { struct lastlog ll; if (fseeko(ll_fp, (off_t)pw->pw_uid * sizeof(ll), SEEK_SET) == 0) if (fread((char *)&ll, sizeof(ll), 1, ll_fp) == 1) r.last_login = (int64_t)ll.ll_time; fclose(ll_fp); } } report_finding(&r, ctx, over); } SEXP_free(un); } endpwent(); return 0; }
void *probe_init (void) { #ifdef RPM46_FOUND rpmlogSetCallback(rpmErrorCb, NULL); #endif if (rpmReadConfigFiles ((const char *)NULL, (const char *)NULL) != 0) { dI("rpmReadConfigFiles failed: %u, %s.", errno, strerror (errno)); return (NULL); } g_rpm.rpmts = rpmtsCreate(); pthread_mutex_init(&(g_rpm.mutex), NULL); if (OSCAP_GSYM(offline_mode) & PROBE_OFFLINE_OWN) { const char* root = getenv("OSCAP_PROBE_ROOT"); rpmtsSetRootDir(g_rpm.rpmts, root); } return ((void *)&g_rpm); }
void *probe_init (void) { /* * Initialize crypto API */ if (crapi_init (NULL) != 0) return (NULL); /* * Initialize mutex. */ switch (pthread_mutex_init (&__filehash_probe_mutex, NULL)) { case 0: return ((void *)&__filehash_probe_mutex); default: dI("Can't initialize mutex: errno=%u, %s.", errno, strerror (errno)); } probe_setoption(PROBEOPT_OFFLINE_MODE_SUPPORTED, PROBE_OFFLINE_CHROOT); return (NULL); }
oval_result_t oval_result_test_eval(struct oval_result_test *rtest) { __attribute__nonnull__(rtest); if (rtest->result == OVAL_RESULT_NOT_EVALUATED) { if ((oval_independent_subtype_t)oval_test_get_subtype(oval_result_test_get_test(rtest)) != OVAL_INDEPENDENT_UNKNOWN ) { struct oval_string_map *tmp_map = oval_string_map_new(); void *args[] = { rtest->system, rtest, tmp_map }; rtest->result = _oval_result_test_result(rtest, args); oval_string_map_free(tmp_map, NULL); if (!rtest->bindings_initialized) { _oval_result_test_initialize_bindings(rtest); } } else rtest->result = OVAL_RESULT_UNKNOWN; } dI("\t%s => %s\n", oval_result_test_get_id(rtest), oval_result_get_text(rtest->result)); return rtest->result; }
static inline oval_result_t probe_ent_cmp_single(SEXP_t *state_ent, oval_datatype_t state_data_type, SEXP_t *sysent, oval_operation_t op) { // This compares a single entity of a state with a single entity of a sysitem // This is very similar to oval_ent_cmp_str, we hope to get a rid of this soon switch (state_data_type) { case OVAL_DATATYPE_BINARY: return probe_ent_cmp_binary(state_ent, sysent, op); case OVAL_DATATYPE_BOOLEAN: return probe_ent_cmp_bool(state_ent, sysent, op); case OVAL_DATATYPE_EVR_STRING: return probe_ent_cmp_evr(state_ent, sysent, op); case OVAL_DATATYPE_DEBIAN_EVR_STRING: return probe_ent_cmp_debian_evr(state_ent, sysent, op); case OVAL_DATATYPE_FILESET_REVISION: return probe_ent_cmp_filesetrev(state_ent, sysent, op); case OVAL_DATATYPE_FLOAT: return probe_ent_cmp_float(state_ent, sysent, op); case OVAL_DATATYPE_IOS_VERSION: return probe_ent_cmp_ios(state_ent, sysent, op); case OVAL_DATATYPE_VERSION: return probe_ent_cmp_version(state_ent, sysent, op); case OVAL_DATATYPE_INTEGER: return probe_ent_cmp_int(state_ent, sysent, op); case OVAL_DATATYPE_STRING: return probe_ent_cmp_string(state_ent, sysent, op); case OVAL_DATATYPE_IPV4ADDR: return probe_ent_cmp_ipaddr(AF_INET, state_ent, sysent, op); case OVAL_DATATYPE_IPV6ADDR: return probe_ent_cmp_ipaddr(AF_INET6, state_ent, sysent, op); default: dI("Unexpected data type: %d\n", state_data_type); break; } return OVAL_RESULT_ERROR; }
DWORD WINAPI ThreadFunc(LPVOID param) { MSG msg; WNDCLASSEX wndCL; HINSTANCE hInstance = GetModuleHandle("debug-device-driver.dll"); if (hInstance == NULL) std::cout << "can't retrieve module handle" << std::endl; else std::cout << "Found handle of the module!" << std::endl; ZeroMemory(&wndCL, sizeof(wndCL)); wndCL.hInstance = hInstance; wndCL.lpszClassName = "DebugDeviceDriverClass"; wndCL.lpfnWndProc = windowProc; wndCL.cbSize = sizeof(WNDCLASSEX); wndCL.style = CS_DBLCLKS; wndCL.hCursor = LoadCursor (NULL, IDC_ARROW); wndCL.hbrBackground = (HBRUSH) COLOR_BACKGROUND; if(!RegisterClassEx(&wndCL)) return 0; ptr<debugInterface> dI(param); dI->logWindow = CreateWindowEx(NULL, "DebugDeviceDriverClass","Debug Device Driver Simulator Window", WS_EX_PALETTEWINDOW, CW_USEDEFAULT, CW_USEDEFAULT, 400, 300, NULL, NULL, hInstance, NULL); ShowWindow(dI->logWindow, SW_SHOWNORMAL); while(GetMessage(&msg, NULL, 0, 0)) { TranslateMessage(&msg); DispatchMessage(&msg); } return 1; }
static int oval_probe_query_var_ref(oval_probe_session_t *sess, struct oval_state *state) { struct oval_state_content_iterator *contents = oval_state_get_contents(state); while (oval_state_content_iterator_has_more(contents)) { struct oval_state_content *content = oval_state_content_iterator_next(contents); struct oval_entity * entity = oval_state_content_get_entity(content); if (oval_entity_get_varref_type(entity) == OVAL_ENTITY_VARREF_ATTRIBUTE) { oval_syschar_collection_flag_t flag; struct oval_variable *var = oval_entity_get_variable(entity); const char *state_id = oval_state_get_id(state); oval_variable_type_t var_type = oval_variable_get_type(var); const char *var_type_text = oval_variable_type_get_text(var_type); const char *var_id = oval_variable_get_id(var); dI("State '%s' references %s '%s'.", state_id, var_type_text, var_id); int ret = oval_probe_query_variable(sess, var); if (ret == -1) { oval_state_content_iterator_free(contents); return ret; } flag = oval_variable_get_collection_flag(var); switch (flag) { case SYSCHAR_FLAG_COMPLETE: case SYSCHAR_FLAG_INCOMPLETE: break; default: oval_state_content_iterator_free(contents); return 0; } } } oval_state_content_iterator_free(contents); return 1; }
static oval_result_t probe_ent_cmp(SEXP_t * ent, SEXP_t * val2) { oval_operation_t op; oval_datatype_t dtype; SEXP_t *stmp, *val1, *vals, *res_lst, *r0; int val_cnt, is_var; oval_check_t ochk; oval_result_t ores, result; ores = OVAL_RESULT_ERROR; result = OVAL_RESULT_ERROR; vals = NULL; val_cnt = probe_ent_getvals(ent, &vals); if (probe_ent_attrexists(ent, "var_ref")) { is_var = 1; } else { if (val_cnt != 1) { SEXP_free(vals); return OVAL_RESULT_ERROR; } is_var = 0; } dtype = probe_ent_getdatatype(ent); stmp = probe_ent_getattrval(ent, "operation"); if (stmp == NULL) op = OVAL_OPERATION_EQUALS; else op = SEXP_number_geti_32(stmp); SEXP_free(stmp); res_lst = SEXP_list_new(NULL); SEXP_list_foreach(val1, vals) { if (SEXP_typeof(val1) != SEXP_typeof(val2)) { dI("Types of values to compare don't match: val1: %d, val2: %d\n", SEXP_typeof(val1), SEXP_typeof(val2)); SEXP_free(vals); SEXP_free(val1); SEXP_free(res_lst); return OVAL_RESULT_ERROR; } ores = probe_ent_cmp_single(val1, dtype, val2, op); SEXP_list_add(res_lst, r0 = SEXP_number_newi_32(ores)); SEXP_free(r0); } if (is_var) { stmp = probe_ent_getattrval(ent, "var_check"); if (stmp == NULL) { ochk = OVAL_CHECK_ALL; } else { ochk = SEXP_number_geti_32(stmp); SEXP_free(stmp); } result = probe_ent_result_bychk(res_lst, ochk); } else { result = ores; } SEXP_free(res_lst); SEXP_free(vals); return result; }
static int read_process(SEXP_t *cmd_ent, probe_ctx *ctx) { int err = 1; DIR *d; struct dirent *ent; d = opendir("/proc"); if (d == NULL) return err; psinfo_t *psinfo; // Scan the directories while (( ent = readdir(d) )) { int fd, len; char buf[336]; int pid; unsigned sched_policy; SEXP_t *cmd_sexp; // Skip non-process dir entries if(*ent->d_name<'0' || *ent->d_name>'9') continue; errno = 0; pid = strtol(ent->d_name, NULL, 10); if (errno || pid == 2) // skip err & kthreads continue; // Parse up the stat file for the proc snprintf(buf, 32, "/proc/%d/psinfo", pid); fd = open(buf, O_RDONLY, 0); if (fd < 0) continue; len = read(fd, buf, sizeof buf); close(fd); if (len < 336) continue; // The psinfo file contains a psinfo struct; this typecast gets us the struct directly psinfo = (psinfo_t *) buf; err = 0; // If we get this far, no permission problems dI("Have command: %s\n", psinfo->pr_fname); cmd_sexp = SEXP_string_newf("%s", psinfo->pr_fname); if (probe_entobj_cmp(cmd_ent, cmd_sexp) == OVAL_RESULT_TRUE) { struct result_info r; char tbuf[32], sbuf[32]; int tday,tyear; time_t s_time; struct tm *proc, *now; const char *fmt; int fixfmt_year; r.scheduling_class = malloc(PRCLSZ); strncpy(r.scheduling_class, (psinfo->pr_lwp).pr_clname, sizeof(r.scheduling_class)); // Get the start time s_time = time(NULL); now = localtime(&s_time); tyear = now->tm_year; tday = now->tm_yday; // Get current time s_time = psinfo->pr_start.tv_sec; proc = localtime(&s_time); // Select format based on how long we've been running // // FROM THE SPEC: // "This is the time of day the process started formatted in HH:MM:SS if // the same day the process started or formatted as MMM_DD (Ex.: Feb_5) // if process started the previous day or further in the past." // if (tday != proc->tm_yday || tyear != proc->tm_year) fmt = "%b_%d"; else fmt = "%H:%M:%S"; strftime(sbuf, sizeof(sbuf), fmt, proc); r.command = psinfo->pr_fname; r.exec_time = convert_time(psinfo->pr_time.tv_sec, tbuf, sizeof(tbuf)); r.pid = psinfo->pr_pid; r.ppid = psinfo->pr_ppid; r.priority = (psinfo->pr_lwp).pr_pri; r.ruid = psinfo->pr_uid; r.start_time = sbuf; r.tty = oscap_sprintf("%s", psinfo->pr_ttydev); r.user_id = psinfo->pr_euid; report_finding(&r, ctx); } SEXP_free(cmd_sexp); } closedir(d); return err; }
static oval_result_t eval_check_state(struct oval_test *test, void **args) { struct oval_syschar_model *syschar_model; struct oval_result_item_iterator *ritems_itr; struct oresults item_ores; oval_result_t result; oval_check_t ste_check; oval_operator_t ste_opr; ste_check = oval_test_get_check(test); ste_opr = oval_test_get_state_operator(test); syschar_model = oval_result_system_get_syschar_model(SYSTEM); ores_clear(&item_ores); char *state_names = oval_test_get_state_names(test); if (state_names) { dI("In test '%s' %s of the collected items must satisfy these states: %s.", oval_test_get_id(test), oval_check_get_description(ste_check), state_names); oscap_free(state_names); } ritems_itr = oval_result_test_get_items(TEST); while (oval_result_item_iterator_has_more(ritems_itr)) { struct oval_result_item *ritem; struct oval_sysitem *item; oval_syschar_status_t item_status; struct oresults ste_ores; struct oval_state_iterator *ste_itr; oval_result_t item_res; ritem = oval_result_item_iterator_next(ritems_itr); item = oval_result_item_get_sysitem(ritem); item_status = oval_sysitem_get_status(item); switch (item_status) { case SYSCHAR_STATUS_ERROR: case SYSCHAR_STATUS_NOT_COLLECTED: item_res = OVAL_RESULT_ERROR; ores_add_res(&item_ores, item_res); oval_result_item_set_result(ritem, item_res); continue; case SYSCHAR_STATUS_DOES_NOT_EXIST: item_res = OVAL_RESULT_FALSE; ores_add_res(&item_ores, item_res); oval_result_item_set_result(ritem, item_res); continue; default: break; } ores_clear(&ste_ores); ste_itr = oval_test_get_states(test); while (oval_state_iterator_has_more(ste_itr)) { struct oval_state *ste; oval_result_t ste_res; ste = oval_state_iterator_next(ste_itr); ste_res = eval_item(syschar_model, item, ste); ores_add_res(&ste_ores, ste_res); } oval_state_iterator_free(ste_itr); item_res = ores_get_result_byopr(&ste_ores, ste_opr); ores_add_res(&item_ores, item_res); oval_result_item_set_result(ritem, item_res); } oval_result_item_iterator_free(ritems_itr); result = ores_get_result_bychk(&item_ores, ste_check); return result; }
static oval_result_t eval_item(struct oval_syschar_model *syschar_model, struct oval_sysitem *cur_sysitem, struct oval_state *state) { struct oval_state_content_iterator *state_contents_itr; struct oresults ste_ores; oval_operator_t operator; oval_result_t result = OVAL_RESULT_ERROR; ores_clear(&ste_ores); state_contents_itr = oval_state_get_contents(state); while (oval_state_content_iterator_has_more(state_contents_itr)) { struct oval_state_content *content; struct oval_entity *state_entity; char *state_entity_name; oval_operation_t state_entity_operation; oval_check_t entity_check; oval_existence_t check_existence; oval_result_t ste_ent_res; struct oval_sysent_iterator *item_entities_itr; struct oresults ent_ores; struct oval_status_counter counter; bool found_matching_item; if ((content = oval_state_content_iterator_next(state_contents_itr)) == NULL) { oscap_seterr(OSCAP_EFAMILY_OVAL, "OVAL internal error: found NULL state content"); goto fail; } if ((state_entity = oval_state_content_get_entity(content)) == NULL) { oscap_seterr(OSCAP_EFAMILY_OVAL, "OVAL internal error: found NULL entity"); goto fail; } if ((state_entity_name = oval_entity_get_name(state_entity)) == NULL) { oscap_seterr(OSCAP_EFAMILY_OVAL, "OVAL internal error: found NULL entity name"); goto fail; } if (oscap_streq(state_entity_name, "line") && oval_state_get_subtype(state) == (oval_subtype_t) OVAL_INDEPENDENT_TEXT_FILE_CONTENT) { /* Hack: textfilecontent_state/line shall be compared against textfilecontent_item/text. * * textfilecontent_test and textfilecontent54_test share the same syschar * (textfilecontent_item). In OVAL 5.3 and below this syschar did not hold any usable * information ('text' ent). In OVAL 5.4 textfilecontent_test was deprecated. But the * 'text' ent has been added to textfilecontent_item, making it potentially usable. */ oval_schema_version_t over = oval_state_get_platform_schema_version(state); if (oval_schema_version_cmp(over, OVAL_SCHEMA_VERSION(5.4)) >= 0) { /* The OVAL-5.3 does not have textfilecontent_item/text */ state_entity_name = "text"; } } entity_check = oval_state_content_get_ent_check(content); check_existence = oval_state_content_get_check_existence(content); state_entity_operation = oval_entity_get_operation(state_entity); ores_clear(&ent_ores); found_matching_item = false; oval_status_counter_clear(&counter); item_entities_itr = oval_sysitem_get_sysents(cur_sysitem); while (oval_sysent_iterator_has_more(item_entities_itr)) { struct oval_sysent *item_entity; oval_result_t ent_val_res; char *item_entity_name; oval_syschar_status_t item_status; item_entity = oval_sysent_iterator_next(item_entities_itr); if (item_entity == NULL) { oscap_seterr(OSCAP_EFAMILY_OVAL, "OVAL internal error: found NULL sysent"); oval_sysent_iterator_free(item_entities_itr); goto fail; } item_status = oval_sysent_get_status(item_entity); oval_status_counter_add_status(&counter, item_status); item_entity_name = oval_sysent_get_name(item_entity); if (strcmp(item_entity_name, state_entity_name)) continue; found_matching_item = true; /* copy mask attribute from state to item */ if (oval_entity_get_mask(state_entity)) oval_sysent_set_mask(item_entity,1); ent_val_res = _evaluate_sysent(syschar_model, item_entity, state_entity, state_entity_operation, content); if (ent_val_res == OVAL_RESULT_TRUE) { dI("Entity '%s'='%s' of item '%s' matches corresponding entity in state '%s'.", oval_sysent_get_name(item_entity), oval_sysent_get_value(item_entity), oval_sysitem_get_id(cur_sysitem), oval_state_get_id(state)); } if (((signed) ent_val_res) == -1) { oval_sysent_iterator_free(item_entities_itr); goto fail; } ores_add_res(&ent_ores, ent_val_res); } oval_sysent_iterator_free(item_entities_itr); if (!found_matching_item) dW("Entity name '%s' from state (id: '%s') not found in item (id: '%s').", state_entity_name, oval_state_get_id(state), oval_sysitem_get_id(cur_sysitem)); ste_ent_res = ores_get_result_bychk(&ent_ores, entity_check); ores_add_res(&ste_ores, ste_ent_res); oval_result_t cres = oval_status_counter_get_result(&counter, check_existence); ores_add_res(&ste_ores, cres); } oval_state_content_iterator_free(state_contents_itr); operator = oval_state_get_operator(state); result = ores_get_result_byopr(&ste_ores, operator); dI("Item '%s' compared to state '%s' with result %s.", oval_sysitem_get_id(cur_sysitem), oval_state_get_id(state), oval_result_get_text(result)); return result; fail: oval_state_content_iterator_free(state_contents_itr); return OVAL_RESULT_ERROR; }
static oval_result_t _oval_result_test_evaluate_items(struct oval_test *test, struct oval_syschar *syschar_object, void **args) { struct oval_sysitem_iterator *collected_items_itr; oval_result_t result; int exists_cnt, error_cnt; bool hasstate; const char *test_id, *object_id, *flag_text; oval_check_t test_check; oval_existence_t test_check_existence; struct oval_state_iterator *ste_itr; oval_syschar_collection_flag_t flag; struct oval_object *object; exists_cnt = error_cnt = 0; test_id = oval_test_get_id(test); collected_items_itr = oval_syschar_get_sysitem(syschar_object); while (oval_sysitem_iterator_has_more(collected_items_itr)) { struct oval_sysitem *item; char *item_id; oval_syschar_status_t item_status; struct oval_result_item *ritem; item = oval_sysitem_iterator_next(collected_items_itr); if (item == NULL) { oscap_seterr(OSCAP_EFAMILY_OVAL, "Iterator returned null."); oval_sysitem_iterator_free(collected_items_itr); return OVAL_RESULT_ERROR; } item_status = oval_sysitem_get_status(item); if (item_status == SYSCHAR_STATUS_EXISTS) exists_cnt++; if (item_status == SYSCHAR_STATUS_ERROR) error_cnt++; item_id = oval_sysitem_get_id(item); ritem = oval_result_item_new(SYSTEM, item_id); oval_result_item_set_result(ritem, OVAL_RESULT_NOT_EVALUATED); _oval_test_item_consumer(ritem, args); } oval_sysitem_iterator_free(collected_items_itr); test_check = oval_test_get_check(test); test_check_existence = oval_test_get_existence(test); ste_itr = oval_test_get_states(test); hasstate = oval_state_iterator_has_more(ste_itr); oval_state_iterator_free(ste_itr); object = oval_syschar_get_object(syschar_object); object_id = object ? oval_object_get_id(object) : "<UNKNOWN>"; switch (test_check_existence) { case OVAL_ALL_EXIST: dI("Test '%s' requires that every object defined by '%s' exists on the system.", test_id, object_id); break; case OVAL_ANY_EXIST: dI("Test '%s' requires that zero or more objects defined by '%s' exist on the system.", test_id, object_id); break; case OVAL_AT_LEAST_ONE_EXISTS: dI("Test '%s' requires that at least one object defined by '%s' exists on the system.", test_id, object_id); break; case OVAL_NONE_EXIST: dI("Test '%s' requires that none of the objects defined by '%s' exist on the system.", test_id, object_id); break; case OVAL_ONLY_ONE_EXISTS: dI("Test '%s' requires that only one object defined by '%s' exists on the system.", test_id, object_id); break; default: oscap_seterr(OSCAP_EFAMILY_OVAL, "Check_existence parameter of test '%s' is unknown. This may indicate a bug in OpenSCAP.", test_id); } dI("%d objects defined by '%s' exist on the system.", exists_cnt, object_id); if (!hasstate) { dI("Test '%s' does not contain any state to compare object with.", test_id); } flag = oval_syschar_get_flag(syschar_object); flag_text = oval_syschar_collection_flag_get_text(flag); switch (flag) { case SYSCHAR_FLAG_ERROR: dI("An error occured while collecting items matching object '%s'. (flag=%s)", object_id, flag_text); if (test_check_existence == OVAL_ANY_EXIST && !hasstate) { result = OVAL_RESULT_TRUE; } else { result = OVAL_RESULT_ERROR; } break; case SYSCHAR_FLAG_NOT_COLLECTED: dI("No attempt was made to collect items matching object '%s'. (flag=%s)", object_id, flag_text); if (test_check_existence == OVAL_ANY_EXIST && !hasstate) { result = OVAL_RESULT_TRUE; } else { result = OVAL_RESULT_UNKNOWN; } break; case SYSCHAR_FLAG_NOT_APPLICABLE: dI("Object '%s' is not applicable to the system. (flag=%s)", object_id, flag_text); if (test_check_existence == OVAL_ANY_EXIST && !hasstate) { result = OVAL_RESULT_TRUE; } else { result = OVAL_RESULT_NOT_APPLICABLE; } break; case SYSCHAR_FLAG_DOES_NOT_EXIST: dI("No item matching object '%s' was found on the system. (flag=%s)", object_id, flag_text); if (test_check_existence == OVAL_NONE_EXIST || test_check_existence == OVAL_ANY_EXIST) { result = OVAL_RESULT_TRUE; } else { result = OVAL_RESULT_FALSE; } break; case SYSCHAR_FLAG_COMPLETE: dI("All items matching object '%s' were collected. (flag=%s)", object_id, flag_text); result = eval_check_existence(test_check_existence, exists_cnt, error_cnt); if (result == OVAL_RESULT_TRUE && hasstate) { result = eval_check_state(test, args); } break; case SYSCHAR_FLAG_INCOMPLETE: dI("Only some of items matching object '%s' have been collected from the system. It is unknown if other matching items also exist. (flag=%s)", object_id, flag_text); if (test_check_existence == OVAL_ANY_EXIST) { result = OVAL_RESULT_TRUE; } else if (test_check_existence == OVAL_AT_LEAST_ONE_EXISTS && exists_cnt > 0) { result = OVAL_RESULT_TRUE; } else if (test_check_existence == OVAL_NONE_EXIST && exists_cnt > 0) { result = OVAL_RESULT_FALSE; } else if (test_check_existence == OVAL_ONLY_ONE_EXISTS && exists_cnt > 1) { result = OVAL_RESULT_FALSE; } else { result = OVAL_RESULT_UNKNOWN; } if (result == OVAL_RESULT_TRUE && hasstate) { result = eval_check_state(test, args); if (result == OVAL_RESULT_TRUE) { if (test_check != OVAL_CHECK_AT_LEAST_ONE) { result = OVAL_RESULT_UNKNOWN; } } else if (result != OVAL_RESULT_FALSE) { result = OVAL_RESULT_UNKNOWN; } } break; default: { oscap_seterr(OSCAP_EFAMILY_OVAL, "Item corresponding to object '%s' from test '%s' has an unknown flag. This may indicate a bug in OpenSCAP.", object_id, test_id); return OVAL_RESULT_ERROR; } } return result; }