/* this function will gather all the necessary ingredients and call 'evaluate_items' when it finds them */
static oval_result_t _oval_result_test_result(struct oval_result_test *rtest, void **args)
{
__attribute__nonnull__(rtest);
/* is the test already evaluated? */
if (rtest->result != OVAL_RESULT_NOT_EVALUATED) {
dI("Found result from previous evaluation: %d, returning without further processing.\n", rtest->result);
return (rtest->result);
}
/* get syschar of rtest */
struct oval_test *test = oval_result_test_get_test(rtest);
struct oval_object * object = oval_test_get_object(test);
char * object_id = oval_object_get_id(object);
struct oval_result_system *sys = oval_result_test_get_system(rtest);
struct oval_syschar_model *syschar_model = oval_result_system_get_syschar_model(sys);
struct oval_syschar * syschar = oval_syschar_model_get_syschar(syschar_model, object_id);
if (syschar == NULL) {
dW("No syschar for object: %s\n", object_id);
return OVAL_RESULT_UNKNOWN;
}
/* evaluate items */
oval_result_t result = _oval_result_test_evaluate_items(test, syschar, args);
return result;
}
void oval_definition_model_optimize_by_filter_propagation(struct oval_definition_model *model)
{
struct oval_object_iterator *obj_itr;
struct oval_string_map *processed_obj_map;
processed_obj_map = oval_string_map_new();
obj_itr = oval_definition_model_get_objects(model);
while (oval_object_iterator_has_more(obj_itr)) {
struct oval_object *obj;
char *obj_id;
struct oval_object_content_iterator *cont_itr;
struct oval_object_content *cont;
struct oval_setobject *set;
struct oval_filter_iterator *filter_itr;
obj = oval_object_iterator_next(obj_itr);
obj_id = oval_object_get_id(obj);
if (oval_string_map_get_value(processed_obj_map, obj_id) != NULL)
continue;
oval_string_map_put(processed_obj_map, obj_id, obj);
cont_itr = oval_object_get_object_contents(obj);
if (!oval_object_content_iterator_has_more(cont_itr)) {
oval_object_content_iterator_free(cont_itr);
continue;
}
cont = oval_object_content_iterator_next(cont_itr);
oval_object_content_iterator_free(cont_itr);
if (oval_object_content_get_type(cont) != OVAL_OBJECTCONTENT_SET)
continue;
set = oval_object_content_get_setobject(cont);
if (oval_setobject_get_type(set) == OVAL_SET_AGGREGATE) {
_fp_set_recurse(model, set, obj_id);
continue;
}
filter_itr = oval_setobject_get_filters(set);
if (!oval_filter_iterator_has_more(filter_itr)) {
oval_filter_iterator_free(filter_itr);
continue;
}
oval_filter_iterator_free(filter_itr);
oval_set_propagate_filters(model, set, obj_id);
}
oval_object_iterator_free(obj_itr);
oval_string_map_free(processed_obj_map, NULL);
}
int oval_probe_query_test(oval_probe_session_t *sess, struct oval_test *test)
{
struct oval_object *object;
struct oval_state_iterator *ste_itr;
int ret;
oval_subtype_t test_subtype, object_subtype;
object = oval_test_get_object(test);
if (object == NULL)
return 0;
test_subtype = oval_test_get_subtype(test);
object_subtype = oval_object_get_subtype(object);
if (test_subtype != object_subtype) {
oscap_seterr(OSCAP_EFAMILY_OVAL, "%s_test '%s' is not compatible with %s_object '%s'.",
oval_subtype_to_str(test_subtype), oval_test_get_id(test),
oval_subtype_to_str(object_subtype), oval_object_get_id(object));
return 0;
}
/* probe object */
ret = oval_probe_query_object(sess, object, 0, NULL);
if (ret == -1)
return ret;
/* probe objects referenced like this: test->state->variable->object */
ste_itr = oval_test_get_states(test);
while (oval_state_iterator_has_more(ste_itr)) {
struct oval_state *state = oval_state_iterator_next(ste_itr);
ret = oval_probe_query_var_ref(sess, state);
if (ret < 1) {
oval_state_iterator_free(ste_itr);
return ret;
}
}
oval_state_iterator_free(ste_itr);
return 0;
}
static void _oval_result_test_initialize_bindings(struct oval_result_test *rslt_test)
{
__attribute__nonnull__(rslt_test);
struct oval_test *oval_test = oval_result_test_get_test(rslt_test);
struct oval_string_map *vm;
struct oval_state_iterator *ste_itr;
struct oval_iterator *var_itr;
vm = oval_string_map_new();
/* Gather bindings pertaining to the referenced states */
/* TODO: cache bindings collected for each state */
ste_itr = oval_test_get_states(oval_test);
while (oval_state_iterator_has_more(ste_itr)) {
struct oval_state *ste;
ste = oval_state_iterator_next(ste_itr);
oval_ste_collect_var_refs(ste, vm);
}
oval_state_iterator_free(ste_itr);
var_itr = oval_string_map_values(vm);
while (oval_collection_iterator_has_more(var_itr)) {
struct oval_variable *var;
struct oval_value_iterator *val_itr;
struct oval_variable_binding *binding;
var = oval_collection_iterator_next(var_itr);
binding = oval_variable_binding_new(var, NULL);
val_itr = oval_variable_get_values(var);
while (oval_value_iterator_has_more(val_itr)) {
struct oval_value *val;
char *txt;
val = oval_value_iterator_next(val_itr);
txt = oval_value_get_text(val);
txt = oscap_strdup(txt);
oval_variable_binding_add_value(binding, txt);
}
oval_value_iterator_free(val_itr);
oval_result_test_add_binding(rslt_test, binding);
}
oval_collection_iterator_free(var_itr);
/* Gather bindings pertaining to the collected object */
struct oval_object *oval_object = oval_test_get_object(oval_test);
if (oval_object) {
char *object_id = oval_object_get_id(oval_object);
struct oval_result_system *sys = oval_result_test_get_system(rslt_test);
struct oval_syschar_model *syschar_model = oval_result_system_get_syschar_model(sys);
struct oval_syschar *syschar = oval_syschar_model_get_syschar(syschar_model, object_id);
/* no syschar if system characteristics was a subset of definitions */
if(syschar) {
struct oval_variable_binding_iterator *bindings = oval_syschar_get_variable_bindings(syschar);
while (oval_variable_binding_iterator_has_more(bindings)) {
struct oval_variable *var;
char *var_id;
struct oval_variable_binding *binding = oval_variable_binding_iterator_next(bindings);
var = oval_variable_binding_get_variable(binding);
var_id = oval_variable_get_id(var);
/* Don't add bindings that were already
* collected from states. Assumtion is made
* that object's own bindings don't contain
* duplicates.
*/
if (oval_string_map_get_value(vm, var_id) == NULL) {
struct oval_definition_model *definition_model = oval_syschar_model_get_definition_model(syschar_model);
struct oval_variable_binding *binding_copy = oval_variable_binding_clone(binding, definition_model);
oval_result_test_add_binding(rslt_test, binding_copy);
}
}
oval_variable_binding_iterator_free(bindings);
}
}
oval_string_map_free(vm, NULL);
rslt_test->bindings_initialized = true;
}
static oval_result_t
_oval_result_test_evaluate_items(struct oval_test *test, struct oval_syschar *syschar_object, void **args)
{
struct oval_sysitem_iterator *collected_items_itr;
oval_result_t result;
int exists_cnt, error_cnt;
bool hasstate;
oval_check_t test_check;
oval_existence_t test_check_existence;
struct oval_state_iterator *ste_itr;
exists_cnt = error_cnt = 0;
collected_items_itr = oval_syschar_get_sysitem(syschar_object);
while (oval_sysitem_iterator_has_more(collected_items_itr)) {
struct oval_sysitem *item;
char *item_id;
oval_syschar_status_t item_status;
struct oval_result_item *ritem;
item = oval_sysitem_iterator_next(collected_items_itr);
if (item == NULL) {
oscap_seterr(OSCAP_EFAMILY_OVAL, "Iterator returned null.");
oval_sysitem_iterator_free(collected_items_itr);
return OVAL_RESULT_ERROR;
}
item_status = oval_sysitem_get_status(item);
if (item_status == SYSCHAR_STATUS_EXISTS)
exists_cnt++;
if (item_status == SYSCHAR_STATUS_ERROR)
error_cnt++;
item_id = oval_sysitem_get_id(item);
ritem = oval_result_item_new(SYSTEM, item_id);
oval_result_item_set_result(ritem, OVAL_RESULT_NOT_EVALUATED);
_oval_test_item_consumer(ritem, args);
}
oval_sysitem_iterator_free(collected_items_itr);
test_check = oval_test_get_check(test);
test_check_existence = oval_test_get_existence(test);
ste_itr = oval_test_get_states(test);
hasstate = oval_state_iterator_has_more(ste_itr);
oval_state_iterator_free(ste_itr);
switch (oval_syschar_get_flag(syschar_object)) {
case SYSCHAR_FLAG_ERROR:
if (test_check_existence == OVAL_ANY_EXIST
&& !hasstate) {
result = OVAL_RESULT_TRUE;
} else {
result = OVAL_RESULT_ERROR;
}
break;
case SYSCHAR_FLAG_NOT_COLLECTED:
if (test_check_existence == OVAL_ANY_EXIST
&& !hasstate) {
result = OVAL_RESULT_TRUE;
} else {
result = OVAL_RESULT_UNKNOWN;
}
break;
case SYSCHAR_FLAG_NOT_APPLICABLE:
if (test_check_existence == OVAL_ANY_EXIST
&& !hasstate) {
result = OVAL_RESULT_TRUE;
} else {
result = OVAL_RESULT_NOT_APPLICABLE;
}
break;
case SYSCHAR_FLAG_DOES_NOT_EXIST:
if (test_check_existence == OVAL_NONE_EXIST
|| test_check_existence == OVAL_ANY_EXIST) {
result = OVAL_RESULT_TRUE;
} else {
result = OVAL_RESULT_FALSE;
}
break;
case SYSCHAR_FLAG_COMPLETE:
result = eval_check_existence(test_check_existence, exists_cnt, error_cnt);
if (result == OVAL_RESULT_TRUE
&& hasstate) {
result = eval_check_state(test, args);
}
break;
case SYSCHAR_FLAG_INCOMPLETE:
if (test_check_existence == OVAL_ANY_EXIST) {
result = OVAL_RESULT_TRUE;
} else if (test_check_existence == OVAL_AT_LEAST_ONE_EXISTS
&& exists_cnt > 0) {
result = OVAL_RESULT_TRUE;
} else if (test_check_existence == OVAL_NONE_EXIST
&& exists_cnt > 0) {
result = OVAL_RESULT_FALSE;
} else if (test_check_existence == OVAL_ONLY_ONE_EXISTS
&& exists_cnt > 1) {
result = OVAL_RESULT_FALSE;
} else {
result = OVAL_RESULT_UNKNOWN;
}
if (result == OVAL_RESULT_TRUE
&& hasstate) {
result = eval_check_state(test, args);
if (result == OVAL_RESULT_TRUE) {
if (test_check != OVAL_CHECK_AT_LEAST_ONE) {
result = OVAL_RESULT_UNKNOWN;
}
} else if (result != OVAL_RESULT_FALSE) {
result = OVAL_RESULT_UNKNOWN;
}
}
break;
default: {
const char *object_id = oval_syschar_get_object(syschar_object) ? oval_object_get_id(oval_syschar_get_object(syschar_object)) : "<UNKNOWN>";
oscap_seterr(OSCAP_EFAMILY_OVAL, "Unknown syschar flag: '%d' when evaluating object: '%s' from test: '%s' ",
oval_syschar_get_flag(syschar_object), object_id, oval_test_get_id(test));
return OVAL_RESULT_ERROR;
}
}
return result;
}
static oval_result_t
_oval_result_test_evaluate_items(struct oval_test *test, struct oval_syschar *syschar_object, void **args)
{
struct oval_sysitem_iterator *collected_items_itr;
oval_result_t result;
int exists_cnt, error_cnt;
bool hasstate;
const char *test_id, *object_id, *flag_text;
oval_check_t test_check;
oval_existence_t test_check_existence;
struct oval_state_iterator *ste_itr;
oval_syschar_collection_flag_t flag;
struct oval_object *object;
exists_cnt = error_cnt = 0;
test_id = oval_test_get_id(test);
collected_items_itr = oval_syschar_get_sysitem(syschar_object);
while (oval_sysitem_iterator_has_more(collected_items_itr)) {
struct oval_sysitem *item;
char *item_id;
oval_syschar_status_t item_status;
struct oval_result_item *ritem;
item = oval_sysitem_iterator_next(collected_items_itr);
if (item == NULL) {
oscap_seterr(OSCAP_EFAMILY_OVAL, "Iterator returned null.");
oval_sysitem_iterator_free(collected_items_itr);
return OVAL_RESULT_ERROR;
}
item_status = oval_sysitem_get_status(item);
if (item_status == SYSCHAR_STATUS_EXISTS)
exists_cnt++;
if (item_status == SYSCHAR_STATUS_ERROR)
error_cnt++;
item_id = oval_sysitem_get_id(item);
ritem = oval_result_item_new(SYSTEM, item_id);
oval_result_item_set_result(ritem, OVAL_RESULT_NOT_EVALUATED);
_oval_test_item_consumer(ritem, args);
}
oval_sysitem_iterator_free(collected_items_itr);
test_check = oval_test_get_check(test);
test_check_existence = oval_test_get_existence(test);
ste_itr = oval_test_get_states(test);
hasstate = oval_state_iterator_has_more(ste_itr);
oval_state_iterator_free(ste_itr);
object = oval_syschar_get_object(syschar_object);
object_id = object ? oval_object_get_id(object) : "<UNKNOWN>";
switch (test_check_existence) {
case OVAL_ALL_EXIST:
dI("Test '%s' requires that every object defined by '%s' exists on the system.", test_id, object_id);
break;
case OVAL_ANY_EXIST:
dI("Test '%s' requires that zero or more objects defined by '%s' exist on the system.", test_id, object_id);
break;
case OVAL_AT_LEAST_ONE_EXISTS:
dI("Test '%s' requires that at least one object defined by '%s' exists on the system.", test_id, object_id);
break;
case OVAL_NONE_EXIST:
dI("Test '%s' requires that none of the objects defined by '%s' exist on the system.", test_id, object_id);
break;
case OVAL_ONLY_ONE_EXISTS:
dI("Test '%s' requires that only one object defined by '%s' exists on the system.", test_id, object_id);
break;
default:
oscap_seterr(OSCAP_EFAMILY_OVAL, "Check_existence parameter of test '%s' is unknown. This may indicate a bug in OpenSCAP.", test_id);
}
dI("%d objects defined by '%s' exist on the system.", exists_cnt, object_id);
if (!hasstate) {
dI("Test '%s' does not contain any state to compare object with.", test_id);
}
flag = oval_syschar_get_flag(syschar_object);
flag_text = oval_syschar_collection_flag_get_text(flag);
switch (flag) {
case SYSCHAR_FLAG_ERROR:
dI("An error occured while collecting items matching object '%s'. (flag=%s)", object_id, flag_text);
if (test_check_existence == OVAL_ANY_EXIST
&& !hasstate) {
result = OVAL_RESULT_TRUE;
} else {
result = OVAL_RESULT_ERROR;
}
break;
case SYSCHAR_FLAG_NOT_COLLECTED:
dI("No attempt was made to collect items matching object '%s'. (flag=%s)", object_id, flag_text);
if (test_check_existence == OVAL_ANY_EXIST
&& !hasstate) {
result = OVAL_RESULT_TRUE;
} else {
result = OVAL_RESULT_UNKNOWN;
}
break;
case SYSCHAR_FLAG_NOT_APPLICABLE:
dI("Object '%s' is not applicable to the system. (flag=%s)", object_id, flag_text);
if (test_check_existence == OVAL_ANY_EXIST
&& !hasstate) {
result = OVAL_RESULT_TRUE;
} else {
result = OVAL_RESULT_NOT_APPLICABLE;
}
break;
case SYSCHAR_FLAG_DOES_NOT_EXIST:
dI("No item matching object '%s' was found on the system. (flag=%s)", object_id, flag_text);
if (test_check_existence == OVAL_NONE_EXIST
|| test_check_existence == OVAL_ANY_EXIST) {
result = OVAL_RESULT_TRUE;
} else {
result = OVAL_RESULT_FALSE;
}
break;
case SYSCHAR_FLAG_COMPLETE:
dI("All items matching object '%s' were collected. (flag=%s)", object_id, flag_text);
result = eval_check_existence(test_check_existence, exists_cnt, error_cnt);
if (result == OVAL_RESULT_TRUE
&& hasstate) {
result = eval_check_state(test, args);
}
break;
case SYSCHAR_FLAG_INCOMPLETE:
dI("Only some of items matching object '%s' have been collected from the system. It is unknown if other matching items also exist. (flag=%s)", object_id, flag_text);
if (test_check_existence == OVAL_ANY_EXIST) {
result = OVAL_RESULT_TRUE;
} else if (test_check_existence == OVAL_AT_LEAST_ONE_EXISTS
&& exists_cnt > 0) {
result = OVAL_RESULT_TRUE;
} else if (test_check_existence == OVAL_NONE_EXIST
&& exists_cnt > 0) {
result = OVAL_RESULT_FALSE;
} else if (test_check_existence == OVAL_ONLY_ONE_EXISTS
&& exists_cnt > 1) {
result = OVAL_RESULT_FALSE;
} else {
result = OVAL_RESULT_UNKNOWN;
}
if (result == OVAL_RESULT_TRUE
&& hasstate) {
result = eval_check_state(test, args);
if (result == OVAL_RESULT_TRUE) {
if (test_check != OVAL_CHECK_AT_LEAST_ONE) {
result = OVAL_RESULT_UNKNOWN;
}
} else if (result != OVAL_RESULT_FALSE) {
result = OVAL_RESULT_UNKNOWN;
}
}
break;
default: {
oscap_seterr(OSCAP_EFAMILY_OVAL, "Item corresponding to object '%s' from test '%s' has an unknown flag. This may indicate a bug in OpenSCAP.",
object_id, test_id);
return OVAL_RESULT_ERROR;
}
}
return result;
}
int oval_probe_query_object(oval_probe_session_t *psess, struct oval_object *object, int flags, struct oval_syschar **out_syschar)
{
char *oid;
struct oval_syschar *sysc;
oval_subtype_t type;
oval_ph_t *ph;
struct oval_string_map *vm;
struct oval_syschar_model *model;
int ret;
oid = oval_object_get_id(object);
model = psess->sys_model;
dI("Querying object id: \"%s\", flags: %u.\n", oid, flags);
sysc = oval_syschar_model_get_syschar(model, oid);
if (sysc != NULL) {
int variable_instance_hint = oval_syschar_get_variable_instance_hint(sysc);
if (oval_syschar_get_variable_instance_hint(sysc) != oval_syschar_get_variable_instance(sysc)) {
dI("Creating another syschar for variable_instance=%d)\n", variable_instance_hint);
sysc = oval_syschar_new(model, object);
oval_syschar_set_variable_instance(sysc, variable_instance_hint);
oval_syschar_set_variable_instance_hint(sysc, variable_instance_hint);
}
else {
oval_syschar_collection_flag_t sc_flg;
sc_flg = oval_syschar_get_flag(sysc);
dI("Syschar already exists, flag: %u, '%s'.\n", sc_flg, oval_syschar_collection_flag_get_text(sc_flg));
if (sc_flg != SYSCHAR_FLAG_UNKNOWN || (flags & OVAL_PDFLAG_NOREPLY)) {
if (out_syschar)
*out_syschar = sysc;
return 0;
}
}
} else
sysc = oval_syschar_new(model, object);
if (out_syschar)
*out_syschar = sysc;
type = oval_object_get_subtype(object);
ph = oval_probe_handler_get(psess->ph, type);
if (ph == NULL) {
char *msg = "OVAL object not supported.";
dW("%s\n", msg);
oval_syschar_add_new_message(sysc, msg, OVAL_MESSAGE_LEVEL_WARNING);
oval_syschar_set_flag(sysc, SYSCHAR_FLAG_NOT_COLLECTED);
return 1;
}
if ((ret = ph->func(type, ph->uptr, PROBE_HANDLER_ACT_EVAL, sysc, flags)) != 0) {
return ret;
}
if (!(flags & OVAL_PDFLAG_NOREPLY)) {
vm = oval_string_map_new();
oval_obj_collect_var_refs(object, vm);
_syschar_add_bindings(sysc, vm);
oval_string_map_free(vm, NULL);
}
return 0;
}
xmlNode *oval_test_to_dom(struct oval_test *test, xmlDoc * doc, xmlNode * parent)
{
xmlNode * test_node=NULL;
/* skip unknown test */
oval_subtype_t subtype = oval_test_get_subtype(test);
if ( subtype == OVAL_SUBTYPE_UNKNOWN ) {
oscap_dlprintf(DBG_E, "Unknown Test %s.\n", oval_test_get_id(test));
return test_node;
}
/* get test name */
const char *subtype_text = oval_subtype_get_text(subtype);
char test_name[strlen(subtype_text) + 6];
sprintf(test_name, "%s_test", subtype_text);
/* get family URI */
oval_family_t family = oval_test_get_family(test);
const char *family_text = oval_family_get_text(family);
char family_uri[strlen((const char *)OVAL_DEFINITIONS_NAMESPACE) + strlen(family_text) + 2];
sprintf(family_uri,"%s#%s", OVAL_DEFINITIONS_NAMESPACE, family_text);
/* search namespace & create child */
xmlNs *ns_family = xmlSearchNsByHref(doc, parent, BAD_CAST family_uri);
test_node = xmlNewTextChild(parent, ns_family, BAD_CAST test_name, NULL);
char *id = oval_test_get_id(test);
xmlNewProp(test_node, BAD_CAST "id", BAD_CAST id);
char version[10];
*version = '\0';
snprintf(version, sizeof(version), "%d", oval_test_get_version(test));
xmlNewProp(test_node, BAD_CAST "version", BAD_CAST version);
oval_existence_t existence = oval_test_get_existence(test);
if (existence != OVAL_AT_LEAST_ONE_EXISTS)
xmlNewProp(test_node, BAD_CAST "check_existence", BAD_CAST oval_existence_get_text(existence));
oval_check_t check = oval_test_get_check(test);
xmlNewProp(test_node, BAD_CAST "check", BAD_CAST oval_check_get_text(check));
oval_operator_t ste_operator = oval_test_get_state_operator(test);
if (ste_operator != OVAL_OPERATOR_AND)
xmlNewProp(test_node, BAD_CAST "state_operator", BAD_CAST oval_operator_get_text(ste_operator));
char *comm = oval_test_get_comment(test);
xmlNewProp(test_node, BAD_CAST "comment", BAD_CAST comm);
bool deprecated = oval_test_get_deprecated(test);
if (deprecated)
xmlNewProp(test_node, BAD_CAST "deprecated", BAD_CAST "true");
struct oval_string_iterator *notes = oval_test_get_notes(test);
if (oval_string_iterator_has_more(notes)) {
xmlNs *ns_definitions = xmlSearchNsByHref(doc, parent, OVAL_DEFINITIONS_NAMESPACE);
xmlNode *notes_node = xmlNewTextChild(test_node, ns_definitions, BAD_CAST "notes", NULL);
while (oval_string_iterator_has_more(notes)) {
char *note = oval_string_iterator_next(notes);
xmlNewTextChild(notes_node, ns_definitions, BAD_CAST "note", BAD_CAST note);
}
}
oval_string_iterator_free(notes);
struct oval_object *object = oval_test_get_object(test);
if (object) {
xmlNode *object_node = xmlNewTextChild(test_node, ns_family, BAD_CAST "object", NULL);
xmlNewProp(object_node, BAD_CAST "object_ref", BAD_CAST oval_object_get_id(object));
}
struct oval_state_iterator *ste_itr = oval_test_get_states(test);
while (oval_state_iterator_has_more(ste_itr)) {
struct oval_state *state;
state = oval_state_iterator_next(ste_itr);
xmlNode *state_node = xmlNewTextChild(test_node, ns_family, BAD_CAST "state", NULL);
xmlNewProp(state_node, BAD_CAST "state_ref", BAD_CAST oval_state_get_id(state));
}
oval_state_iterator_free(ste_itr);
return test_node;
}
void oval_definition_model_add_object(struct oval_definition_model *model, struct oval_object *object)
{
__attribute__nonnull__(model);
char *key = oval_object_get_id(object);
oval_string_map_put(model->object_map, key, (void *)object);
}
int app_collect_oval(const struct oscap_action *action)
{
struct oval_definition_model *def_model = NULL;
struct oval_variable_model *var_model = NULL;
struct oval_syschar_model *sys_model = NULL;
struct oval_sysinfo *sysinfo = NULL;
struct oval_probe_session *pb_sess = NULL;
struct oval_generator *generator = NULL;
int ret = OSCAP_ERROR;
/* Turn on verbosity */
if (!oscap_set_verbose(action->verbosity_level, action->f_verbose_log, false)) {
goto cleanup;
}
/* validate inputs */
if (action->validate) {
if (!valid_inputs(action)) {
goto cleanup;
}
}
/* import definitions */
struct oscap_source *source = oscap_source_new_from_file(action->f_oval);
def_model = oval_definition_model_import_source(source);
oscap_source_free(source);
if (def_model == NULL) {
fprintf(stderr, "Failed to import the OVAL Definitions from '%s'.\n", action->f_oval);
goto cleanup;
}
/* bind external variables */
if(action->f_variables) {
struct oscap_source *var_source = oscap_source_new_from_file(action->f_variables);
var_model = oval_variable_model_import_source(var_source);
oscap_source_free(var_source);
if (var_model == NULL) {
fprintf(stderr, "Failed to import the OVAL Variables from '%s'.\n", action->f_variables);
goto cleanup;
}
if (oval_definition_model_bind_variable_model(def_model, var_model)) {
fprintf(stderr, "Failed to bind Variables to Definitions\n");
goto cleanup;
}
}
/* create empty syschar model */
sys_model = oval_syschar_model_new(def_model);
/* set product name */
generator = oval_syschar_model_get_generator(sys_model);
oval_generator_set_product_name(generator, OSCAP_PRODUCTNAME);
/* create probe session */
pb_sess = oval_probe_session_new(sys_model);
/* query sysinfo */
ret = oval_probe_query_sysinfo(pb_sess, &sysinfo);
if (ret != 0) {
fprintf(stderr, "Failed to query sysinfo\n");
goto cleanup;
}
oval_syschar_model_set_sysinfo(sys_model, sysinfo);
/* query objects */
struct oval_object *object;
struct oval_syschar *syschar;
oval_syschar_collection_flag_t sc_flg;
if (action->id) {
object = oval_definition_model_get_object(def_model, action->id);
if (!object) {
fprintf(stderr, "Object ID(%s) does not exist in '%s'.\n", action->id, action->f_oval);
goto cleanup;
}
printf("Collected: \"%s\" : ", oval_object_get_id(object));
oval_probe_query_object(pb_sess, object, 0, &syschar);
sc_flg = oval_syschar_get_flag(syschar);
printf("%s\n", oval_syschar_collection_flag_get_text(sc_flg));
}
else {
struct oval_object_iterator *objects = oval_definition_model_get_objects(def_model);
while (oval_object_iterator_has_more(objects)) {
object = oval_object_iterator_next(objects);
printf("Collected: \"%s\" : ", oval_object_get_id(object));
oval_probe_query_object(pb_sess, object, 0, &syschar);
sc_flg = oval_syschar_get_flag(syschar);
printf("%s\n", oval_syschar_collection_flag_get_text(sc_flg));
}
oval_object_iterator_free(objects);
}
const char* full_validation = getenv("OSCAP_FULL_VALIDATION");
/* output */
if (action->f_syschar != NULL) {
/* export OVAL System Characteristics */
oval_syschar_model_export(sys_model, action->f_syschar);
/* validate OVAL System Characteristics */
if (action->validate && full_validation) {
struct oscap_source *syschar_source = oscap_source_new_from_file(action->f_syschar);
if (oscap_source_validate(syschar_source, reporter, (void *)action)) {
oscap_source_free(syschar_source);
goto cleanup;
}
fprintf(stdout, "OVAL System Characteristics are exported correctly.\n");
oscap_source_free(syschar_source);
}
}
ret = OSCAP_OK;
cleanup:
if(oscap_err())
fprintf(stderr, "%s %s\n", OSCAP_ERR_MSG, oscap_err_desc());
if (sysinfo) oval_sysinfo_free(sysinfo);
if (pb_sess) oval_probe_session_destroy(pb_sess);
if (sys_model) oval_syschar_model_free(sys_model);
if (def_model) oval_definition_model_free(def_model);
return ret;
}
int oval_object_to_sexp(void *sess, const char *typestr, struct oval_syschar *syschar, SEXP_t **out_sexp)
{
unsigned int ent_cnt, varref_cnt;
int ret;
SEXP_t *obj_sexp, *elm, *varrefs, *ent_lst, *lst, *stmp;
SEXP_t *r0, *r1, *r2, *obj_attr, sm0, sm1;
struct oval_object *object;
struct oval_object_content_iterator *cit;
struct oval_behavior_iterator *bit;
struct oval_object_content *content;
struct oval_entity *entity;
char obj_name[128];
const char *obj_id;
object = oval_syschar_get_object(syschar);
/*
* Object name & attributes (id)
*/
ret = snprintf(obj_name, sizeof obj_name, "%s_object", typestr);
if (ret<0 || (unsigned int) ret > sizeof obj_name) {
dE("obj_name length too short");
return -1;
}
// even though it returns const char* it has to be freed :-(
char *obj_over = (char*)oval_schema_version_to_cstr(oval_object_get_platform_schema_version(object));
obj_id = oval_object_get_id(object);
obj_attr = probe_attr_creat("id", SEXP_string_new_r(&sm0, obj_id, strlen(obj_id)),
"oval_version", SEXP_string_new_r(&sm1, obj_over, strlen(obj_over)),
NULL);
free(obj_over);
obj_sexp = probe_obj_new(obj_name, obj_attr);
SEXP_free_r(&sm0);
SEXP_free_r(&sm1);
SEXP_free(obj_attr);
/*
* Object content
*/
ent_lst = SEXP_list_new(NULL);
varrefs = NULL;
ent_cnt = varref_cnt = 0;
cit = oval_object_get_object_contents(object);
while (oval_object_content_iterator_has_more(cit)) {
oval_check_t ochk;
oval_entity_varref_type_t vr_type;
content = oval_object_content_iterator_next(cit);
elm = NULL;
lst = ent_lst;
switch (oval_object_content_get_type(content)) {
case OVAL_OBJECTCONTENT_ENTITY:
entity = oval_object_content_get_entity(content);
elm = oval_entity_to_sexp(entity);
if (elm == NULL)
break;
ochk = oval_object_content_get_varCheck(content);
if (ochk != OVAL_CHECK_UNKNOWN) {
probe_ent_attr_add(elm, "var_check",
r0 = SEXP_number_newu_32(ochk));
SEXP_free(r0);
}
ret = 0;
vr_type = oval_entity_get_varref_type(entity);
if (vr_type == OVAL_ENTITY_VARREF_ATTRIBUTE) {
const char *var_id = oval_variable_get_id(oval_entity_get_variable(entity));
const char *field_name = oval_object_content_get_field_name(content);
dI("Object '%s' references variable '%s' in '%s' field.", obj_id, var_id, field_name);
ret = oval_varref_attr_to_sexp(sess, entity, syschar, &stmp);
if (ret == 0) {
if (varrefs == NULL)
varrefs = SEXP_list_new(NULL);
SEXP_list_add(varrefs, stmp);
SEXP_free(stmp);
// todo: don't add duplicates
++varref_cnt;
lst = obj_sexp;
++ent_cnt;
}
} else if (vr_type == OVAL_ENTITY_VARREF_ELEMENT) {
SEXP_t *val_lst;
struct oval_variable *var;
oval_datatype_t dt;
var = oval_entity_get_variable(entity);
dt = oval_entity_get_datatype(entity);
ret = oval_varref_elm_to_sexp(sess, var, dt, &val_lst, syschar);
if (ret == 0) {
SEXP_list_add(elm, val_lst);
SEXP_free(val_lst);
}
}
if (ret != 0) {
SEXP_t s_flag;
SEXP_number_newi_32_r(&s_flag, SYSCHAR_FLAG_DOES_NOT_EXIST);
probe_item_attr_add(obj_sexp, "skip_eval", &s_flag);
SEXP_free_r(&s_flag);
SEXP_free(elm);
SEXP_free(ent_lst);
if (varrefs != NULL)
SEXP_free(varrefs);
oval_object_content_iterator_free(cit);
*out_sexp = obj_sexp;
return (0);
}
break;
case OVAL_OBJECTCONTENT_SET:
elm = oval_set_to_sexp(oval_object_content_get_setobject(content));
break;
case OVAL_OBJECTCONTENT_FILTER: {
struct oval_filter *filter = oval_object_content_get_filter(content);
struct oval_state *ste = oval_filter_get_state(filter);
const char *ste_id = oval_state_get_id(ste);
oval_filter_action_t action = oval_filter_get_filter_action(filter);
const char *action_text = oval_filter_action_get_text(action);
dI("Object '%s' has a filter that %ss items conforming to state '%s'.",
obj_id, action_text, ste_id);
elm = oval_filter_to_sexp(filter);
}
break;
case OVAL_OBJECTCONTENT_UNKNOWN:
break;
}
if (elm == NULL) {
SEXP_free(obj_sexp);
SEXP_free(ent_lst);
if (varrefs != NULL)
SEXP_free(varrefs);
oval_object_content_iterator_free(cit);
return -1;
}
SEXP_list_add(lst, elm);
SEXP_free(elm);
}
if (varrefs != NULL) {
// todo: SEXP_list_push()
stmp = SEXP_list_new(r0 = SEXP_string_new("varrefs", 7),
r1 = SEXP_number_newu(varref_cnt), r2 = SEXP_number_newu(ent_cnt), NULL);
SEXP_vfree(r0, r1, r2, NULL);
r0 = SEXP_list_join(stmp, varrefs);
SEXP_list_add(obj_sexp, r0);
SEXP_vfree(stmp, varrefs, r0, NULL);
}
stmp = SEXP_list_join(obj_sexp, ent_lst);
SEXP_free(obj_sexp);
SEXP_free(ent_lst);
obj_sexp = stmp;
oval_object_content_iterator_free(cit);
/*
* Object behaviors
*/
bit = oval_object_get_behaviors(object);
if (oval_behavior_iterator_has_more(bit)) {
elm = oval_behaviors_to_sexp(bit);
SEXP_list_add(obj_sexp, elm);
SEXP_free(elm);
}
oval_behavior_iterator_free(bit);
*out_sexp = obj_sexp;
return (0);
}
static SEXP_t *oval_set_to_sexp(struct oval_setobject *set)
{
SEXP_t *elm, *elm_name;
SEXP_t *r0, *r1, *r2;
elm_name = SEXP_list_new(r0 = SEXP_string_new("set", 3),
/* operation */
r1 = SEXP_string_new(":operation", 10),
r2 = SEXP_number_newu_32(oval_setobject_get_operation(set)), NULL);
SEXP_free(r0);
SEXP_free(r1);
SEXP_free(r2);
elm = SEXP_list_new(elm_name, NULL);
SEXP_free(elm_name);
switch (oval_setobject_get_type(set)) {
case OVAL_SET_AGGREGATE:{
struct oval_setobject_iterator *sit;
struct oval_setobject *subset;
sit = oval_setobject_get_subsets(set);
while (oval_setobject_iterator_has_more(sit)) {
subset = oval_setobject_iterator_next(sit);
SEXP_list_add(elm, r0 = oval_set_to_sexp(subset));
SEXP_free(r0);
}
oval_setobject_iterator_free(sit);
}
break;
case OVAL_SET_COLLECTIVE:{
struct oval_object_iterator *oit;
struct oval_filter_iterator *fit;
struct oval_object *obj;
SEXP_t *subelm;
oit = oval_setobject_get_objects(set);
while (oval_object_iterator_has_more(oit)) {
obj = oval_object_iterator_next(oit);
subelm = SEXP_list_new(r0 = SEXP_string_new("obj_ref", 7),
r1 = SEXP_string_newf("%s", oval_object_get_id(obj)), NULL);
SEXP_free(r0);
SEXP_free(r1);
SEXP_list_add(elm, subelm);
SEXP_free(subelm);
}
oval_object_iterator_free(oit);
fit = oval_setobject_get_filters(set);
while (oval_filter_iterator_has_more(fit)) {
struct oval_filter *fil;
fil = oval_filter_iterator_next(fit);
subelm = oval_filter_to_sexp(fil);
SEXP_list_add(elm, subelm);
SEXP_free(subelm);
}
oval_filter_iterator_free(fit);
}
break;
default:
abort();
}
return (elm);
}
