static bool accesstoken_behaviors_get_resolve_group(SEXP_t *behaviors_ent)
{
bool resolve_group = false; // Default value of resolve_group behaviors
if (behaviors_ent != NULL && probe_ent_attrexists(behaviors_ent, "resolve_group")) {
SEXP_t *resolve_group_attrval = probe_ent_getattrval(behaviors_ent, "resolve_group");
resolve_group = SEXP_string_getb(resolve_group_attrval);
SEXP_free(resolve_group_attrval);
}
return resolve_group;
}
static bool accesstoken_behaviors_get_include_group(SEXP_t *behaviors_ent)
{
bool include_group = true; // Default value of include_group behaviors
if (behaviors_ent != NULL && probe_ent_attrexists(behaviors_ent, "include_group")) {
SEXP_t *include_group_attrval = probe_ent_getattrval(behaviors_ent, "include_group");
include_group = SEXP_string_getb(include_group_attrval);
SEXP_free(include_group_attrval);
}
return include_group;
}
static oval_result_t probe_ent_cmp(SEXP_t * ent, SEXP_t * val2)
{
oval_operation_t op;
oval_datatype_t dtype;
SEXP_t *stmp, *val1, *vals, *res_lst, *r0;
int val_cnt, is_var;
oval_check_t ochk;
oval_result_t ores, result;
ores = OVAL_RESULT_ERROR;
result = OVAL_RESULT_ERROR;
vals = NULL;
val_cnt = probe_ent_getvals(ent, &vals);
if (probe_ent_attrexists(ent, "var_ref")) {
is_var = 1;
} else {
if (val_cnt != 1) {
SEXP_free(vals);
return OVAL_RESULT_ERROR;
}
is_var = 0;
}
dtype = probe_ent_getdatatype(ent);
stmp = probe_ent_getattrval(ent, "operation");
if (stmp == NULL)
op = OVAL_OPERATION_EQUALS;
else
op = SEXP_number_geti_32(stmp);
SEXP_free(stmp);
res_lst = SEXP_list_new(NULL);
SEXP_list_foreach(val1, vals) {
if (SEXP_typeof(val1) != SEXP_typeof(val2)) {
dI("Types of values to compare don't match: val1: %d, val2: %d\n",
SEXP_typeof(val1), SEXP_typeof(val2));
SEXP_free(vals);
SEXP_free(val1);
SEXP_free(res_lst);
return OVAL_RESULT_ERROR;
}
ores = probe_ent_cmp_single(val1, dtype, val2, op);
SEXP_list_add(res_lst, r0 = SEXP_number_newi_32(ores));
SEXP_free(r0);
}
if (is_var) {
stmp = probe_ent_getattrval(ent, "var_check");
if (stmp == NULL) {
ochk = OVAL_CHECK_ALL;
} else {
ochk = SEXP_number_geti_32(stmp);
SEXP_free(stmp);
}
result = probe_ent_result_bychk(res_lst, ochk);
} else {
result = ores;
}
SEXP_free(res_lst);
SEXP_free(vals);
return result;
}
int probe_main(probe_ctx *ctx, void *arg)
{
SEXP_t *path_ent, *file_ent, *inst_ent, *bh_ent, *patt_ent, *filepath_ent, *probe_in;
SEXP_t *r0;
/* char *i_val, *m_val, *s_val; */
bool val;
struct pfdata pfd;
int ret = 0;
int errorffset = -1;
const char *error;
OVAL_FTS *ofts;
OVAL_FTSENT *ofts_ent;
char path_with_root[PATH_MAX + 1];
unsigned int root_len = 0;
(void)arg;
memset(&pfd, 0, sizeof(pfd));
probe_in = probe_ctx_getobject(ctx);
over = probe_obj_get_platform_schema_version(probe_in);
path_ent = probe_obj_getent(probe_in, "path", 1);
file_ent = probe_obj_getent(probe_in, "filename", 1);
inst_ent = probe_obj_getent(probe_in, "instance", 1);
patt_ent = probe_obj_getent(probe_in, "pattern", 1);
filepath_ent = probe_obj_getent(probe_in, "filepath", 1);
bh_ent = probe_obj_getent(probe_in, "behaviors", 1);
/* we want (path+filename or filepath) + instance + pattern*/
if ( ((path_ent == NULL || file_ent == NULL) && filepath_ent==NULL) ||
inst_ent==NULL ||
patt_ent==NULL) {
SEXP_free (patt_ent);
ret = PROBE_ENOELM;
goto cleanup;
}
/* get pattern from SEXP */
SEXP_t *ent_val;
ent_val = probe_ent_getval(patt_ent);
pfd.pattern = SEXP_string_cstr(ent_val);
assume_d(pfd.pattern != NULL, -1);
SEXP_free(patt_ent);
SEXP_free(ent_val);
/* wtf?
i_val = s_val = "0";
m_val = "1";
*/
/* reset filebehavior attributes if 'filepath' entity is used */
if (filepath_ent != NULL && bh_ent != NULL) {
SEXP_t *r1, *r2, *r3;
r1 = r2 = r3 = NULL;
if (probe_ent_attrexists(bh_ent, "ignore_case")) {
r1 = probe_ent_getattrval(bh_ent, "ignore_case");
}
if (probe_ent_attrexists(bh_ent, "multiline")) {
r2 = probe_ent_getattrval(bh_ent, "multiline");
}
if (probe_ent_attrexists(bh_ent, "singleline")) {
r3 = probe_ent_getattrval(bh_ent, "singleline");
}
r0 = SEXP_list_new(NULL);
SEXP_free(bh_ent);
bh_ent = probe_ent_creat1("behaviors", r0, NULL);
SEXP_free(r0);
if (r1) {
probe_ent_attr_add(bh_ent, "ignore_case", r1);
SEXP_free(r1);
}
if (r2) {
probe_ent_attr_add(bh_ent, "multiline", r2);
SEXP_free(r2);
}
if (r3) {
probe_ent_attr_add(bh_ent, "singleline", r3);
SEXP_free(r3);
}
}
probe_tfc54behaviors_canonicalize(&bh_ent);
pfd.instance_ent = inst_ent;
pfd.ctx = ctx;
pfd.re_opts = PCRE_UTF8;
r0 = probe_ent_getattrval(bh_ent, "ignore_case");
if (r0) {
val = SEXP_string_getb(r0);
SEXP_free(r0);
if (val)
pfd.re_opts |= PCRE_CASELESS;
}
r0 = probe_ent_getattrval(bh_ent, "multiline");
if (r0) {
val = SEXP_string_getb(r0);
SEXP_free(r0);
if (val)
pfd.re_opts |= PCRE_MULTILINE;
}
r0 = probe_ent_getattrval(bh_ent, "singleline");
if (r0) {
val = SEXP_string_getb(r0);
SEXP_free(r0);
if (val)
pfd.re_opts |= PCRE_DOTALL;
}
pfd.compiled_regex = pcre_compile(pfd.pattern, pfd.re_opts, &error,
&errorffset, NULL);
if (pfd.compiled_regex == NULL) {
SEXP_t *msg;
msg = probe_msg_creatf(OVAL_MESSAGE_LEVEL_ERROR, "pcre_compile() '%s' %s.", pfd.pattern, error);
probe_cobj_add_msg(probe_ctx_getresult(pfd.ctx), msg);
SEXP_free(msg);
probe_cobj_set_flag(probe_ctx_getresult(pfd.ctx), SYSCHAR_FLAG_ERROR);
goto cleanup;
}
path_with_root[PATH_MAX] = '\0';
if (OSCAP_GSYM(offline_mode) & PROBE_OFFLINE_OWN) {
strncpy(path_with_root, getenv("OSCAP_PROBE_ROOT"), PATH_MAX);
root_len = strlen(path_with_root);
if (path_with_root[root_len - 1] == FILE_SEPARATOR)
--root_len;
}
if ((ofts = oval_fts_open(path_ent, file_ent, filepath_ent, bh_ent, probe_ctx_getresult(ctx))) != NULL) {
while ((ofts_ent = oval_fts_read(ofts)) != NULL) {
if (ofts_ent->fts_info == FTS_F
|| ofts_ent->fts_info == FTS_SL) {
strncpy(path_with_root + root_len, ofts_ent->path, PATH_MAX - root_len);
// todo: handle return code
process_file(path_with_root, ofts_ent->file, &pfd);
}
oval_ftsent_free(ofts_ent);
}
oval_fts_close(ofts);
}
cleanup:
SEXP_free(file_ent);
SEXP_free(path_ent);
SEXP_free(inst_ent);
SEXP_free(bh_ent);
SEXP_free(filepath_ent);
if (pfd.pattern != NULL)
free(pfd.pattern);
if (pfd.compiled_regex != NULL)
pcre_free(pfd.compiled_regex);
return ret;
}