int probe_main (probe_ctx *ctx, void *arg)
{
SEXP_t *probe_in, *name_ent, *file_ent, *bh_ent;
char file[PATH_MAX];
size_t file_len = sizeof file;
char name[64];
size_t name_len = sizeof name;
oval_operation_t name_op, file_op;
uint64_t collect_flags = 0;
unsigned int i;
// If probe_init() failed it's because there was no rpm config files
if (arg == NULL) {
probe_cobj_set_flag(probe_ctx_getresult(ctx), SYSCHAR_FLAG_NOT_APPLICABLE);
return 0;
}
/*
* Get refs to object entities
*/
probe_in = probe_ctx_getobject(ctx);
name_ent = probe_obj_getent(probe_in, "name", 1);
file_ent = probe_obj_getent(probe_in, "filepath", 1);
if (name_ent == NULL || file_ent == NULL) {
dE("Missing \"name\" (%p) or \"filepath\" (%p) entity", name_ent, file_ent);
SEXP_free(name_ent);
SEXP_free(file_ent);
return (PROBE_ENOENT);
}
/*
* Extract the requested operation for each entity
*/
name_op = probe_ent_getoperation(name_ent, OVAL_OPERATION_EQUALS);
file_op = probe_ent_getoperation(file_ent, OVAL_OPERATION_EQUALS);
if (name_op == OVAL_OPERATION_UNKNOWN ||
file_op == OVAL_OPERATION_UNKNOWN)
{
SEXP_free(name_ent);
SEXP_free(file_ent);
return (PROBE_EINVAL);
}
/*
* Extract entity values
*/
PROBE_ENT_STRVAL(name_ent, name, name_len, /* void */, strcpy(name, ""););
int accesstoken_probe_main(probe_ctx *ctx, void *arg)
{
SEXP_t *probe_in = probe_ctx_getobject(ctx);
SEXP_t *behaviors_ent = probe_obj_getent(probe_in, "behaviors", 1);
SEXP_t *security_principle_ent = probe_obj_getent(probe_in, "security_principle", 1);
SEXP_t *security_principle_val = probe_ent_getval(security_principle_ent);
bool include_group = accesstoken_behaviors_get_include_group(behaviors_ent);
bool resolve_group = accesstoken_behaviors_get_resolve_group(behaviors_ent);
oval_operation_t operation = probe_ent_getoperation(security_principle_ent, OVAL_OPERATION_EQUALS);
if (operation == OVAL_OPERATION_EQUALS) {
char *security_principle_str = SEXP_string_cstr(security_principle_val);
WCHAR *security_principle_wstr = oscap_windows_str_to_wstr(security_principle_str);
collect_access_rights(ctx, security_principle_wstr, include_group, resolve_group);
free(security_principle_str);
free(security_principle_wstr);
} else {
struct oscap_list *trustees_list = oscap_list_new();
get_all_trustee_names(trustees_list);
struct oscap_iterator *it = oscap_iterator_new(trustees_list);
while (oscap_iterator_has_more(it)) {
WCHAR *trustee_wstr = oscap_iterator_next(it);
char *trustee_str = oscap_windows_wstr_to_str(trustee_wstr);
SEXP_t *tmp = SEXP_string_new(trustee_str, strlen(trustee_str));
if (probe_entobj_cmp(security_principle_ent, tmp) == OVAL_RESULT_TRUE) {
collect_access_rights(ctx, trustee_wstr, include_group, resolve_group);
}
free(trustee_str);
SEXP_free(tmp);
}
oscap_iterator_free(it);
oscap_list_free(trustees_list, free);
}
SEXP_free(behaviors_ent);
SEXP_free(security_principle_ent);
SEXP_free(security_principle_val);
return 0;
}
