int probe_main(probe_ctx *ctx, void *arg)
{
SEXP_t *obj, *ent;
obj = probe_ctx_getobject(ctx);
over = probe_obj_get_platform_schema_version(obj);
ent = probe_obj_getent(obj, "command", 1);
if (ent == NULL) {
return PROBE_ENOVAL;
}
if (read_process(ent, ctx)) {
SEXP_free(ent);
return PROBE_EACCESS;
}
SEXP_free(ent);
return 0;
}
int probe_main(probe_ctx *ctx, void *arg)
{
SEXP_t *object;
int err;
llist ll;
oval_schema_version_t over;
object = probe_ctx_getobject(ctx);
over = probe_obj_get_platform_schema_version(object);
interface_name_ent = probe_obj_getent(object, "interface_name", 1);
if (interface_name_ent == NULL) {
err = PROBE_ENOVAL;
goto cleanup;
}
// Now start collecting the info
list_create(&ll);
if (collect_process_info(&ll) || perm_warn) {
SEXP_t *msg;
msg = probe_msg_creat(OVAL_MESSAGE_LEVEL_ERROR, "Permission error.");
probe_cobj_add_msg(probe_ctx_getresult(ctx), msg);
SEXP_free(msg);
probe_cobj_set_flag(probe_ctx_getresult(ctx), SYSCHAR_FLAG_ERROR);
err = 0;
goto cleanup;
}
read_packet(&ll, ctx, over);
list_clear(&ll);
err = 0;
cleanup:
SEXP_vfree(interface_name_ent, NULL);
return err;
}
int probe_main(probe_ctx *ctx, void *arg)
{
SEXP_t *ent, *obj;
oval_schema_version_t over;
obj = probe_ctx_getobject(ctx);
if (obj == NULL)
return PROBE_ENOOBJ;
over = probe_obj_get_platform_schema_version(obj);
ent = probe_obj_getent(obj, "username", 1);
if (ent == NULL) {
return PROBE_ENOVAL;
}
// Now we check the file...
read_password(ent, ctx, over);
SEXP_free(ent);
return 0;
}
int probe_main(probe_ctx *ctx, void *arg)
{
SEXP_t *path_ent, *file_ent, *inst_ent, *bh_ent, *patt_ent, *filepath_ent, *probe_in;
SEXP_t *r0;
/* char *i_val, *m_val, *s_val; */
bool val;
struct pfdata pfd;
int ret = 0;
#if defined USE_REGEX_PCRE
int errorffset = -1;
const char *error;
#elif defined USE_REGEX_POSIX
regex_t _re;
pfd.compiled_regex = &_re;
int err;
#endif
OVAL_FTS *ofts;
OVAL_FTSENT *ofts_ent;
(void)arg;
memset(&pfd, 0, sizeof(pfd));
probe_in = probe_ctx_getobject(ctx);
over = probe_obj_get_platform_schema_version(probe_in);
path_ent = probe_obj_getent(probe_in, "path", 1);
file_ent = probe_obj_getent(probe_in, "filename", 1);
inst_ent = probe_obj_getent(probe_in, "instance", 1);
patt_ent = probe_obj_getent(probe_in, "pattern", 1);
filepath_ent = probe_obj_getent(probe_in, "filepath", 1);
bh_ent = probe_obj_getent(probe_in, "behaviors", 1);
/* we want (path+filename or filepath) + instance + pattern*/
if ( ((path_ent == NULL || file_ent == NULL) && filepath_ent==NULL) ||
inst_ent==NULL ||
patt_ent==NULL) {
SEXP_free (patt_ent);
ret = PROBE_ENOELM;
goto cleanup;
}
/* get pattern from SEXP */
SEXP_t *ent_val;
ent_val = probe_ent_getval(patt_ent);
pfd.pattern = SEXP_string_cstr(ent_val);
assume_d(pfd.pattern != NULL, -1);
SEXP_free(patt_ent);
SEXP_free(ent_val);
/* wtf?
i_val = s_val = "0";
m_val = "1";
*/
/* reset filebehavior attributes if 'filepath' entity is used */
if (filepath_ent != NULL && bh_ent != NULL) {
SEXP_t *r1, *r2, *r3;
r1 = probe_ent_getattrval(bh_ent, "ignore_case");
r2 = probe_ent_getattrval(bh_ent, "multiline");
r3 = probe_ent_getattrval(bh_ent, "singleline");
r0 = probe_attr_creat("ignore_case", r1,
"multiline", r2,
"singleline", r3,
NULL);
SEXP_free(bh_ent);
bh_ent = probe_ent_creat1("behaviors", r0, NULL);
SEXP_vfree(r0, r1, r2, r3, NULL);
}
probe_tfc54behaviors_canonicalize(&bh_ent);
pfd.instance_ent = inst_ent;
pfd.ctx = ctx;
#if defined USE_REGEX_PCRE
pfd.re_opts = PCRE_UTF8;
r0 = probe_ent_getattrval(bh_ent, "ignore_case");
if (r0) {
val = SEXP_string_getb(r0);
SEXP_free(r0);
if (val)
pfd.re_opts |= PCRE_CASELESS;
}
r0 = probe_ent_getattrval(bh_ent, "multiline");
if (r0) {
val = SEXP_string_getb(r0);
SEXP_free(r0);
if (val)
pfd.re_opts |= PCRE_MULTILINE;
}
r0 = probe_ent_getattrval(bh_ent, "singleline");
if (r0) {
val = SEXP_string_getb(r0);
SEXP_free(r0);
if (val)
pfd.re_opts |= PCRE_DOTALL;
}
pfd.compiled_regex = pcre_compile(pfd.pattern, pfd.re_opts, &error,
&errorffset, NULL);
if (pfd.compiled_regex == NULL) {
SEXP_t *msg;
msg = probe_msg_creatf(OVAL_MESSAGE_LEVEL_ERROR, "pcre_compile() '%s' %s.", pfd.pattern, error);
probe_cobj_add_msg(probe_ctx_getresult(pfd.ctx), msg);
SEXP_free(msg);
probe_cobj_set_flag(probe_ctx_getresult(pfd.ctx), SYSCHAR_FLAG_ERROR);
goto cleanup;
}
#elif defined USE_REGEX_POSIX
pfd.re_opts = REG_EXTENDED | REG_NEWLINE;
r0 = probe_ent_getattrval(bh_ent, "ignore_case");
if (r0) {
val = SEXP_string_getb(r0);
SEXP_free(r0);
if (val)
pfd.re_opts |= REG_ICASE;
}
if ((err = regcomp(pfd.compiled_regex, pfd.pattern, pfd.re_opts)) != 0) {
SEXP_t *msg;
msg = probe_msg_creatf(OVAL_MESSAGE_LEVEL_ERROR, "regcomp() '%s' returned %d.", pfd.pattern, err);
probe_cobj_add_msg(probe_ctx_getresult(pfd.ctx), msg);
SEXP_free(msg);
probe_cobj_set_flag(probe_ctx_getresult(pfd.ctx), SYSCHAR_FLAG_ERROR);
goto cleanup;
}
#endif
if ((ofts = oval_fts_open(path_ent, file_ent, filepath_ent, bh_ent)) != NULL) {
while ((ofts_ent = oval_fts_read(ofts)) != NULL) {
if (ofts_ent->fts_info == FTS_F
|| ofts_ent->fts_info == FTS_SL) {
// todo: handle return code
process_file(ofts_ent->path, ofts_ent->file, &pfd);
}
oval_ftsent_free(ofts_ent);
}
oval_fts_close(ofts);
}
cleanup:
SEXP_free(file_ent);
SEXP_free(path_ent);
SEXP_free(inst_ent);
SEXP_free(bh_ent);
SEXP_free(filepath_ent);
if (pfd.pattern != NULL)
oscap_free(pfd.pattern);
#if defined USE_REGEX_PCRE
if (pfd.compiled_regex != NULL)
pcre_free(pfd.compiled_regex);
#elif defined USE_REGEX_POSIX
regfree(&_re);
#endif
return ret;
}
int textfilecontent_probe_main(probe_ctx *ctx, void *arg)
{
SEXP_t *path_ent, *filename_ent, *line_ent, *behaviors_ent, *filepath_ent, *probe_in;
char *pattern;
OVAL_FTS *ofts;
OVAL_FTSENT *ofts_ent;
(void)arg;
probe_in = probe_ctx_getobject(ctx);
oval_schema_version_t over = probe_obj_get_platform_schema_version(probe_in);
path_ent = probe_obj_getent(probe_in, "path", 1);
filename_ent = probe_obj_getent(probe_in, "filename", 1);
line_ent = probe_obj_getent(probe_in, "line", 1);
filepath_ent = probe_obj_getent(probe_in, "filepath", 1);
behaviors_ent = probe_obj_getent(probe_in, "behaviors", 1);
if ( ((path_ent == NULL || filename_ent == NULL) && filepath_ent==NULL) ||
line_ent==NULL ) {
SEXP_free (path_ent);
SEXP_free (filename_ent);
SEXP_free (line_ent);
SEXP_free (filepath_ent);
SEXP_free (behaviors_ent);
return PROBE_ENOELM;
}
/* get pattern from SEXP */
SEXP_t *ent_val;
ent_val = probe_ent_getval(line_ent);
pattern = SEXP_string_cstr(ent_val);
SEXP_free(line_ent);
SEXP_free(ent_val);
if (pattern == NULL) {
SEXP_free(path_ent);
SEXP_free(filename_ent);
SEXP_free(filepath_ent);
SEXP_free(behaviors_ent);
return -1;
}
/* behaviours are not important if filepath is used */
if(filepath_ent != NULL && behaviors_ent != NULL) {
SEXP_free (behaviors_ent);
behaviors_ent = NULL;
}
probe_filebehaviors_canonicalize(&behaviors_ent);
struct pfdata pfd;
pfd.pattern = pattern;
pfd.filename_ent = filename_ent;
pfd.ctx = ctx;
const char *prefix = getenv("OSCAP_PROBE_ROOT");
if ((ofts = oval_fts_open_prefixed(prefix, path_ent, filename_ent, filepath_ent, behaviors_ent, probe_ctx_getresult(ctx))) != NULL) {
while ((ofts_ent = oval_fts_read(ofts)) != NULL) {
if (ofts_ent->fts_info == FTS_F
|| ofts_ent->fts_info == FTS_SL) {
// todo: handle return code
process_file(prefix, ofts_ent->path, ofts_ent->file, &pfd, over);
}
oval_ftsent_free(ofts_ent);
}
oval_fts_close(ofts);
}
SEXP_free(path_ent);
SEXP_free(filename_ent);
SEXP_free(behaviors_ent);
SEXP_free(filepath_ent);
free(pattern);
return 0;
}
int partition_probe_main(probe_ctx *ctx, void *probe_arg)
{
int probe_ret = 0;
SEXP_t *mnt_entity, *mnt_opval, *mnt_entval, *probe_in;
char mnt_path[PATH_MAX];
oval_operation_t mnt_op;
FILE *mnt_fp;
oval_schema_version_t obj_over;
#if defined(PROC_CHECK) && defined(__linux__)
int mnt_fd;
struct statfs stfs;
mnt_fd = open(MTAB_PATH, O_RDONLY);
if (mnt_fd < 0)
return (PROBE_ESYSTEM);
if (fstatfs(mnt_fd, &stfs) != 0) {
close(mnt_fd);
return (PROBE_ESYSTEM);
}
if (stfs.f_type != PROC_SUPER_MAGIC) {
close(mnt_fd);
return (PROBE_EFATAL);
}
mnt_fp = fdopen(mnt_fd, "r");
if (mnt_fp == NULL) {
close(mnt_fd);
return (PROBE_ESYSTEM);
}
#else
mnt_fp = fopen(MTAB_PATH, "r");
if (mnt_fp == NULL)
return (PROBE_ESYSTEM);
#endif
probe_in = probe_ctx_getobject(ctx);
obj_over = probe_obj_get_platform_schema_version(probe_in);
mnt_entity = probe_obj_getent(probe_in, "mount_point", 1);
if (mnt_entity == NULL) {
fclose(mnt_fp);
return (PROBE_ENOENT);
}
mnt_opval = probe_ent_getattrval(mnt_entity, "operation");
if (mnt_opval != NULL) {
mnt_op = (oval_operation_t)SEXP_number_geti(mnt_opval);
SEXP_free(mnt_opval);
} else
mnt_op = OVAL_OPERATION_EQUALS;
mnt_entval = probe_ent_getval(mnt_entity);
if (!SEXP_stringp(mnt_entval)) {
SEXP_free(mnt_entval);
SEXP_free(mnt_entity);
fclose(mnt_fp);
return (PROBE_EINVAL);
}
SEXP_string_cstr_r(mnt_entval, mnt_path, sizeof mnt_path);
SEXP_free(mnt_entval);
SEXP_free(mnt_entity);
if (mnt_fp != NULL) {
char buffer[MTAB_LINE_MAX];
struct mntent mnt_ent, *mnt_entp;
pcre *re = NULL;
const char *estr = NULL;
int eoff = -1;
#if defined(HAVE_BLKID_GET_TAG_VALUE)
blkid_cache blkcache;
if (blkid_get_cache(&blkcache, NULL) != 0) {
endmntent(mnt_fp);
return (PROBE_EUNKNOWN);
}
#endif
if (mnt_op == OVAL_OPERATION_PATTERN_MATCH) {
re = pcre_compile(mnt_path, PCRE_UTF8, &estr, &eoff, NULL);
if (re == NULL) {
endmntent(mnt_fp);
return (PROBE_EINVAL);
}
}
while ((mnt_entp = getmntent_r(mnt_fp, &mnt_ent,
buffer, sizeof buffer)) != NULL)
{
if (strcmp(mnt_entp->mnt_type, "rootfs") == 0)
continue;
if (mnt_op == OVAL_OPERATION_EQUALS) {
if (strcmp(mnt_entp->mnt_dir, mnt_path) == 0) {
#if defined(HAVE_BLKID_GET_TAG_VALUE)
collect_item(ctx, obj_over, mnt_entp, blkcache);
#else
collect_item(ctx, obj_over, mnt_entp);
#endif
break;
}
} else if (mnt_op == OVAL_OPERATION_NOT_EQUAL) {
if (strcmp(mnt_entp->mnt_dir, mnt_path) != 0) {
if (
#if defined(HAVE_BLKID_GET_TAG_VALUE)
collect_item(ctx, obj_over, mnt_entp, blkcache)
#else
collect_item(ctx, obj_over, mnt_entp)
#endif
!= 0)
break;
}
} else if (mnt_op == OVAL_OPERATION_PATTERN_MATCH) {
int rc;
rc = pcre_exec(re, NULL, mnt_entp->mnt_dir,
strlen(mnt_entp->mnt_dir), 0, 0, NULL, 0);
if (rc == 0) {
if (
#if defined(HAVE_BLKID_GET_TAG_VALUE)
collect_item(ctx, obj_over, mnt_entp, blkcache)
#else
collect_item(ctx, obj_over, mnt_entp)
#endif
!= 0)
break;
}
/* XXX: check for pcre_exec error */
}
}
endmntent(mnt_fp);
if (mnt_op == OVAL_OPERATION_PATTERN_MATCH)
pcre_free(re);
}
return (probe_ret);
}
int probe_main(probe_ctx *ctx, void *arg)
{
SEXP_t *path_ent, *file_ent, *inst_ent, *bh_ent, *patt_ent, *filepath_ent, *probe_in;
SEXP_t *r0;
/* char *i_val, *m_val, *s_val; */
bool val;
struct pfdata pfd;
int ret = 0;
int errorffset = -1;
const char *error;
OVAL_FTS *ofts;
OVAL_FTSENT *ofts_ent;
char path_with_root[PATH_MAX + 1];
unsigned int root_len = 0;
(void)arg;
memset(&pfd, 0, sizeof(pfd));
probe_in = probe_ctx_getobject(ctx);
over = probe_obj_get_platform_schema_version(probe_in);
path_ent = probe_obj_getent(probe_in, "path", 1);
file_ent = probe_obj_getent(probe_in, "filename", 1);
inst_ent = probe_obj_getent(probe_in, "instance", 1);
patt_ent = probe_obj_getent(probe_in, "pattern", 1);
filepath_ent = probe_obj_getent(probe_in, "filepath", 1);
bh_ent = probe_obj_getent(probe_in, "behaviors", 1);
/* we want (path+filename or filepath) + instance + pattern*/
if ( ((path_ent == NULL || file_ent == NULL) && filepath_ent==NULL) ||
inst_ent==NULL ||
patt_ent==NULL) {
SEXP_free (patt_ent);
ret = PROBE_ENOELM;
goto cleanup;
}
/* get pattern from SEXP */
SEXP_t *ent_val;
ent_val = probe_ent_getval(patt_ent);
pfd.pattern = SEXP_string_cstr(ent_val);
assume_d(pfd.pattern != NULL, -1);
SEXP_free(patt_ent);
SEXP_free(ent_val);
/* wtf?
i_val = s_val = "0";
m_val = "1";
*/
/* reset filebehavior attributes if 'filepath' entity is used */
if (filepath_ent != NULL && bh_ent != NULL) {
SEXP_t *r1, *r2, *r3;
r1 = r2 = r3 = NULL;
if (probe_ent_attrexists(bh_ent, "ignore_case")) {
r1 = probe_ent_getattrval(bh_ent, "ignore_case");
}
if (probe_ent_attrexists(bh_ent, "multiline")) {
r2 = probe_ent_getattrval(bh_ent, "multiline");
}
if (probe_ent_attrexists(bh_ent, "singleline")) {
r3 = probe_ent_getattrval(bh_ent, "singleline");
}
r0 = SEXP_list_new(NULL);
SEXP_free(bh_ent);
bh_ent = probe_ent_creat1("behaviors", r0, NULL);
SEXP_free(r0);
if (r1) {
probe_ent_attr_add(bh_ent, "ignore_case", r1);
SEXP_free(r1);
}
if (r2) {
probe_ent_attr_add(bh_ent, "multiline", r2);
SEXP_free(r2);
}
if (r3) {
probe_ent_attr_add(bh_ent, "singleline", r3);
SEXP_free(r3);
}
}
probe_tfc54behaviors_canonicalize(&bh_ent);
pfd.instance_ent = inst_ent;
pfd.ctx = ctx;
pfd.re_opts = PCRE_UTF8;
r0 = probe_ent_getattrval(bh_ent, "ignore_case");
if (r0) {
val = SEXP_string_getb(r0);
SEXP_free(r0);
if (val)
pfd.re_opts |= PCRE_CASELESS;
}
r0 = probe_ent_getattrval(bh_ent, "multiline");
if (r0) {
val = SEXP_string_getb(r0);
SEXP_free(r0);
if (val)
pfd.re_opts |= PCRE_MULTILINE;
}
r0 = probe_ent_getattrval(bh_ent, "singleline");
if (r0) {
val = SEXP_string_getb(r0);
SEXP_free(r0);
if (val)
pfd.re_opts |= PCRE_DOTALL;
}
pfd.compiled_regex = pcre_compile(pfd.pattern, pfd.re_opts, &error,
&errorffset, NULL);
if (pfd.compiled_regex == NULL) {
SEXP_t *msg;
msg = probe_msg_creatf(OVAL_MESSAGE_LEVEL_ERROR, "pcre_compile() '%s' %s.", pfd.pattern, error);
probe_cobj_add_msg(probe_ctx_getresult(pfd.ctx), msg);
SEXP_free(msg);
probe_cobj_set_flag(probe_ctx_getresult(pfd.ctx), SYSCHAR_FLAG_ERROR);
goto cleanup;
}
path_with_root[PATH_MAX] = '\0';
if (OSCAP_GSYM(offline_mode) & PROBE_OFFLINE_OWN) {
strncpy(path_with_root, getenv("OSCAP_PROBE_ROOT"), PATH_MAX);
root_len = strlen(path_with_root);
if (path_with_root[root_len - 1] == FILE_SEPARATOR)
--root_len;
}
if ((ofts = oval_fts_open(path_ent, file_ent, filepath_ent, bh_ent, probe_ctx_getresult(ctx))) != NULL) {
while ((ofts_ent = oval_fts_read(ofts)) != NULL) {
if (ofts_ent->fts_info == FTS_F
|| ofts_ent->fts_info == FTS_SL) {
strncpy(path_with_root + root_len, ofts_ent->path, PATH_MAX - root_len);
// todo: handle return code
process_file(path_with_root, ofts_ent->file, &pfd);
}
oval_ftsent_free(ofts_ent);
}
oval_fts_close(ofts);
}
cleanup:
SEXP_free(file_ent);
SEXP_free(path_ent);
SEXP_free(inst_ent);
SEXP_free(bh_ent);
SEXP_free(filepath_ent);
if (pfd.pattern != NULL)
free(pfd.pattern);
if (pfd.compiled_regex != NULL)
pcre_free(pfd.compiled_regex);
return ret;
}
int probe_main (probe_ctx *ctx, void *mutex)
{
SEXP_t *path, *filename, *behaviors, *filepath, *probe_in;
OVAL_FTS *ofts;
OVAL_FTSENT *ofts_ent;
oval_schema_version_t over;
if (mutex == NULL) {
return (PROBE_EINIT);
}
_A(mutex == &__filehash_probe_mutex);
probe_in = probe_ctx_getobject(ctx);
path = probe_obj_getent (probe_in, "path", 1);
filename = probe_obj_getent (probe_in, "filename", 1);
behaviors = probe_obj_getent (probe_in, "behaviors", 1);
filepath = probe_obj_getent (probe_in, "filepath", 1);
over = probe_obj_get_platform_schema_version(probe_in);
/* we want either path+filename or filepath */
if ( (path == NULL || filename == NULL) && filepath==NULL ) {
SEXP_free (behaviors);
SEXP_free (path);
SEXP_free (filename);
SEXP_free (filepath);
return (PROBE_ENOELM);
}
probe_filebehaviors_canonicalize(&behaviors);
switch (pthread_mutex_lock (&__filehash_probe_mutex)) {
case 0:
break;
default:
dI("Can't lock mutex(%p): %u, %s.", &__filehash_probe_mutex, errno, strerror (errno));
SEXP_free (behaviors);
SEXP_free (path);
SEXP_free (filename);
SEXP_free (filepath);
return (PROBE_EFATAL);
}
if ((ofts = oval_fts_open(path, filename, filepath, behaviors)) != NULL) {
while ((ofts_ent = oval_fts_read(ofts)) != NULL) {
filehash_cb(ofts_ent->path, ofts_ent->file, ctx, over);
oval_ftsent_free(ofts_ent);
}
oval_fts_close(ofts);
}
SEXP_free (behaviors);
SEXP_free (path);
SEXP_free (filename);
SEXP_free (filepath);
switch (pthread_mutex_unlock (&__filehash_probe_mutex)) {
case 0:
break;
default:
dI("Can't unlock mutex(%p): %u, %s.", &__filehash_probe_mutex, errno, strerror (errno));
return (PROBE_EFATAL);
}
return 0;
}
