|
Packit Service |
569379 |
/**
|
|
Packit Service |
569379 |
* @file environmentvariable58_probe.c
|
|
Packit Service |
569379 |
* @brief environmentvariable58 probe
|
|
Packit Service |
569379 |
* @author "Petr Lautrbach" <plautrba@redhat.com>
|
|
Packit Service |
569379 |
*
|
|
Packit Service |
569379 |
* This probe is able to process a environmentvariable58_object as defined in OVAL 5.8.
|
|
Packit Service |
569379 |
*
|
|
Packit Service |
569379 |
*/
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
/*
|
|
Packit Service |
569379 |
* Copyright 2009-2011 Red Hat Inc., Durham, North Carolina.
|
|
Packit Service |
569379 |
* All Rights Reserved.
|
|
Packit Service |
569379 |
*
|
|
Packit Service |
569379 |
* This library is free software; you can redistribute it and/or
|
|
Packit Service |
569379 |
* modify it under the terms of the GNU Lesser General Public
|
|
Packit Service |
569379 |
* License as published by the Free Software Foundation; either
|
|
Packit Service |
569379 |
* version 2.1 of the License, or (at your option) any later version.
|
|
Packit Service |
569379 |
*
|
|
Packit Service |
569379 |
* This library is distributed in the hope that it will be useful,
|
|
Packit Service |
569379 |
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit Service |
569379 |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit Service |
569379 |
* Lesser General Public License for more details.
|
|
Packit Service |
569379 |
*
|
|
Packit Service |
569379 |
* You should have received a copy of the GNU Lesser General Public
|
|
Packit Service |
569379 |
* License along with this library; if not, write to the Free Software
|
|
Packit Service |
569379 |
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
|
Packit Service |
569379 |
*
|
|
Packit Service |
569379 |
* Authors:
|
|
Packit Service |
569379 |
* Petr Lautrbach <plautrba@redhat.com>
|
|
Packit Service |
569379 |
*/
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
/*
|
|
Packit Service |
569379 |
* environmentvariable58 probe:
|
|
Packit Service |
569379 |
*
|
|
Packit Service |
569379 |
* pid
|
|
Packit Service |
569379 |
* name
|
|
Packit Service |
569379 |
* value
|
|
Packit Service |
569379 |
*/
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
#ifdef HAVE_CONFIG_H
|
|
Packit Service |
569379 |
#include <config.h>
|
|
Packit Service |
569379 |
#endif
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
#include <stdlib.h>
|
|
Packit Service |
569379 |
#include <unistd.h>
|
|
Packit Service |
569379 |
#include <string.h>
|
|
Packit Service |
569379 |
#include <stdio.h>
|
|
Packit Service |
569379 |
#include <errno.h>
|
|
Packit Service |
569379 |
#include <sys/stat.h>
|
|
Packit Service |
569379 |
#include <fcntl.h>
|
|
Packit Service |
569379 |
#include <sys/types.h>
|
|
Packit Service |
569379 |
#include <dirent.h>
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
#include <probe/probe.h>
|
|
Packit Service |
569379 |
#include "_seap.h"
|
|
Packit Service |
569379 |
#include "probe-api.h"
|
|
Packit Service |
569379 |
#include "probe/entcmp.h"
|
|
Packit Service |
569379 |
#include "common/debug_priv.h"
|
|
Packit Service |
569379 |
#include "environmentvariable58_probe.h"
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
#define BUFFER_SIZE 256
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
extern char **environ;
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
static int collect_variable(char *buffer, size_t env_name_size, int pid, SEXP_t *name_ent, probe_ctx *ctx)
|
|
Packit Service |
569379 |
{
|
|
Packit Service |
569379 |
int res = 1;
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
SEXP_t *env_name = SEXP_string_new(buffer, env_name_size);
|
|
Packit Service |
569379 |
SEXP_t *env_value = SEXP_string_newf("%s", buffer + env_name_size + 1);
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
if (probe_entobj_cmp(name_ent, env_name) == OVAL_RESULT_TRUE) {
|
|
Packit Service |
569379 |
SEXP_t *item = probe_item_create(
|
|
Packit Service |
569379 |
OVAL_INDEPENDENT_ENVIRONMENT_VARIABLE58, NULL,
|
|
Packit Service |
569379 |
"pid", OVAL_DATATYPE_INTEGER, (int64_t)pid,
|
|
Packit Service |
569379 |
"name", OVAL_DATATYPE_SEXP, env_name,
|
|
Packit Service |
569379 |
"value", OVAL_DATATYPE_SEXP, env_value,
|
|
Packit Service |
569379 |
NULL);
|
|
Packit Service |
569379 |
probe_item_collect(ctx, item);
|
|
Packit Service |
569379 |
res = 0;
|
|
Packit Service |
569379 |
}
|
|
Packit Service |
569379 |
SEXP_free(env_name);
|
|
Packit Service |
569379 |
SEXP_free(env_value);
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
return res;
|
|
Packit Service |
569379 |
}
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
static int read_environment(SEXP_t *pid_ent, SEXP_t *name_ent, probe_ctx *ctx)
|
|
Packit Service |
569379 |
{
|
|
Packit Service |
569379 |
int err = 1, pid, fd;
|
|
Packit Service |
569379 |
bool empty;
|
|
Packit Service |
569379 |
SEXP_t *item, *pid_sexp;
|
|
Packit Service |
569379 |
DIR *d;
|
|
Packit Service |
569379 |
struct dirent *d_entry;
|
|
Packit Service |
569379 |
char *buffer, *null_char, path[PATH_MAX] = {0};
|
|
Packit Service |
569379 |
ssize_t buffer_used;
|
|
Packit Service |
569379 |
size_t buffer_size;
|
|
Packit Service |
569379 |
|
|
Packit Service |
9fde34 |
const char *extra_vars = getenv("OSCAP_CONTAINER_VARS");
|
|
Packit Service |
9fde34 |
if (extra_vars && *extra_vars) {
|
|
Packit Service |
9fde34 |
char *vars = strdup(extra_vars);
|
|
Packit Service |
9fde34 |
char *tok, *eq_chr, *str, *strp;
|
|
Packit Service |
9fde34 |
|
|
Packit Service |
9fde34 |
for (str = vars; ; str = NULL) {
|
|
Packit Service |
9fde34 |
tok = strtok_r(str, "\n", &strp;;
|
|
Packit Service |
9fde34 |
if (tok == NULL)
|
|
Packit Service |
9fde34 |
break;
|
|
Packit Service |
9fde34 |
eq_chr = strchr(tok, '=');
|
|
Packit Service |
9fde34 |
if (eq_chr == NULL)
|
|
Packit Service |
9fde34 |
continue;
|
|
Packit Service |
9fde34 |
PROBE_ENT_I32VAL(pid_ent, pid, pid = -1;, pid = 0;);
|
|
Packit Service |
9fde34 |
collect_variable(tok, eq_chr - tok, pid, name_ent, ctx);
|
|
Packit Service |
9fde34 |
}
|
|
Packit Service |
9fde34 |
|
|
Packit Service |
9fde34 |
free(vars);
|
|
Packit Service |
9fde34 |
return 0;
|
|
Packit Service |
9fde34 |
}
|
|
Packit Service |
9fde34 |
|
|
Packit Service |
569379 |
const char *prefix = getenv("OSCAP_PROBE_ROOT");
|
|
Packit Service |
569379 |
snprintf(path, PATH_MAX, "%s/proc", prefix ? prefix : "");
|
|
Packit Service |
569379 |
d = opendir(path);
|
|
Packit Service |
569379 |
if (d == NULL) {
|
|
Packit Service |
9fde34 |
dE("Can't read %s/proc: errno=%d, %s.", prefix ? prefix : "", errno, strerror(errno));
|
|
Packit Service |
9fde34 |
return PROBE_EACCESS;
|
|
Packit Service |
569379 |
}
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
if ((buffer = realloc(NULL, BUFFER_SIZE)) == NULL) {
|
|
Packit Service |
569379 |
dE("Can't allocate memory");
|
|
Packit Service |
569379 |
closedir(d);
|
|
Packit Service |
569379 |
return PROBE_EFAULT;
|
|
Packit Service |
569379 |
}
|
|
Packit Service |
569379 |
buffer_size = BUFFER_SIZE;
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
while ((d_entry = readdir(d))) {
|
|
Packit Service |
569379 |
if (strspn(d_entry->d_name, "0123456789") != strlen(d_entry->d_name))
|
|
Packit Service |
569379 |
continue;
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
pid = atoi(d_entry->d_name);
|
|
Packit Service |
569379 |
pid_sexp = SEXP_number_newi_32(pid);
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
if (probe_entobj_cmp(pid_ent, pid_sexp) != OVAL_RESULT_TRUE) {
|
|
Packit Service |
569379 |
SEXP_free(pid_sexp);
|
|
Packit Service |
569379 |
continue;
|
|
Packit Service |
569379 |
}
|
|
Packit Service |
569379 |
SEXP_free(pid_sexp);
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
snprintf(path, PATH_MAX, "%s/proc/%d/environ", prefix ? prefix : "", pid);
|
|
Packit Service |
569379 |
if ((fd = open(path, O_RDONLY)) == -1) {
|
|
Packit Service |
569379 |
dE("Can't open \"%s\": errno=%d, %s.", path, errno, strerror (errno));
|
|
Packit Service |
569379 |
item = probe_item_create(
|
|
Packit Service |
569379 |
OVAL_INDEPENDENT_ENVIRONMENT_VARIABLE58, NULL,
|
|
Packit Service |
569379 |
"pid", OVAL_DATATYPE_INTEGER, (int64_t)pid,
|
|
Packit Service |
569379 |
NULL
|
|
Packit Service |
569379 |
);
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
probe_item_setstatus(item, SYSCHAR_STATUS_ERROR);
|
|
Packit Service |
569379 |
probe_item_add_msg(item, OVAL_MESSAGE_LEVEL_ERROR,
|
|
Packit Service |
569379 |
"Can't open \"%s\": errno=%d, %s.", path, errno, strerror (errno));
|
|
Packit Service |
569379 |
probe_item_collect(ctx, item);
|
|
Packit Service |
569379 |
continue;
|
|
Packit Service |
569379 |
}
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
empty = true;
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
if ((buffer_used = read(fd, buffer, buffer_size - 1)) > 0) {
|
|
Packit Service |
569379 |
empty = false;
|
|
Packit Service |
569379 |
}
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
while (! empty) {
|
|
Packit Service |
569379 |
while (! (null_char = memchr(buffer, 0, buffer_used))) {
|
|
Packit Service |
569379 |
ssize_t s;
|
|
Packit Service |
569379 |
if ((size_t)buffer_used >= buffer_size) {
|
|
Packit Service |
569379 |
buffer_size += BUFFER_SIZE;
|
|
Packit Service |
569379 |
buffer = realloc(buffer, buffer_size);
|
|
Packit Service |
569379 |
if (buffer == NULL) {
|
|
Packit Service |
569379 |
dE("Can't allocate memory");
|
|
Packit Service |
569379 |
exit(ENOMEM);
|
|
Packit Service |
569379 |
}
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
}
|
|
Packit Service |
569379 |
s = read(fd, buffer + buffer_used, buffer_size - buffer_used);
|
|
Packit Service |
569379 |
if (s <= 0) {
|
|
Packit Service |
569379 |
empty = true;
|
|
Packit Service |
569379 |
buffer[buffer_used++] = 0;
|
|
Packit Service |
569379 |
}
|
|
Packit Service |
569379 |
else {
|
|
Packit Service |
569379 |
buffer_used += s;
|
|
Packit Service |
569379 |
}
|
|
Packit Service |
569379 |
}
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
do {
|
|
Packit Service |
569379 |
char *eq_char = strchr(buffer, '=');
|
|
Packit Service |
569379 |
if (eq_char == NULL) {
|
|
Packit Service |
569379 |
/* strange but possible:
|
|
Packit Service |
569379 |
* $ strings /proc/1218/environ
|
|
Packit Service |
569379 |
/dev/input/event0 /dev/input/event1 /dev/input/event4 /dev/input/event3
|
|
Packit Service |
569379 |
*/
|
|
Packit Service |
569379 |
buffer_used -= null_char + 1 - buffer;
|
|
Packit Service |
569379 |
memmove(buffer, null_char + 1, buffer_used);
|
|
Packit Service |
569379 |
continue;
|
|
Packit Service |
569379 |
}
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
collect_variable(buffer, eq_char - buffer, pid, name_ent, ctx);
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
buffer_used -= null_char + 1 - buffer;
|
|
Packit Service |
569379 |
memmove(buffer, null_char + 1, buffer_used);
|
|
Packit Service |
569379 |
} while ((null_char = memchr(buffer, 0, buffer_used)));
|
|
Packit Service |
569379 |
}
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
close(fd);
|
|
Packit Service |
569379 |
}
|
|
Packit Service |
569379 |
closedir(d);
|
|
Packit Service |
569379 |
free(buffer);
|
|
Packit Service |
569379 |
if (err) {
|
|
Packit Service |
569379 |
SEXP_t *msg = probe_msg_creatf(OVAL_MESSAGE_LEVEL_ERROR,
|
|
Packit Service |
569379 |
"Can't find process with requested PID.");
|
|
Packit Service |
569379 |
probe_cobj_add_msg(probe_ctx_getresult(ctx), msg);
|
|
Packit Service |
569379 |
SEXP_free(msg);
|
|
Packit Service |
569379 |
err = 0;
|
|
Packit Service |
569379 |
}
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
return err;
|
|
Packit Service |
569379 |
}
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
int environmentvariable58_probe_offline_mode_supported(void)
|
|
Packit Service |
569379 |
{
|
|
Packit Service |
569379 |
return PROBE_OFFLINE_OWN;
|
|
Packit Service |
569379 |
}
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
int environmentvariable58_probe_main(probe_ctx *ctx, void *arg)
|
|
Packit Service |
569379 |
{
|
|
Packit Service |
569379 |
SEXP_t *probe_in, *name_ent, *pid_ent;
|
|
Packit Service |
569379 |
int pid, err;
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
probe_in = probe_ctx_getobject(ctx);
|
|
Packit Service |
569379 |
name_ent = probe_obj_getent(probe_in, "name", 1);
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
if (name_ent == NULL) {
|
|
Packit Service |
569379 |
return PROBE_ENOENT;
|
|
Packit Service |
569379 |
}
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
pid_ent = probe_obj_getent(probe_in, "pid", 1);
|
|
Packit Service |
569379 |
if (pid_ent == NULL) {
|
|
Packit Service |
569379 |
SEXP_free(name_ent);
|
|
Packit Service |
569379 |
return PROBE_ENOENT;
|
|
Packit Service |
569379 |
}
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
PROBE_ENT_I32VAL(pid_ent, pid, pid = -1;, pid = 0;);
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
if (pid == -1) {
|
|
Packit Service |
569379 |
SEXP_free(name_ent);
|
|
Packit Service |
569379 |
SEXP_free(pid_ent);
|
|
Packit Service |
569379 |
return PROBE_ERANGE;
|
|
Packit Service |
569379 |
}
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
if (pid == 0) {
|
|
Packit Service |
569379 |
/* overwrite pid value with actual pid */
|
|
Packit Service |
569379 |
SEXP_t *nref, *nval, *new_pid_ent;
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
nref = SEXP_list_first(probe_in);
|
|
Packit Service |
569379 |
nval = SEXP_number_newu_32(getpid());
|
|
Packit Service |
569379 |
new_pid_ent = SEXP_list_new(nref, nval, NULL);
|
|
Packit Service |
569379 |
SEXP_free(pid_ent);
|
|
Packit Service |
569379 |
SEXP_free(nref);
|
|
Packit Service |
569379 |
SEXP_free(nval);
|
|
Packit Service |
569379 |
pid_ent = new_pid_ent;
|
|
Packit Service |
569379 |
}
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
err = read_environment(pid_ent, name_ent, ctx);
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
SEXP_free(name_ent);
|
|
Packit Service |
569379 |
SEXP_free(pid_ent);
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
return err;
|
|
Packit Service |
569379 |
}
|