| shadow.c | shadow.c | |||
|---|---|---|---|---|
| skipping to change at line 62 | skipping to change at line 62 | |||
| #include <string.h> | #include <string.h> | |||
| #include <stdio.h> | #include <stdio.h> | |||
| #include <errno.h> | #include <errno.h> | |||
| #include "seap.h" | #include "seap.h" | |||
| #include "probe-api.h" | #include "probe-api.h" | |||
| #include "probe/entcmp.h" | #include "probe/entcmp.h" | |||
| #include "alloc.h" | #include "alloc.h" | |||
| #ifndef HAVE_SHADOW_H | #ifndef HAVE_SHADOW_H | |||
| int probe_main(SEXP_t *object, SEXP_t *probe_out, void *arg) | int probe_main(probe_ctx *ctx, void *arg) | |||
| { | { | |||
| SEXP_t *item_sexp; | SEXP_t *item_sexp; | |||
| if (object == NULL || probe_out == NULL) { | (void)arg; | |||
| return (PROBE_EINVAL); | ||||
| } | ||||
| item_sexp = probe_item_creat ("shadow_item", NULL, NULL); | item_sexp = probe_item_creat ("shadow_item", NULL, NULL); | |||
| probe_item_setstatus (item_sexp, OVAL_STATUS_NOTCOLLECTED); | probe_item_setstatus (item_sexp, SYSCHAR_STATUS_NOT_COLLECTED); | |||
| probe_cobj_add_item(probe_out, item_sexp); | probe_item_collect(ctx, item_sexp); | |||
| SEXP_free (item_sexp); | ||||
| return 0; | return 0; | |||
| } | } | |||
| #else | #else | |||
| /* shadow.h is present */ | /* shadow.h is present */ | |||
| #include <shadow.h> | #include <shadow.h> | |||
| /* Convenience structure for the results being reported */ | /* Convenience structure for the results being reported */ | |||
| struct result_info { | struct result_info { | |||
| const char *username; | const char *username; | |||
| const char *password; | const char *password; | |||
| long chg_lst; | long chg_lst; | |||
| long chg_allow; | long chg_allow; | |||
| long chg_req; | long chg_req; | |||
| long exp_warn; | long exp_warn; | |||
| long exp_inact; | long exp_inact; | |||
| long exp_date; | long exp_date; | |||
| unsigned long flag; | unsigned long flag; | |||
| }; | }; | |||
| static void report_finding(struct result_info *res, SEXP_t *probe_out) | static SEXP_t *parse_enc_mth(const char *pwd) | |||
| { | { | |||
| SEXP_t *item; | char *mth_str; | |||
| switch (*pwd) { | ||||
| case '_': | ||||
| return SEXP_string_newf("BSDi"); | ||||
| case '$': | ||||
| pwd++; | ||||
| switch (*pwd) { | ||||
| case '1': | ||||
| mth_str = "MD5"; | ||||
| pwd++; | ||||
| break; | ||||
| case '2': | ||||
| mth_str = "Blowfish"; | ||||
| pwd++; | ||||
| if (*pwd == 'a') | ||||
| pwd++; | ||||
| break; | ||||
| case '5': | ||||
| mth_str = "SHA-256"; | ||||
| pwd++; | ||||
| break; | ||||
| case '6': | ||||
| mth_str = "SHA-512"; | ||||
| pwd++; | ||||
| break; | ||||
| default: | ||||
| if (strncmp(pwd, "md5", 3)) | ||||
| goto fail; | ||||
| mth_str = "Sun MD5"; | ||||
| pwd += 3; | ||||
| } | ||||
| if (*pwd != '$') | ||||
| goto fail; | ||||
| return SEXP_string_newf(mth_str); | ||||
| default: | ||||
| return SEXP_string_newf("DES"); | ||||
| } | ||||
| fail: | ||||
| return NULL; | ||||
| } | ||||
| static void report_finding(struct result_info *res, probe_ctx *ctx) | ||||
| { | ||||
| SEXP_t *item, *enc_mth; | ||||
| SEXP_t se_chl_mem, se_cha_mem, se_chr_mem; | SEXP_t se_chl_mem, se_cha_mem, se_chr_mem; | |||
| SEXP_t se_exw_mem, se_exi_mem, se_exd_mem; | SEXP_t se_exw_mem, se_exi_mem, se_exd_mem; | |||
| SEXP_t se_flg_mem; | SEXP_t se_flg_mem; | |||
| item = probe_item_create(OVAL_UNIX_SHADOW, NULL, | item = probe_item_create(OVAL_UNIX_SHADOW, NULL, | |||
| "username", OVAL_DATATYPE_STRING, res->us ername, | "username", OVAL_DATATYPE_STRING, res->us ername, | |||
| "password", OVAL_DATATYPE_STRING, res->pa ssword, | "password", OVAL_DATATYPE_STRING, res->pa ssword, | |||
| "chg_lst", OVAL_DATATYPE_SEXP, SEXP_stri | "chg_lst", OVAL_DATATYPE_SEXP, SEXP_numb | |||
| ng_newf_r(&se_chl_mem, "%li", res->chg_lst), | er_newi_64_r(&se_chl_mem, res->chg_lst), | |||
| "chg_allow", OVAL_DATATYPE_SEXP, SEXP_stri | "chg_allow", OVAL_DATATYPE_SEXP, SEXP_numb | |||
| ng_newf_r(&se_cha_mem, "%li", res->chg_allow), | er_newi_64_r(&se_cha_mem, res->chg_allow), | |||
| "chg_req", OVAL_DATATYPE_SEXP, SEXP_stri | "chg_req", OVAL_DATATYPE_SEXP, SEXP_numb | |||
| ng_newf_r(&se_chr_mem, "%li", res->chg_req), | er_newi_64_r(&se_chr_mem, res->chg_req), | |||
| "exp_warn", OVAL_DATATYPE_SEXP, SEXP_stri | "exp_warn", OVAL_DATATYPE_SEXP, SEXP_numb | |||
| ng_newf_r(&se_exw_mem, "%li", res->exp_warn), | er_newi_64_r(&se_exw_mem, res->exp_warn), | |||
| "exp_inact", OVAL_DATATYPE_SEXP, SEXP_stri | "exp_inact", OVAL_DATATYPE_SEXP, SEXP_numb | |||
| ng_newf_r(&se_exi_mem, "%li", res->exp_inact), | er_newi_64_r(&se_exi_mem, res->exp_inact), | |||
| "exp_date", OVAL_DATATYPE_SEXP, SEXP_stri | "exp_date", OVAL_DATATYPE_SEXP, SEXP_numb | |||
| ng_newf_r(&se_exd_mem, "%li", res->exp_date), | er_newi_64_r(&se_exd_mem, res->exp_date), | |||
| "flag", OVAL_DATATYPE_SEXP, SEXP_stri ng_newf_r(&se_flg_mem, "%lu", res->flag), | "flag", OVAL_DATATYPE_SEXP, SEXP_stri ng_newf_r(&se_flg_mem, "%lu", res->flag), | |||
| NULL); | NULL); | |||
| enc_mth = parse_enc_mth(res->password); | ||||
| if (enc_mth) { | ||||
| probe_item_ent_add(item, "encrypt_method", NULL, enc_mth); | ||||
| SEXP_free(enc_mth); | ||||
| } | ||||
| probe_item_collect(ctx, item); | ||||
| probe_cobj_add_item(probe_out, item); | ||||
| SEXP_free(item); | ||||
| SEXP_free_r(&se_chl_mem); | SEXP_free_r(&se_chl_mem); | |||
| SEXP_free_r(&se_cha_mem); | SEXP_free_r(&se_cha_mem); | |||
| SEXP_free_r(&se_chr_mem); | SEXP_free_r(&se_chr_mem); | |||
| SEXP_free_r(&se_exw_mem); | SEXP_free_r(&se_exw_mem); | |||
| SEXP_free_r(&se_exi_mem); | SEXP_free_r(&se_exi_mem); | |||
| SEXP_free_r(&se_exd_mem); | SEXP_free_r(&se_exd_mem); | |||
| SEXP_free_r(&se_flg_mem); | SEXP_free_r(&se_flg_mem); | |||
| } | } | |||
| static int read_shadow(SEXP_t *un_ent, SEXP_t *probe_out) | static int read_shadow(SEXP_t *un_ent, probe_ctx *ctx) | |||
| { | { | |||
| int err = 1; | int err = 1; | |||
| struct spwd *pw; | struct spwd *pw; | |||
| while ((pw = getspent())) { | while ((pw = getspent())) { | |||
| SEXP_t *un; | SEXP_t *un; | |||
| _D("Have user: %s\n", pw->sp_namp); | _D("Have user: %s\n", pw->sp_namp); | |||
| err = 0; | err = 0; | |||
| un = SEXP_string_newf("%s", pw->sp_namp); | un = SEXP_string_newf("%s", pw->sp_namp); | |||
| skipping to change at line 148 | skipping to change at line 197 | |||
| r.username = pw->sp_namp; | r.username = pw->sp_namp; | |||
| r.password = pw->sp_pwdp; | r.password = pw->sp_pwdp; | |||
| r.chg_lst = pw->sp_lstchg; | r.chg_lst = pw->sp_lstchg; | |||
| r.chg_allow = pw->sp_min; | r.chg_allow = pw->sp_min; | |||
| r.chg_req = pw->sp_max; | r.chg_req = pw->sp_max; | |||
| r.exp_warn = pw->sp_warn; | r.exp_warn = pw->sp_warn; | |||
| r.exp_inact = pw->sp_inact; | r.exp_inact = pw->sp_inact; | |||
| r.exp_date = pw->sp_expire; | r.exp_date = pw->sp_expire; | |||
| r.flag = pw->sp_flag; | r.flag = pw->sp_flag; | |||
| report_finding(&r, probe_out); | report_finding(&r, ctx); | |||
| } | } | |||
| SEXP_free(un); | SEXP_free(un); | |||
| } | } | |||
| endspent(); | endspent(); | |||
| return err; | return err; | |||
| } | } | |||
| int probe_main(SEXP_t *object, SEXP_t *probe_out, void *arg, SEXP_t *filter s) | int probe_main(probe_ctx *ctx, void *arg) | |||
| { | { | |||
| SEXP_t *ent; | SEXP_t *ent; | |||
| (void)filters; | ent = probe_obj_getent(probe_ctx_getobject(ctx), "username", 1); | |||
| if (object == NULL || probe_out == NULL) { | ||||
| return (PROBE_EINVAL); | ||||
| } | ||||
| ent = probe_obj_getent(object, "username", 1); | ||||
| if (ent == NULL) { | if (ent == NULL) { | |||
| return PROBE_ENOVAL; | return PROBE_ENOVAL; | |||
| } | } | |||
| // Now we check the file... | // Now we check the file... | |||
| read_shadow(ent, probe_out); | read_shadow(ent, ctx); | |||
| SEXP_free(ent); | SEXP_free(ent); | |||
| return 0; | return 0; | |||
| } | } | |||
| #endif /* HAVE_SHADOW_H */ | #endif /* HAVE_SHADOW_H */ | |||
| End of changes. 13 change blocks. | ||||
| 34 lines changed or deleted | 77 lines changed or added | |||
This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||