/ovaldi-5.9.1-src/src/probes/unix/XinetdProbe.h
C Header | 277 lines | 81 code | 36 blank | 160 comment | 0 complexity | d090dc68482d864e7099066bbbaa7503 MD5 | raw file
Possible License(s): BSD-3-Clause, Apache-2.0
- //
- //
- //****************************************************************************************//
- // Copyright (c) 2002-2011, The MITRE Corporation
- // All rights reserved.
- //
- // Redistribution and use in source and binary forms, with or without modification, are
- // permitted provided that the following conditions are met:
- //
- // * Redistributions of source code must retain the above copyright notice, this list
- // of conditions and the following disclaimer.
- // * Redistributions in binary form must reproduce the above copyright notice, this
- // list of conditions and the following disclaimer in the documentation and/or other
- // materials provided with the distribution.
- // * Neither the name of The MITRE Corporation nor the names of its contributors may be
- // used to endorse or promote products derived from this software without specific
- // prior written permission.
- //
- // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
- // EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- // OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
- // SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
- // OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- // HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
- // TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
- // EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- //
- //****************************************************************************************//
- #ifndef XINETDPROBE_H
- #define XINETDPROBE_H
- #include <AbsProbe.h>
- #include <Common.h>
- #include <Item.h>
- #include <map>
- #include <Object.h>
- #include <ObjectEntity.h>
- #include <REGEX.h>
- #include <set>
- #include <string>
- class XinetdParam;
- // You will probably notice that there is no 'using namespace std' at the
- // top of this file, and I spelled out the namespace for all the stl types
- // I used below. It seems to me that people wouldn't want headers
- // importing types from other namespaces and possibly clashing with their
- // own types. So to me, 'using namespace ...' seems more appropriate for
- // an impl file, not a header.
- /**
- * The probe for analyzing xinetd config files.
- * <p>
- * It is written in a quick and dirty style using regexes. This means that
- * malformed config files will not be handled well. Either the regexes
- * will just not match, or will match in funny ways, giving funny results.
- * It makes sense perhaps, that this tool should not be used for validation,
- * so it should assume valid config files. But be aware of its limitations.
- * <p>
- * Also, to make this probe more tractable for the time I had to implement it,
- * the 'xinetd' app is not mimicked perfectly. E.g. there are rules about which
- * params support which operators, which are cumulative and which aren't, etc.
- * There is special code for handling all the special network address formats.
- * This probe discards all that complexity, handling all parameters uniformly.
- * In particular, no parameter is cumulative, all params support all operators,
- * all params may have multiple values, and all param values are treated as
- * simple strings.
- */
- class XinetdProbe : public AbsProbe {
- public:
- virtual ~XinetdProbe();
- static XinetdProbe* Instance();
- protected:
- virtual ItemVector* CollectItems(Object* object);
- virtual Item* CreateItem();
- private:
- /** Type representing a service configuration entry. */
- typedef std::map<std::string, std::vector<XinetdParam> > ServiceEntryMap;
- XinetdProbe();
- /**
- * Processes the given xinetd config file. Information about
- * services contained therein are stored in the 'services' param.
- * The defaults section is stored separately, in the given
- * 'defaults' param.
- */
- void ProcessConfigFile(const std::string& confFileName,
- StringVector& includeStack,
- std::vector<ServiceEntryMap>& services,
- ServiceEntryMap& defaults,
- ObjectEntity* nameEntity,
- ObjectEntity* protocolEntity);
- /**
- * Processes the given directory of config files. Information
- * from all config files is collected into the services and
- * defaults parameters. Only regular files, those without a
- * '.' in their name, and those which don't end with '~' are
- * processed. If there is more than one default section found,
- * all defaults are collected together into one big group.
- */
- void ProcessIncludeDir(const std::string& includeDir,
- StringVector& includeStack,
- std::vector<ServiceEntryMap>& services,
- ServiceEntryMap& defaults,
- ObjectEntity* nameEntity,
- ObjectEntity* protocolEntity);
- /**
- * Given a chunk of text containing the innards of a service description
- * (the stuff between '{' and '}'), finds all the params and values and
- * puts them into the given map. The values of duplicate parameters are
- * merged together into a single parameter.
- */
- void ProcessEntryParams(const std::string& entryParams, ServiceEntryMap& entryMap);
- /**
- * Combines duplicate default parameter definitions into a single parameter
- * definition. This is doable in the defaults entry, without looking at any
- * other entries. The resulting parameters will be suitable for merging into
- * all the actual service entries.
- */
- void NormalizeDefaults(ServiceEntryMap& defaults);
- /**
- * Merges values from the given defaults into the given service.
- */
- void MergeDefaultsIntoService(ServiceEntryMap& service, const ServiceEntryMap& defaults);
- /**
- * Given a parameter definition, and some pre-existing values for it, merge all sets
- * of values together such that the given param will only have one set of values,
- * with an operator of XinetdParam::ASSIGN. All the entries in the given vector
- * are removed and replaced with a single entry with the combined values. All
- * elements of \c param should be for the same service parameter.
- */
- void MergeParamValues(std::vector<XinetdParam>& param, const StringVector& preexistingVals = StringVector());
- /**
- * xinetd itself fills in some service params according to other param values
- * and info queried from the OS. This method mimics that behavior, filling
- * out some other params (where possible) that are missing in the service.
- * <p>
- * This method assumes the service has already been normalized (so one XinetdParam
- * object per param).
- */
- void FillInOtherParams(ServiceEntryMap& service);
- /**
- * Constructs an oval item from the given service. If an item could not
- * be created because either required service params were missing or did not
- * match the given object entities, NULL is returned.
- */
- Item* Service2Item(const ServiceEntryMap& service,
- ObjectEntity* nameEntity,
- ObjectEntity* protocolEntity);
- /**
- * Determines whether the given service is enabled. The rules regarding whether
- * or not a service is enabled are complicated. The xinetd.conf man page does
- * not describe this well.
- * <p>
- * An individual service entry may have a "disable" parameter. The defaults
- * section may have either or both of "disabled" and "enabled". Additionally,
- * the man page says there is a "DISABLE" flag, but from inspecting the source,
- * no such flag seems to exist. In the defaults section, "enabled" takes
- * precendence over "disabled". The man page says that the "disable" param
- * for a service takes precendence over an "enabled" param in the defaults.
- * It does not say whether "disable" in a service takes precedence over
- * "disabled" in the defaults. I will assume generally that disabling takes
- * precedence over enabling. So even though "disable = yes" in a service entry
- * overrides "enabled" in the defaults, I will not let "disable = no" in a
- * service entry override "disabled" in the defaults.
- */
- bool ResolveEnabled(const ServiceEntryMap& service);
- /**
- * Adds an entity to the given item with the given name, from the service param
- * of the same name from the given service.
- */
- void AddItemEntity(Item *item,
- const ServiceEntryMap& service,
- const std::string& paramName,
- OvalEnum::Datatype dataType=OvalEnum::DATATYPE_STRING);
- /**
- * Adds an entity to the given item with the given name, from the service param
- * of the given name from the given service. In this one, the entity is named
- * differently from the service param name.
- */
- void AddItemEntity(Item *item,
- const ServiceEntryMap& service,
- const std::string& paramName,
- const std::string& entityName,
- OvalEnum::Datatype dataType=OvalEnum::DATATYPE_STRING);
- /**
- * Reads the contents of the given file into the given string.
- */
- void ReadFileToString(const std::string& fileName, std::string &contents);
- /**
- * \e Modifies the given filename by transforming it into canonical
- * form (resolving symlinks, making it absolute, normalizing . and .., etc.)
- * This allows us to detect circular includes even if the same file
- * is referred to via different paths.
- */
- void CanonicalizeFileName(std::string& fileName);
- REGEX re;
- std::set<std::string> allowedFlags;
- std::set<std::string> allowedTypes;
- std::set<std::string> allowedSocketTypes;
- static XinetdProbe* instance;
- };
- /**
- * Represents a single parameter definition in a service entry. The
- * entry has a name, an operator, and one or more values. The name is
- * not stored in this class because it is used as a map key. Since
- * name is stored as a map key, I didn't think it necessary to store it
- * redundantly here. Multiple XinetdParam objects may be stored for a
- * given parameter. This is because it is legal for some parameters to
- * be defined multiple times in an xinetd config file. In this case,
- * the values are combined according to the operators for each definition.
- */
- class XinetdParam {
- public:
- enum Op {
- ASSIGN,
- APPEND,
- REMOVE
- };
- XinetdParam(); //this ctor required when creating new map entries, e.g. map["foo"] = someParam;
- XinetdParam(const XinetdParam& param);
- XinetdParam(Op op, const std::string& paramValue);
- XinetdParam(const std::string& opStr, const StringVector& paramValues);
- XinetdParam(Op op, const StringVector& paramValues);
- /** Coverts the given string to an Op constant. */
- Op string2Op(const std::string& opStr) const;
- /**
- * Makes a string representation of the param. This will include all
- * values, delimited by spaces.
- */
- std::string str() const;
- /**
- * This is used for sorting the params by operator. When applying operators
- * to obtain a final list of values, it's important to apply them in the proper
- * order.
- */
- bool operator<(const XinetdParam& other) const;
- /** cause when you create a copy ctor, you're sposed to override =... right? */
- XinetdParam& operator=(const XinetdParam& other);
- /** Looks for the given value for this param, returns true if found, false if not. */
- bool IncludesValue(const std::string& value) const;
- StringVector paramValues;
- Op op;
- };
- #endif