--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openscap/patches/zz_probe_package511.patch Fri May 13 18:08:27 2016 -0700
@@ -0,0 +1,435 @@
+This patch implements the package_511 schema probe
+for solaris.
+This patch has not been submitted upstream but will
+be by 2016-Jul-15.
+--- openscap-1.2.6/src/OVAL/oval_enumerations.c.~3~ 2016-02-23 12:20:08.398905458 -0800
++++ openscap-1.2.6/src/OVAL/oval_enumerations.c 2016-02-23 12:21:52.263496707 -0800
[email protected]@ -516,6 +516,7 @@
+ {OVAL_SOLARIS_PACKAGECHECK, "packagecheck"},
+ {OVAL_SOLARIS_SMFPROPERTY, "smfproperty"},
+ {OVAL_SOLARIS_VIRTUALIZATIONINFO, "virtualizationinfo"},
++ {OVAL_SOLARIS_PACKAGE511, "package511"},
+ {OVAL_SUBTYPE_UNKNOWN, NULL}
+ };
+
+--- openscap-1.2.6/src/OVAL/probes/Makefile.am.~3~ 2016-02-23 12:24:40.391851036 -0800
++++ openscap-1.2.6/src/OVAL/probes/Makefile.am 2016-02-23 12:24:03.718455915 -0800
[email protected]@ -218,6 +218,11 @@
+ probe_virtualizationinfo_SOURCES= unix/solaris/virtualizationinfo.c
+ endif
+
++if probe_package511_enabled
++pkglibexec_PROGRAMS += probe_package511
++probe_package511_SOURCES =unix/solaris/package511.c
++endif
++
+ endif
+
+ #
+--- openscap-1.2.6/src/OVAL/public/oval_types.h.~2~ 2016-02-23 13:06:40.621110617 -0800
++++ openscap-1.2.6/src/OVAL/public/oval_types.h 2016-02-23 13:07:12.072800278 -0800
[email protected]@ -240,7 +240,8 @@
+ OVAL_SOLARIS_NDD = OVAL_FAMILY_SOLARIS + 6,
+ OVAL_SOLARIS_PACKAGECHECK = OVAL_FAMILY_SOLARIS + 7,
+ OVAL_SOLARIS_SMFPROPERTY = OVAL_FAMILY_SOLARIS + 8,
+- OVAL_SOLARIS_VIRTUALIZATIONINFO = OVAL_FAMILY_SOLARIS + 9
++ OVAL_SOLARIS_VIRTUALIZATIONINFO = OVAL_FAMILY_SOLARIS + 9,
++ OVAL_SOLARIS_PACKAGE511 = OVAL_FAMILY_SOLARIS + 10
+ } oval_solaris_subtype_t;
+
+ /// Unix subtypes
+--- openscap-1.2.6/configure.ac.~5~ 2016-02-23 12:45:30.591588060 -0800
++++ openscap-1.2.6/configure.ac 2016-02-23 12:47:23.889508750 -0800
[email protected]@ -269,6 +269,10 @@
+ probe_virtualizationinfo_req_deps_missing=
+ probe_virtualizationinfo_opt_deps_ok=yes
+ probe_virtualizationinfo_opt_deps_missing=
++probe_package511_req_deps_ok=yes
++probe_package511_req_deps_missing=
++probe_package511_opt_deps_ok=yes
++probe_package511_opt_deps_missing=
+
+ #
+ # env
[email protected]@ -1365,6 +1369,8 @@
+ probe_smfproperty_enabled=$probe_smfproperty_req_deps_ok
+ AM_CONDITIONAL([probe_virtualizationinfo_enabled], test "$probe_virtualizationinfo_req_deps_ok" = yes)
+ probe_virtualizationinfo_enabled=$probe_virtualizationinfo_req_deps_ok
++AM_CONDITIONAL([probe_package511_enabled], test "$probe_package511_req_deps_ok" = yes)
++probe_package511_enabled=$probe_package511_req_deps_ok
+
+ AM_CONDITIONAL([WANT_CCE], test "$cce" = yes)
+
[email protected]@ -1803,6 +1809,12 @@
+ probe_virtualizationinfo_table_result="NO (missing: $probe_virtualizationinfo_req_deps_missing)"
+ fi
+ printf " %-28s %s\n" "virtualizationinfo:" "$probe_virtualizationinfo_table_result"
++if test "$probe_package511_req_deps_ok" = "yes"; then
++ probe_package511_table_result="yes"
++else
++ probe_package511_table_result="NO (missing: $probe_package511_req_deps_missing)"
++fi
++printf " %-28s %s\n" "package511:" "$probe_package511_table_result"
+ echo
+ echo " === configuration ==="
+ echo " probe directory set to: $probe_dir"
+--- openscap-1.2.6/src/OVAL/oval_probe.c.~2~ 2016-02-25 13:35:49.511778373 -0800
++++ openscap-1.2.6/src/OVAL/oval_probe.c 2016-02-25 13:36:30.685802320 -0800
[email protected]@ -94,7 +94,8 @@
+ OVAL_PROBE_EXTERNAL(OVAL_UNIX_SYMLINK, "symlink"),
+ OVAL_PROBE_EXTERNAL(OVAL_SOLARIS_SMF, "smf"),
+ OVAL_PROBE_EXTERNAL(OVAL_SOLARIS_SMFPROPERTY,"smfproperty"),
+- OVAL_PROBE_EXTERNAL(OVAL_SOLARIS_VIRTUALIZATIONINFO, "virtualizationinfo")
++ OVAL_PROBE_EXTERNAL(OVAL_SOLARIS_VIRTUALIZATIONINFO, "virtualizationinfo"),
++ OVAL_PROBE_EXTERNAL(OVAL_SOLARIS_PACKAGE511, "package511")
+ };
+
+ #define __PROBE_META_COUNT (sizeof OSCAP_GSYM(__probe_meta)/sizeof OSCAP_GSYM(__probe_meta)[0])
++#endif
+--- openscap-1.2.6/src/OVAL/probes/unix/solaris/package511.c.~1~ 2016-04-19 09:54:58.291212479 -0700
++++ openscap-1.2.6/src/OVAL/probes/unix/solaris/package511.c 2016-04-19 09:58:06.575618974 -0700
[email protected]@ -0,0 +1,344 @@
++/**
++ * @file package511.c
++ * @brief package511 probe
++ * @author "Jacob Varughese" <[email protected]>
++ *
++ * This probe retrieves the meta data from packages.
++ */
++
++
++#include "probe-api.h"
++#ifdef HAVE_CONFIG_H
++#include <config.h>
++#endif
++
++#if defined(__SVR4) && defined(__sun)
++#include <stdlib.h>
++#include <string.h>
++#include <stdio.h>
++#include <errno.h>
++#include <sys/stat.h>
++#include <ctype.h>
++#include <sys/types.h>
++#include <limits.h>
++#include <unistd.h>
++#include <sys/types.h>
++#include <rad/client/1/ips.h>
++#include "seap.h"
++#include "probe/entcmp.h"
++#include "alloc.h"
++#include "common/debug_priv.h"
++
++/* Convenience structure for the results being reported */
++
++/*
++ * package511 probe:
++ *
++ *
++ * publisher;
++ * pkgname;
++ * version;
++ * timestamp;
++ * fmri;
++ * summary;
++ * description;
++ * category;
++ * updates_available;
++ */
++
++
++/* Convenience structure for the results being reported */
++struct result_info {
++ char *publisher;
++ char *pkgname;
++ char *version;
++ char *timestamp;
++ char *fmri;
++ char *summary;
++ char *description;
++ char *category;
++ boolean_t updates_available;
++};
++
++#define STR(x) ((x == NULL) ? "" : x)
++
++static void
++report_pkg_metadata(struct result_info *res, probe_ctx *ctx)
++{
++ SEXP_t *item;
++
++ item = probe_item_create(OVAL_SOLARIS_PACKAGE511, NULL,
++ "publisher", OVAL_DATATYPE_STRING, STR(res->publisher),
++ "name", OVAL_DATATYPE_STRING, STR(res->pkgname),
++ "version", OVAL_DATATYPE_VERSION, STR(res->version),
++ "timestamp", OVAL_DATATYPE_STRING, STR(res->timestamp),
++ "fmri", OVAL_DATATYPE_STRING, STR(res->fmri),
++ "summary", OVAL_DATATYPE_STRING, STR(res->summary),
++ "description", OVAL_DATATYPE_STRING, STR(res->description),
++ "category", OVAL_DATATYPE_STRING, STR(res->category),
++ "updates_available", OVAL_DATATYPE_BOOLEAN, res->updates_available,
++ NULL);
++ probe_item_collect(ctx, item);
++}
++
++#if !defined(NDEBUG)
++void
++print_list(int status, char *interface, int *name_count,
++ adr_name_t **name_list)
++{
++ int i;
++ if (status == RCE_OK) {
++ dI("Found %s\n", interface);
++ for (i = 0; i < *name_count; i++) {
++ const char *name = adr_name_tostr(name_list[i]);
++ dI("%s\n", name);
++ }
++ }
++}
++#endif
++
++int
++print_pkginfo(rc_instance_t *pkginfo_inst, struct result_info *r)
++{
++ rc_err_t status;
++
++ status = ips_PkgInfo_get_pkg_name(pkginfo_inst, &(r->pkgname));
++ if (status != RCE_OK) {
++ dI("PkgInfo_get_pkg_name failed.\n");
++ }
++ dI("pkg name=%s\n", r->pkgname);
++ status = ips_PkgInfo_get_summary(pkginfo_inst, &(r->summary));
++ if (status != RCE_OK) {
++ dI("PkgInfo_get_summary failed.\n");
++ } else {
++ dI("summary=%s\n", r->summary);
++ }
++ status = ips_PkgInfo_get_description(pkginfo_inst,
++ &(r->description));
++ if (status != RCE_OK) {
++ dI("PkgInfo_get_description failed.\n");
++ } else {
++ dI("description=%s\n", r->description);
++ }
++ status = ips_PkgInfo_get_category(pkginfo_inst, &(r->category));
++ if (status != RCE_OK) {
++ dI("PkgInfo_get_category failed.\n");
++ } else {
++ dI("category=%s\n", r->category);
++ }
++ return (0);
++}
++
++int
++print_fmriinfo(rc_instance_t *fmri_inst, struct result_info *r)
++{
++ rc_err_t status;
++
++ status = ips_PkgFmri_get_name(fmri_inst, &(r->pkgname));
++ if (status != RCE_OK) {
++ dI("PkgFmri_get_name failed.\n");
++ }
++ dI("name=%s\n", r->pkgname);
++ status = ips_PkgFmri_get_version(fmri_inst, &(r->version));
++ if (status != RCE_OK) {
++ dI("PkgFmri_get_version failed.\n");
++ } else {
++ dI("version=%s\n", r->version);
++ }
++ status = ips_PkgFmri_get_timestamp(fmri_inst, &(r->timestamp));
++ if (status != RCE_OK) {
++ dI("PkgFmri_get_timestamp failed.\n");
++ } else {
++ dI("timestamp=%s\n", r->timestamp);
++ }
++ status = ips_PkgFmri_get_publisher(fmri_inst, &(r->publisher));
++ if (status != RCE_OK) {
++ dI("PkgFmri_get_publisher failed.\n");
++ } else {
++ dI("publisher=%s\n", r->publisher);
++ }
++ status = ips_PkgFmri_get_fmri(fmri_inst, NULL, NULL, NULL,
++ NULL, NULL, &(r->fmri));
++ if (status != RCE_OK) {
++ dI("PkgFmri_get_fmri failed.\n");
++ } else {
++ dI("fmri=%s\n", r->fmri);
++ }
++ return (0);
++}
++
++static int
++collect_package_info(char *apkgname, char *aversion, char *atimestamp,
++ char *publisher, probe_ctx *ctx)
++{
++ struct result_info r;
++ rc_conn_t *conn;
++ rc_err_t status;
++ rc_instance_t *pkgimg_inst;
++ rc_instance_t *ipsmgr_inst;
++ int inst_count;
++ ips_PkgError_t* pkg_error;
++ adr_name_t **name_list;
++ adr_name_t *image_name;
++ int name_count, rc = 0;
++
++ dI("In collect_package_info");
++ memset(&r, 0, sizeof(r));
++ /* Connect to rad */
++ conn = rc_connect_unix(NULL, NULL);
++ if (conn == NULL) {
++ dI("Unable to connect to rad.\n");
++ goto error;
++ }
++
++ status = ips_IPSManager__rad_lookup(conn, _B_TRUE, &ipsmgr_inst, 0);
++ if (status != RCE_OK) {
++ dI("IPSManager lookup failed.\n");
++ goto error;
++ }
++ status = ips_IPSManager__rad_list(conn, _B_TRUE, NS_GLOB, &name_list,
++ &name_count, 0);
++#if !defined(NDEBUG)
++ print_list(status, "IPSManager", &name_count, name_list);
++#endif
++ name_array_free(name_list, name_count);
++
++ status = ips_PkgImage__rad_list(conn, _B_TRUE, NS_GLOB, &name_list,
++ &name_count, 0);
++ image_name = name_list[0];
++#if !defined(NDEBUG)
++ print_list(status, "PkgImage", &name_count, name_list);
++#endif
++ status = rc_lookup(conn, image_name, NULL, _B_TRUE, &pkgimg_inst);
++ name_array_free(name_list, name_count);
++ if (status != RCE_OK) {
++ dI("PkgImage instance lookup failed.\n");
++ goto error;
++ } else {
++ boolean_t installed = _B_TRUE;
++ boolean_t upgradable = _B_FALSE;
++ const char *fmris[1]= {apkgname};
++ rc_instance_t **pkginfo_inst;
++ rc_instance_t *pkgfmri_inst;
++ rc_instance_t **pkgfmris_inst;
++
++ status = ips_PkgImage_list_packages(pkgimg_inst, fmris, 1,
++ NULL, NULL, 0, &installed, NULL, NULL, &upgradable, NULL,
++ &pkgfmris_inst, &inst_count, &pkg_error);
++ if (status != RCE_OK) {
++ if (pkg_error != NULL) {
++ dI("rc = %d\n", pkg_error->ipe_error_code);
++ dI("error = %s\n",
++ pkg_error->ipe_error_message);
++ goto error;
++ }
++ }
++ dI("Latest revision of %s\n", fmris[0]);
++ if (print_fmriinfo(pkgfmris_inst[0], &r) > 0)
++ goto error;
++ status = ips_PkgImage_info(pkgimg_inst, fmris, 1,
++ NULL, NULL, NULL,
++ NULL, 0, NULL, &pkginfo_inst, &inst_count, &pkg_error);
++ if (status != RCE_OK) {
++ if (pkg_error != NULL) {
++ dI("rc = %d\n", pkg_error->ipe_error_code);
++ dI("error = %s\n",
++ pkg_error->ipe_error_message);
++ }
++ dI("PkgImage info failed.\n");
++ goto error;
++ }
++ dI("Got package count=%d\n", inst_count);
++ if (print_pkginfo(pkginfo_inst[0], &r) > 0)
++ goto error;
++ r.updates_available = upgradable;
++ dI("upgradable=%s\n", upgradable ? "true":"false");
++ }
++ report_pkg_metadata(&r, ctx);
++error:
++ rc_disconnect(conn);
++ return rc;
++}
++
++int
++probe_main(probe_ctx *ctx, void *arg)
++{
++ SEXP_t *probe_in, *publisher = NULL, *pkgname = NULL, *version = NULL;
++ SEXP_t *timestamp = NULL;
++ SEXP_t *publisher_val = NULL, *pkgname_val = NULL, *version_val = NULL;
++ SEXP_t *timestamp_val = NULL;
++ char *pkgname_str = NULL, *version_str = NULL, *timestamp_str = NULL;
++ char *publisher_str = NULL;
++ int rc;
++
++ probe_in = probe_ctx_getobject(ctx);
++ if (probe_in == NULL) {
++ return PROBE_ENOOBJ;
++ }
++
++ publisher = probe_obj_getent(probe_in, "publisher", 1);
++ if (publisher != NULL) {
++ publisher_val = probe_ent_getval(publisher);
++ publisher_str = SEXP_string_cstr(publisher_val);
++ }
++ if (publisher_str != NULL && strcmp(publisher_str, "") == 0)
++ publisher_str = NULL;
++ dI("publisher in context: %s.\n", (publisher_str==NULL ? "":publisher_str));
++
++ pkgname = probe_obj_getent(probe_in, "name", 1);
++ if (pkgname == NULL) {
++ dE("No pkg name in context.\n");
++ return PROBE_ENOENT;
++ }
++ pkgname_val = probe_ent_getval(pkgname);
++ if (pkgname_val == NULL) {
++ dE("Get service value failed.\n");
++ rc = PROBE_ENOVAL;
++ goto error;
++ }
++ pkgname_str = SEXP_string_cstr(pkgname_val);
++ dI("pkgname in context: %s.\n", pkgname_str);
++
++ version = probe_obj_getent(probe_in, "version", 1);
++ if (version != NULL) {
++ version_val = probe_ent_getval(version);
++ version_str = SEXP_string_cstr(version_val);
++ }
++ if (version_str != NULL && strcmp(version_str, "") == 0)
++ version_str = NULL;
++ dI("version in context: %s.\n", version_str);
++
++ timestamp = probe_obj_getent(probe_in, "timestamp", 1);
++ if (timestamp != NULL) {
++ timestamp_val = probe_ent_getval(timestamp);
++ timestamp_str = SEXP_string_cstr(timestamp_val);
++ }
++ if (timestamp_str != NULL && strcmp(timestamp_str, "") == 0)
++ timestamp_str = NULL;
++ dI("timestamp in context: %s.\n", timestamp_str);
++
++ rc = collect_package_info(pkgname_str, version_str, timestamp_str,
++ publisher_str, ctx);
++error:
++ free(pkgname_str);
++ free(version_str);
++ free(timestamp_str);
++ free(publisher_str);
++ SEXP_free(pkgname);
++ SEXP_free(version);
++ SEXP_free(timestamp);
++ SEXP_free(publisher);
++ SEXP_free(pkgname_val);
++ SEXP_free(version_val);
++ SEXP_free(timestamp_val);
++ SEXP_free(publisher_val);
++ return rc;
++}
++#else
++
++int
++probe_main(probe_ctx *ctx, void *probe_arg)
++{
++ return PROBE_EOPNOTSUPP;
++}
++#endif