Fixed file probe to be zone aware on solaris. This fix prevents the f…

…ile probe from descending into non-global-zones from the global-zone when local is specified on solaris.
OpenSCAP · Jun 19, 2015 · 0a9d3fd · 0a9d3fd
1 parent 74ac24f
commit 0a9d3fd
Showing 1 changed file with 105 additions and 4 deletions.
diff --git a/src/OVAL/probes/oval_fts.c b/src/OVAL/probes/oval_fts.c
@@ -45,6 +45,8 @@
 #if defined(__SVR4) && defined(__sun)
 #include "fts_sun.h"
 #include <sys/mntent.h>
+#include <libzonecfg.h>
+#include <sys/avl.h>
 #else
 #include <fts.h>
 #endif
@@ -139,6 +141,13 @@ static void OVAL_FTSENT_free(OVAL_FTSENT *ofts_ent)
 #define MNTTYPE_PROC	"proc"
 #endif
 
+typedef struct zone_path {
+	avl_node_t avl_link_next;
+	char zpath[MAXPATHLEN];
+} zone_path_t;
+static avl_tree_t avl_tree_list;
+
+
 static bool valid_remote_fs(char *fstype)
 {
 	if (strcmp(fstype, MNTTYPE_NFS) == 0 ||
@@ -161,6 +170,85 @@ static bool valid_local_fs(char *fstype)
 		return (false);
 	return (true);
 }
+
+/* function to compare two avl nodes in the avl tree */
+static int compare_zoneroot(const void *entry1, const void *entry2)
+{
+	zone_path_t *t1, *t2;
+	int comp;
+
+	t1 = (zone_path_t *)entry1;
+	t2 = (zone_path_t *)entry2;
+	if ((comp = strcmp(t1->zpath, t2->zpath)) == 0) {
+		return (0);
+	}
+	return (comp > 0 ? 1 : -1);
+}
+
+int load_zones_path_list()
+{
+	FILE *cookie;
+	char *name;
+	zone_state_t state_num;
+	zone_path_t *temp = NULL;
+	avl_index_t where;
+	char rpath[MAXPATHLEN];
+
+	cookie = setzoneent();
+	if (getzoneid() != GLOBAL_ZONEID)
+		return (0);
+	avl_create(&avl_tree_list, compare_zoneroot,
+	    sizeof(zone_path_t), offsetof(zone_path_t, avl_link_next));
+	while ((name = getzoneent(cookie)) != NULL) {
+		if (strcmp(name, "global") == 0)
+			continue;
+		if (zone_get_state(name, &state_num) != Z_OK) {
+			dE("Could not get zone state for %s\n", name);
+			continue;
+		} else if (state_num > ZONE_STATE_CONFIGURED) {
+			temp = malloc(sizeof(zone_path_t));
+			if (temp == NULL) {
+				dE("Memory alloc failed\n");
+				return(1);
+			}
+			if (zone_get_zonepath(name, rpath,
+			    sizeof(rpath)) != Z_OK) {
+				dE("Could not get zone path for %s\n",
+				    name);
+				continue;
+			}
+			if (realpath(rpath, temp->zpath) != NULL)
+				avl_add(&avl_tree_list, temp);
+		}
+	}
+	endzoneent(cookie);
+	return (0);
+}
+
+static void free_zones_path_list()
+{
+	zone_path_t *temp;
+	void* cookie = NULL;
+
+	while ((temp = avl_destroy_nodes(&avl_tree_list, &cookie)) != NULL) {
+		free(temp);
+	}
+	avl_destroy(&avl_tree_list);
+}
+
+static bool valid_local_zone(char *path)
+{
+	zone_path_t temp;
+	avl_index_t where;
+
+	strlcpy(temp.zpath, path, sizeof(temp.zpath));
+	if (avl_find(&avl_tree_list, &temp, &where) != NULL)
+		return (true);
+
+	return (false);
+}
+
+
 #endif
 
 static bool OVAL_FTS_localp(OVAL_FTS *ofts, const char *path, void *id)
@@ -169,9 +257,11 @@ static bool OVAL_FTS_localp(OVAL_FTS *ofts, const char *path, void *id)
 	if (id != NULL && (*(char*)id) != '\0') {
 		/* if not a valid local fs skip */
 		if (valid_local_fs((char*)id)) {
-			/* if recurse is local , skip remote fs */
+			/* if recurse is local , skip remote fs
+			   and non-global zones */
 			if (ofts->filesystem == OVAL_RECURSE_FS_LOCAL) {
-				return (!valid_remote_fs((char*)id));
+				return (!(valid_remote_fs((char*)id) ||
+				    valid_local_zone(path)));
 			}
 			return (true);
 		}
@@ -180,9 +270,11 @@ static bool OVAL_FTS_localp(OVAL_FTS *ofts, const char *path, void *id)
 		/* id was not set, because fts_read failed to stat the node */
 		struct stat sb;
 		if ((stat(path, &sb) == 0) && (valid_local_fs(sb.st_fstype))) {
-			/* if recurse is local , skip remote fs */
+			/* if recurse is local , skip remote fs
+			   and non-global zones */
 			if (ofts->filesystem == OVAL_RECURSE_FS_LOCAL) {
-				return (!valid_remote_fs(sb.st_fstype));
+				return (!(valid_remote_fs(sb.st_fstype) ||
+				    valid_local_zone(path)));
 			}
 			return (true);
 		}
@@ -795,6 +887,12 @@ OVAL_FTS *oval_fts_open(SEXP_t *path, SEXP_t *filename, SEXP_t *filepath, SEXP_t
 		ofts->ofts_sfilepath = SEXP_ref(filepath);
 	}
 
+#if defined(__SVR4) && defined(__sun)
+	if (load_zones_path_list() != 0) {
+		dE("Failed to load zones path info. Recursing non-global zones.");
+		free_zones_path_list();
+	}
+#endif
 	return (ofts);
 }
 
@@ -1239,6 +1337,9 @@ int oval_fts_close(OVAL_FTS *ofts)
 	fsdev_free(ofts->localdevs);
 
 	OVAL_FTS_free(ofts);
+#if defined(__SVR4) && defined(__sun)
+	free_zones_path_list();
+#endif
 
 	return (0);
 }