NetBSD/sbin/veriexecctl/veriexecctl_parse.y
elad 6700cfccd6 Some Veriexec stuff that's been rotting in my tree for months.
Bug fixes:
  - Fix crash reported by Scott Ellis on current-users@.

  - Fix race conditions in enforcing the Veriexec rename and remove
    policies. These are NOT security issues.

  - Fix memory leak in rename handling when overwriting a monitored
    file.

  - Fix table deletion logic.

  - Don't prevent query requests if not in learning mode.


KPI updates:
  - fileassoc_table_run() now takes a cookie to pass to the callback.

  - veriexec_table_add() was removed, it is now done internally. As a
    result, there's no longer a need for VERIEXEC_TABLESIZE.

  - veriexec_report() was removed, it is now internal.

  - Perform sanity checks on the entry type, and enforce default type
    in veriexec_file_add() rather than in veriexecctl.

  - Add veriexec_flush(), used to delete all Veriexec tables, and
    veriexec_dump(), used to fill an array with all Veriexec entries.


New features:
  - Add a '-k' flag to veriexecctl, to keep the filenames in the kernel
    database. This allows Veriexec to produce slightly more accurate
    logs under certain circumstances. In the future, this can be either
    replaced by vnode->pathname translation, or combined with it.

  - Add a VERIEXEC_DUMP ioctl, to dump the entire Veriexec database.
    This can be used to recover a database if the file was lost.
    Example usage:

        # veriexecctl dump > /etc/signatures

    Note that only entries with the filename kept (that is, were loaded
    with the '-k' flag) will be dumped.

    Idea from Brett Lymn.

  - Add a VERIEXEC_FLUSH ioctl, to delete all Veriexec entries. Sample
    usage:

        # veriexecctl flush

  - Add a 'veriexec_flags' rc(8) variable, and make its default have
    the '-k' flag. On systems using the default signatures file
    (generaetd from running 'veriexecgen' with no arguments), this will
    use additional 32kb of kernel memory on average.

  - Add a '-e' flag to veriexecctl, to evaluate the fingerprint during
    load. This is done automatically for files marked as 'untrusted'.


Misc. stuff:
  - The code for veriexecctl was massively simplified as a result of
    eliminating the need for VERIEXEC_TABLESIZE, and now uses a single
    pass of the signatures file, making the loading somewhat faster.

  - Lots of minor fixes found using the (still under development)
    Veriexec regression testsuite.

  - Some of the messages Veriexec prints were improved.

  - Various documentation fixes.


All relevant man-pages were updated to reflect the above changes.

Binary compatibility with existing veriexecctl binaries is maintained.
2007-05-15 19:47:43 +00:00

245 lines
5.4 KiB
Plaintext

%{
/* $NetBSD: veriexecctl_parse.y,v 1.21 2007/05/15 19:47:47 elad Exp $ */
/*-
* Copyright 2005 Elad Efrat <elad@NetBSD.org>
* Copyright 2005 Brett Lymn <blymn@netbsd.org>
*
* All rights reserved.
*
* This code has been donated to The NetBSD Foundation by the Author.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. The name of the author may not be used to endorse or promote products
* derived from this software withough specific prior written permission
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*
*/
#include <sys/stat.h>
#include <sys/verified_exec.h>
#include <ctype.h>
#include <stdio.h>
#include <string.h>
#include <err.h>
#include <prop/proplib.h>
#include "veriexecctl.h"
extern int yylex(void);
extern size_t line;
extern int verbose, error;
boolean_t keep_filename = FALSE, eval_on_load = FALSE;
prop_dictionary_t load_params;
%}
%union {
char *string;
int intval;
}
%token <string> PATH
%token <string> STRING
%token EOL TOKEN_COMMA
%%
statement : /* empty */
| statement path type fingerprint flags eol {
extern int gfd;
struct stat sb;
if (stat(dict_gets(load_params, "file"), &sb) == -1) {
if (verbose)
warnx("Line %zu: Can't stat `%s'", line,
dict_gets(load_params, "file"));
error = EXIT_FAILURE;
goto skip;
}
/* Only regular files */
if (!S_ISREG(sb.st_mode)) {
if (verbose)
warnx("Line %zu: %s is not a regular file", line,
dict_gets(load_params, "file"));
error = EXIT_FAILURE;
goto skip;
}
if (verbose) {
(void)printf( "Adding file `%s'.\n",
dict_gets(load_params, "file"));
}
prop_dictionary_set(load_params, "keep-filename",
prop_bool_create(keep_filename));
prop_dictionary_set(load_params, "eval-on-load",
prop_bool_create(eval_on_load));
if (prop_dictionary_send_ioctl(load_params, gfd, VERIEXEC_LOAD) != 0) {
if (verbose)
warn("Cannot load params from `%s'",
dict_gets(load_params, "file"));
error = EXIT_FAILURE;
}
skip:
prop_object_release(load_params);
load_params = NULL;
}
| statement eol
| statement error eol {
yyerrok;
}
;
path : PATH {
if (load_params == NULL)
load_params = prop_dictionary_create();
dict_sets(load_params, "file", $1);
}
;
type : STRING {
dict_sets(load_params, "fp-type", $1);
}
;
fingerprint : STRING {
char *fp;
size_t n;
fp = malloc(strlen($1) / 2);
if (fp == NULL)
err(1, "Cannot allocate memory for fingerprint");
n = convert($1, fp);
if (n == -1) {
free(fp);
if (verbose)
warnx("Bad fingerprint `%s' in line %zu", $1, line);
error = EXIT_FAILURE;
YYERROR;
}
dict_setd(load_params, "fp", fp, n);
free(fp);
}
;
flags : /* empty */
| flags_spec
;
flags_spec : flag_spec
| flags_spec TOKEN_COMMA flag_spec
;
flag_spec : STRING {
uint8_t t = 0;
prop_dictionary_get_uint8(load_params, "entry-type", &t);
if (strcasecmp($1, "direct") == 0) {
t |= VERIEXEC_DIRECT;
} else if (strcasecmp($1, "indirect") == 0) {
t |= VERIEXEC_INDIRECT;
} else if (strcasecmp($1, "file") == 0) {
t |= VERIEXEC_FILE;
} else if (strcasecmp($1, "program") == 0) {
t |= VERIEXEC_DIRECT;
} else if (strcasecmp($1, "interpreter") == 0) {
t |= VERIEXEC_INDIRECT;
} else if (strcasecmp($1, "script") == 0) {
t |= (VERIEXEC_FILE | VERIEXEC_DIRECT);
} else if (strcasecmp($1, "library") == 0) {
t |= (VERIEXEC_FILE | VERIEXEC_INDIRECT);
} else if (strcasecmp($1, "untrusted") == 0) {
t |= VERIEXEC_UNTRUSTED;
} else {
if (verbose)
warnx("Bad flag `%s' in line %zu", $1, line);
error = EXIT_FAILURE;
YYERROR;
}
prop_dictionary_set_uint8(load_params, "entry-type", t);
}
;
eol : EOL
;
%%
/*
* Takes the hexadecimal string pointed to by "fp" and converts it to a
* "count" byte binary number which is stored in the array pointed to
* by "out". Returns the number of bytes converted or -1 if the conversion
* fails.
*/
static size_t
convert(u_char *fp, u_char *out)
{
size_t i, count;
u_char value;
count = strlen(fp);
/*
* if there are not an even number of hex digits then there is
* not an integral number of bytes in the fingerprint.
*/
if ((count % 2) != 0)
return -1;
count /= 2;
#define cvt(cv) \
if (isdigit(cv)) \
value += (cv) - '0'; \
else if (isxdigit(cv)) \
value += 10 + tolower(cv) - 'a'; \
else \
return -1
for (i = 0; i < count; i++) {
value = 0;
cvt(fp[2 * i]);
value <<= 4;
cvt(fp[2 * i + 1]);
out[i] = value;
}
return count;
}
static void
yyerror(const char *msg)
{
if (verbose)
warnx("%s in line %zu", msg, line);
}