Imported Upstream version 5.3.0

1 files changed, 70 insertions, 6 deletions

diff --git a/src/libimcv/imv/imv_policy_manager.c b/src/libimcv/imv/imv_policy_manager.c
index 50f7f2e39..9f7e4e8f4 100644
--- a/src/libimcv/imv/imv_policy_manager.c
+++ b/src/libimcv/imv/imv_policy_manager.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2015 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -19,6 +19,8 @@
 #include <library.h>
 #include <utils/debug.h>
 
+#include <tncif_names.h>
+
 #include <stdlib.h>
 #include <stdio.h>
 #include <time.h>
@@ -251,9 +253,12 @@ static bool policy_start(database_t *db, int session_id)
 static bool policy_stop(database_t *db, int session_id)
 {
 	enumerator_t *e;
-	int rec, policy;
-	char *result;
+	int rec, policy, final_rec, id_type;
+	chunk_t id_value;
+	char *result, *ip_address = NULL;
+	bool success = TRUE;
 
+	/* store all workitem results for this session in the results table */
 	e = db->query(db,
 			"SELECT w.rec_final, w.result, e.policy FROM workitems AS w "
 			"JOIN enforcements AS e ON w.enforcement = e.id "
@@ -270,9 +275,68 @@ static bool policy_stop(database_t *db, int session_id)
 		}
 		e->destroy(e);
 	}
-	return db->execute(db, NULL,
-				"DELETE FROM workitems WHERE session = ?",
-				DB_UINT, session_id) >= 0;
+	else
+	{
+		success = FALSE;
+	}
+
+	/* delete all workitems for this session from the database */
+	if (db->execute(db, NULL,
+					"DELETE FROM workitems WHERE session = ?",
+					DB_UINT, session_id) < 0)
+	{
+		success = FALSE;
+	}
+
+	final_rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION;
+
+	/* retrieve the final recommendation for this session */
+	e = db->query(db,
+			"SELECT rec FROM sessions WHERE id = ?",
+			 DB_INT, session_id, DB_INT);
+	if (e)
+	{
+		if (!e->enumerate(e, &final_rec))
+		{
+			success = FALSE;
+		}
+		e->destroy(e);
+	}
+	else
+	{
+		success = FALSE;
+	}
+
+	/* retrieve client IP address for this session */
+	e = db->query(db,
+			"SELECT i.type, i.value FROM identities AS i "
+			"JOIN sessions_identities AS si ON si.identity_id = i.id "
+			"WHERE si.session_id = ? AND (i.type = ? OR i.type = ?)",
+			 DB_INT, session_id, DB_INT, TNC_ID_IPV4_ADDR, DB_INT,
+			 TNC_ID_IPV6_ADDR, DB_INT, DB_BLOB);
+	if (e)
+	{
+		if (e->enumerate(e, &id_type, &id_value))
+		{
+			ip_address = strndup(id_value.ptr, id_value.len);
+		}
+		else
+		{
+			success = FALSE;
+		}
+		e->destroy(e);
+	}
+	else
+	{
+		success = FALSE;
+	}
+
+	fprintf(stderr, "recommendation for access requestor %s is %N\n",
+			ip_address ? ip_address : "0.0.0.0",
+			TNC_IMV_Action_Recommendation_names, final_rec);
+	free(ip_address);
+
+	return success;
 }
 
 int main(int argc, char *argv[])