summaryrefslogtreecommitdiff
path: root/src/libimcv/imv
diff options
context:
space:
mode:
authorYves-Alexis Perez <corsac@debian.org>2018-09-24 15:11:14 +0200
committerYves-Alexis Perez <corsac@debian.org>2018-09-24 15:11:14 +0200
commite0e280b7669435b991b7e457abd8aa450930b3e8 (patch)
tree3e6084f13b14ad2df104e2ce6e589eb96c5f7ac9 /src/libimcv/imv
parent51a71ee15c1bcf0e82f363a16898f571e211f9c3 (diff)
downloadvyos-strongswan-e0e280b7669435b991b7e457abd8aa450930b3e8.tar.gz
vyos-strongswan-e0e280b7669435b991b7e457abd8aa450930b3e8.zip
New upstream version 5.7.0
Diffstat (limited to 'src/libimcv/imv')
-rw-r--r--src/libimcv/imv/data.sql44
-rw-r--r--src/libimcv/imv/imv_agent.c12
-rw-r--r--src/libimcv/imv/imv_database.c3
-rw-r--r--src/libimcv/imv/imv_session.c10
-rw-r--r--src/libimcv/imv/imv_session.h12
-rw-r--r--src/libimcv/imv/imv_session_manager.c4
-rw-r--r--src/libimcv/imv/imv_state.h9
7 files changed, 78 insertions, 16 deletions
diff --git a/src/libimcv/imv/data.sql b/src/libimcv/imv/data.sql
index 860573c31..5d5283620 100644
--- a/src/libimcv/imv/data.sql
+++ b/src/libimcv/imv/data.sql
@@ -556,6 +556,24 @@ INSERT INTO products ( /* 93 */
'Debian 8.10 x86_64'
);
+INSERT INTO products ( /* 94 */
+ name
+) VALUES (
+ 'Debian 8.11 i686'
+);
+
+INSERT INTO products ( /* 95 */
+ name
+) VALUES (
+ 'Debian 8.11 x86_64'
+);
+
+INSERT INTO products ( /* 96 */
+ name
+) VALUES (
+ 'Ubuntu 18.04 x86_64'
+);
+
/* Directories */
INSERT INTO directories ( /* 1 */
@@ -968,19 +986,19 @@ INSERT INTO groups ( /* 10 */
'Ref. Linux', 8
);
-INSERT INTO groups ( /* 11 */
+INSERT INTO groups ( /* 11 */
name
) VALUES (
'TPM BIOS'
);
-INSERT INTO groups ( /* 12 */
+INSERT INTO groups ( /* 12 */
name
) VALUES (
'TPM IMA'
);
-INSERT INTO groups ( /* 13 */
+INSERT INTO groups ( /* 13 */
name
) VALUES (
'TPM BIOS/IMA'
@@ -998,7 +1016,7 @@ INSERT INTO groups ( /* 15 */
'Debian armv7l', 2
);
-INSERT INTO groups ( /* 16 */
+INSERT INTO groups ( /* 16 */
name
) VALUES (
'TPM TBOOT'
@@ -1123,6 +1141,12 @@ INSERT INTO groups_product_defaults (
INSERT INTO groups_product_defaults (
group_id, product_id
) VALUES (
+ 4, 94
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
5, 2
);
@@ -1237,6 +1261,12 @@ INSERT INTO groups_product_defaults (
INSERT INTO groups_product_defaults (
group_id, product_id
) VALUES (
+ 5, 95
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
6, 9
);
@@ -1387,6 +1417,12 @@ INSERT INTO groups_product_defaults (
INSERT INTO groups_product_defaults (
group_id, product_id
) VALUES (
+ 7, 96
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
3, 21
);
diff --git a/src/libimcv/imv/imv_agent.c b/src/libimcv/imv/imv_agent.c
index bb0b3b75b..14623ad8d 100644
--- a/src/libimcv/imv/imv_agent.c
+++ b/src/libimcv/imv/imv_agent.c
@@ -492,6 +492,7 @@ METHOD(imv_agent_t, change_state, TNC_Result,
imv_state_t **state_p)
{
imv_state_t *state;
+ TNC_ConnectionState old_state;
switch (new_state)
{
@@ -506,7 +507,7 @@ METHOD(imv_agent_t, change_state, TNC_Result,
this->id, this->name, connection_id);
return TNC_RESULT_FATAL;
}
- state->change_state(state, new_state);
+ old_state = state->change_state(state, new_state);
DBG2(DBG_IMV, "IMV %u \"%s\" changed state of Connection ID %u to '%N'",
this->id, this->name, connection_id,
TNC_Connection_State_names, new_state);
@@ -514,6 +515,13 @@ METHOD(imv_agent_t, change_state, TNC_Result,
{
*state_p = state;
}
+ if (new_state == TNC_CONNECTION_STATE_HANDSHAKE &&
+ old_state != TNC_CONNECTION_STATE_CREATE)
+ {
+ state->reset(state);
+ DBG2(DBG_IMV, "IMV %u \"%s\" reset state of Connection ID %u",
+ this->id, this->name, connection_id);
+ }
break;
case TNC_CONNECTION_STATE_CREATE:
DBG1(DBG_IMV, "state '%N' should be handled by create_state()",
@@ -643,7 +651,7 @@ METHOD(enumerator_t, language_enumerator_enumerate, bool,
if (pos)
{
len = pos - this->lang_pos;
- this->lang_pos += len + 1,
+ this->lang_pos += len + 1;
this->lang_len -= len + 1;
}
else
diff --git a/src/libimcv/imv/imv_database.c b/src/libimcv/imv/imv_database.c
index b444abdbb..03f583204 100644
--- a/src/libimcv/imv/imv_database.c
+++ b/src/libimcv/imv/imv_database.c
@@ -143,7 +143,7 @@ static bool create_session(private_imv_database_t *this, imv_session_t *session)
}
/* create a new session entry */
- created = session->get_creation_time(session);
+ created = time(NULL);
conn_id = session->get_connection_id(session);
this->db->execute(this->db, &session_id,
"INSERT INTO sessions (time, connection, product, device) "
@@ -161,6 +161,7 @@ static bool create_session(private_imv_database_t *this, imv_session_t *session)
return FALSE;
}
session->set_session_id(session, session_id, pid, did);
+ session->set_creation_time(session, created);
enumerator = session->create_ar_identities_enumerator(session);
while (enumerator->enumerate(enumerator, &tnc_id))
diff --git a/src/libimcv/imv/imv_session.c b/src/libimcv/imv/imv_session.c
index bc6b5a8d1..830dd48d4 100644
--- a/src/libimcv/imv/imv_session.c
+++ b/src/libimcv/imv/imv_session.c
@@ -121,6 +121,12 @@ METHOD(imv_session_t, get_connection_id, TNC_ConnectionID,
return this->conn_id;
}
+METHOD(imv_session_t, set_creation_time, void,
+ private_imv_session_t *this, time_t created)
+{
+ this->created = created;
+}
+
METHOD(imv_session_t, get_creation_time, time_t,
private_imv_session_t *this)
{
@@ -259,7 +265,7 @@ METHOD(imv_session_t, destroy, void,
/**
* See header
*/
-imv_session_t *imv_session_create(TNC_ConnectionID conn_id, time_t created,
+imv_session_t *imv_session_create(TNC_ConnectionID conn_id,
linked_list_t *ar_identities)
{
private_imv_session_t *this;
@@ -269,6 +275,7 @@ imv_session_t *imv_session_create(TNC_ConnectionID conn_id, time_t created,
.set_session_id = _set_session_id,
.get_session_id = _get_session_id,
.get_connection_id = _get_connection_id,
+ .set_creation_time = _set_creation_time,
.get_creation_time = _get_creation_time,
.create_ar_identities_enumerator = _create_ar_identities_enumerator,
.get_os_info = _get_os_info,
@@ -286,7 +293,6 @@ imv_session_t *imv_session_create(TNC_ConnectionID conn_id, time_t created,
.destroy = _destroy,
},
.conn_id = conn_id,
- .created = created,
.ar_identities = ar_identities,
.os_info = imv_os_info_create(),
.workitems = linked_list_create(),
diff --git a/src/libimcv/imv/imv_session.h b/src/libimcv/imv/imv_session.h
index 107716f30..a2f6fc2a8 100644
--- a/src/libimcv/imv/imv_session.h
+++ b/src/libimcv/imv/imv_session.h
@@ -63,6 +63,13 @@ struct imv_session_t {
TNC_ConnectionID (*get_connection_id)(imv_session_t *this);
/**
+ * Set session creation time
+ *
+ * @param created Session creation time
+ */
+ void (*set_creation_time)(imv_session_t *this, time_t created);
+
+ /**
* Get session creation time
*
* @return Session creation time
@@ -170,10 +177,9 @@ struct imv_session_t {
* Create an imv_session_t instance
*
* @param id Associated Connection ID
- * @param created Session creation time
* @param ar_identities List of Access Requestor identities
*/
-imv_session_t* imv_session_create(TNC_ConnectionID id, time_t created,
- linked_list_t *ar_identities);
+imv_session_t* imv_session_create(TNC_ConnectionID id,
+ linked_list_t *ar_identities);
#endif /** IMV_SESSION_H_ @}*/
diff --git a/src/libimcv/imv/imv_session_manager.c b/src/libimcv/imv/imv_session_manager.c
index c97602998..2e3cfa466 100644
--- a/src/libimcv/imv/imv_session_manager.c
+++ b/src/libimcv/imv/imv_session_manager.c
@@ -51,7 +51,6 @@ METHOD(imv_session_manager_t, add_session, imv_session_t*,
enumerator_t *enumerator;
tncif_identity_t *tnc_id;
imv_session_t *current, *session = NULL;
- time_t created;
this->mutex->lock(this->mutex);
@@ -105,8 +104,7 @@ METHOD(imv_session_manager_t, add_session, imv_session_t*,
enumerator->destroy(enumerator);
/* create a new session entry */
- created = time(NULL);
- session = imv_session_create(conn_id, created, ar_identities);
+ session = imv_session_create(conn_id, ar_identities);
this->sessions->insert_last(this->sessions, session);
this->mutex->unlock(this->mutex);
diff --git a/src/libimcv/imv/imv_state.h b/src/libimcv/imv/imv_state.h
index 30ed612b3..4571da2fa 100644
--- a/src/libimcv/imv/imv_state.h
+++ b/src/libimcv/imv/imv_state.h
@@ -119,8 +119,10 @@ struct imv_state_t {
* Change the connection state
*
* @param new_state new connection state
+ * @return old connection state
*/
- void (*change_state)(imv_state_t *this, TNC_ConnectionState new_state);
+ TNC_ConnectionState (*change_state)(imv_state_t *this,
+ TNC_ConnectionState new_state);
/**
* Get IMV action recommendation and evaluation result
@@ -182,6 +184,11 @@ struct imv_state_t {
char **uri);
/**
+ * Resets the state for a new measurement cycle triggered by a SRETRY batch
+ */
+ void (*reset)(imv_state_t *this);
+
+ /**
* Destroys an imv_state_t object
*/
void (*destroy)(imv_state_t *this);