Imported Upstream version 5.1.2

7 files changed, 158 insertions, 11 deletions

diff --git a/src/libimcv/imv/data.sql b/src/libimcv/imv/data.sql
index 241a99645..9d938b9b8 100644
--- a/src/libimcv/imv/data.sql
+++ b/src/libimcv/imv/data.sql
@@ -168,6 +168,42 @@ INSERT INTO products (			/* 28 */
  'Debian 7.2 x86_64'
 );
 
+INSERT INTO products (			/* 29 */
+  name
+) VALUES (
+ 'Android 4.1.2'
+);
+
+INSERT INTO products (			/* 30 */
+  name
+) VALUES (
+ 'Android 4.2.2'
+);
+
+INSERT INTO products (			/* 31 */
+  name
+) VALUES (
+ 'Android 4.3.1'
+);
+
+INSERT INTO products (			/* 32 */
+  name
+) VALUES (
+ 'Android 4.4'
+);
+
+INSERT INTO products (			/* 33 */
+  name
+) VALUES (
+ 'Android 4.4.1'
+);
+
+INSERT INTO products (			/* 34 */
+  name
+) VALUES (
+ 'Android 4.4.2'
+);
+
 /* Directories */
 
 INSERT INTO directories (		/*  1 */
@@ -568,6 +604,24 @@ INSERT INTO groups (			/* 10 */
   'Ref. Linux', 8
 );
 
+INSERT INTO groups (            /* 11 */
+  name
+) VALUES (
+  'TPM BIOS'
+);
+
+INSERT INTO groups (            /* 12 */
+  name
+) VALUES (
+  'TPM IMA'
+);
+
+INSERT INTO groups (            /* 13 */
+  name
+) VALUES (
+  'TPM BIOS/IMA'
+);
+
 /* Default Product Groups */
 
 INSERT INTO groups_product_defaults (
@@ -732,6 +786,42 @@ INSERT INTO groups_product_defaults (
   3, 22
 );
 
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  3, 29
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  3, 30
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  3, 31
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  3, 32
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  3, 33
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  3, 34
+);
+
 /* Policies */
 
 INSERT INTO policies (			/*  1 */
@@ -842,6 +932,24 @@ INSERT INTO policies (			/* 18 */
   15, 'SWID Tags', '', 2, 2
 );
 
+INSERT INTO policies (          /* 19 */
+  type, name, argument, rec_fail, rec_noresult
+) VALUES (
+  16, 'TPM BIOS Measurements', 'B', 2, 2
+);
+
+INSERT INTO policies (          /* 20 */
+  type, name, argument, rec_fail, rec_noresult
+) VALUES (
+  16, 'TPM IMA Measurements', 'I', 2, 2
+);
+
+INSERT INTO policies (          /* 21 */
+  type, name, argument, rec_fail, rec_noresult
+) VALUES (
+  16, 'TPM BIOS/IMA Measurements', 'BI', 2, 2
+);
+
 /* Enforcements */
 
 INSERT INTO enforcements (		/*  1 */
@@ -928,6 +1036,24 @@ INSERT INTO enforcements (		/* 14 */
   15, 9, 0
 );
 
+INSERT INTO enforcements (      /* 15 */
+  policy, group_id, max_age
+) VALUES (
+  19, 11, 60
+);
+
+INSERT INTO enforcements (      /* 16 */
+  policy, group_id, max_age
+) VALUES (
+  20, 12, 60
+);
+
+INSERT INTO enforcements (      /* 17 */
+  policy, group_id, max_age
+) VALUES (
+  21, 13, 60
+);
+
 /* regids */
 
 INSERT INTO regids (			/*  1 */
@@ -1058,3 +1184,9 @@ INSERT INTO tags (
   10, 'strongSwan-5-1-1'
 );
 
+INSERT INTO tags (
+  regid, unique_sw_id
+) VALUES (
+  10, 'strongSwan-5-1-2'
+);
+
diff --git a/src/libimcv/imv/imv_msg.c b/src/libimcv/imv/imv_msg.c
index 642b47935..e7181750c 100644
--- a/src/libimcv/imv/imv_msg.c
+++ b/src/libimcv/imv/imv_msg.c
@@ -208,8 +208,8 @@ METHOD(imv_msg_t, send_assessment, TNC_Result,
 	}
 
 	/* Send an IETF Assessment Result attribute if enabled */
-	if (lib->settings->get_bool(lib->settings, "libimcv.assessment_result",
-								TRUE))
+	if (lib->settings->get_bool(lib->settings, "%s.imcv.assessment_result",
+								TRUE, lib->ns))
 	{
 		this->state->get_recommendation(this->state, &rec, &eval);
 		attr = ietf_attr_assess_result_create(eval);
diff --git a/src/libimcv/imv/imv_policy_manager.c b/src/libimcv/imv/imv_policy_manager.c
index 61e0cd05b..028721af3 100644
--- a/src/libimcv/imv/imv_policy_manager.c
+++ b/src/libimcv/imv/imv_policy_manager.c
@@ -188,7 +188,7 @@ static bool policy_start(database_t *db, int session_id)
 	e->destroy(e);
 
 	/* if a device ID with a creation date exists, get all group memberships */
-	if (device_id & created)
+	if (device_id && created)
 	{
 		e = db->query(db,
 				"SELECT group_id FROM groups_members WHERE device_id = ?",
@@ -288,7 +288,7 @@ int main(int argc, char *argv[])
 	atexit(library_deinit);
 
 	/* initialize library */
-	if (!library_init(NULL))
+	if (!library_init(NULL, "imv_policy_manager"))
 	{
 		exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
 	}
@@ -328,7 +328,12 @@ int main(int argc, char *argv[])
 	session_id = atoi(tnc_session_id);
 
 	/* attach IMV database */
-	uri = lib->settings->get_str(lib->settings, "libimcv.database", NULL);
+	uri = lib->settings->get_str(lib->settings,
+			"imv_policy_manager.database",
+			lib->settings->get_str(lib->settings,
+				"charon.imcv.database",
+				lib->settings->get_str(lib->settings,
+					"libimcv.database", NULL)));
 	if (!uri)
 	{
 		fprintf(stderr, "database uri not defined.\n");
diff --git a/src/libimcv/imv/imv_reason_string.c b/src/libimcv/imv/imv_reason_string.c
index d1447ec35..c09b7bdba 100644
--- a/src/libimcv/imv/imv_reason_string.c
+++ b/src/libimcv/imv/imv_reason_string.c
@@ -35,6 +35,11 @@ struct private_imv_reason_string_t {
 	char *lang;
 
 	/**
+	 * Separator concatenating multiple reasons
+	 */
+	char *separator;
+
+	/**
 	 * Contains the concatenated reasons
 	 */
 	chunk_t reasons;
@@ -51,7 +56,8 @@ METHOD(imv_reason_string_t, add_reason, void,
 	if (this->reasons.len)
 	{
 		/* append any further reasons */
-		this->reasons = chunk_cat("mcc", this->reasons, chunk_from_chars('\n'),
+		this->reasons = chunk_cat("mcc", this->reasons,
+								  chunk_from_str(this->separator),
 								  chunk_create(s_reason, strlen(s_reason)));
 	}
 	else
@@ -77,7 +83,7 @@ METHOD(imv_reason_string_t, destroy, void,
 /**
  * Described in header.
  */
-imv_reason_string_t *imv_reason_string_create(char *lang)
+imv_reason_string_t *imv_reason_string_create(char *lang, char *separator)
 {
 	private_imv_reason_string_t *this;
 
@@ -88,6 +94,7 @@ imv_reason_string_t *imv_reason_string_create(char *lang)
 			.destroy = _destroy,
 		},
 		.lang = lang,
+		.separator = separator,
 	);
 
 	return &this->public;
diff --git a/src/libimcv/imv/imv_reason_string.h b/src/libimcv/imv/imv_reason_string.h
index cb4c27f93..c35ec36cc 100644
--- a/src/libimcv/imv/imv_reason_string.h
+++ b/src/libimcv/imv/imv_reason_string.h
@@ -58,7 +58,8 @@ struct imv_reason_string_t {
  * Creates an Reason String object
  *
  * @param lang				Preferred language
+ * @param separator			String separating multiple reasons
  */
- imv_reason_string_t* imv_reason_string_create(char *lang);
+ imv_reason_string_t* imv_reason_string_create(char *lang, char *separator);
 
 #endif /** IMV_REASON_STRING_H_ @}*/
diff --git a/src/libimcv/imv/imv_workitem.c b/src/libimcv/imv/imv_workitem.c
index 2141f73e6..8784a0ccf 100644
--- a/src/libimcv/imv/imv_workitem.c
+++ b/src/libimcv/imv/imv_workitem.c
@@ -20,7 +20,7 @@
 
 typedef struct private_imv_workitem_t private_imv_workitem_t;
 
-ENUM(imv_workitem_type_names, IMV_WORKITEM_PACKAGES, IMV_WORKITEM_SWID_TAGS,
+ENUM(imv_workitem_type_names, IMV_WORKITEM_PACKAGES, IMV_WORKITEM_TPM_ATTEST,
 	"PCKGS",
 	"UNSRC",
 	"FWDEN",
@@ -35,7 +35,8 @@ ENUM(imv_workitem_type_names, IMV_WORKITEM_PACKAGES, IMV_WORKITEM_SWID_TAGS,
 	"TCPBL",
 	"UDPOP",
 	"UDPBL",
-	"SWIDT"
+	"SWIDT",
+	"TPMRA"
 );
 
 /**
diff --git a/src/libimcv/imv/imv_workitem.h b/src/libimcv/imv/imv_workitem.h
index 868997797..93a4b5874 100644
--- a/src/libimcv/imv/imv_workitem.h
+++ b/src/libimcv/imv/imv_workitem.h
@@ -44,7 +44,8 @@ enum imv_workitem_type_t {
 	IMV_WORKITEM_TCP_PORT_BLOCK = 12,
 	IMV_WORKITEM_UDP_PORT_OPEN =  13,
 	IMV_WORKITEM_UDP_PORT_BLOCK = 14,
-	IMV_WORKITEM_SWID_TAGS =      15
+	IMV_WORKITEM_SWID_TAGS =      15,
+	IMV_WORKITEM_TPM_ATTEST =     16
 };
 
 extern enum_name_t *imv_workitem_type_names;