Import upstream release 5.2.1

4 files changed, 83 insertions, 34 deletions

diff --git a/src/libimcv/plugins/imv_os/Makefile.in b/src/libimcv/plugins/imv_os/Makefile.in
index cae6dbe84..36e708fc9 100644
--- a/src/libimcv/plugins/imv_os/Makefile.in
+++ b/src/libimcv/plugins/imv_os/Makefile.in
@@ -238,6 +238,7 @@ ECHO_T = @ECHO_T@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
+GEM = @GEM@
 GENHTML = @GENHTML@
 GPERF = @GPERF@
 GPRBUILD = @GPRBUILD@
@@ -298,6 +299,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
 RANLIB = @RANLIB@
 RTLIB = @RTLIB@
 RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
 RUBYINCLUDE = @RUBYINCLUDE@
 RUBYLIB = @RUBYLIB@
 SED = @SED@
@@ -363,6 +365,8 @@ ipsecdir = @ipsecdir@
 ipsecgroup = @ipsecgroup@
 ipseclibdir = @ipseclibdir@
 ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
 libdir = @libdir@
 libexecdir = @libexecdir@
 linux_headers = @linux_headers@
@@ -410,6 +414,10 @@ strongswan_conf = @strongswan_conf@
 strongswan_options = @strongswan_options@
 swanctldir = @swanctldir@
 sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
 systemdsystemunitdir = @systemdsystemunitdir@
 t_plugins = @t_plugins@
 target_alias = @target_alias@
diff --git a/src/libimcv/plugins/imv_os/imv_os_agent.c b/src/libimcv/plugins/imv_os/imv_os_agent.c
index ca8bac6ca..f0b1936ab 100644
--- a/src/libimcv/plugins/imv_os/imv_os_agent.c
+++ b/src/libimcv/plugins/imv_os/imv_os_agent.c
@@ -37,8 +37,9 @@
 #include <ita/ita_attr.h>
 #include <ita/ita_attr_get_settings.h>
 #include <ita/ita_attr_settings.h>
-#include <ita/ita_attr_angel.h>
 #include <ita/ita_attr_device_id.h>
+#include "tcg/seg/tcg_seg_attr_max_size.h"
+#include "tcg/seg/tcg_seg_attr_seg_env.h"
 
 #include <tncif_names.h>
 #include <tncif_pa_subtypes.h>
@@ -46,6 +47,8 @@
 #include <pen/pen.h>
 #include <utils/debug.h>
 
+#define INSTALLED_PACKAGES_MAX_ATTR_SIZE	100000000
+
 typedef struct private_imv_os_agent_t private_imv_os_agent_t;
 typedef enum imv_os_attr_t imv_os_attr_t;
 
@@ -166,20 +169,23 @@ static TNC_Result receive_msg(private_imv_os_agent_t *this, imv_state_t *state,
 	chunk_t os_name = chunk_empty;
 	chunk_t os_version = chunk_empty;
 	bool fatal_error = FALSE, assessment = FALSE;
+	uint16_t missing;
 
 	os_state = (imv_os_state_t*)state;
 	session = state->get_session(state);
 	os_info = session->get_os_info(session);
 
+	/* generate an outgoing PA-TNC message - we might need it */
+	out_msg = imv_msg_create_as_reply(in_msg);
+
 	/* parse received PA-TNC message and handle local and remote errors */
-	result = in_msg->receive(in_msg, &fatal_error);
+	result = in_msg->receive(in_msg,out_msg, &fatal_error);
 	if (result != TNC_RESULT_SUCCESS)
 	{
+		out_msg->destroy(out_msg);
 		return result;
 	}
 
-	out_msg = imv_msg_create_as_reply(in_msg);
-
 	/* analyze PA-TNC attributes */
 	enumerator = in_msg->create_attribute_enumerator(in_msg);
 	while (enumerator->enumerate(enumerator, &attr))
@@ -323,6 +329,9 @@ static TNC_Result receive_msg(private_imv_os_agent_t *this, imv_state_t *state,
 								TNC_IMV_EVALUATION_RESULT_ERROR);
 						assessment = TRUE;
 					}
+					missing = attr_cast->get_count(attr_cast);
+					os_state->set_missing(os_state, missing);
+					attr_cast->clear_packages(attr_cast);
 					break;
 				}
 				default:
@@ -369,12 +378,6 @@ static TNC_Result receive_msg(private_imv_os_agent_t *this, imv_state_t *state,
 					session->set_device_id(session, value);
 					break;
 				}
-				case ITA_ATTR_START_ANGEL:
-					os_state->set_angel_count(os_state, TRUE);
-					break;
-				case ITA_ATTR_STOP_ANGEL:
-					os_state->set_angel_count(os_state, FALSE);
-					break;
 				default:
 					break;
 			}
@@ -394,20 +397,20 @@ static TNC_Result receive_msg(private_imv_os_agent_t *this, imv_state_t *state,
 	{
 		os_state->set_handshake_state(os_state, IMV_OS_STATE_END);
 		result = out_msg->send_assessment(out_msg);
-		out_msg->destroy(out_msg);
-		if (result != TNC_RESULT_SUCCESS)
+		if (result == TNC_RESULT_SUCCESS)
 		{
-			return result;
+			result = this->agent->provide_recommendation(this->agent, state);
 		}
-		return this->agent->provide_recommendation(this->agent, state);
 	}
-
-	/* send PA-TNC message with excl flag set */
-	result = out_msg->send(out_msg, TRUE);
+	else
+	{
+		/* send PA-TNC message with the EXCL flag set */
+		result = out_msg->send(out_msg, TRUE);
+	}
 	out_msg->destroy(out_msg);
 
 	return result;
- }
+}
 
 METHOD(imv_agent_if_t, receive_message, TNC_Result,
 	private_imv_os_agent_t *this, TNC_ConnectionID id,
@@ -529,6 +532,30 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
 
 	if (handshake_state == IMV_OS_STATE_INIT)
 	{
+		size_t max_attr_size = INSTALLED_PACKAGES_MAX_ATTR_SIZE;
+		size_t max_seg_size;
+		seg_contract_t *contract;
+		seg_contract_manager_t *contracts;
+		char buf[BUF_LEN];
+
+		/* Determine maximum PA-TNC attribute segment size */
+		max_seg_size = state->get_max_msg_len(state)
+								- PA_TNC_HEADER_SIZE 
+								- PA_TNC_ATTR_HEADER_SIZE
+								- TCG_SEG_ATTR_SEG_ENV_HEADER
+								- PA_TNC_ATTR_HEADER_SIZE
+								- TCG_SEG_ATTR_MAX_SIZE_SIZE;
+
+		/* Announce support of PA-TNC segmentation to IMC */
+		contract = seg_contract_create(msg_types[0], max_attr_size,
+										max_seg_size, TRUE, imv_id, FALSE);
+		contract->get_info_string(contract, buf, BUF_LEN, TRUE);
+		DBG2(DBG_IMV, "%s", buf);
+		contracts = state->get_contracts(state);
+		contracts->add_contract(contracts, contract);
+		attr = tcg_seg_attr_max_size_create(max_attr_size, max_seg_size, TRUE);
+		out_msg->add_attribute(out_msg, attr);
+
 		if ((received & IMV_OS_ATTR_MUST) != IMV_OS_ATTR_MUST)
 		{
 			/* create attribute request for missing mandatory attributes */
@@ -671,7 +698,7 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
 					int count, count_update, count_blacklist, count_ok;
 
 					if (!(received & IMV_OS_ATTR_INSTALLED_PACKAGES) ||
-						os_state->get_angel_count(os_state) > 0)
+						os_state->get_missing(os_state) > 0)
 					{
 						continue;
 					}
diff --git a/src/libimcv/plugins/imv_os/imv_os_state.c b/src/libimcv/plugins/imv_os/imv_os_state.c
index dc8474ac9..ac826a77c 100644
--- a/src/libimcv/plugins/imv_os/imv_os_state.c
+++ b/src/libimcv/plugins/imv_os/imv_os_state.c
@@ -76,6 +76,11 @@ struct private_imv_os_state_t {
 	imv_session_t *session;
 
 	/**
+	 * PA-TNC attribute segmentation contracts associated with TNCCS connection
+	 */
+	seg_contract_manager_t *contracts;
+
+	/**
 	 * IMV action recommendation
 	 */
 	TNC_IMV_Action_Recommendation rec;
@@ -136,9 +141,9 @@ struct private_imv_os_state_t {
 	u_int os_settings;
 
 	/**
-	 * Angel count
+	 * Number of installed packages still missing
 	 */
-	int angel_count;
+	uint16_t missing;
 
 };
 
@@ -327,6 +332,12 @@ METHOD(imv_state_t, get_session, imv_session_t*,
 	return this->session;
 }
 
+METHOD(imv_state_t, get_contracts, seg_contract_manager_t*,
+	private_imv_os_state_t *this)
+{
+	return this->contracts;
+}
+
 METHOD(imv_state_t, get_recommendation, void,
 	private_imv_os_state_t *this, TNC_IMV_Action_Recommendation *rec,
 								  TNC_IMV_Evaluation_Result *eval)
@@ -461,6 +472,7 @@ METHOD(imv_state_t, destroy, void,
 	DESTROY_IF(this->session);
 	DESTROY_IF(this->reason_string);
 	DESTROY_IF(this->remediation_string);
+	this->contracts->destroy(this->contracts);
 	this->update_packages->destroy_function(this->update_packages, free);
 	this->remove_packages->destroy_function(this->remove_packages, free);
 	free(this);
@@ -523,16 +535,16 @@ METHOD(imv_os_state_t, get_os_settings, u_int,
 	return this->os_settings;
 }
 
-METHOD(imv_os_state_t, set_angel_count, void,
-	private_imv_os_state_t *this, bool start)
+METHOD(imv_os_state_t, set_missing, void,
+	private_imv_os_state_t *this, uint16_t missing)
 {
-	this->angel_count += start ? 1 : -1;
+	this->missing = missing;
 }
 
-METHOD(imv_os_state_t, get_angel_count, int,
+METHOD(imv_os_state_t, get_missing, uint16_t,
 	private_imv_os_state_t *this)
 {
-	return this->angel_count;
+	return this->missing;
 }
 
 METHOD(imv_os_state_t, add_bad_package, void,
@@ -571,6 +583,7 @@ imv_state_t *imv_os_state_create(TNC_ConnectionID connection_id)
 				.get_action_flags = _get_action_flags,
 				.set_session = _set_session,
 				.get_session = _get_session,
+				.get_contracts = _get_contracts,
 				.change_state = _change_state,
 				.get_recommendation = _get_recommendation,
 				.set_recommendation = _set_recommendation,
@@ -585,14 +598,15 @@ imv_state_t *imv_os_state_create(TNC_ConnectionID connection_id)
 			.get_count = _get_count,
 			.set_os_settings = _set_os_settings,
 			.get_os_settings = _get_os_settings,
-			.set_angel_count = _set_angel_count,
-			.get_angel_count = _get_angel_count,
+			.set_missing = _set_missing,
+			.get_missing = _get_missing,
 			.add_bad_package = _add_bad_package,
 		},
 		.state = TNC_CONNECTION_STATE_CREATE,
 		.rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
 		.eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
 		.connection_id = connection_id,
+		.contracts = seg_contract_manager_create(),
 		.update_packages = linked_list_create(),
 		.remove_packages = linked_list_create(),
 	);
diff --git a/src/libimcv/plugins/imv_os/imv_os_state.h b/src/libimcv/plugins/imv_os/imv_os_state.h
index 82ebb6cc9..aa9b64076 100644
--- a/src/libimcv/plugins/imv_os/imv_os_state.h
+++ b/src/libimcv/plugins/imv_os/imv_os_state.h
@@ -114,18 +114,18 @@ struct imv_os_state_t {
 	u_int (*get_os_settings)(imv_os_state_t *this);
 
 	/**
-	 * Increase/Decrease the ITA Angel count
+	 * Set number of installed packages still missing
 	 *
-	 * @param start			TRUE increases and FALSE decreases count by one
+	 * @param missing		Number of missing installed packages
 	 */
-	void (*set_angel_count)(imv_os_state_t *this, bool start);
+	void (*set_missing)(imv_os_state_t *this, uint16_t missing);
 
 	/**
-	 * Get the ITA Angel count
+	 * Get number of installed packages still missing
 	 *
-	 * @return				ITA Angel count
+	 * @return				Number of missing installed packages
 	 */
-	int (*get_angel_count)(imv_os_state_t *this);
+	uint16_t (*get_missing)(imv_os_state_t *this);
 
 	/**
 	 * Store a bad package that has to be updated or removed