New upstream version 5.7.0

4 files changed, 133 insertions, 49 deletions

diff --git a/src/libimcv/plugins/imv_swima/Makefile.in b/src/libimcv/plugins/imv_swima/Makefile.in
index e2132b576..a9c7715ec 100644
--- a/src/libimcv/plugins/imv_swima/Makefile.in
+++ b/src/libimcv/plugins/imv_swima/Makefile.in
@@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
 PY_TEST = @PY_TEST@
 RANLIB = @RANLIB@
 RTLIB = @RTLIB@
-RUBY = @RUBY@
 RUBYGEMDIR = @RUBYGEMDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
@@ -337,6 +336,8 @@ am__tar = @am__tar@
 am__untar = @am__untar@
 attest_plugins = @attest_plugins@
 bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
 build = @build@
 build_alias = @build_alias@
 build_cpu = @build_cpu@
@@ -357,8 +358,6 @@ dvidir = @dvidir@
 exec_prefix = @exec_prefix@
 fips_mode = @fips_mode@
 fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
 host = @host@
 host_alias = @host_alias@
 host_cpu = @host_cpu@
@@ -413,8 +412,6 @@ random_device = @random_device@
 resolv_conf = @resolv_conf@
 routing_table = @routing_table@
 routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
 runstatedir = @runstatedir@
 s_plugins = @s_plugins@
 sbindir = @sbindir@
@@ -443,8 +440,12 @@ top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 tss2_CFLAGS = @tss2_CFLAGS@
 tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
 tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
 tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
 tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
 tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
 urandom_device = @urandom_device@
diff --git a/src/libimcv/plugins/imv_swima/imv_swima_agent.c b/src/libimcv/plugins/imv_swima/imv_swima_agent.c
index 1d9944200..52f1baf03 100644
--- a/src/libimcv/plugins/imv_swima/imv_swima_agent.c
+++ b/src/libimcv/plugins/imv_swima/imv_swima_agent.c
@@ -187,11 +187,17 @@ static TNC_Result receive_msg(private_imv_swima_agent_t *this,
 				}
 				description = reader->peek(reader);
 				if (description.len)
-				{ 
+				{
 					DBG1(DBG_IMV, "  description: %.*s", description.len,
 														 description.ptr);
 				}
 				reader->destroy(reader);
+				if (error_code.type == PA_ERROR_SWIMA_SUBSCRIPTION_DENIED)
+				{
+					swima_state->set_subscription(swima_state, FALSE);
+					DBG1(DBG_IMV, "SWIMA subscription %u cleared",
+								   swima_state->get_request_id(swima_state));
+				}
 				break;
 			}
 			case IETF_ATTR_SW_ID_INVENTORY:
@@ -474,7 +480,7 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
 		seg_contract_t *contract;
 		seg_contract_manager_t *contracts;
 		swima_inventory_t *targets;
-		uint32_t earliest_eid = 0;
+		uint32_t old_request_id = 0, earliest_eid = 0;
 		char buf[BUF_LEN];
 
 		enumerator = session->create_workitem_enumerator(session);
@@ -487,7 +493,13 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
 				{
 					continue;
 				}
-				
+
+				earliest_eid = workitem->get_arg_int(workitem);
+				request_id = workitem->get_id(workitem);
+				workitem->set_imv_id(workitem, imv_id);
+				no_workitems = FALSE;
+				old_request_id = swima_state->get_request_id(swima_state);
+
 				flags = IETF_SWIMA_ATTR_REQ_FLAG_NONE;
 				if (strchr(workitem->get_arg_str(workitem), 'R'))
 				{
@@ -496,47 +508,57 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
 				if (strchr(workitem->get_arg_str(workitem), 'S'))
 				{
 					flags |= IETF_SWIMA_ATTR_REQ_FLAG_S;
+					swima_state->set_subscription(swima_state, TRUE);
+					if (!old_request_id)
+					{
+						DBG1(DBG_IMV, "SWIMA subscription %u requested",
+									   request_id);
+					}
 				}
 				if (strchr(workitem->get_arg_str(workitem), 'C'))
 				{
 					flags |= IETF_SWIMA_ATTR_REQ_FLAG_C;
+					swima_state->set_subscription(swima_state, FALSE);
 				}
-				earliest_eid = workitem->get_arg_int(workitem);
-
-				/* Determine maximum PA-TNC attribute segment size */
-				max_seg_size = state->get_max_msg_len(state)
-								- PA_TNC_HEADER_SIZE 
-								- PA_TNC_ATTR_HEADER_SIZE
-								- TCG_SEG_ATTR_SEG_ENV_HEADER;
-
-				/* Announce support of PA-TNC segmentation to IMC */
-				contract = seg_contract_create(msg_types[0], max_attr_size,
-									max_seg_size, TRUE, imv_id, FALSE);
-				contract->get_info_string(contract, buf, BUF_LEN, TRUE);
-				DBG2(DBG_IMV, "%s", buf);
-				contracts = state->get_contracts(state);
-				contracts->add_contract(contracts, contract);
-				attr = tcg_seg_attr_max_size_create(max_attr_size,
-													max_seg_size, TRUE);
-				out_msg->add_attribute(out_msg, attr);
-
-				/* Issue a SWID request */
-				request_id = workitem->get_id(workitem);
-				swima_state->set_request_id(swima_state, request_id);
-				attr = ietf_swima_attr_req_create(flags, request_id);
 
-				/* Request software identifier events */
-				targets = swima_inventory_create();
-				targets->set_eid(targets, earliest_eid, 0);
-				cast_attr = (ietf_swima_attr_req_t*)attr;
-				cast_attr->set_targets(cast_attr, targets);
-				targets->destroy(targets);
+				if (!old_request_id)
+				{
+					/* Determine maximum PA-TNC attribute segment size */
+					max_seg_size = state->get_max_msg_len(state)
+									- PA_TNC_HEADER_SIZE
+									- PA_TNC_ATTR_HEADER_SIZE
+									- TCG_SEG_ATTR_SEG_ENV_HEADER;
+
+					/* Announce support of PA-TNC segmentation to IMC */
+					contract = seg_contract_create(msg_types[0], max_attr_size,
+										max_seg_size, TRUE, imv_id, FALSE);
+					contract->get_info_string(contract, buf, BUF_LEN, TRUE);
+					DBG2(DBG_IMV, "%s", buf);
+					contracts = state->get_contracts(state);
+					contracts->add_contract(contracts, contract);
+					attr = tcg_seg_attr_max_size_create(max_attr_size,
+														max_seg_size, TRUE);
+					out_msg->add_attribute(out_msg, attr);
+				}
 
-				out_msg->add_attribute(out_msg, attr);
-				workitem->set_imv_id(workitem, imv_id);
-				no_workitems = FALSE;
-				DBG2(DBG_IMV, "IMV %d issues sw request %d with earliest eid %d",
-							   imv_id, request_id, earliest_eid);
+				if (!old_request_id ||
+					!swima_state->get_subscription(swima_state))
+				{
+					/* Issue a SWID request */
+					swima_state->set_request_id(swima_state, request_id);
+					attr = ietf_swima_attr_req_create(flags, request_id);
+
+					/* Request software identifier events */
+					targets = swima_inventory_create();
+					targets->set_eid(targets, earliest_eid, 0);
+					cast_attr = (ietf_swima_attr_req_t*)attr;
+					cast_attr->set_targets(cast_attr, targets);
+					targets->destroy(targets);
+
+					out_msg->add_attribute(out_msg, attr);
+					DBG2(DBG_IMV, "IMV %d issues sw request %d with earliest "
+								  "eid %d", imv_id, request_id, earliest_eid);
+				}
 				break;
 			}
 			enumerator->destroy(enumerator);
@@ -565,7 +587,7 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
 		TNC_IMV_Action_Recommendation rec;
 		char result_str[BUF_LEN], *format = NULL, *cmd = NULL, *command;
 		char *target_str, *error_str = "";
-		int sw_id_count, tag_count, i, res;
+		int sw_id_count, tag_count, i, res, written;
 		json_object *jrequest, *jresponse, *jvalue;
 		ietf_swima_attr_req_t *cast_attr;
 		swima_inventory_t *targets;
@@ -617,16 +639,24 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
 														  &tag_count);
 						if (format)
 						{
-							snprintf(result_str, BUF_LEN, format,
+							written = snprintf(result_str, BUF_LEN, format,
 								sw_id_count, (sw_id_count == 1) ? "" : "s",
 								tag_count,   (tag_count   == 1) ? "" : "s");
 						}
 						else
 						{
-							snprintf(result_str, BUF_LEN, "received %d SWID tag"
-								"%s", tag_count, (tag_count == 1) ? "" : "s");
+							written = snprintf(result_str, BUF_LEN,
+								"received %d SWID tag%s",
+								tag_count, (tag_count == 1) ? "" : "s");
 
 						}
+						if (swima_state->get_subscription(swima_state) &&
+							written > 0 && written < BUF_LEN)
+						{
+							snprintf(result_str + written, BUF_LEN - written,
+								" from subscription %u",
+								swima_state->get_request_id(swima_state));
+						}
 						session->remove_workitem(session, enumerator);
 
 						eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT;
diff --git a/src/libimcv/plugins/imv_swima/imv_swima_state.c b/src/libimcv/plugins/imv_swima/imv_swima_state.c
index 03500bc2d..7d9631d3f 100644
--- a/src/libimcv/plugins/imv_swima/imv_swima_state.c
+++ b/src/libimcv/plugins/imv_swima/imv_swima_state.c
@@ -101,6 +101,11 @@ struct private_imv_swima_state_t {
 	imv_remediation_string_t *remediation_string;
 
 	/**
+	 * Has a subscription been established?
+	 */
+	bool has_subscription;
+
+	/**
 	 * SWID Tag Request ID
 	 */
 	uint32_t request_id;
@@ -204,10 +209,14 @@ METHOD(imv_state_t, get_contracts, seg_contract_manager_t*,
 	return this->contracts;
 }
 
-METHOD(imv_state_t, change_state, void,
+METHOD(imv_state_t, change_state, TNC_ConnectionState,
 	private_imv_swima_state_t *this, TNC_ConnectionState new_state)
 {
+	TNC_ConnectionState old_state;
+
+	old_state = this->state;
 	this->state = new_state;
+	return old_state;
 }
 
 METHOD(imv_state_t, get_recommendation, void,
@@ -248,13 +257,28 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
 	return FALSE;
 }
 
+METHOD(imv_state_t, reset, void,
+	private_imv_swima_state_t *this)
+{
+	this->rec  = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION;
+	this->eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
+
+	this->action_flags = 0;
+
+	this->handshake_state = IMV_SWIMA_STATE_INIT;
+	this->sw_id_count = 0;
+	this->tag_count = 0;
+	this->missing = 0;
+
+	json_object_put(this->jobj);
+	this->jobj = json_object_new_object();
+}
+
 METHOD(imv_state_t, destroy, void,
 	private_imv_swima_state_t *this)
 {
 	json_object_put(this->jobj);
 	DESTROY_IF(this->session);
-	DESTROY_IF(this->reason_string);
-	DESTROY_IF(this->remediation_string);
 	this->contracts->destroy(this->contracts);
 	free(this);
 }
@@ -426,6 +450,18 @@ METHOD(imv_swima_state_t, get_imc_id, TNC_UInt32,
 	return this->imc_id;
 }
 
+METHOD(imv_swima_state_t, set_subscription, void,
+	private_imv_swima_state_t *this, bool set)
+{
+	this->has_subscription = set;
+}
+
+METHOD(imv_swima_state_t, get_subscription, bool,
+	private_imv_swima_state_t *this)
+{
+	return this->has_subscription;
+}
+
 /**
  * Described in header.
  */
@@ -453,6 +489,7 @@ imv_state_t *imv_swima_state_create(TNC_ConnectionID connection_id)
 				.update_recommendation = _update_recommendation,
 				.get_reason_string = _get_reason_string,
 				.get_remediation_instructions = _get_remediation_instructions,
+				.reset = _reset,
 				.destroy = _destroy,
 			},
 			.set_handshake_state = _set_handshake_state,
@@ -467,6 +504,8 @@ imv_state_t *imv_swima_state_create(TNC_ConnectionID connection_id)
 			.set_count = _set_count,
 			.get_count = _get_count,
 			.get_imc_id = _get_imc_id,
+			.set_subscription = _set_subscription,
+			.get_subscription = _get_subscription,
 		},
 		.state = TNC_CONNECTION_STATE_CREATE,
 		.rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
diff --git a/src/libimcv/plugins/imv_swima/imv_swima_state.h b/src/libimcv/plugins/imv_swima/imv_swima_state.h
index 4fa32daf4..e2f805189 100644
--- a/src/libimcv/plugins/imv_swima/imv_swima_state.h
+++ b/src/libimcv/plugins/imv_swima/imv_swima_state.h
@@ -141,6 +141,20 @@ struct imv_swima_state_t {
 	 * @return					SWID IMC ID
 	 */
 	TNC_UInt32 (*get_imc_id)(imv_swima_state_t *this);
+
+	/**
+	 * Set or clear a subscription
+	 *
+	 * @param set				TRUE sets and FALSE clears a subscripton
+	 */
+	void (*set_subscription)(imv_swima_state_t *this, bool set);
+
+	/**
+	 * Get the subscription status
+	 *
+	 * @return					TRUE if subscription is set
+	 */
+	bool (*get_subscription)(imv_swima_state_t *this);
 };
 
 /**