Imported Upstream version 5.2.0

22 files changed, 347 insertions, 424 deletions

diff --git a/src/libimcv/plugins/imc_os/Makefile.am b/src/libimcv/plugins/imc_os/Makefile.am
index fec38cd4e..e6dd10be5 100644
--- a/src/libimcv/plugins/imc_os/Makefile.am
+++ b/src/libimcv/plugins/imc_os/Makefile.am
@@ -4,7 +4,7 @@ AM_CPPFLAGS = \
 	-I$(top_srcdir)/src/libimcv
 
 AM_CFLAGS = \
-	-rdynamic
+	$(PLUGIN_CFLAGS)
 
 imcv_LTLIBRARIES = imc-os.la
 
diff --git a/src/libimcv/plugins/imc_os/Makefile.in b/src/libimcv/plugins/imc_os/Makefile.in
index 7b25614f3..2f0b85404 100644
--- a/src/libimcv/plugins/imc_os/Makefile.in
+++ b/src/libimcv/plugins/imc_os/Makefile.in
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.13.3 from Makefile.am.
+# Makefile.in generated by automake 1.14.1 from Makefile.am.
 # @configure_input@
 
 # Copyright (C) 1994-2013 Free Software Foundation, Inc.
@@ -261,6 +261,7 @@ NM = @NM@
 NMEDIT = @NMEDIT@
 OBJDUMP = @OBJDUMP@
 OBJEXT = @OBJEXT@
+OPENSSL_LIB = @OPENSSL_LIB@
 OTOOL = @OTOOL@
 OTOOL64 = @OTOOL64@
 PACKAGE = @PACKAGE@
@@ -279,6 +280,7 @@ PERL = @PERL@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
 PTHREADLIB = @PTHREADLIB@
 PYTHON = @PYTHON@
 PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
@@ -306,6 +308,7 @@ abs_top_srcdir = @abs_top_srcdir@
 ac_ct_AR = @ac_ct_AR@
 ac_ct_CC = @ac_ct_CC@
 ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+aikgen_plugins = @aikgen_plugins@
 am__include = @am__include@
 am__leading_dot = @am__leading_dot@
 am__quote = @am__quote@
@@ -397,6 +400,7 @@ srcdir = @srcdir@
 starter_plugins = @starter_plugins@
 strongswan_conf = @strongswan_conf@
 strongswan_options = @strongswan_options@
+swanctldir = @swanctldir@
 sysconfdir = @sysconfdir@
 systemdsystemunitdir = @systemdsystemunitdir@
 t_plugins = @t_plugins@
@@ -413,7 +417,7 @@ AM_CPPFLAGS = \
 	-I$(top_srcdir)/src/libimcv
 
 AM_CFLAGS = \
-	-rdynamic
+	$(PLUGIN_CFLAGS)
 
 imcv_LTLIBRARIES = imc-os.la
 imc_os_la_LIBADD = $(top_builddir)/src/libimcv/libimcv.la \
diff --git a/src/libimcv/plugins/imc_os/imc_os.c b/src/libimcv/plugins/imc_os/imc_os.c
index 647a44957..c624d26b1 100644
--- a/src/libimcv/plugins/imc_os/imc_os.c
+++ b/src/libimcv/plugins/imc_os/imc_os.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -17,6 +17,7 @@
 
 #include <imc/imc_agent.h>
 #include <imc/imc_msg.h>
+#include <imc/imc_os_info.h>
 #include <ietf/ietf_attr.h>
 #include <ietf/ietf_attr_attr_request.h>
 #include <ietf/ietf_attr_default_pwd_enabled.h>
@@ -31,7 +32,6 @@
 #include <ita/ita_attr_settings.h>
 #include <ita/ita_attr_angel.h>
 #include <ita/ita_attr_device_id.h>
-#include <os_info/os_info.h>
 
 #include <tncif_pa_subtypes.h>
 
@@ -47,15 +47,15 @@ static pen_type_t msg_types[] = {
 };
 
 static imc_agent_t *imc_os;
-static os_info_t *os;
+static imc_os_info_t *os;
 
 /**
  * see section 3.8.1 of TCG TNC IF-IMC Specification 1.3
  */
-TNC_Result TNC_IMC_Initialize(TNC_IMCID imc_id,
-							  TNC_Version min_version,
-							  TNC_Version max_version,
-							  TNC_Version *actual_version)
+TNC_Result TNC_IMC_API TNC_IMC_Initialize(TNC_IMCID imc_id,
+										  TNC_Version min_version,
+										  TNC_Version max_version,
+										  TNC_Version *actual_version)
 {
 	if (imc_os)
 	{
@@ -69,7 +69,7 @@ TNC_Result TNC_IMC_Initialize(TNC_IMCID imc_id,
 		return TNC_RESULT_FATAL;
 	}
 
-	os = os_info_create();
+	os = imc_os_info_create();
 	if (!os)
 	{
 		imc_os->destroy(imc_os);
@@ -89,9 +89,8 @@ TNC_Result TNC_IMC_Initialize(TNC_IMCID imc_id,
 /**
  * see section 3.8.2 of TCG TNC IF-IMC Specification 1.3
  */
-TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id,
-										  TNC_ConnectionID connection_id,
-										  TNC_ConnectionState new_state)
+TNC_Result TNC_IMC_API TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id,
+				TNC_ConnectionID connection_id, TNC_ConnectionState new_state)
 {
 	imc_state_t *state;
 
@@ -238,23 +237,97 @@ static void add_default_pwd_enabled(imc_msg_t *msg)
 static void add_device_id(imc_msg_t *msg)
 {
 	pa_tnc_attr_t *attr;
-	chunk_t value;
-	char *name;
+	chunk_t value = chunk_empty, keyid;
+	char *name, *device_id, *cert_path;
+	certificate_t *cert = NULL;
+	public_key_t *pubkey;
+
+	/* Get the device ID as a character string */
+	device_id = lib->settings->get_str(lib->settings,
+						"%s.plugins.imc-os.device_id", NULL, lib->ns);
+	if (device_id)
+	{
+		value = chunk_clone(chunk_from_str(device_id));
+	}
+
+	if (value.len == 0)
+	{
+		/* Derive the device ID from a raw public key */
+		cert_path = lib->settings->get_str(lib->settings,
+							"%s.plugins.imc-os.device_pubkey", NULL, lib->ns);
+		if (cert_path)
+		{
+			cert = lib->creds->create(lib->creds, CRED_CERTIFICATE,
+									  CERT_TRUSTED_PUBKEY, BUILD_FROM_FILE,
+									  cert_path, BUILD_END);
+			if (cert)
+			{
+				DBG2(DBG_IMC, "loaded device public key from '%s'", cert_path);
+			}
+			else
+			{
+				DBG1(DBG_IMC, "loading device public key from '%s' failed",
+							   cert_path);
+			}
+		}
+
+		if (!cert)
+		{
+			/* Derive the device ID from the public key contained in a certificate */
+			cert_path = lib->settings->get_str(lib->settings,
+								"%s.plugins.imc-os.device_cert", NULL, lib->ns);
+			if (cert_path)
+			{
+				cert = lib->creds->create(lib->creds, CRED_CERTIFICATE,
+										  CERT_X509, BUILD_FROM_FILE,
+										  cert_path, BUILD_END);
+				if (cert)
+				{
+					DBG2(DBG_IMC, "loaded device certificate from '%s'", cert_path);
+				}
+				else
+				{
+					DBG1(DBG_IMC, "loading device certificate from '%s' failed",
+								   cert_path);
+				}
+			}
+		}
 
-	name = os->get_type(os) == OS_TYPE_ANDROID ?
-				  "android_id" : "/var/lib/dbus/machine-id";
-	value = os->get_setting(os, name);
+		/* Compute the SHA-1 keyid of the retrieved device public key */
+		if (cert)
+		{
+			pubkey = cert->get_public_key(cert);
+			if (pubkey)
+			{
+				if (pubkey->get_fingerprint(pubkey, KEYID_PUBKEY_INFO_SHA1,
+											&keyid))
+				{
+					value = chunk_to_hex(keyid, NULL, FALSE);
+				}
+				pubkey->destroy(pubkey);
+			}
+			cert->destroy(cert);
+		}
+	}
 
 	if (value.len == 0)
 	{
-		DBG1(DBG_IMC, "no device ID available");
-		return;
+		/* Derive the device ID from some unique OS settings */
+		name = os->get_type(os) == OS_TYPE_ANDROID ?
+					  "android_id" : "/var/lib/dbus/machine-id";
+		value = os->get_setting(os, name);
+
+		/* Trim trailing newline character */
+		if (value.len > 0 && value.ptr[value.len - 1] == '\n')
+		{
+			value.len--;
+		}
 	}
 
-	/* trim trailing newline character */
-	if (value.ptr[value.len - 1] == '\n')
+	if (value.len == 0)
 	{
-		value.len--;
+		DBG1(DBG_IMC, "no device ID available");
+		return;
 	}
 
 	DBG1(DBG_IMC, "device ID is %.*s", value.len, value.ptr);
@@ -279,11 +352,12 @@ static void add_installed_packages(imc_state_t *state, imc_msg_t *msg)
 	 * Compute the maximum IETF Installed Packages attribute size
 	 * leaving space for an additional ITA Angel attribute
 	 */
-	max_attr_size = state->get_max_msg_len(state) - 8 - 12;
+	max_attr_size = state->get_max_msg_len(state) -
+					PA_TNC_HEADER_SIZE - PA_TNC_ATTR_HEADER_SIZE;
 
 	/* At least one IETF Installed Packages attribute is sent */
 	attr = ietf_attr_installed_packages_create();
-	attr_size = 12 + 4;
+	attr_size = PA_TNC_ATTR_HEADER_SIZE + IETF_INSTALLED_PACKAGES_MIN_SIZE;
 
 	enumerator = os->create_package_enumerator(os);
 	if (enumerator)
@@ -310,7 +384,8 @@ static void add_installed_packages(imc_state_t *state, imc_msg_t *msg)
 
 				/* create the next IETF Installed Packages attribute */
 				attr = ietf_attr_installed_packages_create();
-				attr_size = 12 + 4;
+				attr_size = PA_TNC_ATTR_HEADER_SIZE +
+							IETF_INSTALLED_PACKAGES_MIN_SIZE;
 			}
 			attr_cast = (ietf_attr_installed_packages_t*)attr;
 			attr_cast->add(attr_cast, name, version);
@@ -370,8 +445,8 @@ static void add_settings(enumerator_t *enumerator, imc_msg_t *msg)
 /**
  * see section 3.8.3 of TCG TNC IF-IMC Specification 1.3
  */
-TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id,
-								  TNC_ConnectionID connection_id)
+TNC_Result TNC_IMC_API TNC_IMC_BeginHandshake(TNC_IMCID imc_id,
+											  TNC_ConnectionID connection_id)
 {
 	imc_state_t *state;
 	imc_msg_t *out_msg;
@@ -518,11 +593,11 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
  * see section 3.8.4 of TCG TNC IF-IMC Specification 1.3
 
  */
-TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id,
-								  TNC_ConnectionID connection_id,
-								  TNC_BufferReference msg,
-								  TNC_UInt32 msg_len,
-								  TNC_MessageType msg_type)
+TNC_Result TNC_IMC_API TNC_IMC_ReceiveMessage(TNC_IMCID imc_id,
+											  TNC_ConnectionID connection_id,
+											  TNC_BufferReference msg,
+											  TNC_UInt32 msg_len,
+											  TNC_MessageType msg_type)
 {
 	imc_state_t *state;
 	imc_msg_t *in_msg;
@@ -548,15 +623,15 @@ TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id,
 /**
  * see section 3.8.6 of TCG TNC IF-IMV Specification 1.3
  */
-TNC_Result TNC_IMC_ReceiveMessageLong(TNC_IMCID imc_id,
-									  TNC_ConnectionID connection_id,
-									  TNC_UInt32 msg_flags,
-									  TNC_BufferReference msg,
-									  TNC_UInt32 msg_len,
-									  TNC_VendorID msg_vid,
-									  TNC_MessageSubtype msg_subtype,
-									  TNC_UInt32 src_imv_id,
-									  TNC_UInt32 dst_imc_id)
+TNC_Result TNC_IMC_API TNC_IMC_ReceiveMessageLong(TNC_IMCID imc_id,
+												  TNC_ConnectionID connection_id,
+												  TNC_UInt32 msg_flags,
+												  TNC_BufferReference msg,
+												  TNC_UInt32 msg_len,
+												  TNC_VendorID msg_vid,
+												  TNC_MessageSubtype msg_subtype,
+												  TNC_UInt32 src_imv_id,
+												  TNC_UInt32 dst_imc_id)
 {
 	imc_state_t *state;
 	imc_msg_t *in_msg;
@@ -583,8 +658,8 @@ TNC_Result TNC_IMC_ReceiveMessageLong(TNC_IMCID imc_id,
 /**
  * see section 3.8.7 of TCG TNC IF-IMC Specification 1.3
  */
-TNC_Result TNC_IMC_BatchEnding(TNC_IMCID imc_id,
-							   TNC_ConnectionID connection_id)
+TNC_Result TNC_IMC_API TNC_IMC_BatchEnding(TNC_IMCID imc_id,
+										   TNC_ConnectionID connection_id)
 {
 	if (!imc_os)
 	{
@@ -597,7 +672,7 @@ TNC_Result TNC_IMC_BatchEnding(TNC_IMCID imc_id,
 /**
  * see section 3.8.8 of TCG TNC IF-IMC Specification 1.3
  */
-TNC_Result TNC_IMC_Terminate(TNC_IMCID imc_id)
+TNC_Result TNC_IMC_API TNC_IMC_Terminate(TNC_IMCID imc_id)
 {
 	if (!imc_os)
 	{
@@ -616,8 +691,8 @@ TNC_Result TNC_IMC_Terminate(TNC_IMCID imc_id)
 /**
  * see section 4.2.8.1 of TCG TNC IF-IMC Specification 1.3
  */
-TNC_Result TNC_IMC_ProvideBindFunction(TNC_IMCID imc_id,
-									   TNC_TNCC_BindFunctionPointer bind_function)
+TNC_Result TNC_IMC_API TNC_IMC_ProvideBindFunction(TNC_IMCID imc_id,
+									TNC_TNCC_BindFunctionPointer bind_function)
 {
 	if (!imc_os)
 	{
diff --git a/src/libimcv/plugins/imc_scanner/Makefile.am b/src/libimcv/plugins/imc_scanner/Makefile.am
index 7bf9075ed..44d3ad749 100644
--- a/src/libimcv/plugins/imc_scanner/Makefile.am
+++ b/src/libimcv/plugins/imc_scanner/Makefile.am
@@ -4,7 +4,7 @@ AM_CPPFLAGS = \
 	-I$(top_srcdir)/src/libimcv
 
 AM_CFLAGS = \
-	-rdynamic
+	$(PLUGIN_CFLAGS)
 
 imcv_LTLIBRARIES = imc-scanner.la
 
diff --git a/src/libimcv/plugins/imc_scanner/Makefile.in b/src/libimcv/plugins/imc_scanner/Makefile.in
index afcaf1ac3..c66bb1afa 100644
--- a/src/libimcv/plugins/imc_scanner/Makefile.in
+++ b/src/libimcv/plugins/imc_scanner/Makefile.in
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.13.3 from Makefile.am.
+# Makefile.in generated by automake 1.14.1 from Makefile.am.
 # @configure_input@
 
 # Copyright (C) 1994-2013 Free Software Foundation, Inc.
@@ -262,6 +262,7 @@ NM = @NM@
 NMEDIT = @NMEDIT@
 OBJDUMP = @OBJDUMP@
 OBJEXT = @OBJEXT@
+OPENSSL_LIB = @OPENSSL_LIB@
 OTOOL = @OTOOL@
 OTOOL64 = @OTOOL64@
 PACKAGE = @PACKAGE@
@@ -280,6 +281,7 @@ PERL = @PERL@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
 PTHREADLIB = @PTHREADLIB@
 PYTHON = @PYTHON@
 PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
@@ -307,6 +309,7 @@ abs_top_srcdir = @abs_top_srcdir@
 ac_ct_AR = @ac_ct_AR@
 ac_ct_CC = @ac_ct_CC@
 ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+aikgen_plugins = @aikgen_plugins@
 am__include = @am__include@
 am__leading_dot = @am__leading_dot@
 am__quote = @am__quote@
@@ -398,6 +401,7 @@ srcdir = @srcdir@
 starter_plugins = @starter_plugins@
 strongswan_conf = @strongswan_conf@
 strongswan_options = @strongswan_options@
+swanctldir = @swanctldir@
 sysconfdir = @sysconfdir@
 systemdsystemunitdir = @systemdsystemunitdir@
 t_plugins = @t_plugins@
@@ -414,7 +418,7 @@ AM_CPPFLAGS = \
 	-I$(top_srcdir)/src/libimcv
 
 AM_CFLAGS = \
-	-rdynamic
+	$(PLUGIN_CFLAGS)
 
 imcv_LTLIBRARIES = imc-scanner.la
 imc_scanner_la_LIBADD = $(top_builddir)/src/libimcv/libimcv.la \
diff --git a/src/libimcv/plugins/imc_test/Makefile.am b/src/libimcv/plugins/imc_test/Makefile.am
index 5a04f1fbe..4bdc23487 100644
--- a/src/libimcv/plugins/imc_test/Makefile.am
+++ b/src/libimcv/plugins/imc_test/Makefile.am
@@ -4,7 +4,7 @@ AM_CPPFLAGS = \
 	-I$(top_srcdir)/src/libimcv
 
 AM_CFLAGS = \
-	-rdynamic
+	$(PLUGIN_CFLAGS)
 
 imcv_LTLIBRARIES = imc-test.la
 
diff --git a/src/libimcv/plugins/imc_test/Makefile.in b/src/libimcv/plugins/imc_test/Makefile.in
index 1c3065456..1702574f9 100644
--- a/src/libimcv/plugins/imc_test/Makefile.in
+++ b/src/libimcv/plugins/imc_test/Makefile.in
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.13.3 from Makefile.am.
+# Makefile.in generated by automake 1.14.1 from Makefile.am.
 # @configure_input@
 
 # Copyright (C) 1994-2013 Free Software Foundation, Inc.
@@ -261,6 +261,7 @@ NM = @NM@
 NMEDIT = @NMEDIT@
 OBJDUMP = @OBJDUMP@
 OBJEXT = @OBJEXT@
+OPENSSL_LIB = @OPENSSL_LIB@
 OTOOL = @OTOOL@
 OTOOL64 = @OTOOL64@
 PACKAGE = @PACKAGE@
@@ -279,6 +280,7 @@ PERL = @PERL@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
 PTHREADLIB = @PTHREADLIB@
 PYTHON = @PYTHON@
 PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
@@ -306,6 +308,7 @@ abs_top_srcdir = @abs_top_srcdir@
 ac_ct_AR = @ac_ct_AR@
 ac_ct_CC = @ac_ct_CC@
 ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+aikgen_plugins = @aikgen_plugins@
 am__include = @am__include@
 am__leading_dot = @am__leading_dot@
 am__quote = @am__quote@
@@ -397,6 +400,7 @@ srcdir = @srcdir@
 starter_plugins = @starter_plugins@
 strongswan_conf = @strongswan_conf@
 strongswan_options = @strongswan_options@
+swanctldir = @swanctldir@
 sysconfdir = @sysconfdir@
 systemdsystemunitdir = @systemdsystemunitdir@
 t_plugins = @t_plugins@
@@ -413,7 +417,7 @@ AM_CPPFLAGS = \
 	-I$(top_srcdir)/src/libimcv
 
 AM_CFLAGS = \
-	-rdynamic
+	$(PLUGIN_CFLAGS)
 
 imcv_LTLIBRARIES = imc-test.la
 imc_test_la_LIBADD = $(top_builddir)/src/libimcv/libimcv.la \
diff --git a/src/libimcv/plugins/imv_os/Makefile.am b/src/libimcv/plugins/imv_os/Makefile.am
index 434e26f69..3b3f793f1 100644
--- a/src/libimcv/plugins/imv_os/Makefile.am
+++ b/src/libimcv/plugins/imv_os/Makefile.am
@@ -4,7 +4,7 @@ AM_CPPFLAGS = \
 	-I$(top_srcdir)/src/libimcv
 
 AM_CFLAGS = \
-	-rdynamic
+	$(PLUGIN_CFLAGS)
 
 imcv_LTLIBRARIES = imv-os.la
 
@@ -18,9 +18,11 @@ imv_os_la_SOURCES = \
 
 imv_os_la_LDFLAGS = -module -avoid-version -no-undefined
 
+if !USE_WINDOWS
 ipsec_PROGRAMS = pacman
 pacman_SOURCES = pacman.c
 pacman_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
 pacman.o :	$(top_builddir)/config.status
 
 EXTRA_DIST = pacman.sh
+endif
diff --git a/src/libimcv/plugins/imv_os/Makefile.in b/src/libimcv/plugins/imv_os/Makefile.in
index 044175029..cae6dbe84 100644
--- a/src/libimcv/plugins/imv_os/Makefile.in
+++ b/src/libimcv/plugins/imv_os/Makefile.in
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.13.3 from Makefile.am.
+# Makefile.in generated by automake 1.14.1 from Makefile.am.
 # @configure_input@
 
 # Copyright (C) 1994-2013 Free Software Foundation, Inc.
@@ -79,7 +79,7 @@ PRE_UNINSTALL = :
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
-ipsec_PROGRAMS = pacman$(EXEEXT)
+@USE_WINDOWS_FALSE@ipsec_PROGRAMS = pacman$(EXEEXT)
 subdir = src/libimcv/plugins/imv_os
 DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
 	$(top_srcdir)/depcomp
@@ -142,10 +142,10 @@ imv_os_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
 	$(imv_os_la_LDFLAGS) $(LDFLAGS) -o $@
 PROGRAMS = $(ipsec_PROGRAMS)
-am_pacman_OBJECTS = pacman.$(OBJEXT)
+am__pacman_SOURCES_DIST = pacman.c
+@USE_WINDOWS_FALSE@am_pacman_OBJECTS = pacman.$(OBJEXT)
 pacman_OBJECTS = $(am_pacman_OBJECTS)
-pacman_DEPENDENCIES =  \
-	$(top_builddir)/src/libstrongswan/libstrongswan.la
+@USE_WINDOWS_FALSE@pacman_DEPENDENCIES = $(top_builddir)/src/libstrongswan/libstrongswan.la
 AM_V_P = $(am__v_P_@AM_V@)
 am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
 am__v_P_0 = false
@@ -181,7 +181,7 @@ am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
 am__v_CCLD_0 = @echo "  CCLD    " $@;
 am__v_CCLD_1 = 
 SOURCES = $(imv_os_la_SOURCES) $(pacman_SOURCES)
-DIST_SOURCES = $(imv_os_la_SOURCES) $(pacman_SOURCES)
+DIST_SOURCES = $(imv_os_la_SOURCES) $(am__pacman_SOURCES_DIST)
 am__can_run_installinfo = \
   case $$AM_UPDATE_INFO_DIR in \
     n|no|NO) false;; \
@@ -269,6 +269,7 @@ NM = @NM@
 NMEDIT = @NMEDIT@
 OBJDUMP = @OBJDUMP@
 OBJEXT = @OBJEXT@
+OPENSSL_LIB = @OPENSSL_LIB@
 OTOOL = @OTOOL@
 OTOOL64 = @OTOOL64@
 PACKAGE = @PACKAGE@
@@ -287,6 +288,7 @@ PERL = @PERL@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
 PTHREADLIB = @PTHREADLIB@
 PYTHON = @PYTHON@
 PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
@@ -314,6 +316,7 @@ abs_top_srcdir = @abs_top_srcdir@
 ac_ct_AR = @ac_ct_AR@
 ac_ct_CC = @ac_ct_CC@
 ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+aikgen_plugins = @aikgen_plugins@
 am__include = @am__include@
 am__leading_dot = @am__leading_dot@
 am__quote = @am__quote@
@@ -405,6 +408,7 @@ srcdir = @srcdir@
 starter_plugins = @starter_plugins@
 strongswan_conf = @strongswan_conf@
 strongswan_options = @strongswan_options@
+swanctldir = @swanctldir@
 sysconfdir = @sysconfdir@
 systemdsystemunitdir = @systemdsystemunitdir@
 t_plugins = @t_plugins@
@@ -421,7 +425,7 @@ AM_CPPFLAGS = \
 	-I$(top_srcdir)/src/libimcv
 
 AM_CFLAGS = \
-	-rdynamic
+	$(PLUGIN_CFLAGS)
 
 imcv_LTLIBRARIES = imv-os.la
 imv_os_la_LIBADD = $(top_builddir)/src/libimcv/libimcv.la \
@@ -433,9 +437,9 @@ imv_os_la_SOURCES = \
 	imv_os_database.c imv_os_database.h
 
 imv_os_la_LDFLAGS = -module -avoid-version -no-undefined
-pacman_SOURCES = pacman.c
-pacman_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
-EXTRA_DIST = pacman.sh
+@USE_WINDOWS_FALSE@pacman_SOURCES = pacman.c
+@USE_WINDOWS_FALSE@pacman_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
+@USE_WINDOWS_FALSE@EXTRA_DIST = pacman.sh
 all: all-am
 
 .SUFFIXES:
@@ -812,7 +816,7 @@ uninstall-am: uninstall-imcvLTLIBRARIES uninstall-ipsecPROGRAMS
 	tags tags-am uninstall uninstall-am uninstall-imcvLTLIBRARIES \
 	uninstall-ipsecPROGRAMS
 
-pacman.o :	$(top_builddir)/config.status
+@USE_WINDOWS_FALSE@pacman.o :	$(top_builddir)/config.status
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libimcv/plugins/imv_os/imv_os_agent.c b/src/libimcv/plugins/imv_os/imv_os_agent.c
index 84a24b48f..ca8bac6ca 100644
--- a/src/libimcv/plugins/imv_os/imv_os_agent.c
+++ b/src/libimcv/plugins/imv_os/imv_os_agent.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -118,23 +118,30 @@ METHOD(imv_agent_if_t, notify_connection_change, TNC_Result,
 		case TNC_CONNECTION_STATE_ACCESS_ALLOWED:
 		case TNC_CONNECTION_STATE_ACCESS_ISOLATED:
 		case TNC_CONNECTION_STATE_ACCESS_NONE:
-			if (imcv_db && this->agent->get_state(this->agent, id, &state))
+			if (this->agent->get_state(this->agent, id, &state) && imcv_db)
 			{
-				switch (new_state)
+				session = state->get_session(state);
+
+				if (session->get_policy_started(session))
 				{
-					case TNC_CONNECTION_STATE_ACCESS_ALLOWED:
-						rec = TNC_IMV_ACTION_RECOMMENDATION_ALLOW;
-						break;
-					case TNC_CONNECTION_STATE_ACCESS_ISOLATED:
-						rec = TNC_IMV_ACTION_RECOMMENDATION_ISOLATE;
-						break;
-					case TNC_CONNECTION_STATE_ACCESS_NONE:
-					default:
-						rec = TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS;
+					switch (new_state)
+					{
+						case TNC_CONNECTION_STATE_ACCESS_ALLOWED:
+							rec = TNC_IMV_ACTION_RECOMMENDATION_ALLOW;
+							break;
+						case TNC_CONNECTION_STATE_ACCESS_ISOLATED:
+							rec = TNC_IMV_ACTION_RECOMMENDATION_ISOLATE;
+							break;
+						case TNC_CONNECTION_STATE_ACCESS_NONE:
+						default:
+							rec = TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS;
+					}
+					imcv_db->add_recommendation(imcv_db, session, rec);
+					if (!imcv_db->policy_script(imcv_db, session, FALSE))
+					{
+						DBG1(DBG_IMV, "error in policy script stop");
+					}
 				}
-				session = state->get_session(state);
-				imcv_db->add_recommendation(imcv_db, session, rec);
-				imcv_db->policy_script(imcv_db, session, FALSE);
 			}
 			/* fall through to default state */
 		default:
@@ -150,6 +157,8 @@ static TNC_Result receive_msg(private_imv_os_agent_t *this, imv_state_t *state,
 {
 	imv_msg_t *out_msg;
 	imv_os_state_t *os_state;
+	imv_session_t *session;
+	imv_os_info_t *os_info = NULL;
 	enumerator_t *enumerator;
 	pa_tnc_attr_t *attr;
 	pen_type_t type;
@@ -159,6 +168,8 @@ static TNC_Result receive_msg(private_imv_os_agent_t *this, imv_state_t *state,
 	bool fatal_error = FALSE, assessment = FALSE;
 
 	os_state = (imv_os_state_t*)state;
+	session = state->get_session(state);
+	os_info = session->get_os_info(session);
 
 	/* parse received PA-TNC message and handle local and remote errors */
 	result = in_msg->receive(in_msg, &fatal_error);
@@ -188,6 +199,8 @@ static TNC_Result receive_msg(private_imv_os_agent_t *this, imv_state_t *state,
 											IMV_OS_ATTR_PRODUCT_INFORMATION);
 					attr_cast = (ietf_attr_product_info_t*)attr;
 					os_name = attr_cast->get_info(attr_cast, &vendor_id, NULL);
+					os_info->set_name(os_info, os_name);
+
 					if (vendor_id != PEN_IETF)
 					{
 						DBG1(DBG_IMV, "operating system name is '%.*s' "
@@ -209,6 +222,8 @@ static TNC_Result receive_msg(private_imv_os_agent_t *this, imv_state_t *state,
 											IMV_OS_ATTR_STRING_VERSION);
 					attr_cast = (ietf_attr_string_version_t*)attr;
 					os_version = attr_cast->get_version(attr_cast, NULL, NULL);
+					os_info->set_version(os_info, os_version);
+
 					if (os_version.len)
 					{
 						DBG1(DBG_IMV, "operating system version is '%.*s'",
@@ -219,7 +234,7 @@ static TNC_Result receive_msg(private_imv_os_agent_t *this, imv_state_t *state,
 				case IETF_ATTR_NUMERIC_VERSION:
 				{
 					ietf_attr_numeric_version_t *attr_cast;
-					u_int32_t major, minor;
+					uint32_t major, minor;
 
 					state->set_action_flags(state,
 											IMV_OS_ATTR_NUMERIC_VERSION);
@@ -350,8 +365,8 @@ static TNC_Result receive_msg(private_imv_os_agent_t *this, imv_state_t *state,
 					state->set_action_flags(state, IMV_OS_ATTR_DEVICE_ID);
 
 					value = attr->get_value(attr);
-					os_state->set_device_id(os_state, value);
 					DBG1(DBG_IMV, "device ID is %.*s", value.len, value.ptr);
+					session->set_device_id(session, value);
 					break;
 				}
 				case ITA_ATTR_START_ANGEL:
@@ -367,25 +382,6 @@ static TNC_Result receive_msg(private_imv_os_agent_t *this, imv_state_t *state,
 	}
 	enumerator->destroy(enumerator);
 
-	/**
-	 * The IETF Product Information and String Version attributes
-	 * are supposed to arrive in the same PA-TNC message
-	 */
-	if (os_name.len && os_version.len)
-	{
-		os_type_t os_type;
-
-		/* set the OS type, name and version */
-		os_type = os_type_from_name(os_name);
-		os_state->set_info(os_state,os_type, os_name, os_version);
-
-		if (imcv_db)
-		{
-			imcv_db->add_product(imcv_db, state->get_session(state),
-					os_state->get_info(os_state, NULL, NULL, NULL));
-		}
-	}
-
 	if (fatal_error)
 	{
 		state->set_recommendation(state,
@@ -457,7 +453,7 @@ METHOD(imv_agent_if_t, receive_message_long, TNC_Result,
 /**
  * Build an IETF Attribute Request attribute for missing attributes
  */
-static pa_tnc_attr_t* build_attr_request(u_int32_t received)
+static pa_tnc_attr_t* build_attr_request(uint32_t received)
 {
 	pa_tnc_attr_t *attr;
 	ietf_attr_attr_request_t *attr_cast;
@@ -510,7 +506,7 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
 	TNC_Result result = TNC_RESULT_SUCCESS;
 	bool no_workitems = TRUE;
 	enumerator_t *enumerator;
-	u_int32_t received;
+	uint32_t received;
 
 	if (!this->agent->get_state(this->agent, id, &state))
 	{
@@ -542,56 +538,70 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
 
 	if (handshake_state < IMV_OS_STATE_POLICY_START)
 	{
-		if (((received & IMV_OS_ATTR_PRODUCT_INFORMATION) &&
-			 (received & IMV_OS_ATTR_STRING_VERSION)) &&
-			((received & IMV_OS_ATTR_DEVICE_ID) ||
-			 (handshake_state == IMV_OS_STATE_ATTR_REQ)))
+		if (session->get_policy_started(session))
 		{
-			if (imcv_db)
+			/* the policy script has already been started by another IMV */
+			handshake_state = IMV_OS_STATE_POLICY_START;
+		}
+		else
+		{
+			if (((received & IMV_OS_ATTR_PRODUCT_INFORMATION) &&
+				 (received & IMV_OS_ATTR_STRING_VERSION)) &&
+				((received & IMV_OS_ATTR_DEVICE_ID) ||
+				 (handshake_state == IMV_OS_STATE_ATTR_REQ)))
 			{
-				imcv_db->add_device(imcv_db, session,
-								os_state->get_device_id(os_state));
-
-				/* trigger the policy manager */
-				imcv_db->policy_script(imcv_db, session, TRUE);
+				if (!session->get_device_id(session, NULL))
+				{
+					session->set_device_id(session, chunk_empty);
+				}
+				if (imcv_db)
+				{
+					/* start the policy script */
+					if (!imcv_db->policy_script(imcv_db, session, TRUE))
+					{
+						DBG1(DBG_IMV, "error in policy script start");
+					}
+				}
+				else
+				{
+					DBG2(DBG_IMV, "no workitems available - "
+								  "no evaluation possible");
+					state->set_recommendation(state,
+									TNC_IMV_ACTION_RECOMMENDATION_ALLOW,
+									TNC_IMV_EVALUATION_RESULT_DONT_KNOW);
+					session->set_policy_started(session, TRUE);
+				}
+				handshake_state = IMV_OS_STATE_POLICY_START;
 			}
-			else
+			else if (handshake_state == IMV_OS_STATE_ATTR_REQ)
 			{
-				DBG2(DBG_IMV, "no workitems available - no evaluation possible");
+				/**
+				 * both the IETF Product Information and IETF String Version
+				 * attribute should have been present
+				 */
 				state->set_recommendation(state,
-								TNC_IMV_ACTION_RECOMMENDATION_ALLOW,
-								TNC_IMV_EVALUATION_RESULT_DONT_KNOW);
-			}
-			handshake_state = IMV_OS_STATE_POLICY_START;
-		}
-		else if (handshake_state == IMV_OS_STATE_ATTR_REQ)
-		{
-			/**
-			 * both the IETF Product Information and IETF String Version
-			 * attribute should have been present
-			 */
-			state->set_recommendation(state,
 								TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
 								TNC_IMV_EVALUATION_RESULT_ERROR);
 
-			/* send assessment */
-			result = out_msg->send_assessment(out_msg);
-			out_msg->destroy(out_msg);
+				/* send assessment */
+				result = out_msg->send_assessment(out_msg);
+				out_msg->destroy(out_msg);
 
-			if (result != TNC_RESULT_SUCCESS)
+				if (result != TNC_RESULT_SUCCESS)
+				{
+					return result;
+				}  
+				return this->agent->provide_recommendation(this->agent, state);
+			}
+			else
 			{
-				return result;
-			}  
-			return this->agent->provide_recommendation(this->agent, state);
-		}
-		else
-		{
-			handshake_state = IMV_OS_STATE_ATTR_REQ;
+				handshake_state = IMV_OS_STATE_ATTR_REQ;
+			}
 		}
 		os_state->set_handshake_state(os_state, handshake_state);
 	}
 
-	if (handshake_state == IMV_OS_STATE_POLICY_START && session)
+	if (handshake_state == IMV_OS_STATE_POLICY_START)
 	{
 		enumerator = session->create_workitem_enumerator(session);
 		if (enumerator)
@@ -638,7 +648,7 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
 		}
 	}
 
-	if (handshake_state == IMV_OS_STATE_WORKITEMS && session)
+	if (handshake_state == IMV_OS_STATE_WORKITEMS)
 	{
 		TNC_IMV_Evaluation_Result eval;
 		TNC_IMV_Action_Recommendation rec;
@@ -661,7 +671,7 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
 					int count, count_update, count_blacklist, count_ok;
 
 					if (!(received & IMV_OS_ATTR_INSTALLED_PACKAGES) ||
-						os_state->get_angel_count(os_state))
+						os_state->get_angel_count(os_state) > 0)
 					{
 						continue;
 					}
@@ -672,7 +682,7 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
 								  TNC_IMV_EVALUATION_RESULT_COMPLIANT;
 					snprintf(result_str, BUF_LEN, "processed %d packages: "
 							"%d not updated, %d blacklisted, %d ok, "
-							"%d not found",
+							"%d unknown",
 							count, count_update, count_blacklist, count_ok,
 							count - count_update - count_blacklist - count_ok);
 					break;
diff --git a/src/libimcv/plugins/imv_os/imv_os_database.c b/src/libimcv/plugins/imv_os/imv_os_database.c
index 12cf207d8..31b889b74 100644
--- a/src/libimcv/plugins/imv_os/imv_os_database.c
+++ b/src/libimcv/plugins/imv_os/imv_os_database.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -41,41 +41,49 @@ struct private_imv_os_database_t {
 };
 
 METHOD(imv_os_database_t, check_packages, status_t,
-	private_imv_os_database_t *this, imv_os_state_t *state,
+	private_imv_os_database_t *this, imv_os_state_t *os_state,
 	enumerator_t *package_enumerator)
 {
+	imv_state_t *state;
+	imv_session_t *session;
+	imv_os_info_t *os_info;
+	os_type_t os_type;
 	char *product, *package, *release, *cur_release;
 	chunk_t name, version;
-	os_type_t os_type;
 	int pid, gid, security, blacklist;
 	int count = 0, count_ok = 0, count_no_match = 0, count_blacklist = 0;
 	enumerator_t *e;
 	status_t status = SUCCESS;
 	bool found, match;
 
-	product = state->get_info(state, &os_type, NULL, NULL);
+	state = &os_state->interface;
+	session = state->get_session(state);
+	session->get_session_id(session, &pid, NULL);
+	os_info = session->get_os_info(session);
+	os_type = os_info->get_type(os_info);
+	product = os_info->get_info(os_info);
 
 	if (os_type == OS_TYPE_ANDROID)
 	{
 		/*no package dependency on Android version */
 		product = enum_to_name(os_type_names, os_type);
-	}
-	DBG1(DBG_IMV, "processing installed '%s' packages", product);
 
-	/* Get primary key of product */
-	e = this->db->query(this->db,
-				"SELECT id FROM products WHERE name = ?",
-				DB_TEXT, product, DB_INT);
-	if (!e)
-	{
-		return FAILED;
-	}
-	if (!e->enumerate(e, &pid))
-	{
+		/* Get primary key of product */
+		e = this->db->query(this->db,
+					"SELECT id FROM products WHERE name = ?",
+					DB_TEXT, product, DB_INT);
+		if (!e)
+		{
+			return FAILED;
+		}
+		if (!e->enumerate(e, &pid))
+		{
+			e->destroy(e);
+			return NOT_FOUND;
+		}
 		e->destroy(e);
-		return NOT_FOUND;
 	}
-	e->destroy(e);
+	DBG1(DBG_IMV, "processing installed '%s' packages", product);
 
 	while (package_enumerator->enumerate(package_enumerator, &name, &version))
 	{
@@ -143,8 +151,8 @@ METHOD(imv_os_database_t, check_packages, status_t,
 					DBG2(DBG_IMV, "package '%s' (%s) is blacklisted",
 								   package, release);
 					count_blacklist++;
-					state->add_bad_package(state, package,
-										   OS_PACKAGE_STATE_BLACKLIST);
+					os_state->add_bad_package(os_state, package,
+											  OS_PACKAGE_STATE_BLACKLIST);
 				}
 				else
 				{
@@ -157,8 +165,8 @@ METHOD(imv_os_database_t, check_packages, status_t,
 			{
 				DBG1(DBG_IMV, "package '%s' (%s) no match", package, release);
 				count_no_match++;
-				state->add_bad_package(state, package,
-									   OS_PACKAGE_STATE_SECURITY);
+				os_state->add_bad_package(os_state, package,
+										  OS_PACKAGE_STATE_SECURITY);
 			}
 		}
 		else
@@ -168,22 +176,12 @@ METHOD(imv_os_database_t, check_packages, status_t,
 		free(package);
 		free(release);
 	}
-	state->set_count(state, count, count_no_match, count_blacklist, count_ok);
+	os_state->set_count(os_state, count, count_no_match,
+								  count_blacklist, count_ok);
 
 	return status;
 }
 
-METHOD(imv_os_database_t, set_device_info, void,
-	private_imv_os_database_t *this,  int session_id, int count,
-	int count_update, int count_blacklist, u_int flags)
-{
-	this->db->execute(this->db, NULL,
-			"INSERT INTO device_infos (session, count, count_update, "
-			"count_blacklist, flags) VALUES (?, ?, ?, ?, ?)",
-			 DB_INT, session_id, DB_INT, count, DB_INT, count_update,
-			 DB_INT, count_blacklist, DB_UINT, flags);
-}
-
 METHOD(imv_os_database_t, destroy, void,
 	private_imv_os_database_t *this)
 {
@@ -205,7 +203,6 @@ imv_os_database_t *imv_os_database_create(imv_database_t *imv_db)
 	INIT(this,
 		.public = {
 			.check_packages = _check_packages,
-			.set_device_info = _set_device_info,
 			.destroy = _destroy,
 		},
 		.db = imv_db->get_database(imv_db),
diff --git a/src/libimcv/plugins/imv_os/imv_os_database.h b/src/libimcv/plugins/imv_os/imv_os_database.h
index 7b9ef3c33..9bf54fe06 100644
--- a/src/libimcv/plugins/imv_os/imv_os_database.h
+++ b/src/libimcv/plugins/imv_os/imv_os_database.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -43,18 +43,6 @@ struct imv_os_database_t {
 							   enumerator_t *package_enumerator);
 
 	/**
-	 * Set health infos for a given  device
-	 *
-	 * @param sesson_id				Session ID
-	 * @param count					Number of installed packages
-	 * @param count_update			Number of packages to be updated
-	 * @param count_blacklist		Number of blacklisted packages
-	 * @param flags					Various flags, e.g. illegal OS settings
-	 */
-	void (*set_device_info)(imv_os_database_t *this, int session_id, int count,
-							int count_update, int count_blacklist, u_int flags);
-
-	/**
 	 * Destroys an imv_os_database_t object.
 	 */
 	void (*destroy)(imv_os_database_t *this);
diff --git a/src/libimcv/plugins/imv_os/imv_os_state.c b/src/libimcv/plugins/imv_os/imv_os_state.c
index 4f5a4b039..dc8474ac9 100644
--- a/src/libimcv/plugins/imv_os/imv_os_state.c
+++ b/src/libimcv/plugins/imv_os/imv_os_state.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2012-2013 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -18,6 +18,7 @@
 #include "imv/imv_lang_string.h"
 #include "imv/imv_reason_string.h"
 #include "imv/imv_remediation_string.h"
+#include "imv/imv_os_info.h"
 
 #include <tncif_policy.h>
 
@@ -62,22 +63,12 @@ struct private_imv_os_state_t {
 	/**
 	 * Maximum PA-TNC message size for this TNCCS connection
 	 */
-	u_int32_t max_msg_len;
+	uint32_t max_msg_len;
 
 	/**
 	 * Flags set for completed actions
 	 */
-	u_int32_t action_flags;
-
-	/**
-	 * Access Requestor ID Type
-	 */
-	u_int32_t ar_id_type;
-
-	/**
-	 * Access Requestor ID Value
-	 */
-	chunk_t ar_id_value;
+	uint32_t action_flags;
 
 	/**
 	 * IMV database session associated with TNCCS connection
@@ -100,32 +91,12 @@ struct private_imv_os_state_t {
 	imv_os_handshake_state_t handshake_state;
 
 	/**
-	 * OS Product Information (concatenation of OS Name and Version)
-	 */
-	char *info;
-
-	/**
-	 * OS Type
-	 */
-	os_type_t type;
-
-	/**
-	 * OS Name
-	 */
-	chunk_t name;
-
-	/**
-	 * OS Version
-	 */
-	chunk_t version;
-
-	/**
 	 * List of blacklisted packages to be removed
 	 */
 	linked_list_t *remove_packages;
 
 	/**
-	 * List of vulnerable packages to be updated
+	 h* List of vulnerable packages to be updated
 	 */
 	linked_list_t *update_packages;
 
@@ -140,11 +111,6 @@ struct private_imv_os_state_t {
 	imv_remediation_string_t *remediation_string;
 
 	/**
-	 * Dgevice ID
-	 */
-	chunk_t device_id;
-
-	/**
 	 * Number of processed packages
 	 */
 	int count;
@@ -326,46 +292,29 @@ METHOD(imv_state_t, set_flags, void,
 }
 
 METHOD(imv_state_t, set_max_msg_len, void,
-	private_imv_os_state_t *this, u_int32_t max_msg_len)
+	private_imv_os_state_t *this, uint32_t max_msg_len)
 {
 	this->max_msg_len = max_msg_len;
 }
 
-METHOD(imv_state_t, get_max_msg_len, u_int32_t,
+METHOD(imv_state_t, get_max_msg_len, uint32_t,
 	private_imv_os_state_t *this)
 {
 	return this->max_msg_len;
 }
 
 METHOD(imv_state_t, set_action_flags, void,
-	private_imv_os_state_t *this, u_int32_t flags)
+	private_imv_os_state_t *this, uint32_t flags)
 {
 	this->action_flags |= flags;
 }
 
-METHOD(imv_state_t, get_action_flags, u_int32_t,
+METHOD(imv_state_t, get_action_flags, uint32_t,
 	private_imv_os_state_t *this)
 {
 	return this->action_flags;
 }
 
-METHOD(imv_state_t, set_ar_id, void,
-	private_imv_os_state_t *this, u_int32_t id_type, chunk_t id_value)
-{
-	this->ar_id_type = id_type;
-	this->ar_id_value = chunk_clone(id_value);
-}
-
-METHOD(imv_state_t, get_ar_id, chunk_t,
-	private_imv_os_state_t *this, u_int32_t *id_type)
-{
-	if (id_type)
-	{
-		*id_type = this->ar_id_type;
-	}
-	return this->ar_id_value;
-}
-
 METHOD(imv_state_t, set_session, void,
 	private_imv_os_state_t *this, imv_session_t *session)
 {
@@ -440,6 +389,9 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
 	private_imv_os_state_t *this, enumerator_t *language_enumerator,
 	chunk_t *string, char **lang_code, char **uri)
 {
+	imv_os_info_t *os_info;
+	bool as_xml = FALSE;
+
 	if (!this->count_update && !this->count_blacklist & !this->os_settings)
 	{
 		return FALSE;
@@ -449,8 +401,12 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
 
 	/* Instantiate an IETF Remediation Instructions String object */
 	DESTROY_IF(this->remediation_string);
-	this->remediation_string = imv_remediation_string_create(
-									this->type == OS_TYPE_ANDROID, *lang_code);
+	if (this->session)
+	{
+		os_info = this->session->get_os_info(this->session);
+		as_xml = os_info->get_type(os_info) == OS_TYPE_ANDROID;
+	}
+	this->remediation_string = imv_remediation_string_create(as_xml, *lang_code);
 
 	/* List of blacklisted packages to be removed, if any */
 	if (this->count_blacklist)
@@ -507,11 +463,6 @@ METHOD(imv_state_t, destroy, void,
 	DESTROY_IF(this->remediation_string);
 	this->update_packages->destroy_function(this->update_packages, free);
 	this->remove_packages->destroy_function(this->remove_packages, free);
-	free(this->info);
-	free(this->name.ptr);
-	free(this->version.ptr);
-	free(this->ar_id_value.ptr);
-	free(this->device_id.ptr);
 	free(this);
 }
 
@@ -527,39 +478,6 @@ METHOD(imv_os_state_t, get_handshake_state, imv_os_handshake_state_t,
 	return this->handshake_state;
 }
 
-METHOD(imv_os_state_t, set_info, void,
-	private_imv_os_state_t *this, os_type_t type, chunk_t name, chunk_t version)
-{
-	int len = name.len + 1 + version.len + 1;
-
-	/* OS info is a concatenation of OS name and OS version */
-	free(this->info);
-	this->info = malloc(len);
-	snprintf(this->info, len, "%.*s %.*s", (int)name.len, name.ptr,
-										   (int)version.len, version.ptr);
-	this->type = type;
-	this->name = chunk_clone(name);
-	this->version = chunk_clone(version);
-}
-
-METHOD(imv_os_state_t, get_info, char*,
-	private_imv_os_state_t *this, os_type_t *type, chunk_t *name,
-	chunk_t *version)
-{
-	if (type)
-	{
-		*type = this->type;
-	}
-	if (name)
-	{
-		*name = this->name;
-	}
-	if (version)
-	{
-		*version = this->version;
-	}
-	return this->info;
-}
 
 METHOD(imv_os_state_t, set_count, void,
 	private_imv_os_state_t *this, int count, int count_update,
@@ -593,18 +511,6 @@ METHOD(imv_os_state_t, get_count, void,
 	}
 }
 
-METHOD(imv_os_state_t, set_device_id, void,
-	private_imv_os_state_t *this, chunk_t id)
-{
-	this->device_id = chunk_clone(id);
-}
-
-METHOD(imv_os_state_t, get_device_id, chunk_t,
-	private_imv_os_state_t *this)
-{
-	return this->device_id;
-}
-
 METHOD(imv_os_state_t, set_os_settings, void,
 	private_imv_os_state_t *this, u_int settings)
 {
@@ -663,8 +569,6 @@ imv_state_t *imv_os_state_create(TNC_ConnectionID connection_id)
 				.get_max_msg_len = _get_max_msg_len,
 				.set_action_flags = _set_action_flags,
 				.get_action_flags = _get_action_flags,
-				.set_ar_id = _set_ar_id,
-				.get_ar_id = _get_ar_id,
 				.set_session = _set_session,
 				.get_session = _get_session,
 				.change_state = _change_state,
@@ -677,12 +581,8 @@ imv_state_t *imv_os_state_create(TNC_ConnectionID connection_id)
 			},
 			.set_handshake_state = _set_handshake_state,
 			.get_handshake_state = _get_handshake_state,
-			.set_info = _set_info,
-			.get_info = _get_info,
 			.set_count = _set_count,
 			.get_count = _get_count,
-			.set_device_id = _set_device_id,
-			.get_device_id = _get_device_id,
 			.set_os_settings = _set_os_settings,
 			.get_os_settings = _get_os_settings,
 			.set_angel_count = _set_angel_count,
diff --git a/src/libimcv/plugins/imv_os/imv_os_state.h b/src/libimcv/plugins/imv_os/imv_os_state.h
index 97f695319..82ebb6cc9 100644
--- a/src/libimcv/plugins/imv_os/imv_os_state.h
+++ b/src/libimcv/plugins/imv_os/imv_os_state.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -78,27 +78,6 @@ struct imv_os_state_t {
 	imv_os_handshake_state_t (*get_handshake_state)(imv_os_state_t *this);
 
 	/**
-	 * Set OS Product Information
-	 *
-	 * @param type			OS type (enumerated)
-	 * @param name			OS name (string)
-	 * @param version		OS version
-	 */
-	void (*set_info)(imv_os_state_t *this, os_type_t os_type,
-					 chunk_t name, chunk_t version);
-
-	/**
-	 * Get OS Product Information
-	 *
-	 * @param type			OS type (enumerated)
-	 * @param name			OS name (string)
-	 * @param version		OS version
-	 * @return				OS name & version as a concatenated string
-	 */
-	char* (*get_info)(imv_os_state_t *this, os_type_t *os_type,
-					  chunk_t *name, chunk_t *version);
-
-	/**
 	 * Set [or with multiple attributes increment] package counters
 	 *
 	 * @param count				Number of processed packages
@@ -121,20 +100,6 @@ struct imv_os_state_t {
 					  int *count_blacklist, int *count_ok);
 
 	/**
-	 * Set device ID
-	 *
-	 * @param device_id		Device ID
-	 */
-	void (*set_device_id)(imv_os_state_t *this, chunk_t id);
-
-	/**
-	 * Get device ID
-	 *
-	 * @return				Device ID
-	 */
-	chunk_t (*get_device_id)(imv_os_state_t *this);
-
-	/**
 	 * Set OS settings
 	 *
 	 * @param settings		OS settings
diff --git a/src/libimcv/plugins/imv_os/pacman.sh b/src/libimcv/plugins/imv_os/pacman.sh
index 3dfea3905..fcf35b644 100755
--- a/src/libimcv/plugins/imv_os/pacman.sh
+++ b/src/libimcv/plugins/imv_os/pacman.sh
@@ -3,7 +3,7 @@
 DIR="/etc/pts"
 DATE=`date +%Y%m%d-%H%M`
 UBUNTU="http://security.ubuntu.com/ubuntu/dists"
-UBUNTU_VERSIONS="saucy raring quantal precise lucid"
+UBUNTU_VERSIONS="trusty saucy raring quantal precise lucid"
 UBUNTU_DIRS="main multiverse restricted universe"
 UBUNTU_ARCH="binary-amd64 binary-i386"
 DEBIAN="http://security.debian.org/dists"
@@ -44,6 +44,27 @@ do
   done
 done
 
+for f in trusty-security/binary-amd64/*
+do
+  $PACMAN --product "Ubuntu 14.04 x86_64" --file $f --security >> $PACMAN_LOG
+done
+echo
+for f in trusty-updates/binary-amd64/*
+do
+  $PACMAN --product "Ubuntu 14.04 x86_64" --file $f >> $PACMAN_LOG
+done
+echo
+for f in trusty-security/binary-i386/*
+do
+  $PACMAN --product "Ubuntu 14.04 i686" --file $f --security >> $PACMAN_LOG
+done
+echo
+for f in trusty-updates/binary-i386/*
+do
+  $PACMAN --product "Ubuntu 14.04 i686" --file $f >> $PACMAN_LOG
+done
+echo
+
 for f in saucy-security/binary-amd64/*
 do
   $PACMAN --product "Ubuntu 13.10 x86_64" --file $f --security >> $PACMAN_LOG
diff --git a/src/libimcv/plugins/imv_scanner/Makefile.am b/src/libimcv/plugins/imv_scanner/Makefile.am
index 2bb0d675e..98814437e 100644
--- a/src/libimcv/plugins/imv_scanner/Makefile.am
+++ b/src/libimcv/plugins/imv_scanner/Makefile.am
@@ -4,7 +4,7 @@ AM_CPPFLAGS = \
 	-I$(top_srcdir)/src/libimcv
 
 AM_CFLAGS = \
-	-rdynamic
+	$(PLUGIN_CFLAGS)
 
 imcv_LTLIBRARIES = imv-scanner.la
 
diff --git a/src/libimcv/plugins/imv_scanner/Makefile.in b/src/libimcv/plugins/imv_scanner/Makefile.in
index 525f445ef..18446e73a 100644
--- a/src/libimcv/plugins/imv_scanner/Makefile.in
+++ b/src/libimcv/plugins/imv_scanner/Makefile.in
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.13.3 from Makefile.am.
+# Makefile.in generated by automake 1.14.1 from Makefile.am.
 # @configure_input@
 
 # Copyright (C) 1994-2013 Free Software Foundation, Inc.
@@ -263,6 +263,7 @@ NM = @NM@
 NMEDIT = @NMEDIT@
 OBJDUMP = @OBJDUMP@
 OBJEXT = @OBJEXT@
+OPENSSL_LIB = @OPENSSL_LIB@
 OTOOL = @OTOOL@
 OTOOL64 = @OTOOL64@
 PACKAGE = @PACKAGE@
@@ -281,6 +282,7 @@ PERL = @PERL@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
 PTHREADLIB = @PTHREADLIB@
 PYTHON = @PYTHON@
 PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
@@ -308,6 +310,7 @@ abs_top_srcdir = @abs_top_srcdir@
 ac_ct_AR = @ac_ct_AR@
 ac_ct_CC = @ac_ct_CC@
 ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+aikgen_plugins = @aikgen_plugins@
 am__include = @am__include@
 am__leading_dot = @am__leading_dot@
 am__quote = @am__quote@
@@ -399,6 +402,7 @@ srcdir = @srcdir@
 starter_plugins = @starter_plugins@
 strongswan_conf = @strongswan_conf@
 strongswan_options = @strongswan_options@
+swanctldir = @swanctldir@
 sysconfdir = @sysconfdir@
 systemdsystemunitdir = @systemdsystemunitdir@
 t_plugins = @t_plugins@
@@ -415,7 +419,7 @@ AM_CPPFLAGS = \
 	-I$(top_srcdir)/src/libimcv
 
 AM_CFLAGS = \
-	-rdynamic
+	$(PLUGIN_CFLAGS)
 
 imcv_LTLIBRARIES = imv-scanner.la
 imv_scanner_la_LIBADD = $(top_builddir)/src/libimcv/libimcv.la \
diff --git a/src/libimcv/plugins/imv_scanner/imv_scanner_agent.c b/src/libimcv/plugins/imv_scanner/imv_scanner_agent.c
index d1e093137..85ef23b80 100644
--- a/src/libimcv/plugins/imv_scanner/imv_scanner_agent.c
+++ b/src/libimcv/plugins/imv_scanner/imv_scanner_agent.c
@@ -259,7 +259,7 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
 	out_msg = imv_msg_create(this->agent, state, id, imv_id, TNC_IMCID_ANY,
 							 msg_types[0]);
 
-	if (!session)
+	if (!imcv_db)
 	{
 		DBG2(DBG_IMV, "no workitems available - no evaluation possible");
 		state->set_recommendation(state,
@@ -276,7 +276,8 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
 		return this->agent->provide_recommendation(this->agent, state);
 	}
 
-	if (handshake_state == IMV_SCANNER_STATE_INIT)
+	if (handshake_state == IMV_SCANNER_STATE_INIT &&
+		session->get_policy_started(session))
 	{
 		enumerator = session->create_workitem_enumerator(session);
 		if (enumerator)
diff --git a/src/libimcv/plugins/imv_scanner/imv_scanner_state.c b/src/libimcv/plugins/imv_scanner/imv_scanner_state.c
index 90475d34d..24a49a76c 100644
--- a/src/libimcv/plugins/imv_scanner/imv_scanner_state.c
+++ b/src/libimcv/plugins/imv_scanner/imv_scanner_state.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2013 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -58,22 +58,12 @@ struct private_imv_scanner_state_t {
 	/**
 	 * Maximum PA-TNC message size for this TNCCS connection
 	 */
-	u_int32_t max_msg_len;
+	uint32_t max_msg_len;
 
 	/**
 	 * Flags set for completed actions
 	 */
-	u_int32_t action_flags;
-
-	/**
-	 * Access Requestor ID Type
-	 */
-	u_int32_t ar_id_type;
-
-	/**
-	 * Access Requestor ID Value
-	 */
-	chunk_t ar_id_value;
+	uint32_t action_flags;
 
 	/**
 	 * IMV database session associatied with TNCCS connection
@@ -186,46 +176,29 @@ METHOD(imv_state_t, set_flags, void,
 }
 
 METHOD(imv_state_t, set_max_msg_len, void,
-	private_imv_scanner_state_t *this, u_int32_t max_msg_len)
+	private_imv_scanner_state_t *this, uint32_t max_msg_len)
 {
 	this->max_msg_len = max_msg_len;
 }
 
-METHOD(imv_state_t, get_max_msg_len, u_int32_t,
+METHOD(imv_state_t, get_max_msg_len, uint32_t,
 	private_imv_scanner_state_t *this)
 {
 	return this->max_msg_len;
 }
 
 METHOD(imv_state_t, set_action_flags, void,
-	private_imv_scanner_state_t *this, u_int32_t flags)
+	private_imv_scanner_state_t *this, uint32_t flags)
 {
 	this->action_flags |= flags;
 }
 
-METHOD(imv_state_t, get_action_flags, u_int32_t,
+METHOD(imv_state_t, get_action_flags, uint32_t,
 	private_imv_scanner_state_t *this)
 {
 	return this->action_flags;
 }
 
-METHOD(imv_state_t, set_ar_id, void,
-	private_imv_scanner_state_t *this, u_int32_t id_type, chunk_t id_value)
-{
-	this->ar_id_type = id_type;
-	this->ar_id_value = chunk_clone(id_value);
-}
-
-METHOD(imv_state_t, get_ar_id, chunk_t,
-	private_imv_scanner_state_t *this, u_int32_t *id_type)
-{
-	if (id_type)
-	{
-		*id_type = this->ar_id_type;
-	}
-	return this->ar_id_value;
-}
-
 METHOD(imv_state_t, set_session, void,
 	private_imv_scanner_state_t *this, imv_session_t *session)
 {
@@ -327,7 +300,6 @@ METHOD(imv_state_t, destroy, void,
 	DESTROY_IF(this->remediation_string);
 	DESTROY_IF(&this->port_filter_attr->pa_tnc_attribute);
 	this->violating_ports->destroy_function(this->violating_ports, free);
-	free(this->ar_id_value.ptr);
 	free(this);
 }
 
@@ -380,8 +352,6 @@ imv_state_t *imv_scanner_state_create(TNC_ConnectionID connection_id)
 				.get_max_msg_len = _get_max_msg_len,
 				.set_action_flags = _set_action_flags,
 				.get_action_flags = _get_action_flags,
-				.set_ar_id = _set_ar_id,
-				.get_ar_id = _get_ar_id,
 				.set_session = _set_session,
 				.get_session= _get_session,
 				.change_state = _change_state,
diff --git a/src/libimcv/plugins/imv_test/Makefile.am b/src/libimcv/plugins/imv_test/Makefile.am
index 5ed916163..4fe715fa8 100644
--- a/src/libimcv/plugins/imv_test/Makefile.am
+++ b/src/libimcv/plugins/imv_test/Makefile.am
@@ -4,7 +4,7 @@ AM_CPPFLAGS = \
 	-I$(top_srcdir)/src/libimcv
 
 AM_CFLAGS = \
-	-rdynamic
+	$(PLUGIN_CFLAGS)
 
 imcv_LTLIBRARIES = imv-test.la
 
diff --git a/src/libimcv/plugins/imv_test/Makefile.in b/src/libimcv/plugins/imv_test/Makefile.in
index 3724cc582..5ac6a8f7b 100644
--- a/src/libimcv/plugins/imv_test/Makefile.in
+++ b/src/libimcv/plugins/imv_test/Makefile.in
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.13.3 from Makefile.am.
+# Makefile.in generated by automake 1.14.1 from Makefile.am.
 # @configure_input@
 
 # Copyright (C) 1994-2013 Free Software Foundation, Inc.
@@ -262,6 +262,7 @@ NM = @NM@
 NMEDIT = @NMEDIT@
 OBJDUMP = @OBJDUMP@
 OBJEXT = @OBJEXT@
+OPENSSL_LIB = @OPENSSL_LIB@
 OTOOL = @OTOOL@
 OTOOL64 = @OTOOL64@
 PACKAGE = @PACKAGE@
@@ -280,6 +281,7 @@ PERL = @PERL@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
 PTHREADLIB = @PTHREADLIB@
 PYTHON = @PYTHON@
 PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
@@ -307,6 +309,7 @@ abs_top_srcdir = @abs_top_srcdir@
 ac_ct_AR = @ac_ct_AR@
 ac_ct_CC = @ac_ct_CC@
 ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+aikgen_plugins = @aikgen_plugins@
 am__include = @am__include@
 am__leading_dot = @am__leading_dot@
 am__quote = @am__quote@
@@ -398,6 +401,7 @@ srcdir = @srcdir@
 starter_plugins = @starter_plugins@
 strongswan_conf = @strongswan_conf@
 strongswan_options = @strongswan_options@
+swanctldir = @swanctldir@
 sysconfdir = @sysconfdir@
 systemdsystemunitdir = @systemdsystemunitdir@
 t_plugins = @t_plugins@
@@ -414,7 +418,7 @@ AM_CPPFLAGS = \
 	-I$(top_srcdir)/src/libimcv
 
 AM_CFLAGS = \
-	-rdynamic
+	$(PLUGIN_CFLAGS)
 
 imcv_LTLIBRARIES = imv-test.la
 imv_test_la_LIBADD = $(top_builddir)/src/libimcv/libimcv.la \
diff --git a/src/libimcv/plugins/imv_test/imv_test_state.c b/src/libimcv/plugins/imv_test/imv_test_state.c
index f05db8027..3564456a8 100644
--- a/src/libimcv/plugins/imv_test/imv_test_state.c
+++ b/src/libimcv/plugins/imv_test/imv_test_state.c
@@ -58,17 +58,7 @@ struct private_imv_test_state_t {
 	/**
 	 * Maximum PA-TNC message size for this TNCCS connection
 	 */
-	u_int32_t max_msg_len;
-
-	/**
-	 * Access Requestor ID Type
-	 */
-	u_int32_t ar_id_type;
-
-	/**
-	 * Access Requestor ID Value
-	 */
-	chunk_t ar_id_value;
+	uint32_t max_msg_len;
 
 	/**
 	 * IMV database session associated with TNCCS connection
@@ -149,34 +139,17 @@ METHOD(imv_state_t, set_flags, void,
 }
 
 METHOD(imv_state_t, set_max_msg_len, void,
-	private_imv_test_state_t *this, u_int32_t max_msg_len)
+	private_imv_test_state_t *this, uint32_t max_msg_len)
 {
 	this->max_msg_len = max_msg_len;
 }
 
-METHOD(imv_state_t, get_max_msg_len, u_int32_t,
+METHOD(imv_state_t, get_max_msg_len, uint32_t,
 	private_imv_test_state_t *this)
 {
 	return this->max_msg_len;
 }
 
-METHOD(imv_state_t, set_ar_id, void,
-	private_imv_test_state_t *this, u_int32_t id_type, chunk_t id_value)
-{
-	this->ar_id_type = id_type;
-	this->ar_id_value = chunk_clone(id_value);
-}
-
-METHOD(imv_state_t, get_ar_id, chunk_t,
-	private_imv_test_state_t *this, u_int32_t *id_type)
-{
-	if (id_type)
-	{
-		*id_type = this->ar_id_type;
-	}
-	return this->ar_id_value;
-}
-
 METHOD(imv_state_t, set_session, void,
 	private_imv_test_state_t *this, imv_session_t *session)
 {
@@ -248,7 +221,6 @@ METHOD(imv_state_t, destroy, void,
 	DESTROY_IF(this->session);
 	DESTROY_IF(this->reason_string);
 	this->imcs->destroy_function(this->imcs, free);
-	free(this->ar_id_value.ptr);
 	free(this);
 }
 
@@ -333,8 +305,6 @@ imv_state_t *imv_test_state_create(TNC_ConnectionID connection_id)
 				.set_flags = _set_flags,
 				.set_max_msg_len = _set_max_msg_len,
 				.get_max_msg_len = _get_max_msg_len,
-				.set_ar_id = _set_ar_id,
-				.get_ar_id = _get_ar_id,
 				.set_session = _set_session,
 				.get_session = _get_session,
 				.change_state = _change_state,