Imported Upstream version 5.1.2

author: Yves-Alexis Perez <corsac@debian.org> 2014-03-11 20:48:48 +0100
committer: Yves-Alexis Perez <corsac@debian.org> 2014-03-11 20:48:48 +0100
commit: 15fb7904f4431a6e7c305fd08732458f7f885e7e (patch)
tree: c93b60ee813af70509f00f34e29ebec311762427 /src/libpts/pts
parent: 5313d2d78ca150515f7f5eb39801c100690b6b29 (diff)
download: vyos-strongswan-15fb7904f4431a6e7c305fd08732458f7f885e7e.tar.gz
vyos-strongswan-15fb7904f4431a6e7c305fd08732458f7f885e7e.zip
5 files changed, 72 insertions, 21 deletions
diff --git a/src/libpts/pts/components/ita/ita_comp_ima.c b/src/libpts/pts/components/ita/ita_comp_ima.c
index 02470f5f5..c6b4131bf 100644
--- a/src/libpts/pts/components/ita/ita_comp_ima.c
+++ b/src/libpts/pts/components/ita/ita_comp_ima.c
@@ -683,7 +683,7 @@ METHOD(pts_component_t, verify, status_t,
 					status = this->pts_db->check_comp_measurement(this->pts_db,
 										measurement, this->bios_cid, this->kid,
 										++this->seq_no,	pcr, algo);
-					if (status != SUCCESS)
+					if (status == FAILED)
 					{
 						return status;
 					}
@@ -803,7 +803,7 @@ METHOD(pts_component_t, verify, status_t,
 		}
 		if (pcrs->set(pcrs, pcr, pcr_after))
 		{
-			return SUCCESS;
+			return status;
 		}
 	}
 	else
@@ -811,7 +811,7 @@ METHOD(pts_component_t, verify, status_t,
 		pcr_after = pcrs->extend(pcrs, pcr, measurement);
 		if (pcr_after.ptr)
 		{
-			return SUCCESS;
+			return status;
 		}
 	}
 	return FAILED;
@@ -951,7 +951,7 @@ pts_component_t *pts_ita_comp_ima_create(u_int32_t depth,
 		.bios_list = linked_list_create(),
 		.ima_list = linked_list_create(),
 		.pcr_info = lib->settings->get_bool(lib->settings,
-						"libimcv.plugins.imc-attestation.pcr_info", TRUE),
+						"%s.plugins.imc-attestation.pcr_info", TRUE, lib->ns),
 		.ref = 1,
 	);
 
diff --git a/src/libpts/pts/components/ita/ita_comp_tboot.c b/src/libpts/pts/components/ita/ita_comp_tboot.c
index 8fb5abddf..f4859f801 100644
--- a/src/libpts/pts/components/ita/ita_comp_tboot.c
+++ b/src/libpts/pts/components/ita/ita_comp_tboot.c
@@ -130,21 +130,21 @@ METHOD(pts_component_t, measure, status_t,
 			/* dummy data since currently the TBOOT log is not retrieved */
 			time(&this->measurement_time);
 			meas_hex = lib->settings->get_str(lib->settings,
-						"libimcv.plugins.imc-attestation.pcr17_meas", NULL);
+						"%s.plugins.imc-attestation.pcr17_meas", NULL, lib->ns);
 			pcr_before_hex = lib->settings->get_str(lib->settings,
-						"libimcv.plugins.imc-attestation.pcr17_before", NULL);
+						"%s.plugins.imc-attestation.pcr17_before", NULL, lib->ns);
 			pcr_after_hex = lib->settings->get_str(lib->settings,
-						"libimcv.plugins.imc-attestation.pcr17_after", NULL);
+						"%s.plugins.imc-attestation.pcr17_after", NULL, lib->ns);
 			extended_pcr = PCR_TBOOT_POLICY;
 			break;
 		case 1:
 			/* dummy data since currently the TBOOT log is not retrieved */
 			meas_hex = lib->settings->get_str(lib->settings,
-						"libimcv.plugins.imc-attestation.pcr18_meas", NULL);
+						"%s.plugins.imc-attestation.pcr18_meas", NULL, lib->ns);
 			pcr_before_hex = lib->settings->get_str(lib->settings,
-						"libimcv.plugins.imc-attestation.pcr18_before", NULL);
+						"%s.plugins.imc-attestation.pcr18_before", NULL, lib->ns);
 			pcr_after_hex = lib->settings->get_str(lib->settings,
-						"libimcv.plugins.imc-attestation.pcr18_after", NULL);
+						"%s.plugins.imc-attestation.pcr18_after", NULL, lib->ns);
 			extended_pcr = PCR_TBOOT_MLE;
 			break;
 		default:
diff --git a/src/libpts/pts/pts.c b/src/libpts/pts/pts.c
index f646d67e1..8699282f0 100644
--- a/src/libpts/pts/pts.c
+++ b/src/libpts/pts/pts.c
@@ -377,7 +377,7 @@ static void load_aik_blob(private_pts_t *this)
 	u_int32_t aikBlobLen;
 
 	blob_path = lib->settings->get_str(lib->settings,
-						"libimcv.plugins.imc-attestation.aik_blob", NULL);
+						"%s.plugins.imc-attestation.aik_blob", NULL, lib->ns);
 
 	if (blob_path)
 	{
@@ -418,9 +418,9 @@ static void load_aik(private_pts_t *this)
 	char *cert_path, *key_path;
 
 	cert_path = lib->settings->get_str(lib->settings,
-						"libimcv.plugins.imc-attestation.aik_cert", NULL);
+						"%s.plugins.imc-attestation.aik_cert", NULL, lib->ns);
 	key_path = lib->settings->get_str(lib->settings,
-						"libimcv.plugins.imc-attestation.aik_key", NULL);
+						"%s.plugins.imc-attestation.aik_key", NULL, lib->ns);
 
 	if (cert_path)
 	{
@@ -627,7 +627,7 @@ METHOD(pts_t, get_metadata, pts_file_meta_t*,
 			metadata->destroy(metadata);
 			return NULL;
 		}
-		entry->filename = strdup(basename(pathname));
+		entry->filename = path_basename(pathname);
 		metadata->add(metadata, entry);
 	}
 
diff --git a/src/libpts/pts/pts_database.c b/src/libpts/pts/pts_database.c
index e5a06cc8d..07e8ae1da 100644
--- a/src/libpts/pts/pts_database.c
+++ b/src/libpts/pts/pts_database.c
@@ -15,6 +15,7 @@
 
 #define _GNU_SOURCE
 #include <stdio.h>
+#include <libgen.h>
 
 #include "pts_database.h"
 
@@ -248,13 +249,62 @@ METHOD(pts_database_t, check_file_measurement, status_t,
 	enumerator_t *e;
 	chunk_t hash;
 	status_t status = NOT_FOUND;
+	char *dir, *file;
+
+	if (strlen(filename) < 1)
+	{
+		return INVALID_ARG;
+	}
+
+	/* separate filename into directory and basename components */
+	dir = path_dirname(filename);
+	file = path_basename(filename);
+
+	if (*dir == '.')
+	{	/* relative pathname */
+		e = this->db->query(this->db,
+				"SELECT fh.hash FROM file_hashes AS fh "
+				"JOIN files AS f ON f.id = fh.file "
+				"JOIN products AS p ON p.id = fh.product "
+				"WHERE p.name = ? AND f.name = ? AND fh.algo = ?",
+		DB_TEXT, product, DB_TEXT, file, DB_INT, algo, DB_BLOB);
+	}
+	else
+	{	/* absolute pathname */
+		bool dir_found;
+		int did;
+
+		/* find directory entry first */
+		e = this->db->query(this->db,
+				"SELECT id FROM directories WHERE path = ?",
+				DB_TEXT, dir, DB_INT);
+		if (!e)
+		{
+			free(file);
+			free(dir);
+			return FAILED;
+		}
+		dir_found = e->enumerate(e, &did);
+		e->destroy(e);
+
+		if (!dir_found)
+		{
+			free(file);
+			free(dir);
+			return NOT_FOUND;
+		}
+
+		e = this->db->query(this->db,
+				"SELECT fh.hash FROM file_hashes AS fh "
+				"JOIN files AS f ON f.id = fh.file "
+				"JOIN products AS p ON p.id = fh.product "
+				"WHERE p.name = ? AND f.dir = ? AND f.name = ? AND fh.algo = ?",
+				DB_TEXT, product, DB_INT, did, DB_TEXT, file, DB_INT, algo,
+				DB_BLOB);
+	}
+	free(file);
+	free(dir);
 
-	e = this->db->query(this->db,
-		"SELECT fh.hash FROM file_hashes AS fh "
-		"JOIN files AS f ON f.id = fh.file "
-		"JOIN products AS p ON p.id = fh.product "
-		"WHERE p.name = ? AND f.path = ? AND fh.algo = ?",
-		DB_TEXT, product, DB_TEXT, filename, DB_INT, algo, DB_BLOB);
 	if (!e)
 	{
 		return FAILED;
diff --git a/src/libpts/pts/pts_file_meas.c b/src/libpts/pts/pts_file_meas.c
index f684087d7..77a0957bb 100644
--- a/src/libpts/pts/pts_file_meas.c
+++ b/src/libpts/pts/pts_file_meas.c
@@ -341,9 +341,10 @@ pts_file_meas_t *pts_file_meas_create_from_path(u_int16_t request_id,
 			success = FALSE;
 			goto end;
 		}
-		filename = use_rel_name ? basename(pathname) : pathname;
+		filename = use_rel_name ? path_basename(pathname) : strdup(pathname);
 		DBG2(DBG_PTS, "  %#B for '%s'", &measurement, filename);
 		add(this, filename, measurement);
+		free(filename);
 	}
 
 end:
author	Yves-Alexis Perez <corsac@debian.org>	2014-03-11 20:48:48 +0100
committer	Yves-Alexis Perez <corsac@debian.org>	2014-03-11 20:48:48 +0100
commit	15fb7904f4431a6e7c305fd08732458f7f885e7e (patch)
tree	c93b60ee813af70509f00f34e29ebec311762427 /src/libpts/pts
parent	5313d2d78ca150515f7f5eb39801c100690b6b29 (diff)
download	vyos-strongswan-15fb7904f4431a6e7c305fd08732458f7f885e7e.tar.gz vyos-strongswan-15fb7904f4431a6e7c305fd08732458f7f885e7e.zip