Update upstream source from tag 'upstream/5.7.0'

Update to upstream version '5.7.0' with Debian dir b608300a1e1f88db62d14d08a55ca09f3603f054
author: Yves-Alexis Perez <corsac@debian.org> 2018-09-24 15:11:25 +0200
committer: Yves-Alexis Perez <corsac@debian.org> 2018-09-24 15:11:25 +0200
commit: 7152c3439f3decbb6366d94464d3c089674c8c30 (patch)
tree: 48bfe66e31226d55914868bc0558f479e2a22a36 /testing/tests/tnc/tnccs-20-pdp-eap
parent: c2ac4e0da62d859085148d8518d558402e1f9a8c (diff)
parent: e0e280b7669435b991b7e457abd8aa450930b3e8 (diff)
download: vyos-strongswan-7152c3439f3decbb6366d94464d3c089674c8c30.tar.gz
vyos-strongswan-7152c3439f3decbb6366d94464d3c089674c8c30.zip
7 files changed, 24 insertions, 15 deletions
diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/description.txt b/testing/tests/tnc/tnccs-20-pdp-eap/description.txt
index a178211e1..234941171 100644
--- a/testing/tests/tnc/tnccs-20-pdp-eap/description.txt
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/description.txt
@@ -6,7 +6,9 @@ authenticated by an X.509 AAA certificate. The strong EAP-TTLS tunnel protects t
 client authentication based on <b>EAP-MD5</b>. In a next step the EAP-TNC protocol is used within
 the EAP-TTLS tunnel to determine the health of <b>carol</b> and <b>dave</b> via the <b>IF-TNCCS 2.0</b>
 client-server interface defined by <b>RFC 5793 PB-TNC</b>. The communication between IMCs and IMVs
-is based on the <b>IF-M</b> protocol defined by <b>RFC 5792 PA-TNC</b>.
+is based on the <b>IF-M</b> protocol defined by <b>RFC 5792 PA-TNC</b>. The <b>SWIMA</b> IMC on <b>carol</b>
+is requested to deliver a concise <b>Software ID Inventory</b> whereas <b>dave</b> must send a full
+<b>Software Inventory</b>.
 <p>
 <b>carol</b> passes the health test and <b>dave</b> fails. Based on these measurements the clients
 are connected by gateway <b>moon</b> to the "rw-allow" and "rw-isolate" subnets, respectively.
diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/evaltest.dat b/testing/tests/tnc/tnccs-20-pdp-eap/evaltest.dat
index 258352834..dfe42aed9 100644
--- a/testing/tests/tnc/tnccs-20-pdp-eap/evaltest.dat
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/evaltest.dat
@@ -1,18 +1,22 @@
 dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA.* successful::YES
 dave:: cat /var/log/daemon.log::PDP server.*aaa.strongswan.org.*is listening on port 271::YES
-dave:: cat /var/log/daemon.log::collected ... SWID tags::YES
+dave:: cat /var/log/daemon.log::collected ... SW records::YES
 dave:: cat /var/log/daemon.log::PB-TNC access recommendation is .*Quarantined::YES
 dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
 carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA.* successful::YES
 carol::cat /var/log/daemon.log::PDP server.*aaa.strongswan.org.*is listening on port 271::YES
-carol::cat /var/log/daemon.log::collected ... SWID tag IDs::YES
-carol::cat /var/log/daemon.log::collected 1 SWID tag::YES
+carol::cat /var/log/daemon.log::collected ... SW ID records::YES
+carol::cat /var/log/daemon.log::strongswan.org__strongSwan.*swidtag::YES
+carol::cat /var/log/daemon.log::collected 1 SW record::YES
 carol::cat /var/log/daemon.log::PB-TNC access recommendation is .*Access Allowed::YES
 carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
 alice::cat /var/log/daemon.log::user AR identity.*dave.*authenticated by password::YES
-alice::cat /var/log/daemon.log::IMV 2 handled SWIDT workitem 3: allow - received inventory of 0 SWID tag IDs and ... SWID tags::YES
+alice::cat /var/log/daemon.log::received software inventory with.*items for request 3 at last eid 1 of epoch::YES
 alice::cat /var/log/daemon.log::user AR identity.*carol.*authenticated by password::YES
-alice::cat /var/log/daemon.log::IMV 2 handled SWIDT workitem 9: allow - received inventory of ... SWID tag IDs and 1 SWID tag::YES
+alice::cat /var/log/daemon.log::failed to collect SW ID events, fallback to SW ID inventory::YES
+alice::cat /var/log/daemon.log::received software ID inventory with.*items for request 9 at last eid 1 of epoch::YES
+alice::cat /var/log/daemon.log::1 SWID tag target::YES
+alice::cat /var/log/daemon.log::received software inventory with 1 item for request 9 at last eid 1 of epoch::YES
 moon:: cat /var/log/daemon.log::received RADIUS attribute Filter-Id: 'isolate'::YES
 moon:: cat /var/log/daemon.log::RADIUS authentication of 'dave' successful::YES
 moon:: cat /var/log/daemon.log::authentication of '192.168.0.200' with EAP successful::YES
diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf
index e01fe4b4c..72dbbfa52 100644
--- a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf
@@ -34,8 +34,11 @@ libimcv {
   policy_script = /usr/local/libexec/ipsec/imv_policy_manager
 
   plugins {
-    imv-swid {
-      rest_api_uri = http://admin-user:strongSwan@tnc.strongswan.org/api/
+    imv-swima {
+      rest_api
+      {
+        uri = http://admin-user:strongSwan@tnc.strongswan.org/api/
+      }
     }
   }
 }
diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/tnc_config b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/tnc_config
index ebe88bc99..0c6812b41 100644
--- a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/tnc_config
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/tnc_config
@@ -1,4 +1,4 @@
-#IMV configuration file for strongSwan client 
+#IMV configuration file for strongSwan client
 
 IMV "OS"	/usr/local/lib/ipsec/imcvs/imv-os.so
-IMV "SWID"	/usr/local/lib/ipsec/imcvs/imv-swid.so
+IMV "SWIMA"	/usr/local/lib/ipsec/imcvs/imv-swima.so
diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/tnc_config b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/tnc_config
index a954883a4..8139c3a4c 100644
--- a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/tnc_config
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/tnc_config
@@ -1,4 +1,4 @@
-#IMC configuration file for strongSwan client 
+#IMC configuration file for strongSwan client
 
 IMC "OS"	/usr/local/lib/ipsec/imcvs/imc-os.so
-IMC "SWID"	/usr/local/lib/ipsec/imcvs/imc-swid.so
+IMC "SWIMA"	/usr/local/lib/ipsec/imcvs/imc-swima.so
diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf
index 852e0714e..55d07f574 100644
--- a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf
@@ -32,7 +32,7 @@ libimcv {
    imc-os {
      push_info = no
     }
-    imc-swid {
+    imc-swima {
       swid_directory = /usr/share
       swid_pretty = no
     }
diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/tnc_config b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/tnc_config
index a954883a4..8139c3a4c 100644
--- a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/tnc_config
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/tnc_config
@@ -1,4 +1,4 @@
-#IMC configuration file for strongSwan client 
+#IMC configuration file for strongSwan client
 
 IMC "OS"	/usr/local/lib/ipsec/imcvs/imc-os.so
-IMC "SWID"	/usr/local/lib/ipsec/imcvs/imc-swid.so
+IMC "SWIMA"	/usr/local/lib/ipsec/imcvs/imc-swima.so
author	Yves-Alexis Perez <corsac@debian.org>	2018-09-24 15:11:25 +0200
committer	Yves-Alexis Perez <corsac@debian.org>	2018-09-24 15:11:25 +0200
commit	7152c3439f3decbb6366d94464d3c089674c8c30 (patch)
tree	48bfe66e31226d55914868bc0558f479e2a22a36 /testing/tests/tnc/tnccs-20-pdp-eap
parent	c2ac4e0da62d859085148d8518d558402e1f9a8c (diff)
parent	e0e280b7669435b991b7e457abd8aa450930b3e8 (diff)
download	vyos-strongswan-7152c3439f3decbb6366d94464d3c089674c8c30.tar.gz vyos-strongswan-7152c3439f3decbb6366d94464d3c089674c8c30.zip