summaryrefslogtreecommitdiff
path: root/src/libimcv
diff options
context:
space:
mode:
Diffstat (limited to 'src/libimcv')
-rw-r--r--src/libimcv/Makefile.am3
-rw-r--r--src/libimcv/Makefile.in11
-rw-r--r--src/libimcv/imv/data.sql155
-rw-r--r--src/libimcv/imv/imv_agent.c76
-rw-r--r--src/libimcv/imv/imv_database.c111
-rw-r--r--src/libimcv/imv/imv_policy_manager.c76
-rw-r--r--src/libimcv/imv/imv_session.c33
-rw-r--r--src/libimcv/imv/imv_session.h14
-rw-r--r--src/libimcv/imv/imv_session_manager.c40
-rw-r--r--src/libimcv/imv/imv_session_manager.h7
-rw-r--r--src/libimcv/imv/tables-mysql.sql8
-rw-r--r--src/libimcv/imv/tables.sql8
-rw-r--r--src/libimcv/plugins/imc_attestation/Makefile.in5
-rw-r--r--src/libimcv/plugins/imc_attestation/imc_attestation_process.c12
-rw-r--r--src/libimcv/plugins/imc_os/Makefile.in5
-rw-r--r--src/libimcv/plugins/imc_scanner/Makefile.in5
-rw-r--r--src/libimcv/plugins/imc_swid/Makefile.in5
-rw-r--r--src/libimcv/plugins/imc_test/Makefile.in5
-rw-r--r--src/libimcv/plugins/imv_attestation/Makefile.in5
-rw-r--r--src/libimcv/plugins/imv_attestation/attest_db.c18
-rwxr-xr-xsrc/libimcv/plugins/imv_attestation/build-database.sh2
-rw-r--r--src/libimcv/plugins/imv_attestation/imv_attestation_build.c6
-rw-r--r--src/libimcv/plugins/imv_attestation/imv_attestation_process.c8
-rw-r--r--src/libimcv/plugins/imv_os/Makefile.in5
-rw-r--r--src/libimcv/plugins/imv_scanner/Makefile.in5
-rw-r--r--src/libimcv/plugins/imv_swid/Makefile.in5
-rw-r--r--src/libimcv/plugins/imv_test/Makefile.in5
-rw-r--r--src/libimcv/pts/components/ita/ita_comp_tboot.c9
-rw-r--r--src/libimcv/pts/pts.c18
-rw-r--r--src/libimcv/pts/pts.h6
-rw-r--r--src/libimcv/seg/seg_env.c3
-rw-r--r--src/libimcv/seg/seg_env.h2
-rw-r--r--src/libimcv/suites/test_imcv_seg.c12
-rw-r--r--src/libimcv/tcg/pts/tcg_pts_attr_file_meas.c3
34 files changed, 514 insertions, 177 deletions
diff --git a/src/libimcv/Makefile.am b/src/libimcv/Makefile.am
index d9a5cd50d..a61382723 100644
--- a/src/libimcv/Makefile.am
+++ b/src/libimcv/Makefile.am
@@ -127,7 +127,8 @@ imv_policy_manager_SOURCES = \
imv/imv_policy_manager.c \
imv/imv_policy_manager_usage.h imv/imv_policy_manager_usage.c
imv_policy_manager_LDADD = \
- $(top_builddir)/src/libstrongswan/libstrongswan.la
+ $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(top_builddir)/src/libtncif/libtncif.la
#imv/imv_policy_manager.o : $(top_builddir)/config.status
SUBDIRS = .
diff --git a/src/libimcv/Makefile.in b/src/libimcv/Makefile.in
index 239e62a17..03778a22c 100644
--- a/src/libimcv/Makefile.in
+++ b/src/libimcv/Makefile.in
@@ -237,7 +237,8 @@ am_imv_policy_manager_OBJECTS = imv/imv_policy_manager.$(OBJEXT) \
imv/imv_policy_manager_usage.$(OBJEXT)
imv_policy_manager_OBJECTS = $(am_imv_policy_manager_OBJECTS)
imv_policy_manager_DEPENDENCIES = \
- $(top_builddir)/src/libstrongswan/libstrongswan.la
+ $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(top_builddir)/src/libtncif/libtncif.la
SCRIPTS = $(ipsec_SCRIPTS)
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
@@ -395,6 +396,7 @@ DLLIB = @DLLIB@
DLLTOOL = @DLLTOOL@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
+EASY_INSTALL = @EASY_INSTALL@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
@@ -455,10 +457,12 @@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
+PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
+PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -532,6 +536,8 @@ json_CFLAGS = @json_CFLAGS@
json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
+libiptc_CFLAGS = @libiptc_CFLAGS@
+libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
@@ -708,7 +714,8 @@ imv_policy_manager_SOURCES = \
imv/imv_policy_manager_usage.h imv/imv_policy_manager_usage.c
imv_policy_manager_LDADD = \
- $(top_builddir)/src/libstrongswan/libstrongswan.la
+ $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(top_builddir)/src/libtncif/libtncif.la
#imv/imv_policy_manager.o : $(top_builddir)/config.status
SUBDIRS = . $(am__append_3) $(am__append_4) $(am__append_5) \
diff --git a/src/libimcv/imv/data.sql b/src/libimcv/imv/data.sql
index 425748f59..ff6191117 100644
--- a/src/libimcv/imv/data.sql
+++ b/src/libimcv/imv/data.sql
@@ -323,6 +323,71 @@ INSERT INTO products ( /* 54 */
'Debian 7.6 armv6l'
);
+INSERT INTO products ( /* 55 */
+ name
+) VALUES (
+ 'Debian 7.7 i686'
+);
+
+INSERT INTO products ( /* 56 */
+ name
+) VALUES (
+ 'Debian 7.7 x86_64'
+);
+INSERT INTO products ( /* 57 */
+ name
+) VALUES (
+ 'Debian 7.7 armv6l'
+);
+
+INSERT INTO products ( /* 58 */
+ name
+) VALUES (
+ 'Debian 7.8 i686'
+);
+
+INSERT INTO products ( /* 59 */
+ name
+) VALUES (
+ 'Debian 7.8 x86_64'
+);
+
+INSERT INTO products ( /* 60 */
+ name
+) VALUES (
+ 'Debian 7.8 armv6l'
+);
+
+INSERT INTO products ( /* 61 */
+ name
+) VALUES (
+ 'Ubuntu 14.10 i686'
+);
+
+INSERT INTO products ( /* 62 */
+ name
+) VALUES (
+ 'Ubuntu 14.10 x86_64'
+);
+
+INSERT INTO products ( /* 63 */
+ name
+) VALUES (
+ 'Android 5.0'
+);
+
+INSERT INTO products ( /* 64 */
+ name
+) VALUES (
+ 'Android 5.0.1'
+);
+
+INSERT INTO products ( /* 65 */
+ name
+) VALUES (
+ 'Debian 7.8 armv7l'
+);
+
/* Directories */
INSERT INTO directories ( /* 1 */
@@ -741,6 +806,18 @@ INSERT INTO groups ( /* 14 */
'Debian armv6l', 2
);
+INSERT INTO groups ( /* 15 */
+ name, parent
+) VALUES (
+ 'Debian armv7l', 2
+);
+
+INSERT INTO groups ( /* 16 */
+ name
+) VALUES (
+ 'TPM TBOOT'
+);
+
/* Default Product Groups */
INSERT INTO groups_product_defaults (
@@ -800,6 +877,18 @@ INSERT INTO groups_product_defaults (
INSERT INTO groups_product_defaults (
group_id, product_id
) VALUES (
+ 4, 55
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
+ 4, 58
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
5, 2
);
@@ -854,6 +943,18 @@ INSERT INTO groups_product_defaults (
INSERT INTO groups_product_defaults (
group_id, product_id
) VALUES (
+ 5, 56
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
+ 5, 59
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
6, 9
);
@@ -902,6 +1003,12 @@ INSERT INTO groups_product_defaults (
INSERT INTO groups_product_defaults (
group_id, product_id
) VALUES (
+ 6, 61
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
7, 8
);
@@ -956,6 +1063,12 @@ INSERT INTO groups_product_defaults (
INSERT INTO groups_product_defaults (
group_id, product_id
) VALUES (
+ 7, 62
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
3, 21
);
@@ -1016,6 +1129,18 @@ INSERT INTO groups_product_defaults (
INSERT INTO groups_product_defaults (
group_id, product_id
) VALUES (
+ 3, 63
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
+ 3, 64
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
3, 51
);
@@ -1061,6 +1186,24 @@ INSERT INTO groups_product_defaults (
14, 54
);
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
+ 14, 57
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
+ 14, 60
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
+ 15, 65
+);
+
/* Policies */
INSERT INTO policies ( /* 1 */
@@ -1189,6 +1332,12 @@ INSERT INTO policies ( /* 21 */
16, 'TPM BIOS/IMA Measurements', 'BI', 2, 2
);
+INSERT INTO policies ( /* 22 */
+ type, name, argument, rec_fail, rec_noresult
+) VALUES (
+ 16, 'TPM TBOOT Measurements', 'T', 2, 2
+);
+
/* Enforcements */
INSERT INTO enforcements ( /* 1 */
@@ -1293,6 +1442,12 @@ INSERT INTO enforcements ( /* 17 */
21, 13, 60
);
+INSERT INTO enforcements ( /* 18 */
+ policy, group_id, max_age
+) VALUES (
+ 22, 16, 60
+);
+
/* swid_entities */
INSERT INTO "swid_entities" ( /* 1 */
diff --git a/src/libimcv/imv/imv_agent.c b/src/libimcv/imv/imv_agent.c
index 6b24f4b28..d0508624d 100644
--- a/src/libimcv/imv/imv_agent.c
+++ b/src/libimcv/imv/imv_agent.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2014 Andreas Steffen
+ * Copyright (C) 2011-2015 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -412,14 +412,10 @@ METHOD(imv_agent_t, create_state, TNC_Result,
{
TNC_ConnectionID conn_id;
char *tnccs_p = NULL, *tnccs_v = NULL, *t_p = NULL, *t_v = NULL;
- bool has_long = FALSE, has_excl = FALSE, has_soh = FALSE, first = TRUE;
+ bool has_long = FALSE, has_excl = FALSE, has_soh = FALSE;
linked_list_t *ar_identities;
- enumerator_t *enumerator;
- tncif_identity_t *tnc_id;
imv_session_t *session;
uint32_t max_msg_len;
- uint32_t ar_id_type = TNC_ID_UNKNOWN;
- chunk_t ar_id_value = chunk_empty;
conn_id = state->get_connection_id(state);
if (find_connection(this, conn_id))
@@ -431,15 +427,24 @@ METHOD(imv_agent_t, create_state, TNC_Result,
}
/* Get and display attributes from TNCS via IF-IMV */
- has_long = get_bool_attribute(this, conn_id, TNC_ATTRIBUTEID_HAS_LONG_TYPES);
- has_excl = get_bool_attribute(this, conn_id, TNC_ATTRIBUTEID_HAS_EXCLUSIVE);
- has_soh = get_bool_attribute(this, conn_id, TNC_ATTRIBUTEID_HAS_SOH);
- tnccs_p = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFTNCCS_PROTOCOL);
- tnccs_v = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFTNCCS_VERSION);
- t_p = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFT_PROTOCOL);
- t_v = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFT_VERSION);
- max_msg_len = get_uint_attribute(this, conn_id, TNC_ATTRIBUTEID_MAX_MESSAGE_SIZE);
- ar_identities = get_identity_attribute(this, conn_id, TNC_ATTRIBUTEID_AR_IDENTITIES);
+ has_long = get_bool_attribute(this, conn_id,
+ TNC_ATTRIBUTEID_HAS_LONG_TYPES);
+ has_excl = get_bool_attribute(this, conn_id,
+ TNC_ATTRIBUTEID_HAS_EXCLUSIVE);
+ has_soh = get_bool_attribute(this, conn_id,
+ TNC_ATTRIBUTEID_HAS_SOH);
+ tnccs_p = get_str_attribute(this, conn_id,
+ TNC_ATTRIBUTEID_IFTNCCS_PROTOCOL);
+ tnccs_v = get_str_attribute(this, conn_id,
+ TNC_ATTRIBUTEID_IFTNCCS_VERSION);
+ t_p = get_str_attribute(this, conn_id,
+ TNC_ATTRIBUTEID_IFT_PROTOCOL);
+ t_v = get_str_attribute(this, conn_id,
+ TNC_ATTRIBUTEID_IFT_VERSION);
+ max_msg_len = get_uint_attribute(this, conn_id,
+ TNC_ATTRIBUTEID_MAX_MESSAGE_SIZE);
+ ar_identities = get_identity_attribute(this, conn_id,
+ TNC_ATTRIBUTEID_AR_IDENTITIES);
state->set_flags(state, has_long, has_excl);
state->set_max_msg_len(state, max_msg_len);
@@ -451,48 +456,9 @@ METHOD(imv_agent_t, create_state, TNC_Result,
DBG2(DBG_IMV, " over %s %s with maximum PA-TNC message size of %u bytes",
t_p ? t_p:"?", t_v ? t_v :"?", max_msg_len);
- enumerator = ar_identities->create_enumerator(ar_identities);
- while (enumerator->enumerate(enumerator, &tnc_id))
- {
- pen_type_t id_type, subject_type, auth_type;
- uint32_t tcg_id_type, tcg_subject_type, tcg_auth_type;
- chunk_t id_value;
-
- id_type = tnc_id->get_identity_type(tnc_id);
- id_value = tnc_id->get_identity_value(tnc_id);
- subject_type = tnc_id->get_subject_type(tnc_id);
- auth_type = tnc_id->get_auth_type(tnc_id);
-
- tcg_id_type = (id_type.vendor_id == PEN_TCG) ?
- id_type.type : TNC_ID_UNKNOWN;
- tcg_subject_type = (subject_type.vendor_id == PEN_TCG) ?
- subject_type.type : TNC_SUBJECT_UNKNOWN;
- tcg_auth_type = (auth_type.vendor_id == PEN_TCG) ?
- auth_type.type : TNC_AUTH_UNKNOWN;
-
-
- DBG2(DBG_IMV, " %N AR identity '%.*s' authenticated by %N",
- TNC_Subject_names, tcg_subject_type,
- id_value.len, id_value.ptr,
- TNC_Authentication_names, tcg_auth_type);
-
- /* keep the first access requestor ID */
- if (first)
- {
- ar_id_type = tcg_id_type;
- ar_id_value = id_value;
- first = FALSE;
- }
- }
- enumerator->destroy(enumerator);
-
- session = imcv_sessions->add_session(imcv_sessions, conn_id,
- ar_id_type, ar_id_value);
+ session = imcv_sessions->add_session(imcv_sessions, conn_id, ar_identities);
state->set_session(state, session);
- /* clean up temporary variables */
- ar_identities->destroy_offset(ar_identities,
- offsetof(tncif_identity_t, destroy));
free(tnccs_p);
free(tnccs_v);
free(t_p);
diff --git a/src/libimcv/imv/imv_database.c b/src/libimcv/imv/imv_database.c
index 0c4bb7514..0a18cd71b 100644
--- a/src/libimcv/imv/imv_database.c
+++ b/src/libimcv/imv/imv_database.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013-2014 Andreas Steffen
+ * Copyright (C) 2013-2015 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -22,6 +22,8 @@
#include "imv_database.h"
+#include <tncif_identity.h>
+
#include <utils/debug.h>
#include <threading/mutex.h>
@@ -60,41 +62,14 @@ METHOD(imv_database_t, get_database, database_t*,
*/
static bool create_session(private_imv_database_t *this, imv_session_t *session)
{
- enumerator_t *e;
+ enumerator_t *enumerator, *e;
imv_os_info_t *os_info;
- chunk_t device_id, ar_id_value;
+ chunk_t device_id;
+ tncif_identity_t *tnc_id;
TNC_ConnectionID conn_id;
- uint32_t ar_id_type;
char *product, *device;
- int session_id = 0, ar_id = 0, pid = 0, did = 0, trusted = 0, created;
-
- ar_id_value = session->get_ar_id(session, &ar_id_type);
- if (ar_id_value.len)
- {
- /* get primary key of AR identity if it exists */
- e = this->db->query(this->db,
- "SELECT id FROM identities WHERE type = ? AND value = ?",
- DB_INT, ar_id_type, DB_BLOB, ar_id_value, DB_INT);
- if (e)
- {
- e->enumerate(e, &ar_id);
- e->destroy(e);
- }
-
- /* if AR identity has not been found - register it */
- if (!ar_id)
- {
- this->db->execute(this->db, &ar_id,
- "INSERT INTO identities (type, value) VALUES (?, ?)",
- DB_INT, ar_id_type, DB_BLOB, ar_id_value);
- }
-
- if (!ar_id)
- {
- DBG1(DBG_IMV, "imv_db: registering access requestor failed");
- return FALSE;
- }
- }
+ int session_id = 0, pid = 0, did = 0, trusted = 0, created;
+ bool first = TRUE, success = TRUE;
/* get product info string */
os_info = session->get_os_info(session);
@@ -170,10 +145,9 @@ static bool create_session(private_imv_database_t *this, imv_session_t *session)
created = session->get_creation_time(session);
conn_id = session->get_connection_id(session);
this->db->execute(this->db, &session_id,
- "INSERT INTO sessions (time, connection, identity, product, device) "
- "VALUES (?, ?, ?, ?, ?)",
- DB_INT, created, DB_INT, conn_id, DB_INT, ar_id,
- DB_INT, pid, DB_INT, did);
+ "INSERT INTO sessions (time, connection, product, device) "
+ "VALUES (?, ?, ?, ?)",
+ DB_INT, created, DB_INT, conn_id, DB_INT, pid, DB_INT, did);
if (session_id)
{
@@ -187,7 +161,68 @@ static bool create_session(private_imv_database_t *this, imv_session_t *session)
}
session->set_session_id(session, session_id, pid, did);
- return TRUE;
+ enumerator = session->create_ar_identities_enumerator(session);
+ while (enumerator->enumerate(enumerator, &tnc_id))
+ {
+ pen_type_t ar_id_type;
+ chunk_t ar_id_value;
+ int ar_id = 0, si_id = 0;
+
+ ar_id_type = tnc_id->get_identity_type(tnc_id);
+ ar_id_value = tnc_id->get_identity_value(tnc_id);
+
+ if (ar_id_type.vendor_id != PEN_TCG || ar_id_value.len == 0)
+ {
+ continue;
+ }
+
+ /* get primary key of AR identity if it exists */
+ e = this->db->query(this->db,
+ "SELECT id FROM identities WHERE type = ? AND value = ?",
+ DB_INT, ar_id_type.type, DB_BLOB, ar_id_value, DB_INT);
+ if (e)
+ {
+ e->enumerate(e, &ar_id);
+ e->destroy(e);
+ }
+
+ /* if AR identity has not been found - register it */
+ if (!ar_id)
+ {
+ this->db->execute(this->db, &ar_id,
+ "INSERT INTO identities (type, value) VALUES (?, ?)",
+ DB_INT, ar_id_type.type, DB_BLOB, ar_id_value);
+ }
+ if (!ar_id)
+ {
+ DBG1(DBG_IMV, "imv_db: registering access requestor failed");
+ success = FALSE;
+ break;
+ }
+
+ this->db->execute(this->db, &si_id,
+ "INSERT INTO sessions_identities (session_id, identity_id) "
+ "VALUES (?, ?)",
+ DB_INT, session_id, DB_INT, ar_id);
+
+ if (!si_id)
+ {
+ DBG1(DBG_IMV, "imv_db: assigning identity to session failed");
+ success = FALSE;
+ break;
+ }
+
+ if (first)
+ {
+ this->db->execute(this->db, NULL,
+ "UPDATE sessions SET identity = ? WHERE id = ?",
+ DB_INT, ar_id, DB_INT, session_id);
+ first = FALSE;
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ return success;
}
static bool add_workitems(private_imv_database_t *this, imv_session_t *session)
diff --git a/src/libimcv/imv/imv_policy_manager.c b/src/libimcv/imv/imv_policy_manager.c
index 50f7f2e39..9f7e4e8f4 100644
--- a/src/libimcv/imv/imv_policy_manager.c
+++ b/src/libimcv/imv/imv_policy_manager.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2015 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -19,6 +19,8 @@
#include <library.h>
#include <utils/debug.h>
+#include <tncif_names.h>
+
#include <stdlib.h>
#include <stdio.h>
#include <time.h>
@@ -251,9 +253,12 @@ static bool policy_start(database_t *db, int session_id)
static bool policy_stop(database_t *db, int session_id)
{
enumerator_t *e;
- int rec, policy;
- char *result;
+ int rec, policy, final_rec, id_type;
+ chunk_t id_value;
+ char *result, *ip_address = NULL;
+ bool success = TRUE;
+ /* store all workitem results for this session in the results table */
e = db->query(db,
"SELECT w.rec_final, w.result, e.policy FROM workitems AS w "
"JOIN enforcements AS e ON w.enforcement = e.id "
@@ -270,9 +275,68 @@ static bool policy_stop(database_t *db, int session_id)
}
e->destroy(e);
}
- return db->execute(db, NULL,
- "DELETE FROM workitems WHERE session = ?",
- DB_UINT, session_id) >= 0;
+ else
+ {
+ success = FALSE;
+ }
+
+ /* delete all workitems for this session from the database */
+ if (db->execute(db, NULL,
+ "DELETE FROM workitems WHERE session = ?",
+ DB_UINT, session_id) < 0)
+ {
+ success = FALSE;
+ }
+
+ final_rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION;
+
+ /* retrieve the final recommendation for this session */
+ e = db->query(db,
+ "SELECT rec FROM sessions WHERE id = ?",
+ DB_INT, session_id, DB_INT);
+ if (e)
+ {
+ if (!e->enumerate(e, &final_rec))
+ {
+ success = FALSE;
+ }
+ e->destroy(e);
+ }
+ else
+ {
+ success = FALSE;
+ }
+
+ /* retrieve client IP address for this session */
+ e = db->query(db,
+ "SELECT i.type, i.value FROM identities AS i "
+ "JOIN sessions_identities AS si ON si.identity_id = i.id "
+ "WHERE si.session_id = ? AND (i.type = ? OR i.type = ?)",
+ DB_INT, session_id, DB_INT, TNC_ID_IPV4_ADDR, DB_INT,
+ TNC_ID_IPV6_ADDR, DB_INT, DB_BLOB);
+ if (e)
+ {
+ if (e->enumerate(e, &id_type, &id_value))
+ {
+ ip_address = strndup(id_value.ptr, id_value.len);
+ }
+ else
+ {
+ success = FALSE;
+ }
+ e->destroy(e);
+ }
+ else
+ {
+ success = FALSE;
+ }
+
+ fprintf(stderr, "recommendation for access requestor %s is %N\n",
+ ip_address ? ip_address : "0.0.0.0",
+ TNC_IMV_Action_Recommendation_names, final_rec);
+ free(ip_address);
+
+ return success;
}
int main(int argc, char *argv[])
diff --git a/src/libimcv/imv/imv_session.c b/src/libimcv/imv/imv_session.c
index 1f0d8cf14..bc6b5a8d1 100644
--- a/src/libimcv/imv/imv_session.c
+++ b/src/libimcv/imv/imv_session.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2015 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -15,6 +15,8 @@
#include "imv_session.h"
+#include <tncif_identity.h>
+
#include <utils/debug.h>
typedef struct private_imv_session_t private_imv_session_t;
@@ -55,14 +57,9 @@ struct private_imv_session_t {
time_t created;
/**
- * Access Requestor ID type
- */
- uint32_t ar_id_type;
-
- /**
- * Access Requestor ID value
+ * List of Access Requestor identities
*/
- chunk_t ar_id_value;
+ linked_list_t *ar_identities;
/**
* OS information
@@ -130,14 +127,10 @@ METHOD(imv_session_t, get_creation_time, time_t,
return this->created;
}
-METHOD(imv_session_t, get_ar_id, chunk_t,
- private_imv_session_t *this, uint32_t *ar_id_type)
+METHOD(imv_session_t, create_ar_identities_enumerator, enumerator_t*,
+ private_imv_session_t *this)
{
- if (ar_id_type)
- {
- *ar_id_type = this->ar_id_type;
- }
- return this->ar_id_value;
+ return this->ar_identities->create_enumerator(this->ar_identities);
}
METHOD(imv_session_t, get_os_info, imv_os_info_t*,
@@ -256,7 +249,8 @@ METHOD(imv_session_t, destroy, void,
this->workitems->destroy_offset(this->workitems,
offsetof(imv_workitem_t, destroy));
this->os_info->destroy(this->os_info);
- free(this->ar_id_value.ptr);
+ this->ar_identities->destroy_offset(this->ar_identities,
+ offsetof(tncif_identity_t, destroy));
free(this->device_id.ptr);
free(this);
}
@@ -266,7 +260,7 @@ METHOD(imv_session_t, destroy, void,
* See header
*/
imv_session_t *imv_session_create(TNC_ConnectionID conn_id, time_t created,
- uint32_t ar_id_type, chunk_t ar_id_value)
+ linked_list_t *ar_identities)
{
private_imv_session_t *this;
@@ -276,7 +270,7 @@ imv_session_t *imv_session_create(TNC_ConnectionID conn_id, time_t created,
.get_session_id = _get_session_id,
.get_connection_id = _get_connection_id,
.get_creation_time = _get_creation_time,
- .get_ar_id = _get_ar_id,
+ .create_ar_identities_enumerator = _create_ar_identities_enumerator,
.get_os_info = _get_os_info,
.set_device_id = _set_device_id,
.get_device_id = _get_device_id,
@@ -293,8 +287,7 @@ imv_session_t *imv_session_create(TNC_ConnectionID conn_id, time_t created,
},
.conn_id = conn_id,
.created = created,
- .ar_id_type = ar_id_type,
- .ar_id_value = chunk_clone(ar_id_value),
+ .ar_identities = ar_identities,
.os_info = imv_os_info_create(),
.workitems = linked_list_create(),
.ref = 1,
diff --git a/src/libimcv/imv/imv_session.h b/src/libimcv/imv/imv_session.h
index 42b9118a6..107716f30 100644
--- a/src/libimcv/imv/imv_session.h
+++ b/src/libimcv/imv/imv_session.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013-2014 Andreas Steffen
+ * Copyright (C) 2013-2015 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -70,12 +70,11 @@ struct imv_session_t {
time_t (*get_creation_time)(imv_session_t *this);
/**
- * Get Access Requestor ID
+ * Get list of Access Requestor identities
*
- * @param id_type Access Requestor TCG Standard ID Type
- * @return Access Requestor TCG Standard ID Value
+ * @return List of Access Requestor identities
*/
- chunk_t (*get_ar_id)(imv_session_t *this, uint32_t *id_type);
+ enumerator_t* (*create_ar_identities_enumerator)(imv_session_t *this);
/**
* Get OS Information
@@ -172,10 +171,9 @@ struct imv_session_t {
*
* @param id Associated Connection ID
* @param created Session creation time
- * @param ar_id_type Access Requestor ID type
- * @param ar_id_value Access Requestor ID value
+ * @param ar_identities List of Access Requestor identities
*/
imv_session_t* imv_session_create(TNC_ConnectionID id, time_t created,
- uint32_t ar_id_type, chunk_t ar_id_value);
+ linked_list_t *ar_identities);
#endif /** IMV_SESSION_H_ @}*/
diff --git a/src/libimcv/imv/imv_session_manager.c b/src/libimcv/imv/imv_session_manager.c
index 0fb8de45e..c97602998 100644
--- a/src/libimcv/imv/imv_session_manager.c
+++ b/src/libimcv/imv/imv_session_manager.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2014 Andreas Steffen
+ * Copyright (C) 2014-2015 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -15,6 +15,9 @@
#include "imv_session_manager.h"
+#include <tncif_names.h>
+#include <tncif_identity.h>
+
#include <threading/mutex.h>
typedef struct private_imv_session_manager_t private_imv_session_manager_t;
@@ -43,9 +46,10 @@ struct private_imv_session_manager_t {
METHOD(imv_session_manager_t, add_session, imv_session_t*,
private_imv_session_manager_t *this, TNC_ConnectionID conn_id,
- uint32_t ar_id_type, chunk_t ar_id_value)
+ linked_list_t *ar_identities)
{
enumerator_t *enumerator;
+ tncif_identity_t *tnc_id;
imv_session_t *current, *session = NULL;
time_t created;
@@ -66,13 +70,43 @@ METHOD(imv_session_manager_t, add_session, imv_session_t*,
/* session already exists */
if (session)
{
+ ar_identities->destroy_offset(ar_identities,
+ offsetof(tncif_identity_t, destroy));
this->mutex->unlock(this->mutex);
return session->get_ref(session);
}
+ /* Output list of Access Requestor identities */
+ enumerator = ar_identities->create_enumerator(ar_identities);
+ while (enumerator->enumerate(enumerator, &tnc_id))
+ {
+ pen_type_t id_type, subject_type, auth_type;
+ uint32_t tcg_id_type, tcg_subject_type, tcg_auth_type;
+ chunk_t id_value;
+
+ id_type = tnc_id->get_identity_type(tnc_id);
+ id_value = tnc_id->get_identity_value(tnc_id);
+ subject_type = tnc_id->get_subject_type(tnc_id);
+ auth_type = tnc_id->get_auth_type(tnc_id);
+
+ tcg_id_type = (subject_type.vendor_id == PEN_TCG) ?
+ id_type.type : TNC_SUBJECT_UNKNOWN;
+ tcg_subject_type = (subject_type.vendor_id == PEN_TCG) ?
+ subject_type.type : TNC_SUBJECT_UNKNOWN;
+ tcg_auth_type = (auth_type.vendor_id == PEN_TCG) ?
+ auth_type.type : TNC_AUTH_UNKNOWN;
+
+ DBG2(DBG_IMV, " %N AR identity '%.*s' of type %N authenticated by %N",
+ TNC_Subject_names, tcg_subject_type,
+ id_value.len, id_value.ptr,
+ TNC_Identity_names, tcg_id_type,
+ TNC_Authentication_names, tcg_auth_type);
+ }
+ enumerator->destroy(enumerator);
+
/* create a new session entry */
created = time(NULL);
- session = imv_session_create(conn_id, created, ar_id_type, ar_id_value);
+ session = imv_session_create(conn_id, created, ar_identities);
this->sessions->insert_last(this->sessions, session);
this->mutex->unlock(this->mutex);
diff --git a/src/libimcv/imv/imv_session_manager.h b/src/libimcv/imv/imv_session_manager.h
index 8a733accb..cfae23bc9 100644
--- a/src/libimcv/imv/imv_session_manager.h
+++ b/src/libimcv/imv/imv_session_manager.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2014 Andreas Steffen
+ * Copyright (C) 2014-2015 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -39,13 +39,12 @@ struct imv_session_manager_t {
* Create or get a session associated with a TNCCS connection
*
* @param conn_id TNCCS Connection ID
- * @param ar_id_type Access Requestor identity type
- * @param ar_id_value Access Requestor identity value
+ * @param ar_identities List of Access Requestor identities
* @return Session associated with TNCCS Connection
*/
imv_session_t* (*add_session)(imv_session_manager_t *this,
TNC_ConnectionID conn_id,
- uint32_t ar_id_type, chunk_t ar_id_value);
+ linked_list_t *ar_identities);
/**
* Remove a session
diff --git a/src/libimcv/imv/tables-mysql.sql b/src/libimcv/imv/tables-mysql.sql
index 47ee41c86..cf50742c3 100644
--- a/src/libimcv/imv/tables-mysql.sql
+++ b/src/libimcv/imv/tables-mysql.sql
@@ -99,6 +99,14 @@ CREATE TABLE `sessions` (
`rec` INTEGER DEFAULT 3
);
+DROP TABLE IF EXISTS `sessions_identities`;
+CREATE TABLE `sessions_identities` (
+ `id` INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT,
+ `session_id` INTEGER NOT NULL REFERENCES `sessions`(`id`),
+ `identity_id` INTEGER NOT NULL REFERENCES `identities`(`id`),
+ UNIQUE (`session_id`, `identity_id`)
+);
+
DROP TABLE IF EXISTS `workitems`;
CREATE TABLE `workitems` (
`id` INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT,
diff --git a/src/libimcv/imv/tables.sql b/src/libimcv/imv/tables.sql
index f7324896e..5c2a6563b 100644
--- a/src/libimcv/imv/tables.sql
+++ b/src/libimcv/imv/tables.sql
@@ -104,6 +104,14 @@ CREATE TABLE sessions (
rec INTEGER DEFAULT 3
);
+DROP TABLE IF EXISTS sessions_identities;
+CREATE TABLE sessions_identities (
+ id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+ session_id INTEGER NOT NULL REFERENCES sessions(id),
+ identity_id INTEGER NOT NULL REFERENCES identities(id),
+ UNIQUE (session_id, identity_id)
+);
+
DROP TABLE IF EXISTS workitems;
CREATE TABLE workitems (
id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
diff --git a/src/libimcv/plugins/imc_attestation/Makefile.in b/src/libimcv/plugins/imc_attestation/Makefile.in
index 3c5017f32..8ad56181e 100644
--- a/src/libimcv/plugins/imc_attestation/Makefile.in
+++ b/src/libimcv/plugins/imc_attestation/Makefile.in
@@ -227,6 +227,7 @@ DLLIB = @DLLIB@
DLLTOOL = @DLLTOOL@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
+EASY_INSTALL = @EASY_INSTALL@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
@@ -287,10 +288,12 @@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
+PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
+PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -364,6 +367,8 @@ json_CFLAGS = @json_CFLAGS@
json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
+libiptc_CFLAGS = @libiptc_CFLAGS@
+libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
diff --git a/src/libimcv/plugins/imc_attestation/imc_attestation_process.c b/src/libimcv/plugins/imc_attestation/imc_attestation_process.c
index 2fc2998e1..f24aec881 100644
--- a/src/libimcv/plugins/imc_attestation/imc_attestation_process.c
+++ b/src/libimcv/plugins/imc_attestation/imc_attestation_process.c
@@ -137,7 +137,11 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, imc_msg_t *msg,
{
return FALSE;
}
- pts->get_my_public_value(pts, &responder_value, &responder_nonce);
+ if (!pts->get_my_public_value(pts, &responder_value,
+ &responder_nonce))
+ {
+ return FALSE;
+ }
/* Send DH Nonce Parameters Response attribute */
attr = tcg_pts_attr_dh_nonce_params_resp_create(selected_dh_group,
@@ -174,8 +178,10 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, imc_msg_t *msg,
return FALSE;
}
- pts->set_peer_public_value(pts, initiator_value, initiator_nonce);
- if (!pts->calculate_secret(pts))
+
+ if (!pts->set_peer_public_value(pts, initiator_value,
+ initiator_nonce) ||
+ !pts->calculate_secret(pts))
{
return FALSE;
}
diff --git a/src/libimcv/plugins/imc_os/Makefile.in b/src/libimcv/plugins/imc_os/Makefile.in
index 3f4cf41a9..3b7538688 100644
--- a/src/libimcv/plugins/imc_os/Makefile.in
+++ b/src/libimcv/plugins/imc_os/Makefile.in
@@ -224,6 +224,7 @@ DLLIB = @DLLIB@
DLLTOOL = @DLLTOOL@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
+EASY_INSTALL = @EASY_INSTALL@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
@@ -284,10 +285,12 @@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
+PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
+PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -361,6 +364,8 @@ json_CFLAGS = @json_CFLAGS@
json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
+libiptc_CFLAGS = @libiptc_CFLAGS@
+libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
diff --git a/src/libimcv/plugins/imc_scanner/Makefile.in b/src/libimcv/plugins/imc_scanner/Makefile.in
index a192b0a41..7b696896f 100644
--- a/src/libimcv/plugins/imc_scanner/Makefile.in
+++ b/src/libimcv/plugins/imc_scanner/Makefile.in
@@ -225,6 +225,7 @@ DLLIB = @DLLIB@
DLLTOOL = @DLLTOOL@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
+EASY_INSTALL = @EASY_INSTALL@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
@@ -285,10 +286,12 @@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
+PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
+PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -362,6 +365,8 @@ json_CFLAGS = @json_CFLAGS@
json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
+libiptc_CFLAGS = @libiptc_CFLAGS@
+libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
diff --git a/src/libimcv/plugins/imc_swid/Makefile.in b/src/libimcv/plugins/imc_swid/Makefile.in
index f1859a2cb..2847f09b4 100644
--- a/src/libimcv/plugins/imc_swid/Makefile.in
+++ b/src/libimcv/plugins/imc_swid/Makefile.in
@@ -227,6 +227,7 @@ DLLIB = @DLLIB@
DLLTOOL = @DLLTOOL@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
+EASY_INSTALL = @EASY_INSTALL@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
@@ -287,10 +288,12 @@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
+PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
+PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -364,6 +367,8 @@ json_CFLAGS = @json_CFLAGS@
json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
+libiptc_CFLAGS = @libiptc_CFLAGS@
+libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
diff --git a/src/libimcv/plugins/imc_test/Makefile.in b/src/libimcv/plugins/imc_test/Makefile.in
index 3e1d0232f..2048caa4d 100644
--- a/src/libimcv/plugins/imc_test/Makefile.in
+++ b/src/libimcv/plugins/imc_test/Makefile.in
@@ -224,6 +224,7 @@ DLLIB = @DLLIB@
DLLTOOL = @DLLTOOL@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
+EASY_INSTALL = @EASY_INSTALL@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
@@ -284,10 +285,12 @@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
+PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
+PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -361,6 +364,8 @@ json_CFLAGS = @json_CFLAGS@
json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
+libiptc_CFLAGS = @libiptc_CFLAGS@
+libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
diff --git a/src/libimcv/plugins/imv_attestation/Makefile.in b/src/libimcv/plugins/imv_attestation/Makefile.in
index 3ba7c8c88..09a0ab0ce 100644
--- a/src/libimcv/plugins/imv_attestation/Makefile.in
+++ b/src/libimcv/plugins/imv_attestation/Makefile.in
@@ -236,6 +236,7 @@ DLLIB = @DLLIB@
DLLTOOL = @DLLTOOL@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
+EASY_INSTALL = @EASY_INSTALL@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
@@ -296,10 +297,12 @@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
+PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
+PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -373,6 +376,8 @@ json_CFLAGS = @json_CFLAGS@
json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
+libiptc_CFLAGS = @libiptc_CFLAGS@
+libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
diff --git a/src/libimcv/plugins/imv_attestation/attest_db.c b/src/libimcv/plugins/imv_attestation/attest_db.c
index f85a02b3d..f1a1f923e 100644
--- a/src/libimcv/plugins/imv_attestation/attest_db.c
+++ b/src/libimcv/plugins/imv_attestation/attest_db.c
@@ -849,29 +849,31 @@ METHOD(attest_db_t, list_devices, void,
{
enumerator_t *e, *e_ar;
chunk_t ar_id_value = chunk_empty;
- char *product, *device;
+ char *product, *device, *description;
time_t timestamp;
- int id, last_id = 0, ar_id = 0, last_ar_id = 0, device_count = 0;
+ int id, last_id = 0, ar_id = 0, last_ar_id = 0, device_count = 0, trusted;
int session_id, rec;
u_int32_t ar_id_type;
u_int tstamp;
e = this->db->query(this->db,
- "SELECT d.id, d.value, s.id, s.time, s.identity, s.rec, p.name "
+ "SELECT d.id, d.value, d.trusted, d.description, "
+ "s.id, s.time, s.identity, s.rec, p.name "
"FROM devices AS d "
"JOIN sessions AS s ON d.id = s.device "
"JOIN products AS p ON p.id = s.product "
- "ORDER BY d.value, s.time DESC", DB_INT, DB_TEXT, DB_INT, DB_UINT,
- DB_INT, DB_INT, DB_TEXT);
+ "ORDER BY d.value, s.time DESC", DB_INT, DB_TEXT, DB_INT, DB_TEXT,
+ DB_INT, DB_UINT, DB_INT, DB_INT, DB_TEXT);
if (e)
{
- while (e->enumerate(e, &id, &device, &session_id, &tstamp, &ar_id, &rec,
- &product))
+ while (e->enumerate(e, &id, &device, &trusted, &description,
+ &session_id, &tstamp, &ar_id, &rec, &product))
{
if (id != last_id)
{
- printf("%4d: %s - %s\n", id, device, product);
+ printf("%4d: %s %s - %s - %s\n", id, trusted ? "+" : "-",
+ device, product, description);
device_count++;
last_id = id;
}
diff --git a/src/libimcv/plugins/imv_attestation/build-database.sh b/src/libimcv/plugins/imv_attestation/build-database.sh
index ca2939b49..0babb5366 100755
--- a/src/libimcv/plugins/imv_attestation/build-database.sh
+++ b/src/libimcv/plugins/imv_attestation/build-database.sh
@@ -2,7 +2,7 @@
p="Ubuntu 14.04 x86_64"
a="x86_64-linux-gnu"
-k="3.13.0-37-generic"
+k="3.13.0-46-generic"
for hash in sha1 sha256
do
diff --git a/src/libimcv/plugins/imv_attestation/imv_attestation_build.c b/src/libimcv/plugins/imv_attestation/imv_attestation_build.c
index c39fe8d47..db93ac45f 100644
--- a/src/libimcv/plugins/imv_attestation/imv_attestation_build.c
+++ b/src/libimcv/plugins/imv_attestation/imv_attestation_build.c
@@ -69,7 +69,11 @@ bool imv_attestation_build(imv_msg_t *out_msg, imv_state_t *state,
/* Send DH nonce finish attribute */
selected_algorithm = pts->get_meas_algorithm(pts);
- pts->get_my_public_value(pts, &initiator_value, &initiator_nonce);
+ if (!pts->get_my_public_value(pts, &initiator_value,
+ &initiator_nonce))
+ {
+ return FALSE;
+ }
attr = tcg_pts_attr_dh_nonce_finish_create(selected_algorithm,
initiator_value, initiator_nonce);
attr->set_noskip_flag(attr, TRUE);
diff --git a/src/libimcv/plugins/imv_attestation/imv_attestation_process.c b/src/libimcv/plugins/imv_attestation/imv_attestation_process.c
index 89a1f02cf..fbeb6618e 100644
--- a/src/libimcv/plugins/imv_attestation/imv_attestation_process.c
+++ b/src/libimcv/plugins/imv_attestation/imv_attestation_process.c
@@ -134,11 +134,11 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg,
}
responder_value = attr_cast->get_responder_value(attr_cast);
- pts->set_peer_public_value(pts, responder_value,
- responder_nonce);
/* Calculate secret assessment value */
- if (!pts->calculate_secret(pts))
+ if (!pts->set_peer_public_value(pts, responder_value,
+ responder_nonce) ||
+ !pts->calculate_secret(pts))
{
return FALSE;
}
@@ -198,7 +198,7 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg,
e = pts_credmgr->create_trusted_enumerator(pts_credmgr,
KEY_ANY, aik->get_issuer(aik), FALSE);
- while (e->enumerate(e, &issuer))
+ while (e->enumerate(e, &issuer, NULL))
{
if (aik->issued_by(aik, issuer, NULL))
{
diff --git a/src/libimcv/plugins/imv_os/Makefile.in b/src/libimcv/plugins/imv_os/Makefile.in
index 36e708fc9..ec3488992 100644
--- a/src/libimcv/plugins/imv_os/Makefile.in
+++ b/src/libimcv/plugins/imv_os/Makefile.in
@@ -232,6 +232,7 @@ DLLIB = @DLLIB@
DLLTOOL = @DLLTOOL@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
+EASY_INSTALL = @EASY_INSTALL@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
@@ -292,10 +293,12 @@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
+PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
+PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -369,6 +372,8 @@ json_CFLAGS = @json_CFLAGS@
json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
+libiptc_CFLAGS = @libiptc_CFLAGS@
+libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
diff --git a/src/libimcv/plugins/imv_scanner/Makefile.in b/src/libimcv/plugins/imv_scanner/Makefile.in
index 2677b339a..08abbf596 100644
--- a/src/libimcv/plugins/imv_scanner/Makefile.in
+++ b/src/libimcv/plugins/imv_scanner/Makefile.in
@@ -226,6 +226,7 @@ DLLIB = @DLLIB@
DLLTOOL = @DLLTOOL@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
+EASY_INSTALL = @EASY_INSTALL@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
@@ -286,10 +287,12 @@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
+PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
+PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -363,6 +366,8 @@ json_CFLAGS = @json_CFLAGS@
json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
+libiptc_CFLAGS = @libiptc_CFLAGS@
+libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
diff --git a/src/libimcv/plugins/imv_swid/Makefile.in b/src/libimcv/plugins/imv_swid/Makefile.in
index 815722f9c..936bee86e 100644
--- a/src/libimcv/plugins/imv_swid/Makefile.in
+++ b/src/libimcv/plugins/imv_swid/Makefile.in
@@ -227,6 +227,7 @@ DLLIB = @DLLIB@
DLLTOOL = @DLLTOOL@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
+EASY_INSTALL = @EASY_INSTALL@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
@@ -287,10 +288,12 @@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
+PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
+PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -364,6 +367,8 @@ json_CFLAGS = @json_CFLAGS@
json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
+libiptc_CFLAGS = @libiptc_CFLAGS@
+libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
diff --git a/src/libimcv/plugins/imv_test/Makefile.in b/src/libimcv/plugins/imv_test/Makefile.in
index 66da75a1e..8e0e22353 100644
--- a/src/libimcv/plugins/imv_test/Makefile.in
+++ b/src/libimcv/plugins/imv_test/Makefile.in
@@ -225,6 +225,7 @@ DLLIB = @DLLIB@
DLLTOOL = @DLLTOOL@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
+EASY_INSTALL = @EASY_INSTALL@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
@@ -285,10 +286,12 @@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
+PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
+PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -362,6 +365,8 @@ json_CFLAGS = @json_CFLAGS@
json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
+libiptc_CFLAGS = @libiptc_CFLAGS@
+libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
diff --git a/src/libimcv/pts/components/ita/ita_comp_tboot.c b/src/libimcv/pts/components/ita/ita_comp_tboot.c
index 273c18f31..ce318ec84 100644
--- a/src/libimcv/pts/components/ita/ita_comp_tboot.c
+++ b/src/libimcv/pts/components/ita/ita_comp_tboot.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2014 Andreas Steffen
+ * Copyright (C) 2011-2015 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -61,11 +61,6 @@ struct pts_ita_comp_tboot_t {
int cid;
/**
- * Primary key for AIK database entry
- */
- int kid;
-
- /**
* Component is registering measurements
*/
bool is_registering;
@@ -243,7 +238,7 @@ METHOD(pts_component_t, verify, status_t,
else
{
status = this->pts_db->check_comp_measurement(this->pts_db,
- measurement, this->cid, this->kid,
+ measurement, this->cid, this->aik_id,
++this->seq_no, extended_pcr, algo);
if (status != SUCCESS)
{
diff --git a/src/libimcv/pts/pts.c b/src/libimcv/pts/pts.c
index 2fff4c901..1ca72098e 100644
--- a/src/libimcv/pts/pts.c
+++ b/src/libimcv/pts/pts.c
@@ -224,17 +224,24 @@ METHOD(pts_t, create_dh_nonce, bool,
return TRUE;
}
-METHOD(pts_t, get_my_public_value, void,
+METHOD(pts_t, get_my_public_value, bool,
private_pts_t *this, chunk_t *value, chunk_t *nonce)
{
- this->dh->get_my_public_value(this->dh, value);
+ if (!this->dh->get_my_public_value(this->dh, value))
+ {
+ return FALSE;
+ }
*nonce = this->is_imc ? this->responder_nonce : this->initiator_nonce;
+ return TRUE;
}
-METHOD(pts_t, set_peer_public_value, void,
+METHOD(pts_t, set_peer_public_value, bool,
private_pts_t *this, chunk_t value, chunk_t nonce)
{
- this->dh->set_other_public_value(this->dh, value);
+ if (!this->dh->set_other_public_value(this->dh, value))
+ {
+ return FALSE;
+ }
nonce = chunk_clone(nonce);
if (this->is_imc)
@@ -245,6 +252,7 @@ METHOD(pts_t, set_peer_public_value, void,
{
this->responder_nonce = nonce;
}
+ return TRUE;
}
METHOD(pts_t, calculate_secret, bool,
@@ -264,7 +272,7 @@ METHOD(pts_t, calculate_secret, bool,
DBG3(DBG_PTS, "responder nonce: %B", &this->responder_nonce);
/* Calculate the DH secret */
- if (this->dh->get_shared_secret(this->dh, &shared_secret) != SUCCESS)
+ if (!this->dh->get_shared_secret(this->dh, &shared_secret))
{
DBG1(DBG_PTS, "shared DH secret computation failed");
return FALSE;
diff --git a/src/libimcv/pts/pts.h b/src/libimcv/pts/pts.h
index be32a3464..d525306dd 100644
--- a/src/libimcv/pts/pts.h
+++ b/src/libimcv/pts/pts.h
@@ -143,16 +143,18 @@ struct pts_t {
*
* @param value My public DH value
* @param nonce My DH nonce
+ * @return TRUE if public value retrieved successfully
*/
- void (*get_my_public_value)(pts_t *this, chunk_t *value, chunk_t *nonce);
+ bool (*get_my_public_value)(pts_t *this, chunk_t *value, chunk_t *nonce);
/**
* Set peer Diffie.Hellman public value
*
* @param value Peer public DH value
* @param nonce Peer DH nonce
+ * @return TRUE if public value set successfully
*/
- void (*set_peer_public_value) (pts_t *this, chunk_t value, chunk_t nonce);
+ bool (*set_peer_public_value) (pts_t *this, chunk_t value, chunk_t nonce);
/**
* Calculates assessment secret to be used for TPM Quote as ExternalData
diff --git a/src/libimcv/seg/seg_env.c b/src/libimcv/seg/seg_env.c
index c47ce2934..f38419248 100644
--- a/src/libimcv/seg/seg_env.c
+++ b/src/libimcv/seg/seg_env.c
@@ -219,6 +219,7 @@ seg_env_t *seg_env_create(uint32_t base_attr_id, pa_tnc_attr_t *base_attr,
if (max_seg_size < PA_TNC_ATTR_HEADER_SIZE ||
max_seg_size >= PA_TNC_ATTR_HEADER_SIZE + value.len)
{
+ base_attr->destroy(base_attr);
return NULL;
}
@@ -233,7 +234,7 @@ seg_env_t *seg_env_create(uint32_t base_attr_id, pa_tnc_attr_t *base_attr,
.destroy = _destroy,
},
.base_attr_id = base_attr_id,
- .base_attr = base_attr->get_ref(base_attr),
+ .base_attr = base_attr,
.max_seg_size = max_seg_size,
.data = base_attr->get_value(base_attr),
);
diff --git a/src/libimcv/seg/seg_env.h b/src/libimcv/seg/seg_env.h
index 08d33d752..611f9a98a 100644
--- a/src/libimcv/seg/seg_env.h
+++ b/src/libimcv/seg/seg_env.h
@@ -98,7 +98,7 @@ struct seg_env_t {
* Create a PA-TNC attribute segment envelope object
*
* @param base_attr_id Base Attribute ID
- * @param base_attr Base Attribute to be segmented
+ * @param base_attr Base Attribute to be segmented, owned by seg_env_t
* @param max_seg_size Maximum segment size
*/
seg_env_t* seg_env_create(uint32_t base_attr_id, pa_tnc_attr_t *base_attr,
diff --git a/src/libimcv/suites/test_imcv_seg.c b/src/libimcv/suites/test_imcv_seg.c
index 469b1110d..8b51eda05 100644
--- a/src/libimcv/suites/test_imcv_seg.c
+++ b/src/libimcv/suites/test_imcv_seg.c
@@ -64,10 +64,11 @@ START_TEST(test_imcv_seg_env)
libimcv_init(FALSE);
max_seg_size = seg_env_tests[_i].max_seg_size;
last_seg_size = seg_env_tests[_i].last_seg_size;
+
base_attr = ita_attr_command_create(command);
base_attr->build(base_attr);
-
seg_env = seg_env_create(id, base_attr, max_seg_size);
+
if (seg_env_tests[_i].next_segs == 0)
{
ck_assert(seg_env == NULL);
@@ -156,7 +157,6 @@ START_TEST(test_imcv_seg_env)
seg_env1->destroy(seg_env1);
base_attr1->destroy(base_attr1);
}
- base_attr->destroy(base_attr);
libimcv_deinit();
}
END_TEST
@@ -226,7 +226,6 @@ START_TEST(test_imcv_seg_env_special)
/* cleanup */
attr->destroy(attr);
seg_env->destroy(seg_env);
- base_attr->destroy(base_attr);
}
END_TEST
@@ -306,7 +305,8 @@ START_TEST(test_imcv_seg_contract)
TRUE, issuer_id, FALSE);
contract_r = seg_contract_create(msg_type, max_attr_size, max_seg_size,
FALSE, issuer_id, TRUE);
- attr = contract_r->first_segment(contract_r, base_attr_r);
+ attr = contract_r->first_segment(contract_r,
+ base_attr_r->get_ref(base_attr_r));
if (seg_env_tests[_i].next_segs == 0)
{
@@ -422,8 +422,8 @@ START_TEST(test_imcv_seg_contract_special)
ck_assert(!oversize);
/* get first segment of each base attribute */
- attr1_f = contract_r->first_segment(contract_r, base_attr1_r);
- attr2_f = contract_r->first_segment(contract_r, base_attr2_r);
+ attr1_f = contract_r->first_segment(contract_r, base_attr1_r->get_ref(base_attr1_r));
+ attr2_f = contract_r->first_segment(contract_r, base_attr2_r->get_ref(base_attr2_r));
ck_assert(attr1_f);
ck_assert(attr2_f);
seg_env_attr1 = (tcg_seg_attr_seg_env_t*)attr1_f;
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_file_meas.c b/src/libimcv/tcg/pts/tcg_pts_attr_file_meas.c
index 5b4cc273b..397882926 100644
--- a/src/libimcv/tcg/pts/tcg_pts_attr_file_meas.c
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_file_meas.c
@@ -242,6 +242,8 @@ METHOD(pa_tnc_attr_t, process, status_t,
this->count--;
}
+ status = SUCCESS;
+
if (this->length != this->offset)
{
DBG1(DBG_TNC, "inconsistent length for %N/%N", pen_names, PEN_TCG,
@@ -249,7 +251,6 @@ METHOD(pa_tnc_attr_t, process, status_t,
*offset = this->offset;
status = FAILED;
}
- status = SUCCESS;
end:
reader->destroy(reader);