+ else
+ {
+ success = FALSE;
+ }
+
+ /* delete all workitems for this session from the database */
+ if (db->execute(db, NULL,
+ "DELETE FROM workitems WHERE session = ?",
+ DB_UINT, session_id) < 0)
+ {
+ success = FALSE;
+ }
+
+ final_rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION;
+
+ /* retrieve the final recommendation for this session */
+ e = db->query(db,
+ "SELECT rec FROM sessions WHERE id = ?",
+ DB_INT, session_id, DB_INT);
+ if (e)
+ {
+ if (!e->enumerate(e, &final_rec))
+ {
+ success = FALSE;
+ }
+ e->destroy(e);
+ }
+ else
+ {
+ success = FALSE;
+ }
+
+ /* retrieve client IP address for this session */
+ e = db->query(db,
+ "SELECT i.type, i.value FROM identities AS i "
+ "JOIN sessions_identities AS si ON si.identity_id = i.id "
+ "WHERE si.session_id = ? AND (i.type = ? OR i.type = ?)",
+ DB_INT, session_id, DB_INT, TNC_ID_IPV4_ADDR, DB_INT,
+ TNC_ID_IPV6_ADDR, DB_INT, DB_BLOB);
+ if (e)
+ {
+ if (e->enumerate(e, &id_type, &id_value))
+ {
+ ip_address = strndup(id_value.ptr, id_value.len);
+ }
+ else
+ {
+ success = FALSE;
+ }
+ e->destroy(e);
+ }
+ else
+ {
+ success = FALSE;
+ }
+
+ fprintf(stderr, "recommendation for access requestor %s is %N\n",
+ ip_address ? ip_address : "0.0.0.0",
+ TNC_IMV_Action_Recommendation_names, final_rec);
+
+ if (final_rec == TNC_IMV_ACTION_RECOMMENDATION_ALLOW)
+ {
+ format = lib->settings->get_str(lib->settings,
+ "imv_policy_manager.command_allow", NULL);
+ }
+ else
+ {
+ format = lib->settings->get_str(lib->settings,
+ "imv_policy_manager.command_block", NULL);
+ }
+ if (format && ip_address)
+ {
+ /* the IP address can occur at most twice in the command string */
+ snprintf(command, sizeof(command), format, ip_address, ip_address);
+ success = system(command) == 0;
+ fprintf(stderr, "%s system command: %s\n",
+ success ? "successful" : "failed", command);
+ }
+ free(ip_address);
+
+ return success;