{ PEN_TCG, PA_SUBTYPE_TCG_SWID }
};
+/**
+ * Flag set when corresponding attribute has been received
+ */
+enum imv_swid_attr_t {
+ IMV_SWID_ATTR_TAG_INV = (1<<0),
+ IMV_SWID_ATTR_TAG_ID_INV = (1<<1)
+};
+
/**
* Private data of an imv_swid_agent_t object.
*/
enumerator = in_msg->create_attribute_enumerator(in_msg);
while (enumerator->enumerate(enumerator, &attr))
{
- TNC_IMV_Evaluation_Result eval;
- TNC_IMV_Action_Recommendation rec;
pen_type_t type;
uint32_t request_id, last_eid, eid_epoch;
swid_inventory_t *inventory;
int tag_count;
- char result_str[BUF_LEN], *tag_item;
+ char *tag_item;
imv_workitem_t *workitem, *found = NULL;
enumerator_t *et, *ew;
{
case ITA_ATTR_START_ANGEL:
swid_state->set_angel_count(swid_state, TRUE);
- break;
+ continue;
case ITA_ATTR_STOP_ANGEL:
swid_state->set_angel_count(swid_state, FALSE);
- break;
+ continue;
default:
- break;
+ continue;
}
}
else if (type.vendor_id != PEN_TCG)
swid_tag_id_t *tag_id;
chunk_t tag_creator, unique_sw_id;
+ state->set_action_flags(state, IMV_SWID_ATTR_TAG_ID_INV);
+
attr_cast = (tcg_swid_attr_tag_id_inv_t*)attr;
request_id = attr_cast->get_request_id(attr_cast);
last_eid = attr_cast->get_last_eid(attr_cast, &eid_epoch);
swid_tag_t *tag;
chunk_t tag_encoding;
+ state->set_action_flags(state, IMV_SWID_ATTR_TAG_INV);
+
attr_cast = (tcg_swid_attr_tag_inv_t*)attr;
request_id = attr_cast->get_request_id(attr_cast);
last_eid = attr_cast->get_last_eid(attr_cast, &eid_epoch);
default:
continue;
}
- tag_count = inventory->get_count(inventory);
- swid_state->set_count(swid_state, tag_count);
ew = session->create_workitem_enumerator(session);
while (ew->enumerate(ew, &workitem))
break;
}
}
- if (!found)
+ if (found)
{
- DBG1(DBG_IMV, "no workitem found for SWID %s inventory "
- "with request ID %d", tag_item, request_id);
- ew->destroy(ew);
- continue;
+ /* accumulate the swid tag [ID] count */
+ tag_count = inventory->get_count(inventory);
+ swid_state->set_count(swid_state, tag_count);
}
-
- if (!swid_state->get_angel_count(swid_state))
+ else
{
- swid_state->get_count(swid_state, &tag_count);
- snprintf(result_str, BUF_LEN, "received inventory of %d SWID %s%s",
- tag_count, tag_item, (tag_count == 1) ? "" : "s");
- session->remove_workitem(session, ew);
- ew->destroy(ew);
-
- eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT;
- rec = found->set_result(found, result_str, eval);
- state->update_recommendation(state, rec, eval);
- imcv_db->finalize_workitem(imcv_db, found);
- found->destroy(found);
+ DBG1(DBG_IMV, "no workitem found for SWID %s inventory "
+ "with request ID %d", tag_item, request_id);
}
+ ew->destroy(ew);
}
enumerator->destroy(enumerator);
TNC_IMVID imv_id;
TNC_Result result = TNC_RESULT_SUCCESS;
bool no_workitems = TRUE;
- uint32_t request_id;
+ uint32_t request_id, received;
uint8_t flags;
enumerator_t *enumerator;
}
}
+ received = state->get_action_flags(state);
+
+ if (handshake_state == IMV_SWID_STATE_WORKITEMS &&
+ (received & (IMV_SWID_ATTR_TAG_INV|IMV_SWID_ATTR_TAG_ID_INV)) &&
+ swid_state->get_angel_count(swid_state) <= 0)
+ {
+ TNC_IMV_Evaluation_Result eval;
+ TNC_IMV_Action_Recommendation rec;
+ char result_str[BUF_LEN], *tag_item;
+ int tag_count;
+
+ enumerator = session->create_workitem_enumerator(session);
+ while (enumerator->enumerate(enumerator, &workitem))
+ {
+ if (workitem->get_type(workitem) == IMV_WORKITEM_SWID_TAGS)
+ {
+ swid_state->get_count(swid_state, &tag_count);
+ tag_item = (received & IMV_SWID_ATTR_TAG_INV) ? "" : " ID";
+ snprintf(result_str, BUF_LEN, "received inventory of %d "
+ "SWID tag%s%s", tag_count, tag_item,
+ (tag_count == 1) ? "" : "s");
+ session->remove_workitem(session, enumerator);
+
+ eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT;
+ rec = workitem->set_result(workitem, result_str, eval);
+ state->update_recommendation(state, rec, eval);
+ imcv_db->finalize_workitem(imcv_db, workitem);
+ workitem->destroy(workitem);
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ }
+
/* finalized all workitems ? */
if (handshake_state == IMV_SWID_STATE_WORKITEMS &&
session->get_workitem_count(session, imv_id) == 0)
--- /dev/null
+/* Devices */
+
+INSERT INTO devices ( /* 1 */
+ value, product, created
+) VALUES (
+ 'aabbccddeeff11223344556677889900', 40, 1372330615
+);
+
+/* Groups Members */
+
+INSERT INTO groups_members (
+ group_id, device_id
+) VALUES (
+ 10, 1
+);
+
+/* Identities */
+
+INSERT INTO identities (
+ type, value
+) VALUES ( /* dave@strongswan.org */
+ 5, X'64617665'
+);
+
+/* Sessions */
+
+INSERT INTO sessions (
+ time, connection, identity, device, product, rec
+) VALUES (
+ NOW, 1, 1, 1, 40, 0
+);
+
+/* Results */
+
+INSERT INTO results (
+ session, policy, rec, result
+) VALUES (
+ 1, 1, 0, 'processed 355 packages: 0 not updated, 0 blacklisted, 4 ok, 351 not found'
+);
+
+/* Enforcements */
+
+INSERT INTO enforcements (
+ policy, group_id, max_age, rec_fail, rec_noresult
+) VALUES (
+ 3, 10, 0, 2, 2
+);
+
+INSERT INTO enforcements (
+ policy, group_id, max_age
+) VALUES (
+ 17, 2, 86400
+);
+
+INSERT INTO enforcements (
+ policy, group_id, max_age
+) VALUES (
+ 18, 10, 86400
+);
+
+DELETE FROM enforcements WHERE id = 1;
projects / thirdparty / strongswan.git / commitdiff
