From: Andreas Steffen Date: Tue, 31 Jul 2018 12:06:21 +0000 (+0200) Subject: libimcv: Reset of IMC state for new measurement cycle X-Git-Tag: 5.7.0dr8~1^2~1 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=731e043c8e072832e9c75c7cf609b5f7a63b43c8;p=thirdparty%2Fstrongswan.git libimcv: Reset of IMC state for new measurement cycle --- diff --git a/src/libimcv/imc/imc_agent.c b/src/libimcv/imc/imc_agent.c index fb59cfaad5..ec44d587fe 100644 --- a/src/libimcv/imc/imc_agent.c +++ b/src/libimcv/imc/imc_agent.c @@ -410,6 +410,7 @@ METHOD(imc_agent_t, change_state, TNC_Result, imc_state_t **state_p) { imc_state_t *state; + TNC_ConnectionState old_state; switch (new_state) { @@ -425,7 +426,7 @@ METHOD(imc_agent_t, change_state, TNC_Result, this->id, this->name, connection_id); return TNC_RESULT_FATAL; } - state->change_state(state, new_state); + old_state = state->change_state(state, new_state); DBG2(DBG_IMC, "IMC %u \"%s\" changed state of Connection ID %u to '%N'", this->id, this->name, connection_id, TNC_Connection_State_names, new_state); @@ -433,6 +434,13 @@ METHOD(imc_agent_t, change_state, TNC_Result, { *state_p = state; } + if (new_state == TNC_CONNECTION_STATE_HANDSHAKE && + old_state != TNC_CONNECTION_STATE_CREATE) + { + state->reset(state); + DBG2(DBG_IMC, "IMC %u \"%s\" reset state of Connection ID %u", + this->id, this->name, connection_id); + } break; case TNC_CONNECTION_STATE_CREATE: DBG1(DBG_IMC, "state '%N' should be handled by create_state()", diff --git a/src/libimcv/imc/imc_state.h b/src/libimcv/imc/imc_state.h index d8aeab9964..bd55f73569 100644 --- a/src/libimcv/imc/imc_state.h +++ b/src/libimcv/imc/imc_state.h @@ -92,8 +92,10 @@ struct imc_state_t { * Change the connection state * * @param new_state new connection state + * @return old connection state */ - void (*change_state)(imc_state_t *this, TNC_ConnectionState new_state); + TNC_ConnectionState (*change_state)(imc_state_t *this, + TNC_ConnectionState new_state); /** * Set the Assessment/Evaluation Result @@ -114,6 +116,11 @@ struct imc_state_t { bool (*get_result)(imc_state_t *this, TNC_IMCID id, TNC_IMV_Evaluation_Result *result); + /** + * Resets the state for a new measurement cycle triggered by a SRETRY batch + */ + void (*reset)(imc_state_t *this); + /** * Destroys an imc_state_t object */ diff --git a/src/libimcv/plugins/imc_attestation/imc_attestation.c b/src/libimcv/plugins/imc_attestation/imc_attestation.c index 0dd88b6a76..f592a51345 100644 --- a/src/libimcv/plugins/imc_attestation/imc_attestation.c +++ b/src/libimcv/plugins/imc_attestation/imc_attestation.c @@ -115,19 +115,8 @@ TNC_Result TNC_IMC_API TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id, case TNC_CONNECTION_STATE_CREATE: state = imc_attestation_state_create(connection_id); return imc_attestation->create_state(imc_attestation, state); - case TNC_CONNECTION_STATE_HANDSHAKE: - if (imc_attestation->change_state(imc_attestation, connection_id, - new_state, &state) != TNC_RESULT_SUCCESS) - { - return TNC_RESULT_FATAL; - } - state->set_result(state, imc_id, - TNC_IMV_EVALUATION_RESULT_DONT_KNOW); - return TNC_RESULT_SUCCESS; case TNC_CONNECTION_STATE_DELETE: return imc_attestation->delete_state(imc_attestation, connection_id); - case TNC_CONNECTION_STATE_ACCESS_ISOLATED: - case TNC_CONNECTION_STATE_ACCESS_NONE: default: return imc_attestation->change_state(imc_attestation, connection_id, new_state, NULL); diff --git a/src/libimcv/plugins/imc_attestation/imc_attestation_state.c b/src/libimcv/plugins/imc_attestation/imc_attestation_state.c index b789a21041..f8e0b8d2ce 100644 --- a/src/libimcv/plugins/imc_attestation/imc_attestation_state.c +++ b/src/libimcv/plugins/imc_attestation/imc_attestation_state.c @@ -131,10 +131,14 @@ METHOD(imc_state_t, get_contracts, seg_contract_manager_t*, return this->contracts; } -METHOD(imc_state_t, change_state, void, +METHOD(imc_state_t, change_state, TNC_ConnectionState, private_imc_attestation_state_t *this, TNC_ConnectionState new_state) { + TNC_ConnectionState old_state; + + old_state = this->state; this->state = new_state; + return old_state; } METHOD(imc_state_t, set_result, void, @@ -155,6 +159,21 @@ METHOD(imc_state_t, get_result, bool, return this->result != TNC_IMV_EVALUATION_RESULT_DONT_KNOW; } +METHOD(imc_state_t, reset, void, + private_imc_attestation_state_t *this) +{ + this->result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW; + + this->components->destroy_offset(this->components, + offsetof(pts_component_t, destroy)); + this->components = linked_list_create(); + this->list->destroy_offset(this->list, + offsetof(pts_comp_evidence_t, destroy)); + this->list = linked_list_create(); + this->pts->destroy(this->pts); + this->pts = pts_create(TRUE); +} + METHOD(imc_state_t, destroy, void, private_imc_attestation_state_t *this) { @@ -238,6 +257,7 @@ imc_state_t *imc_attestation_state_create(TNC_ConnectionID connection_id) .change_state = _change_state, .set_result = _set_result, .get_result = _get_result, + .reset = _reset, .destroy = _destroy, }, .get_pts = _get_pts, diff --git a/src/libimcv/plugins/imc_hcd/imc_hcd.c b/src/libimcv/plugins/imc_hcd/imc_hcd.c index b631683cec..09ba8bc0bd 100644 --- a/src/libimcv/plugins/imc_hcd/imc_hcd.c +++ b/src/libimcv/plugins/imc_hcd/imc_hcd.c @@ -141,15 +141,6 @@ TNC_Result TNC_IMC_API TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id, case TNC_CONNECTION_STATE_CREATE: state = imc_hcd_state_create(connection_id); return imc_hcd->create_state(imc_hcd, state); - case TNC_CONNECTION_STATE_HANDSHAKE: - if (imc_hcd->change_state(imc_hcd, connection_id, new_state, - &state) != TNC_RESULT_SUCCESS) - { - return TNC_RESULT_FATAL; - } - state->set_result(state, imc_id, - TNC_IMV_EVALUATION_RESULT_DONT_KNOW); - return TNC_RESULT_SUCCESS; case TNC_CONNECTION_STATE_DELETE: return imc_hcd->delete_state(imc_hcd, connection_id); default: @@ -348,7 +339,7 @@ static void add_certification_state(imc_msg_t *msg) if (hex_string) { blob = chunk_from_hex(chunk_from_str(hex_string), NULL); - + DBG2(DBG_IMC, " %N: %B", pwg_attr_names, PWG_HCD_CERTIFICATION_STATE, &blob); attr = generic_attr_chunk_create(blob, @@ -373,7 +364,7 @@ static void add_configuration_state(imc_msg_t *msg) if (hex_string) { blob = chunk_from_hex(chunk_from_str(hex_string), NULL); - + DBG2(DBG_IMC, " %N: %B", pwg_attr_names, PWG_HCD_CONFIGURATION_STATE, &blob); attr = generic_attr_chunk_create(blob, @@ -412,7 +403,7 @@ static void add_quadruple(imc_msg_t *msg, char *section, quadruple_t *quad) "%s.plugins.imc-hcd.subtypes.%s.%s.%s.string_version", "", lib->ns, section, quad->section, app); hex_version = lib->settings->get_str(lib->settings, - "%s.plugins.imc-hcd.subtypes.%s.%s.%s.version", + "%s.plugins.imc-hcd.subtypes.%s.%s.%s.version", hex_version_default, lib->ns, section, quad->section, app); /* convert hex string into binary chunk */ diff --git a/src/libimcv/plugins/imc_hcd/imc_hcd_state.c b/src/libimcv/plugins/imc_hcd/imc_hcd_state.c index 60ccdce810..b2207f28a4 100644 --- a/src/libimcv/plugins/imc_hcd/imc_hcd_state.c +++ b/src/libimcv/plugins/imc_hcd/imc_hcd_state.c @@ -110,10 +110,14 @@ METHOD(imc_state_t, get_contracts, seg_contract_manager_t*, return this->contracts; } -METHOD(imc_state_t, change_state, void, +METHOD(imc_state_t, change_state, TNC_ConnectionState, private_imc_hcd_state_t *this, TNC_ConnectionState new_state) { + TNC_ConnectionState old_state; + + old_state = this->state; this->state = new_state; + return old_state; } METHOD(imc_state_t, set_result, void, @@ -134,6 +138,12 @@ METHOD(imc_state_t, get_result, bool, return this->result != TNC_IMV_EVALUATION_RESULT_DONT_KNOW; } +METHOD(imc_state_t, reset, void, + private_imc_hcd_state_t *this) +{ + this->result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW; +} + METHOD(imc_state_t, destroy, void, private_imc_hcd_state_t *this) { @@ -161,6 +171,7 @@ imc_state_t *imc_hcd_state_create(TNC_ConnectionID connection_id) .change_state = _change_state, .set_result = _set_result, .get_result = _get_result, + .reset = _reset, .destroy = _destroy, }, }, diff --git a/src/libimcv/plugins/imc_os/imc_os.c b/src/libimcv/plugins/imc_os/imc_os.c index d7b508ab99..a10492e046 100644 --- a/src/libimcv/plugins/imc_os/imc_os.c +++ b/src/libimcv/plugins/imc_os/imc_os.c @@ -103,15 +103,6 @@ TNC_Result TNC_IMC_API TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id, case TNC_CONNECTION_STATE_CREATE: state = imc_os_state_create(connection_id); return imc_os->create_state(imc_os, state); - case TNC_CONNECTION_STATE_HANDSHAKE: - if (imc_os->change_state(imc_os, connection_id, new_state, - &state) != TNC_RESULT_SUCCESS) - { - return TNC_RESULT_FATAL; - } - state->set_result(state, imc_id, - TNC_IMV_EVALUATION_RESULT_DONT_KNOW); - return TNC_RESULT_SUCCESS; case TNC_CONNECTION_STATE_DELETE: return imc_os->delete_state(imc_os, connection_id); default: diff --git a/src/libimcv/plugins/imc_os/imc_os_state.c b/src/libimcv/plugins/imc_os/imc_os_state.c index a38696a81b..d264547192 100644 --- a/src/libimcv/plugins/imc_os/imc_os_state.c +++ b/src/libimcv/plugins/imc_os/imc_os_state.c @@ -110,10 +110,14 @@ METHOD(imc_state_t, get_contracts, seg_contract_manager_t*, return this->contracts; } -METHOD(imc_state_t, change_state, void, +METHOD(imc_state_t, change_state, TNC_ConnectionState, private_imc_os_state_t *this, TNC_ConnectionState new_state) { + TNC_ConnectionState old_state; + + old_state = this->state; this->state = new_state; + return old_state; } METHOD(imc_state_t, set_result, void, @@ -134,6 +138,12 @@ METHOD(imc_state_t, get_result, bool, return this->result != TNC_IMV_EVALUATION_RESULT_DONT_KNOW; } +METHOD(imc_state_t, reset, void, + private_imc_os_state_t *this) +{ + this->result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW; +} + METHOD(imc_state_t, destroy, void, private_imc_os_state_t *this) { @@ -161,6 +171,7 @@ imc_state_t *imc_os_state_create(TNC_ConnectionID connection_id) .change_state = _change_state, .set_result = _set_result, .get_result = _get_result, + .reset = _reset, .destroy = _destroy, }, }, diff --git a/src/libimcv/plugins/imc_scanner/imc_scanner.c b/src/libimcv/plugins/imc_scanner/imc_scanner.c index 93ed4271b6..c4fc254cf1 100644 --- a/src/libimcv/plugins/imc_scanner/imc_scanner.c +++ b/src/libimcv/plugins/imc_scanner/imc_scanner.c @@ -85,15 +85,6 @@ TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id, case TNC_CONNECTION_STATE_CREATE: state = imc_scanner_state_create(connection_id); return imc_scanner->create_state(imc_scanner, state); - case TNC_CONNECTION_STATE_HANDSHAKE: - if (imc_scanner->change_state(imc_scanner, connection_id, new_state, - &state) != TNC_RESULT_SUCCESS) - { - return TNC_RESULT_FATAL; - } - state->set_result(state, imc_id, - TNC_IMV_EVALUATION_RESULT_DONT_KNOW); - return TNC_RESULT_SUCCESS; case TNC_CONNECTION_STATE_DELETE: return imc_scanner->delete_state(imc_scanner, connection_id); default: diff --git a/src/libimcv/plugins/imc_scanner/imc_scanner_state.c b/src/libimcv/plugins/imc_scanner/imc_scanner_state.c index c1b7a50e4d..2a22148419 100644 --- a/src/libimcv/plugins/imc_scanner/imc_scanner_state.c +++ b/src/libimcv/plugins/imc_scanner/imc_scanner_state.c @@ -110,10 +110,14 @@ METHOD(imc_state_t, get_contracts, seg_contract_manager_t*, return this->contracts; } -METHOD(imc_state_t, change_state, void, +METHOD(imc_state_t, change_state, TNC_ConnectionState, private_imc_scanner_state_t *this, TNC_ConnectionState new_state) { + TNC_ConnectionState old_state; + + old_state = this->state; this->state = new_state; + return old_state; } METHOD(imc_state_t, set_result, void, @@ -134,6 +138,12 @@ METHOD(imc_state_t, get_result, bool, return this->result != TNC_IMV_EVALUATION_RESULT_DONT_KNOW; } +METHOD(imc_state_t, reset, void, + private_imc_scanner_state_t *this) +{ + this->result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW; +} + METHOD(imc_state_t, destroy, void, private_imc_scanner_state_t *this) { @@ -161,6 +171,7 @@ imc_state_t *imc_scanner_state_create(TNC_ConnectionID connection_id) .change_state = _change_state, .set_result = _set_result, .get_result = _get_result, + .reset = _reset, .destroy = _destroy, }, }, diff --git a/src/libimcv/plugins/imc_swima/imc_swima.c b/src/libimcv/plugins/imc_swima/imc_swima.c index 7869a92885..be258d3358 100644 --- a/src/libimcv/plugins/imc_swima/imc_swima.c +++ b/src/libimcv/plugins/imc_swima/imc_swima.c @@ -171,15 +171,6 @@ TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id, case TNC_CONNECTION_STATE_CREATE: state = imc_swima_state_create(connection_id); return imc_swima->create_state(imc_swima, state); - case TNC_CONNECTION_STATE_HANDSHAKE: - if (imc_swima->change_state(imc_swima, connection_id, new_state, - &state) != TNC_RESULT_SUCCESS) - { - return TNC_RESULT_FATAL; - } - state->set_result(state, imc_id, - TNC_IMV_EVALUATION_RESULT_DONT_KNOW); - return TNC_RESULT_SUCCESS; case TNC_CONNECTION_STATE_ACCESS_ALLOWED: case TNC_CONNECTION_STATE_ACCESS_ISOLATED: case TNC_CONNECTION_STATE_ACCESS_NONE: diff --git a/src/libimcv/plugins/imc_swima/imc_swima_state.c b/src/libimcv/plugins/imc_swima/imc_swima_state.c index b985a40360..55d8870558 100644 --- a/src/libimcv/plugins/imc_swima/imc_swima_state.c +++ b/src/libimcv/plugins/imc_swima/imc_swima_state.c @@ -135,10 +135,14 @@ METHOD(imc_state_t, get_contracts, seg_contract_manager_t*, return this->contracts; } -METHOD(imc_state_t, change_state, void, +METHOD(imc_state_t, change_state, TNC_ConnectionState, private_imc_swima_state_t *this, TNC_ConnectionState new_state) { + TNC_ConnectionState old_state; + + old_state = this->state; this->state = new_state; + return old_state; } METHOD(imc_state_t, set_result, void, @@ -159,6 +163,12 @@ METHOD(imc_state_t, get_result, bool, return this->result != TNC_IMV_EVALUATION_RESULT_DONT_KNOW; } +METHOD(imc_state_t, reset, void, + private_imc_swima_state_t *this) +{ + this->result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW; +} + METHOD(imc_state_t, destroy, void, private_imc_swima_state_t *this) { @@ -226,6 +236,7 @@ imc_state_t *imc_swima_state_create(TNC_ConnectionID connection_id) .change_state = _change_state, .set_result = _set_result, .get_result = _get_result, + .reset = _reset, .destroy = _destroy, }, .set_subscription = _set_subscription, diff --git a/src/libimcv/plugins/imc_test/imc_test_state.c b/src/libimcv/plugins/imc_test/imc_test_state.c index 047c825022..86d59a76a5 100644 --- a/src/libimcv/plugins/imc_test/imc_test_state.c +++ b/src/libimcv/plugins/imc_test/imc_test_state.c @@ -141,10 +141,14 @@ METHOD(imc_state_t, get_contracts, seg_contract_manager_t*, return this->contracts; } -METHOD(imc_state_t, change_state, void, +METHOD(imc_state_t, change_state, TNC_ConnectionState, private_imc_test_state_t *this, TNC_ConnectionState new_state) { + TNC_ConnectionState old_state; + + old_state = this->state; this->state = new_state; + return old_state; } METHOD(imc_state_t, set_result, void, @@ -202,6 +206,12 @@ METHOD(imc_state_t, get_result, bool, return eval != TNC_IMV_EVALUATION_RESULT_DONT_KNOW; } +METHOD(imc_state_t, reset, void, + private_imc_test_state_t *this) +{ + /* nothing to reset */ +} + METHOD(imc_state_t, destroy, void, private_imc_test_state_t *this) { @@ -277,6 +287,7 @@ imc_state_t *imc_test_state_create(TNC_ConnectionID connection_id, .change_state = _change_state, .set_result = _set_result, .get_result = _get_result, + .reset = _reset, .destroy = _destroy, }, .get_command = _get_command,