]> git.ipfire.org Git - thirdparty/strongswan.git/commitdiff
projects / thirdparty / strongswan.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 37c12f9)
libimcv: Reset of IMV state for new measurement cycle
authorAndreas Steffen <andreas.steffen@strongswan.org>
Thu, 26 Jul 2018 15:24:32 +0000 (17:24 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 1 Aug 2018 13:44:49 +0000 (15:44 +0200)
src/libimcv/imv/imv_agent.c patch | blob | blame | history
src/libimcv/imv/imv_state.h patch | blob | blame | history
src/libimcv/plugins/imv_attestation/imv_attestation_state.c patch | blob | blame | history
src/libimcv/plugins/imv_hcd/imv_hcd_state.c patch | blob | blame | history
src/libimcv/plugins/imv_os/imv_os_state.c patch | blob | blame | history
src/libimcv/plugins/imv_scanner/imv_scanner_state.c patch | blob | blame | history
src/libimcv/plugins/imv_swima/imv_swima_agent.c patch | blob | blame | history
src/libimcv/plugins/imv_swima/imv_swima_state.c patch | blob | blame | history
src/libimcv/plugins/imv_test/imv_test_state.c patch | blob | blame | history

diff --git a/src/libimcv/imv/imv_agent.c b/src/libimcv/imv/imv_agent.c
index bb0b3b75ba63bfe2ec7ff62bfb4eea99cf2b7777..f3ccfbf563ed036423b7d887c82558f33a763db8 100644 (file)
--- a/src/libimcv/imv/imv_agent.c
+++ b/src/libimcv/imv/imv_agent.c
@@ -492,6 +492,7 @@ METHOD(imv_agent_t, change_state, TNC_Result,
                                                           imv_state_t **state_p)
 {
        imv_state_t *state;
+       TNC_ConnectionState old_state;
 
        switch (new_state)
        {
@@ -506,7 +507,7 @@ METHOD(imv_agent_t, change_state, TNC_Result,
                                                          this->id, this->name, connection_id);
                                return TNC_RESULT_FATAL;
                        }
-                       state->change_state(state, new_state);
+                       old_state = state->change_state(state, new_state);
                        DBG2(DBG_IMV, "IMV %u \"%s\" changed state of Connection ID %u to '%N'",
                                                  this->id, this->name, connection_id,
                                                  TNC_Connection_State_names, new_state);
@@ -514,6 +515,13 @@ METHOD(imv_agent_t, change_state, TNC_Result,
                        {
                                *state_p = state;
                        }
+                       if (new_state == TNC_CONNECTION_STATE_HANDSHAKE &&
+                               old_state != TNC_CONNECTION_STATE_CREATE)
+                       {
+                               state->reset(state);
+                               DBG2(DBG_IMV, "IMV %u \"%s\" reset state of Connection ID %u",
+                                                          this->id, this->name, connection_id);
+                       }
                        break;
                case TNC_CONNECTION_STATE_CREATE:
                        DBG1(DBG_IMV, "state '%N' should be handled by create_state()",
diff --git a/src/libimcv/imv/imv_state.h b/src/libimcv/imv/imv_state.h
index 30ed612b367f55721d003f6ee22fcc35ef30925b..4571da2fa836be32dd66a90de30be5d3f4431fdb 100644 (file)
--- a/src/libimcv/imv/imv_state.h
+++ b/src/libimcv/imv/imv_state.h
@@ -119,8 +119,10 @@ struct imv_state_t {
         * Change the connection state
         *
         * @param new_state             new connection state
+        * @return                              old connection state
         */
-       void (*change_state)(imv_state_t *this, TNC_ConnectionState new_state);
+       TNC_ConnectionState (*change_state)(imv_state_t *this,
+                                                TNC_ConnectionState new_state);
 
        /**
         * Get IMV action recommendation and evaluation result
@@ -181,6 +183,11 @@ struct imv_state_t {
                                                                                 chunk_t *string, char **lang_code,
                                                                                 char **uri);
 
+       /**
+        * Resets the state for a new measurement cycle triggered by a SRETRY batch
+        */
+       void (*reset)(imv_state_t *this);
+
        /**
         * Destroys an imv_state_t object
         */
diff --git a/src/libimcv/plugins/imv_attestation/imv_attestation_state.c b/src/libimcv/plugins/imv_attestation/imv_attestation_state.c
index d63940797c39d9833c2153584732e83a3ceddee8..3d9e0ab1f2f6d913a32e76a9121742ea7ed040d2 100644 (file)
--- a/src/libimcv/plugins/imv_attestation/imv_attestation_state.c
+++ b/src/libimcv/plugins/imv_attestation/imv_attestation_state.c
@@ -250,10 +250,14 @@ METHOD(imv_state_t, get_contracts, seg_contract_manager_t*,
        return this->contracts;
 }
 
-METHOD(imv_state_t, change_state, void,
+METHOD(imv_state_t, change_state, TNC_ConnectionState,
        private_imv_attestation_state_t *this, TNC_ConnectionState new_state)
 {
+       TNC_ConnectionState old_state;
+
+       old_state = this->state;
        this->state = new_state;
+       return old_state;
 }
 
 METHOD(imv_state_t, get_recommendation, void,
@@ -338,6 +342,24 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
        return FALSE;
 }
 
+METHOD(imv_state_t, reset, void,
+       private_imv_attestation_state_t *this)
+{
+       DESTROY_IF(this->reason_string);
+       this->reason_string = NULL;
+       this->rec  = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION;
+       this->eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
+
+       this->action_flags = 0;
+
+       this->handshake_state = IMV_ATTESTATION_STATE_INIT;
+       this->measurement_error = 0;
+       this->components->destroy_function(this->components, (void *)free_func_comp);
+       this->components = linked_list_create();
+       this->pts->destroy(this->pts);
+       this->pts = pts_create(FALSE);
+}
+
 METHOD(imv_state_t, destroy, void,
        private_imv_attestation_state_t *this)
 {
@@ -532,6 +554,7 @@ imv_state_t *imv_attestation_state_create(TNC_ConnectionID connection_id)
                                .update_recommendation = _update_recommendation,
                                .get_reason_string = _get_reason_string,
                                .get_remediation_instructions = _get_remediation_instructions,
+                               .reset = _reset,
                                .destroy = _destroy,
                        },
                        .get_handshake_state = _get_handshake_state,
diff --git a/src/libimcv/plugins/imv_hcd/imv_hcd_state.c b/src/libimcv/plugins/imv_hcd/imv_hcd_state.c
index bfe6dd6190e7ce3015de08f8e377b565bf0f5b6f..e2b6eaed9f38e271e09b2320b922c693a5ad5db3 100644 (file)
--- a/src/libimcv/plugins/imv_hcd/imv_hcd_state.c
+++ b/src/libimcv/plugins/imv_hcd/imv_hcd_state.c
@@ -213,10 +213,14 @@ METHOD(imv_state_t, update_recommendation, void,
        this->eval = tncif_policy_update_evaluation(this->eval, eval);
 }
 
-METHOD(imv_state_t, change_state, void,
+METHOD(imv_state_t, change_state, TNC_ConnectionState,
        private_imv_hcd_state_t *this, TNC_ConnectionState new_state)
 {
+       TNC_ConnectionState old_state;
+
+       old_state = this->state;
        this->state = new_state;
+       return old_state;
 }
 
 METHOD(imv_state_t, get_reason_string, bool,
@@ -246,6 +250,24 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
        return FALSE;
 }
 
+METHOD(imv_state_t, reset, void,
+       private_imv_hcd_state_t *this)
+{
+       DESTROY_IF(this->reason_string);
+       this->reason_string = NULL;
+       this->rec  = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION;
+       this->eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
+
+       this->handshake_state = IMV_HCD_STATE_INIT;
+       this->subtype_action_flags[0].action_flags = IMV_HCD_ATTR_NONE;
+       this->subtype_action_flags[1].action_flags = IMV_HCD_ATTR_SYSTEM_ONLY;
+       this->subtype_action_flags[2].action_flags = IMV_HCD_ATTR_SYSTEM_ONLY;
+       this->subtype_action_flags[3].action_flags = IMV_HCD_ATTR_SYSTEM_ONLY;
+       this->subtype_action_flags[4].action_flags = IMV_HCD_ATTR_SYSTEM_ONLY;
+       this->subtype_action_flags[5].action_flags = IMV_HCD_ATTR_SYSTEM_ONLY;
+       this->action_flags = &this->subtype_action_flags[0].action_flags;
+}
+
 METHOD(imv_state_t, destroy, void,
        private_imv_hcd_state_t *this)
 {
@@ -320,6 +342,7 @@ imv_state_t *imv_hcd_state_create(TNC_ConnectionID connection_id)
                                .update_recommendation = _update_recommendation,
                                .get_reason_string = _get_reason_string,
                                .get_remediation_instructions = _get_remediation_instructions,
+                               .reset = _reset,
                                .destroy = _destroy,
                        },
                        .set_handshake_state = _set_handshake_state,
diff --git a/src/libimcv/plugins/imv_os/imv_os_state.c b/src/libimcv/plugins/imv_os/imv_os_state.c
index af5daf0fc9e3cca11cfd35133ce657d79a1631ce..dd8fcf594db25f48f94d645aad3f220b51e2ea3f 100644 (file)
--- a/src/libimcv/plugins/imv_os/imv_os_state.c
+++ b/src/libimcv/plugins/imv_os/imv_os_state.c
@@ -362,10 +362,14 @@ METHOD(imv_state_t, update_recommendation, void,
        this->eval = tncif_policy_update_evaluation(this->eval, eval);
 }
 
-METHOD(imv_state_t, change_state, void,
+METHOD(imv_state_t, change_state, TNC_ConnectionState,
        private_imv_os_state_t *this, TNC_ConnectionState new_state)
 {
+       TNC_ConnectionState old_state;
+
+       old_state = this->state;
        this->state = new_state;
+       return old_state;
 }
 
 METHOD(imv_state_t, get_reason_string, bool,
@@ -466,6 +470,32 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
        return TRUE;
 }
 
+METHOD(imv_state_t, reset, void,
+       private_imv_os_state_t *this)
+{
+       DESTROY_IF(this->reason_string);
+       DESTROY_IF(this->remediation_string);
+       this->reason_string = NULL;
+       this->remediation_string = NULL;
+       this->rec  = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION;
+       this->eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
+
+       this->action_flags = 0;
+
+       this->handshake_state = IMV_OS_STATE_INIT;
+       this->count = 0;
+       this->count_security = 0;
+       this->count_blacklist = 0;
+       this->count_ok = 0;
+       this->os_settings = 0;
+       this->missing = 0;
+
+       this->update_packages->destroy_function(this->update_packages, free);
+       this->remove_packages->destroy_function(this->remove_packages, free);
+       this->update_packages = linked_list_create();
+       this->remove_packages = linked_list_create();
+}
+
 METHOD(imv_state_t, destroy, void,
        private_imv_os_state_t *this)
 {
@@ -590,6 +620,7 @@ imv_state_t *imv_os_state_create(TNC_ConnectionID connection_id)
                                .update_recommendation = _update_recommendation,
                                .get_reason_string = _get_reason_string,
                                .get_remediation_instructions = _get_remediation_instructions,
+                               .reset = _reset,
                                .destroy = _destroy,
                        },
                        .set_handshake_state = _set_handshake_state,
diff --git a/src/libimcv/plugins/imv_scanner/imv_scanner_state.c b/src/libimcv/plugins/imv_scanner/imv_scanner_state.c
index 8f9593f179dd9fad6435ce9fee5b1ace3d386de0..64ab5c4eb67194268e3d31bd270947901224a331 100644 (file)
--- a/src/libimcv/plugins/imv_scanner/imv_scanner_state.c
+++ b/src/libimcv/plugins/imv_scanner/imv_scanner_state.c
@@ -222,10 +222,14 @@ METHOD(imv_state_t, get_contracts, seg_contract_manager_t*,
        return this->contracts;
 }
 
-METHOD(imv_state_t, change_state, void,
+METHOD(imv_state_t, change_state, TNC_ConnectionState,
        private_imv_scanner_state_t *this, TNC_ConnectionState new_state)
 {
+       TNC_ConnectionState old_state;
+
+       old_state = this->state;
        this->state = new_state;
+       return old_state;
 }
 
 METHOD(imv_state_t, get_recommendation, void,
@@ -303,6 +307,26 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
        return TRUE;
 }
 
+METHOD(imv_state_t, reset, void,
+       private_imv_scanner_state_t *this)
+{
+       DESTROY_IF(this->reason_string);
+       DESTROY_IF(this->remediation_string);
+       this->reason_string = NULL;
+       this->remediation_string = NULL;
+       this->rec  = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION;
+       this->eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
+
+       this->action_flags = 0;
+
+       this->handshake_state = IMV_SCANNER_STATE_INIT;
+
+       DESTROY_IF(&this->port_filter_attr->pa_tnc_attribute);
+       this->port_filter_attr = NULL;
+       this->violating_ports->destroy_function(this->violating_ports, free);
+       this->violating_ports = linked_list_create();
+}
+
 METHOD(imv_state_t, destroy, void,
        private_imv_scanner_state_t *this)
 {
@@ -373,6 +397,7 @@ imv_state_t *imv_scanner_state_create(TNC_ConnectionID connection_id)
                                .update_recommendation = _update_recommendation,
                                .get_reason_string = _get_reason_string,
                                .get_remediation_instructions = _get_remediation_instructions,
+                               .reset = _reset,
                                .destroy = _destroy,
                        },
                        .set_handshake_state = _set_handshake_state,
@@ -391,5 +416,3 @@ imv_state_t *imv_scanner_state_create(TNC_ConnectionID connection_id)
 
        return &this->public.interface;
 }
-
-
diff --git a/src/libimcv/plugins/imv_swima/imv_swima_agent.c b/src/libimcv/plugins/imv_swima/imv_swima_agent.c
index 377c89d3d832d1d2bd4a89d6f1b87c16cd7ad148..52f1baf03752a1e8e357417f4b62e919edb8ae55 100644 (file)
--- a/src/libimcv/plugins/imv_swima/imv_swima_agent.c
+++ b/src/libimcv/plugins/imv_swima/imv_swima_agent.c
@@ -90,19 +90,12 @@ METHOD(imv_agent_if_t, notify_connection_change, TNC_Result,
        TNC_ConnectionState new_state)
 {
        imv_state_t *state;
-       imv_swima_state_t *swima_state;
 
        switch (new_state)
        {
                case TNC_CONNECTION_STATE_CREATE:
                        state = imv_swima_state_create(id);
                        return this->agent->create_state(this->agent, state);
-               case TNC_CONNECTION_STATE_HANDSHAKE:
-                       this->agent->change_state(this->agent, id, new_state, &state);
-                       state->set_action_flags(state, 0);
-                       swima_state = (imv_swima_state_t*)state;
-                       swima_state->set_handshake_state(swima_state, IMV_SWIMA_STATE_INIT);
-                       return TNC_RESULT_SUCCESS;
                case TNC_CONNECTION_STATE_DELETE:
                        return this->agent->delete_state(this->agent, id);
                default:
diff --git a/src/libimcv/plugins/imv_swima/imv_swima_state.c b/src/libimcv/plugins/imv_swima/imv_swima_state.c
index bcacce0b3f35dc14433d3342c13a7a797be2bfe6..7d9631d3fa6aaea5a7576aa3c37268cf98c891c5 100644 (file)
--- a/src/libimcv/plugins/imv_swima/imv_swima_state.c
+++ b/src/libimcv/plugins/imv_swima/imv_swima_state.c
@@ -182,16 +182,7 @@ METHOD(imv_state_t, get_max_msg_len, uint32_t,
 METHOD(imv_state_t, set_action_flags, void,
        private_imv_swima_state_t *this, uint32_t flags)
 {
-       if (flags == 0)
-       {
-               /* reset action flags */
-               this->action_flags = 0;
-       }
-       else
-       {
-               /* add flags */
-               this->action_flags |= flags;
-       }
+       this->action_flags |= flags;
 }
 
 METHOD(imv_state_t, get_action_flags, uint32_t,
@@ -218,10 +209,14 @@ METHOD(imv_state_t, get_contracts, seg_contract_manager_t*,
        return this->contracts;
 }
 
-METHOD(imv_state_t, change_state, void,
+METHOD(imv_state_t, change_state, TNC_ConnectionState,
        private_imv_swima_state_t *this, TNC_ConnectionState new_state)
 {
+       TNC_ConnectionState old_state;
+
+       old_state = this->state;
        this->state = new_state;
+       return old_state;
 }
 
 METHOD(imv_state_t, get_recommendation, void,
@@ -262,13 +257,28 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
        return FALSE;
 }
 
+METHOD(imv_state_t, reset, void,
+       private_imv_swima_state_t *this)
+{
+       this->rec  = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION;
+       this->eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
+
+       this->action_flags = 0;
+
+       this->handshake_state = IMV_SWIMA_STATE_INIT;
+       this->sw_id_count = 0;
+       this->tag_count = 0;
+       this->missing = 0;
+
+       json_object_put(this->jobj);
+       this->jobj = json_object_new_object();
+}
+
 METHOD(imv_state_t, destroy, void,
        private_imv_swima_state_t *this)
 {
        json_object_put(this->jobj);
        DESTROY_IF(this->session);
-       DESTROY_IF(this->reason_string);
-       DESTROY_IF(this->remediation_string);
        this->contracts->destroy(this->contracts);
        free(this);
 }
@@ -479,6 +489,7 @@ imv_state_t *imv_swima_state_create(TNC_ConnectionID connection_id)
                                .update_recommendation = _update_recommendation,
                                .get_reason_string = _get_reason_string,
                                .get_remediation_instructions = _get_remediation_instructions,
+                               .reset = _reset,
                                .destroy = _destroy,
                        },
                        .set_handshake_state = _set_handshake_state,
diff --git a/src/libimcv/plugins/imv_test/imv_test_state.c b/src/libimcv/plugins/imv_test/imv_test_state.c
index c20d00bd1047006acc9e9850b18b75cda8909e12..fe6bf18b2de83ff7eee5c2aa78b97bea35c25d50 100644 (file)
--- a/src/libimcv/plugins/imv_test/imv_test_state.c
+++ b/src/libimcv/plugins/imv_test/imv_test_state.c
@@ -173,10 +173,14 @@ METHOD(imv_state_t, get_contracts, seg_contract_manager_t*,
        return this->contracts;
 }
 
-METHOD(imv_state_t, change_state, void,
+METHOD(imv_state_t, change_state, TNC_ConnectionState,
        private_imv_test_state_t *this, TNC_ConnectionState new_state)
 {
+       TNC_ConnectionState old_state;
+
+       old_state = this->state;
        this->state = new_state;
+       return old_state;
 }
 
 METHOD(imv_state_t, get_recommendation, void,
@@ -226,6 +230,20 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
        return FALSE;
 }
 
+METHOD(imv_state_t, reset, void,
+       private_imv_test_state_t *this)
+{
+       DESTROY_IF(this->reason_string);
+       this->reason_string = NULL;
+       this->rec  = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION;
+       this->eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
+
+       this->imcs->destroy_function(this->imcs, free);
+       this->imcs = linked_list_create();
+
+}
+
+
 METHOD(imv_state_t, destroy, void,
        private_imv_test_state_t *this)
 {
@@ -326,6 +344,7 @@ imv_state_t *imv_test_state_create(TNC_ConnectionID connection_id)
                                .update_recommendation = _update_recommendation,
                                .get_reason_string = _get_reason_string,
                                .get_remediation_instructions = _get_remediation_instructions,
+                               .reset = _reset,
                                .destroy = _destroy,
                        },
                        .add_imc = _add_imc,
Unnamed repository; edit this file 'description' to name the repository.