char *product, *package, *release, *cur_release;
chunk_t name, version;
os_type_t os_type;
- os_package_state_t package_state;
- int pid, gid;
+ int pid, gid, security, blacklist;
int count = 0, count_ok = 0, count_no_match = 0, count_blacklist = 0;
enumerator_t *e;
status_t status = SUCCESS;
/* Enumerate over all acceptable versions */
e = this->db->query(this->db,
- "SELECT release, security FROM versions "
+ "SELECT release, security, blacklist FROM versions "
"WHERE product = ? AND package = ?",
- DB_INT, pid, DB_INT, gid, DB_TEXT, DB_INT);
+ DB_INT, pid, DB_INT, gid, DB_TEXT, DB_INT, DB_INT);
if (!e)
{
free(package);
found = FALSE;
match = FALSE;
- while (e->enumerate(e, &cur_release, &package_state))
+ while (e->enumerate(e, &cur_release, &security, &blacklist))
{
found = TRUE;
if (streq(release, cur_release) || streq("*", cur_release))
{
if (match)
{
- if (package_state == OS_PACKAGE_STATE_BLACKLIST)
+ if (blacklist)
{
DBG2(DBG_IMV, "package '%s' (%s) is blacklisted",
package, release);
count_blacklist++;
- state->add_bad_package(state, package, package_state);
+ state->add_bad_package(state, package,
+ OS_PACKAGE_STATE_BLACKLIST);
}
else
{
- DBG2(DBG_IMV, "package '%s' (%s)%N is ok", package, release,
- os_package_state_names, package_state);
+ DBG2(DBG_IMV, "package '%s' (%s)%s is ok", package, release,
+ security ? " [s]" : "");
count_ok++;
}
}
{
DBG1(DBG_IMV, "package '%s' (%s) no match", package, release);
count_no_match++;
- state->add_bad_package(state, package, package_state);
+ state->add_bad_package(state, package,
+ OS_PACKAGE_STATE_SECURITY);
}
}
else
bool utc;
/**
- * Package security state
+ * Package security or blacklist state
*/
- os_package_state_t security;
+ os_package_state_t package_state;
/**
* Sequence number for ordering entries
this->relative = TRUE;
}
-METHOD(attest_db_t, set_security, void,
- private_attest_db_t *this, os_package_state_t security)
+METHOD(attest_db_t, set_package_state, void,
+ private_attest_db_t *this, os_package_state_t package_state)
{
- this->security = security;
+ this->package_state = package_state;
}
METHOD(attest_db_t, set_sequence, void,
{
enumerator_t *e;
char *package, *version;
- os_package_state_t security;
- int gid, gid_old = 0, spaces, count = 0, t;
+ os_package_state_t package_state;
+ int blacklist, security, gid, gid_old = 0, spaces, count = 0, t;
time_t timestamp;
if (this->pid)
{
e = this->db->query(this->db,
- "SELECT p.id, p.name, v.release, v.security, v.time "
+ "SELECT p.id, p.name, "
+ "v.release, v.security, v.blacklist, v.time "
"FROM packages AS p JOIN versions AS v ON v.package = p.id "
"WHERE v.product = ? ORDER BY p.name, v.release",
- DB_INT, this->pid, DB_INT, DB_TEXT, DB_TEXT, DB_INT, DB_INT);
+ DB_INT, this->pid,
+ DB_INT, DB_TEXT, DB_TEXT, DB_INT, DB_INT, DB_INT);
if (e)
{
- while (e->enumerate(e, &gid, &package, &version, &security, &t))
+ while (e->enumerate(e, &gid, &package,
+ &version, &security, &blacklist, &t))
{
if (gid != gid_old)
{
}
}
timestamp = t;
+ if (blacklist)
+ {
+ package_state = OS_PACKAGE_STATE_BLACKLIST;
+ }
+ else
+ {
+ package_state = security ? OS_PACKAGE_STATE_SECURITY :
+ OS_PACKAGE_STATE_UPDATE;
+ }
printf(" %T (%s)%N\n", ×tamp, this->utc, version,
- os_package_state_names, security);
+ os_package_state_names, package_state);
count++;
}
e->destroy(e);
if (this->version_set && this->gid && this->pid)
{
time_t t = time(NULL);
+ int security, blacklist;
+
+ security = this->package_state == OS_PACKAGE_STATE_SECURITY;
+ blacklist = this->package_state == OS_PACKAGE_STATE_BLACKLIST;
success = this->db->execute(this->db, NULL,
"INSERT INTO versions "
- "(package, product, release, security, time) "
- "VALUES (?, ?, ?, ?, ?)",
- DB_UINT, this->gid, DB_UINT, this->pid, DB_TEXT,
- this->version, DB_UINT, this->security, DB_INT, t) == 1;
+ "(package, product, release, security, blacklist, time) "
+ "VALUES (?, ?, ?, ?, ?, ?)",
+ DB_UINT, this->gid, DB_INT, this->pid, DB_TEXT,
+ this->version, DB_INT, security, DB_INT, blacklist,
+ DB_INT, t) == 1;
printf("'%s' package %s (%s)%N %sinserted into database\n",
this->product, this->package, this->version,
- os_package_state_names, this->security,
+ os_package_state_names, this->package_state,
success ? "" : "could not be ");
}
return success;
.set_version = _set_version,
.set_algo = _set_algo,
.set_relative = _set_relative,
- .set_security = _set_security,
+ .set_package_state = _set_package_state,
.set_sequence = _set_sequence,
.set_owner = _set_owner,
.set_utc = _set_utc,
projects / thirdparty / strongswan.git / commitdiff
