From: Andreas Steffen Date: Thu, 26 Jul 2018 15:24:32 +0000 (+0200) Subject: libimcv: Reset of IMV state for new measurement cycle X-Git-Tag: 5.7.0dr8~1^2~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=25973c0350d78de0d777335d2c078bc23dde03ec;p=thirdparty%2Fstrongswan.git libimcv: Reset of IMV state for new measurement cycle --- diff --git a/src/libimcv/imv/imv_agent.c b/src/libimcv/imv/imv_agent.c index bb0b3b75ba..f3ccfbf563 100644 --- a/src/libimcv/imv/imv_agent.c +++ b/src/libimcv/imv/imv_agent.c @@ -492,6 +492,7 @@ METHOD(imv_agent_t, change_state, TNC_Result, imv_state_t **state_p) { imv_state_t *state; + TNC_ConnectionState old_state; switch (new_state) { @@ -506,7 +507,7 @@ METHOD(imv_agent_t, change_state, TNC_Result, this->id, this->name, connection_id); return TNC_RESULT_FATAL; } - state->change_state(state, new_state); + old_state = state->change_state(state, new_state); DBG2(DBG_IMV, "IMV %u \"%s\" changed state of Connection ID %u to '%N'", this->id, this->name, connection_id, TNC_Connection_State_names, new_state); @@ -514,6 +515,13 @@ METHOD(imv_agent_t, change_state, TNC_Result, { *state_p = state; } + if (new_state == TNC_CONNECTION_STATE_HANDSHAKE && + old_state != TNC_CONNECTION_STATE_CREATE) + { + state->reset(state); + DBG2(DBG_IMV, "IMV %u \"%s\" reset state of Connection ID %u", + this->id, this->name, connection_id); + } break; case TNC_CONNECTION_STATE_CREATE: DBG1(DBG_IMV, "state '%N' should be handled by create_state()", diff --git a/src/libimcv/imv/imv_state.h b/src/libimcv/imv/imv_state.h index 30ed612b36..4571da2fa8 100644 --- a/src/libimcv/imv/imv_state.h +++ b/src/libimcv/imv/imv_state.h @@ -119,8 +119,10 @@ struct imv_state_t { * Change the connection state * * @param new_state new connection state + * @return old connection state */ - void (*change_state)(imv_state_t *this, TNC_ConnectionState new_state); + TNC_ConnectionState (*change_state)(imv_state_t *this, + TNC_ConnectionState new_state); /** * Get IMV action recommendation and evaluation result @@ -181,6 +183,11 @@ struct imv_state_t { chunk_t *string, char **lang_code, char **uri); + /** + * Resets the state for a new measurement cycle triggered by a SRETRY batch + */ + void (*reset)(imv_state_t *this); + /** * Destroys an imv_state_t object */ diff --git a/src/libimcv/plugins/imv_attestation/imv_attestation_state.c b/src/libimcv/plugins/imv_attestation/imv_attestation_state.c index d63940797c..3d9e0ab1f2 100644 --- a/src/libimcv/plugins/imv_attestation/imv_attestation_state.c +++ b/src/libimcv/plugins/imv_attestation/imv_attestation_state.c @@ -250,10 +250,14 @@ METHOD(imv_state_t, get_contracts, seg_contract_manager_t*, return this->contracts; } -METHOD(imv_state_t, change_state, void, +METHOD(imv_state_t, change_state, TNC_ConnectionState, private_imv_attestation_state_t *this, TNC_ConnectionState new_state) { + TNC_ConnectionState old_state; + + old_state = this->state; this->state = new_state; + return old_state; } METHOD(imv_state_t, get_recommendation, void, @@ -338,6 +342,24 @@ METHOD(imv_state_t, get_remediation_instructions, bool, return FALSE; } +METHOD(imv_state_t, reset, void, + private_imv_attestation_state_t *this) +{ + DESTROY_IF(this->reason_string); + this->reason_string = NULL; + this->rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION; + this->eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW; + + this->action_flags = 0; + + this->handshake_state = IMV_ATTESTATION_STATE_INIT; + this->measurement_error = 0; + this->components->destroy_function(this->components, (void *)free_func_comp); + this->components = linked_list_create(); + this->pts->destroy(this->pts); + this->pts = pts_create(FALSE); +} + METHOD(imv_state_t, destroy, void, private_imv_attestation_state_t *this) { @@ -532,6 +554,7 @@ imv_state_t *imv_attestation_state_create(TNC_ConnectionID connection_id) .update_recommendation = _update_recommendation, .get_reason_string = _get_reason_string, .get_remediation_instructions = _get_remediation_instructions, + .reset = _reset, .destroy = _destroy, }, .get_handshake_state = _get_handshake_state, diff --git a/src/libimcv/plugins/imv_hcd/imv_hcd_state.c b/src/libimcv/plugins/imv_hcd/imv_hcd_state.c index bfe6dd6190..e2b6eaed9f 100644 --- a/src/libimcv/plugins/imv_hcd/imv_hcd_state.c +++ b/src/libimcv/plugins/imv_hcd/imv_hcd_state.c @@ -213,10 +213,14 @@ METHOD(imv_state_t, update_recommendation, void, this->eval = tncif_policy_update_evaluation(this->eval, eval); } -METHOD(imv_state_t, change_state, void, +METHOD(imv_state_t, change_state, TNC_ConnectionState, private_imv_hcd_state_t *this, TNC_ConnectionState new_state) { + TNC_ConnectionState old_state; + + old_state = this->state; this->state = new_state; + return old_state; } METHOD(imv_state_t, get_reason_string, bool, @@ -246,6 +250,24 @@ METHOD(imv_state_t, get_remediation_instructions, bool, return FALSE; } +METHOD(imv_state_t, reset, void, + private_imv_hcd_state_t *this) +{ + DESTROY_IF(this->reason_string); + this->reason_string = NULL; + this->rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION; + this->eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW; + + this->handshake_state = IMV_HCD_STATE_INIT; + this->subtype_action_flags[0].action_flags = IMV_HCD_ATTR_NONE; + this->subtype_action_flags[1].action_flags = IMV_HCD_ATTR_SYSTEM_ONLY; + this->subtype_action_flags[2].action_flags = IMV_HCD_ATTR_SYSTEM_ONLY; + this->subtype_action_flags[3].action_flags = IMV_HCD_ATTR_SYSTEM_ONLY; + this->subtype_action_flags[4].action_flags = IMV_HCD_ATTR_SYSTEM_ONLY; + this->subtype_action_flags[5].action_flags = IMV_HCD_ATTR_SYSTEM_ONLY; + this->action_flags = &this->subtype_action_flags[0].action_flags; +} + METHOD(imv_state_t, destroy, void, private_imv_hcd_state_t *this) { @@ -320,6 +342,7 @@ imv_state_t *imv_hcd_state_create(TNC_ConnectionID connection_id) .update_recommendation = _update_recommendation, .get_reason_string = _get_reason_string, .get_remediation_instructions = _get_remediation_instructions, + .reset = _reset, .destroy = _destroy, }, .set_handshake_state = _set_handshake_state, diff --git a/src/libimcv/plugins/imv_os/imv_os_state.c b/src/libimcv/plugins/imv_os/imv_os_state.c index af5daf0fc9..dd8fcf594d 100644 --- a/src/libimcv/plugins/imv_os/imv_os_state.c +++ b/src/libimcv/plugins/imv_os/imv_os_state.c @@ -362,10 +362,14 @@ METHOD(imv_state_t, update_recommendation, void, this->eval = tncif_policy_update_evaluation(this->eval, eval); } -METHOD(imv_state_t, change_state, void, +METHOD(imv_state_t, change_state, TNC_ConnectionState, private_imv_os_state_t *this, TNC_ConnectionState new_state) { + TNC_ConnectionState old_state; + + old_state = this->state; this->state = new_state; + return old_state; } METHOD(imv_state_t, get_reason_string, bool, @@ -466,6 +470,32 @@ METHOD(imv_state_t, get_remediation_instructions, bool, return TRUE; } +METHOD(imv_state_t, reset, void, + private_imv_os_state_t *this) +{ + DESTROY_IF(this->reason_string); + DESTROY_IF(this->remediation_string); + this->reason_string = NULL; + this->remediation_string = NULL; + this->rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION; + this->eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW; + + this->action_flags = 0; + + this->handshake_state = IMV_OS_STATE_INIT; + this->count = 0; + this->count_security = 0; + this->count_blacklist = 0; + this->count_ok = 0; + this->os_settings = 0; + this->missing = 0; + + this->update_packages->destroy_function(this->update_packages, free); + this->remove_packages->destroy_function(this->remove_packages, free); + this->update_packages = linked_list_create(); + this->remove_packages = linked_list_create(); +} + METHOD(imv_state_t, destroy, void, private_imv_os_state_t *this) { @@ -590,6 +620,7 @@ imv_state_t *imv_os_state_create(TNC_ConnectionID connection_id) .update_recommendation = _update_recommendation, .get_reason_string = _get_reason_string, .get_remediation_instructions = _get_remediation_instructions, + .reset = _reset, .destroy = _destroy, }, .set_handshake_state = _set_handshake_state, diff --git a/src/libimcv/plugins/imv_scanner/imv_scanner_state.c b/src/libimcv/plugins/imv_scanner/imv_scanner_state.c index 8f9593f179..64ab5c4eb6 100644 --- a/src/libimcv/plugins/imv_scanner/imv_scanner_state.c +++ b/src/libimcv/plugins/imv_scanner/imv_scanner_state.c @@ -222,10 +222,14 @@ METHOD(imv_state_t, get_contracts, seg_contract_manager_t*, return this->contracts; } -METHOD(imv_state_t, change_state, void, +METHOD(imv_state_t, change_state, TNC_ConnectionState, private_imv_scanner_state_t *this, TNC_ConnectionState new_state) { + TNC_ConnectionState old_state; + + old_state = this->state; this->state = new_state; + return old_state; } METHOD(imv_state_t, get_recommendation, void, @@ -303,6 +307,26 @@ METHOD(imv_state_t, get_remediation_instructions, bool, return TRUE; } +METHOD(imv_state_t, reset, void, + private_imv_scanner_state_t *this) +{ + DESTROY_IF(this->reason_string); + DESTROY_IF(this->remediation_string); + this->reason_string = NULL; + this->remediation_string = NULL; + this->rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION; + this->eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW; + + this->action_flags = 0; + + this->handshake_state = IMV_SCANNER_STATE_INIT; + + DESTROY_IF(&this->port_filter_attr->pa_tnc_attribute); + this->port_filter_attr = NULL; + this->violating_ports->destroy_function(this->violating_ports, free); + this->violating_ports = linked_list_create(); +} + METHOD(imv_state_t, destroy, void, private_imv_scanner_state_t *this) { @@ -373,6 +397,7 @@ imv_state_t *imv_scanner_state_create(TNC_ConnectionID connection_id) .update_recommendation = _update_recommendation, .get_reason_string = _get_reason_string, .get_remediation_instructions = _get_remediation_instructions, + .reset = _reset, .destroy = _destroy, }, .set_handshake_state = _set_handshake_state, @@ -391,5 +416,3 @@ imv_state_t *imv_scanner_state_create(TNC_ConnectionID connection_id) return &this->public.interface; } - - diff --git a/src/libimcv/plugins/imv_swima/imv_swima_agent.c b/src/libimcv/plugins/imv_swima/imv_swima_agent.c index 377c89d3d8..52f1baf037 100644 --- a/src/libimcv/plugins/imv_swima/imv_swima_agent.c +++ b/src/libimcv/plugins/imv_swima/imv_swima_agent.c @@ -90,19 +90,12 @@ METHOD(imv_agent_if_t, notify_connection_change, TNC_Result, TNC_ConnectionState new_state) { imv_state_t *state; - imv_swima_state_t *swima_state; switch (new_state) { case TNC_CONNECTION_STATE_CREATE: state = imv_swima_state_create(id); return this->agent->create_state(this->agent, state); - case TNC_CONNECTION_STATE_HANDSHAKE: - this->agent->change_state(this->agent, id, new_state, &state); - state->set_action_flags(state, 0); - swima_state = (imv_swima_state_t*)state; - swima_state->set_handshake_state(swima_state, IMV_SWIMA_STATE_INIT); - return TNC_RESULT_SUCCESS; case TNC_CONNECTION_STATE_DELETE: return this->agent->delete_state(this->agent, id); default: diff --git a/src/libimcv/plugins/imv_swima/imv_swima_state.c b/src/libimcv/plugins/imv_swima/imv_swima_state.c index bcacce0b3f..7d9631d3fa 100644 --- a/src/libimcv/plugins/imv_swima/imv_swima_state.c +++ b/src/libimcv/plugins/imv_swima/imv_swima_state.c @@ -182,16 +182,7 @@ METHOD(imv_state_t, get_max_msg_len, uint32_t, METHOD(imv_state_t, set_action_flags, void, private_imv_swima_state_t *this, uint32_t flags) { - if (flags == 0) - { - /* reset action flags */ - this->action_flags = 0; - } - else - { - /* add flags */ - this->action_flags |= flags; - } + this->action_flags |= flags; } METHOD(imv_state_t, get_action_flags, uint32_t, @@ -218,10 +209,14 @@ METHOD(imv_state_t, get_contracts, seg_contract_manager_t*, return this->contracts; } -METHOD(imv_state_t, change_state, void, +METHOD(imv_state_t, change_state, TNC_ConnectionState, private_imv_swima_state_t *this, TNC_ConnectionState new_state) { + TNC_ConnectionState old_state; + + old_state = this->state; this->state = new_state; + return old_state; } METHOD(imv_state_t, get_recommendation, void, @@ -262,13 +257,28 @@ METHOD(imv_state_t, get_remediation_instructions, bool, return FALSE; } +METHOD(imv_state_t, reset, void, + private_imv_swima_state_t *this) +{ + this->rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION; + this->eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW; + + this->action_flags = 0; + + this->handshake_state = IMV_SWIMA_STATE_INIT; + this->sw_id_count = 0; + this->tag_count = 0; + this->missing = 0; + + json_object_put(this->jobj); + this->jobj = json_object_new_object(); +} + METHOD(imv_state_t, destroy, void, private_imv_swima_state_t *this) { json_object_put(this->jobj); DESTROY_IF(this->session); - DESTROY_IF(this->reason_string); - DESTROY_IF(this->remediation_string); this->contracts->destroy(this->contracts); free(this); } @@ -479,6 +489,7 @@ imv_state_t *imv_swima_state_create(TNC_ConnectionID connection_id) .update_recommendation = _update_recommendation, .get_reason_string = _get_reason_string, .get_remediation_instructions = _get_remediation_instructions, + .reset = _reset, .destroy = _destroy, }, .set_handshake_state = _set_handshake_state, diff --git a/src/libimcv/plugins/imv_test/imv_test_state.c b/src/libimcv/plugins/imv_test/imv_test_state.c index c20d00bd10..fe6bf18b2d 100644 --- a/src/libimcv/plugins/imv_test/imv_test_state.c +++ b/src/libimcv/plugins/imv_test/imv_test_state.c @@ -173,10 +173,14 @@ METHOD(imv_state_t, get_contracts, seg_contract_manager_t*, return this->contracts; } -METHOD(imv_state_t, change_state, void, +METHOD(imv_state_t, change_state, TNC_ConnectionState, private_imv_test_state_t *this, TNC_ConnectionState new_state) { + TNC_ConnectionState old_state; + + old_state = this->state; this->state = new_state; + return old_state; } METHOD(imv_state_t, get_recommendation, void, @@ -226,6 +230,20 @@ METHOD(imv_state_t, get_remediation_instructions, bool, return FALSE; } +METHOD(imv_state_t, reset, void, + private_imv_test_state_t *this) +{ + DESTROY_IF(this->reason_string); + this->reason_string = NULL; + this->rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION; + this->eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW; + + this->imcs->destroy_function(this->imcs, free); + this->imcs = linked_list_create(); + +} + + METHOD(imv_state_t, destroy, void, private_imv_test_state_t *this) { @@ -326,6 +344,7 @@ imv_state_t *imv_test_state_create(TNC_ConnectionID connection_id) .update_recommendation = _update_recommendation, .get_reason_string = _get_reason_string, .get_remediation_instructions = _get_remediation_instructions, + .reset = _reset, .destroy = _destroy, }, .add_imc = _add_imc,