From: Andreas Steffen <andreas.steffen@strongswan.org>
Date: Wed, 26 Jun 2013 10:07:09 +0000 (+0200)
Subject: Support blacklist field in PTS database
X-Git-Tag: 5.1.0dr1~28
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=71c7b43541c946a728fcf34a73a82b0a6632b448;p=thirdparty%2Fstrongswan.git

Support blacklist field in PTS database
---

diff --git a/src/libimcv/plugins/imv_os/imv_os_database.c b/src/libimcv/plugins/imv_os/imv_os_database.c
index a4cc015ec0..3cdbebfbb7 100644
--- a/src/libimcv/plugins/imv_os/imv_os_database.c
+++ b/src/libimcv/plugins/imv_os/imv_os_database.c
@@ -46,8 +46,7 @@ METHOD(imv_os_database_t, check_packages, status_t,
 	char *product, *package, *release, *cur_release;
 	chunk_t name, version;
 	os_type_t os_type;
-	os_package_state_t package_state;
-	int pid, gid;
+	int pid, gid, security, blacklist;
 	int count = 0, count_ok = 0, count_no_match = 0, count_blacklist = 0;
 	enumerator_t *e;
 	status_t status = SUCCESS;
@@ -110,9 +109,9 @@ METHOD(imv_os_database_t, check_packages, status_t,
 
 		/* Enumerate over all acceptable versions */
 		e = this->db->query(this->db,
-				"SELECT release, security FROM versions "
+				"SELECT release, security, blacklist FROM versions "
 				"WHERE product = ? AND package = ?",
-				DB_INT, pid, DB_INT, gid, DB_TEXT, DB_INT);
+				DB_INT, pid, DB_INT, gid, DB_TEXT, DB_INT, DB_INT);
 		if (!e)
 		{
 			free(package);
@@ -122,7 +121,7 @@ METHOD(imv_os_database_t, check_packages, status_t,
 		found = FALSE;
 		match = FALSE;
 
-		while (e->enumerate(e, &cur_release, &package_state))
+		while (e->enumerate(e, &cur_release, &security, &blacklist))
 		{
 			found = TRUE;
 			if (streq(release, cur_release) || streq("*", cur_release))
@@ -137,17 +136,18 @@ METHOD(imv_os_database_t, check_packages, status_t,
 		{
 			if (match)
 			{
-				if (package_state == OS_PACKAGE_STATE_BLACKLIST)
+				if (blacklist)
 				{
 					DBG2(DBG_IMV, "package '%s' (%s) is blacklisted",
 								   package, release);
 					count_blacklist++;
-					state->add_bad_package(state, package, package_state);
+					state->add_bad_package(state, package,
+										   OS_PACKAGE_STATE_BLACKLIST);
 				}
 				else
 				{
-					DBG2(DBG_IMV, "package '%s' (%s)%N is ok", package, release,
-								   os_package_state_names, package_state);
+					DBG2(DBG_IMV, "package '%s' (%s)%s is ok", package, release,
+								   security ? " [s]" : "");
 					count_ok++;
 				}
 			}
@@ -155,7 +155,8 @@ METHOD(imv_os_database_t, check_packages, status_t,
 			{
 				DBG1(DBG_IMV, "package '%s' (%s) no match", package, release);
 				count_no_match++;
-				state->add_bad_package(state, package, package_state);
+				state->add_bad_package(state, package,
+									   OS_PACKAGE_STATE_SECURITY);
 			}
 		}
 		else
diff --git a/src/libpts/plugins/imv_attestation/attest.c b/src/libpts/plugins/imv_attestation/attest.c
index 031883ab1c..6cefb21240 100644
--- a/src/libpts/plugins/imv_attestation/attest.c
+++ b/src/libpts/plugins/imv_attestation/attest.c
@@ -250,7 +250,7 @@ static void do_args(int argc, char *argv[])
 				continue;
 			}
 			case 'B':
-				attest->set_security(attest, OS_PACKAGE_STATE_BLACKLIST);
+				attest->set_package_state(attest, OS_PACKAGE_STATE_BLACKLIST);
 				continue;
 			case 'C':
 				if (!attest->set_component(attest, optarg, op == OP_ADD))
@@ -330,7 +330,7 @@ static void do_args(int argc, char *argv[])
 				}
 				continue;
 			case 'Y':
-				attest->set_security(attest, OS_PACKAGE_STATE_SECURITY);
+				attest->set_package_state(attest, OS_PACKAGE_STATE_SECURITY);
 				continue;
 			case '1':
 				attest->set_algo(attest, PTS_MEAS_ALGO_SHA1);
diff --git a/src/libpts/plugins/imv_attestation/attest_db.c b/src/libpts/plugins/imv_attestation/attest_db.c
index 3bbf499a29..749ba25448 100644
--- a/src/libpts/plugins/imv_attestation/attest_db.c
+++ b/src/libpts/plugins/imv_attestation/attest_db.c
@@ -144,9 +144,9 @@ struct private_attest_db_t {
 	bool utc;
 
 	/**
-	 * Package security state
+	 * Package security or blacklist state
 	 */
-	os_package_state_t security;
+	os_package_state_t package_state;
 
 	/**
 	 * Sequence number for ordering entries
@@ -733,10 +733,10 @@ METHOD(attest_db_t, set_relative, void,
 	this->relative = TRUE;
 }
 
-METHOD(attest_db_t, set_security, void,
-	private_attest_db_t *this, os_package_state_t security)
+METHOD(attest_db_t, set_package_state, void,
+	private_attest_db_t *this, os_package_state_t package_state)
 {
-	this->security = security;
+	this->package_state = package_state;
 }
 
 METHOD(attest_db_t, set_sequence, void,
@@ -1018,20 +1018,23 @@ METHOD(attest_db_t, list_packages, void,
 {
 	enumerator_t *e;
 	char *package, *version;
-	os_package_state_t security;
-	int gid, gid_old = 0, spaces, count = 0, t;
+	os_package_state_t package_state;
+	int blacklist, security, gid, gid_old = 0, spaces, count = 0, t;
 	time_t timestamp;
 
 	if (this->pid)
 	{
 		e = this->db->query(this->db,
-				"SELECT p.id, p.name, v.release, v.security, v.time "
+				"SELECT p.id, p.name, "
+				"v.release, v.security, v.blacklist, v.time "
 				"FROM packages AS p JOIN versions AS v ON v.package = p.id "
 				"WHERE v.product = ? ORDER BY p.name, v.release",
-				DB_INT, this->pid, DB_INT, DB_TEXT, DB_TEXT, DB_INT, DB_INT);
+				DB_INT, this->pid,
+				DB_INT, DB_TEXT, DB_TEXT, DB_INT, DB_INT, DB_INT);
 		if (e)
 		{
-			while (e->enumerate(e, &gid, &package, &version, &security, &t))
+			while (e->enumerate(e, &gid, &package,
+								   &version, &security, &blacklist, &t))
 			{
 				if (gid != gid_old)
 				{
@@ -1047,8 +1050,17 @@ METHOD(attest_db_t, list_packages, void,
 					}
 				}
 				timestamp = t;
+				if (blacklist)
+				{
+					package_state = OS_PACKAGE_STATE_BLACKLIST;
+				}
+				else
+				{
+					package_state = security ? OS_PACKAGE_STATE_SECURITY :
+											   OS_PACKAGE_STATE_UPDATE;
+				}
 				printf(" %T (%s)%N\n", &timestamp, this->utc, version,
-					 os_package_state_names, security);
+					 os_package_state_names, package_state);
 				count++;
 			}
 			e->destroy(e);
@@ -1794,17 +1806,22 @@ METHOD(attest_db_t, add, bool,
 	if (this->version_set && this->gid && this->pid)
 	{
 		time_t t = time(NULL);
+		int security, blacklist;
+
+		security =  this->package_state == OS_PACKAGE_STATE_SECURITY;
+		blacklist = this->package_state == OS_PACKAGE_STATE_BLACKLIST;
 
 		success = this->db->execute(this->db, NULL,
 					"INSERT INTO versions "
-					"(package, product, release, security, time) "
-					"VALUES (?, ?, ?, ?, ?)",
-					DB_UINT, this->gid, DB_UINT, this->pid, DB_TEXT,
-					this->version, DB_UINT, this->security, DB_INT, t) == 1;
+					"(package, product, release, security, blacklist, time) "
+					"VALUES (?, ?, ?, ?, ?, ?)",
+					DB_UINT, this->gid, DB_INT, this->pid, DB_TEXT,
+					this->version, DB_INT, security, DB_INT, blacklist,
+					DB_INT, t) == 1;
 
 		printf("'%s' package %s (%s)%N %sinserted into database\n",
 				this->product, this->package, this->version,
-				os_package_state_names, this->security,
+				os_package_state_names, this->package_state,
 				success ? "" : "could not be ");
 	}
 	return success;
@@ -1982,7 +1999,7 @@ attest_db_t *attest_db_create(char *uri)
 			.set_version = _set_version,
 			.set_algo = _set_algo,
 			.set_relative = _set_relative,
-			.set_security = _set_security,
+			.set_package_state = _set_package_state,
 			.set_sequence = _set_sequence,
 			.set_owner = _set_owner,
 			.set_utc = _set_utc,
diff --git a/src/libpts/plugins/imv_attestation/attest_db.h b/src/libpts/plugins/imv_attestation/attest_db.h
index 0d29be9977..d0a48d8448 100644
--- a/src/libpts/plugins/imv_attestation/attest_db.h
+++ b/src/libpts/plugins/imv_attestation/attest_db.h
@@ -160,9 +160,9 @@ struct attest_db_t {
 	void (*set_relative)(attest_db_t *this);
 
 	/**
-	 * Set the package security state
+	 * Set the package security or blacklist state
 	 */
-	void (*set_security)(attest_db_t *this, os_package_state_t security);
+	void (*set_package_state)(attest_db_t *this, os_package_state_t package_state);
 
 	/**
 	 * Set the sequence number