From: Andreas Steffen Date: Wed, 7 Nov 2012 13:20:47 +0000 (+0100) Subject: accumulate package counts over multiple attributes X-Git-Tag: 5.0.2dr4~224 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f77d425da35a935d44c8d8ddfb048196ee3e806d;p=thirdparty%2Fstrongswan.git accumulate package counts over multiple attributes --- diff --git a/src/libimcv/plugins/imv_os/imv_os.c b/src/libimcv/plugins/imv_os/imv_os.c index 4d28fc67ce..6d71678ff2 100644 --- a/src/libimcv/plugins/imv_os/imv_os.c +++ b/src/libimcv/plugins/imv_os/imv_os.c @@ -150,6 +150,7 @@ static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg) chunk_t os_name = chunk_empty; chunk_t os_version = chunk_empty; bool fatal_error = FALSE, assessment = FALSE; + int count, count_bad, count_ok; os_state = (imv_os_state_t*)state; @@ -273,22 +274,12 @@ static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg) status = os_db->check_packages(os_db, os_state, e); e->destroy(e); - switch (status) + if (status == FAILED) { - case VERIFY_ERROR: - state->set_recommendation(state, - TNC_IMV_ACTION_RECOMMENDATION_ISOLATE, - TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR); - assessment = TRUE; - break; - case FAILED: - state->set_recommendation(state, + state->set_recommendation(state, TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION, TNC_IMV_EVALUATION_RESULT_ERROR); - assessment = TRUE; - break; - default: - break; + assessment = TRUE; } break; } @@ -401,8 +392,22 @@ static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg) !os_state->get_package_request(os_state) && !os_state->get_angel_count(os_state)) { - state->set_recommendation(state, TNC_IMV_ACTION_RECOMMENDATION_ALLOW, - TNC_IMV_EVALUATION_RESULT_COMPLIANT); + os_state->get_count(os_state, &count, &count_bad, &count_ok); + DBG1(DBG_IMV, "processed %d packages: %d bad, %d ok, %d not found", + count, count_bad, count_ok, count - count_bad - count_ok); + + if (count_bad) + { + state->set_recommendation(state, + TNC_IMV_ACTION_RECOMMENDATION_ISOLATE, + TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR); + } + else + { + state->set_recommendation(state, + TNC_IMV_ACTION_RECOMMENDATION_ALLOW, + TNC_IMV_EVALUATION_RESULT_COMPLIANT); + } assessment = TRUE; } diff --git a/src/libimcv/plugins/imv_os/imv_os_database.c b/src/libimcv/plugins/imv_os/imv_os_database.c index 93cd5ec647..1a34b16f9b 100644 --- a/src/libimcv/plugins/imv_os/imv_os_database.c +++ b/src/libimcv/plugins/imv_os/imv_os_database.c @@ -47,7 +47,7 @@ METHOD(imv_os_database_t, check_packages, status_t, os_type_t os_type; size_t os_version_len; int pid, gid, security; - int count = 0, count_ok = 0, count_no_match = 0, count_not_found = 0; + int count = 0, count_ok = 0, count_no_match = 0; enumerator_t *e; status_t status = SUCCESS; bool found, match; @@ -113,7 +113,6 @@ METHOD(imv_os_database_t, check_packages, status_t, DBG2(DBG_IMV, "package '%s' (%.*s) not found", package, version.len, version.ptr); } - count_not_found++; e->destroy(e); continue; } @@ -162,21 +161,17 @@ METHOD(imv_os_database_t, check_packages, status_t, { DBG1(DBG_IMV, "package '%s' (%s) no match", package, release); count_no_match++; - status = VERIFY_ERROR; } } else { /* package not present in database for this product - skip */ - count_not_found++; } free(package); free(release); } free(product); - - DBG1(DBG_IMV, "processed %d packages: %d no match, %d ok, %d not found", - count, count_no_match, count_ok, count_not_found); + state->set_count(state, count, count_no_match, count_ok); return status; } diff --git a/src/libimcv/plugins/imv_os/imv_os_state.c b/src/libimcv/plugins/imv_os/imv_os_state.c index 49d2e56533..d4721038dd 100644 --- a/src/libimcv/plugins/imv_os/imv_os_state.c +++ b/src/libimcv/plugins/imv_os/imv_os_state.c @@ -84,6 +84,21 @@ struct private_imv_os_state_t { */ chunk_t version; + /** + * Number of processed packages + */ + int count; + + /** + * Number of blacklisted or not updated packages + */ + int count_bad; + + /** + * Number of whitelisted packages + */ + int count_ok; + /** * OS Installed Package request sent - mandatory response expected */ @@ -225,6 +240,31 @@ METHOD(imv_os_state_t, get_info, char*, return this->info; } +METHOD(imv_os_state_t, set_count, void, + private_imv_os_state_t *this, int count, int count_bad, int count_ok) +{ + this->count += count; + this->count_bad += count_bad; + this->count_ok += count_ok; +} + +METHOD(imv_os_state_t, get_count, void, + private_imv_os_state_t *this, int *count, int *count_bad, int *count_ok) +{ + if (count) + { + *count = this->count; + } + if (count_bad) + { + *count_bad = this->count_bad; + } + if (count_ok) + { + *count_ok = this->count_ok; + } +} + METHOD(imv_os_state_t, get_type, os_type_t, private_imv_os_state_t *this) { @@ -279,6 +319,8 @@ imv_state_t *imv_os_state_create(TNC_ConnectionID connection_id) }, .set_info = _set_info, .get_info = _get_info, + .set_count = _set_count, + .get_count = _get_count, .set_package_request = _set_package_request, .get_package_request = _get_package_request, .set_angel_count = _set_angel_count, diff --git a/src/libimcv/plugins/imv_os/imv_os_state.h b/src/libimcv/plugins/imv_os/imv_os_state.h index bde5c235be..65bbee0bc4 100644 --- a/src/libimcv/plugins/imv_os/imv_os_state.h +++ b/src/libimcv/plugins/imv_os/imv_os_state.h @@ -41,9 +41,9 @@ struct imv_os_state_t { /** * Set OS Product Information * - * @param type OS type (enumerated) - * @param name OS name (string) - * @param version OS version + * @param type OS type (enumerated) + * @param name OS name (string) + * @param version OS version */ void (*set_info)(imv_os_state_t *this, os_type_t os_type, chunk_t name, chunk_t version); @@ -51,25 +51,44 @@ struct imv_os_state_t { /** * Get OS Product Information * - * @param type OS type (enumerated) - * @param name OS name (string) - * @param version OS version - * @result OS name & version as a concatenated string + * @param type OS type (enumerated) + * @param name OS name (string) + * @param version OS version + * @return OS name & version as a concatenated string */ char* (*get_info)(imv_os_state_t *this, os_type_t *os_type, chunk_t *name, chunk_t *version); + /** + * Set [or with multiple attributes increment] package counters + * + * @param count Number of processed packages + * @param count_bad Number of blacklisted or not updated packages + * @param count_ok Number of whitelisted packages + */ + void (*set_count)(imv_os_state_t *this, int count, int count_bad, + int count_ok); + + /** + * Set [or with multiple attributes increment] package counters + * + * @param count Number of processed packages + * @param count_bad Number of blacklisted or not updated packages + * @param count_ok Number of whitelisted packages + */ + void (*get_count)(imv_os_state_t *this, int *count, int *count_bad, + int *count_ok); /** * Set/reset OS Installed Packages request status * - * @param set TRUE to set, FALSE to clear + * @param set TRUE to set, FALSE to clear */ void (*set_package_request)(imv_os_state_t *this, bool set); /** * Get OS Installed Packages request status * - * @result TRUE if set, FALSE if unset + * @return TRUE if set, FALSE if unset */ bool (*get_package_request)(imv_os_state_t *this); @@ -83,7 +102,7 @@ struct imv_os_state_t { /** * Get the ITA Angel count * - * @result ITA Angel count + * @return ITA Angel count */ int (*get_angel_count)(imv_os_state_t *this);