use OS type on IMV side

7 files changed, 126 insertions, 57 deletions

diff --git a/src/libimcv/os_info/os_info.c b/src/libimcv/os_info/os_info.c
index 110c60ea1..9716e2c9e 100644
--- a/src/libimcv/os_info/os_info.c
+++ b/src/libimcv/os_info/os_info.c
@@ -177,13 +177,13 @@ METHOD(os_info_t, get_setting, chunk_t,
 	chunk_t value;
 
 	if (!strneq(name, "/etc/", 5) && !strneq(name, "/proc/", 6) &&
-		!strneq(name, "/sys/", 5))
+		!strneq(name, "/sys/", 5) && !strneq(name, "/var/", 5))
 	{
 		/**
 		 * In order to guarantee privacy, only settings from the
 		 * /etc/, /proc/ and /sys/ directories can be retrieved
 		 */
-		DBG1(DBG_IMC, "not allowed to access \"%s\"", name);
+		DBG1(DBG_IMC, "not allowed to access '%s'", name);
 
 		return chunk_empty;
 	}
@@ -191,7 +191,7 @@ METHOD(os_info_t, get_setting, chunk_t,
 	file = fopen(name, "r");
 	if (!file)
 	{
-		DBG1(DBG_IMC, "failed to open \"%s\"", name);
+		DBG1(DBG_IMC, "failed to open '%s'", name);
 
 		return chunk_empty;
 	}
@@ -337,7 +337,7 @@ static bool extract_platform_info(os_type_t *type, chunk_t *name,
 	chunk_t os_version = chunk_empty;
 	char *os_str;
 	struct utsname uninfo;
-	int i, t;
+	int i;
 
 	/* Linux/Unix distribution release info (from http://linuxmafia.com) */
 	const char* releases[] = {
@@ -492,21 +492,14 @@ static bool extract_platform_info(os_type_t *type, chunk_t *name,
 		return FALSE;
 	}
 
-	/* Try to find a matching OS type */
+	/* Try to find a matching OS type based on the OS name */
 	if (os_type == OS_TYPE_UNKNOWN)
 	{
-		for (t = OS_TYPE_DEBIAN; t <= OS_TYPE_GENTOO; t++)
-		{
-			os_str = enum_to_name(os_type_names, t);
-			if (memeq(os_name.ptr, os_str, min(os_name.len, strlen(os_str))))
-			{
-				os_type = t;
-				os_name = chunk_create(os_str, strlen(os_str));
-				break;
-			}
-		}
+		os_type = os_type_from_name(os_name);
 	}
-	else
+
+	/* If known use the official OS name */
+	if (os_type != OS_TYPE_UNKNOWN)
 	{
 		os_str = enum_to_name(os_type_names, os_type);
 		os_name = chunk_create(os_str, strlen(os_str));
@@ -532,6 +525,26 @@ static bool extract_platform_info(os_type_t *type, chunk_t *name,
 /**
  * See header
  */
+os_type_t os_type_from_name(chunk_t name)
+{
+	os_type_t type;
+	char *name_str;
+
+	for (type = OS_TYPE_DEBIAN; type < OS_TYPE_ROOF; type++)
+	{
+		/* name_str is a substring of name.ptr */
+		name_str = enum_to_name(os_type_names, type);
+		if (memeq(name.ptr, name_str, min(name.len, strlen(name_str))))
+		{
+			return type;
+		}
+	}
+	return OS_TYPE_UNKNOWN;
+}
+
+/**
+ * See header
+ */
 os_info_t *os_info_create(void)
 {
 	private_os_info_t *this;
diff --git a/src/libimcv/os_info/os_info.h b/src/libimcv/os_info/os_info.h
index d8b53f8fc..6946b1ed7 100644
--- a/src/libimcv/os_info/os_info.h
+++ b/src/libimcv/os_info/os_info.h
@@ -38,7 +38,8 @@ enum os_type_t {
 	OS_TYPE_CENTOS,
 	OS_TYPE_SUSE,
 	OS_TYPE_GENTOO,
-	OS_TYPE_ANDROID
+	OS_TYPE_ANDROID,
+	OS_TYPE_ROOF
 };
 
 extern enum_name_t *os_type_names;
@@ -125,6 +126,14 @@ struct os_info_t {
 };
 
 /**
+ * Convert an OS name into an OS enumeration type
+ *
+ * @param name				OS name
+ * @return					OS enumeration type
+ */
+os_type_t os_type_from_name(chunk_t name);
+
+/**
  * Create an os_info_t object
  */
 os_info_t* os_info_create(void);
diff --git a/src/libimcv/plugins/imv_os/imv_os.c b/src/libimcv/plugins/imv_os/imv_os.c
index f2e00da5a..4d28fc67c 100644
--- a/src/libimcv/plugins/imv_os/imv_os.c
+++ b/src/libimcv/plugins/imv_os/imv_os.c
@@ -270,8 +270,7 @@ static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg)
 					attr_cast = (ietf_attr_installed_packages_t*)attr;
 
 					e = attr_cast->create_enumerator(attr_cast);
-					status = os_db->check_packages(os_db,
-									os_state->get_info(os_state), e);
+					status = os_db->check_packages(os_db, os_state, e);
 					e->destroy(e);
 
 					switch (status)
@@ -333,13 +332,15 @@ static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg)
 
 	if (os_name.len && os_version.len)
 	{
+		os_type_t os_type;
 		char *product_info;
 		char *uri = "http://remediation.strongswan.org/fix-it/";
 		char *string = "use a Linux operating system instead of Windows 1.2.3";
 		char *lang_code = "en";
 
-		os_state->set_info(os_state, os_name, os_version);
-		product_info = os_state->get_info(os_state);
+		os_type = os_type_from_name(os_name);
+		os_state->set_info(os_state,os_type, os_name, os_version);
+		product_info = os_state->get_info(os_state, NULL, NULL, NULL);
 
 		if (streq(product_info, "Windows 1.2.3"))
 		{
@@ -373,7 +374,7 @@ static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg)
 			attr = ita_attr_get_settings_create();
 			attr_cast = (ita_attr_get_settings_t*)attr;
 
-			if (chunk_equals(os_name, chunk_create("Android", 7)))
+			if (os_type == OS_TYPE_ANDROID)
 			{
 				attr_cast->add(attr_cast, "android_id");
 				attr_cast->add(attr_cast, "install_non_market_apps");
@@ -529,7 +530,7 @@ TNC_Result TNC_IMV_BatchEnding(TNC_IMVID imv_id,
 	}
 	os_state = (imv_os_state_t*)state;
 
-	if (os_state->get_info(os_state) == NULL)
+	if (os_state->get_info(os_state, NULL, NULL, NULL) == NULL)
 	{
 		imv_msg_t *out_msg;
 		pa_tnc_attr_t *attr;
diff --git a/src/libimcv/plugins/imv_os/imv_os_database.c b/src/libimcv/plugins/imv_os/imv_os_database.c
index 50de3b766..93cd5ec64 100644
--- a/src/libimcv/plugins/imv_os/imv_os_database.c
+++ b/src/libimcv/plugins/imv_os/imv_os_database.c
@@ -38,45 +38,38 @@ struct private_imv_os_database_t {
 };
 
 METHOD(imv_os_database_t, check_packages, status_t,
-	private_imv_os_database_t *this, char *os_info,
+	private_imv_os_database_t *this, imv_os_state_t *state,
 	enumerator_t *package_enumerator)
 {
-	char *product, *package, *release, *cur_release, *pos;
-	size_t len;
-	int pid, gid, security, i;
+	char *product, *package, *release, *cur_release;
+	u_char *pos;
+	chunk_t os_name, os_version, name, version;
+	os_type_t os_type;
+	size_t os_version_len;
+	int pid, gid, security;
 	int count = 0, count_ok = 0, count_no_match = 0, count_not_found = 0;
 	enumerator_t *e;
-	chunk_t name, version;
 	status_t status = SUCCESS;
 	bool found, match;
 
-	char *platform[] = {
-		"i686",
-		"x86_64"
-	};
+	state->get_info(state, &os_type, &os_name, &os_version);
 
-	/* looking for appended platform info */
-	for (i = 0; i < countof(platform); i++)
+	if (os_type == OS_TYPE_ANDROID)
 	{
-		pos = strstr(os_info, platform[i]);
-		if (pos)
-		{
-			break;
-		}
-	}
-	if (pos)
-	{
-		/* Remove platform info, leaving OS name and version only */
-		len = pos - os_info - 1;
-		product = malloc(len + 1);
-		memcpy(product, os_info, len);
-		product[len] = '\0';
+		/*no package dependency on Android version */
+		os_version_len = 0;
 	}
 	else
 	{
-		product = strdup(os_info);
+		/* remove appended platform info */
+		pos = memchr(os_version.ptr, ' ', os_version.len);
+		os_version_len = pos ? (pos - os_version.ptr) : os_version.len;
 	}
 
+	product = malloc(os_name.len + 1 + os_version_len + 1);
+	sprintf(product, "%.*s %.*s", os_name.len, os_name.ptr,
+								  os_version_len, os_version.ptr); 
+
 	/* Get primary key of product */
 	e = this->db->query(this->db,
 				"SELECT id FROM products WHERE name = ?",
@@ -115,6 +108,11 @@ METHOD(imv_os_database_t, check_packages, status_t,
 		if (!e->enumerate(e, &gid))
 		{
 			/* package not present in database for any product - skip */
+			if (os_type == OS_TYPE_ANDROID)
+			{
+				DBG2(DBG_IMV, "package '%s' (%.*s) not found",
+					 package, version.len, version.ptr);
+			}
 			count_not_found++;
 			e->destroy(e);
 			continue;
diff --git a/src/libimcv/plugins/imv_os/imv_os_database.h b/src/libimcv/plugins/imv_os/imv_os_database.h
index b1e6b90ea..b5c6037b6 100644
--- a/src/libimcv/plugins/imv_os/imv_os_database.h
+++ b/src/libimcv/plugins/imv_os/imv_os_database.h
@@ -22,6 +22,8 @@
 #ifndef IMV_OS_DATABASE_H_
 #define IMV_OS_DATABASE_H_
 
+#include "imv_os_state.h"
+
 #include <library.h>
 
 typedef struct imv_os_database_t imv_os_database_t;
@@ -34,10 +36,10 @@ struct imv_os_database_t {
 	/**
 	 * Check Installed Packages for a given OS
 	 *
-	 * @param os_info				OS name and version
+	 * @param state					OS IMV state
 	 * @param package_enumerator	enumerates over installed packages
 	 */
-	status_t (*check_packages)(imv_os_database_t *this, char* os_info,
+	status_t (*check_packages)(imv_os_database_t *this, imv_os_state_t *state,
 							   enumerator_t *package_enumerator);
 
 	/**
diff --git a/src/libimcv/plugins/imv_os/imv_os_state.c b/src/libimcv/plugins/imv_os/imv_os_state.c
index 05a3bf65a..49d2e5653 100644
--- a/src/libimcv/plugins/imv_os/imv_os_state.c
+++ b/src/libimcv/plugins/imv_os/imv_os_state.c
@@ -65,11 +65,26 @@ struct private_imv_os_state_t {
 	TNC_IMV_Evaluation_Result eval;
 
 	/**
-	 * OS Product Information
+	 * OS Product Information (concatenation of OS Name and Version)
 	 */
 	char *info;
 
 	/**
+	 * OS Type
+	 */
+	os_type_t type;
+
+	/**
+	 * OS Name
+	 */
+	chunk_t name;
+
+	/**
+	 * OS Version
+	 */
+	chunk_t version;
+
+	/**
 	 * OS Installed Package request sent - mandatory response expected
 	 */
 	bool package_request;
@@ -171,11 +186,13 @@ METHOD(imv_state_t, destroy, void,
 	private_imv_os_state_t *this)
 {
 	free(this->info);
+	free(this->name.ptr);
+	free(this->version.ptr);
 	free(this);
 }
 
 METHOD(imv_os_state_t, set_info, void,
-	private_imv_os_state_t *this, chunk_t name, chunk_t version)
+	private_imv_os_state_t *this, os_type_t type, chunk_t name, chunk_t version)
 {
 	int len = name.len + 1 + version.len + 1;
 
@@ -184,14 +201,36 @@ METHOD(imv_os_state_t, set_info, void,
 	this->info = malloc(len);
 	snprintf(this->info, len, "%.*s %.*s", name.len, name.ptr,
 										   version.len, version.ptr);
+	this->type = type;
+	this->name = chunk_clone(name);
+	this->version = chunk_clone(version);
 }
 
 METHOD(imv_os_state_t, get_info, char*,
-	private_imv_os_state_t *this)
+	private_imv_os_state_t *this, os_type_t *type, chunk_t *name,
+	chunk_t *version)
 {
+	if (type)
+	{
+		*type = this->type;
+	}
+	if (name)
+	{
+		*name = this->name;
+	}
+	if (version)
+	{
+		*version = this->version;
+	}
 	return this->info;
 }
 
+METHOD(imv_os_state_t, get_type, os_type_t,
+	private_imv_os_state_t *this)
+{
+	return this->type;
+}
+
 METHOD(imv_os_state_t, set_package_request, void,
 	private_imv_os_state_t *this, bool set)
 {
diff --git a/src/libimcv/plugins/imv_os/imv_os_state.h b/src/libimcv/plugins/imv_os/imv_os_state.h
index 47684fe83..bde5c235b 100644
--- a/src/libimcv/plugins/imv_os/imv_os_state.h
+++ b/src/libimcv/plugins/imv_os/imv_os_state.h
@@ -22,6 +22,7 @@
 #ifndef IMV_OS_STATE_H_
 #define IMV_OS_STATE_H_
 
+#include "os_info/os_info.h"
 #include <imv/imv_state.h>
 #include <library.h>
 
@@ -40,17 +41,23 @@ struct imv_os_state_t {
 	/**
 	 * Set OS Product Information
 	 *
-	 * @param name		OS name
+	 * @param type		OS type (enumerated)
+	 * @param name		OS name (string)
 	 * @param version	OS version
 	 */
-	void (*set_info)(imv_os_state_t *this, chunk_t name, chunk_t version);
+	void (*set_info)(imv_os_state_t *this, os_type_t os_type,
+					 chunk_t name, chunk_t version);
 
 	/**
 	 * Get OS Product Information
 	 *
-	 * @result			OS name & version
+	 * @param type		OS type (enumerated)
+	 * @param name		OS name (string)
+	 * @param version	OS version
+	 * @result			OS name & version as a concatenated string 
 	 */
-	char* (*get_info)(imv_os_state_t *this);
+	char* (*get_info)(imv_os_state_t *this, os_type_t *os_type,
+					  chunk_t *name, chunk_t *version);
 
 	/**
 	 * Set/reset OS Installed Packages request status