diff options
| -rw-r--r-- | src/libimcv/plugins/imv_attestation/Makefile.am | 2 | ||||
| -rw-r--r-- | src/libimcv/plugins/imv_attestation/attest.c | 67 | ||||
| -rw-r--r-- | src/libimcv/plugins/imv_attestation/attest_db.c | 62 | ||||
| -rw-r--r-- | src/libimcv/plugins/imv_attestation/attest_db.h | 5 | ||||
| -rw-r--r-- | src/libimcv/plugins/imv_attestation/attest_usage.c | 6 |
5 files changed, 139 insertions, 3 deletions
diff --git a/src/libimcv/plugins/imv_attestation/Makefile.am b/src/libimcv/plugins/imv_attestation/Makefile.am index f90fe2ab0..a550a3552 100644 --- a/src/libimcv/plugins/imv_attestation/Makefile.am +++ b/src/libimcv/plugins/imv_attestation/Makefile.am @@ -27,7 +27,7 @@ attest_SOURCES = attest.c \ attest_db.h attest_db.c \ tables.sql data.sql attest_LDADD = \ - $(top_builddir)/src/libpts/libpts.la \ $(top_builddir)/src/libimcv/libimcv.la \ + $(top_builddir)/src/libpts/libpts.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la attest.o : $(top_builddir)/config.status diff --git a/src/libimcv/plugins/imv_attestation/attest.c b/src/libimcv/plugins/imv_attestation/attest.c index 30563364c..aa8d1f797 100644 --- a/src/libimcv/plugins/imv_attestation/attest.c +++ b/src/libimcv/plugins/imv_attestation/attest.c @@ -19,15 +19,64 @@ #include <stdio.h> #include <string.h> #include <errno.h> +#include <syslog.h> #include <library.h> +#include <debug.h> +#include <imcv.h> +#include <libpts.h> #include <pts/pts_meas_algo.h> #include "attest_db.h" #include "attest_usage.h" /** + * global debug output variables + */ +static int debug_level = 0; +static bool stderr_quiet = TRUE; + +/** + * attest dbg function + */ +static void attest_dbg(debug_t group, level_t level, char *fmt, ...) +{ + int priority = LOG_INFO; + char buffer[8192]; + char *current = buffer, *next; + va_list args; + + if (level <= debug_level) + { + if (!stderr_quiet) + { + va_start(args, fmt); + vfprintf(stderr, fmt, args); + fprintf(stderr, "\n"); + va_end(args); + } + + /* write in memory buffer first */ + va_start(args, fmt); + vsnprintf(buffer, sizeof(buffer), fmt, args); + va_end(args); + + /* do a syslog with every line */ + while (current) + { + next = strchr(current, '\n'); + if (next) + { + *(next++) = '\0'; + } + syslog(priority, "%s\n", current); + current = next; + } + } +} + +/** * global attestation database object */ attest_db_t *attest; @@ -46,6 +95,7 @@ static void do_args(int argc, char *argv[]) OP_UNDEF, OP_USAGE, OP_FILES, + OP_COMPONENTS, OP_PRODUCTS, OP_HASHES, OP_ADD, @@ -61,6 +111,7 @@ static void do_args(int argc, char *argv[]) struct option long_opts[] = { { "help", no_argument, NULL, 'h' }, + { "components", no_argument, NULL, 'c' }, { "files", no_argument, NULL, 'f' }, { "products", no_argument, NULL, 'p' }, { "hashes", no_argument, NULL, 'H' }, @@ -93,6 +144,9 @@ static void do_args(int argc, char *argv[]) case 'h': op = OP_USAGE; break; + case 'c': + op = OP_COMPONENTS; + continue; case 'f': op = OP_FILES; continue; @@ -180,6 +234,9 @@ static void do_args(int argc, char *argv[]) case OP_PRODUCTS: attest->list_products(attest); break; + case OP_COMPONENTS: + attest->list_components(attest); + break; case OP_FILES: attest->list_files(attest); break; @@ -205,6 +262,10 @@ int main(int argc, char *argv[]) { char *uri; + /* enable attest debugging hook */ + dbg = attest_dbg; + openlog("attest", 0, LOG_DEBUG); + atexit(library_deinit); /* initialize library */ @@ -230,9 +291,15 @@ int main(int argc, char *argv[]) exit(SS_RC_INITIALIZATION_FAILED); } atexit(cleanup); + libimcv_init(); + libpts_init(); do_args(argc, argv); + libpts_deinit(); + libimcv_deinit(); + closelog(); + exit(EXIT_SUCCESS); } diff --git a/src/libimcv/plugins/imv_attestation/attest_db.c b/src/libimcv/plugins/imv_attestation/attest_db.c index 7a01ef164..e730d26bc 100644 --- a/src/libimcv/plugins/imv_attestation/attest_db.c +++ b/src/libimcv/plugins/imv_attestation/attest_db.c @@ -15,6 +15,9 @@ #include "attest_db.h" +#include "libpts.h" +#include "pts/components/pts_comp_func_name.h" + typedef struct private_attest_db_t private_attest_db_t; /** @@ -318,6 +321,62 @@ METHOD(attest_db_t, set_algo, void, this->algo = algo; } +METHOD(attest_db_t, list_components, void, + private_attest_db_t *this) +{ + enumerator_t *e; + enum_name_t *names, *types; + pts_comp_func_name_t *cfn; + int type, cid, vid, name, qualifier, count = 0; + char flags[8]; + + if (this->pid) + { + e = this->db->query(this->db, + "SELECT c.id, c.vendor_id, c.name, c.qualifier " + "FROM components AS c " + "JOIN product_component AS pc ON c.id = pc.component " + "WHERE pc.product = ? ORDER BY c.vendor_id, c.name, c.qualifier", + DB_INT, this->pid, DB_INT, DB_INT, DB_INT, DB_INT); + } + else + { + e = this->db->query(this->db, + "SELECT id, vendor_id, name, qualifier FROM components " + "ORDER BY vendor_id, name, qualifier", + DB_INT, DB_INT, DB_INT, DB_INT); + } + if (e) + { + while (e->enumerate(e, &cid, &vid, &name, &qualifier)) + { + printf("%3d: 0x%06x/0x%08x-0x%02x", cid, vid, name, qualifier); + + cfn = pts_comp_func_name_create(vid, name, qualifier); + names = pts_components->get_comp_func_names(pts_components, vid); + types = pts_components->get_qualifier_type_names(pts_components, vid); + type = pts_components->get_qualifier(pts_components, cfn, flags); + if (names && types) + { + printf(" %N '%N' [%s] '%N'", pen_names, vid, names, name, flags, + types, type); + } + printf("\n"); + cfn->destroy(cfn); + + count++; + } + e->destroy(e); + + printf("%d component%s found", count, (count == 1) ? "" : "s"); + if (this->product) + { + printf(" for product '%s'", this->product); + } + printf("\n"); + } +} + METHOD(attest_db_t, list_files, void, private_attest_db_t *this) { @@ -383,7 +442,7 @@ METHOD(attest_db_t, list_products, void, { while (e->enumerate(e, &pid, &product)) { - printf("%3d: %s\n", pid, product); + printf("%3d: %s\n", pid, product); count++; } e->destroy(e); @@ -647,6 +706,7 @@ attest_db_t *attest_db_create(char *uri) .set_algo = _set_algo, .list_products = _list_products, .list_files = _list_files, + .list_components = _list_components, .list_hashes = _list_hashes, .add = _add, .delete = _delete, diff --git a/src/libimcv/plugins/imv_attestation/attest_db.h b/src/libimcv/plugins/imv_attestation/attest_db.h index 990297eb2..8eab3536f 100644 --- a/src/libimcv/plugins/imv_attestation/attest_db.h +++ b/src/libimcv/plugins/imv_attestation/attest_db.h @@ -102,6 +102,11 @@ struct attest_db_t { void (*list_files)(attest_db_t *this); /** + * List all components stored in the database + */ + void (*list_components)(attest_db_t *this); + + /** * List selected measurement hashes stored in the database */ void (*list_hashes)(attest_db_t *this); diff --git a/src/libimcv/plugins/imv_attestation/attest_usage.c b/src/libimcv/plugins/imv_attestation/attest_usage.c index 32d175483..629d93771 100644 --- a/src/libimcv/plugins/imv_attestation/attest_usage.c +++ b/src/libimcv/plugins/imv_attestation/attest_usage.c @@ -24,12 +24,16 @@ void usage(void) { printf("\ Usage:\n\ - ipsec attest --files|--products|--hashes [options]\n\ + ipsec attest --files|--components|--products|--hashes [options]\n\ \n\ ipsec attest --files [--product <name>|--pid <id>]\n\ Show a list of files with a software product name or\n\ its primary key as an optional selector.\n\ \n\ + ipsec attest --components [--product <name>|--pid <id>]\n\ + Show a list of components with a software product name or\n\ + its primary key as an optional selector.\n\ + \n\ ipsec attest --products [--file <path>|--fid <id>]\n\ Show a list of supported software products with a file path or\n\ its primary key as an optional selector.\n\ |