aboutsummaryrefslogtreecommitdiffstats
path: root/src/libimcv
diff options
context:
space:
mode:
Diffstat (limited to 'src/libimcv')
-rw-r--r--src/libimcv/imv/imv_agent.c40
-rw-r--r--src/libimcv/imv/imv_state.h11
-rw-r--r--src/libimcv/plugins/imv_os/imv_os.c5
-rw-r--r--src/libimcv/plugins/imv_os/imv_os_database.c12
-rw-r--r--src/libimcv/plugins/imv_os/imv_os_database.h9
-rw-r--r--src/libimcv/plugins/imv_os/imv_os_state.c27
-rw-r--r--src/libimcv/plugins/imv_scanner/imv_scanner_state.c27
-rw-r--r--src/libimcv/plugins/imv_test/imv_test_state.c27
8 files changed, 80 insertions, 78 deletions
diff --git a/src/libimcv/imv/imv_agent.c b/src/libimcv/imv/imv_agent.c
index 8b4247e0f..879a0103a 100644
--- a/src/libimcv/imv/imv_agent.c
+++ b/src/libimcv/imv/imv_agent.c
@@ -442,10 +442,8 @@ METHOD(imv_agent_t, create_state, TNC_Result,
while (enumerator->enumerate(enumerator, &tnc_id))
{
pen_type_t id_type, subject_type, auth_type;
- int tcg_id_type, tcg_subject_type, tcg_auth_type;
+ u_int32_t tcg_id_type, tcg_subject_type, tcg_auth_type;
chunk_t id_value;
- identification_t *ar_id;
- id_type_t ike_type;
id_type = tnc_id->get_identity_type(tnc_id);
id_value = tnc_id->get_identity_value(tnc_id);
@@ -459,40 +457,12 @@ METHOD(imv_agent_t, create_state, TNC_Result,
tcg_auth_type = (auth_type.vendor_id == PEN_TCG) ?
auth_type.type : TNC_AUTH_UNKNOWN;
- switch (tcg_id_type)
- {
- case TNC_ID_IPV4_ADDR:
- ike_type = ID_IPV4_ADDR;
- break;
- case TNC_ID_IPV6_ADDR:
- ike_type = ID_IPV6_ADDR;
- break;
- case TNC_ID_FQDN:
- ike_type = ID_FQDN;
- break;
- case TNC_ID_RFC822_ADDR:
- ike_type = ID_RFC822_ADDR;
- break;
- case TNC_ID_USER_NAME:
- ike_type = ID_USER_ID;
- break;
- case TNC_ID_DER_ASN1_DN:
- ike_type = ID_DER_ASN1_DN;
- break;
- case TNC_ID_DER_ASN1_GN:
- ike_type = ID_IPV4_ADDR;
- break;
- case TNC_ID_UNKNOWN:
- default:
- ike_type = ID_KEY_ID;
- break;
- }
- ar_id = identification_create_from_encoding(ike_type, id_value);
- DBG2(DBG_IMV, " %N AR identity '%Y' authenticated by %N",
- TNC_Subject_names, tcg_subject_type, ar_id,
+ DBG2(DBG_IMV, " %N AR identity '%.*s' authenticated by %N",
+ TNC_Subject_names, tcg_subject_type,
+ id_value.len, id_value.ptr,
TNC_Authentication_names, tcg_auth_type);
- state->set_ar_id(state, ar_id);
+ state->set_ar_id(state, tcg_id_type, id_value);
}
enumerator->destroy(enumerator);
diff --git a/src/libimcv/imv/imv_state.h b/src/libimcv/imv/imv_state.h
index 5a818e662..d1a87d2d7 100644
--- a/src/libimcv/imv/imv_state.h
+++ b/src/libimcv/imv/imv_state.h
@@ -80,16 +80,19 @@ struct imv_state_t {
/**
* Set Access Requestor ID
*
- * @param ar_id Access Requestor ID (is not going to be cloned)
+ * @param id_type Access Requestor TCG Standard ID Type
+ * @param id_value Access Requestor TCG Standard ID Value
+ *
*/
- void (*set_ar_id)(imv_state_t *this, identification_t *ar_id);
+ void (*set_ar_id)(imv_state_t *this, u_int32_t id_type, chunk_t id_value);
/**
* Get Access Requestor ID
*
- * @return Access Requestor ID
+ * @param id_type Access Requestor TCG Standard ID Type
+ * @return Access Requestor TCG Standard ID Value
*/
- identification_t* (*get_ar_id)(imv_state_t *this);
+ chunk_t (*get_ar_id)(imv_state_t *this, u_int32_t *id_type);
/**
* Change the connection state
diff --git a/src/libimcv/plugins/imv_os/imv_os.c b/src/libimcv/plugins/imv_os/imv_os.c
index e63fc73b1..f1cb74e50 100644
--- a/src/libimcv/plugins/imv_os/imv_os.c
+++ b/src/libimcv/plugins/imv_os/imv_os.c
@@ -378,6 +378,8 @@ static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg)
{
int device_id, count, count_update, count_blacklist, count_ok;
u_int os_settings;
+ u_int32_t id_type;
+ chunk_t id_value;
os_settings = os_state->get_os_settings(os_state);
os_state->get_count(os_state, &count, &count_update, &count_blacklist,
@@ -388,9 +390,10 @@ static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg)
/* Store device information in database */
device_id = os_state->get_device_id(os_state);
+ id_value = state->get_ar_id(state, &id_type);
if (os_db && device_id)
{
- os_db->set_device_info(os_db, device_id, state->get_ar_id(state),
+ os_db->set_device_info(os_db, device_id, id_type, id_value,
os_state->get_info(os_state, NULL, NULL, NULL),
count, count_update, count_blacklist, os_settings);
}
diff --git a/src/libimcv/plugins/imv_os/imv_os_database.c b/src/libimcv/plugins/imv_os/imv_os_database.c
index 730099af4..dff414497 100644
--- a/src/libimcv/plugins/imv_os/imv_os_database.c
+++ b/src/libimcv/plugins/imv_os/imv_os_database.c
@@ -214,9 +214,9 @@ METHOD(imv_os_database_t, get_device_id, int,
}
METHOD(imv_os_database_t, set_device_info, void,
- private_imv_os_database_t *this, int device_id, identification_t *ar_id,
- char *os_info, int count, int count_update, int count_blacklist,
- u_int flags)
+ private_imv_os_database_t *this, int device_id, u_int32_t ar_id_type,
+ chunk_t ar_id_value, char *os_info, int count, int count_update,
+ int count_blacklist, u_int flags)
{
enumerator_t *e;
time_t last_time;
@@ -245,8 +245,7 @@ METHOD(imv_os_database_t, set_device_info, void,
/* get primary key of AR identity if it exists */
e = this->db->query(this->db,
"SELECT id FROM identities WHERE type = ? AND data = ?",
- DB_INT, ar_id->get_type(ar_id),
- DB_BLOB, ar_id->get_encoding(ar_id), DB_INT);
+ DB_INT, ar_id_type, DB_BLOB, ar_id_value, DB_INT);
if (e)
{
e->enumerate(e, &iid);
@@ -258,8 +257,7 @@ METHOD(imv_os_database_t, set_device_info, void,
{
this->db->execute(this->db, &iid,
"INSERT INTO identities (type, data) VALUES (?, ?)",
- DB_INT, ar_id->get_type(ar_id),
- DB_BLOB, ar_id->get_encoding(ar_id));
+ DB_INT, ar_id_type, DB_BLOB, ar_id_value);
}
/* get latest device info record if it exists */
diff --git a/src/libimcv/plugins/imv_os/imv_os_database.h b/src/libimcv/plugins/imv_os/imv_os_database.h
index 790467f33..01d7e84a2 100644
--- a/src/libimcv/plugins/imv_os/imv_os_database.h
+++ b/src/libimcv/plugins/imv_os/imv_os_database.h
@@ -52,7 +52,8 @@ struct imv_os_database_t {
* Set health infos for a given device
*
* @param device_id Device ID primary key
- * @param ar_id Access Requestor ID
+ * @param ar_id_type Access Requestor ID Type
+ * @param ar_id_value Access Requestor ID Value
* @param os_info OS info string
* @param count Number of installed packages
* @param count_update Number of packages to be updated
@@ -60,9 +61,9 @@ struct imv_os_database_t {
* @param flags Various flags, e.g. illegal OS settings
*/
void (*set_device_info)(imv_os_database_t *this, int device_id,
- identification_t *ar_id, char *os_info,
- int count, int count_update, int count_blacklist,
- u_int flags);
+ u_int32_t ar_id_type, chunk_t ar_id_value,
+ char *os_info, int count, int count_update,
+ int count_blacklist, u_int flags);
/**
* Destroys an imv_os_database_t object.
diff --git a/src/libimcv/plugins/imv_os/imv_os_state.c b/src/libimcv/plugins/imv_os/imv_os_state.c
index 6a71a04aa..073d7133a 100644
--- a/src/libimcv/plugins/imv_os/imv_os_state.c
+++ b/src/libimcv/plugins/imv_os/imv_os_state.c
@@ -62,9 +62,14 @@ struct private_imv_os_state_t {
u_int32_t max_msg_len;
/**
- * Access Requestor ID
+ * Access Requestor ID Type
*/
- identification_t *ar_id;
+ u_int32_t ar_id_type;
+
+ /**
+ * Access Requestor ID Value
+ */
+ chunk_t ar_id_value;
/**
* IMV action recommendation
@@ -325,16 +330,20 @@ METHOD(imv_state_t, get_max_msg_len, u_int32_t,
}
METHOD(imv_state_t, set_ar_id, void,
- private_imv_os_state_t *this, identification_t *ar_id)
+ private_imv_os_state_t *this, u_int32_t id_type, chunk_t id_value)
{
- /* no cloning, caller must not destroy object */
- this->ar_id = ar_id;
+ this->ar_id_type = id_type;
+ this->ar_id_value = chunk_clone(id_value);
}
-METHOD(imv_state_t, get_ar_id, identification_t*,
- private_imv_os_state_t *this)
+METHOD(imv_state_t, get_ar_id, chunk_t,
+ private_imv_os_state_t *this, u_int32_t *id_type)
{
- return this->ar_id;
+ if (id_type)
+ {
+ *id_type = this->ar_id_type;
+ }
+ return this->ar_id_value;
}
METHOD(imv_state_t, change_state, void,
@@ -453,7 +462,6 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
METHOD(imv_state_t, destroy, void,
private_imv_os_state_t *this)
{
- DESTROY_IF(this->ar_id);
DESTROY_IF(this->reason_string);
DESTROY_IF(this->remediation_string);
this->update_packages->destroy_function(this->update_packages, free);
@@ -461,6 +469,7 @@ METHOD(imv_state_t, destroy, void,
free(this->info);
free(this->name.ptr);
free(this->version.ptr);
+ free(this->ar_id_value.ptr);
free(this);
}
diff --git a/src/libimcv/plugins/imv_scanner/imv_scanner_state.c b/src/libimcv/plugins/imv_scanner/imv_scanner_state.c
index 8821ed504..2123af7a8 100644
--- a/src/libimcv/plugins/imv_scanner/imv_scanner_state.c
+++ b/src/libimcv/plugins/imv_scanner/imv_scanner_state.c
@@ -59,9 +59,14 @@ struct private_imv_scanner_state_t {
u_int32_t max_msg_len;
/**
- * Access Requestor ID
+ * Access Requestor ID Type
*/
- identification_t *ar_id;
+ u_int32_t ar_id_type;
+
+ /**
+ * Access Requestor ID Value
+ */
+ chunk_t ar_id_value;
/**
* IMV action recommendation
@@ -171,16 +176,20 @@ METHOD(imv_state_t, get_max_msg_len, u_int32_t,
}
METHOD(imv_state_t, set_ar_id, void,
- private_imv_scanner_state_t *this, identification_t *ar_id)
+ private_imv_scanner_state_t *this, u_int32_t id_type, chunk_t id_value)
{
- /* no cloning, caller must not destroy object */
- this->ar_id = ar_id;
+ this->ar_id_type = id_type;
+ this->ar_id_value = chunk_clone(id_value);
}
-METHOD(imv_state_t, get_ar_id, identification_t*,
- private_imv_scanner_state_t *this)
+METHOD(imv_state_t, get_ar_id, chunk_t,
+ private_imv_scanner_state_t *this, u_int32_t *id_type)
{
- return this->ar_id;
+ if (id_type)
+ {
+ *id_type = this->ar_id_type;
+ }
+ return this->ar_id_value;
}
METHOD(imv_state_t, change_state, void,
@@ -256,10 +265,10 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
METHOD(imv_state_t, destroy, void,
private_imv_scanner_state_t *this)
{
- DESTROY_IF(this->ar_id);
DESTROY_IF(this->reason_string);
DESTROY_IF(this->remediation_string);
this->violating_ports->destroy_function(this->violating_ports, free);
+ free(this->ar_id_value.ptr);
free(this);
}
diff --git a/src/libimcv/plugins/imv_test/imv_test_state.c b/src/libimcv/plugins/imv_test/imv_test_state.c
index 385a37452..41da44d67 100644
--- a/src/libimcv/plugins/imv_test/imv_test_state.c
+++ b/src/libimcv/plugins/imv_test/imv_test_state.c
@@ -59,9 +59,14 @@ struct private_imv_test_state_t {
u_int32_t max_msg_len;
/**
- * Access Requestor ID
+ * Access Requestor ID Type
*/
- identification_t *ar_id;
+ u_int32_t ar_id_type;
+
+ /**
+ * Access Requestor ID Value
+ */
+ chunk_t ar_id_value;
/**
* IMV action recommendation
@@ -149,16 +154,20 @@ METHOD(imv_state_t, get_max_msg_len, u_int32_t,
}
METHOD(imv_state_t, set_ar_id, void,
- private_imv_test_state_t *this, identification_t *ar_id)
+ private_imv_test_state_t *this, u_int32_t id_type, chunk_t id_value)
{
- /* no cloning, caller must not destroy object */
- this->ar_id = ar_id;
+ this->ar_id_type = id_type;
+ this->ar_id_value = chunk_clone(id_value);
}
-METHOD(imv_state_t, get_ar_id, identification_t*,
- private_imv_test_state_t *this)
+METHOD(imv_state_t, get_ar_id, chunk_t,
+ private_imv_test_state_t *this, u_int32_t *id_type)
{
- return this->ar_id;
+ if (id_type)
+ {
+ *id_type = this->ar_id_type;
+ }
+ return this->ar_id_value;
}
METHOD(imv_state_t, change_state, void,
@@ -209,9 +218,9 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
METHOD(imv_state_t, destroy, void,
private_imv_test_state_t *this)
{
- DESTROY_IF(this->ar_id);
DESTROY_IF(this->reason_string);
this->imcs->destroy_function(this->imcs, free);
+ free(this->ar_id_value.ptr);
free(this);
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-14 01:10:01 +0000