diff options
Diffstat (limited to 'src/libimcv')
| -rw-r--r-- | src/libimcv/imv/imv_agent.c | 27 | ||||
| -rw-r--r-- | src/libimcv/imv/imv_agent.h | 7 | ||||
| -rw-r--r-- | src/libimcv/plugins/imv_os/imv_os.c | 2 | ||||
| -rw-r--r-- | src/libimcv/plugins/imv_os/imv_os_database.c | 48 | ||||
| -rw-r--r-- | src/libimcv/plugins/imv_os/imv_os_database.h | 4 |
5 files changed, 67 insertions, 21 deletions
diff --git a/src/libimcv/imv/imv_agent.c b/src/libimcv/imv/imv_agent.c index 78e584dfb..2eec0ecde 100644 --- a/src/libimcv/imv/imv_agent.c +++ b/src/libimcv/imv/imv_agent.c @@ -73,6 +73,11 @@ struct private_imv_agent_t { rwlock_t *connection_lock; /** + * Access Requestor ID + */ + identification_t *ar_id; + + /** * Inform a TNCS about the set of message types the IMV is able to receive * * @param imv_id IMV ID assigned by TNCS @@ -445,7 +450,6 @@ METHOD(imv_agent_t, create_state, TNC_Result, int tcg_id_type, tcg_subject_type, tcg_auth_type; chunk_t id_value; id_type_t ike_type; - identification_t *id; id_type = tnc_id->get_identity_type(tnc_id); id_value = tnc_id->get_identity_value(tnc_id); @@ -468,12 +472,14 @@ METHOD(imv_agent_t, create_state, TNC_Result, ike_type = ID_IPV6_ADDR; break; case TNC_ID_FQDN: - case TNC_ID_USER_NAME: ike_type = ID_FQDN; break; case TNC_ID_RFC822_ADDR: ike_type = ID_RFC822_ADDR; break; + case TNC_ID_USER_NAME: + ike_type = ID_USER_ID; + break; case TNC_ID_DER_ASN1_DN: ike_type = ID_DER_ASN1_DN; break; @@ -486,11 +492,10 @@ METHOD(imv_agent_t, create_state, TNC_Result, break; } - id = identification_create_from_encoding(ike_type, id_value); - DBG2(DBG_IMV, "%N identity '%Y' authenticated by %N", - TNC_Subject_names, tcg_subject_type, id, - TNC_Authentication_names, tcg_auth_type); - id->destroy(id); + this->ar_id = identification_create_from_encoding(ike_type, id_value); + DBG2(DBG_IMV, " %N AR identity '%Y' authenticated by %N", + TNC_Subject_names, tcg_subject_type, this->ar_id, + TNC_Authentication_names, tcg_auth_type); } enumerator->destroy(enumerator); @@ -593,6 +598,12 @@ METHOD(imv_agent_t, get_id, TNC_IMVID, return this->id; } +METHOD(imv_agent_t, get_ar_id, identification_t*, + private_imv_agent_t *this) +{ + return this->ar_id; +} + METHOD(imv_agent_t, reserve_additional_ids, TNC_Result, private_imv_agent_t *this, int count) { @@ -782,6 +793,7 @@ METHOD(imv_agent_t, destroy, void, private_imv_agent_t *this) { DBG1(DBG_IMV, "IMV %u \"%s\" terminated", this->id, this->name); + DESTROY_IF(this->ar_id); this->additional_ids->destroy(this->additional_ids); this->connections->destroy_offset(this->connections, offsetof(imv_state_t, destroy)); @@ -816,6 +828,7 @@ imv_agent_t *imv_agent_create(const char *name, .get_state = _get_state, .get_name = _get_name, .get_id = _get_id, + .get_ar_id = _get_ar_id, .reserve_additional_ids = _reserve_additional_ids, .count_additional_ids = _count_additional_ids, .create_id_enumerator = _create_id_enumerator, diff --git a/src/libimcv/imv/imv_agent.h b/src/libimcv/imv/imv_agent.h index 4d0716f90..737caa173 100644 --- a/src/libimcv/imv/imv_agent.h +++ b/src/libimcv/imv/imv_agent.h @@ -152,6 +152,13 @@ struct imv_agent_t { TNC_IMVID (*get_id)(imv_agent_t *this); /** + * Get Access Requestor ID + * + * return Access Requestor ID + */ + identification_t* (*get_ar_id)(imv_agent_t *this); + + /** * Reserve additional IMV IDs from TNCS * * @param count number of additional IMV IDs to be assigned diff --git a/src/libimcv/plugins/imv_os/imv_os.c b/src/libimcv/plugins/imv_os/imv_os.c index ecc6cfc4f..68b14abfb 100644 --- a/src/libimcv/plugins/imv_os/imv_os.c +++ b/src/libimcv/plugins/imv_os/imv_os.c @@ -390,7 +390,7 @@ static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg) device_id = os_state->get_device_id(os_state); if (os_db && device_id) { - os_db->set_device_info(os_db, device_id, + os_db->set_device_info(os_db, device_id, imv_os->get_ar_id(imv_os), os_state->get_info(os_state, NULL, NULL, NULL), count, count_update, count_blacklist, os_settings); } diff --git a/src/libimcv/plugins/imv_os/imv_os_database.c b/src/libimcv/plugins/imv_os/imv_os_database.c index c6db9953f..730099af4 100644 --- a/src/libimcv/plugins/imv_os/imv_os_database.c +++ b/src/libimcv/plugins/imv_os/imv_os_database.c @@ -214,12 +214,14 @@ METHOD(imv_os_database_t, get_device_id, int, } METHOD(imv_os_database_t, set_device_info, void, - private_imv_os_database_t *this, int device_id, char *os_info, - int count, int count_update, int count_blacklist, u_int flags) + private_imv_os_database_t *this, int device_id, identification_t *ar_id, + char *os_info, int count, int count_update, int count_blacklist, + u_int flags) { enumerator_t *e; time_t last_time; - int pid = 0, last_pid = 0, last_count_update = 0, last_count_blacklist = 0; + int pid = 0, last_pid = 0, iid = 0, last_iid; + int last_count_update = 0, last_count_blacklist = 0; u_int last_flags; bool found = FALSE; @@ -233,26 +235,47 @@ METHOD(imv_os_database_t, set_device_info, void, e->destroy(e); } - /* if OS ifo string has not been found - register it */ + /* if OS info string has not been found - register it */ if (!pid) { this->db->execute(this->db, &pid, "INSERT INTO products (name) VALUES (?)", DB_TEXT, os_info); } + /* get primary key of AR identity if it exists */ + e = this->db->query(this->db, + "SELECT id FROM identities WHERE type = ? AND data = ?", + DB_INT, ar_id->get_type(ar_id), + DB_BLOB, ar_id->get_encoding(ar_id), DB_INT); + if (e) + { + e->enumerate(e, &iid); + e->destroy(e); + } + + /* if AR identity has not been found - register it */ + if (!iid) + { + this->db->execute(this->db, &iid, + "INSERT INTO identities (type, data) VALUES (?, ?)", + DB_INT, ar_id->get_type(ar_id), + DB_BLOB, ar_id->get_encoding(ar_id)); + } + /* get latest device info record if it exists */ e = this->db->query(this->db, - "SELECT time, product, count_update, count_blacklist, flags " + "SELECT time, ar_id, product, count_update, count_blacklist, flags " "FROM device_infos WHERE device = ? ORDER BY time DESC", - DB_INT, device_id, DB_UINT, DB_INT, DB_INT, DB_INT, DB_UINT); + DB_INT, device_id, DB_INT, DB_INT, DB_INT, DB_INT, DB_INT, DB_UINT); if (e) { - found = e->enumerate(e, &last_time, &last_pid, &last_count_update, - &last_count_blacklist, &last_flags); + found = e->enumerate(e, &last_time, &last_iid, &last_pid, + &last_count_update, &last_count_blacklist, + &last_flags); e->destroy(e); } if (found && !last_count_update && !last_count_blacklist && !last_flags && - pid == last_pid) + iid == last_iid && pid == last_pid) { /* update device info */ this->db->execute(this->db, NULL, @@ -266,9 +289,10 @@ METHOD(imv_os_database_t, set_device_info, void, { /* insert device info */ this->db->execute(this->db, NULL, - "INSERT INTO device_infos (device, time, product, count, " - "count_update, count_blacklist, flags) VALUES (?, ?, ?, ?, ?, ?, ?)", - DB_INT, device_id, DB_UINT, time(NULL), DB_INT, pid, + "INSERT INTO device_infos (device, time, ar_id, product, count, " + "count_update, count_blacklist, flags) " + "VALUES (?, ?, ?, ?, ?, ?, ?, ?)", + DB_INT, device_id, DB_UINT, time(NULL), DB_INT, iid, DB_INT, pid, DB_INT, count, DB_INT, count_update, DB_INT, count_blacklist, DB_UINT, flags); } diff --git a/src/libimcv/plugins/imv_os/imv_os_database.h b/src/libimcv/plugins/imv_os/imv_os_database.h index b5e1b6583..790467f33 100644 --- a/src/libimcv/plugins/imv_os/imv_os_database.h +++ b/src/libimcv/plugins/imv_os/imv_os_database.h @@ -52,13 +52,15 @@ struct imv_os_database_t { * Set health infos for a given device * * @param device_id Device ID primary key + * @param ar_id Access Requestor ID * @param os_info OS info string * @param count Number of installed packages * @param count_update Number of packages to be updated * @param count_blacklist Number of blacklisted packages * @param flags Various flags, e.g. illegal OS settings */ - void (*set_device_info)(imv_os_database_t *this, int device_id, char *os_info, + void (*set_device_info)(imv_os_database_t *this, int device_id, + identification_t *ar_id, char *os_info, int count, int count_update, int count_blacklist, u_int flags); |