libimcv: Reset of IMV state for new measurement cycle

2018-07-26 17:24:32 +02:00 · 2018-07-26 17:24:32 +02:00 · 25973c0350
parent 37c12f98b0
commit 25973c0350
9 changed files with 167 additions and 29 deletions
--- a/src/libimcv/imv/imv_agent.c
+++ b/src/libimcv/imv/imv_agent.c
@ -492,6 +492,7 @@ METHOD(imv_agent_t, change_state, TNC_Result,
 							   imv_state_t **state_p)
 {
 	imv_state_t *state;
+	TNC_ConnectionState old_state;

 	switch (new_state)
 	{
@ -506,7 +507,7 @@ METHOD(imv_agent_t, change_state, TNC_Result,
 							  this->id, this->name, connection_id);
 				return TNC_RESULT_FATAL;
 			}
-			state->change_state(state, new_state);
+			old_state = state->change_state(state, new_state);
 			DBG2(DBG_IMV, "IMV %u \"%s\" changed state of Connection ID %u to '%N'",
 						  this->id, this->name, connection_id,
 						  TNC_Connection_State_names, new_state);
@ -514,6 +515,13 @@ METHOD(imv_agent_t, change_state, TNC_Result,
 			{
 				*state_p = state;
 			}
+			if (new_state == TNC_CONNECTION_STATE_HANDSHAKE &&
+				old_state != TNC_CONNECTION_STATE_CREATE)
+			{
+				state->reset(state);
+				DBG2(DBG_IMV, "IMV %u \"%s\" reset state of Connection ID %u",
+							   this->id, this->name, connection_id);
+			}
 			break;
 		case TNC_CONNECTION_STATE_CREATE:
 			DBG1(DBG_IMV, "state '%N' should be handled by create_state()",
--- a/src/libimcv/imv/imv_state.h
+++ b/src/libimcv/imv/imv_state.h
@ -119,8 +119,10 @@ struct imv_state_t {
 	 * Change the connection state
 	 *
 	 * @param new_state		new connection state
+	 * @return				old connection state
 	 */
-	void (*change_state)(imv_state_t *this, TNC_ConnectionState new_state);
+	TNC_ConnectionState (*change_state)(imv_state_t *this,
+						 TNC_ConnectionState new_state);

 	/**
 	 * Get IMV action recommendation and evaluation result
@ -181,6 +183,11 @@ struct imv_state_t {
 										 chunk_t *string, char **lang_code,
 										 char **uri);

+	/**
+	 * Resets the state for a new measurement cycle triggered by a SRETRY batch
+	 */
+	void (*reset)(imv_state_t *this);
+
 	/**
 	 * Destroys an imv_state_t object
 	 */
--- a/src/libimcv/plugins/imv_attestation/imv_attestation_state.c
+++ b/src/libimcv/plugins/imv_attestation/imv_attestation_state.c
@ -250,10 +250,14 @@ METHOD(imv_state_t, get_contracts, seg_contract_manager_t*,
 	return this->contracts;
 }

-METHOD(imv_state_t, change_state, void,
+METHOD(imv_state_t, change_state, TNC_ConnectionState,
 	private_imv_attestation_state_t *this, TNC_ConnectionState new_state)
 {
+	TNC_ConnectionState old_state;
+
+	old_state = this->state;
 	this->state = new_state;
+	return old_state;
 }

 METHOD(imv_state_t, get_recommendation, void,
@ -338,6 +342,24 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
 	return FALSE;
 }

+METHOD(imv_state_t, reset, void,
+	private_imv_attestation_state_t *this)
+{
+	DESTROY_IF(this->reason_string);
+	this->reason_string = NULL;
+	this->rec  = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION;
+	this->eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
+
+	this->action_flags = 0;
+
+	this->handshake_state = IMV_ATTESTATION_STATE_INIT;
+	this->measurement_error = 0;
+	this->components->destroy_function(this->components, (void *)free_func_comp);
+	this->components = linked_list_create();
+	this->pts->destroy(this->pts);
+	this->pts = pts_create(FALSE);
+}
+
 METHOD(imv_state_t, destroy, void,
 	private_imv_attestation_state_t *this)
 {
@ -532,6 +554,7 @@ imv_state_t *imv_attestation_state_create(TNC_ConnectionID connection_id)
 				.update_recommendation = _update_recommendation,
 				.get_reason_string = _get_reason_string,
 				.get_remediation_instructions = _get_remediation_instructions,
+				.reset = _reset,
 				.destroy = _destroy,
 			},
 			.get_handshake_state = _get_handshake_state,
--- a/src/libimcv/plugins/imv_hcd/imv_hcd_state.c
+++ b/src/libimcv/plugins/imv_hcd/imv_hcd_state.c
@ -213,10 +213,14 @@ METHOD(imv_state_t, update_recommendation, void,
 	this->eval = tncif_policy_update_evaluation(this->eval, eval);
 }

-METHOD(imv_state_t, change_state, void,
+METHOD(imv_state_t, change_state, TNC_ConnectionState,
 	private_imv_hcd_state_t *this, TNC_ConnectionState new_state)
 {
+	TNC_ConnectionState old_state;
+
+	old_state = this->state;
 	this->state = new_state;
+	return old_state;
 }

 METHOD(imv_state_t, get_reason_string, bool,
@ -246,6 +250,24 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
 	return FALSE;
 }

+METHOD(imv_state_t, reset, void,
+	private_imv_hcd_state_t *this)
+{
+	DESTROY_IF(this->reason_string);
+	this->reason_string = NULL;
+	this->rec  = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION;
+	this->eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
+
+	this->handshake_state = IMV_HCD_STATE_INIT;
+	this->subtype_action_flags[0].action_flags = IMV_HCD_ATTR_NONE;
+	this->subtype_action_flags[1].action_flags = IMV_HCD_ATTR_SYSTEM_ONLY;
+	this->subtype_action_flags[2].action_flags = IMV_HCD_ATTR_SYSTEM_ONLY;
+	this->subtype_action_flags[3].action_flags = IMV_HCD_ATTR_SYSTEM_ONLY;
+	this->subtype_action_flags[4].action_flags = IMV_HCD_ATTR_SYSTEM_ONLY;
+	this->subtype_action_flags[5].action_flags = IMV_HCD_ATTR_SYSTEM_ONLY;
+	this->action_flags = &this->subtype_action_flags[0].action_flags;
+}
+
 METHOD(imv_state_t, destroy, void,
 	private_imv_hcd_state_t *this)
 {
@ -320,6 +342,7 @@ imv_state_t *imv_hcd_state_create(TNC_ConnectionID connection_id)
 				.update_recommendation = _update_recommendation,
 				.get_reason_string = _get_reason_string,
 				.get_remediation_instructions = _get_remediation_instructions,
+				.reset = _reset,
 				.destroy = _destroy,
 			},
 			.set_handshake_state = _set_handshake_state,
--- a/src/libimcv/plugins/imv_os/imv_os_state.c
+++ b/src/libimcv/plugins/imv_os/imv_os_state.c
@ -362,10 +362,14 @@ METHOD(imv_state_t, update_recommendation, void,
 	this->eval = tncif_policy_update_evaluation(this->eval, eval);
 }

-METHOD(imv_state_t, change_state, void,
+METHOD(imv_state_t, change_state, TNC_ConnectionState,
 	private_imv_os_state_t *this, TNC_ConnectionState new_state)
 {
+	TNC_ConnectionState old_state;
+
+	old_state = this->state;
 	this->state = new_state;
+	return old_state;
 }

 METHOD(imv_state_t, get_reason_string, bool,
@ -466,6 +470,32 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
 	return TRUE;
 }

+METHOD(imv_state_t, reset, void,
+	private_imv_os_state_t *this)
+{
+	DESTROY_IF(this->reason_string);
+	DESTROY_IF(this->remediation_string);
+	this->reason_string = NULL;
+	this->remediation_string = NULL;
+	this->rec  = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION;
+	this->eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
+
+	this->action_flags = 0;
+
+	this->handshake_state = IMV_OS_STATE_INIT;
+	this->count = 0;
+	this->count_security = 0;
+	this->count_blacklist = 0;
+	this->count_ok = 0;
+	this->os_settings = 0;
+	this->missing = 0;
+
+	this->update_packages->destroy_function(this->update_packages, free);
+	this->remove_packages->destroy_function(this->remove_packages, free);
+	this->update_packages = linked_list_create();
+	this->remove_packages = linked_list_create();
+}
+
 METHOD(imv_state_t, destroy, void,
 	private_imv_os_state_t *this)
 {
@ -590,6 +620,7 @@ imv_state_t *imv_os_state_create(TNC_ConnectionID connection_id)
 				.update_recommendation = _update_recommendation,
 				.get_reason_string = _get_reason_string,
 				.get_remediation_instructions = _get_remediation_instructions,
+				.reset = _reset,
 				.destroy = _destroy,
 			},
 			.set_handshake_state = _set_handshake_state,
--- a/src/libimcv/plugins/imv_scanner/imv_scanner_state.c
+++ b/src/libimcv/plugins/imv_scanner/imv_scanner_state.c
@ -222,10 +222,14 @@ METHOD(imv_state_t, get_contracts, seg_contract_manager_t*,
 	return this->contracts;
 }

-METHOD(imv_state_t, change_state, void,
+METHOD(imv_state_t, change_state, TNC_ConnectionState,
 	private_imv_scanner_state_t *this, TNC_ConnectionState new_state)
 {
+	TNC_ConnectionState old_state;
+
+	old_state = this->state;
 	this->state = new_state;
+	return old_state;
 }

 METHOD(imv_state_t, get_recommendation, void,
@ -303,6 +307,26 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
 	return TRUE;
 }

+METHOD(imv_state_t, reset, void,
+	private_imv_scanner_state_t *this)
+{
+	DESTROY_IF(this->reason_string);
+	DESTROY_IF(this->remediation_string);
+	this->reason_string = NULL;
+	this->remediation_string = NULL;
+	this->rec  = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION;
+	this->eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
+
+	this->action_flags = 0;
+
+	this->handshake_state = IMV_SCANNER_STATE_INIT;
+
+	DESTROY_IF(&this->port_filter_attr->pa_tnc_attribute);
+	this->port_filter_attr = NULL;
+	this->violating_ports->destroy_function(this->violating_ports, free);
+	this->violating_ports = linked_list_create();
+}
+
 METHOD(imv_state_t, destroy, void,
 	private_imv_scanner_state_t *this)
 {
@ -373,6 +397,7 @@ imv_state_t *imv_scanner_state_create(TNC_ConnectionID connection_id)
 				.update_recommendation = _update_recommendation,
 				.get_reason_string = _get_reason_string,
 				.get_remediation_instructions = _get_remediation_instructions,
+				.reset = _reset,
 				.destroy = _destroy,
 			},
 			.set_handshake_state = _set_handshake_state,
@ -391,5 +416,3 @@ imv_state_t *imv_scanner_state_create(TNC_ConnectionID connection_id)

 	return &this->public.interface;
 }
-
-
--- a/src/libimcv/plugins/imv_swima/imv_swima_agent.c
+++ b/src/libimcv/plugins/imv_swima/imv_swima_agent.c
@ -90,19 +90,12 @@ METHOD(imv_agent_if_t, notify_connection_change, TNC_Result,
 	TNC_ConnectionState new_state)
 {
 	imv_state_t *state;
-	imv_swima_state_t *swima_state;

 	switch (new_state)
 	{
 		case TNC_CONNECTION_STATE_CREATE:
 			state = imv_swima_state_create(id);
 			return this->agent->create_state(this->agent, state);
- 		case TNC_CONNECTION_STATE_HANDSHAKE:
- 			this->agent->change_state(this->agent, id, new_state, &state);
- 			state->set_action_flags(state, 0);
- 			swima_state = (imv_swima_state_t*)state;
- 			swima_state->set_handshake_state(swima_state, IMV_SWIMA_STATE_INIT);
- 			return TNC_RESULT_SUCCESS;
 		case TNC_CONNECTION_STATE_DELETE:
 			return this->agent->delete_state(this->agent, id);
 		default:
--- a/src/libimcv/plugins/imv_swima/imv_swima_state.c
+++ b/src/libimcv/plugins/imv_swima/imv_swima_state.c
@ -182,16 +182,7 @@ METHOD(imv_state_t, get_max_msg_len, uint32_t,
 METHOD(imv_state_t, set_action_flags, void,
 	private_imv_swima_state_t *this, uint32_t flags)
 {
-	if (flags == 0)
-	{
-		/* reset action flags */
-		this->action_flags = 0;
-	}
-	else
-	{
-		/* add flags */
-		this->action_flags |= flags;
-	}
+	this->action_flags |= flags;
 }

 METHOD(imv_state_t, get_action_flags, uint32_t,
@ -218,10 +209,14 @@ METHOD(imv_state_t, get_contracts, seg_contract_manager_t*,
 	return this->contracts;
 }

-METHOD(imv_state_t, change_state, void,
+METHOD(imv_state_t, change_state, TNC_ConnectionState,
 	private_imv_swima_state_t *this, TNC_ConnectionState new_state)
 {
+	TNC_ConnectionState old_state;
+
+	old_state = this->state;
 	this->state = new_state;
+	return old_state;
 }

 METHOD(imv_state_t, get_recommendation, void,
@ -262,13 +257,28 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
 	return FALSE;
 }

+METHOD(imv_state_t, reset, void,
+	private_imv_swima_state_t *this)
+{
+	this->rec  = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION;
+	this->eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
+
+	this->action_flags = 0;
+
+	this->handshake_state = IMV_SWIMA_STATE_INIT;
+	this->sw_id_count = 0;
+	this->tag_count = 0;
+	this->missing = 0;
+
+	json_object_put(this->jobj);
+	this->jobj = json_object_new_object();
+}
+
 METHOD(imv_state_t, destroy, void,
 	private_imv_swima_state_t *this)
 {
 	json_object_put(this->jobj);
 	DESTROY_IF(this->session);
-	DESTROY_IF(this->reason_string);
-	DESTROY_IF(this->remediation_string);
 	this->contracts->destroy(this->contracts);
 	free(this);
 }
@ -479,6 +489,7 @@ imv_state_t *imv_swima_state_create(TNC_ConnectionID connection_id)
 				.update_recommendation = _update_recommendation,
 				.get_reason_string = _get_reason_string,
 				.get_remediation_instructions = _get_remediation_instructions,
+				.reset = _reset,
 				.destroy = _destroy,
 			},
 			.set_handshake_state = _set_handshake_state,
--- a/src/libimcv/plugins/imv_test/imv_test_state.c
+++ b/src/libimcv/plugins/imv_test/imv_test_state.c
@ -173,10 +173,14 @@ METHOD(imv_state_t, get_contracts, seg_contract_manager_t*,
 	return this->contracts;
 }

-METHOD(imv_state_t, change_state, void,
+METHOD(imv_state_t, change_state, TNC_ConnectionState,
 	private_imv_test_state_t *this, TNC_ConnectionState new_state)
 {
+	TNC_ConnectionState old_state;
+
+	old_state = this->state;
 	this->state = new_state;
+	return old_state;
 }

 METHOD(imv_state_t, get_recommendation, void,
@ -226,6 +230,20 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
 	return FALSE;
 }

+METHOD(imv_state_t, reset, void,
+	private_imv_test_state_t *this)
+{
+	DESTROY_IF(this->reason_string);
+	this->reason_string = NULL;
+	this->rec  = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION;
+	this->eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
+
+	this->imcs->destroy_function(this->imcs, free);
+	this->imcs = linked_list_create();
+
+}
+
+
 METHOD(imv_state_t, destroy, void,
 	private_imv_test_state_t *this)
 {
@ -326,6 +344,7 @@ imv_state_t *imv_test_state_create(TNC_ConnectionID connection_id)
 				.update_recommendation = _update_recommendation,
 				.get_reason_string = _get_reason_string,
 				.get_remediation_instructions = _get_remediation_instructions,
+				.reset = _reset,
 				.destroy = _destroy,
 			},
 			.add_imc = _add_imc,