attest can query components
This commit is contained in:
Andreas Steffen
parent
602122771e
commit
6b55276a94
|
|
@ -27,7 +27,7 @@ attest_SOURCES = attest.c \
|
|||
attest_db.h attest_db.c \
|
||||
tables.sql data.sql
|
||||
attest_LDADD = \
|
||||
$(top_builddir)/src/libpts/libpts.la \
|
||||
$(top_builddir)/src/libimcv/libimcv.la \
|
||||
$(top_builddir)/src/libpts/libpts.la \
|
||||
$(top_builddir)/src/libstrongswan/libstrongswan.la
|
||||
attest.o : $(top_builddir)/config.status
|
||||
|
|
|
|||
|
|
@ -19,14 +19,63 @@
|
|||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <errno.h>
|
||||
#include <syslog.h>
|
||||
|
||||
#include <library.h>
|
||||
#include <debug.h>
|
||||
|
||||
#include <imcv.h>
|
||||
#include <libpts.h>
|
||||
#include <pts/pts_meas_algo.h>
|
||||
|
||||
#include "attest_db.h"
|
||||
#include "attest_usage.h"
|
||||
|
||||
/**
|
||||
* global debug output variables
|
||||
*/
|
||||
static int debug_level = 0;
|
||||
static bool stderr_quiet = TRUE;
|
||||
|
||||
/**
|
||||
* attest dbg function
|
||||
*/
|
||||
static void attest_dbg(debug_t group, level_t level, char *fmt, ...)
|
||||
{
|
||||
int priority = LOG_INFO;
|
||||
char buffer[8192];
|
||||
char *current = buffer, *next;
|
||||
va_list args;
|
||||
|
||||
if (level <= debug_level)
|
||||
{
|
||||
if (!stderr_quiet)
|
||||
{
|
||||
va_start(args, fmt);
|
||||
vfprintf(stderr, fmt, args);
|
||||
fprintf(stderr, "\n");
|
||||
va_end(args);
|
||||
}
|
||||
|
||||
/* write in memory buffer first */
|
||||
va_start(args, fmt);
|
||||
vsnprintf(buffer, sizeof(buffer), fmt, args);
|
||||
va_end(args);
|
||||
|
||||
/* do a syslog with every line */
|
||||
while (current)
|
||||
{
|
||||
next = strchr(current, '\n');
|
||||
if (next)
|
||||
{
|
||||
*(next++) = '\0';
|
||||
}
|
||||
syslog(priority, "%s\n", current);
|
||||
current = next;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* global attestation database object
|
||||
*/
|
||||
|
|
@ -46,6 +95,7 @@ static void do_args(int argc, char *argv[])
|
|||
OP_UNDEF,
|
||||
OP_USAGE,
|
||||
OP_FILES,
|
||||
OP_COMPONENTS,
|
||||
OP_PRODUCTS,
|
||||
OP_HASHES,
|
||||
OP_ADD,
|
||||
|
|
@ -61,6 +111,7 @@ static void do_args(int argc, char *argv[])
|
|||
|
||||
struct option long_opts[] = {
|
||||
{ "help", no_argument, NULL, 'h' },
|
||||
{ "components", no_argument, NULL, 'c' },
|
||||
{ "files", no_argument, NULL, 'f' },
|
||||
{ "products", no_argument, NULL, 'p' },
|
||||
{ "hashes", no_argument, NULL, 'H' },
|
||||
|
|
@ -93,6 +144,9 @@ static void do_args(int argc, char *argv[])
|
|||
case 'h':
|
||||
op = OP_USAGE;
|
||||
break;
|
||||
case 'c':
|
||||
op = OP_COMPONENTS;
|
||||
continue;
|
||||
case 'f':
|
||||
op = OP_FILES;
|
||||
continue;
|
||||
|
|
@ -180,6 +234,9 @@ static void do_args(int argc, char *argv[])
|
|||
case OP_PRODUCTS:
|
||||
attest->list_products(attest);
|
||||
break;
|
||||
case OP_COMPONENTS:
|
||||
attest->list_components(attest);
|
||||
break;
|
||||
case OP_FILES:
|
||||
attest->list_files(attest);
|
||||
break;
|
||||
|
|
@ -205,6 +262,10 @@ int main(int argc, char *argv[])
|
|||
{
|
||||
char *uri;
|
||||
|
||||
/* enable attest debugging hook */
|
||||
dbg = attest_dbg;
|
||||
openlog("attest", 0, LOG_DEBUG);
|
||||
|
||||
atexit(library_deinit);
|
||||
|
||||
/* initialize library */
|
||||
|
|
@ -230,9 +291,15 @@ int main(int argc, char *argv[])
|
|||
exit(SS_RC_INITIALIZATION_FAILED);
|
||||
}
|
||||
atexit(cleanup);
|
||||
libimcv_init();
|
||||
libpts_init();
|
||||
|
||||
do_args(argc, argv);
|
||||
|
||||
libpts_deinit();
|
||||
libimcv_deinit();
|
||||
closelog();
|
||||
|
||||
exit(EXIT_SUCCESS);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -15,6 +15,9 @@
|
|||
|
||||
#include "attest_db.h"
|
||||
|
||||
#include "libpts.h"
|
||||
#include "pts/components/pts_comp_func_name.h"
|
||||
|
||||
typedef struct private_attest_db_t private_attest_db_t;
|
||||
|
||||
/**
|
||||
|
|
@ -318,6 +321,62 @@ METHOD(attest_db_t, set_algo, void,
|
|||
this->algo = algo;
|
||||
}
|
||||
|
||||
METHOD(attest_db_t, list_components, void,
|
||||
private_attest_db_t *this)
|
||||
{
|
||||
enumerator_t *e;
|
||||
enum_name_t *names, *types;
|
||||
pts_comp_func_name_t *cfn;
|
||||
int type, cid, vid, name, qualifier, count = 0;
|
||||
char flags[8];
|
||||
|
||||
if (this->pid)
|
||||
{
|
||||
e = this->db->query(this->db,
|
||||
"SELECT c.id, c.vendor_id, c.name, c.qualifier "
|
||||
"FROM components AS c "
|
||||
"JOIN product_component AS pc ON c.id = pc.component "
|
||||
"WHERE pc.product = ? ORDER BY c.vendor_id, c.name, c.qualifier",
|
||||
DB_INT, this->pid, DB_INT, DB_INT, DB_INT, DB_INT);
|
||||
}
|
||||
else
|
||||
{
|
||||
e = this->db->query(this->db,
|
||||
"SELECT id, vendor_id, name, qualifier FROM components "
|
||||
"ORDER BY vendor_id, name, qualifier",
|
||||
DB_INT, DB_INT, DB_INT, DB_INT);
|
||||
}
|
||||
if (e)
|
||||
{
|
||||
while (e->enumerate(e, &cid, &vid, &name, &qualifier))
|
||||
{
|
||||
printf("%3d: 0x%06x/0x%08x-0x%02x", cid, vid, name, qualifier);
|
||||
|
||||
cfn = pts_comp_func_name_create(vid, name, qualifier);
|
||||
names = pts_components->get_comp_func_names(pts_components, vid);
|
||||
types = pts_components->get_qualifier_type_names(pts_components, vid);
|
||||
type = pts_components->get_qualifier(pts_components, cfn, flags);
|
||||
if (names && types)
|
||||
{
|
||||
printf(" %N '%N' [%s] '%N'", pen_names, vid, names, name, flags,
|
||||
types, type);
|
||||
}
|
||||
printf("\n");
|
||||
cfn->destroy(cfn);
|
||||
|
||||
count++;
|
||||
}
|
||||
e->destroy(e);
|
||||
|
||||
printf("%d component%s found", count, (count == 1) ? "" : "s");
|
||||
if (this->product)
|
||||
{
|
||||
printf(" for product '%s'", this->product);
|
||||
}
|
||||
printf("\n");
|
||||
}
|
||||
}
|
||||
|
||||
METHOD(attest_db_t, list_files, void,
|
||||
private_attest_db_t *this)
|
||||
{
|
||||
|
|
@ -383,7 +442,7 @@ METHOD(attest_db_t, list_products, void,
|
|||
{
|
||||
while (e->enumerate(e, &pid, &product))
|
||||
{
|
||||
printf("%3d: %s\n", pid, product);
|
||||
printf("%3d: %s\n", pid, product);
|
||||
count++;
|
||||
}
|
||||
e->destroy(e);
|
||||
|
|
@ -647,6 +706,7 @@ attest_db_t *attest_db_create(char *uri)
|
|||
.set_algo = _set_algo,
|
||||
.list_products = _list_products,
|
||||
.list_files = _list_files,
|
||||
.list_components = _list_components,
|
||||
.list_hashes = _list_hashes,
|
||||
.add = _add,
|
||||
.delete = _delete,
|
||||
|
|
|
|||
|
|
@ -101,6 +101,11 @@ struct attest_db_t {
|
|||
*/
|
||||
void (*list_files)(attest_db_t *this);
|
||||
|
||||
/**
|
||||
* List all components stored in the database
|
||||
*/
|
||||
void (*list_components)(attest_db_t *this);
|
||||
|
||||
/**
|
||||
* List selected measurement hashes stored in the database
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -24,12 +24,16 @@ void usage(void)
|
|||
{
|
||||
printf("\
|
||||
Usage:\n\
|
||||
ipsec attest --files|--products|--hashes [options]\n\
|
||||
ipsec attest --files|--components|--products|--hashes [options]\n\
|
||||
\n\
|
||||
ipsec attest --files [--product <name>|--pid <id>]\n\
|
||||
Show a list of files with a software product name or\n\
|
||||
its primary key as an optional selector.\n\
|
||||
\n\
|
||||
ipsec attest --components [--product <name>|--pid <id>]\n\
|
||||
Show a list of components with a software product name or\n\
|
||||
its primary key as an optional selector.\n\
|
||||
\n\
|
||||
ipsec attest --products [--file <path>|--fid <id>]\n\
|
||||
Show a list of supported software products with a file path or\n\
|
||||
its primary key as an optional selector.\n\
|
||||
|
|
|
|||
Loading…
Reference in New Issue