libimcv: Reset of IMC state for new measurement cycle

2018-07-31 14:06:21 +02:00 · 2018-07-31 14:06:21 +02:00 · 731e043c8e
parent 25973c0350
commit 731e043c8e
13 changed files with 101 additions and 58 deletions
--- a/src/libimcv/imc/imc_agent.c
+++ b/src/libimcv/imc/imc_agent.c
@ -410,6 +410,7 @@ METHOD(imc_agent_t, change_state, TNC_Result,
 							   imc_state_t **state_p)
 {
 	imc_state_t *state;
+	TNC_ConnectionState old_state;

 	switch (new_state)
 	{
@ -425,7 +426,7 @@ METHOD(imc_agent_t, change_state, TNC_Result,
 							  this->id, this->name, connection_id);
 				return TNC_RESULT_FATAL;
 			}
-			state->change_state(state, new_state);
+			old_state = state->change_state(state, new_state);
 			DBG2(DBG_IMC, "IMC %u \"%s\" changed state of Connection ID %u to '%N'",
 						  this->id, this->name, connection_id,
 						  TNC_Connection_State_names, new_state);
@ -433,6 +434,13 @@ METHOD(imc_agent_t, change_state, TNC_Result,
 			{
 				*state_p = state;
 			}
+			if (new_state == TNC_CONNECTION_STATE_HANDSHAKE &&
+				old_state != TNC_CONNECTION_STATE_CREATE)
+			{
+				state->reset(state);
+				DBG2(DBG_IMC, "IMC %u \"%s\" reset state of Connection ID %u",
+							   this->id, this->name, connection_id);
+			}
 			break;
 		case TNC_CONNECTION_STATE_CREATE:
 			DBG1(DBG_IMC, "state '%N' should be handled by create_state()",
--- a/src/libimcv/imc/imc_state.h
+++ b/src/libimcv/imc/imc_state.h
@ -92,8 +92,10 @@ struct imc_state_t {
 	 * Change the connection state
 	 *
 	 * @param new_state		new connection state
+	 * @return				old connection state
 	 */
-	void (*change_state)(imc_state_t *this, TNC_ConnectionState new_state);
+	TNC_ConnectionState (*change_state)(imc_state_t *this,
+						 TNC_ConnectionState new_state);

 	/**
 	 * Set the Assessment/Evaluation Result
@ -114,6 +116,11 @@ struct imc_state_t {
 	bool (*get_result)(imc_state_t *this, TNC_IMCID id,
 										  TNC_IMV_Evaluation_Result *result);

+	/**
+	 * Resets the state for a new measurement cycle triggered by a SRETRY batch
+	 */
+	void (*reset)(imc_state_t *this);
+
 	/**
 	 * Destroys an imc_state_t object
 	 */
--- a/src/libimcv/plugins/imc_attestation/imc_attestation.c
+++ b/src/libimcv/plugins/imc_attestation/imc_attestation.c
@ -115,19 +115,8 @@ TNC_Result TNC_IMC_API TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id,
 		case TNC_CONNECTION_STATE_CREATE:
 			state = imc_attestation_state_create(connection_id);
 			return imc_attestation->create_state(imc_attestation, state);
-		case TNC_CONNECTION_STATE_HANDSHAKE:
-			if (imc_attestation->change_state(imc_attestation, connection_id,
-				new_state, &state) != TNC_RESULT_SUCCESS)
-			{
-				return TNC_RESULT_FATAL;
-			}
-			state->set_result(state, imc_id,
-							  TNC_IMV_EVALUATION_RESULT_DONT_KNOW);
-			return TNC_RESULT_SUCCESS;
 		case TNC_CONNECTION_STATE_DELETE:
 			return imc_attestation->delete_state(imc_attestation, connection_id);
-		case TNC_CONNECTION_STATE_ACCESS_ISOLATED:
-		case TNC_CONNECTION_STATE_ACCESS_NONE:
 		default:
 			return imc_attestation->change_state(imc_attestation, connection_id,
 												  new_state, NULL);
--- a/src/libimcv/plugins/imc_attestation/imc_attestation_state.c
+++ b/src/libimcv/plugins/imc_attestation/imc_attestation_state.c
@ -131,10 +131,14 @@ METHOD(imc_state_t, get_contracts, seg_contract_manager_t*,
 	return this->contracts;
 }

-METHOD(imc_state_t, change_state, void,
+METHOD(imc_state_t, change_state, TNC_ConnectionState,
 	private_imc_attestation_state_t *this, TNC_ConnectionState new_state)
 {
+	TNC_ConnectionState old_state;
+
+	old_state = this->state;
 	this->state = new_state;
+	return old_state;
 }

 METHOD(imc_state_t, set_result, void,
@ -155,6 +159,21 @@ METHOD(imc_state_t, get_result, bool,
 	return this->result != TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
 }

+METHOD(imc_state_t, reset, void,
+	private_imc_attestation_state_t *this)
+{
+	this->result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
+
+	this->components->destroy_offset(this->components,
+							offsetof(pts_component_t, destroy));
+	this->components = linked_list_create();
+	this->list->destroy_offset(this->list,
+							offsetof(pts_comp_evidence_t, destroy));
+	this->list = linked_list_create();
+	this->pts->destroy(this->pts);
+	this->pts = pts_create(TRUE);
+}
+
 METHOD(imc_state_t, destroy, void,
 	private_imc_attestation_state_t *this)
 {
@ -238,6 +257,7 @@ imc_state_t *imc_attestation_state_create(TNC_ConnectionID connection_id)
 				.change_state = _change_state,
 				.set_result = _set_result,
 				.get_result = _get_result,
+				.reset = _reset,
 				.destroy = _destroy,
 			},
 			.get_pts = _get_pts,
--- a/src/libimcv/plugins/imc_hcd/imc_hcd.c
+++ b/src/libimcv/plugins/imc_hcd/imc_hcd.c
@ -141,15 +141,6 @@ TNC_Result TNC_IMC_API TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id,
 		case TNC_CONNECTION_STATE_CREATE:
 			state = imc_hcd_state_create(connection_id);
 			return imc_hcd->create_state(imc_hcd, state);
-		case TNC_CONNECTION_STATE_HANDSHAKE:
-			if (imc_hcd->change_state(imc_hcd, connection_id, new_state,
-				&state) != TNC_RESULT_SUCCESS)
-			{
-				return TNC_RESULT_FATAL;
-			}
-			state->set_result(state, imc_id,
-							  TNC_IMV_EVALUATION_RESULT_DONT_KNOW);
-			return TNC_RESULT_SUCCESS;
 		case TNC_CONNECTION_STATE_DELETE:
 			return imc_hcd->delete_state(imc_hcd, connection_id);
 		default:
@ -348,7 +339,7 @@ static void add_certification_state(imc_msg_t *msg)
 	if (hex_string)
 	{
 		blob = chunk_from_hex(chunk_from_str(hex_string), NULL);
-	
+
 		DBG2(DBG_IMC, "  %N: %B", pwg_attr_names, PWG_HCD_CERTIFICATION_STATE,
 					&blob);
 		attr = generic_attr_chunk_create(blob,
@ -373,7 +364,7 @@ static void add_configuration_state(imc_msg_t *msg)
 	if (hex_string)
 	{
 		blob = chunk_from_hex(chunk_from_str(hex_string), NULL);
-	
+
 		DBG2(DBG_IMC, "  %N: %B", pwg_attr_names, PWG_HCD_CONFIGURATION_STATE,
 					&blob);
 		attr = generic_attr_chunk_create(blob,
@ -412,7 +403,7 @@ static void add_quadruple(imc_msg_t *msg, char *section, quadruple_t *quad)
 					"%s.plugins.imc-hcd.subtypes.%s.%s.%s.string_version",
 					"",	lib->ns, section, quad->section, app);
 		hex_version = lib->settings->get_str(lib->settings,
-					"%s.plugins.imc-hcd.subtypes.%s.%s.%s.version", 
+					"%s.plugins.imc-hcd.subtypes.%s.%s.%s.version",
 					hex_version_default, lib->ns, section, quad->section, app);

 		/* convert hex string into binary chunk */
--- a/src/libimcv/plugins/imc_hcd/imc_hcd_state.c
+++ b/src/libimcv/plugins/imc_hcd/imc_hcd_state.c
@ -110,10 +110,14 @@ METHOD(imc_state_t, get_contracts, seg_contract_manager_t*,
 	return this->contracts;
 }

-METHOD(imc_state_t, change_state, void,
+METHOD(imc_state_t, change_state, TNC_ConnectionState,
 	private_imc_hcd_state_t *this, TNC_ConnectionState new_state)
 {
+	TNC_ConnectionState old_state;
+
+	old_state = this->state;
 	this->state = new_state;
+	return old_state;
 }

 METHOD(imc_state_t, set_result, void,
@ -134,6 +138,12 @@ METHOD(imc_state_t, get_result, bool,
 	return this->result != TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
 }

+METHOD(imc_state_t, reset, void,
+	private_imc_hcd_state_t *this)
+{
+	this->result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
+}
+
 METHOD(imc_state_t, destroy, void,
 	private_imc_hcd_state_t *this)
 {
@ -161,6 +171,7 @@ imc_state_t *imc_hcd_state_create(TNC_ConnectionID connection_id)
 				.change_state = _change_state,
 				.set_result = _set_result,
 				.get_result = _get_result,
+				.reset = _reset,
 				.destroy = _destroy,
 			},
 		},
--- a/src/libimcv/plugins/imc_os/imc_os.c
+++ b/src/libimcv/plugins/imc_os/imc_os.c
@ -103,15 +103,6 @@ TNC_Result TNC_IMC_API TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id,
 		case TNC_CONNECTION_STATE_CREATE:
 			state = imc_os_state_create(connection_id);
 			return imc_os->create_state(imc_os, state);
-		case TNC_CONNECTION_STATE_HANDSHAKE:
-			if (imc_os->change_state(imc_os, connection_id, new_state,
-				&state) != TNC_RESULT_SUCCESS)
-			{
-				return TNC_RESULT_FATAL;
-			}
-			state->set_result(state, imc_id,
-							  TNC_IMV_EVALUATION_RESULT_DONT_KNOW);
-			return TNC_RESULT_SUCCESS;
 		case TNC_CONNECTION_STATE_DELETE:
 			return imc_os->delete_state(imc_os, connection_id);
 		default:
--- a/src/libimcv/plugins/imc_os/imc_os_state.c
+++ b/src/libimcv/plugins/imc_os/imc_os_state.c
@ -110,10 +110,14 @@ METHOD(imc_state_t, get_contracts, seg_contract_manager_t*,
 	return this->contracts;
 }

-METHOD(imc_state_t, change_state, void,
+METHOD(imc_state_t, change_state, TNC_ConnectionState,
 	private_imc_os_state_t *this, TNC_ConnectionState new_state)
 {
+	TNC_ConnectionState old_state;
+
+	old_state = this->state;
 	this->state = new_state;
+	return old_state;
 }

 METHOD(imc_state_t, set_result, void,
@ -134,6 +138,12 @@ METHOD(imc_state_t, get_result, bool,
 	return this->result != TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
 }

+METHOD(imc_state_t, reset, void,
+	private_imc_os_state_t *this)
+{
+	this->result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
+}
+
 METHOD(imc_state_t, destroy, void,
 	private_imc_os_state_t *this)
 {
@ -161,6 +171,7 @@ imc_state_t *imc_os_state_create(TNC_ConnectionID connection_id)
 				.change_state = _change_state,
 				.set_result = _set_result,
 				.get_result = _get_result,
+				.reset = _reset,
 				.destroy = _destroy,
 			},
 		},
--- a/src/libimcv/plugins/imc_scanner/imc_scanner.c
+++ b/src/libimcv/plugins/imc_scanner/imc_scanner.c
@ -85,15 +85,6 @@ TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id,
 		case TNC_CONNECTION_STATE_CREATE:
 			state = imc_scanner_state_create(connection_id);
 			return imc_scanner->create_state(imc_scanner, state);
-		case TNC_CONNECTION_STATE_HANDSHAKE:
-			if (imc_scanner->change_state(imc_scanner, connection_id, new_state,
-				&state) != TNC_RESULT_SUCCESS)
-			{
-				return TNC_RESULT_FATAL;
-			}
-			state->set_result(state, imc_id,
-							  TNC_IMV_EVALUATION_RESULT_DONT_KNOW);
-			return TNC_RESULT_SUCCESS;
 		case TNC_CONNECTION_STATE_DELETE:
 			return imc_scanner->delete_state(imc_scanner, connection_id);
 		default:
--- a/src/libimcv/plugins/imc_scanner/imc_scanner_state.c
+++ b/src/libimcv/plugins/imc_scanner/imc_scanner_state.c
@ -110,10 +110,14 @@ METHOD(imc_state_t, get_contracts, seg_contract_manager_t*,
 	return this->contracts;
 }

-METHOD(imc_state_t, change_state, void,
+METHOD(imc_state_t, change_state, TNC_ConnectionState,
 	private_imc_scanner_state_t *this, TNC_ConnectionState new_state)
 {
+	TNC_ConnectionState old_state;
+
+	old_state = this->state;
 	this->state = new_state;
+	return old_state;
 }

 METHOD(imc_state_t, set_result, void,
@ -134,6 +138,12 @@ METHOD(imc_state_t, get_result, bool,
 	return this->result != TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
 }

+METHOD(imc_state_t, reset, void,
+	private_imc_scanner_state_t *this)
+{
+	this->result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
+}
+
 METHOD(imc_state_t, destroy, void,
 	private_imc_scanner_state_t *this)
 {
@ -161,6 +171,7 @@ imc_state_t *imc_scanner_state_create(TNC_ConnectionID connection_id)
 				.change_state = _change_state,
 				.set_result = _set_result,
 				.get_result = _get_result,
+				.reset = _reset,
 				.destroy = _destroy,
 			},
 		},
--- a/src/libimcv/plugins/imc_swima/imc_swima.c
+++ b/src/libimcv/plugins/imc_swima/imc_swima.c
@ -171,15 +171,6 @@ TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id,
 		case TNC_CONNECTION_STATE_CREATE:
 			state = imc_swima_state_create(connection_id);
 			return imc_swima->create_state(imc_swima, state);
-		case TNC_CONNECTION_STATE_HANDSHAKE:
-			if (imc_swima->change_state(imc_swima, connection_id, new_state,
-				&state) != TNC_RESULT_SUCCESS)
-			{
-				return TNC_RESULT_FATAL;
-			}
-			state->set_result(state, imc_id,
-							  TNC_IMV_EVALUATION_RESULT_DONT_KNOW);
-			return TNC_RESULT_SUCCESS;
 		case TNC_CONNECTION_STATE_ACCESS_ALLOWED:
 		case TNC_CONNECTION_STATE_ACCESS_ISOLATED:
 		case TNC_CONNECTION_STATE_ACCESS_NONE:
--- a/src/libimcv/plugins/imc_swima/imc_swima_state.c
+++ b/src/libimcv/plugins/imc_swima/imc_swima_state.c
@ -135,10 +135,14 @@ METHOD(imc_state_t, get_contracts, seg_contract_manager_t*,
 	return this->contracts;
 }

-METHOD(imc_state_t, change_state, void,
+METHOD(imc_state_t, change_state, TNC_ConnectionState,
 	private_imc_swima_state_t *this, TNC_ConnectionState new_state)
 {
+	TNC_ConnectionState old_state;
+
+	old_state = this->state;
 	this->state = new_state;
+	return old_state;
 }

 METHOD(imc_state_t, set_result, void,
@ -159,6 +163,12 @@ METHOD(imc_state_t, get_result, bool,
 	return this->result != TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
 }

+METHOD(imc_state_t, reset, void,
+	private_imc_swima_state_t *this)
+{
+	this->result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
+}
+
 METHOD(imc_state_t, destroy, void,
 	private_imc_swima_state_t *this)
 {
@ -226,6 +236,7 @@ imc_state_t *imc_swima_state_create(TNC_ConnectionID connection_id)
 				.change_state = _change_state,
 				.set_result = _set_result,
 				.get_result = _get_result,
+				.reset = _reset,
 				.destroy = _destroy,
 			},
 			.set_subscription = _set_subscription,
--- a/src/libimcv/plugins/imc_test/imc_test_state.c
+++ b/src/libimcv/plugins/imc_test/imc_test_state.c
@ -141,10 +141,14 @@ METHOD(imc_state_t, get_contracts, seg_contract_manager_t*,
 	return this->contracts;
 }

-METHOD(imc_state_t, change_state, void,
+METHOD(imc_state_t, change_state, TNC_ConnectionState,
 	private_imc_test_state_t *this, TNC_ConnectionState new_state)
 {
+	TNC_ConnectionState old_state;
+
+	old_state = this->state;
 	this->state = new_state;
+	return old_state;
 }

 METHOD(imc_state_t, set_result, void,
@ -202,6 +206,12 @@ METHOD(imc_state_t, get_result, bool,
 	return eval != TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
 }

+METHOD(imc_state_t, reset, void,
+	private_imc_test_state_t *this)
+{
+	/* nothing to reset */
+}
+
 METHOD(imc_state_t, destroy, void,
 	private_imc_test_state_t *this)
 {
@ -277,6 +287,7 @@ imc_state_t *imc_test_state_create(TNC_ConnectionID connection_id,
 				.change_state = _change_state,
 				.set_result = _set_result,
 				.get_result = _get_result,
+				.reset = _reset,
 				.destroy = _destroy,
 			},
 			.get_command = _get_command,