ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

ipsec attest now deletes file hashes

This commit is contained in:
Andreas Steffen 2012-07-22 09:29:39 +02:00
parent 2c9a833b7a
commit 838f683cde
2 changed files with 25 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/libpts/plugins/imv_attestation/attest_db.c
View File

@ -1248,6 +1248,25 @@ METHOD(attest_db_t, delete, bool,
{
bool success;
/* delete a file measurement hash for a given product */
if (this->algo && this->pid && this->fid)
{
success = this->db->execute(this->db, NULL,
"DELETE FROM file_hashes "
"WHERE algo = ? AND product = ? "
"AND file = ? AND directory = ?",
DB_UINT, this->algo, DB_UINT, this->pid,
DB_UINT, this->fid, DB_UINT, this->cid) > 0;
printf("%4d: %s%s%s\n", this->fid, this->dir, this->did ? "/":"",
this->file);
printf("%N value for product '%s' %sdeleted from database\n",
pts_meas_algorithm_names, this->algo, this->product,
success ? "" : "could not be ");
return success;
}
if (this->pid && (this->fid || this->did))
{
printf("deletion of product/file entries not supported yet\n");
@ -1370,7 +1389,6 @@ attest_db_t *attest_db_create(char *uri)
.destroy = _destroy,
},
.dir = strdup(""),
.algo = PTS_MEAS_ALGO_SHA256,
.db = lib->db->create(lib->db, uri),
);

7
src/libpts/plugins/imv_attestation/build-database.sh Normal file → Executable file
View File

@ -233,4 +233,9 @@ ipsec attest --add --product "$p" --sha1-ima --relative --dir /usr/lib/xorg/mod
ipsec attest --add --product "$p" --sha1-ima --relative --dir /usr/lib/xorg/modules/extensions
ipsec attest --add --product "$p" --sha1-ima --relative --dir /usr/lib/xorg/modules/input
ipsec attest --add --product "$p" --sha1-ima --relative --dir /usr/share/fonts/truetype/ubuntu-font-family
ipsec attest --del --product "$p" --sha1 --file /lib/resolvconf/list-records
ipsec attest --del --product "$p" --sha1-ima --file /lib/resolvconf/list-records
ipsec attest --del --product "$p" --sha1 --file /usr/bin/lsb_release
ipsec attest --del --product "$p" --sha1-ima --file /usr/bin/lsb_release
ipsec attest --del --product "$p" --sha1 --file /usr/share/language-tools/language-options
ipsec attest --del --product "$p" --sha1-ima --file /usr/share/language-tools/language-options