Use python-based swidGenerator to generated SWID tags
This commit is contained in:
parent
8505ce1cc6
commit
8c40609f96
|
@ -1,2 +1,11 @@
|
||||||
charon.plugins.imc-swid.swid_directory = ${prefix}/share
|
charon.plugins.imc-swid.swid_directory = ${prefix}/share
|
||||||
Directory where SWID tags are located.
|
Directory where SWID tags are located.
|
||||||
|
|
||||||
|
charon.plugins.imc-swid.swid_generator = /usr/local/bin/swid_generator
|
||||||
|
SWID generator command to be executed.
|
||||||
|
|
||||||
|
charon.plugins.imc-swid.pretty = FALSE
|
||||||
|
Generate XML-encoded SWID tags with pretty indentation.
|
||||||
|
|
||||||
|
charon.plugins.imc-swid.full = FALSE
|
||||||
|
Include file information in the XML-encoded SWID tags.
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (C) 2012 Andreas Steffen
|
* Copyright (C) 2012-2014 Andreas Steffen
|
||||||
* HSR Hochschule fuer Technik Rapperswil
|
* HSR Hochschule fuer Technik Rapperswil
|
||||||
*
|
*
|
||||||
* This program is free software; you can redistribute it and/or modify it
|
* This program is free software; you can redistribute it and/or modify it
|
||||||
|
@ -41,8 +41,6 @@ typedef struct package_entry_t package_entry_t;
|
||||||
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#define INSTALLED_PACKAGES_MIN_SIZE 4
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Private data of an ietf_attr_installed_packages_t object.
|
* Private data of an ietf_attr_installed_packages_t object.
|
||||||
*/
|
*/
|
||||||
|
@ -132,7 +130,7 @@ METHOD(pa_tnc_attr_t, build, void,
|
||||||
{
|
{
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
writer = bio_writer_create(INSTALLED_PACKAGES_MIN_SIZE);
|
writer = bio_writer_create(IETF_INSTALLED_PACKAGES_MIN_SIZE);
|
||||||
writer->write_uint16(writer, 0x0000);
|
writer->write_uint16(writer, 0x0000);
|
||||||
writer->write_uint16(writer, this->packages->get_count(this->packages));
|
writer->write_uint16(writer, this->packages->get_count(this->packages));
|
||||||
|
|
||||||
|
@ -160,7 +158,7 @@ METHOD(pa_tnc_attr_t, process, status_t,
|
||||||
|
|
||||||
*offset = 0;
|
*offset = 0;
|
||||||
|
|
||||||
if (this->value.len < INSTALLED_PACKAGES_MIN_SIZE)
|
if (this->value.len < IETF_INSTALLED_PACKAGES_MIN_SIZE)
|
||||||
{
|
{
|
||||||
DBG1(DBG_TNC, "insufficient data for IETF installed packages");
|
DBG1(DBG_TNC, "insufficient data for IETF installed packages");
|
||||||
return FAILED;
|
return FAILED;
|
||||||
|
@ -168,7 +166,7 @@ METHOD(pa_tnc_attr_t, process, status_t,
|
||||||
reader = bio_reader_create(this->value);
|
reader = bio_reader_create(this->value);
|
||||||
reader->read_uint16(reader, &reserved);
|
reader->read_uint16(reader, &reserved);
|
||||||
reader->read_uint16(reader, &count);
|
reader->read_uint16(reader, &count);
|
||||||
*offset = INSTALLED_PACKAGES_MIN_SIZE;
|
*offset = IETF_INSTALLED_PACKAGES_MIN_SIZE;
|
||||||
|
|
||||||
while (reader->remaining(reader))
|
while (reader->remaining(reader))
|
||||||
{
|
{
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (C) 2012 Andreas Steffen
|
* Copyright (C) 2012-2014 Andreas Steffen
|
||||||
* HSR Hochschule fuer Technik Rapperswil
|
* HSR Hochschule fuer Technik Rapperswil
|
||||||
*
|
*
|
||||||
* This program is free software; you can redistribute it and/or modify it
|
* This program is free software; you can redistribute it and/or modify it
|
||||||
|
@ -26,6 +26,7 @@ typedef struct ietf_attr_installed_packages_t ietf_attr_installed_packages_t;
|
||||||
#include "ietf_attr.h"
|
#include "ietf_attr.h"
|
||||||
#include "pa_tnc/pa_tnc_attr.h"
|
#include "pa_tnc/pa_tnc_attr.h"
|
||||||
|
|
||||||
|
#define IETF_INSTALLED_PACKAGES_MIN_SIZE 4
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Class implementing the IETF PA-TNC Installed Packages attribute.
|
* Class implementing the IETF PA-TNC Installed Packages attribute.
|
||||||
|
|
|
@ -216,6 +216,30 @@ INSERT INTO products ( /* 36 */
|
||||||
'Ubuntu 14.04 x86_64'
|
'Ubuntu 14.04 x86_64'
|
||||||
);
|
);
|
||||||
|
|
||||||
|
INSERT INTO products ( /* 37 */
|
||||||
|
name
|
||||||
|
) VALUES (
|
||||||
|
'Debian 7.3 i686'
|
||||||
|
);
|
||||||
|
|
||||||
|
INSERT INTO products ( /* 38 */
|
||||||
|
name
|
||||||
|
) VALUES (
|
||||||
|
'Debian 7.3 x86_64'
|
||||||
|
);
|
||||||
|
|
||||||
|
INSERT INTO products ( /* 39 */
|
||||||
|
name
|
||||||
|
) VALUES (
|
||||||
|
'Debian 7.4 i686'
|
||||||
|
);
|
||||||
|
|
||||||
|
INSERT INTO products ( /* 40 */
|
||||||
|
name
|
||||||
|
) VALUES (
|
||||||
|
'Debian 7.4 x86_64'
|
||||||
|
);
|
||||||
|
|
||||||
/* Directories */
|
/* Directories */
|
||||||
|
|
||||||
INSERT INTO directories ( /* 1 */
|
INSERT INTO directories ( /* 1 */
|
||||||
|
@ -666,6 +690,18 @@ INSERT INTO groups_product_defaults (
|
||||||
4, 27
|
4, 27
|
||||||
);
|
);
|
||||||
|
|
||||||
|
INSERT INTO groups_product_defaults (
|
||||||
|
group_id, product_id
|
||||||
|
) VALUES (
|
||||||
|
4, 37
|
||||||
|
);
|
||||||
|
|
||||||
|
INSERT INTO groups_product_defaults (
|
||||||
|
group_id, product_id
|
||||||
|
) VALUES (
|
||||||
|
4, 39
|
||||||
|
);
|
||||||
|
|
||||||
INSERT INTO groups_product_defaults (
|
INSERT INTO groups_product_defaults (
|
||||||
group_id, product_id
|
group_id, product_id
|
||||||
) VALUES (
|
) VALUES (
|
||||||
|
@ -696,6 +732,18 @@ INSERT INTO groups_product_defaults (
|
||||||
5, 28
|
5, 28
|
||||||
);
|
);
|
||||||
|
|
||||||
|
INSERT INTO groups_product_defaults (
|
||||||
|
group_id, product_id
|
||||||
|
) VALUES (
|
||||||
|
5, 38
|
||||||
|
);
|
||||||
|
|
||||||
|
INSERT INTO groups_product_defaults (
|
||||||
|
group_id, product_id
|
||||||
|
) VALUES (
|
||||||
|
5, 40
|
||||||
|
);
|
||||||
|
|
||||||
INSERT INTO groups_product_defaults (
|
INSERT INTO groups_product_defaults (
|
||||||
group_id, product_id
|
group_id, product_id
|
||||||
) VALUES (
|
) VALUES (
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (C) 2011-2012 Andreas Steffen
|
* Copyright (C) 2011-2014 Andreas Steffen
|
||||||
* HSR Hochschule fuer Technik Rapperswil
|
* HSR Hochschule fuer Technik Rapperswil
|
||||||
*
|
*
|
||||||
* This program is free software; you can redistribute it and/or modify it
|
* This program is free software; you can redistribute it and/or modify it
|
||||||
|
@ -26,6 +26,8 @@ typedef struct pa_tnc_attr_t pa_tnc_attr_t;
|
||||||
#include <library.h>
|
#include <library.h>
|
||||||
#include <pen/pen.h>
|
#include <pen/pen.h>
|
||||||
|
|
||||||
|
#define PA_TNC_ATTR_HEADER_SIZE 12
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Interface for an RFC 5792 PA-TNC Posture Attribute.
|
* Interface for an RFC 5792 PA-TNC Posture Attribute.
|
||||||
*
|
*
|
||||||
|
@ -71,7 +73,7 @@ struct pa_tnc_attr_t {
|
||||||
* @param relative error offset within attribute body
|
* @param relative error offset within attribute body
|
||||||
* @return result status
|
* @return result status
|
||||||
*/
|
*/
|
||||||
status_t (*process)(pa_tnc_attr_t *this, u_int32_t *offset);
|
status_t (*process)(pa_tnc_attr_t *this, uint32_t *offset);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get a new reference to the PA-TNC attribute
|
* Get a new reference to the PA-TNC attribute
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (C) 2011-2012 Andreas Steffen
|
* Copyright (C) 2011-2014 Andreas Steffen
|
||||||
* HSR Hochschule fuer Technik Rapperswil
|
* HSR Hochschule fuer Technik Rapperswil
|
||||||
*
|
*
|
||||||
* This program is free software; you can redistribute it and/or modify it
|
* This program is free software; you can redistribute it and/or modify it
|
||||||
|
@ -23,7 +23,6 @@
|
||||||
#include <pen/pen.h>
|
#include <pen/pen.h>
|
||||||
#include <utils/debug.h>
|
#include <utils/debug.h>
|
||||||
|
|
||||||
|
|
||||||
typedef struct private_pa_tnc_msg_t private_pa_tnc_msg_t;
|
typedef struct private_pa_tnc_msg_t private_pa_tnc_msg_t;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -38,7 +37,6 @@ typedef struct private_pa_tnc_msg_t private_pa_tnc_msg_t;
|
||||||
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#define PA_TNC_HEADER_SIZE 8
|
|
||||||
#define PA_TNC_RESERVED 0x000000
|
#define PA_TNC_RESERVED 0x000000
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -59,7 +57,6 @@ typedef struct private_pa_tnc_msg_t private_pa_tnc_msg_t;
|
||||||
|
|
||||||
#define PA_TNC_ATTR_FLAG_NONE 0x00
|
#define PA_TNC_ATTR_FLAG_NONE 0x00
|
||||||
#define PA_TNC_ATTR_FLAG_NOSKIP (1<<7)
|
#define PA_TNC_ATTR_FLAG_NOSKIP (1<<7)
|
||||||
#define PA_TNC_ATTR_HEADER_SIZE 12
|
|
||||||
#define PA_TNC_ATTR_INFO_SIZE 8
|
#define PA_TNC_ATTR_INFO_SIZE 8
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -86,7 +83,7 @@ struct private_pa_tnc_msg_t {
|
||||||
/**
|
/**
|
||||||
* Message identifier
|
* Message identifier
|
||||||
*/
|
*/
|
||||||
u_int32_t identifier;
|
uint32_t identifier;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Current PA-TNC Message size
|
* Current PA-TNC Message size
|
||||||
|
@ -139,13 +136,13 @@ METHOD(pa_tnc_msg_t, build, bool,
|
||||||
pa_tnc_attr_t *attr;
|
pa_tnc_attr_t *attr;
|
||||||
enum_name_t *pa_attr_names;
|
enum_name_t *pa_attr_names;
|
||||||
pen_type_t type;
|
pen_type_t type;
|
||||||
u_int8_t flags;
|
uint8_t flags;
|
||||||
chunk_t value;
|
chunk_t value;
|
||||||
nonce_gen_t *ng;
|
nonce_gen_t *ng;
|
||||||
|
|
||||||
/* generate a nonce as a message identifier */
|
/* generate a nonce as a message identifier */
|
||||||
ng = lib->crypto->create_nonce_gen(lib->crypto);
|
ng = lib->crypto->create_nonce_gen(lib->crypto);
|
||||||
if (!ng || !ng->get_nonce(ng, 4, (u_int8_t*)&this->identifier))
|
if (!ng || !ng->get_nonce(ng, 4, (uint8_t*)&this->identifier))
|
||||||
{
|
{
|
||||||
DBG1(DBG_TNC, "failed to generate random PA-TNC message identifier");
|
DBG1(DBG_TNC, "failed to generate random PA-TNC message identifier");
|
||||||
DESTROY_IF(ng);
|
DESTROY_IF(ng);
|
||||||
|
@ -205,8 +202,8 @@ METHOD(pa_tnc_msg_t, process, status_t,
|
||||||
{
|
{
|
||||||
bio_reader_t *reader;
|
bio_reader_t *reader;
|
||||||
pa_tnc_attr_t *error;
|
pa_tnc_attr_t *error;
|
||||||
u_int8_t version;
|
uint8_t version;
|
||||||
u_int32_t reserved, offset, attr_offset;
|
uint32_t reserved, offset, attr_offset;
|
||||||
pen_type_t error_code = { PEN_IETF, PA_ERROR_INVALID_PARAMETER };
|
pen_type_t error_code = { PEN_IETF, PA_ERROR_INVALID_PARAMETER };
|
||||||
|
|
||||||
/* process message header */
|
/* process message header */
|
||||||
|
@ -237,8 +234,8 @@ METHOD(pa_tnc_msg_t, process, status_t,
|
||||||
while (reader->remaining(reader) >= PA_TNC_ATTR_HEADER_SIZE)
|
while (reader->remaining(reader) >= PA_TNC_ATTR_HEADER_SIZE)
|
||||||
{
|
{
|
||||||
pen_t vendor_id;
|
pen_t vendor_id;
|
||||||
u_int8_t flags;
|
uint8_t flags;
|
||||||
u_int32_t type, length;
|
uint32_t type, length;
|
||||||
chunk_t value, attr_info;
|
chunk_t value, attr_info;
|
||||||
pa_tnc_attr_t *attr;
|
pa_tnc_attr_t *attr;
|
||||||
enum_name_t *pa_attr_names;
|
enum_name_t *pa_attr_names;
|
||||||
|
@ -372,7 +369,7 @@ METHOD(pa_tnc_msg_t, process_ietf_std_errors, bool,
|
||||||
ietf_attr_pa_tnc_error_t *error_attr;
|
ietf_attr_pa_tnc_error_t *error_attr;
|
||||||
pen_type_t error_code;
|
pen_type_t error_code;
|
||||||
chunk_t msg_info, attr_info;
|
chunk_t msg_info, attr_info;
|
||||||
u_int32_t offset;
|
uint32_t offset;
|
||||||
|
|
||||||
error_attr = (ietf_attr_pa_tnc_error_t*)attr;
|
error_attr = (ietf_attr_pa_tnc_error_t*)attr;
|
||||||
error_code = error_attr->get_error_code(error_attr);
|
error_code = error_attr->get_error_code(error_attr);
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (C) 2011-2012 Andreas Steffen
|
* Copyright (C) 2011-2014 Andreas Steffen
|
||||||
* HSR Hochschule fuer Technik Rapperswil
|
* HSR Hochschule fuer Technik Rapperswil
|
||||||
*
|
*
|
||||||
* This program is free software; you can redistribute it and/or modify it
|
* This program is free software; you can redistribute it and/or modify it
|
||||||
|
@ -24,6 +24,7 @@
|
||||||
typedef struct pa_tnc_msg_t pa_tnc_msg_t;
|
typedef struct pa_tnc_msg_t pa_tnc_msg_t;
|
||||||
|
|
||||||
#define PA_TNC_VERSION 0x01
|
#define PA_TNC_VERSION 0x01
|
||||||
|
#define PA_TNC_HEADER_SIZE 8
|
||||||
|
|
||||||
#include "pa_tnc_attr.h"
|
#include "pa_tnc_attr.h"
|
||||||
|
|
||||||
|
|
|
@ -353,11 +353,12 @@ static void add_installed_packages(imc_state_t *state, imc_msg_t *msg)
|
||||||
* Compute the maximum IETF Installed Packages attribute size
|
* Compute the maximum IETF Installed Packages attribute size
|
||||||
* leaving space for an additional ITA Angel attribute
|
* leaving space for an additional ITA Angel attribute
|
||||||
*/
|
*/
|
||||||
max_attr_size = state->get_max_msg_len(state) - 8 - 12;
|
max_attr_size = state->get_max_msg_len(state) -
|
||||||
|
PA_TNC_HEADER_SIZE - PA_TNC_ATTR_HEADER_SIZE;
|
||||||
|
|
||||||
/* At least one IETF Installed Packages attribute is sent */
|
/* At least one IETF Installed Packages attribute is sent */
|
||||||
attr = ietf_attr_installed_packages_create();
|
attr = ietf_attr_installed_packages_create();
|
||||||
attr_size = 12 + 4;
|
attr_size = PA_TNC_ATTR_HEADER_SIZE + IETF_INSTALLED_PACKAGES_MIN_SIZE;
|
||||||
|
|
||||||
enumerator = os->create_package_enumerator(os);
|
enumerator = os->create_package_enumerator(os);
|
||||||
if (enumerator)
|
if (enumerator)
|
||||||
|
@ -384,7 +385,8 @@ static void add_installed_packages(imc_state_t *state, imc_msg_t *msg)
|
||||||
|
|
||||||
/* create the next IETF Installed Packages attribute */
|
/* create the next IETF Installed Packages attribute */
|
||||||
attr = ietf_attr_installed_packages_create();
|
attr = ietf_attr_installed_packages_create();
|
||||||
attr_size = 12 + 4;
|
attr_size = PA_TNC_ATTR_HEADER_SIZE +
|
||||||
|
IETF_INSTALLED_PACKAGES_MIN_SIZE;
|
||||||
}
|
}
|
||||||
attr_cast = (ietf_attr_installed_packages_t*)attr;
|
attr_cast = (ietf_attr_installed_packages_t*)attr;
|
||||||
attr_cast->add(attr_cast, name, version);
|
attr_cast->add(attr_cast, name, version);
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (C) 2013 Andreas Steffen
|
* Copyright (C) 2013-2014 Andreas Steffen
|
||||||
* HSR Hochschule fuer Technik Rapperswil
|
* HSR Hochschule fuer Technik Rapperswil
|
||||||
*
|
*
|
||||||
* This program is free software; you can redistribute it and/or modify it
|
* This program is free software; you can redistribute it and/or modify it
|
||||||
|
@ -24,12 +24,15 @@
|
||||||
|
|
||||||
#include <imc/imc_agent.h>
|
#include <imc/imc_agent.h>
|
||||||
#include <imc/imc_msg.h>
|
#include <imc/imc_msg.h>
|
||||||
|
#include <ita/ita_attr.h>
|
||||||
|
#include <ita/ita_attr_angel.h>
|
||||||
|
|
||||||
#include <tncif_pa_subtypes.h>
|
#include <tncif_pa_subtypes.h>
|
||||||
|
|
||||||
#include <pen/pen.h>
|
#include <pen/pen.h>
|
||||||
#include <utils/debug.h>
|
#include <utils/debug.h>
|
||||||
|
|
||||||
|
#define SWID_GENERATOR "/usr/local/bin/swid_generator"
|
||||||
|
|
||||||
/* IMC definitions */
|
/* IMC definitions */
|
||||||
|
|
||||||
|
@ -128,12 +131,156 @@ TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id,
|
||||||
return TNC_RESULT_SUCCESS;
|
return TNC_RESULT_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Add one or multiple SWID Inventory attributes to the send queue
|
||||||
|
*/
|
||||||
|
static bool add_swid_inventory(imc_state_t *state, imc_msg_t *msg,
|
||||||
|
uint32_t request_id, bool full_tags,
|
||||||
|
swid_inventory_t *targets)
|
||||||
|
{
|
||||||
|
pa_tnc_attr_t *attr, *attr_angel;
|
||||||
|
imc_swid_state_t *swid_state;
|
||||||
|
swid_inventory_t *swid_inventory;
|
||||||
|
char *swid_directory, *swid_generator;
|
||||||
|
uint32_t eid_epoch;
|
||||||
|
size_t max_attr_size, attr_size, entry_size;
|
||||||
|
bool first = TRUE, swid_pretty, swid_full;
|
||||||
|
enumerator_t *enumerator;
|
||||||
|
|
||||||
|
swid_directory = lib->settings->get_str(lib->settings,
|
||||||
|
"%s.plugins.imc-swid.swid_directory",
|
||||||
|
SWID_DIRECTORY, lib->ns);
|
||||||
|
swid_generator = lib->settings->get_str(lib->settings,
|
||||||
|
"%s.plugins.imc-swid.swid_generator",
|
||||||
|
SWID_GENERATOR, lib->ns);
|
||||||
|
swid_pretty = lib->settings->get_bool(lib->settings,
|
||||||
|
"%s.plugins.imc-swid.swid_pretty",
|
||||||
|
FALSE, lib->ns);
|
||||||
|
swid_full = lib->settings->get_bool(lib->settings,
|
||||||
|
"%s.plugins.imc-swid.swid_full",
|
||||||
|
FALSE, lib->ns);
|
||||||
|
|
||||||
|
swid_inventory = swid_inventory_create(full_tags);
|
||||||
|
if (!swid_inventory->collect(swid_inventory, swid_directory, swid_generator,
|
||||||
|
targets, swid_pretty, swid_full))
|
||||||
|
{
|
||||||
|
swid_inventory->destroy(swid_inventory);
|
||||||
|
attr = swid_error_create(TCG_SWID_ERROR, request_id,
|
||||||
|
0, "error in SWID tag collection");
|
||||||
|
msg->add_attribute(msg, attr);
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
DBG1(DBG_IMC, "collected %d SWID tag%s%s",
|
||||||
|
swid_inventory->get_count(swid_inventory), full_tags ? "" : " ID",
|
||||||
|
swid_inventory->get_count(swid_inventory) == 1 ? "" : "s");
|
||||||
|
|
||||||
|
swid_state = (imc_swid_state_t*)state;
|
||||||
|
eid_epoch = swid_state->get_eid_epoch(swid_state);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Compute the maximum TCG Tag [ID] Inventory attribute size
|
||||||
|
* leaving space for an additional ITA Angel attribute
|
||||||
|
*/
|
||||||
|
max_attr_size = state->get_max_msg_len(state) -
|
||||||
|
PA_TNC_HEADER_SIZE - PA_TNC_ATTR_HEADER_SIZE;
|
||||||
|
|
||||||
|
if (full_tags)
|
||||||
|
{
|
||||||
|
tcg_swid_attr_tag_inv_t *swid_attr;
|
||||||
|
swid_tag_t *tag;
|
||||||
|
chunk_t encoding, tag_file_path;
|
||||||
|
|
||||||
|
/* At least one TCG Tag Inventory attribute is sent */
|
||||||
|
attr_size = PA_TNC_ATTR_HEADER_SIZE + TCG_SWID_TAG_INV_MIN_SIZE;
|
||||||
|
attr = tcg_swid_attr_tag_inv_create(request_id, eid_epoch, 1);
|
||||||
|
|
||||||
|
enumerator = swid_inventory->create_enumerator(swid_inventory);
|
||||||
|
while (enumerator->enumerate(enumerator, &tag))
|
||||||
|
{
|
||||||
|
tag_file_path = tag->get_tag_file_path(tag);
|
||||||
|
encoding = tag->get_encoding(tag);
|
||||||
|
entry_size = 2 + tag_file_path.len + 4 + encoding.len;
|
||||||
|
|
||||||
|
if (attr_size + entry_size > max_attr_size)
|
||||||
|
{
|
||||||
|
if (first)
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* Send an ITA Start Angel attribute to the IMV signalling
|
||||||
|
* that multiple TGC SWID Tag Inventory attributes follow
|
||||||
|
*/
|
||||||
|
attr_angel = ita_attr_angel_create(TRUE);
|
||||||
|
msg->add_attribute(msg, attr_angel);
|
||||||
|
first = FALSE;
|
||||||
|
}
|
||||||
|
msg->add_attribute(msg, attr);
|
||||||
|
|
||||||
|
/* create the next TCG SWID Tag Inventory attribute */
|
||||||
|
attr_size = PA_TNC_ATTR_HEADER_SIZE +
|
||||||
|
TCG_SWID_TAG_INV_MIN_SIZE;
|
||||||
|
attr = tcg_swid_attr_tag_inv_create(request_id, eid_epoch, 1);
|
||||||
|
}
|
||||||
|
swid_attr = (tcg_swid_attr_tag_inv_t*)attr;
|
||||||
|
swid_attr->add(swid_attr, tag->get_ref(tag));
|
||||||
|
attr_size += entry_size;
|
||||||
|
}
|
||||||
|
enumerator->destroy(enumerator);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
tcg_swid_attr_tag_id_inv_t *swid_id_attr;
|
||||||
|
swid_tag_id_t *tag_id;
|
||||||
|
chunk_t tag_creator, unique_sw_id, tag_file_path;
|
||||||
|
|
||||||
|
/* At least one TCG Tag ID Inventory attribute is sent */
|
||||||
|
attr_size = PA_TNC_ATTR_HEADER_SIZE + TCG_SWID_TAG_ID_INV_MIN_SIZE;
|
||||||
|
attr = tcg_swid_attr_tag_id_inv_create(request_id, eid_epoch, 1);
|
||||||
|
swid_id_attr = (tcg_swid_attr_tag_id_inv_t*)attr;
|
||||||
|
|
||||||
|
enumerator = swid_inventory->create_enumerator(swid_inventory);
|
||||||
|
while (enumerator->enumerate(enumerator, &tag_id))
|
||||||
|
{
|
||||||
|
tag_creator = tag_id->get_tag_creator(tag_id);
|
||||||
|
unique_sw_id = tag_id->get_unique_sw_id(tag_id, &tag_file_path);
|
||||||
|
entry_size = 2 + tag_creator.len + 2 + unique_sw_id.len +
|
||||||
|
2 + tag_file_path.len;
|
||||||
|
|
||||||
|
if (attr_size + entry_size > max_attr_size)
|
||||||
|
{
|
||||||
|
if (first)
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* Send an ITA Start Angel attribute to the IMV signalling
|
||||||
|
* that multiple TGC SWID Tag ID Inventory attributes follow
|
||||||
|
*/
|
||||||
|
attr_angel = ita_attr_angel_create(TRUE);
|
||||||
|
msg->add_attribute(msg, attr_angel);
|
||||||
|
first = FALSE;
|
||||||
|
}
|
||||||
|
msg->add_attribute(msg, attr);
|
||||||
|
|
||||||
|
/* create the next TCG SWID Tag ID Inventory attribute */
|
||||||
|
attr_size = PA_TNC_ATTR_HEADER_SIZE +
|
||||||
|
TCG_SWID_TAG_ID_INV_MIN_SIZE;
|
||||||
|
attr = tcg_swid_attr_tag_id_inv_create(request_id, eid_epoch, 1);
|
||||||
|
}
|
||||||
|
swid_id_attr = (tcg_swid_attr_tag_id_inv_t*)attr;
|
||||||
|
swid_id_attr->add(swid_id_attr, tag_id->get_ref(tag_id));
|
||||||
|
attr_size += entry_size;
|
||||||
|
}
|
||||||
|
enumerator->destroy(enumerator);
|
||||||
|
}
|
||||||
|
msg->add_attribute(msg, attr);
|
||||||
|
swid_inventory->destroy(swid_inventory);
|
||||||
|
|
||||||
|
return TRUE;
|
||||||
|
}
|
||||||
|
|
||||||
static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
|
static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
|
||||||
{
|
{
|
||||||
imc_msg_t *out_msg;
|
imc_msg_t *out_msg;
|
||||||
imc_swid_state_t *swid_state;
|
|
||||||
enumerator_t *enumerator;
|
|
||||||
pa_tnc_attr_t *attr;
|
pa_tnc_attr_t *attr;
|
||||||
|
enumerator_t *enumerator;
|
||||||
pen_type_t type;
|
pen_type_t type;
|
||||||
TNC_Result result;
|
TNC_Result result;
|
||||||
bool fatal_error = FALSE;
|
bool fatal_error = FALSE;
|
||||||
|
@ -145,18 +292,16 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
out_msg = imc_msg_create_as_reply(in_msg);
|
out_msg = imc_msg_create_as_reply(in_msg);
|
||||||
swid_state = (imc_swid_state_t*)state;
|
|
||||||
|
|
||||||
/* analyze PA-TNC attributes */
|
/* analyze PA-TNC attributes */
|
||||||
enumerator = in_msg->create_attribute_enumerator(in_msg);
|
enumerator = in_msg->create_attribute_enumerator(in_msg);
|
||||||
while (enumerator->enumerate(enumerator, &attr))
|
while (enumerator->enumerate(enumerator, &attr))
|
||||||
{
|
{
|
||||||
tcg_swid_attr_req_t *attr_req;
|
tcg_swid_attr_req_t *attr_req;
|
||||||
u_int8_t flags;
|
uint8_t flags;
|
||||||
u_int32_t request_id, eid_epoch;
|
uint32_t request_id;
|
||||||
swid_inventory_t *swid_inventory, *targets;
|
|
||||||
char *swid_directory;
|
|
||||||
bool full_tags;
|
bool full_tags;
|
||||||
|
swid_inventory_t *targets;
|
||||||
|
|
||||||
type = attr->get_type(attr);
|
type = attr->get_type(attr);
|
||||||
|
|
||||||
|
@ -169,7 +314,6 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
|
||||||
flags = attr_req->get_flags(attr_req);
|
flags = attr_req->get_flags(attr_req);
|
||||||
request_id = attr_req->get_request_id(attr_req);
|
request_id = attr_req->get_request_id(attr_req);
|
||||||
targets = attr_req->get_targets(attr_req);
|
targets = attr_req->get_targets(attr_req);
|
||||||
eid_epoch = swid_state->get_eid_epoch(swid_state);
|
|
||||||
|
|
||||||
if (flags & (TCG_SWID_ATTR_REQ_FLAG_S | TCG_SWID_ATTR_REQ_FLAG_C))
|
if (flags & (TCG_SWID_ATTR_REQ_FLAG_S | TCG_SWID_ATTR_REQ_FLAG_C))
|
||||||
{
|
{
|
||||||
|
@ -180,33 +324,10 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
|
||||||
}
|
}
|
||||||
full_tags = (flags & TCG_SWID_ATTR_REQ_FLAG_R) == 0;
|
full_tags = (flags & TCG_SWID_ATTR_REQ_FLAG_R) == 0;
|
||||||
|
|
||||||
swid_directory = lib->settings->get_str(lib->settings,
|
if (!add_swid_inventory(state, out_msg, request_id, full_tags, targets))
|
||||||
"%s.plugins.imc-swid.swid_directory",
|
|
||||||
SWID_DIRECTORY, lib->ns);
|
|
||||||
swid_inventory = swid_inventory_create(full_tags);
|
|
||||||
if (!swid_inventory->collect(swid_inventory, swid_directory, targets))
|
|
||||||
{
|
{
|
||||||
swid_inventory->destroy(swid_inventory);
|
|
||||||
attr = swid_error_create(TCG_SWID_ERROR, request_id,
|
|
||||||
0, "error in SWID tag collection");
|
|
||||||
out_msg->add_attribute(out_msg, attr);
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
DBG1(DBG_IMC, "collected %d SWID tag%s%s",
|
|
||||||
swid_inventory->get_count(swid_inventory), full_tags ? "" : " ID",
|
|
||||||
swid_inventory->get_count(swid_inventory) == 1 ? "" : "s");
|
|
||||||
|
|
||||||
if (full_tags)
|
|
||||||
{
|
|
||||||
attr = tcg_swid_attr_tag_inv_create(request_id, eid_epoch, 1,
|
|
||||||
swid_inventory);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
attr = tcg_swid_attr_tag_id_inv_create(request_id, eid_epoch, 1,
|
|
||||||
swid_inventory);
|
|
||||||
}
|
|
||||||
out_msg->add_attribute(out_msg, attr);
|
|
||||||
}
|
}
|
||||||
enumerator->destroy(enumerator);
|
enumerator->destroy(enumerator);
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (C) 2013 Andreas Steffen
|
* Copyright (C) 2013-2014 Andreas Steffen
|
||||||
* HSR Hochschule fuer Technik Rapperswil
|
* HSR Hochschule fuer Technik Rapperswil
|
||||||
*
|
*
|
||||||
* This program is free software; you can redistribute it and/or modify it
|
* This program is free software; you can redistribute it and/or modify it
|
||||||
|
@ -27,6 +27,8 @@
|
||||||
#include <ietf/ietf_attr_pa_tnc_error.h>
|
#include <ietf/ietf_attr_pa_tnc_error.h>
|
||||||
#include <imv/imv_agent.h>
|
#include <imv/imv_agent.h>
|
||||||
#include <imv/imv_msg.h>
|
#include <imv/imv_msg.h>
|
||||||
|
#include <ita/ita_attr.h>
|
||||||
|
#include <ita/ita_attr_angel.h>
|
||||||
|
|
||||||
#include <tncif_names.h>
|
#include <tncif_names.h>
|
||||||
#include <tncif_pa_subtypes.h>
|
#include <tncif_pa_subtypes.h>
|
||||||
|
@ -89,6 +91,7 @@ METHOD(imv_agent_if_t, notify_connection_change, TNC_Result,
|
||||||
static TNC_Result receive_msg(private_imv_swid_agent_t *this,
|
static TNC_Result receive_msg(private_imv_swid_agent_t *this,
|
||||||
imv_state_t *state, imv_msg_t *in_msg)
|
imv_state_t *state, imv_msg_t *in_msg)
|
||||||
{
|
{
|
||||||
|
imv_swid_state_t *swid_state;
|
||||||
imv_msg_t *out_msg;
|
imv_msg_t *out_msg;
|
||||||
imv_session_t *session;
|
imv_session_t *session;
|
||||||
enumerator_t *enumerator;
|
enumerator_t *enumerator;
|
||||||
|
@ -103,6 +106,7 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this,
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
swid_state = (imv_swid_state_t*)state;
|
||||||
session = state->get_session(state);
|
session = state->get_session(state);
|
||||||
|
|
||||||
/* analyze PA-TNC attributes */
|
/* analyze PA-TNC attributes */
|
||||||
|
@ -112,7 +116,7 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this,
|
||||||
TNC_IMV_Evaluation_Result eval;
|
TNC_IMV_Evaluation_Result eval;
|
||||||
TNC_IMV_Action_Recommendation rec;
|
TNC_IMV_Action_Recommendation rec;
|
||||||
pen_type_t type;
|
pen_type_t type;
|
||||||
u_int32_t request_id, last_eid, eid_epoch;
|
uint32_t request_id, last_eid, eid_epoch;
|
||||||
swid_inventory_t *inventory;
|
swid_inventory_t *inventory;
|
||||||
int tag_count;
|
int tag_count;
|
||||||
char result_str[BUF_LEN], *tag_item;
|
char result_str[BUF_LEN], *tag_item;
|
||||||
|
@ -127,7 +131,7 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this,
|
||||||
pen_type_t error_code;
|
pen_type_t error_code;
|
||||||
chunk_t msg_info, description;
|
chunk_t msg_info, description;
|
||||||
bio_reader_t *reader;
|
bio_reader_t *reader;
|
||||||
u_int32_t request_id = 0, max_attr_size;
|
uint32_t request_id = 0, max_attr_size;
|
||||||
bool success;
|
bool success;
|
||||||
|
|
||||||
error_attr = (ietf_attr_pa_tnc_error_t*)attr;
|
error_attr = (ietf_attr_pa_tnc_error_t*)attr;
|
||||||
|
@ -166,6 +170,20 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this,
|
||||||
reader->destroy(reader);
|
reader->destroy(reader);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
else if (type.vendor_id == PEN_ITA)
|
||||||
|
{
|
||||||
|
switch (type.type)
|
||||||
|
{
|
||||||
|
case ITA_ATTR_START_ANGEL:
|
||||||
|
swid_state->set_angel_count(swid_state, TRUE);
|
||||||
|
break;
|
||||||
|
case ITA_ATTR_STOP_ANGEL:
|
||||||
|
swid_state->set_angel_count(swid_state, FALSE);
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
else if (type.vendor_id != PEN_TCG)
|
else if (type.vendor_id != PEN_TCG)
|
||||||
{
|
{
|
||||||
continue;
|
continue;
|
||||||
|
@ -193,7 +211,7 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this,
|
||||||
{
|
{
|
||||||
tag_creator = tag_id->get_tag_creator(tag_id);
|
tag_creator = tag_id->get_tag_creator(tag_id);
|
||||||
unique_sw_id = tag_id->get_unique_sw_id(tag_id, NULL);
|
unique_sw_id = tag_id->get_unique_sw_id(tag_id, NULL);
|
||||||
DBG3(DBG_IMV, " %.*s_%.*s.swidtag",
|
DBG3(DBG_IMV, " %.*s_%.*s",
|
||||||
tag_creator.len, tag_creator.ptr,
|
tag_creator.len, tag_creator.ptr,
|
||||||
unique_sw_id.len, unique_sw_id.ptr);
|
unique_sw_id.len, unique_sw_id.ptr);
|
||||||
}
|
}
|
||||||
|
@ -239,6 +257,8 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this,
|
||||||
default:
|
default:
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
tag_count = inventory->get_count(inventory);
|
||||||
|
swid_state->set_count(swid_state, tag_count);
|
||||||
|
|
||||||
ew = session->create_workitem_enumerator(session);
|
ew = session->create_workitem_enumerator(session);
|
||||||
while (ew->enumerate(ew, &workitem))
|
while (ew->enumerate(ew, &workitem))
|
||||||
|
@ -257,16 +277,20 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this,
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT;
|
if (!swid_state->get_angel_count(swid_state))
|
||||||
tag_count = inventory->get_count(inventory);
|
{
|
||||||
snprintf(result_str, BUF_LEN, "received inventory of %d SWID %s%s",
|
swid_state->get_count(swid_state, &tag_count);
|
||||||
tag_count, tag_item, (tag_count == 1) ? "" : "s");
|
snprintf(result_str, BUF_LEN, "received inventory of %d SWID %s%s",
|
||||||
session->remove_workitem(session, ew);
|
tag_count, tag_item, (tag_count == 1) ? "" : "s");
|
||||||
ew->destroy(ew);
|
session->remove_workitem(session, ew);
|
||||||
rec = found->set_result(found, result_str, eval);
|
ew->destroy(ew);
|
||||||
state->update_recommendation(state, rec, eval);
|
|
||||||
imcv_db->finalize_workitem(imcv_db, found);
|
eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT;
|
||||||
found->destroy(found);
|
rec = found->set_result(found, result_str, eval);
|
||||||
|
state->update_recommendation(state, rec, eval);
|
||||||
|
imcv_db->finalize_workitem(imcv_db, found);
|
||||||
|
found->destroy(found);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
enumerator->destroy(enumerator);
|
enumerator->destroy(enumerator);
|
||||||
|
|
||||||
|
@ -342,8 +366,8 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
|
||||||
TNC_IMVID imv_id;
|
TNC_IMVID imv_id;
|
||||||
TNC_Result result = TNC_RESULT_SUCCESS;
|
TNC_Result result = TNC_RESULT_SUCCESS;
|
||||||
bool no_workitems = TRUE;
|
bool no_workitems = TRUE;
|
||||||
u_int32_t request_id;
|
uint32_t request_id;
|
||||||
u_int8_t flags;
|
uint8_t flags;
|
||||||
enumerator_t *enumerator;
|
enumerator_t *enumerator;
|
||||||
|
|
||||||
if (!this->agent->get_state(this->agent, id, &state))
|
if (!this->agent->get_state(this->agent, id, &state))
|
||||||
|
|
|
@ -95,6 +95,16 @@ struct private_imv_swid_state_t {
|
||||||
*/
|
*/
|
||||||
imv_remediation_string_t *remediation_string;
|
imv_remediation_string_t *remediation_string;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Number of processed SWID Tags or SWID Tag IDs
|
||||||
|
*/
|
||||||
|
int count;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Angel count
|
||||||
|
*/
|
||||||
|
int angel_count;
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
METHOD(imv_state_t, get_connection_id, TNC_ConnectionID,
|
METHOD(imv_state_t, get_connection_id, TNC_ConnectionID,
|
||||||
|
@ -223,6 +233,33 @@ METHOD(imv_swid_state_t, get_handshake_state, imv_swid_handshake_state_t,
|
||||||
return this->handshake_state;
|
return this->handshake_state;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
METHOD(imv_swid_state_t, set_count, void,
|
||||||
|
private_imv_swid_state_t *this, int count)
|
||||||
|
{
|
||||||
|
this->count += count;
|
||||||
|
}
|
||||||
|
|
||||||
|
METHOD(imv_swid_state_t, get_count, void,
|
||||||
|
private_imv_swid_state_t *this, int *count)
|
||||||
|
{
|
||||||
|
if (count)
|
||||||
|
{
|
||||||
|
*count = this->count;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
METHOD(imv_swid_state_t, set_angel_count, void,
|
||||||
|
private_imv_swid_state_t *this, bool start)
|
||||||
|
{
|
||||||
|
this->angel_count += start ? 1 : -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
METHOD(imv_swid_state_t, get_angel_count, int,
|
||||||
|
private_imv_swid_state_t *this)
|
||||||
|
{
|
||||||
|
return this->angel_count;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Described in header.
|
* Described in header.
|
||||||
*/
|
*/
|
||||||
|
@ -253,6 +290,10 @@ imv_state_t *imv_swid_state_create(TNC_ConnectionID connection_id)
|
||||||
},
|
},
|
||||||
.set_handshake_state = _set_handshake_state,
|
.set_handshake_state = _set_handshake_state,
|
||||||
.get_handshake_state = _get_handshake_state,
|
.get_handshake_state = _get_handshake_state,
|
||||||
|
.set_count = _set_count,
|
||||||
|
.get_count = _get_count,
|
||||||
|
.set_angel_count = _set_angel_count,
|
||||||
|
.get_angel_count = _get_angel_count,
|
||||||
},
|
},
|
||||||
.state = TNC_CONNECTION_STATE_CREATE,
|
.state = TNC_CONNECTION_STATE_CREATE,
|
||||||
.rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
|
.rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (C) 2013 Andreas Steffen
|
* Copyright (C) 2013-2014 Andreas Steffen
|
||||||
* HSR Hochschule fuer Technik Rapperswil
|
* HSR Hochschule fuer Technik Rapperswil
|
||||||
*
|
*
|
||||||
* This program is free software; you can redistribute it and/or modify it
|
* This program is free software; you can redistribute it and/or modify it
|
||||||
|
@ -64,6 +64,34 @@ struct imv_swid_state_t {
|
||||||
*/
|
*/
|
||||||
imv_swid_handshake_state_t (*get_handshake_state)(imv_swid_state_t *this);
|
imv_swid_handshake_state_t (*get_handshake_state)(imv_swid_state_t *this);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Increase/Decrease the ITA Angel count
|
||||||
|
*
|
||||||
|
* @param start TRUE increases and FALSE decreases count by one
|
||||||
|
*/
|
||||||
|
void (*set_angel_count)(imv_swid_state_t *this, bool start);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Set [or with multiple attributes increment] SWID Tag [ID] counters
|
||||||
|
*
|
||||||
|
* @param count Number of received SWID Tags or SWID Tag IDs
|
||||||
|
*/
|
||||||
|
void (*set_count)(imv_swid_state_t *this, int count);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Set [or with multiple attributes increment] SWID Tag [ID] counters
|
||||||
|
*
|
||||||
|
* @param count Number of received SWID Tags or SWID Tag IDs
|
||||||
|
*/
|
||||||
|
void (*get_count)(imv_swid_state_t *this, int *count);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get the ITA Angel count
|
||||||
|
*
|
||||||
|
* @return ITA Angel count
|
||||||
|
*/
|
||||||
|
int (*get_angel_count)(imv_swid_state_t *this);
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (C) 2013 Andreas Steffen
|
* Copyright (C) 2013-2014 Andreas Steffen
|
||||||
* HSR Hochschule fuer Technik Rapperswil
|
* HSR Hochschule fuer Technik Rapperswil
|
||||||
*
|
*
|
||||||
* This program is free software; you can redistribute it and/or modify it
|
* This program is free software; you can redistribute it and/or modify it
|
||||||
|
@ -18,6 +18,7 @@
|
||||||
#include "swid_tag_id.h"
|
#include "swid_tag_id.h"
|
||||||
|
|
||||||
#include <collections/linked_list.h>
|
#include <collections/linked_list.h>
|
||||||
|
#include <bio/bio_writer.h>
|
||||||
#include <utils/debug.h>
|
#include <utils/debug.h>
|
||||||
|
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
|
@ -51,6 +52,123 @@ struct private_swid_inventory_t {
|
||||||
linked_list_t *list;
|
linked_list_t *list;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
static status_t generate_tags(private_swid_inventory_t *this, char *generator,
|
||||||
|
swid_inventory_t *targets, bool pretty, bool full)
|
||||||
|
{
|
||||||
|
FILE *file;
|
||||||
|
char command[512], line[2048];
|
||||||
|
chunk_t tag_creator, unique_sw_id, tag_file_path = chunk_empty;
|
||||||
|
swid_tag_id_t *tag_id;
|
||||||
|
swid_tag_t *tag;
|
||||||
|
status_t status = SUCCESS;
|
||||||
|
|
||||||
|
/* Assemble the SWID generator command */
|
||||||
|
snprintf(command, sizeof(command), "%s %s%s%s\n", generator,
|
||||||
|
(this->full_tags) ? "swid" : "software-id",
|
||||||
|
(this->full_tags && pretty) ? " --pretty" : "",
|
||||||
|
(this->full_tags && full) ? " --full" : "");
|
||||||
|
|
||||||
|
/* Open a pipe stream for reading the output of the dpkg-query commmand */
|
||||||
|
file = popen(command, "r");
|
||||||
|
if (!file)
|
||||||
|
{
|
||||||
|
DBG1(DBG_IMC, "failed to run swid_generator command");
|
||||||
|
return NOT_SUPPORTED;
|
||||||
|
}
|
||||||
|
if (this->full_tags)
|
||||||
|
{
|
||||||
|
bio_writer_t *writer;
|
||||||
|
chunk_t tag_encoding;
|
||||||
|
bool more_tags = TRUE, end_of_tag;
|
||||||
|
|
||||||
|
DBG2(DBG_IMC, "SWID tags generated by package manager:");
|
||||||
|
while (more_tags)
|
||||||
|
{
|
||||||
|
end_of_tag = FALSE;
|
||||||
|
writer = bio_writer_create(512);
|
||||||
|
do
|
||||||
|
{
|
||||||
|
if (fgets(line, sizeof(line), file) <= 0)
|
||||||
|
{
|
||||||
|
more_tags = FALSE;
|
||||||
|
end_of_tag = TRUE;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
if (line[0] == '\n')
|
||||||
|
{
|
||||||
|
end_of_tag = TRUE;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
writer->write_data(writer, chunk_from_str(line));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
while (!end_of_tag);
|
||||||
|
|
||||||
|
tag_encoding = writer->get_buf(writer);
|
||||||
|
|
||||||
|
/* remove trailing newline if present */
|
||||||
|
if (tag_encoding.len > 0 &&
|
||||||
|
tag_encoding.ptr[tag_encoding.len - 1] == '\n')
|
||||||
|
{
|
||||||
|
tag_encoding.len--;
|
||||||
|
}
|
||||||
|
DBG2(DBG_IMC, " %.*s", tag_encoding.len, tag_encoding.ptr);
|
||||||
|
|
||||||
|
tag = swid_tag_create(tag_encoding, tag_file_path);
|
||||||
|
this->list->insert_last(this->list, tag);
|
||||||
|
writer->destroy(writer);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
DBG2(DBG_IMC, "SWID tag IDs generated by package manager:");
|
||||||
|
while (TRUE)
|
||||||
|
{
|
||||||
|
char *separator;
|
||||||
|
size_t len;
|
||||||
|
|
||||||
|
if (fgets(line, sizeof(line), file) <= 0)
|
||||||
|
{
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
len = strlen(line);
|
||||||
|
|
||||||
|
/* remove trailing newline if present */
|
||||||
|
if (len > 0 && line[len - 1] == '\n')
|
||||||
|
{
|
||||||
|
len--;
|
||||||
|
}
|
||||||
|
DBG2(DBG_IMC, " %.*s", len, line);
|
||||||
|
|
||||||
|
separator = strchr(line, '_');
|
||||||
|
if (!separator)
|
||||||
|
{
|
||||||
|
DBG1(DBG_IMC, "separatation of regid from unique software ID "
|
||||||
|
"failed");
|
||||||
|
status = FAILED;
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
tag_creator = chunk_create(line, separator - line);
|
||||||
|
separator++;
|
||||||
|
|
||||||
|
unique_sw_id = chunk_create(separator, len - (separator - line));
|
||||||
|
tag_id = swid_tag_id_create(tag_creator, unique_sw_id, tag_file_path);
|
||||||
|
this->list->insert_last(this->list, tag_id);
|
||||||
|
|
||||||
|
if (fgets(line, sizeof(line), file) <= 0)
|
||||||
|
{
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
end:
|
||||||
|
pclose(file);
|
||||||
|
return status;
|
||||||
|
}
|
||||||
|
|
||||||
static bool collect_tags(private_swid_inventory_t *this, char *pathname,
|
static bool collect_tags(private_swid_inventory_t *this, char *pathname,
|
||||||
swid_inventory_t *targets)
|
swid_inventory_t *targets)
|
||||||
{
|
{
|
||||||
|
@ -72,7 +190,7 @@ static bool collect_tags(private_swid_inventory_t *this, char *pathname,
|
||||||
{
|
{
|
||||||
char * start, *stop;
|
char * start, *stop;
|
||||||
chunk_t tag_creator;
|
chunk_t tag_creator;
|
||||||
chunk_t unique_sw_id = chunk_empty, unique_seq_id = chunk_empty;
|
chunk_t unique_sw_id = chunk_empty, tag_file_path = chunk_empty;
|
||||||
if (!strstr(rel_name, "regid."))
|
if (!strstr(rel_name, "regid."))
|
||||||
{
|
{
|
||||||
continue;
|
continue;
|
||||||
|
@ -121,14 +239,7 @@ static bool collect_tags(private_swid_inventory_t *this, char *pathname,
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
tag_creator = chunk_create(start, stop-start);
|
tag_creator = chunk_create(start, stop-start);
|
||||||
|
|
||||||
start = stop + 1;
|
start = stop + 1;
|
||||||
stop = strchr(start, '_');
|
|
||||||
if (stop)
|
|
||||||
{
|
|
||||||
unique_sw_id = chunk_create(start, stop-start);
|
|
||||||
start = stop + 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
stop = strstr(start, ".swidtag");
|
stop = strstr(start, ".swidtag");
|
||||||
if (!stop)
|
if (!stop)
|
||||||
|
@ -137,14 +248,8 @@ static bool collect_tags(private_swid_inventory_t *this, char *pathname,
|
||||||
DBG1(DBG_IMC, " swidtag postfix not found");
|
DBG1(DBG_IMC, " swidtag postfix not found");
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
if (unique_sw_id.ptr)
|
unique_sw_id = chunk_create(start, stop-start);
|
||||||
{
|
tag_file_path = chunk_from_str(abs_name);
|
||||||
unique_seq_id = chunk_create(start, stop-start);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
unique_sw_id = chunk_create(start, stop-start);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* In case of a targeted request */
|
/* In case of a targeted request */
|
||||||
if (targets->get_count(targets))
|
if (targets->get_count(targets))
|
||||||
|
@ -187,7 +292,7 @@ static bool collect_tags(private_swid_inventory_t *this, char *pathname,
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
|
|
||||||
tag = swid_tag_create(*xml_tag, unique_seq_id);
|
tag = swid_tag_create(*xml_tag, tag_file_path);
|
||||||
this->list->insert_last(this->list, tag);
|
this->list->insert_last(this->list, tag);
|
||||||
chunk_unmap(xml_tag);
|
chunk_unmap(xml_tag);
|
||||||
}
|
}
|
||||||
|
@ -195,10 +300,9 @@ static bool collect_tags(private_swid_inventory_t *this, char *pathname,
|
||||||
{
|
{
|
||||||
swid_tag_id_t *tag_id;
|
swid_tag_id_t *tag_id;
|
||||||
|
|
||||||
tag_id = swid_tag_id_create(tag_creator, unique_sw_id, unique_seq_id);
|
tag_id = swid_tag_id_create(tag_creator, unique_sw_id, tag_file_path);
|
||||||
this->list->insert_last(this->list, tag_id);
|
this->list->insert_last(this->list, tag_id);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
success = TRUE;
|
success = TRUE;
|
||||||
|
|
||||||
|
@ -210,8 +314,18 @@ end:
|
||||||
}
|
}
|
||||||
|
|
||||||
METHOD(swid_inventory_t, collect, bool,
|
METHOD(swid_inventory_t, collect, bool,
|
||||||
private_swid_inventory_t *this, char *directory, swid_inventory_t *targets)
|
private_swid_inventory_t *this, char *directory, char *generator,
|
||||||
|
swid_inventory_t *targets, bool pretty, bool full)
|
||||||
{
|
{
|
||||||
|
/**
|
||||||
|
* Tags are generated by a package manager
|
||||||
|
*/
|
||||||
|
generate_tags(this, generator, targets, pretty, full);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Collect swidtag files by iteratively entering all directories in
|
||||||
|
* the tree under the "directory" path.
|
||||||
|
*/
|
||||||
return collect_tags(this, directory, targets);
|
return collect_tags(this, directory, targets);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (C) 2013 Andreas Steffen
|
* Copyright (C) 2013-2014 Andreas Steffen
|
||||||
* HSR Hochschule fuer Technik Rapperswil
|
* HSR Hochschule fuer Technik Rapperswil
|
||||||
*
|
*
|
||||||
* This program is free software; you can redistribute it and/or modify it
|
* This program is free software; you can redistribute it and/or modify it
|
||||||
|
@ -34,11 +34,14 @@ struct swid_inventory_t {
|
||||||
* Collect the SWID tags stored on the endpoint
|
* Collect the SWID tags stored on the endpoint
|
||||||
*
|
*
|
||||||
* @param directory SWID directory path
|
* @param directory SWID directory path
|
||||||
|
* @param generator Path to SWID generator
|
||||||
* @param targets List of target tag IDs
|
* @param targets List of target tag IDs
|
||||||
|
* @param pretty Generate indented XML SWID tags
|
||||||
|
* @param full Include file information in SWID tags
|
||||||
* @return TRUE if successful
|
* @return TRUE if successful
|
||||||
*/
|
*/
|
||||||
bool (*collect)(swid_inventory_t *this, char *directory,
|
bool (*collect)(swid_inventory_t *this, char *directory, char *generator,
|
||||||
swid_inventory_t *targets);
|
swid_inventory_t *targets, bool pretty, bool full);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Collect the SWID tags stored on the endpoint
|
* Collect the SWID tags stored on the endpoint
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (C) 2013 Andreas Steffen
|
* Copyright (C) 2013-2014 Andreas Steffen
|
||||||
* HSR Hochschule fuer Technik Rapperswil
|
* HSR Hochschule fuer Technik Rapperswil
|
||||||
*
|
*
|
||||||
* This program is free software; you can redistribute it and/or modify it
|
* This program is free software; you can redistribute it and/or modify it
|
||||||
|
@ -34,10 +34,14 @@ struct private_swid_tag_t {
|
||||||
chunk_t encoding;
|
chunk_t encoding;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Optional Unique Sequence ID
|
* Optional Tag File Path
|
||||||
*/
|
*/
|
||||||
chunk_t unique_seq_id;
|
chunk_t tag_file_path;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Reference count
|
||||||
|
*/
|
||||||
|
refcount_t ref;
|
||||||
};
|
};
|
||||||
|
|
||||||
METHOD(swid_tag_t, get_encoding, chunk_t,
|
METHOD(swid_tag_t, get_encoding, chunk_t,
|
||||||
|
@ -46,39 +50,51 @@ METHOD(swid_tag_t, get_encoding, chunk_t,
|
||||||
return this->encoding;
|
return this->encoding;
|
||||||
}
|
}
|
||||||
|
|
||||||
METHOD(swid_tag_t, get_unique_seq_id, chunk_t,
|
METHOD(swid_tag_t, get_tag_file_path, chunk_t,
|
||||||
private_swid_tag_t *this)
|
private_swid_tag_t *this)
|
||||||
{
|
{
|
||||||
return this->unique_seq_id;
|
return this->tag_file_path;
|
||||||
|
}
|
||||||
|
|
||||||
|
METHOD(swid_tag_t, get_ref, swid_tag_t*,
|
||||||
|
private_swid_tag_t *this)
|
||||||
|
{
|
||||||
|
ref_get(&this->ref);
|
||||||
|
return &this->public;
|
||||||
}
|
}
|
||||||
|
|
||||||
METHOD(swid_tag_t, destroy, void,
|
METHOD(swid_tag_t, destroy, void,
|
||||||
private_swid_tag_t *this)
|
private_swid_tag_t *this)
|
||||||
{
|
{
|
||||||
free(this->encoding.ptr);
|
if (ref_put(&this->ref))
|
||||||
free(this->unique_seq_id.ptr);
|
{
|
||||||
free(this);
|
free(this->encoding.ptr);
|
||||||
|
free(this->tag_file_path.ptr);
|
||||||
|
free(this);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* See header
|
* See header
|
||||||
*/
|
*/
|
||||||
swid_tag_t *swid_tag_create(chunk_t encoding, chunk_t unique_seq_id)
|
swid_tag_t *swid_tag_create(chunk_t encoding, chunk_t tag_file_path)
|
||||||
{
|
{
|
||||||
private_swid_tag_t *this;
|
private_swid_tag_t *this;
|
||||||
|
|
||||||
INIT(this,
|
INIT(this,
|
||||||
.public = {
|
.public = {
|
||||||
.get_encoding = _get_encoding,
|
.get_encoding = _get_encoding,
|
||||||
.get_unique_seq_id = _get_unique_seq_id,
|
.get_tag_file_path = _get_tag_file_path,
|
||||||
|
.get_ref = _get_ref,
|
||||||
.destroy = _destroy,
|
.destroy = _destroy,
|
||||||
},
|
},
|
||||||
.encoding = chunk_clone(encoding),
|
.encoding = chunk_clone(encoding),
|
||||||
|
.ref = 1,
|
||||||
);
|
);
|
||||||
|
|
||||||
if (unique_seq_id.len > 0)
|
if (tag_file_path.len > 0)
|
||||||
{
|
{
|
||||||
this->unique_seq_id = chunk_clone(unique_seq_id);
|
this->tag_file_path = chunk_clone(tag_file_path);
|
||||||
}
|
}
|
||||||
|
|
||||||
return &this->public;
|
return &this->public;
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (C) 2013 Andreas Steffen
|
* Copyright (C) 2013-2014 Andreas Steffen
|
||||||
* HSR Hochschule fuer Technik Rapperswil
|
* HSR Hochschule fuer Technik Rapperswil
|
||||||
*
|
*
|
||||||
* This program is free software; you can redistribute it and/or modify it
|
* This program is free software; you can redistribute it and/or modify it
|
||||||
|
@ -39,11 +39,18 @@ struct swid_tag_t {
|
||||||
chunk_t (*get_encoding)(swid_tag_t *this);
|
chunk_t (*get_encoding)(swid_tag_t *this);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get th Optional Unique Sequence ID
|
* Get th Optional Tag File Path
|
||||||
*
|
*
|
||||||
* @return Optional Unique Sequence ID
|
* @return Optional Tag File Path
|
||||||
*/
|
*/
|
||||||
chunk_t (*get_unique_seq_id)(swid_tag_t *this);
|
chunk_t (*get_tag_file_path)(swid_tag_t *this);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get a new reference to the swid_tag object
|
||||||
|
*
|
||||||
|
* @return this, with an increased refcount
|
||||||
|
*/
|
||||||
|
swid_tag_t* (*get_ref)(swid_tag_t *this);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Destroys a swid_tag_t object.
|
* Destroys a swid_tag_t object.
|
||||||
|
@ -56,8 +63,8 @@ struct swid_tag_t {
|
||||||
* Creates a swid_tag_t object
|
* Creates a swid_tag_t object
|
||||||
*
|
*
|
||||||
* @param encoding XML encoding of SWID tag
|
* @param encoding XML encoding of SWID tag
|
||||||
* @param unique_seq_id Unique Sequence ID or empty chunk
|
* @param tag_file_path Tag File Path or empty chunk
|
||||||
*/
|
*/
|
||||||
swid_tag_t* swid_tag_create(chunk_t encoding, chunk_t unique_seq_id);
|
swid_tag_t* swid_tag_create(chunk_t encoding, chunk_t tag_file_path);
|
||||||
|
|
||||||
#endif /** SWID_TAG_H_ @}*/
|
#endif /** SWID_TAG_H_ @}*/
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (C) 2013 Andreas Steffen
|
* Copyright (C) 2013-2014 Andreas Steffen
|
||||||
* HSR Hochschule fuer Technik Rapperswil
|
* HSR Hochschule fuer Technik Rapperswil
|
||||||
*
|
*
|
||||||
* This program is free software; you can redistribute it and/or modify it
|
* This program is free software; you can redistribute it and/or modify it
|
||||||
|
@ -39,10 +39,14 @@ struct private_swid_tag_id_t {
|
||||||
chunk_t unique_sw_id;
|
chunk_t unique_sw_id;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Optional Unique Sequence ID
|
* Tag File Path
|
||||||
*/
|
*/
|
||||||
chunk_t unique_seq_id;
|
chunk_t tag_file_path;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Reference count
|
||||||
|
*/
|
||||||
|
refcount_t ref;
|
||||||
};
|
};
|
||||||
|
|
||||||
METHOD(swid_tag_id_t, get_tag_creator, chunk_t,
|
METHOD(swid_tag_id_t, get_tag_creator, chunk_t,
|
||||||
|
@ -52,29 +56,39 @@ METHOD(swid_tag_id_t, get_tag_creator, chunk_t,
|
||||||
}
|
}
|
||||||
|
|
||||||
METHOD(swid_tag_id_t, get_unique_sw_id, chunk_t,
|
METHOD(swid_tag_id_t, get_unique_sw_id, chunk_t,
|
||||||
private_swid_tag_id_t *this, chunk_t *unique_seq_id)
|
private_swid_tag_id_t *this, chunk_t *tag_file_path)
|
||||||
{
|
{
|
||||||
if (unique_seq_id)
|
if (tag_file_path)
|
||||||
{
|
{
|
||||||
*unique_seq_id = this->unique_seq_id;
|
*tag_file_path = this->tag_file_path;
|
||||||
}
|
}
|
||||||
return this->unique_sw_id;
|
return this->unique_sw_id;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
METHOD(swid_tag_id_t, get_ref, swid_tag_id_t*,
|
||||||
|
private_swid_tag_id_t *this)
|
||||||
|
{
|
||||||
|
ref_get(&this->ref);
|
||||||
|
return &this->public;
|
||||||
|
}
|
||||||
|
|
||||||
METHOD(swid_tag_id_t, destroy, void,
|
METHOD(swid_tag_id_t, destroy, void,
|
||||||
private_swid_tag_id_t *this)
|
private_swid_tag_id_t *this)
|
||||||
{
|
{
|
||||||
free(this->tag_creator.ptr);
|
if (ref_put(&this->ref))
|
||||||
free(this->unique_sw_id.ptr);
|
{
|
||||||
free(this->unique_seq_id.ptr);
|
free(this->tag_creator.ptr);
|
||||||
free(this);
|
free(this->unique_sw_id.ptr);
|
||||||
|
free(this->tag_file_path.ptr);
|
||||||
|
free(this);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* See header
|
* See header
|
||||||
*/
|
*/
|
||||||
swid_tag_id_t *swid_tag_id_create(chunk_t tag_creator, chunk_t unique_sw_id,
|
swid_tag_id_t *swid_tag_id_create(chunk_t tag_creator, chunk_t unique_sw_id,
|
||||||
chunk_t unique_seq_id)
|
chunk_t tag_file_path)
|
||||||
{
|
{
|
||||||
private_swid_tag_id_t *this;
|
private_swid_tag_id_t *this;
|
||||||
|
|
||||||
|
@ -82,15 +96,17 @@ swid_tag_id_t *swid_tag_id_create(chunk_t tag_creator, chunk_t unique_sw_id,
|
||||||
.public = {
|
.public = {
|
||||||
.get_tag_creator = _get_tag_creator,
|
.get_tag_creator = _get_tag_creator,
|
||||||
.get_unique_sw_id = _get_unique_sw_id,
|
.get_unique_sw_id = _get_unique_sw_id,
|
||||||
|
.get_ref = _get_ref,
|
||||||
.destroy = _destroy,
|
.destroy = _destroy,
|
||||||
},
|
},
|
||||||
.tag_creator = chunk_clone(tag_creator),
|
.tag_creator = chunk_clone(tag_creator),
|
||||||
.unique_sw_id = chunk_clone(unique_sw_id),
|
.unique_sw_id = chunk_clone(unique_sw_id),
|
||||||
|
.ref = 1,
|
||||||
);
|
);
|
||||||
|
|
||||||
if (unique_seq_id.len > 0)
|
if (tag_file_path.len > 0)
|
||||||
{
|
{
|
||||||
this->unique_seq_id = chunk_clone(unique_seq_id);
|
this->tag_file_path = chunk_clone(tag_file_path);
|
||||||
}
|
}
|
||||||
|
|
||||||
return &this->public;
|
return &this->public;
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (C) 2013 Andreas Steffen
|
* Copyright (C) 2013-2014 Andreas Steffen
|
||||||
* HSR Hochschule fuer Technik Rapperswil
|
* HSR Hochschule fuer Technik Rapperswil
|
||||||
*
|
*
|
||||||
* This program is free software; you can redistribute it and/or modify it
|
* This program is free software; you can redistribute it and/or modify it
|
||||||
|
@ -39,12 +39,19 @@ struct swid_tag_id_t {
|
||||||
chunk_t (*get_tag_creator)(swid_tag_id_t *this);
|
chunk_t (*get_tag_creator)(swid_tag_id_t *this);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get the Unique Software ID and optional Unique Sequence ID
|
* Get the Unique Software ID and optional Tag File Path
|
||||||
*
|
*
|
||||||
* @param Optional Unique Sequence ID
|
* @param Optional Tag File Path
|
||||||
* @return Unique Software ID
|
* @return Unique Software ID
|
||||||
*/
|
*/
|
||||||
chunk_t (*get_unique_sw_id)(swid_tag_id_t *this, chunk_t *unique_seq_id);
|
chunk_t (*get_unique_sw_id)(swid_tag_id_t *this, chunk_t *tag_file_path);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get a new reference to the swid_tag_id object
|
||||||
|
*
|
||||||
|
* @return this, with an increased refcount
|
||||||
|
*/
|
||||||
|
swid_tag_id_t* (*get_ref)(swid_tag_id_t *this);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Destroys a swid_tag_id_t object.
|
* Destroys a swid_tag_id_t object.
|
||||||
|
@ -58,9 +65,9 @@ struct swid_tag_id_t {
|
||||||
*
|
*
|
||||||
* @param tag_creator Tag Creator
|
* @param tag_creator Tag Creator
|
||||||
* @param unique_sw_id Unique Software ID
|
* @param unique_sw_id Unique Software ID
|
||||||
* @param unique_seq_id Unique Sequence ID or empty chunk
|
* @param tag_file_path Tag File Path or empty chunk
|
||||||
*/
|
*/
|
||||||
swid_tag_id_t* swid_tag_id_create(chunk_t tag_creator, chunk_t unique_sw_id,
|
swid_tag_id_t* swid_tag_id_create(chunk_t tag_creator, chunk_t unique_sw_id,
|
||||||
chunk_t unique_seq_id);
|
chunk_t tag_file_path);
|
||||||
|
|
||||||
#endif /** SWID_TAG_ID_H_ @}*/
|
#endif /** SWID_TAG_ID_H_ @}*/
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (C) 2013 Andreas Steffen
|
* Copyright (C) 2013-2014 Andreas Steffen
|
||||||
* HSR Hochschule fuer Technik Rapperswil
|
* HSR Hochschule fuer Technik Rapperswil
|
||||||
*
|
*
|
||||||
* This program is free software; you can redistribute it and/or modify it
|
* This program is free software; you can redistribute it and/or modify it
|
||||||
|
@ -42,12 +42,11 @@ typedef struct private_tcg_swid_attr_tag_id_inv_t private_tcg_swid_attr_tag_id_i
|
||||||
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||||||
* | Unique Software ID Length |Unique Software ID (var length)|
|
* | Unique Software ID Length |Unique Software ID (var length)|
|
||||||
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||||||
* | Unique Sequence ID Length |Unique Sequence ID (var length)|
|
* | Tag File Path Length | Tag File Path (var. length) |
|
||||||
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#define SWID_TAG_ID_INV_SIZE 16
|
#define TCG_SWID_TAG_ID_INV_RESERVED 0x00
|
||||||
#define SWID_TAG_ID_INV_RESERVED 0x00
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Private data of an tcg_swid_attr_tag_id_inv_t object.
|
* Private data of an tcg_swid_attr_tag_id_inv_t object.
|
||||||
|
@ -77,17 +76,17 @@ struct private_tcg_swid_attr_tag_id_inv_t {
|
||||||
/**
|
/**
|
||||||
* Request ID
|
* Request ID
|
||||||
*/
|
*/
|
||||||
u_int32_t request_id;
|
uint32_t request_id;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Event ID Epoch
|
* Event ID Epoch
|
||||||
*/
|
*/
|
||||||
u_int32_t eid_epoch;
|
uint32_t eid_epoch;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Last Event ID
|
* Last Event ID
|
||||||
*/
|
*/
|
||||||
u_int32_t last_eid;
|
uint32_t last_eid;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* SWID Tag ID Inventory
|
* SWID Tag ID Inventory
|
||||||
|
@ -129,7 +128,7 @@ METHOD(pa_tnc_attr_t, build, void,
|
||||||
{
|
{
|
||||||
bio_writer_t *writer;
|
bio_writer_t *writer;
|
||||||
swid_tag_id_t *tag_id;
|
swid_tag_id_t *tag_id;
|
||||||
chunk_t tag_creator, unique_sw_id, unique_seq_id;
|
chunk_t tag_creator, unique_sw_id, tag_file_path;
|
||||||
enumerator_t *enumerator;
|
enumerator_t *enumerator;
|
||||||
|
|
||||||
if (this->value.ptr)
|
if (this->value.ptr)
|
||||||
|
@ -137,8 +136,8 @@ METHOD(pa_tnc_attr_t, build, void,
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
writer = bio_writer_create(SWID_TAG_ID_INV_SIZE);
|
writer = bio_writer_create(TCG_SWID_TAG_ID_INV_MIN_SIZE);
|
||||||
writer->write_uint8 (writer, SWID_TAG_ID_INV_RESERVED);
|
writer->write_uint8 (writer, TCG_SWID_TAG_ID_INV_RESERVED);
|
||||||
writer->write_uint24(writer, this->inventory->get_count(this->inventory));
|
writer->write_uint24(writer, this->inventory->get_count(this->inventory));
|
||||||
writer->write_uint32(writer, this->request_id);
|
writer->write_uint32(writer, this->request_id);
|
||||||
writer->write_uint32(writer, this->eid_epoch);
|
writer->write_uint32(writer, this->eid_epoch);
|
||||||
|
@ -148,10 +147,10 @@ METHOD(pa_tnc_attr_t, build, void,
|
||||||
while (enumerator->enumerate(enumerator, &tag_id))
|
while (enumerator->enumerate(enumerator, &tag_id))
|
||||||
{
|
{
|
||||||
tag_creator = tag_id->get_tag_creator(tag_id);
|
tag_creator = tag_id->get_tag_creator(tag_id);
|
||||||
unique_sw_id = tag_id->get_unique_sw_id(tag_id, &unique_seq_id);
|
unique_sw_id = tag_id->get_unique_sw_id(tag_id, &tag_file_path);
|
||||||
writer->write_data16(writer, tag_creator);
|
writer->write_data16(writer, tag_creator);
|
||||||
writer->write_data16(writer, unique_sw_id);
|
writer->write_data16(writer, unique_sw_id);
|
||||||
writer->write_data16(writer, unique_seq_id);
|
writer->write_data16(writer, tag_file_path);
|
||||||
}
|
}
|
||||||
enumerator->destroy(enumerator);
|
enumerator->destroy(enumerator);
|
||||||
|
|
||||||
|
@ -160,15 +159,15 @@ METHOD(pa_tnc_attr_t, build, void,
|
||||||
}
|
}
|
||||||
|
|
||||||
METHOD(pa_tnc_attr_t, process, status_t,
|
METHOD(pa_tnc_attr_t, process, status_t,
|
||||||
private_tcg_swid_attr_tag_id_inv_t *this, u_int32_t *offset)
|
private_tcg_swid_attr_tag_id_inv_t *this, uint32_t *offset)
|
||||||
{
|
{
|
||||||
bio_reader_t *reader;
|
bio_reader_t *reader;
|
||||||
u_int32_t tag_id_count;
|
uint32_t tag_id_count;
|
||||||
u_int8_t reserved;
|
uint8_t reserved;
|
||||||
chunk_t tag_creator, unique_sw_id, unique_seq_id;
|
chunk_t tag_creator, unique_sw_id, tag_file_path;
|
||||||
swid_tag_id_t *tag_id;
|
swid_tag_id_t *tag_id;
|
||||||
|
|
||||||
if (this->value.len < SWID_TAG_ID_INV_SIZE)
|
if (this->value.len < TCG_SWID_TAG_ID_INV_MIN_SIZE)
|
||||||
{
|
{
|
||||||
DBG1(DBG_TNC, "insufficient data for SWID Tag Identifier Inventory");
|
DBG1(DBG_TNC, "insufficient data for SWID Tag Identifier Inventory");
|
||||||
*offset = 0;
|
*offset = 0;
|
||||||
|
@ -181,7 +180,7 @@ METHOD(pa_tnc_attr_t, process, status_t,
|
||||||
reader->read_uint32(reader, &this->request_id);
|
reader->read_uint32(reader, &this->request_id);
|
||||||
reader->read_uint32(reader, &this->eid_epoch);
|
reader->read_uint32(reader, &this->eid_epoch);
|
||||||
reader->read_uint32(reader, &this->last_eid);
|
reader->read_uint32(reader, &this->last_eid);
|
||||||
*offset = SWID_TAG_ID_INV_SIZE;
|
*offset = TCG_SWID_TAG_ID_INV_MIN_SIZE;
|
||||||
|
|
||||||
while (tag_id_count--)
|
while (tag_id_count--)
|
||||||
{
|
{
|
||||||
|
@ -199,14 +198,14 @@ METHOD(pa_tnc_attr_t, process, status_t,
|
||||||
}
|
}
|
||||||
*offset += 2 + unique_sw_id.len;
|
*offset += 2 + unique_sw_id.len;
|
||||||
|
|
||||||
if (!reader->read_data16(reader, &unique_seq_id))
|
if (!reader->read_data16(reader, &tag_file_path))
|
||||||
{
|
{
|
||||||
DBG1(DBG_TNC, "insufficient data for Unique Sequence ID");
|
DBG1(DBG_TNC, "insufficient data for Tag File Path");
|
||||||
return FAILED;
|
return FAILED;
|
||||||
}
|
}
|
||||||
*offset += 2 + unique_seq_id.len;
|
*offset += 2 + tag_file_path.len;
|
||||||
|
|
||||||
tag_id = swid_tag_id_create(tag_creator, unique_sw_id, unique_seq_id);
|
tag_id = swid_tag_id_create(tag_creator, unique_sw_id, tag_file_path);
|
||||||
this->inventory->add(this->inventory, tag_id);
|
this->inventory->add(this->inventory, tag_id);
|
||||||
}
|
}
|
||||||
reader->destroy(reader);
|
reader->destroy(reader);
|
||||||
|
@ -232,14 +231,20 @@ METHOD(pa_tnc_attr_t, destroy, void,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
METHOD(tcg_swid_attr_tag_id_inv_t, get_request_id, u_int32_t,
|
METHOD(tcg_swid_attr_tag_id_inv_t, add, void,
|
||||||
|
private_tcg_swid_attr_tag_id_inv_t *this, swid_tag_id_t *tag_id)
|
||||||
|
{
|
||||||
|
this->inventory->add(this->inventory, tag_id);
|
||||||
|
}
|
||||||
|
|
||||||
|
METHOD(tcg_swid_attr_tag_id_inv_t, get_request_id, uint32_t,
|
||||||
private_tcg_swid_attr_tag_id_inv_t *this)
|
private_tcg_swid_attr_tag_id_inv_t *this)
|
||||||
{
|
{
|
||||||
return this->request_id;
|
return this->request_id;
|
||||||
}
|
}
|
||||||
|
|
||||||
METHOD(tcg_swid_attr_tag_id_inv_t, get_last_eid, u_int32_t,
|
METHOD(tcg_swid_attr_tag_id_inv_t, get_last_eid, uint32_t,
|
||||||
private_tcg_swid_attr_tag_id_inv_t *this, u_int32_t *eid_epoch)
|
private_tcg_swid_attr_tag_id_inv_t *this, uint32_t *eid_epoch)
|
||||||
{
|
{
|
||||||
if (eid_epoch)
|
if (eid_epoch)
|
||||||
{
|
{
|
||||||
|
@ -257,10 +262,9 @@ METHOD(tcg_swid_attr_tag_id_inv_t, get_inventory, swid_inventory_t*,
|
||||||
/**
|
/**
|
||||||
* Described in header.
|
* Described in header.
|
||||||
*/
|
*/
|
||||||
pa_tnc_attr_t *tcg_swid_attr_tag_id_inv_create(u_int32_t request_id,
|
pa_tnc_attr_t *tcg_swid_attr_tag_id_inv_create(uint32_t request_id,
|
||||||
u_int32_t eid_epoch,
|
uint32_t eid_epoch,
|
||||||
u_int32_t eid,
|
uint32_t eid)
|
||||||
swid_inventory_t *inventory)
|
|
||||||
{
|
{
|
||||||
private_tcg_swid_attr_tag_id_inv_t *this;
|
private_tcg_swid_attr_tag_id_inv_t *this;
|
||||||
|
|
||||||
|
@ -276,6 +280,7 @@ pa_tnc_attr_t *tcg_swid_attr_tag_id_inv_create(u_int32_t request_id,
|
||||||
.get_ref = _get_ref,
|
.get_ref = _get_ref,
|
||||||
.destroy = _destroy,
|
.destroy = _destroy,
|
||||||
},
|
},
|
||||||
|
.add = _add,
|
||||||
.get_request_id = _get_request_id,
|
.get_request_id = _get_request_id,
|
||||||
.get_last_eid = _get_last_eid,
|
.get_last_eid = _get_last_eid,
|
||||||
.get_inventory = _get_inventory,
|
.get_inventory = _get_inventory,
|
||||||
|
@ -284,7 +289,7 @@ pa_tnc_attr_t *tcg_swid_attr_tag_id_inv_create(u_int32_t request_id,
|
||||||
.request_id = request_id,
|
.request_id = request_id,
|
||||||
.eid_epoch = eid_epoch,
|
.eid_epoch = eid_epoch,
|
||||||
.last_eid = eid,
|
.last_eid = eid,
|
||||||
.inventory = inventory,
|
.inventory = swid_inventory_create(FALSE),
|
||||||
.ref = 1,
|
.ref = 1,
|
||||||
);
|
);
|
||||||
|
|
||||||
|
@ -311,6 +316,7 @@ pa_tnc_attr_t *tcg_swid_attr_tag_id_inv_create_from_data(chunk_t data)
|
||||||
.get_ref = _get_ref,
|
.get_ref = _get_ref,
|
||||||
.destroy = _destroy,
|
.destroy = _destroy,
|
||||||
},
|
},
|
||||||
|
.add = _add,
|
||||||
.get_request_id = _get_request_id,
|
.get_request_id = _get_request_id,
|
||||||
.get_last_eid = _get_last_eid,
|
.get_last_eid = _get_last_eid,
|
||||||
.get_inventory = _get_inventory,
|
.get_inventory = _get_inventory,
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (C) 2013 Andreas Steffen
|
* Copyright (C) 2013-2014 Andreas Steffen
|
||||||
* HSR Hochschule fuer Technik Rapperswil
|
* HSR Hochschule fuer Technik Rapperswil
|
||||||
*
|
*
|
||||||
* This program is free software; you can redistribute it and/or modify it
|
* This program is free software; you can redistribute it and/or modify it
|
||||||
|
@ -29,6 +29,8 @@ typedef struct tcg_swid_attr_tag_id_inv_t tcg_swid_attr_tag_id_inv_t;
|
||||||
|
|
||||||
#include <pa_tnc/pa_tnc_attr.h>
|
#include <pa_tnc/pa_tnc_attr.h>
|
||||||
|
|
||||||
|
#define TCG_SWID_TAG_ID_INV_MIN_SIZE 16
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Class implementing the TCG SWID Tag Identifier Inventory attribute
|
* Class implementing the TCG SWID Tag Identifier Inventory attribute
|
||||||
*
|
*
|
||||||
|
@ -40,12 +42,19 @@ struct tcg_swid_attr_tag_id_inv_t {
|
||||||
*/
|
*/
|
||||||
pa_tnc_attr_t pa_tnc_attribute;
|
pa_tnc_attr_t pa_tnc_attribute;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Add a Tag ID to the attribute
|
||||||
|
*
|
||||||
|
* @tag_id SWID Tag ID to be added
|
||||||
|
*/
|
||||||
|
void (*add)(tcg_swid_attr_tag_id_inv_t *this, swid_tag_id_t *tag_id);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get Request ID
|
* Get Request ID
|
||||||
*
|
*
|
||||||
* @return Request ID
|
* @return Request ID
|
||||||
*/
|
*/
|
||||||
u_int32_t (*get_request_id)(tcg_swid_attr_tag_id_inv_t *this);
|
uint32_t (*get_request_id)(tcg_swid_attr_tag_id_inv_t *this);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get Last Event ID
|
* Get Last Event ID
|
||||||
|
@ -53,8 +62,8 @@ struct tcg_swid_attr_tag_id_inv_t {
|
||||||
* @param eid_epoch Event ID Epoch
|
* @param eid_epoch Event ID Epoch
|
||||||
* @return Last Event ID
|
* @return Last Event ID
|
||||||
*/
|
*/
|
||||||
u_int32_t (*get_last_eid)(tcg_swid_attr_tag_id_inv_t *this,
|
uint32_t (*get_last_eid)(tcg_swid_attr_tag_id_inv_t *this,
|
||||||
u_int32_t *eid_epoch);
|
uint32_t *eid_epoch);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get Inventory of SWID tag IDs
|
* Get Inventory of SWID tag IDs
|
||||||
|
@ -71,12 +80,10 @@ struct tcg_swid_attr_tag_id_inv_t {
|
||||||
* @param request_id Copy of the Request ID
|
* @param request_id Copy of the Request ID
|
||||||
* @param eid_epoch Event ID Epoch
|
* @param eid_epoch Event ID Epoch
|
||||||
* @param eid Last Event ID
|
* @param eid Last Event ID
|
||||||
* @param inventory SWID Tag Inventory
|
|
||||||
*/
|
*/
|
||||||
pa_tnc_attr_t* tcg_swid_attr_tag_id_inv_create(u_int32_t request_id,
|
pa_tnc_attr_t* tcg_swid_attr_tag_id_inv_create(uint32_t request_id,
|
||||||
u_int32_t eid_epoch,
|
uint32_t eid_epoch,
|
||||||
u_int32_t eid,
|
uint32_t eid);
|
||||||
swid_inventory_t *inventory);
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Creates an tcg_swid_attr_tag_id_inv_t object from received data
|
* Creates an tcg_swid_attr_tag_id_inv_t object from received data
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (C) 2013 Andreas Steffen
|
* Copyright (C) 2013-2014 Andreas Steffen
|
||||||
* HSR Hochschule fuer Technik Rapperswil
|
* HSR Hochschule fuer Technik Rapperswil
|
||||||
*
|
*
|
||||||
* This program is free software; you can redistribute it and/or modify it
|
* This program is free software; you can redistribute it and/or modify it
|
||||||
|
@ -38,7 +38,7 @@ typedef struct private_tcg_swid_attr_tag_inv_t private_tcg_swid_attr_tag_inv_t;
|
||||||
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||||||
* | Last EID |
|
* | Last EID |
|
||||||
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||||||
* | Unique Sequence ID Length |Unique Sequence ID (var length)|
|
* | Tag File Path Length | Tag File Path (var length) |
|
||||||
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||||||
* | Tag Length |
|
* | Tag Length |
|
||||||
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||||||
|
@ -46,8 +46,7 @@ typedef struct private_tcg_swid_attr_tag_inv_t private_tcg_swid_attr_tag_inv_t;
|
||||||
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#define SWID_TAG_INV_SIZE 16
|
#define TCG_SWID_TAG_INV_RESERVED 0x00
|
||||||
#define SWID_TAG_INV_RESERVED 0x00
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Private data of an tcg_swid_attr_tag_inv_t object.
|
* Private data of an tcg_swid_attr_tag_inv_t object.
|
||||||
|
@ -77,17 +76,17 @@ struct private_tcg_swid_attr_tag_inv_t {
|
||||||
/**
|
/**
|
||||||
* Request ID
|
* Request ID
|
||||||
*/
|
*/
|
||||||
u_int32_t request_id;
|
uint32_t request_id;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Event ID Epoch
|
* Event ID Epoch
|
||||||
*/
|
*/
|
||||||
u_int32_t eid_epoch;
|
uint32_t eid_epoch;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Last Event ID
|
* Last Event ID
|
||||||
*/
|
*/
|
||||||
u_int32_t last_eid;
|
uint32_t last_eid;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* SWID Tag Inventory
|
* SWID Tag Inventory
|
||||||
|
@ -136,8 +135,8 @@ METHOD(pa_tnc_attr_t, build, void,
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
writer = bio_writer_create(SWID_TAG_INV_SIZE);
|
writer = bio_writer_create(TCG_SWID_TAG_INV_MIN_SIZE);
|
||||||
writer->write_uint8 (writer, SWID_TAG_INV_RESERVED);
|
writer->write_uint8 (writer, TCG_SWID_TAG_INV_RESERVED);
|
||||||
writer->write_uint24(writer, this->inventory->get_count(this->inventory));
|
writer->write_uint24(writer, this->inventory->get_count(this->inventory));
|
||||||
writer->write_uint32(writer, this->request_id);
|
writer->write_uint32(writer, this->request_id);
|
||||||
writer->write_uint32(writer, this->eid_epoch);
|
writer->write_uint32(writer, this->eid_epoch);
|
||||||
|
@ -146,7 +145,7 @@ METHOD(pa_tnc_attr_t, build, void,
|
||||||
enumerator = this->inventory->create_enumerator(this->inventory);
|
enumerator = this->inventory->create_enumerator(this->inventory);
|
||||||
while (enumerator->enumerate(enumerator, &tag))
|
while (enumerator->enumerate(enumerator, &tag))
|
||||||
{
|
{
|
||||||
writer->write_data16(writer, tag->get_unique_seq_id(tag));
|
writer->write_data16(writer, tag->get_tag_file_path(tag));
|
||||||
writer->write_data32(writer, tag->get_encoding(tag));
|
writer->write_data32(writer, tag->get_encoding(tag));
|
||||||
}
|
}
|
||||||
enumerator->destroy(enumerator);
|
enumerator->destroy(enumerator);
|
||||||
|
@ -156,15 +155,15 @@ METHOD(pa_tnc_attr_t, build, void,
|
||||||
}
|
}
|
||||||
|
|
||||||
METHOD(pa_tnc_attr_t, process, status_t,
|
METHOD(pa_tnc_attr_t, process, status_t,
|
||||||
private_tcg_swid_attr_tag_inv_t *this, u_int32_t *offset)
|
private_tcg_swid_attr_tag_inv_t *this, uint32_t *offset)
|
||||||
{
|
{
|
||||||
bio_reader_t *reader;
|
bio_reader_t *reader;
|
||||||
u_int32_t tag_count;
|
uint32_t tag_count;
|
||||||
u_int8_t reserved;
|
uint8_t reserved;
|
||||||
chunk_t tag_encoding, unique_seq_id;
|
chunk_t tag_encoding, tag_file_path;
|
||||||
swid_tag_t *tag;
|
swid_tag_t *tag;
|
||||||
|
|
||||||
if (this->value.len < SWID_TAG_INV_SIZE)
|
if (this->value.len < TCG_SWID_TAG_INV_MIN_SIZE)
|
||||||
{
|
{
|
||||||
DBG1(DBG_TNC, "insufficient data for SWID Tag Inventory");
|
DBG1(DBG_TNC, "insufficient data for SWID Tag Inventory");
|
||||||
*offset = 0;
|
*offset = 0;
|
||||||
|
@ -177,16 +176,16 @@ METHOD(pa_tnc_attr_t, process, status_t,
|
||||||
reader->read_uint32(reader, &this->request_id);
|
reader->read_uint32(reader, &this->request_id);
|
||||||
reader->read_uint32(reader, &this->eid_epoch);
|
reader->read_uint32(reader, &this->eid_epoch);
|
||||||
reader->read_uint32(reader, &this->last_eid);
|
reader->read_uint32(reader, &this->last_eid);
|
||||||
*offset = SWID_TAG_INV_SIZE;
|
*offset = TCG_SWID_TAG_INV_MIN_SIZE;
|
||||||
|
|
||||||
while (tag_count--)
|
while (tag_count--)
|
||||||
{
|
{
|
||||||
if (!reader->read_data16(reader, &unique_seq_id))
|
if (!reader->read_data16(reader, &tag_file_path))
|
||||||
{
|
{
|
||||||
DBG1(DBG_TNC, "insufficient data for Unique Sequence ID");
|
DBG1(DBG_TNC, "insufficient data for Tag File Path");
|
||||||
return FAILED;
|
return FAILED;
|
||||||
}
|
}
|
||||||
*offset += 2 + unique_seq_id.len;
|
*offset += 2 + tag_file_path.len;
|
||||||
|
|
||||||
if (!reader->read_data32(reader, &tag_encoding))
|
if (!reader->read_data32(reader, &tag_encoding))
|
||||||
{
|
{
|
||||||
|
@ -195,7 +194,7 @@ METHOD(pa_tnc_attr_t, process, status_t,
|
||||||
}
|
}
|
||||||
*offset += 4 + tag_encoding.len;
|
*offset += 4 + tag_encoding.len;
|
||||||
|
|
||||||
tag = swid_tag_create(tag_encoding, unique_seq_id);
|
tag = swid_tag_create(tag_encoding, tag_file_path);
|
||||||
this->inventory->add(this->inventory, tag);
|
this->inventory->add(this->inventory, tag);
|
||||||
}
|
}
|
||||||
reader->destroy(reader);
|
reader->destroy(reader);
|
||||||
|
@ -221,14 +220,20 @@ METHOD(pa_tnc_attr_t, destroy, void,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
METHOD(tcg_swid_attr_tag_inv_t, get_request_id, u_int32_t,
|
METHOD(tcg_swid_attr_tag_inv_t, add, void,
|
||||||
|
private_tcg_swid_attr_tag_inv_t *this, swid_tag_t *tag)
|
||||||
|
{
|
||||||
|
this->inventory->add(this->inventory, tag);
|
||||||
|
}
|
||||||
|
|
||||||
|
METHOD(tcg_swid_attr_tag_inv_t, get_request_id, uint32_t,
|
||||||
private_tcg_swid_attr_tag_inv_t *this)
|
private_tcg_swid_attr_tag_inv_t *this)
|
||||||
{
|
{
|
||||||
return this->request_id;
|
return this->request_id;
|
||||||
}
|
}
|
||||||
|
|
||||||
METHOD(tcg_swid_attr_tag_inv_t, get_last_eid, u_int32_t,
|
METHOD(tcg_swid_attr_tag_inv_t, get_last_eid, uint32_t,
|
||||||
private_tcg_swid_attr_tag_inv_t *this, u_int32_t *eid_epoch)
|
private_tcg_swid_attr_tag_inv_t *this, uint32_t *eid_epoch)
|
||||||
{
|
{
|
||||||
if (eid_epoch)
|
if (eid_epoch)
|
||||||
{
|
{
|
||||||
|
@ -246,9 +251,8 @@ METHOD(tcg_swid_attr_tag_inv_t, get_inventory, swid_inventory_t*,
|
||||||
/**
|
/**
|
||||||
* Described in header.
|
* Described in header.
|
||||||
*/
|
*/
|
||||||
pa_tnc_attr_t *tcg_swid_attr_tag_inv_create(u_int32_t request_id,
|
pa_tnc_attr_t *tcg_swid_attr_tag_inv_create(uint32_t request_id,
|
||||||
u_int32_t eid_epoch, u_int32_t eid,
|
uint32_t eid_epoch, uint32_t eid)
|
||||||
swid_inventory_t *inventory)
|
|
||||||
{
|
{
|
||||||
private_tcg_swid_attr_tag_inv_t *this;
|
private_tcg_swid_attr_tag_inv_t *this;
|
||||||
|
|
||||||
|
@ -264,6 +268,7 @@ pa_tnc_attr_t *tcg_swid_attr_tag_inv_create(u_int32_t request_id,
|
||||||
.get_ref = _get_ref,
|
.get_ref = _get_ref,
|
||||||
.destroy = _destroy,
|
.destroy = _destroy,
|
||||||
},
|
},
|
||||||
|
.add = _add,
|
||||||
.get_request_id = _get_request_id,
|
.get_request_id = _get_request_id,
|
||||||
.get_last_eid = _get_last_eid,
|
.get_last_eid = _get_last_eid,
|
||||||
.get_inventory = _get_inventory,
|
.get_inventory = _get_inventory,
|
||||||
|
@ -272,7 +277,7 @@ pa_tnc_attr_t *tcg_swid_attr_tag_inv_create(u_int32_t request_id,
|
||||||
.request_id = request_id,
|
.request_id = request_id,
|
||||||
.eid_epoch = eid_epoch,
|
.eid_epoch = eid_epoch,
|
||||||
.last_eid = eid,
|
.last_eid = eid,
|
||||||
.inventory = inventory,
|
.inventory = swid_inventory_create(TRUE),
|
||||||
.ref = 1,
|
.ref = 1,
|
||||||
);
|
);
|
||||||
|
|
||||||
|
@ -299,6 +304,7 @@ pa_tnc_attr_t *tcg_swid_attr_tag_inv_create_from_data(chunk_t data)
|
||||||
.get_ref = _get_ref,
|
.get_ref = _get_ref,
|
||||||
.destroy = _destroy,
|
.destroy = _destroy,
|
||||||
},
|
},
|
||||||
|
.add = _add,
|
||||||
.get_request_id = _get_request_id,
|
.get_request_id = _get_request_id,
|
||||||
.get_last_eid = _get_last_eid,
|
.get_last_eid = _get_last_eid,
|
||||||
.get_inventory = _get_inventory,
|
.get_inventory = _get_inventory,
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (C) 2013 Andreas Steffen
|
* Copyright (C) 2013-2014 Andreas Steffen
|
||||||
* HSR Hochschule fuer Technik Rapperswil
|
* HSR Hochschule fuer Technik Rapperswil
|
||||||
*
|
*
|
||||||
* This program is free software; you can redistribute it and/or modify it
|
* This program is free software; you can redistribute it and/or modify it
|
||||||
|
@ -29,6 +29,8 @@ typedef struct tcg_swid_attr_tag_inv_t tcg_swid_attr_tag_inv_t;
|
||||||
|
|
||||||
#include <pa_tnc/pa_tnc_attr.h>
|
#include <pa_tnc/pa_tnc_attr.h>
|
||||||
|
|
||||||
|
#define TCG_SWID_TAG_INV_MIN_SIZE 16
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Class implementing the TCG SWID Tag Inventory attribute
|
* Class implementing the TCG SWID Tag Inventory attribute
|
||||||
*
|
*
|
||||||
|
@ -40,12 +42,18 @@ struct tcg_swid_attr_tag_inv_t {
|
||||||
*/
|
*/
|
||||||
pa_tnc_attr_t pa_tnc_attribute;
|
pa_tnc_attr_t pa_tnc_attribute;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Add a Tag ID to the attribute
|
||||||
|
*
|
||||||
|
* @tag SWID Tag to be added
|
||||||
|
*/
|
||||||
|
void (*add)(tcg_swid_attr_tag_inv_t *this, swid_tag_t *tag);
|
||||||
/**
|
/**
|
||||||
* Get Request ID
|
* Get Request ID
|
||||||
*
|
*
|
||||||
* @return Request ID
|
* @return Request ID
|
||||||
*/
|
*/
|
||||||
u_int32_t (*get_request_id)(tcg_swid_attr_tag_inv_t *this);
|
uint32_t (*get_request_id)(tcg_swid_attr_tag_inv_t *this);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get Last Event ID
|
* Get Last Event ID
|
||||||
|
@ -53,8 +61,8 @@ struct tcg_swid_attr_tag_inv_t {
|
||||||
* @param eid_epoch Event ID Epoch
|
* @param eid_epoch Event ID Epoch
|
||||||
* @return Last Event ID
|
* @return Last Event ID
|
||||||
*/
|
*/
|
||||||
u_int32_t (*get_last_eid)(tcg_swid_attr_tag_inv_t *this,
|
uint32_t (*get_last_eid)(tcg_swid_attr_tag_inv_t *this,
|
||||||
u_int32_t *eid_epoch);
|
uint32_t *eid_epoch);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get Inventory of SWID tags
|
* Get Inventory of SWID tags
|
||||||
|
@ -71,12 +79,10 @@ struct tcg_swid_attr_tag_inv_t {
|
||||||
* @param request_id Copy of the Request ID
|
* @param request_id Copy of the Request ID
|
||||||
* @param eid_epoch Event ID Epoch
|
* @param eid_epoch Event ID Epoch
|
||||||
* @param eid Last Event ID
|
* @param eid Last Event ID
|
||||||
* @param inventory SWID Tag Inventory
|
|
||||||
*/
|
*/
|
||||||
pa_tnc_attr_t* tcg_swid_attr_tag_inv_create(u_int32_t request_id,
|
pa_tnc_attr_t* tcg_swid_attr_tag_inv_create(uint32_t request_id,
|
||||||
u_int32_t eid_epoch,
|
uint32_t eid_epoch,
|
||||||
u_int32_t eid,
|
uint32_t eid);
|
||||||
swid_inventory_t *inventory);
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Creates an tcg_swid_attr_tag_inv_t object from received data
|
* Creates an tcg_swid_attr_tag_inv_t object from received data
|
||||||
|
|
|
@ -17,7 +17,8 @@ INC=$INC,openssl,vim,sqlite3,conntrack,gdb,cmake,libxerces-c2-dev,libltdl-dev
|
||||||
INC=$INC,liblog4cxx10-dev,libboost-thread-dev,libboost-system-dev,git-core
|
INC=$INC,liblog4cxx10-dev,libboost-thread-dev,libboost-system-dev,git-core
|
||||||
INC=$INC,less,acpid,acpi-support-base,libldns-dev,libunbound-dev,dnsutils,screen
|
INC=$INC,less,acpid,acpi-support-base,libldns-dev,libunbound-dev,dnsutils,screen
|
||||||
INC=$INC,gnat,gprbuild,libahven3-dev,libxmlada4.1-dev,libgmpada3-dev
|
INC=$INC,gnat,gprbuild,libahven3-dev,libxmlada4.1-dev,libgmpada3-dev
|
||||||
INC=$INC,libalog0.4.1-base-dev,hostapd,libsoup2.4-dev
|
INC=$INC,libalog0.4.1-base-dev,hostapd,libsoup2.4-dev,ca-certificates,unzip
|
||||||
|
INC=$INC,python,python-setuptools
|
||||||
SERVICES="apache2 dbus isc-dhcp-server slapd bind9"
|
SERVICES="apache2 dbus isc-dhcp-server slapd bind9"
|
||||||
INC=$INC,${SERVICES// /,}
|
INC=$INC,${SERVICES// /,}
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,16 @@
|
||||||
|
#!/usr/bin/make
|
||||||
|
|
||||||
|
PKG = swidGenerator
|
||||||
|
ZIP = $(PKG)-master.zip
|
||||||
|
SRC = https://github.com/tnc-ba/$(PKG)/archive/master.zip
|
||||||
|
|
||||||
|
all: install
|
||||||
|
|
||||||
|
$(ZIP):
|
||||||
|
wget --ca-directory="/usr/share/ca-certificates/mozilla" $(SRC) -O $(ZIP)
|
||||||
|
|
||||||
|
$(PKG)-master: $(ZIP)
|
||||||
|
unzip $(ZIP)
|
||||||
|
|
||||||
|
install: $(PKG)-master
|
||||||
|
cd $(PKG)-master && python setup.py install
|
|
@ -24,14 +24,14 @@ fi
|
||||||
: ${TESTDIR=/srv/strongswan-testing}
|
: ${TESTDIR=/srv/strongswan-testing}
|
||||||
|
|
||||||
# Kernel configuration
|
# Kernel configuration
|
||||||
: ${KERNELVERSION=3.13.2}
|
: ${KERNELVERSION=3.13.5}
|
||||||
: ${KERNEL=linux-$KERNELVERSION}
|
: ${KERNEL=linux-$KERNELVERSION}
|
||||||
: ${KERNELTARBALL=$KERNEL.tar.xz}
|
: ${KERNELTARBALL=$KERNEL.tar.xz}
|
||||||
: ${KERNELCONFIG=$DIR/../config/kernel/config-3.13}
|
: ${KERNELCONFIG=$DIR/../config/kernel/config-3.13}
|
||||||
: ${KERNELPATCH=ha-3.13-abicompat.patch.bz2}
|
: ${KERNELPATCH=ha-3.13-abicompat.patch.bz2}
|
||||||
|
|
||||||
# strongSwan version used in tests
|
# strongSwan version used in tests
|
||||||
: ${SWANVERSION=5.1.2}
|
: ${SWANVERSION=5.2.0}
|
||||||
|
|
||||||
# Build directory where the guest kernel and images will be built
|
# Build directory where the guest kernel and images will be built
|
||||||
: ${BUILDDIR=$TESTDIR/build}
|
: ${BUILDDIR=$TESTDIR/build}
|
||||||
|
@ -54,7 +54,7 @@ fi
|
||||||
: ${BASEIMGSUITE=wheezy}
|
: ${BASEIMGSUITE=wheezy}
|
||||||
: ${BASEIMGARCH=amd64}
|
: ${BASEIMGARCH=amd64}
|
||||||
: ${BASEIMG=$IMGDIR/debian-$BASEIMGSUITE-$BASEIMGARCH.$IMGEXT}
|
: ${BASEIMG=$IMGDIR/debian-$BASEIMGSUITE-$BASEIMGARCH.$IMGEXT}
|
||||||
: ${BASEIMGMIRROR=http://cdn.debian.net/debian}
|
: ${BASEIMGMIRROR=http://http.debian.net/debian}
|
||||||
|
|
||||||
# Root image settings
|
# Root image settings
|
||||||
# The root image is the origin of all guest images. It is a clone of the base
|
# The root image is the origin of all guest images. It is a clone of the base
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
INSERT INTO devices ( /* 1 */
|
INSERT INTO devices ( /* 1 */
|
||||||
value, product, created
|
value, product, created
|
||||||
) VALUES (
|
) VALUES (
|
||||||
'aabbccddeeff11223344556677889900', 28, 1372330615
|
'aabbccddeeff11223344556677889900', 40, 1372330615
|
||||||
);
|
);
|
||||||
|
|
||||||
/* Groups Members */
|
/* Groups Members */
|
||||||
|
|
|
@ -6,10 +6,10 @@ dave:: cat /var/log/daemon.log::PB-TNC access recommendation is 'Quarantined'::Y
|
||||||
dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
|
dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
|
||||||
dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
|
dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
|
||||||
dave:: cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES
|
dave:: cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES
|
||||||
moon:: ipsec attest --session 2> /dev/null::Debian 7.2 x86_64.*carol@strongswan.org - allow::YES
|
moon:: ipsec attest --session 2> /dev/null::Debian 7.4 x86_64.*carol@strongswan.org - allow::YES
|
||||||
moon:: cat /var/log/daemon.log::added group membership 'allow'::YES
|
moon:: cat /var/log/daemon.log::added group membership 'allow'::YES
|
||||||
moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
|
moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
|
||||||
moon:: ipsec attest --session 2> /dev/null::Debian 7.2 x86_64.*dave@strongswan.org - isolate::YES
|
moon:: ipsec attest --session 2> /dev/null::Debian 7.4 x86_64.*dave@strongswan.org - isolate::YES
|
||||||
moon:: cat /var/log/daemon.log::added group membership 'isolate'::YES
|
moon:: cat /var/log/daemon.log::added group membership 'isolate'::YES
|
||||||
moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
|
moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
|
||||||
moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES
|
moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
INSERT INTO devices ( /* 1 */
|
INSERT INTO devices ( /* 1 */
|
||||||
value, product, created
|
value, product, created
|
||||||
) VALUES (
|
) VALUES (
|
||||||
'aabbccddeeff11223344556677889900', 28, 1372330615
|
'aabbccddeeff11223344556677889900', 40, 1372330615
|
||||||
);
|
);
|
||||||
|
|
||||||
/* Groups Members */
|
/* Groups Members */
|
||||||
|
|
|
@ -6,10 +6,10 @@ dave:: cat /var/log/daemon.log::PB-TNC access recommendation is 'Quarantined'::Y
|
||||||
dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
|
dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
|
||||||
dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
|
dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
|
||||||
dave:: cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES
|
dave:: cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES
|
||||||
moon:: ipsec attest --sessions 2> /dev/null::Debian 7.2 x86_64.*carol@strongswan.org - allow::YES
|
moon:: ipsec attest --sessions 2> /dev/null::Debian 7.4 x86_64.*carol@strongswan.org - allow::YES
|
||||||
moon:: cat /var/log/daemon.log::added group membership 'allow'::YES
|
moon:: cat /var/log/daemon.log::added group membership 'allow'::YES
|
||||||
moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
|
moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
|
||||||
moon:: ipsec attest --sessions 2> /dev/null::Debian 7.2 x86_64.*dave@strongswan.org - isolate::YES
|
moon:: ipsec attest --sessions 2> /dev/null::Debian 7.4 x86_64.*dave@strongswan.org - isolate::YES
|
||||||
moon:: cat /var/log/daemon.log::added group membership 'isolate'::YES
|
moon:: cat /var/log/daemon.log::added group membership 'isolate'::YES
|
||||||
moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
|
moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
|
||||||
moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES
|
moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
INSERT INTO devices ( /* 1 */
|
INSERT INTO devices ( /* 1 */
|
||||||
value, product, created
|
value, product, created
|
||||||
) VALUES (
|
) VALUES (
|
||||||
'aabbccddeeff11223344556677889900', 28, 1372330615
|
'aabbccddeeff11223344556677889900', 40, 1372330615
|
||||||
);
|
);
|
||||||
|
|
||||||
/* Groups Members */
|
/* Groups Members */
|
||||||
|
@ -27,7 +27,7 @@ INSERT INTO identities (
|
||||||
INSERT INTO sessions (
|
INSERT INTO sessions (
|
||||||
time, connection, identity, device, product, rec
|
time, connection, identity, device, product, rec
|
||||||
) VALUES (
|
) VALUES (
|
||||||
NOW, 1, 1, 1, 28, 0
|
NOW, 1, 1, 1, 40, 0
|
||||||
);
|
);
|
||||||
|
|
||||||
/* Results */
|
/* Results */
|
||||||
|
|
|
@ -15,6 +15,6 @@ carol::sleep 1
|
||||||
carol::ipsec up home
|
carol::ipsec up home
|
||||||
dave::ipsec up home
|
dave::ipsec up home
|
||||||
dave::sleep 1
|
dave::sleep 1
|
||||||
moon::ipsec attest --packages --product 'Debian 7.2 x86_64'
|
moon::ipsec attest --packages --product 'Debian 7.4 x86_64'
|
||||||
moon::ipsec attest --sessions
|
moon::ipsec attest --sessions
|
||||||
moon::ipsec attest --devices
|
moon::ipsec attest --devices
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
INSERT INTO devices ( /* 1 */
|
INSERT INTO devices ( /* 1 */
|
||||||
value, product, created
|
value, product, created
|
||||||
) VALUES (
|
) VALUES (
|
||||||
'aabbccddeeff11223344556677889900', 28, 1372330615
|
'aabbccddeeff11223344556677889900', 40, 1372330615
|
||||||
);
|
);
|
||||||
|
|
||||||
/* Groups Members */
|
/* Groups Members */
|
||||||
|
@ -27,7 +27,7 @@ INSERT INTO identities (
|
||||||
INSERT INTO sessions (
|
INSERT INTO sessions (
|
||||||
time, connection, identity, device, product, rec
|
time, connection, identity, device, product, rec
|
||||||
) VALUES (
|
) VALUES (
|
||||||
NOW, 1, 1, 1, 28, 0
|
NOW, 1, 1, 1, 40, 0
|
||||||
);
|
);
|
||||||
|
|
||||||
/* Results */
|
/* Results */
|
||||||
|
|
|
@ -20,6 +20,10 @@ libtnccs {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
libtls {
|
||||||
|
suites = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
||||||
|
}
|
||||||
|
|
||||||
pt-tls-client {
|
pt-tls-client {
|
||||||
load = curl revocation constraints pem openssl nonce tnc-tnccs tnc-imc tnccs-20
|
load = curl revocation constraints pem openssl nonce tnc-tnccs tnc-imc tnccs-20
|
||||||
}
|
}
|
||||||
|
|
|
@ -17,6 +17,10 @@ libtnccs {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
libtls {
|
||||||
|
suites = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
||||||
|
}
|
||||||
|
|
||||||
pt-tls-client {
|
pt-tls-client {
|
||||||
load = curl revocation constraints pem openssl nonce tnc-tnccs tnc-imc tnccs-20
|
load = curl revocation constraints pem openssl nonce tnc-tnccs tnc-imc tnccs-20
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,10 +6,10 @@ dave:: cat /var/log/daemon.log::PB-TNC access recommendation is 'Quarantined'::Y
|
||||||
dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
|
dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
|
||||||
dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
|
dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
|
||||||
dave:: cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES
|
dave:: cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES
|
||||||
moon:: ipsec attest --session 2> /dev/null::Debian 7.2 x86_64.*carol@strongswan.org - allow::YES
|
moon:: ipsec attest --session 2> /dev/null::Debian 7.4 x86_64.*carol@strongswan.org - allow::YES
|
||||||
moon:: cat /var/log/daemon.log::added group membership 'allow'::YES
|
moon:: cat /var/log/daemon.log::added group membership 'allow'::YES
|
||||||
moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
|
moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
|
||||||
moon:: ipsec attest --session 2> /dev/null::Debian 7.2 x86_64.*dave@strongswan.org - isolate::YES
|
moon:: ipsec attest --session 2> /dev/null::Debian 7.4 x86_64.*dave@strongswan.org - isolate::YES
|
||||||
moon:: cat /var/log/daemon.log::added group membership 'isolate'::YES
|
moon:: cat /var/log/daemon.log::added group membership 'isolate'::YES
|
||||||
moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
|
moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
|
||||||
moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES
|
moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
INSERT INTO devices ( /* 1 */
|
INSERT INTO devices ( /* 1 */
|
||||||
value, product, created
|
value, product, created
|
||||||
) VALUES (
|
) VALUES (
|
||||||
'aabbccddeeff11223344556677889900', 28, 1372330615
|
'aabbccddeeff11223344556677889900', 40, 1372330615
|
||||||
);
|
);
|
||||||
|
|
||||||
/* Groups Members */
|
/* Groups Members */
|
||||||
|
|
|
@ -6,10 +6,10 @@ dave:: cat /var/log/daemon.log::PB-TNC access recommendation is 'Access Allowed'
|
||||||
dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
|
dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
|
||||||
dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
|
dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
|
||||||
dave:: cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.0/28::YES
|
dave:: cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.0/28::YES
|
||||||
moon:: ipsec attest --session 2> /dev/null::Debian 7.2 x86_64.*carol@strongswan.org - allow::YES
|
moon:: ipsec attest --session 2> /dev/null::Debian 7.4 x86_64.*carol@strongswan.org - allow::YES
|
||||||
moon:: cat /var/log/daemon.log::added group membership 'allow'::YES
|
moon:: cat /var/log/daemon.log::added group membership 'allow'::YES
|
||||||
moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
|
moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
|
||||||
moon:: ipsec attest --session 2> /dev/null::Debian 7.2 x86_64.*dave@strongswan.org - allow::YES
|
moon:: ipsec attest --session 2> /dev/null::Debian 7.4 x86_64.*dave@strongswan.org - allow::YES
|
||||||
moon:: cat /var/log/daemon.log::added group membership 'allow'::YES
|
moon:: cat /var/log/daemon.log::added group membership 'allow'::YES
|
||||||
moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
|
moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
|
||||||
moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES
|
moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
INSERT INTO devices ( /* 1 */
|
INSERT INTO devices ( /* 1 */
|
||||||
value, product, created
|
value, product, created
|
||||||
) VALUES (
|
) VALUES (
|
||||||
'aabbccddeeff11223344556677889900', 28, 1372330615
|
'aabbccddeeff11223344556677889900', 40, 1372330615
|
||||||
);
|
);
|
||||||
|
|
||||||
/* Groups Members */
|
/* Groups Members */
|
||||||
|
|
Loading…
Reference in New Issue