64bef354d4
imc: get_default_pwd_status(), as it currently is, works on Windows too
...
This fixes the build on Windows.
2015-08-19 12:10:09 +02:00
b19ef52d51
Added reason string support to HCD IMV
2015-08-18 21:25:39 +02:00
627e4b9659
Fixed patches format delimited by CR/LF
2015-08-18 21:25:39 +02:00
18472ac21c
Use PWG HCD PA-TNC subtypes to transport HCD attributes
2015-08-18 21:25:39 +02:00
6b68719dd3
Add default password determination capability to os_info
2015-08-18 21:25:39 +02:00
9e13c2b2cc
Reintroduced ietf_attr_fwd_enabled()
2015-08-18 21:25:39 +02:00
860df6bf75
Defined PWG HCD PA-TNC subtypes
2015-08-18 21:25:39 +02:00
9c2e0a50a3
Added os_info support to HCD IMC
2015-08-18 21:25:38 +02:00
9e88bb987d
Subscribed Scanner IMC/IMV to IETF_FIREWALL PA subtype
2015-08-18 21:25:38 +02:00
b48ffcb1b3
Implemented HCD IMC and IMV
2015-08-18 21:25:38 +02:00
21b8051c10
Completed implementation of PWG HCD attributes
2015-08-18 21:25:38 +02:00
981653a437
Defined generic non-nul terminated string PA-TNC attribute
2015-08-18 21:25:38 +02:00
6a11c8a3f3
Support of HCD Firewall Setting PA-TNC attribute
2015-08-18 21:25:38 +02:00
abb8a1ecd2
Defined generic boolean PA-TNC attribute
2015-08-18 21:25:38 +02:00
5e1b06ff08
Defined PWG HCD IF-M attributes
2015-08-18 21:25:38 +02:00
10f25a3dd9
Fixed the implemention of the IF-M segmentation protocol
...
The first segment only fit if the segmentation envelope attribute
was preceded by a Max Attribute Size Response attribute. The
improved implementation fills up the first PA-TNC message with
the first segment up to the maximum message size.
2015-08-18 21:24:26 +02:00
bd60bcc3c2
Updated SWID attribute list
2015-06-02 06:51:41 +02:00
dedd0ad07c
Check for NULL installed packages enumerator
2015-05-24 11:15:36 +02:00
5d5a74b077
Fixed os_info path in strongswan.conf
2015-05-24 11:13:51 +02:00
d6b75c9563
List attribute request entries also during build
2015-05-24 09:17:29 +02:00
e6952442f2
Exempt ignored PA-TNC attributes from error handling
2015-05-20 06:13:15 +02:00
79b5a33c11
imv_policy_manager: Added capability to execute an allow or block shell command string
2015-04-26 10:55:24 +02:00
d1e7b31e80
Fix years in some copyright statements
2015-04-16 09:21:00 +02:00
161a015782
utils: Use chunk_equals_const() for all cryptographic purposes
2015-04-14 12:02:51 +02:00
a777155ffe
diffie-hellman: Add a bool return value to set_other_public_value()
2015-03-23 17:54:03 +01:00
42431690e0
diffie-hellman: Add a bool return value to get_my_public_value()
2015-03-23 17:54:03 +01:00
8a7dbf3c2a
libimcv: Allow pts_t.set_peer_public_value() to fail
2015-03-23 17:54:02 +01:00
83cda57e2d
libimcv: Allow pts_t.get_my_public_value() to fail
2015-03-23 17:54:02 +01:00
bace1d6479
diffie-hellman: Use bool instead of status_t as get_shared_secret() return value
...
While such a change is not unproblematic, keeping status_t makes the API
inconsistent once we introduce return values for the public value operations.
2015-03-23 17:54:02 +01:00
08feb4548a
Replace kid by aik_id in ITA TBOOT functional component
2015-03-16 17:15:28 +01:00
b6685211fb
Create TPM TBOOT Measurement group
2015-03-15 12:24:05 +01:00
8fa9312f09
Updated products in imv database
2015-03-08 17:18:34 +01:00
20f90d7160
attest: output trusted flag and device description
2015-03-08 17:17:11 +01:00
00cd79b678
Make access requestor IP address available to TNC server
2015-03-08 17:17:11 +01:00
436cdae840
unit-tests: Base attributes get adopted by seg-env/seg-contract
2015-03-03 17:05:16 +01:00
a2b400b16b
seg-env: Destroy base attribute if segmentation is not possible
2015-03-03 17:05:16 +01:00
8f5521cbac
Fixed a memory leak in the attribute segmentation code
2015-02-27 15:13:26 +01:00
ca316734e8
Updated Ubuntu 14.04 kernel version
2015-02-27 08:45:37 +01:00
ecf605c6e1
trusted_enumerate requires an additional argument
2015-01-21 23:54:53 +01:00
027c19b097
pts: Do not override status with SUCCESS if length is invalid
2014-12-23 15:40:01 +01:00
05b835c587
Remove unneeded get_count() method
2014-10-17 17:59:43 +02:00
1c2416013c
Process TCG/PTS File Measurement attribute incrementally
2014-10-17 16:11:40 +02:00
82d2142f98
Exempt TCG/SEG attributes from unsupported case statement
2014-10-16 13:38:51 +02:00
08385de6e2
Request IF-M segmentation contract for TCG/PTS subtype
2014-10-16 07:49:42 +02:00
da241b6c75
libimcv: Add generic constructor for PA-TNC attributes
2014-10-15 13:55:13 +02:00
6de42cd323
swid-inventory: Remove unused variable end_of_tag
2014-10-14 17:11:41 +02:00
668fbd4907
libimcv: Add fallback if IPSEC_SCRIPT is not defined
...
This is the case on Android.
2014-10-13 18:16:47 +02:00
ba0355c4ae
libimcv: Updated Android.mk to latest Makefile.am
2014-10-13 18:16:40 +02:00
ffa800ce9d
libimcv: Remove reference to libpts
2014-10-13 17:17:45 +02:00
17eed801e7
libimcv: Fix Doxygen comments after merging libpts into libimcv
2014-10-13 17:11:57 +02:00
c8719a073d
libimcv: Fix harcoded IMCV_DEFAULT_POLICY_SCRIPT name
...
I came across an issue with src/libimcv/imcv.c where
IMCV_DEFAULT_POLICY_SCRIPT is hardcoded.
It fails where ipsec_script is renamed to, for example, strongswan from
default ipsec.
2014-10-13 16:15:33 +02:00
8b812065f0
Support of multiple directed segmentation contracts
2014-10-11 14:50:08 +02:00
ab99939628
unit-tests: Updated Makefile
2014-10-11 14:50:08 +02:00
a05ca71d07
unit-tests: Added test for seg_contract_manager
2014-10-11 14:50:08 +02:00
4af020be37
Updated build-database.sh script to 3.13.0-37 kernel
2014-10-11 11:40:43 +02:00
b95b664644
Incremental parsing fixes
2014-10-05 22:52:59 +02:00
1bea00651d
Added add_segment() method to TCG/PTS attributes
2014-10-05 19:43:27 +02:00
01be87d086
Added add_segment() method to TCG/SEG attributes
2014-10-05 19:14:38 +02:00
a5dfe7a29a
OS IMV proposes IF-M segmentation contract
...
The OS IMV sends a TCG IF-M Segmentation contract request.
All IETF standard attributes support segmentation. Additionally
the IETF Installed Packages standard attributes supports
incremental processing while segments are received.
2014-10-05 18:43:55 +02:00
fc47211740
SWID IMC proposes IF-M segmentation contracts
2014-10-05 18:43:55 +02:00
30774ee5d6
unit-tests: Updated libimcv test suite
2014-10-05 18:43:54 +02:00
9a515a8856
Added add_segment() method to IETF attributes
2014-10-05 18:43:54 +02:00
97ec4cb055
Added add_segment() method to ITA attributes
2014-10-05 18:43:54 +02:00
903a427008
Implemented incremental processing of SWID tag [ID] inventory attribute
2014-10-05 18:43:54 +02:00
eba0cbcee3
Implemented add_segment method for PA-TNC attributes
2014-10-05 12:55:38 +02:00
e77df5a1f6
Added total length parameter in PA-TNC attribute constructor
2014-10-05 12:55:38 +02:00
ebfd8278f9
Assignment of flags starts with bit 0
2014-10-05 12:55:38 +02:00
95e1524a64
Register the reception of the AIK attribute
2014-10-05 12:55:38 +02:00
4f5b435fe9
Unit tests for libimcv
2014-10-05 12:55:38 +02:00
e23cad3564
Compacted chunk creation in ita_attr_command constructor
2014-10-05 12:55:38 +02:00
d6fb2cc6e3
Merged libpts into libimcv
2014-10-05 12:55:37 +02:00
c4d0987609
Added out message queue for imv_msg receive method
2014-10-05 12:55:37 +02:00
e911ac9a5f
Implemented IF-M segmentation
2014-10-05 12:55:37 +02:00
89d12654b3
Added request variable to get_info_string method
2014-10-03 22:25:09 +02:00
f50968976b
Implemented IF-M segmentation contracts
2014-10-03 22:25:09 +02:00
38b5f527e2
Allow to treat specified Attribute-Type-Not-Supported errors as non-fatal
2014-10-03 22:25:09 +02:00
eafe8795ca
Added Debian 7.6 to IMV database
2014-08-06 08:04:42 +02:00
78ec8c6085
unused os_info_t object removed
2014-08-06 07:55:54 +02:00
3b96147353
Determine type of unsupported PA-TNC attribute in error message
2014-07-16 15:57:15 +02:00
644fc4e1ff
Added Android 4.4.4 to IMV database
2014-06-27 08:27:28 +02:00
d82aa931db
Auxiliary swid_tagstats table boosts performance
2014-06-23 13:32:50 +02:00
927dff2366
The policy_started check is not needed any more
2014-06-18 14:01:02 +02:00
8fc0eae37b
Added Android 4.3 and 4.4.3 to imv database
2014-06-10 16:19:00 +02:00
35e08cde3c
android: Add all Android.mk files to the tarball
2014-06-06 10:12:26 +02:00
fc50731376
imv: Provide database table scheme for MySQL
2014-06-04 15:53:10 +02:00
ecc6c2e8a4
libimcv: Pass TNC_SESSION_ID as argument instead as a environment variable
...
Doing so works on Windows as well.
2014-06-04 15:53:10 +02:00
9b7d1a3b33
libimcv: Be a little more verbose about the Windows system reported
2014-06-04 15:53:10 +02:00
ede10dd974
imv: Return an empty enumerator instead of null, as expected by callers
2014-06-04 15:53:10 +02:00
5388389bef
imc-os: Add missing TNC_IMC_API definitions, fixes warnings on Windows
2014-06-04 15:53:10 +02:00
0c512610cc
imv-os: Don't build pacman on Windows
2014-06-04 15:53:09 +02:00
1cd9bb49d8
libimcv: Use TNC_IMV_API prefix on TNC functions for correct declspec
2014-06-04 15:53:07 +02:00
6b98c00285
libimcv: Silence integer to pointer cast warnings
2014-06-04 15:53:07 +02:00
9bac2c9e40
libimcv: Port os_info (partially) to Windows
2014-06-04 15:53:06 +02:00
09e5f15a13
libimcv: Disable default syslog() logging if not supported
2014-06-04 15:53:06 +02:00
fb7cb97d6e
libimcv: Link against ws_w32 on Windows
2014-06-04 15:53:06 +02:00
4163421f91
plugins: Don't link with -rdynamic on Windows
2014-06-04 15:53:02 +02:00
32cb700cd0
Added Debian 7.5 product and all Debian armv6l products
2014-05-31 20:37:56 +02:00
7b05b0bc28
Fixed typo in tables.sql
2014-05-31 20:37:56 +02:00
a123f470f0
Additional index to improve performance
2014-05-31 20:37:56 +02:00
ba6c27f063
Added all SWID tables and example regids
2014-05-21 14:00:31 +02:00
887a88d55b
Similar statistics for packages and file measurements
2014-05-01 09:17:33 +02:00
289456d26a
libimcv: Updated Android.mk
2014-04-25 14:26:31 +02:00
f5a1cfe3f8
pacman.sh now fetches Ubuntu 14.04 security updates
2014-04-24 09:08:07 +02:00
1d7324133b
Indicate IMV in assessment log statement
2014-04-15 09:21:06 +02:00
3e7044b45e
Implemented segmented SWID tag attributes on IMV side
2014-04-15 09:21:06 +02:00
8c40609f96
Use python-based swidGenerator to generated SWID tags
2014-04-15 09:21:06 +02:00
8505ce1cc6
Updated imv database templates
2014-04-15 09:21:05 +02:00
40e8c67392
Use cached pid for product-based package access
2014-04-15 09:21:05 +02:00
48f37c448c
Make Attestation IMV independent of OS IMV
2014-04-15 09:21:05 +02:00
4894bfa227
Separated IMV session management from IMV policy database
2014-04-15 09:21:05 +02:00
c54c26dd17
Implemented configurable Device ID in OS IMC
2014-04-15 09:21:05 +02:00
37ef086ea7
Added Ubuntu 14.04 to IMV database
2014-03-31 22:22:58 +02:00
a21d4096e5
Use logical AND function
2014-02-23 16:44:32 +01:00
ab13364c65
uclibc only defines strndup(3) if _GNU_SOURCE is defined
...
References #516 .
2014-02-19 16:11:47 +01:00
f03441c4dd
pacman.sh creates /etc/pts/dists directory if it doesn't exist yet
2014-02-13 13:21:47 +01:00
1ec3476398
libimcv: Move settings to <ns>.imcv and <ns>.plugins with fallback
2014-02-12 14:34:34 +01:00
34d3bfcf14
lib: Add global config namespace
2014-02-12 14:34:31 +01:00
de7f5305d9
libimcv: Install SQL files in /usr/share/strongswan/templates/database
2014-02-12 14:08:34 +01:00
d6804e3041
Added missing semicolon in SQL statements
2014-02-05 10:15:56 +01:00
523c2874fb
Added Android 4.3.1 to products database table
2014-02-04 19:49:34 +01:00
2a43f7fd9e
Added new Android versions to PTS database
2014-02-04 06:59:01 +01:00
eeaa8a2417
Added TPMRA workitem support in PTS database
2014-01-16 01:46:55 +01:00
81d49c5cfd
Allow reason strings to be used as workitem result string
2014-01-13 12:06:17 +01:00
6009b6e0dd
Attestation IMV processes TPMRA workitem
2014-01-13 12:06:17 +01:00
3254f8b00a
Added TPM Remote Attestation (TPMRA) workitem
2014-01-10 11:55:21 +01:00
20c99edab9
android: Remove dependency on libvstr
2013-11-13 11:40:47 +01:00
b891c22aa9
Updated and split data.sql
2013-10-23 00:26:02 +02:00
50d7a55c96
Support Ubuntu 13.10 measurements
2013-10-21 21:33:30 +02:00
be8179abd2
Build all IMC/IMVs with -no-undefined
2013-09-12 01:44:50 +02:00
9af44ef5d9
Build all shared libraries with -no-undefined and link them properly
...
The flag is required to convince libtool on Cygwin to build DLLs. But on
Windows these shared libraries can not have undefined symbols, so we have to
link them explicitly to the libraries they reference.
For plugins this is currently not done, so only the monolithic build is
supported. The plugin loader wouldn't be able to load DLLs anyway, as
it tries to load files that don't exist on Cygwin.
2013-09-12 01:44:49 +02:00
5ec08a6a05
Make sure libstrongswan is initialized first in IMCs and IMVs
2013-09-11 20:58:18 +02:00
9b8137fdd3
Added tags table and some tag samples
2013-09-05 11:29:23 +02:00
86f00e6aff
Added regids table and some sample reqid data
2013-09-02 12:00:47 +02:00
70a80ef5d4
Output handler of a given workitem
2013-08-16 14:14:13 +02:00
b38d9d5a54
Implemented SWID prototype IMC/IMV pair
2013-08-15 23:34:23 +02:00
e5455e9413
imv-os: check_packages() fails if product query fails
2013-07-24 16:17:22 +02:00
346a4a1fc2
imv-scanner: Properly check snprintf() return value
2013-07-24 16:17:22 +02:00
0ceb288815
Fix various API doc issues and typos
...
Partially based on an old patch by Adrian-Ken Rueegsegger.
2013-07-18 18:30:36 +02:00
19cb07b890
automake: replace INCLUDES by AM_CPPFLAGS
...
INCLUDES are now deprecated and throw warnings when using automake 1.13.
We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and
defines are passed to AM_CPPFLAGS only.
2013-07-18 14:59:19 +02:00
d27f225d9a
Use strpfx() helper where appropriate
2013-07-08 18:49:30 +02:00
6bce8e1cfb
libimcv: Properly deinitialize libimcv
...
Other users of imcv_pa_tnc_attributes (libpts) check if it is NULL before
removing vendor IDs.
2013-07-08 18:49:28 +02:00
2c693364a8
imv-scanner: Only add a reason string if there is something to report
2013-07-08 18:49:26 +02:00
1973743443
libimcv: Android.mk added
2013-07-08 18:49:25 +02:00
51bc6a6e74
Cosmetics
2013-07-08 17:58:14 +02:00
34f894b6cc
Scanner IMV without workitems provides immediate recommendation, too
2013-07-08 17:53:05 +02:00
ea6ab9fb49
skip enforcement if a recent measurement was successful
2013-07-08 16:08:05 +02:00
69c4e34859
Always return a result string for a processed workitem
2013-07-04 22:55:58 +02:00
9844f240f8
Register packages under Debian 7.0 x86_64
2013-07-04 22:53:41 +02:00
6c969fee94
Don't backup old package lists
2013-07-01 10:00:43 +02:00
b18a531715
plugin-loader: Removed unused path argument of load() method
...
Multiple additional search paths can be added with the add_path()
method.
2013-06-28 10:44:15 +02:00
Tobias Brunner