projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
store collected device information in database
[strongswan.git] / src / libpts / plugins / imv_attestation / attest_db.c
1 /*
2 * Copyright (C) 2011-2012 Andreas Steffen
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "attest_db.h"
17
18 #include "libpts.h"
19 #include "pts/pts_meas_algo.h"
20 #include "pts/pts_file_meas.h"
21 #include "pts/components/pts_comp_func_name.h"
22
23 #include <libgen.h>
24 #include <time.h>
25
26 #define IMA_MAX_NAME_LEN 255
27
28 typedef struct private_attest_db_t private_attest_db_t;
29
30 /**
31 * Private data of an attest_db_t object.
32 */
33 struct private_attest_db_t {
34
35 /**
36 * Public members of attest_db_state_t
37 */
38 attest_db_t public;
39
40 /**
41 * Component Functional Name to be queried
42 */
43 pts_comp_func_name_t *cfn;
44
45 /**
46 * Primary key of the Component Functional Name to be queried
47 */
48 int cid;
49
50 /**
51 * TRUE if Component Functional Name has been set
52 */
53 bool comp_set;
54
55 /**
56 * Directory containing the Measurement file to be queried
57 */
58 char *dir;
59
60 /**
61 * Primary key of the directory to be queried
62 */
63 int did;
64
65 /**
66 * TRUE if directory has been set
67 */
68 bool dir_set;
69
70 /**
71 * Measurement file to be queried
72 */
73 char *file;
74
75 /**
76 * Primary key of measurement file to be queried
77 */
78 int fid;
79
80 /**
81 * TRUE if file has been set
82 */
83 bool file_set;
84
85 /**
86 * AIK to be queried
87 */
88 chunk_t key;
89
90 /**
91 * Primary key of the AIK to be queried
92 */
93 int kid;
94
95 /**
96 * TRUE if AIK has been set
97 */
98 bool key_set;
99
100 /**
101 * Software package to be queried
102 */
103 char *package;
104
105 /**
106 * Primary key of software package to be queried
107 */
108 int gid;
109
110 /**
111 * TRUE if package has been set
112 */
113 bool package_set;
114
115 /**
116 * Software product to be queried
117 */
118 char *product;
119
120 /**
121 * Primary key of software product to be queried
122 */
123 int pid;
124
125 /**
126 * TRUE if product has been set
127 */
128 bool product_set;
129
130 /**
131 * Software package version to be queried
132 */
133 char *version;
134
135 /**
136 * TRUE if version has been set
137 */
138 bool version_set;
139
140 /**
141 * TRUE if relative filenames are to be used
142 */
143 bool relative;
144
145 /**
146 * Package security state
147 */
148 os_package_state_t security;
149
150 /**
151 * Sequence number for ordering entries
152 */
153 int seq_no;
154
155 /**
156 * File measurement hash algorithm
157 */
158 pts_meas_algorithms_t algo;
159
160 /**
161 * Optional owner (user/host name)
162 */
163 char *owner;
164
165 /**
166 * Attestation database
167 */
168 database_t *db;
169
170 };
171
172 char* print_cfn(pts_comp_func_name_t *cfn)
173 {
174 static char buf[BUF_LEN];
175 char flags[8];
176 int type, vid, name, qualifier, n;
177 enum_name_t *names, *types;
178
179 vid = cfn->get_vendor_id(cfn),
180 name = cfn->get_name(cfn);
181 qualifier = cfn->get_qualifier(cfn);
182 n = snprintf(buf, BUF_LEN, "0x%06x/0x%08x-0x%02x", vid, name, qualifier);
183
184 names = pts_components->get_comp_func_names(pts_components, vid);
185 types = pts_components->get_qualifier_type_names(pts_components, vid);
186 type = pts_components->get_qualifier(pts_components, cfn, flags);
187 if (names && types)
188 {
189 n = snprintf(buf + n, BUF_LEN - n, " %N/%N [%s] %N",
190 pen_names, vid, names, name, flags, types, type);
191 }
192 return buf;
193 }
194
195 METHOD(attest_db_t, set_component, bool,
196 private_attest_db_t *this, char *comp, bool create)
197 {
198 enumerator_t *e;
199 char *pos1, *pos2;
200 int vid, name, qualifier;
201 pts_comp_func_name_t *cfn;
202
203 if (this->comp_set)
204 {
205 printf("component has already been set\n");
206 return FALSE;
207 }
208
209 /* parse component string */
210 pos1 = strchr(comp, '/');
211 pos2 = strchr(comp, '-');
212 if (!pos1 || !pos2)
213 {
214 printf("component string must have the form \"vendor_id/name-qualifier\"\n");
215 return FALSE;
216 }
217 vid = atoi(comp);
218 name = atoi(pos1 + 1);
219 qualifier = atoi(pos2 + 1);
220 cfn = pts_comp_func_name_create(vid, name, qualifier);
221
222 e = this->db->query(this->db,
223 "SELECT id FROM components "
224 "WHERE vendor_id = ? AND name = ? AND qualifier = ?",
225 DB_UINT, vid, DB_INT, name, DB_INT, qualifier, DB_INT);
226 if (e)
227 {
228 if (e->enumerate(e, &this->cid))
229 {
230 this->comp_set = TRUE;
231 this->cfn = cfn;
232 }
233 e->destroy(e);
234 }
235 if (this->comp_set)
236 {
237 return TRUE;
238 }
239
240 if (!create)
241 {
242 printf("component '%s' not found in database\n", print_cfn(cfn));
243 cfn->destroy(cfn);
244 return FALSE;
245 }
246
247 /* Add a new database entry */
248 this->comp_set = this->db->execute(this->db, &this->cid,
249 "INSERT INTO components (vendor_id, name, qualifier) "
250 "VALUES (?, ?, ?)",
251 DB_INT, vid, DB_INT, name, DB_INT, qualifier) == 1;
252
253 printf("component '%s' %sinserted into database\n", print_cfn(cfn),
254 this->comp_set ? "" : "could not be ");
255 if (this->comp_set)
256 {
257 this->cfn = cfn;
258 }
259 else
260 {
261 cfn->destroy(cfn);
262 }
263 return this->comp_set;
264 }
265
266 METHOD(attest_db_t, set_cid, bool,
267 private_attest_db_t *this, int cid)
268 {
269 enumerator_t *e;
270 int vid, name, qualifier;
271
272 if (this->comp_set)
273 {
274 printf("component has already been set\n");
275 return FALSE;
276 }
277 this->cid = cid;
278
279 e = this->db->query(this->db, "SELECT vendor_id, name, qualifier "
280 "FROM components WHERE id = ?",
281 DB_UINT, cid, DB_INT, DB_INT, DB_INT);
282 if (e)
283 {
284 if (e->enumerate(e, &vid, &name, &qualifier))
285 {
286 this->cfn = pts_comp_func_name_create(vid, name, qualifier);
287 this->comp_set = TRUE;
288 }
289 else
290 {
291 printf("no component found with cid %d\n", cid);
292 }
293 e->destroy(e);
294 }
295 return this->comp_set;
296 }
297
298 METHOD(attest_db_t, set_directory, bool,
299 private_attest_db_t *this, char *dir, bool create)
300 {
301 enumerator_t *e;
302 size_t len;
303
304 if (this->dir_set)
305 {
306 printf("directory has already been set\n");
307 return FALSE;
308 }
309 free(this->dir);
310
311 /* remove trailing '/' character */
312 len = strlen(dir);
313 if (len && dir[len-1] == '/')
314 {
315 dir[len-1] = '\0';
316 }
317 this->dir = strdup(dir);
318
319 e = this->db->query(this->db,
320 "SELECT id FROM files WHERE type = 1 AND path = ?",
321 DB_TEXT, dir, DB_INT);
322 if (e)
323 {
324 if (e->enumerate(e, &this->did))
325 {
326 this->dir_set = TRUE;
327 }
328 e->destroy(e);
329 }
330 if (this->dir_set)
331 {
332 return TRUE;
333 }
334
335 if (!create)
336 {
337 printf("directory '%s' not found in database\n", dir);
338 return FALSE;
339 }
340
341 /* Add a new database entry */
342 this->dir_set = this->db->execute(this->db, &this->did,
343 "INSERT INTO files (type, path) VALUES (1, ?)",
344 DB_TEXT, dir) == 1;
345
346 printf("directory '%s' %sinserted into database\n", dir,
347 this->dir_set ? "" : "could not be ");
348
349 return this->dir_set;
350 }
351
352 METHOD(attest_db_t, set_did, bool,
353 private_attest_db_t *this, int did)
354 {
355 enumerator_t *e;
356 char *dir;
357
358 if (this->dir_set)
359 {
360 printf("directory has already been set\n");
361 return FALSE;
362 }
363 this->did = did;
364
365 e = this->db->query(this->db, "SELECT path FROM files WHERE id = ?",
366 DB_UINT, did, DB_TEXT);
367 if (e)
368 {
369 if (e->enumerate(e, &dir))
370 {
371 free(this->dir);
372 this->dir = strdup(dir);
373 this->dir_set = TRUE;
374 }
375 else
376 {
377 printf("no directory found with did %d\n", did);
378 }
379 e->destroy(e);
380 }
381 return this->dir_set;
382 }
383
384 METHOD(attest_db_t, set_file, bool,
385 private_attest_db_t *this, char *file, bool create)
386 {
387 enumerator_t *e;
388 char *filename;
389
390 if (this->file_set)
391 {
392 printf("file has already been set\n");
393 return FALSE;
394 }
395 this->file = strdup(file);
396 filename = this->relative ? basename(file) : file;
397
398 e = this->db->query(this->db, "SELECT id FROM files WHERE path = ?",
399 DB_TEXT, filename, DB_INT);
400 if (e)
401 {
402 if (e->enumerate(e, &this->fid))
403 {
404 this->file_set = TRUE;
405 }
406 e->destroy(e);
407 }
408 if (this->file_set)
409 {
410 return TRUE;
411 }
412
413 if (!create)
414 {
415 printf("file '%s' not found in database\n", file);
416 return FALSE;
417 }
418
419 /* Add a new database entry */
420 this->file_set = this->db->execute(this->db, &this->fid,
421 "INSERT INTO files (type, path) VALUES (0, ?)",
422 DB_TEXT, filename) == 1;
423
424 printf("file '%s' %sinserted into database\n", filename,
425 this->file_set ? "" : "could not be ");
426
427 return this->file_set;
428 }
429
430 METHOD(attest_db_t, set_fid, bool,
431 private_attest_db_t *this, int fid)
432 {
433 enumerator_t *e;
434 char *file;
435
436 if (this->file_set)
437 {
438 printf("file has already been set\n");
439 return FALSE;
440 }
441 this->fid = fid;
442
443 e = this->db->query(this->db, "SELECT path FROM files WHERE id = ?",
444 DB_UINT, fid, DB_TEXT);
445 if (e)
446 {
447 if (e->enumerate(e, &file))
448 {
449 this->file = strdup(file);
450 this->file_set = TRUE;
451 }
452 else
453 {
454 printf("no file found with fid %d\n", fid);
455 }
456 e->destroy(e);
457 }
458 return this->file_set;
459 }
460
461 METHOD(attest_db_t, set_key, bool,
462 private_attest_db_t *this, chunk_t key, bool create)
463 {
464 enumerator_t *e;
465 char *owner;
466
467 if (this->key_set)
468 {
469 printf("key has already been set\n");
470 return FALSE;
471 }
472 this->key = key;
473
474 e = this->db->query(this->db, "SELECT id, owner FROM keys WHERE keyid= ?",
475 DB_BLOB, this->key, DB_INT, DB_TEXT);
476 if (e)
477 {
478 if (e->enumerate(e, &this->kid, &owner))
479 {
480 free(this->owner);
481 this->owner = strdup(owner);
482 this->key_set = TRUE;
483 }
484 e->destroy(e);
485 }
486 if (this->key_set)
487 {
488 return TRUE;
489 }
490
491 if (!create)
492 {
493 printf("key '%#B' not found in database\n", &this->key);
494 return FALSE;
495 }
496
497 /* Add a new database entry */
498 if (!this->owner)
499 {
500 this->owner = strdup("");
501 }
502 this->key_set = this->db->execute(this->db, &this->kid,
503 "INSERT INTO keys (keyid, owner) VALUES (?, ?)",
504 DB_BLOB, this->key, DB_TEXT, this->owner) == 1;
505
506 printf("key '%#B' %sinserted into database\n", &this->key,
507 this->key_set ? "" : "could not be ");
508
509 return this->key_set;
510
511 };
512
513 METHOD(attest_db_t, set_kid, bool,
514 private_attest_db_t *this, int kid)
515 {
516 enumerator_t *e;
517 chunk_t key;
518 char *owner;
519
520 if (this->key_set)
521 {
522 printf("key has already been set\n");
523 return FALSE;
524 }
525 this->kid = kid;
526
527 e = this->db->query(this->db, "SELECT keyid, owner FROM keys WHERE id = ?",
528 DB_UINT, kid, DB_BLOB, DB_TEXT);
529 if (e)
530 {
531 if (e->enumerate(e, &key, &owner))
532 {
533 this->owner = strdup(owner);
534 this->key = chunk_clone(key);
535 this->key_set = TRUE;
536 }
537 else
538 {
539 printf("no key found with kid %d\n", kid);
540 }
541 e->destroy(e);
542 }
543 return this->key_set;
544
545 };
546
547 METHOD(attest_db_t, set_product, bool,
548 private_attest_db_t *this, char *product, bool create)
549 {
550 enumerator_t *e;
551
552 if (this->product_set)
553 {
554 printf("product has already been set\n");
555 return FALSE;
556 }
557 this->product = strdup(product);
558
559 e = this->db->query(this->db, "SELECT id FROM products WHERE name = ?",
560 DB_TEXT, product, DB_INT);
561 if (e)
562 {
563 if (e->enumerate(e, &this->pid))
564 {
565 this->product_set = TRUE;
566 }
567 e->destroy(e);
568 }
569 if (this->product_set)
570 {
571 return TRUE;
572 }
573
574 if (!create)
575 {
576 printf("product '%s' not found in database\n", product);
577 return FALSE;
578 }
579
580 /* Add a new database entry */
581 this->product_set = this->db->execute(this->db, &this->pid,
582 "INSERT INTO products (name) VALUES (?)",
583 DB_TEXT, product) == 1;
584
585 printf("product '%s' %sinserted into database\n", product,
586 this->product_set ? "" : "could not be ");
587
588 return this->product_set;
589 }
590
591 METHOD(attest_db_t, set_pid, bool,
592 private_attest_db_t *this, int pid)
593 {
594 enumerator_t *e;
595 char *product;
596
597 if (this->product_set)
598 {
599 printf("product has already been set\n");
600 return FALSE;
601 }
602 this->pid = pid;
603
604 e = this->db->query(this->db, "SELECT name FROM products WHERE id = ?",
605 DB_UINT, pid, DB_TEXT);
606 if (e)
607 {
608 if (e->enumerate(e, &product))
609 {
610 this->product = strdup(product);
611 this->product_set = TRUE;
612 }
613 else
614 {
615 printf("no product found with pid %d in database\n", pid);
616 }
617 e->destroy(e);
618 }
619 return this->product_set;
620 }
621
622 METHOD(attest_db_t, set_package, bool,
623 private_attest_db_t *this, char *package, bool create)
624 {
625 enumerator_t *e;
626
627 if (this->package_set)
628 {
629 printf("package has already been set\n");
630 return FALSE;
631 }
632 this->package = strdup(package);
633
634 e = this->db->query(this->db, "SELECT id FROM packages WHERE name = ?",
635 DB_TEXT, package, DB_INT);
636 if (e)
637 {
638 if (e->enumerate(e, &this->gid))
639 {
640 this->package_set = TRUE;
641 }
642 e->destroy(e);
643 }
644 if (this->package_set)
645 {
646 return TRUE;
647 }
648
649 if (!create)
650 {
651 printf("package '%s' not found in database\n", package);
652 return FALSE;
653 }
654
655 /* Add a new database entry */
656 this->package_set = this->db->execute(this->db, &this->gid,
657 "INSERT INTO packages (name) VALUES (?)",
658 DB_TEXT, package) == 1;
659
660 printf("package '%s' %sinserted into database\n", package,
661 this->package_set ? "" : "could not be ");
662
663 return this->package_set;
664 }
665
666 METHOD(attest_db_t, set_gid, bool,
667 private_attest_db_t *this, int gid)
668 {
669 enumerator_t *e;
670 char *package;
671
672 if (this->package_set)
673 {
674 printf("package has already been set\n");
675 return FALSE;
676 }
677 this->gid = gid;
678
679 e = this->db->query(this->db, "SELECT name FROM packages WHERE id = ?",
680 DB_UINT, gid, DB_TEXT);
681 if (e)
682 {
683 if (e->enumerate(e, &package))
684 {
685 this->package = strdup(package);
686 this->package_set = TRUE;
687 }
688 else
689 {
690 printf("no package found with gid %d in database\n", gid);
691 }
692 e->destroy(e);
693 }
694 return this->package_set;
695 }
696
697 METHOD(attest_db_t, set_version, bool,
698 private_attest_db_t *this, char *version)
699 {
700 if (this->version_set)
701 {
702 printf("version has already been set\n");
703 return FALSE;
704 }
705 this->version = strdup(version);
706 this->version_set = TRUE;
707
708 return TRUE;
709 }
710
711
712 METHOD(attest_db_t, set_algo, void,
713 private_attest_db_t *this, pts_meas_algorithms_t algo)
714 {
715 this->algo = algo;
716 }
717
718 METHOD(attest_db_t, set_relative, void,
719 private_attest_db_t *this)
720 {
721 this->relative = TRUE;
722 }
723
724 METHOD(attest_db_t, set_security, void,
725 private_attest_db_t *this, os_package_state_t security)
726 {
727 this->security = security;
728 }
729
730 METHOD(attest_db_t, set_sequence, void,
731 private_attest_db_t *this, int seq_no)
732 {
733 this->seq_no = seq_no;
734 }
735
736 METHOD(attest_db_t, set_owner, void,
737 private_attest_db_t *this, char *owner)
738 {
739 free(this->owner);
740 this->owner = strdup(owner);
741 }
742
743 METHOD(attest_db_t, list_components, void,
744 private_attest_db_t *this)
745 {
746 enumerator_t *e;
747 pts_comp_func_name_t *cfn;
748 int seq_no, cid, vid, name, qualifier, count = 0;
749
750 if (this->kid)
751 {
752 e = this->db->query(this->db,
753 "SELECT kc.seq_no, c.id, c.vendor_id, c.name, c.qualifier "
754 "FROM components AS c "
755 "JOIN key_component AS kc ON c.id = kc.component "
756 "WHERE kc.key = ? ORDER BY kc.seq_no",
757 DB_UINT, this->kid, DB_INT, DB_INT, DB_INT, DB_INT, DB_INT);
758 if (e)
759 {
760 while (e->enumerate(e, &cid, &seq_no, &vid, &name, &qualifier))
761 {
762 cfn = pts_comp_func_name_create(vid, name, qualifier);
763 printf("%4d: #%-2d %s\n", seq_no, cid, print_cfn(cfn));
764 cfn->destroy(cfn);
765 count++;
766 }
767 e->destroy(e);
768 printf("%d component%s found for key %#B\n", count,
769 (count == 1) ? "" : "s", &this->key);
770 }
771 }
772 else
773 {
774 e = this->db->query(this->db,
775 "SELECT id, vendor_id, name, qualifier FROM components "
776 "ORDER BY vendor_id, name, qualifier",
777 DB_INT, DB_INT, DB_INT, DB_INT);
778 if (e)
779 {
780 while (e->enumerate(e, &cid, &vid, &name, &qualifier))
781 {
782 cfn = pts_comp_func_name_create(vid, name, qualifier);
783 printf("%4d: %s\n", cid, print_cfn(cfn));
784 cfn->destroy(cfn);
785 count++;
786 }
787 e->destroy(e);
788 printf("%d component%s found\n", count, (count == 1) ? "" : "s");
789 }
790 }
791 }
792
793 METHOD(attest_db_t, list_devices, void,
794 private_attest_db_t *this)
795 {
796 enumerator_t *e;
797 chunk_t value;
798 char *product;
799 time_t timestamp;
800 int id, last_id = 0, device_count = 0;
801 int count, count_update, count_blacklist;
802
803 e = this->db->query(this->db,
804 "SELECT d.id, d.value, i.time, i.count, i.count_update, "
805 "i.count_blacklist, p.name FROM devices AS d "
806 "JOIN device_infos AS i ON d.id = i.device "
807 "JOIN products AS p ON p.id = i.product "
808 "ORDER BY d.value, i.time DESC",
809 DB_INT, DB_BLOB, DB_UINT, DB_INT, DB_INT, DB_INT, DB_TEXT);
810
811 if (e)
812 {
813 while (e->enumerate(e, &id, &value, &timestamp, &count, &count_update,
814 &count_blacklist, &product))
815 {
816 if (id != last_id)
817 {
818 printf("%4d: %.*s\n", id, value.len, value.ptr);
819 device_count++;
820 last_id = id;
821 }
822 printf(" %T, %4d, %3d, %3d, '%s'\n", &timestamp, TRUE,
823 count, count_update, count_blacklist, product);
824 }
825 e->destroy(e);
826 printf("%d device%s found\n", device_count,
827 (device_count == 1) ? "" : "s");
828 }
829 }
830
831 METHOD(attest_db_t, list_keys, void,
832 private_attest_db_t *this)
833 {
834 enumerator_t *e;
835 chunk_t keyid;
836 char *owner;
837 int kid, count = 0;
838
839 if (this->cid)
840 {
841 e = this->db->query(this->db,
842 "SELECT k.id, k.keyid, k.owner FROM keys AS k "
843 "JOIN key_component AS kc ON k.id = kc.key "
844 "WHERE kc.component = ? ORDER BY k.keyid",
845 DB_UINT, this->cid, DB_INT, DB_BLOB, DB_TEXT);
846 if (e)
847 {
848 while (e->enumerate(e, &kid, &keyid, &owner))
849 {
850 printf("%4d: %#B '%s'\n", kid, &keyid, owner);
851 count++;
852 }
853 e->destroy(e);
854 }
855 }
856 else
857 {
858 e = this->db->query(this->db, "SELECT id, keyid, owner FROM keys "
859 "ORDER BY keyid",
860 DB_INT, DB_BLOB, DB_TEXT);
861 if (e)
862 {
863 while (e->enumerate(e, &kid, &keyid, &owner))
864 {
865 printf("%4d: %#B '%s'\n", kid, &keyid, owner);
866 count++;
867 }
868 e->destroy(e);
869 }
870 }
871
872 printf("%d key%s found", count, (count == 1) ? "" : "s");
873 if (this->comp_set)
874 {
875 printf(" for component '%s'", print_cfn(this->cfn));
876 }
877 printf("\n");
878 }
879
880 METHOD(attest_db_t, list_files, void,
881 private_attest_db_t *this)
882 {
883 enumerator_t *e;
884 char *file, *file_type[] = { " ", "d", "r" };
885 int fid, type, meas, meta, count = 0;
886
887 if (this->pid)
888 {
889 e = this->db->query(this->db,
890 "SELECT f.id, f.type, f.path, pf.measurement, pf.metadata "
891 "FROM files AS f "
892 "JOIN product_file AS pf ON f.id = pf.file "
893 "WHERE pf.product = ? ORDER BY f.path",
894 DB_UINT, this->pid, DB_INT, DB_INT, DB_TEXT, DB_INT, DB_INT);
895 if (e)
896 {
897 while (e->enumerate(e, &fid, &type, &file, &meas, &meta))
898 {
899 type = (type < 0 || type > 2) ? 0 : type;
900 printf("%4d: |%s%s| %s %s\n", fid, meas ? "M":" ", meta ? "T":" ",
901 file_type[type], file);
902 count++;
903 }
904 e->destroy(e);
905 }
906 }
907 else
908 {
909 e = this->db->query(this->db,
910 "SELECT id, type, path FROM files "
911 "ORDER BY path",
912 DB_INT, DB_INT, DB_TEXT);
913 if (e)
914 {
915 while (e->enumerate(e, &fid, &type, &file))
916 {
917 type = (type < 0 || type > 2) ? 0 : type;
918 printf("%4d: %s %s\n", fid, file_type[type], file);
919 count++;
920 }
921 e->destroy(e);
922 }
923 }
924
925 printf("%d file%s found", count, (count == 1) ? "" : "s");
926 if (this->product_set)
927 {
928 printf(" for product '%s'", this->product);
929 }
930 printf("\n");
931 }
932
933 METHOD(attest_db_t, list_packages, void,
934 private_attest_db_t *this)
935 {
936 enumerator_t *e;
937 char *package, *version;
938 os_package_state_t security;
939 int gid, gid_old = 0, spaces, count = 0;
940 time_t t;
941
942 if (this->pid)
943 {
944 e = this->db->query(this->db,
945 "SELECT p.id, p.name, v.release, v.security, v.time "
946 "FROM packages AS p JOIN versions AS v ON v.package = p.id "
947 "WHERE v.product = ? ORDER BY p.name, v.release",
948 DB_INT, this->pid, DB_INT, DB_TEXT, DB_TEXT, DB_INT, DB_INT);
949 if (e)
950 {
951 while (e->enumerate(e, &gid, &package, &version, &security, &t))
952 {
953 if (gid != gid_old)
954 {
955 printf("%5d: %s,", gid, package);
956 gid_old = gid;
957 }
958 else
959 {
960 spaces = 8 + strlen(package);
961 while (spaces--)
962 {
963 printf(" ");
964 }
965 }
966 printf(" %T (%s)%N\n", &t, TRUE, version,
967 os_package_state_names, security);
968 count++;
969 }
970 e->destroy(e);
971 }
972 }
973 else
974 {
975 e = this->db->query(this->db, "SELECT id, name FROM packages "
976 "ORDER BY name",
977 DB_INT, DB_TEXT);
978 if (e)
979 {
980 while (e->enumerate(e, &gid, &package))
981 {
982 printf("%4d: %s\n", gid, package);
983 count++;
984 }
985 e->destroy(e);
986 }
987 }
988
989 printf("%d package%s found", count, (count == 1) ? "" : "s");
990 if (this->product_set)
991 {
992 printf(" for product '%s'", this->product);
993 }
994 printf("\n");
995 }
996
997 METHOD(attest_db_t, list_products, void,
998 private_attest_db_t *this)
999 {
1000 enumerator_t *e;
1001 char *product;
1002 int pid, meas, meta, count = 0;
1003
1004 if (this->fid)
1005 {
1006 e = this->db->query(this->db,
1007 "SELECT p.id, p.name, pf.measurement, pf.metadata "
1008 "FROM products AS p "
1009 "JOIN product_file AS pf ON p.id = pf.product "
1010 "WHERE pf.file = ? ORDER BY p.name",
1011 DB_UINT, this->fid, DB_INT, DB_TEXT, DB_INT, DB_INT);
1012 if (e)
1013 {
1014 while (e->enumerate(e, &pid, &product, &meas, &meta))
1015 {
1016 printf("%4d: |%s%s| %s\n", pid, meas ? "M":" ", meta ? "T":" ",
1017 product);
1018 count++;
1019 }
1020 e->destroy(e);
1021 }
1022 }
1023 else
1024 {
1025 e = this->db->query(this->db, "SELECT id, name FROM products "
1026 "ORDER BY name",
1027 DB_INT, DB_TEXT);
1028 if (e)
1029 {
1030 while (e->enumerate(e, &pid, &product))
1031 {
1032 printf("%4d: %s\n", pid, product);
1033 count++;
1034 }
1035 e->destroy(e);
1036 }
1037 }
1038
1039 printf("%d product%s found", count, (count == 1) ? "" : "s");
1040 if (this->file_set)
1041 {
1042 printf(" for file '%s'", this->file);
1043 }
1044 printf("\n");
1045 }
1046
1047 /**
1048 * get the directory if there is one from the files tables
1049 */
1050 static void get_directory(private_attest_db_t *this, int did, char **directory)
1051 {
1052 enumerator_t *e;
1053 char *dir;
1054
1055 free(*directory);
1056 *directory = strdup("");
1057
1058 if (did)
1059 {
1060 e = this->db->query(this->db,
1061 "SELECT path from files WHERE id = ?",
1062 DB_UINT, did, DB_TEXT);
1063 if (e)
1064 {
1065 if (e->enumerate(e, &dir))
1066 {
1067 free(*directory);
1068 *directory = strdup(dir);
1069 }
1070 e->destroy(e);
1071 }
1072 }
1073 }
1074
1075 static bool slash(char *directory, char *file)
1076 {
1077 return *file != '/' && directory[max(0, strlen(directory)-1)] != '/';
1078 }
1079
1080 METHOD(attest_db_t, list_hashes, void,
1081 private_attest_db_t *this)
1082 {
1083 enumerator_t *e;
1084 chunk_t hash;
1085 char *file, *dir, *product;
1086 int fid, fid_old = 0, did, did_old = 0, count = 0;
1087
1088 dir = strdup("");
1089
1090 if (this->pid && this->fid & this->did)
1091 {
1092 e = this->db->query(this->db,
1093 "SELECT hash FROM file_hashes "
1094 "WHERE algo = ? AND file = ? AND directory = ? AND product = ?",
1095 DB_INT, this->algo, DB_INT, this->fid, DB_INT, this->did,
1096 DB_INT, this->pid, DB_BLOB);
1097 if (e)
1098 {
1099 while (e->enumerate(e, &hash))
1100 {
1101 if (this->fid != fid_old)
1102 {
1103 printf("%4d: %s%s%s\n", this->fid, this->dir,
1104 slash(this->dir, this->file) ? "/" : "", this->file);
1105 fid_old = this->fid;
1106 }
1107 printf(" %#B\n", &hash);
1108 count++;
1109 }
1110 e->destroy(e);
1111
1112 printf("%d %N value%s found for product '%s'\n", count,
1113 pts_meas_algorithm_names, this->algo,
1114 (count == 1) ? "" : "s", this->product);
1115 }
1116 }
1117 else if (this->pid && this->fid)
1118 {
1119 e = this->db->query(this->db,
1120 "SELECT f.path, fh.hash FROM file_hashes AS fh "
1121 "JOIN files AS f ON f.id = fh.file "
1122 "WHERE algo = ? AND file = ? AND product = ?",
1123 DB_INT, this->algo, DB_INT, this->fid, DB_INT, this->pid,
1124 DB_TEXT, DB_BLOB);
1125 if (e)
1126 {
1127 free(dir);
1128 while (e->enumerate(e, &dir, &hash))
1129 {
1130 printf("%4d: %s%s%s\n", this->fid, dir,
1131 slash(dir, this->file) ? "/" : "", this->file);
1132 printf(" %#B\n", &hash);
1133 count++;
1134 }
1135 e->destroy(e);
1136
1137 printf("%d %N value%s found for product '%s'\n", count,
1138 pts_meas_algorithm_names, this->algo,
1139 (count == 1) ? "" : "s", this->product);
1140 dir = NULL;
1141 }
1142 }
1143 else if (this->pid)
1144 {
1145 e = this->db->query(this->db,
1146 "SELECT f.id, f. f.path, fh.hash, fh.directory "
1147 "FROM file_hashes AS fh "
1148 "JOIN files AS f ON f.id = fh.file "
1149 "WHERE fh.algo = ? AND fh.product = ? "
1150 "ORDER BY fh.directory, f.path",
1151 DB_INT, this->algo, DB_UINT, this->pid,
1152 DB_INT, DB_TEXT, DB_BLOB, DB_INT);
1153 if (e)
1154 {
1155 while (e->enumerate(e, &fid, &file, &hash, &did))
1156 {
1157 if (fid != fid_old || did != did_old)
1158 {
1159 if (did != did_old)
1160 {
1161 get_directory(this, did, &dir);
1162 }
1163 printf("%4d: %s%s%s\n", fid,
1164 dir, slash(dir, file) ? "/" : "", file);
1165 fid_old = fid;
1166 did_old = did;
1167 }
1168 printf(" %#B\n", &hash);
1169 count++;
1170 }
1171 e->destroy(e);
1172
1173 printf("%d %N value%s found for product '%s'\n", count,
1174 pts_meas_algorithm_names, this->algo,
1175 (count == 1) ? "" : "s", this->product);
1176 }
1177 }
1178 else if (this->fid)
1179 {
1180 e = this->db->query(this->db,
1181 "SELECT p.name, fh.hash, fh.directory "
1182 "FROM file_hashes AS fh "
1183 "JOIN products AS p ON p.id = fh.product "
1184 "WHERE fh.algo = ? AND fh.file = ? AND fh.directory = ?"
1185 "ORDER BY p.name",
1186 DB_INT, this->algo, DB_UINT, this->fid, DB_UINT, this->did,
1187 DB_TEXT, DB_BLOB, DB_INT);
1188 if (e)
1189 {
1190 while (e->enumerate(e, &product, &hash, &did))
1191 {
1192 printf("%#B '%s'\n", &hash, product);
1193 count++;
1194 }
1195 e->destroy(e);
1196
1197 printf("%d %N value%s found for file '%s%s%s'\n",
1198 count, pts_meas_algorithm_names, this->algo,
1199 (count == 1) ? "" : "s", this->dir,
1200 slash(this->dir, this->file) ? "/" : "", this->file);
1201 }
1202 }
1203 else
1204 {
1205 e = this->db->query(this->db,
1206 "SELECT f.id, f.path, p.name, fh.hash, fh.directory "
1207 "FROM file_hashes AS fh "
1208 "JOIN files AS f ON f.id = fh.file "
1209 "JOIN products AS p ON p.id = fh.product "
1210 "WHERE fh.algo = ? "
1211 "ORDER BY fh.directory, f.path, p.name",
1212 DB_INT, this->algo,
1213 DB_INT, DB_TEXT, DB_TEXT, DB_BLOB, DB_INT);
1214 if (e)
1215 {
1216 while (e->enumerate(e, &fid, &file, &product, &hash, &did))
1217 {
1218 if (fid != fid_old || did != did_old)
1219 {
1220 if (did != did_old)
1221 {
1222 get_directory(this, did, &dir);
1223 did_old = did;
1224 }
1225 printf("%4d: %s%s%s\n", fid,
1226 dir, slash(dir, file) ? "/" : "", file);
1227 fid_old = fid;
1228 }
1229 printf(" %#B '%s'\n", &hash, product);
1230 count++;
1231 }
1232 e->destroy(e);
1233
1234 printf("%d %N value%s found\n", count, pts_meas_algorithm_names,
1235 this->algo, (count == 1) ? "" : "s");
1236 }
1237 }
1238 free(dir);
1239 }
1240
1241 METHOD(attest_db_t, list_measurements, void,
1242 private_attest_db_t *this)
1243 {
1244 enumerator_t *e;
1245 chunk_t hash, keyid;
1246 pts_comp_func_name_t *cfn;
1247 char *owner;
1248 int seq_no, pcr, vid, name, qualifier;
1249 int cid, cid_old = 0, kid, kid_old = 0, count = 0;
1250
1251 if (this->kid && this->cid)
1252 {
1253 e = this->db->query(this->db,
1254 "SELECT ch.seq_no, ch.pcr, ch.hash, k.owner "
1255 "FROM component_hashes AS ch "
1256 "JOIN keys AS k ON k.id = ch.key "
1257 "WHERE ch.algo = ? AND ch.key = ? AND ch.component = ? "
1258 "ORDER BY seq_no",
1259 DB_INT, this->algo, DB_UINT, this->kid, DB_UINT, this->cid,
1260 DB_INT, DB_INT, DB_BLOB, DB_TEXT);
1261 if (e)
1262 {
1263 while (e->enumerate(e, &seq_no, &pcr, &hash, &owner))
1264 {
1265 if (this->kid != kid_old)
1266 {
1267 printf("%4d: %#B '%s'\n", this->kid, &this->key, owner);
1268 kid_old = this->kid;
1269 }
1270 printf("%7d %02d %#B\n", seq_no, pcr, &hash);
1271 count++;
1272 }
1273 e->destroy(e);
1274
1275 printf("%d %N value%s found for component '%s'\n", count,
1276 pts_meas_algorithm_names, this->algo,
1277 (count == 1) ? "" : "s", print_cfn(this->cfn));
1278 }
1279 }
1280 else if (this->cid)
1281 {
1282 e = this->db->query(this->db,
1283 "SELECT ch.seq_no, ch.pcr, ch.hash, k.id, k.keyid, k.owner "
1284 "FROM component_hashes AS ch "
1285 "JOIN keys AS k ON k.id = ch.key "
1286 "WHERE ch.algo = ? AND ch.component = ? "
1287 "ORDER BY keyid, seq_no",
1288 DB_INT, this->algo, DB_UINT, this->cid,
1289 DB_INT, DB_INT, DB_BLOB, DB_INT, DB_BLOB, DB_TEXT);
1290 if (e)
1291 {
1292 while (e->enumerate(e, &seq_no, &pcr, &hash, &kid, &keyid, &owner))
1293 {
1294 if (kid != kid_old)
1295 {
1296 printf("%4d: %#B '%s'\n", kid, &keyid, owner);
1297 kid_old = kid;
1298 }
1299 printf("%7d %02d %#B\n", seq_no, pcr, &hash);
1300 count++;
1301 }
1302 e->destroy(e);
1303
1304 printf("%d %N value%s found for component '%s'\n", count,
1305 pts_meas_algorithm_names, this->algo,
1306 (count == 1) ? "" : "s", print_cfn(this->cfn));
1307 }
1308
1309 }
1310 else if (this->kid)
1311 {
1312 e = this->db->query(this->db,
1313 "SELECT ch.seq_no, ch.pcr, ch.hash, "
1314 "c.id, c.vendor_id, c.name, c.qualifier "
1315 "FROM component_hashes AS ch "
1316 "JOIN components AS c ON c.id = ch.component "
1317 "WHERE ch.algo = ? AND ch.key = ? "
1318 "ORDER BY vendor_id, name, qualifier, seq_no",
1319 DB_INT, this->algo, DB_UINT, this->kid, DB_INT, DB_INT, DB_BLOB,
1320 DB_INT, DB_INT, DB_INT, DB_INT);
1321 if (e)
1322 {
1323 while (e->enumerate(e, &seq_no, &pcr, &hash, &cid, &vid, &name,
1324 &qualifier))
1325 {
1326 if (cid != cid_old)
1327 {
1328 cfn = pts_comp_func_name_create(vid, name, qualifier);
1329 printf("%4d: %s\n", cid, print_cfn(cfn));
1330 cfn->destroy(cfn);
1331 cid_old = cid;
1332 }
1333 printf("%5d %02d %#B\n", seq_no, pcr, &hash);
1334 count++;
1335 }
1336 e->destroy(e);
1337
1338 printf("%d %N value%s found for key %#B '%s'\n", count,
1339 pts_meas_algorithm_names, this->algo,
1340 (count == 1) ? "" : "s", &this->key, this->owner);
1341 }
1342 }
1343 }
1344
1345 bool insert_file_hash(private_attest_db_t *this, pts_meas_algorithms_t algo,
1346 chunk_t measurement, int fid, int did, bool ima,
1347 int *hashes_added)
1348 {
1349 enumerator_t *e;
1350 chunk_t hash;
1351 char *label;
1352
1353 label = "could not be created";
1354
1355 e = this->db->query(this->db,
1356 "SELECT hash FROM file_hashes WHERE algo = ? "
1357 "AND file = ? AND directory = ? AND product = ? and key = 0",
1358 DB_INT, algo, DB_UINT, fid, DB_UINT, did, DB_UINT, this->pid, DB_BLOB);
1359 if (!e)
1360 {
1361 printf("file_hashes query failed\n");
1362 return FALSE;
1363 }
1364 if (e->enumerate(e, &hash))
1365 {
1366 label = chunk_equals(measurement, hash) ?
1367 "exists and equals" : "exists and differs";
1368 }
1369 else
1370 {
1371 if (this->db->execute(this->db, NULL,
1372 "INSERT INTO file_hashes "
1373 "(file, directory, product, key, algo, hash) "
1374 "VALUES (?, ?, ?, 0, ?, ?)",
1375 DB_UINT, fid, DB_UINT, did, DB_UINT, this->pid,
1376 DB_INT, algo, DB_BLOB, measurement) == 1)
1377 {
1378 label = "created";
1379 (*hashes_added)++;
1380 }
1381 }
1382 e->destroy(e);
1383
1384 printf(" %#B - %s%s\n", &measurement, ima ? "ima - " : "", label);
1385 return TRUE;
1386 }
1387
1388 METHOD(attest_db_t, add, bool,
1389 private_attest_db_t *this)
1390 {
1391 bool success = FALSE;
1392
1393 /* add key/component pair */
1394 if (this->kid && this->cid)
1395 {
1396 success = this->db->execute(this->db, NULL,
1397 "INSERT INTO key_component (key, component, seq_no) "
1398 "VALUES (?, ?, ?)",
1399 DB_UINT, this->kid, DB_UINT, this->cid,
1400 DB_UINT, this->seq_no) == 1;
1401
1402 printf("key/component pair (%d/%d) %sinserted into database at "
1403 "position %d\n", this->kid, this->cid,
1404 success ? "" : "could not be ", this->seq_no);
1405
1406 return success;
1407 }
1408
1409 /* add directory or file measurement for a given product */
1410 if ((this->did || this->fid) && this->pid)
1411 {
1412 char *pathname, *filename, *label;
1413 char ima_buffer[IMA_MAX_NAME_LEN + 1];
1414 chunk_t measurement, ima_template;
1415 pts_file_meas_t *measurements;
1416 hasher_t *hasher = NULL;
1417 bool ima = FALSE;
1418 int fid, did;
1419 int files_added = 0, hashes_added = 0, ima_hashes_added = 0;
1420 enumerator_t *enumerator, *e;
1421
1422 if (this->algo == PTS_MEAS_ALGO_SHA1_IMA)
1423 {
1424 ima = TRUE;
1425 this->algo = PTS_MEAS_ALGO_SHA1;
1426 hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
1427 if (!hasher)
1428 {
1429 printf("could not create hasher\n");
1430 return FALSE;
1431 }
1432 }
1433
1434 pathname = this->did ? this->dir : this->file;
1435 measurements = pts_file_meas_create_from_path(0, pathname, this->did,
1436 this->relative, this->algo);
1437 if (!measurements)
1438 {
1439 printf("file measurement failed\n");
1440 DESTROY_IF(hasher);
1441 return FALSE;
1442 }
1443 if (this->fid && this->relative)
1444 {
1445 set_directory(this, dirname(pathname), TRUE);
1446 }
1447 did = this->relative ? this->did : 0;
1448
1449 enumerator = measurements->create_enumerator(measurements);
1450 while (enumerator->enumerate(enumerator, &filename, &measurement))
1451 {
1452 /* retrieve or create filename */
1453 label = "could not be created";
1454
1455 e = this->db->query(this->db,
1456 "SELECT id FROM files WHERE path = ?",
1457 DB_TEXT, filename, DB_INT);
1458 if (!e)
1459 {
1460 printf("files query failed\n");
1461 break;
1462 }
1463 if (e->enumerate(e, &fid))
1464 {
1465 label = "exists";
1466 }
1467 else
1468 {
1469 if (this->db->execute(this->db, &fid,
1470 "INSERT INTO files (type, path) VALUES (0, ?)",
1471 DB_TEXT, filename) == 1)
1472 {
1473 label = "created";
1474 files_added++;
1475 }
1476 }
1477 e->destroy(e);
1478
1479 printf("%4d: %s - %s\n", fid, filename, label);
1480
1481 /* compute file measurement hash */
1482 if (!insert_file_hash(this, this->algo, measurement,
1483 fid, did, FALSE, &hashes_added))
1484 {
1485 break;
1486 }
1487
1488 if (!ima)
1489 {
1490 continue;
1491 }
1492
1493 /* compute IMA template hash */
1494 strncpy(ima_buffer, filename, IMA_MAX_NAME_LEN);
1495 ima_buffer[IMA_MAX_NAME_LEN] = '\0';
1496 ima_template = chunk_create(ima_buffer, sizeof(ima_buffer));
1497 if (!hasher->get_hash(hasher, measurement, NULL) ||
1498 !hasher->get_hash(hasher, ima_template, measurement.ptr))
1499 {
1500 printf("could not compute IMA template hash\n");
1501 break;
1502 }
1503 if (!insert_file_hash(this, PTS_MEAS_ALGO_SHA1_IMA, measurement,
1504 fid, did, TRUE, &ima_hashes_added))
1505 {
1506 break;
1507 }
1508 }
1509 enumerator->destroy(enumerator);
1510
1511 printf("%d measurements, added %d new files, %d new file hashes",
1512 measurements->get_file_count(measurements),
1513 files_added, hashes_added);
1514 if (ima)
1515 {
1516 printf(" , %d new ima hashes", ima_hashes_added);
1517 hasher->destroy(hasher);
1518 }
1519 printf("\n");
1520 measurements->destroy(measurements);
1521 success = TRUE;
1522 }
1523
1524 /* insert package version */
1525 if (this->version_set && this->gid && this->pid)
1526 {
1527 time_t t = time(NULL);
1528
1529 success = this->db->execute(this->db, NULL,
1530 "INSERT INTO versions "
1531 "(package, product, release, security, time) "
1532 "VALUES (?, ?, ?, ?, ?)",
1533 DB_UINT, this->gid, DB_UINT, this->pid, DB_TEXT,
1534 this->version, DB_UINT, this->security, DB_INT, t) == 1;
1535
1536 printf("'%s' package %s (%s)%N %sinserted into database\n",
1537 this->product, this->package, this->version,
1538 os_package_state_names, this->security,
1539 success ? "" : "could not be ");
1540 }
1541 return success;
1542 }
1543
1544 METHOD(attest_db_t, delete, bool,
1545 private_attest_db_t *this)
1546 {
1547 bool success;
1548
1549 /* delete a file measurement hash for a given product */
1550 if (this->algo && this->pid && this->fid)
1551 {
1552 success = this->db->execute(this->db, NULL,
1553 "DELETE FROM file_hashes "
1554 "WHERE algo = ? AND product = ? "
1555 "AND file = ? AND directory = ?",
1556 DB_UINT, this->algo, DB_UINT, this->pid,
1557 DB_UINT, this->fid, DB_UINT, this->did) > 0;
1558
1559 printf("%4d: %s%s%s\n", this->fid, this->dir, this->did ? "/":"",
1560 this->file);
1561 printf("%N value for product '%s' %sdeleted from database\n",
1562 pts_meas_algorithm_names, this->algo, this->product,
1563 success ? "" : "could not be ");
1564
1565 return success;
1566 }
1567
1568 /* delete product/file entries */
1569 if (this->pid && (this->fid || this->did))
1570 {
1571 success = this->db->execute(this->db, NULL,
1572 "DELETE FROM product_file "
1573 "WHERE product = ? AND file = ?",
1574 DB_UINT, this->pid,
1575 DB_UINT, this->fid ? this->fid : this->did) > 0;
1576
1577 printf("product/file pair (%d/%d) %sdeleted from database\n",
1578 this->pid, this->fid ? this->fid : this->did,
1579 success ? "" : "could not be ");
1580
1581 return success;
1582 }
1583
1584 /* delete key/component pair */
1585 if (this->kid && this->cid)
1586 {
1587 success = this->db->execute(this->db, NULL,
1588 "DELETE FROM key_component "
1589 "WHERE key = ? AND component = ?",
1590 DB_UINT, this->kid, DB_UINT, this->cid) > 0;
1591
1592 printf("key/component pair (%d/%d) %sdeleted from database\n",
1593 this->kid, this->cid, success ? "" : "could not be ");
1594 return success;
1595 }
1596
1597 if (this->cid)
1598 {
1599 success = this->db->execute(this->db, NULL,
1600 "DELETE FROM components WHERE id = ?",
1601 DB_UINT, this->cid) > 0;
1602
1603 printf("component '%s' %sdeleted from database\n", print_cfn(this->cfn),
1604 success ? "" : "could not be ");
1605 return success;
1606 }
1607
1608 if (this->did)
1609 {
1610 success = this->db->execute(this->db, NULL,
1611 "DELETE FROM files WHERE type = 1 AND id = ?",
1612 DB_UINT, this->did) > 0;
1613
1614 printf("directory '%s' %sdeleted from database\n", this->dir,
1615 success ? "" : "could not be ");
1616 return success;
1617 }
1618
1619 if (this->fid)
1620 {
1621 success = this->db->execute(this->db, NULL,
1622 "DELETE FROM files WHERE id = ?",
1623 DB_UINT, this->fid) > 0;
1624
1625 printf("file '%s' %sdeleted from database\n", this->file,
1626 success ? "" : "could not be ");
1627 return success;
1628 }
1629
1630 if (this->kid)
1631 {
1632 success = this->db->execute(this->db, NULL,
1633 "DELETE FROM keys WHERE id = ?",
1634 DB_UINT, this->kid) > 0;
1635
1636 printf("key %#B %sdeleted from database\n", &this->key,
1637 success ? "" : "could not be ");
1638 return success;
1639 }
1640 if (this->pid)
1641 {
1642 success = this->db->execute(this->db, NULL,
1643 "DELETE FROM products WHERE id = ?",
1644 DB_UINT, this->pid) > 0;
1645
1646 printf("product '%s' %sdeleted from database\n", this->product,
1647 success ? "" : "could not be ");
1648 return success;
1649 }
1650
1651 printf("empty delete command\n");
1652 return FALSE;
1653 }
1654
1655 METHOD(attest_db_t, destroy, void,
1656 private_attest_db_t *this)
1657 {
1658 DESTROY_IF(this->db);
1659 DESTROY_IF(this->cfn);
1660 free(this->package);
1661 free(this->product);
1662 free(this->version);
1663 free(this->file);
1664 free(this->dir);
1665 free(this->owner);
1666 free(this->key.ptr);
1667 free(this);
1668 }
1669
1670 /**
1671 * Described in header.
1672 */
1673 attest_db_t *attest_db_create(char *uri)
1674 {
1675 private_attest_db_t *this;
1676
1677 INIT(this,
1678 .public = {
1679 .set_component = _set_component,
1680 .set_cid = _set_cid,
1681 .set_directory = _set_directory,
1682 .set_did = _set_did,
1683 .set_file = _set_file,
1684 .set_fid = _set_fid,
1685 .set_key = _set_key,
1686 .set_kid = _set_kid,
1687 .set_package = _set_package,
1688 .set_gid = _set_gid,
1689 .set_product = _set_product,
1690 .set_pid = _set_pid,
1691 .set_version = _set_version,
1692 .set_algo = _set_algo,
1693 .set_relative = _set_relative,
1694 .set_security = _set_security,
1695 .set_sequence = _set_sequence,
1696 .set_owner = _set_owner,
1697 .list_packages = _list_packages,
1698 .list_products = _list_products,
1699 .list_files = _list_files,
1700 .list_components = _list_components,
1701 .list_devices = _list_devices,
1702 .list_keys = _list_keys,
1703 .list_hashes = _list_hashes,
1704 .list_measurements = _list_measurements,
1705 .add = _add,
1706 .delete = _delete,
1707 .destroy = _destroy,
1708 },
1709 .dir = strdup(""),
1710 .db = lib->db->create(lib->db, uri),
1711 );
1712
1713 if (!this->db)
1714 {
1715 fprintf(stderr, "opening database failed.\n");
1716 destroy(this);
1717 return NULL;
1718 }
1719
1720 return &this->public;
1721 }
strongSwan - IPsec VPN