Attestion IMV provides recommendation only once
authorAndreas Steffen <andreas.steffen@strongswan.org>
Mon, 8 Jul 2013 15:06:51 +0000 (17:06 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Mon, 8 Jul 2013 15:06:51 +0000 (17:06 +0200)
src/libpts/plugins/imv_attestation/imv_attestation_agent.c
src/libpts/plugins/imv_attestation/imv_attestation_state.h

index 023a7eb..fb93412 100644 (file)
@@ -304,6 +304,12 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
        session = state->get_session(state);
        imv_id = this->agent->get_id(this->agent);
 
+       /* exit if a recommendation has already been provided */
+       if (state->get_action_flags(state) & IMV_ATTESTATION_FLAG_REC)
+       {
+               return TNC_RESULT_SUCCESS;
+       }
+
        /* send an IETF attribute request if no platform info was received */
        if (!platform_info &&
                !(state->get_action_flags(state) & IMV_ATTESTATION_FLAG_ATTR_REQ))
@@ -443,6 +449,8 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
                                                                TNC_IMV_EVALUATION_RESULT_ERROR);
                result = out_msg->send_assessment(out_msg);
                out_msg->destroy(out_msg);
+               state->set_action_flags(state, IMV_ATTESTATION_FLAG_REC);
+
                if (result != TNC_RESULT_SUCCESS)
                {
                        return result;
@@ -458,6 +466,8 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
        {
                result = out_msg->send_assessment(out_msg);
                out_msg->destroy(out_msg);
+               state->set_action_flags(state, IMV_ATTESTATION_FLAG_REC);
+
                if (result != TNC_RESULT_SUCCESS)
                {
                        return result;
index fe57a8c..f3edd5f 100644 (file)
@@ -41,7 +41,8 @@ typedef enum imv_meas_error_t imv_meas_error_t;
 enum imv_attestation_flag_t {
        IMV_ATTESTATION_FLAG_ATTR_REQ =  (1<<0),
        IMV_ATTESTATION_FLAG_ALGO =      (1<<1),
-       IMV_ATTESTATION_FLAG_FILE_MEAS = (1<<2)
+       IMV_ATTESTATION_FLAG_FILE_MEAS = (1<<2),
+       IMV_ATTESTATION_FLAG_REC =       (1<<3)
 };
 
 /**