use OS type on IMV side
authorAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 7 Nov 2012 12:39:44 +0000 (13:39 +0100)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 7 Nov 2012 12:40:52 +0000 (13:40 +0100)
src/libimcv/os_info/os_info.c
src/libimcv/os_info/os_info.h
src/libimcv/plugins/imv_os/imv_os.c
src/libimcv/plugins/imv_os/imv_os_database.c
src/libimcv/plugins/imv_os/imv_os_database.h
src/libimcv/plugins/imv_os/imv_os_state.c
src/libimcv/plugins/imv_os/imv_os_state.h

index 110c60e..9716e2c 100644 (file)
@@ -177,13 +177,13 @@ METHOD(os_info_t, get_setting, chunk_t,
        chunk_t value;
 
        if (!strneq(name, "/etc/", 5) && !strneq(name, "/proc/", 6) &&
        chunk_t value;
 
        if (!strneq(name, "/etc/", 5) && !strneq(name, "/proc/", 6) &&
-               !strneq(name, "/sys/", 5))
+               !strneq(name, "/sys/", 5) && !strneq(name, "/var/", 5))
        {
                /**
                 * In order to guarantee privacy, only settings from the
                 * /etc/, /proc/ and /sys/ directories can be retrieved
                 */
        {
                /**
                 * In order to guarantee privacy, only settings from the
                 * /etc/, /proc/ and /sys/ directories can be retrieved
                 */
-               DBG1(DBG_IMC, "not allowed to access \"%s\"", name);
+               DBG1(DBG_IMC, "not allowed to access '%s'", name);
 
                return chunk_empty;
        }
 
                return chunk_empty;
        }
@@ -191,7 +191,7 @@ METHOD(os_info_t, get_setting, chunk_t,
        file = fopen(name, "r");
        if (!file)
        {
        file = fopen(name, "r");
        if (!file)
        {
-               DBG1(DBG_IMC, "failed to open \"%s\"", name);
+               DBG1(DBG_IMC, "failed to open '%s'", name);
 
                return chunk_empty;
        }
 
                return chunk_empty;
        }
@@ -337,7 +337,7 @@ static bool extract_platform_info(os_type_t *type, chunk_t *name,
        chunk_t os_version = chunk_empty;
        char *os_str;
        struct utsname uninfo;
        chunk_t os_version = chunk_empty;
        char *os_str;
        struct utsname uninfo;
-       int i, t;
+       int i;
 
        /* Linux/Unix distribution release info (from http://linuxmafia.com) */
        const char* releases[] = {
 
        /* Linux/Unix distribution release info (from http://linuxmafia.com) */
        const char* releases[] = {
@@ -492,21 +492,14 @@ static bool extract_platform_info(os_type_t *type, chunk_t *name,
                return FALSE;
        }
 
                return FALSE;
        }
 
-       /* Try to find a matching OS type */
+       /* Try to find a matching OS type based on the OS name */
        if (os_type == OS_TYPE_UNKNOWN)
        {
        if (os_type == OS_TYPE_UNKNOWN)
        {
-               for (t = OS_TYPE_DEBIAN; t <= OS_TYPE_GENTOO; t++)
-               {
-                       os_str = enum_to_name(os_type_names, t);
-                       if (memeq(os_name.ptr, os_str, min(os_name.len, strlen(os_str))))
-                       {
-                               os_type = t;
-                               os_name = chunk_create(os_str, strlen(os_str));
-                               break;
-                       }
-               }
+               os_type = os_type_from_name(os_name);
        }
        }
-       else
+
+       /* If known use the official OS name */
+       if (os_type != OS_TYPE_UNKNOWN)
        {
                os_str = enum_to_name(os_type_names, os_type);
                os_name = chunk_create(os_str, strlen(os_str));
        {
                os_str = enum_to_name(os_type_names, os_type);
                os_name = chunk_create(os_str, strlen(os_str));
@@ -532,6 +525,26 @@ static bool extract_platform_info(os_type_t *type, chunk_t *name,
 /**
  * See header
  */
 /**
  * See header
  */
+os_type_t os_type_from_name(chunk_t name)
+{
+       os_type_t type;
+       char *name_str;
+
+       for (type = OS_TYPE_DEBIAN; type < OS_TYPE_ROOF; type++)
+       {
+               /* name_str is a substring of name.ptr */
+               name_str = enum_to_name(os_type_names, type);
+               if (memeq(name.ptr, name_str, min(name.len, strlen(name_str))))
+               {
+                       return type;
+               }
+       }
+       return OS_TYPE_UNKNOWN;
+}
+
+/**
+ * See header
+ */
 os_info_t *os_info_create(void)
 {
        private_os_info_t *this;
 os_info_t *os_info_create(void)
 {
        private_os_info_t *this;
index d8b53f8..6946b1e 100644 (file)
@@ -38,7 +38,8 @@ enum os_type_t {
        OS_TYPE_CENTOS,
        OS_TYPE_SUSE,
        OS_TYPE_GENTOO,
        OS_TYPE_CENTOS,
        OS_TYPE_SUSE,
        OS_TYPE_GENTOO,
-       OS_TYPE_ANDROID
+       OS_TYPE_ANDROID,
+       OS_TYPE_ROOF
 };
 
 extern enum_name_t *os_type_names;
 };
 
 extern enum_name_t *os_type_names;
@@ -125,6 +126,14 @@ struct os_info_t {
 };
 
 /**
 };
 
 /**
+ * Convert an OS name into an OS enumeration type
+ *
+ * @param name                         OS name
+ * @return                                     OS enumeration type
+ */
+os_type_t os_type_from_name(chunk_t name);
+
+/**
  * Create an os_info_t object
  */
 os_info_t* os_info_create(void);
  * Create an os_info_t object
  */
 os_info_t* os_info_create(void);
index f2e00da..4d28fc6 100644 (file)
@@ -270,8 +270,7 @@ static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg)
                                        attr_cast = (ietf_attr_installed_packages_t*)attr;
 
                                        e = attr_cast->create_enumerator(attr_cast);
                                        attr_cast = (ietf_attr_installed_packages_t*)attr;
 
                                        e = attr_cast->create_enumerator(attr_cast);
-                                       status = os_db->check_packages(os_db,
-                                                                       os_state->get_info(os_state), e);
+                                       status = os_db->check_packages(os_db, os_state, e);
                                        e->destroy(e);
 
                                        switch (status)
                                        e->destroy(e);
 
                                        switch (status)
@@ -333,13 +332,15 @@ static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg)
 
        if (os_name.len && os_version.len)
        {
 
        if (os_name.len && os_version.len)
        {
+               os_type_t os_type;
                char *product_info;
                char *uri = "http://remediation.strongswan.org/fix-it/";
                char *string = "use a Linux operating system instead of Windows 1.2.3";
                char *lang_code = "en";
 
                char *product_info;
                char *uri = "http://remediation.strongswan.org/fix-it/";
                char *string = "use a Linux operating system instead of Windows 1.2.3";
                char *lang_code = "en";
 
-               os_state->set_info(os_state, os_name, os_version);
-               product_info = os_state->get_info(os_state);
+               os_type = os_type_from_name(os_name);
+               os_state->set_info(os_state,os_type, os_name, os_version);
+               product_info = os_state->get_info(os_state, NULL, NULL, NULL);
 
                if (streq(product_info, "Windows 1.2.3"))
                {
 
                if (streq(product_info, "Windows 1.2.3"))
                {
@@ -373,7 +374,7 @@ static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg)
                        attr = ita_attr_get_settings_create();
                        attr_cast = (ita_attr_get_settings_t*)attr;
 
                        attr = ita_attr_get_settings_create();
                        attr_cast = (ita_attr_get_settings_t*)attr;
 
-                       if (chunk_equals(os_name, chunk_create("Android", 7)))
+                       if (os_type == OS_TYPE_ANDROID)
                        {
                                attr_cast->add(attr_cast, "android_id");
                                attr_cast->add(attr_cast, "install_non_market_apps");
                        {
                                attr_cast->add(attr_cast, "android_id");
                                attr_cast->add(attr_cast, "install_non_market_apps");
@@ -529,7 +530,7 @@ TNC_Result TNC_IMV_BatchEnding(TNC_IMVID imv_id,
        }
        os_state = (imv_os_state_t*)state;
 
        }
        os_state = (imv_os_state_t*)state;
 
-       if (os_state->get_info(os_state) == NULL)
+       if (os_state->get_info(os_state, NULL, NULL, NULL) == NULL)
        {
                imv_msg_t *out_msg;
                pa_tnc_attr_t *attr;
        {
                imv_msg_t *out_msg;
                pa_tnc_attr_t *attr;
index 50de3b7..93cd5ec 100644 (file)
@@ -38,45 +38,38 @@ struct private_imv_os_database_t {
 };
 
 METHOD(imv_os_database_t, check_packages, status_t,
 };
 
 METHOD(imv_os_database_t, check_packages, status_t,
-       private_imv_os_database_t *this, char *os_info,
+       private_imv_os_database_t *this, imv_os_state_t *state,
        enumerator_t *package_enumerator)
 {
        enumerator_t *package_enumerator)
 {
-       char *product, *package, *release, *cur_release, *pos;
-       size_t len;
-       int pid, gid, security, i;
+       char *product, *package, *release, *cur_release;
+       u_char *pos;
+       chunk_t os_name, os_version, name, version;
+       os_type_t os_type;
+       size_t os_version_len;
+       int pid, gid, security;
        int count = 0, count_ok = 0, count_no_match = 0, count_not_found = 0;
        enumerator_t *e;
        int count = 0, count_ok = 0, count_no_match = 0, count_not_found = 0;
        enumerator_t *e;
-       chunk_t name, version;
        status_t status = SUCCESS;
        bool found, match;
 
        status_t status = SUCCESS;
        bool found, match;
 
-       char *platform[] = {
-               "i686",
-               "x86_64"
-       };
+       state->get_info(state, &os_type, &os_name, &os_version);
 
 
-       /* looking for appended platform info */
-       for (i = 0; i < countof(platform); i++)
+       if (os_type == OS_TYPE_ANDROID)
        {
        {
-               pos = strstr(os_info, platform[i]);
-               if (pos)
-               {
-                       break;
-               }
-       }
-       if (pos)
-       {
-               /* Remove platform info, leaving OS name and version only */
-               len = pos - os_info - 1;
-               product = malloc(len + 1);
-               memcpy(product, os_info, len);
-               product[len] = '\0';
+               /*no package dependency on Android version */
+               os_version_len = 0;
        }
        else
        {
        }
        else
        {
-               product = strdup(os_info);
+               /* remove appended platform info */
+               pos = memchr(os_version.ptr, ' ', os_version.len);
+               os_version_len = pos ? (pos - os_version.ptr) : os_version.len;
        }
 
        }
 
+       product = malloc(os_name.len + 1 + os_version_len + 1);
+       sprintf(product, "%.*s %.*s", os_name.len, os_name.ptr,
+                                                                 os_version_len, os_version.ptr); 
+
        /* Get primary key of product */
        e = this->db->query(this->db,
                                "SELECT id FROM products WHERE name = ?",
        /* Get primary key of product */
        e = this->db->query(this->db,
                                "SELECT id FROM products WHERE name = ?",
@@ -115,6 +108,11 @@ METHOD(imv_os_database_t, check_packages, status_t,
                if (!e->enumerate(e, &gid))
                {
                        /* package not present in database for any product - skip */
                if (!e->enumerate(e, &gid))
                {
                        /* package not present in database for any product - skip */
+                       if (os_type == OS_TYPE_ANDROID)
+                       {
+                               DBG2(DBG_IMV, "package '%s' (%.*s) not found",
+                                        package, version.len, version.ptr);
+                       }
                        count_not_found++;
                        e->destroy(e);
                        continue;
                        count_not_found++;
                        e->destroy(e);
                        continue;
index b1e6b90..b5c6037 100644 (file)
@@ -22,6 +22,8 @@
 #ifndef IMV_OS_DATABASE_H_
 #define IMV_OS_DATABASE_H_
 
 #ifndef IMV_OS_DATABASE_H_
 #define IMV_OS_DATABASE_H_
 
+#include "imv_os_state.h"
+
 #include <library.h>
 
 typedef struct imv_os_database_t imv_os_database_t;
 #include <library.h>
 
 typedef struct imv_os_database_t imv_os_database_t;
@@ -34,10 +36,10 @@ struct imv_os_database_t {
        /**
         * Check Installed Packages for a given OS
         *
        /**
         * Check Installed Packages for a given OS
         *
-        * @param os_info                               OS name and version
+        * @param state                                 OS IMV state
         * @param package_enumerator    enumerates over installed packages
         */
         * @param package_enumerator    enumerates over installed packages
         */
-       status_t (*check_packages)(imv_os_database_t *this, char* os_info,
+       status_t (*check_packages)(imv_os_database_t *this, imv_os_state_t *state,
                                                           enumerator_t *package_enumerator);
 
        /**
                                                           enumerator_t *package_enumerator);
 
        /**
index 05a3bf6..49d2e56 100644 (file)
@@ -65,11 +65,26 @@ struct private_imv_os_state_t {
        TNC_IMV_Evaluation_Result eval;
 
        /**
        TNC_IMV_Evaluation_Result eval;
 
        /**
-        * OS Product Information
+        * OS Product Information (concatenation of OS Name and Version)
         */
        char *info;
 
        /**
         */
        char *info;
 
        /**
+        * OS Type
+        */
+       os_type_t type;
+
+       /**
+        * OS Name
+        */
+       chunk_t name;
+
+       /**
+        * OS Version
+        */
+       chunk_t version;
+
+       /**
         * OS Installed Package request sent - mandatory response expected
         */
        bool package_request;
         * OS Installed Package request sent - mandatory response expected
         */
        bool package_request;
@@ -171,11 +186,13 @@ METHOD(imv_state_t, destroy, void,
        private_imv_os_state_t *this)
 {
        free(this->info);
        private_imv_os_state_t *this)
 {
        free(this->info);
+       free(this->name.ptr);
+       free(this->version.ptr);
        free(this);
 }
 
 METHOD(imv_os_state_t, set_info, void,
        free(this);
 }
 
 METHOD(imv_os_state_t, set_info, void,
-       private_imv_os_state_t *this, chunk_t name, chunk_t version)
+       private_imv_os_state_t *this, os_type_t type, chunk_t name, chunk_t version)
 {
        int len = name.len + 1 + version.len + 1;
 
 {
        int len = name.len + 1 + version.len + 1;
 
@@ -184,14 +201,36 @@ METHOD(imv_os_state_t, set_info, void,
        this->info = malloc(len);
        snprintf(this->info, len, "%.*s %.*s", name.len, name.ptr,
                                                                                   version.len, version.ptr);
        this->info = malloc(len);
        snprintf(this->info, len, "%.*s %.*s", name.len, name.ptr,
                                                                                   version.len, version.ptr);
+       this->type = type;
+       this->name = chunk_clone(name);
+       this->version = chunk_clone(version);
 }
 
 METHOD(imv_os_state_t, get_info, char*,
 }
 
 METHOD(imv_os_state_t, get_info, char*,
-       private_imv_os_state_t *this)
+       private_imv_os_state_t *this, os_type_t *type, chunk_t *name,
+       chunk_t *version)
 {
 {
+       if (type)
+       {
+               *type = this->type;
+       }
+       if (name)
+       {
+               *name = this->name;
+       }
+       if (version)
+       {
+               *version = this->version;
+       }
        return this->info;
 }
 
        return this->info;
 }
 
+METHOD(imv_os_state_t, get_type, os_type_t,
+       private_imv_os_state_t *this)
+{
+       return this->type;
+}
+
 METHOD(imv_os_state_t, set_package_request, void,
        private_imv_os_state_t *this, bool set)
 {
 METHOD(imv_os_state_t, set_package_request, void,
        private_imv_os_state_t *this, bool set)
 {
index 47684fe..bde5c23 100644 (file)
@@ -22,6 +22,7 @@
 #ifndef IMV_OS_STATE_H_
 #define IMV_OS_STATE_H_
 
 #ifndef IMV_OS_STATE_H_
 #define IMV_OS_STATE_H_
 
+#include "os_info/os_info.h"
 #include <imv/imv_state.h>
 #include <library.h>
 
 #include <imv/imv_state.h>
 #include <library.h>
 
@@ -40,17 +41,23 @@ struct imv_os_state_t {
        /**
         * Set OS Product Information
         *
        /**
         * Set OS Product Information
         *
-        * @param name          OS name
+        * @param type          OS type (enumerated)
+        * @param name          OS name (string)
         * @param version       OS version
         */
         * @param version       OS version
         */
-       void (*set_info)(imv_os_state_t *this, chunk_t name, chunk_t version);
+       void (*set_info)(imv_os_state_t *this, os_type_t os_type,
+                                        chunk_t name, chunk_t version);
 
        /**
         * Get OS Product Information
         *
 
        /**
         * Get OS Product Information
         *
-        * @result                      OS name & version
+        * @param type          OS type (enumerated)
+        * @param name          OS name (string)
+        * @param version       OS version
+        * @result                      OS name & version as a concatenated string 
         */
         */
-       char* (*get_info)(imv_os_state_t *this);
+       char* (*get_info)(imv_os_state_t *this, os_type_t *os_type,
+                                         chunk_t *name, chunk_t *version);
 
        /**
         * Set/reset OS Installed Packages request status
 
        /**
         * Set/reset OS Installed Packages request status