Support blacklist field in PTS database
authorAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 26 Jun 2013 10:07:09 +0000 (12:07 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 26 Jun 2013 10:07:09 +0000 (12:07 +0200)
src/libimcv/plugins/imv_os/imv_os_database.c
src/libpts/plugins/imv_attestation/attest.c
src/libpts/plugins/imv_attestation/attest_db.c
src/libpts/plugins/imv_attestation/attest_db.h

index a4cc015..3cdbebf 100644 (file)
@@ -46,8 +46,7 @@ METHOD(imv_os_database_t, check_packages, status_t,
        char *product, *package, *release, *cur_release;
        chunk_t name, version;
        os_type_t os_type;
-       os_package_state_t package_state;
-       int pid, gid;
+       int pid, gid, security, blacklist;
        int count = 0, count_ok = 0, count_no_match = 0, count_blacklist = 0;
        enumerator_t *e;
        status_t status = SUCCESS;
@@ -110,9 +109,9 @@ METHOD(imv_os_database_t, check_packages, status_t,
 
                /* Enumerate over all acceptable versions */
                e = this->db->query(this->db,
-                               "SELECT release, security FROM versions "
+                               "SELECT release, security, blacklist FROM versions "
                                "WHERE product = ? AND package = ?",
-                               DB_INT, pid, DB_INT, gid, DB_TEXT, DB_INT);
+                               DB_INT, pid, DB_INT, gid, DB_TEXT, DB_INT, DB_INT);
                if (!e)
                {
                        free(package);
@@ -122,7 +121,7 @@ METHOD(imv_os_database_t, check_packages, status_t,
                found = FALSE;
                match = FALSE;
 
-               while (e->enumerate(e, &cur_release, &package_state))
+               while (e->enumerate(e, &cur_release, &security, &blacklist))
                {
                        found = TRUE;
                        if (streq(release, cur_release) || streq("*", cur_release))
@@ -137,17 +136,18 @@ METHOD(imv_os_database_t, check_packages, status_t,
                {
                        if (match)
                        {
-                               if (package_state == OS_PACKAGE_STATE_BLACKLIST)
+                               if (blacklist)
                                {
                                        DBG2(DBG_IMV, "package '%s' (%s) is blacklisted",
                                                                   package, release);
                                        count_blacklist++;
-                                       state->add_bad_package(state, package, package_state);
+                                       state->add_bad_package(state, package,
+                                                                                  OS_PACKAGE_STATE_BLACKLIST);
                                }
                                else
                                {
-                                       DBG2(DBG_IMV, "package '%s' (%s)%N is ok", package, release,
-                                                                  os_package_state_names, package_state);
+                                       DBG2(DBG_IMV, "package '%s' (%s)%s is ok", package, release,
+                                                                  security ? " [s]" : "");
                                        count_ok++;
                                }
                        }
@@ -155,7 +155,8 @@ METHOD(imv_os_database_t, check_packages, status_t,
                        {
                                DBG1(DBG_IMV, "package '%s' (%s) no match", package, release);
                                count_no_match++;
-                               state->add_bad_package(state, package, package_state);
+                               state->add_bad_package(state, package,
+                                                                          OS_PACKAGE_STATE_SECURITY);
                        }
                }
                else
index 031883a..6cefb21 100644 (file)
@@ -250,7 +250,7 @@ static void do_args(int argc, char *argv[])
                                continue;
                        }
                        case 'B':
-                               attest->set_security(attest, OS_PACKAGE_STATE_BLACKLIST);
+                               attest->set_package_state(attest, OS_PACKAGE_STATE_BLACKLIST);
                                continue;
                        case 'C':
                                if (!attest->set_component(attest, optarg, op == OP_ADD))
@@ -330,7 +330,7 @@ static void do_args(int argc, char *argv[])
                                }
                                continue;
                        case 'Y':
-                               attest->set_security(attest, OS_PACKAGE_STATE_SECURITY);
+                               attest->set_package_state(attest, OS_PACKAGE_STATE_SECURITY);
                                continue;
                        case '1':
                                attest->set_algo(attest, PTS_MEAS_ALGO_SHA1);
index 3bbf499..749ba25 100644 (file)
@@ -144,9 +144,9 @@ struct private_attest_db_t {
        bool utc;
 
        /**
-        * Package security state
+        * Package security or blacklist state
         */
-       os_package_state_t security;
+       os_package_state_t package_state;
 
        /**
         * Sequence number for ordering entries
@@ -733,10 +733,10 @@ METHOD(attest_db_t, set_relative, void,
        this->relative = TRUE;
 }
 
-METHOD(attest_db_t, set_security, void,
-       private_attest_db_t *this, os_package_state_t security)
+METHOD(attest_db_t, set_package_state, void,
+       private_attest_db_t *this, os_package_state_t package_state)
 {
-       this->security = security;
+       this->package_state = package_state;
 }
 
 METHOD(attest_db_t, set_sequence, void,
@@ -1018,20 +1018,23 @@ METHOD(attest_db_t, list_packages, void,
 {
        enumerator_t *e;
        char *package, *version;
-       os_package_state_t security;
-       int gid, gid_old = 0, spaces, count = 0, t;
+       os_package_state_t package_state;
+       int blacklist, security, gid, gid_old = 0, spaces, count = 0, t;
        time_t timestamp;
 
        if (this->pid)
        {
                e = this->db->query(this->db,
-                               "SELECT p.id, p.name, v.release, v.security, v.time "
+                               "SELECT p.id, p.name, "
+                               "v.release, v.security, v.blacklist, v.time "
                                "FROM packages AS p JOIN versions AS v ON v.package = p.id "
                                "WHERE v.product = ? ORDER BY p.name, v.release",
-                               DB_INT, this->pid, DB_INT, DB_TEXT, DB_TEXT, DB_INT, DB_INT);
+                               DB_INT, this->pid,
+                               DB_INT, DB_TEXT, DB_TEXT, DB_INT, DB_INT, DB_INT);
                if (e)
                {
-                       while (e->enumerate(e, &gid, &package, &version, &security, &t))
+                       while (e->enumerate(e, &gid, &package,
+                                                                  &version, &security, &blacklist, &t))
                        {
                                if (gid != gid_old)
                                {
@@ -1047,8 +1050,17 @@ METHOD(attest_db_t, list_packages, void,
                                        }
                                }
                                timestamp = t;
+                               if (blacklist)
+                               {
+                                       package_state = OS_PACKAGE_STATE_BLACKLIST;
+                               }
+                               else
+                               {
+                                       package_state = security ? OS_PACKAGE_STATE_SECURITY :
+                                                                                          OS_PACKAGE_STATE_UPDATE;
+                               }
                                printf(" %T (%s)%N\n", &timestamp, this->utc, version,
-                                        os_package_state_names, security);
+                                        os_package_state_names, package_state);
                                count++;
                        }
                        e->destroy(e);
@@ -1794,17 +1806,22 @@ METHOD(attest_db_t, add, bool,
        if (this->version_set && this->gid && this->pid)
        {
                time_t t = time(NULL);
+               int security, blacklist;
+
+               security =  this->package_state == OS_PACKAGE_STATE_SECURITY;
+               blacklist = this->package_state == OS_PACKAGE_STATE_BLACKLIST;
 
                success = this->db->execute(this->db, NULL,
                                        "INSERT INTO versions "
-                                       "(package, product, release, security, time) "
-                                       "VALUES (?, ?, ?, ?, ?)",
-                                       DB_UINT, this->gid, DB_UINT, this->pid, DB_TEXT,
-                                       this->version, DB_UINT, this->security, DB_INT, t) == 1;
+                                       "(package, product, release, security, blacklist, time) "
+                                       "VALUES (?, ?, ?, ?, ?, ?)",
+                                       DB_UINT, this->gid, DB_INT, this->pid, DB_TEXT,
+                                       this->version, DB_INT, security, DB_INT, blacklist,
+                                       DB_INT, t) == 1;
 
                printf("'%s' package %s (%s)%N %sinserted into database\n",
                                this->product, this->package, this->version,
-                               os_package_state_names, this->security,
+                               os_package_state_names, this->package_state,
                                success ? "" : "could not be ");
        }
        return success;
@@ -1982,7 +1999,7 @@ attest_db_t *attest_db_create(char *uri)
                        .set_version = _set_version,
                        .set_algo = _set_algo,
                        .set_relative = _set_relative,
-                       .set_security = _set_security,
+                       .set_package_state = _set_package_state,
                        .set_sequence = _set_sequence,
                        .set_owner = _set_owner,
                        .set_utc = _set_utc,
index 0d29be9..d0a48d8 100644 (file)
@@ -160,9 +160,9 @@ struct attest_db_t {
        void (*set_relative)(attest_db_t *this);
 
        /**
-        * Set the package security state
+        * Set the package security or blacklist state
         */
-       void (*set_security)(attest_db_t *this, os_package_state_t security);
+       void (*set_package_state)(attest_db_t *this, os_package_state_t package_state);
 
        /**
         * Set the sequence number