!os_state->get_package_request(os_state) &&
!os_state->get_angel_count(os_state))
{
- int count, count_update, count_blacklist, count_ok;
+ int device_id, count, count_update, count_blacklist, count_ok;
os_state->get_count(os_state, &count, &count_update, &count_blacklist,
&count_ok);
"%d ok, %d not found", count, count_update, count_blacklist,
count_ok, count - count_update - count_blacklist - count_ok);
+ /* Store device information in database */
+ device_id = os_state->get_device_id(os_state);
+ if (os_db && device_id)
+ {
+ os_db->set_device_info(os_db, device_id,
+ os_state->get_info(os_state, NULL, NULL, NULL),
+ count, count_update, count_blacklist);
+ }
+
if (count_update || count_blacklist ||
os_state->get_os_settings(os_state))
{
id : 0;
}
+METHOD(imv_os_database_t, set_device_info, void,
+ private_imv_os_database_t *this, int device_id, char *os_info,
+ int count, int count_update, int count_blacklist)
+{
+ enumerator_t *e;
+ time_t last_time;
+ int pid = 0, last_pid = 0, last_count_update = 0, last_count_blacklist = 0;
+ bool found = FALSE;
+
+ /* get primary key of OS info string if it exists */
+ e = this->db->query(this->db,
+ "SELECT id FROM products WHERE name = ?", DB_TEXT, os_info,
+ DB_INT);
+ if (e)
+ {
+ e->enumerate(e, &pid);
+ e->destroy(e);
+ }
+
+ /* if OS ifo string has not been found - register it */
+ if (!pid)
+ {
+ this->db->execute(this->db, &pid,
+ "INSERT INTO products (name) VALUES (?)", DB_TEXT, os_info);
+ }
+
+ /* get latest device info record if it exists */
+ e = this->db->query(this->db,
+ "SELECT time, product, count_update, count_blacklist "
+ "FROM device_infos WHERE device = ? ORDER BY time DESC",
+ DB_INT, device_id, DB_UINT, DB_INT, DB_INT, DB_INT);
+ if (e)
+ {
+ found = e->enumerate(e, &last_time, &last_pid, &last_count_update,
+ &last_count_blacklist);
+ e->destroy(e);
+ }
+ if (found && !last_count_update && !last_count_blacklist && pid == last_pid)
+ {
+ /* update device info */
+ this->db->execute(this->db, NULL,
+ "UPDATE device_infos SET time = ?, count = ?, count_update = ?, "
+ "count_blacklist = ? WHERE device = ? AND time = ?",
+ DB_UINT, time(NULL), DB_INT, count, DB_INT, count_update,
+ DB_INT, count_blacklist, DB_INT, device_id, DB_UINT, last_time);
+ }
+ else
+ {
+ /* insert device info */
+ this->db->execute(this->db, NULL,
+ "INSERT INTO device_infos (device, time, product, "
+ "count, count_update, count_blacklist) VALUES (?, ?, ?, ?, ?, ?)",
+ DB_INT, device_id, DB_UINT, time(NULL), DB_INT, pid,
+ DB_INT, count, DB_INT, count_update, DB_INT, count_blacklist);
+ }
+}
+
METHOD(imv_os_database_t, destroy, void,
private_imv_os_database_t *this)
{
.public = {
.check_packages = _check_packages,
.get_device_id = _get_device_id,
+ .set_device_info = _set_device_info,
.destroy = _destroy,
},
.db = lib->db->create(lib->db, uri),
int (*get_device_id)(imv_os_database_t *this, chunk_t value);
/**
+ * Set health infos for a given device
+ *
+ * @param device_id Device ID primary key
+ * @param os_info OS info string
+ * @param count Number of installed packages
+ * @param count_update Number of packages to be updated
+ * @param count_blacklist Number of blacklisted packages
+ */
+ void (*set_device_info)(imv_os_database_t *this, int device_id, char *os_info,
+ int count, int count_update, int count_blacklist);
+
+ /**
* Destroys an imv_os_database_t object.
*/
void (*destroy)(imv_os_database_t *this);
{
enumerator_t *e;
chunk_t value;
- int id, count = 0;
+ char *product;
+ time_t timestamp;
+ int id, last_id = 0, device_count = 0;
+ int count, count_update, count_blacklist;
e = this->db->query(this->db,
- "SELECT id, value FROM devices", DB_INT, DB_BLOB);
+ "SELECT d.id, d.value, i.time, i.count, i.count_update, "
+ "i.count_blacklist, p.name FROM devices AS d "
+ "JOIN device_infos AS i ON d.id = i.device "
+ "JOIN products AS p ON p.id = i.product "
+ "ORDER BY d.value, i.time DESC",
+ DB_INT, DB_BLOB, DB_UINT, DB_INT, DB_INT, DB_INT, DB_TEXT);
+
if (e)
{
- while (e->enumerate(e, &id, &value))
+ while (e->enumerate(e, &id, &value, ×tamp, &count, &count_update,
+ &count_blacklist, &product))
{
- printf("%4d: %.*s\n", id, value.len, value.ptr);
- count++;
+ if (id != last_id)
+ {
+ printf("%4d: %.*s\n", id, value.len, value.ptr);
+ device_count++;
+ last_id = id;
+ }
+ printf(" %T, %4d, %3d, %3d, '%s'\n", ×tamp, TRUE,
+ count, count_update, count_blacklist, product);
}
e->destroy(e);
- printf("%d device%s found\n", count, (count == 1) ? "" : "s");
+ printf("%d device%s found\n", device_count,
+ (device_count == 1) ? "" : "s");
}
}
Show a list of software packages for a given product or\n\
its primary key as an optional selector.\n\
\n\
+ ipsec attest --devices\n\
+ Show a list of registered devices and associated collected information\n\
+ \n\
ipsec attest --add --file <path>|--dir <path>|--product <name>|--component <cfn>\n\
Add a file, directory, product or component entry\n\
Component <cfn> entries must be of the form <vendor_id>/<name>-<qualifier>\n\
product INTEGER DEFAULT 0,
count INTEGER DEFAULT 0,
count_update INTEGER DEFAULT 0,
- count_remove INTEGER DEFAULT 0,
+ count_blacklist INTEGER DEFAULT 0,
flags INTEGER DEFAULT 0,
PRIMARY KEY (device, time)
);