store collected device information in database
authorAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 28 Nov 2012 09:50:56 +0000 (10:50 +0100)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 28 Nov 2012 09:51:11 +0000 (10:51 +0100)
src/libimcv/plugins/imv_os/imv_os.c
src/libimcv/plugins/imv_os/imv_os_database.c
src/libimcv/plugins/imv_os/imv_os_database.h
src/libpts/plugins/imv_attestation/attest_db.c
src/libpts/plugins/imv_attestation/attest_usage.c
src/libpts/plugins/imv_attestation/tables.sql

index bf0d6f2..16906bc 100644 (file)
@@ -373,7 +373,7 @@ static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg)
                !os_state->get_package_request(os_state) &&
                !os_state->get_angel_count(os_state))
        {
-               int count, count_update, count_blacklist, count_ok;
+               int device_id, count, count_update, count_blacklist, count_ok;
 
                os_state->get_count(os_state, &count, &count_update, &count_blacklist,
                                                                          &count_ok);
@@ -381,6 +381,15 @@ static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg)
                         "%d ok, %d not found", count, count_update, count_blacklist,
                         count_ok, count - count_update - count_blacklist - count_ok);
 
+               /* Store device information in database */
+               device_id = os_state->get_device_id(os_state);
+               if (os_db && device_id)
+               {
+                       os_db->set_device_info(os_db, device_id,
+                                               os_state->get_info(os_state, NULL, NULL, NULL),
+                                               count, count_update, count_blacklist);
+               }
+
                if (count_update || count_blacklist ||
                        os_state->get_os_settings(os_state))
                {
index 721bf61..23164b6 100644 (file)
@@ -213,6 +213,63 @@ METHOD(imv_os_database_t, get_device_id, int,
                        id : 0;
 }
 
+METHOD(imv_os_database_t, set_device_info, void,
+       private_imv_os_database_t *this,  int device_id, char *os_info,
+       int count, int count_update, int count_blacklist)
+{
+       enumerator_t *e;
+       time_t last_time;
+       int pid = 0, last_pid = 0, last_count_update = 0, last_count_blacklist = 0;
+       bool found = FALSE;
+
+       /* get primary key of OS info string if it exists */
+       e = this->db->query(this->db,
+                       "SELECT id FROM products WHERE name = ?", DB_TEXT, os_info,
+                        DB_INT);
+       if (e)
+       {
+               e->enumerate(e, &pid);
+               e->destroy(e);
+       }
+
+       /* if OS ifo string has not been found - register it */
+       if (!pid)
+       {
+               this->db->execute(this->db, &pid,
+                       "INSERT INTO products (name) VALUES (?)", DB_TEXT, os_info);
+       }
+
+       /* get latest device info record if it exists */
+       e = this->db->query(this->db,
+                       "SELECT time, product, count_update, count_blacklist "
+                       "FROM device_infos WHERE device = ? ORDER BY time DESC",
+                        DB_INT, device_id, DB_UINT, DB_INT, DB_INT, DB_INT);
+       if (e)
+       {
+               found = e->enumerate(e, &last_time, &last_pid, &last_count_update,
+                                                               &last_count_blacklist);
+               e->destroy(e);
+       }
+       if (found && !last_count_update && !last_count_blacklist && pid == last_pid)
+       {
+               /* update device info */
+               this->db->execute(this->db, NULL,
+                       "UPDATE device_infos SET time = ?, count = ?, count_update = ?, "
+                       "count_blacklist = ? WHERE device = ? AND time = ?",
+                        DB_UINT, time(NULL), DB_INT, count, DB_INT, count_update,
+                        DB_INT, count_blacklist, DB_INT, device_id, DB_UINT, last_time);
+       }
+       else
+       {
+               /* insert device info */
+               this->db->execute(this->db, NULL,
+                       "INSERT INTO device_infos (device, time, product, "
+                       "count, count_update, count_blacklist) VALUES (?, ?, ?, ?, ?, ?)",
+                        DB_INT, device_id, DB_UINT, time(NULL), DB_INT, pid,
+                        DB_INT, count, DB_INT, count_update, DB_INT, count_blacklist);
+       }
+}
+
 METHOD(imv_os_database_t, destroy, void,
        private_imv_os_database_t *this)
 {
@@ -231,6 +288,7 @@ imv_os_database_t *imv_os_database_create(char *uri)
                .public = {
                        .check_packages = _check_packages,
                        .get_device_id = _get_device_id,
+                       .set_device_info = _set_device_info,
                        .destroy = _destroy,
                },
                .db = lib->db->create(lib->db, uri),
index 00b3536..a98ecb5 100644 (file)
@@ -50,6 +50,18 @@ struct imv_os_database_t {
        int (*get_device_id)(imv_os_database_t *this, chunk_t value);
 
        /**
+       * Set health infos for a given  device
+       *
+       * @param device_id                              Device ID primary key
+       * @param os_info                                OS info string
+       * @param count                                  Number of installed packages
+       * @param count_update                   Number of packages to be updated
+       * @param count_blacklist                Number of blacklisted packages
+       */
+       void (*set_device_info)(imv_os_database_t *this, int device_id, char *os_info,
+                                                       int count, int count_update, int count_blacklist);
+
+       /**
        * Destroys an imv_os_database_t object.
        */
        void (*destroy)(imv_os_database_t *this);
index d01c182..944ed83 100644 (file)
@@ -795,19 +795,36 @@ METHOD(attest_db_t, list_devices, void,
 {
        enumerator_t *e;
        chunk_t value;
-       int id, count = 0;
+       char *product;
+       time_t timestamp;
+       int id, last_id = 0, device_count = 0;
+       int count, count_update, count_blacklist;
 
        e = this->db->query(this->db,
-                                               "SELECT id, value FROM devices", DB_INT, DB_BLOB);
+                       "SELECT d.id, d.value, i.time, i.count, i.count_update, "
+                       "i.count_blacklist, p.name FROM devices AS d "
+                       "JOIN device_infos AS i ON d.id = i.device "
+                       "JOIN products AS p ON p.id = i.product "
+                       "ORDER BY d.value, i.time DESC",
+                        DB_INT, DB_BLOB, DB_UINT, DB_INT, DB_INT, DB_INT, DB_TEXT);
+
        if (e)
        {
-               while (e->enumerate(e,  &id, &value))
+               while (e->enumerate(e, &id, &value, &timestamp, &count, &count_update,
+                                                          &count_blacklist, &product))
                {
-                       printf("%4d: %.*s\n", id, value.len, value.ptr);
-                       count++;
+                       if (id != last_id)
+                       {
+                               printf("%4d: %.*s\n", id, value.len, value.ptr);
+                               device_count++;
+                               last_id = id;
+                       }
+                       printf("      %T, %4d, %3d, %3d, '%s'\n", &timestamp, TRUE,
+                                  count, count_update, count_blacklist, product);
                }
                e->destroy(e);
-               printf("%d device%s found\n", count, (count == 1) ? "" : "s");
+               printf("%d device%s found\n", device_count,
+                                                                        (device_count == 1) ? "" : "s");
        }
 }
 
index c7bf976..df44c17 100644 (file)
@@ -64,6 +64,9 @@ Usage:\n\
     Show a list of software packages for a given product or\n\
     its primary key as an optional selector.\n\
   \n\
+  ipsec attest --devices\n\
+    Show a list of registered devices and associated collected information\n\
+  \n\
   ipsec attest --add --file <path>|--dir <path>|--product <name>|--component <cfn>\n\
     Add a file, directory, product or component entry\n\
     Component <cfn> entries must be of the form <vendor_id>/<name>-<qualifier>\n\
index e17318b..8a79ea7 100644 (file)
@@ -131,7 +131,7 @@ CREATE TABLE device_infos (
   product INTEGER DEFAULT 0,
   count INTEGER DEFAULT 0,
   count_update INTEGER DEFAULT 0,
-  count_remove INTEGER DEFAULT 0,
+  count_blacklist INTEGER DEFAULT 0,
   flags INTEGER DEFAULT 0,
   PRIMARY KEY (device, time)
 );