Allow reason strings to be used as workitem result string
authorAndreas Steffen <andreas.steffen@strongswan.org>
Tue, 31 Dec 2013 12:13:32 +0000 (13:13 +0100)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Mon, 13 Jan 2014 11:06:17 +0000 (12:06 +0100)
src/libimcv/imv/imv_reason_string.c
src/libimcv/imv/imv_reason_string.h
src/libimcv/plugins/imv_os/imv_os_state.c
src/libimcv/plugins/imv_scanner/imv_scanner_state.c
src/libimcv/plugins/imv_test/imv_test_state.c
src/libpts/plugins/imv_attestation/imv_attestation_agent.c
src/libpts/plugins/imv_attestation/imv_attestation_process.c
src/libpts/plugins/imv_attestation/imv_attestation_state.c
src/libpts/plugins/imv_attestation/imv_attestation_state.h

index d1447ec..c09b7bd 100644 (file)
@@ -35,6 +35,11 @@ struct private_imv_reason_string_t {
        char *lang;
 
        /**
+        * Separator concatenating multiple reasons
+        */
+       char *separator;
+
+       /**
         * Contains the concatenated reasons
         */
        chunk_t reasons;
@@ -51,7 +56,8 @@ METHOD(imv_reason_string_t, add_reason, void,
        if (this->reasons.len)
        {
                /* append any further reasons */
-               this->reasons = chunk_cat("mcc", this->reasons, chunk_from_chars('\n'),
+               this->reasons = chunk_cat("mcc", this->reasons,
+                                                                 chunk_from_str(this->separator),
                                                                  chunk_create(s_reason, strlen(s_reason)));
        }
        else
@@ -77,7 +83,7 @@ METHOD(imv_reason_string_t, destroy, void,
 /**
  * Described in header.
  */
-imv_reason_string_t *imv_reason_string_create(char *lang)
+imv_reason_string_t *imv_reason_string_create(char *lang, char *separator)
 {
        private_imv_reason_string_t *this;
 
@@ -88,6 +94,7 @@ imv_reason_string_t *imv_reason_string_create(char *lang)
                        .destroy = _destroy,
                },
                .lang = lang,
+               .separator = separator,
        );
 
        return &this->public;
index cb4c27f..c35ec36 100644 (file)
@@ -58,7 +58,8 @@ struct imv_reason_string_t {
  * Creates an Reason String object
  *
  * @param lang                         Preferred language
+ * @param separator                    String separating multiple reasons
  */
- imv_reason_string_t* imv_reason_string_create(char *lang);
+ imv_reason_string_t* imv_reason_string_create(char *lang, char *separator);
 
 #endif /** IMV_REASON_STRING_H_ @}*/
index f6d904c..f7e9a6b 100644 (file)
@@ -421,7 +421,7 @@ METHOD(imv_state_t, get_reason_string, bool,
 
        /* Instantiate a TNC Reason String object */
        DESTROY_IF(this->reason_string);
-       this->reason_string = imv_reason_string_create(*reason_language);
+       this->reason_string = imv_reason_string_create(*reason_language, "\n");
 
        if (this->count_update || this->count_blacklist)
        {
index 4c570c4..6658683 100644 (file)
@@ -281,7 +281,7 @@ METHOD(imv_state_t, get_reason_string, bool,
 
        /* Instantiate a TNC Reason String object */
        DESTROY_IF(this->reason_string);
-       this->reason_string = imv_reason_string_create(*reason_language);
+       this->reason_string = imv_reason_string_create(*reason_language, "\n");
        if (this->rec != TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION)
        {
                this->reason_string->add_reason(this->reason_string, reasons);
index 0da09df..f05db80 100644 (file)
@@ -228,7 +228,7 @@ METHOD(imv_state_t, get_reason_string, bool,
 
        /* Instantiate a TNC Reason String object */
        DESTROY_IF(this->reason_string);
-       this->reason_string = imv_reason_string_create(*reason_language);
+       this->reason_string = imv_reason_string_create(*reason_language, "\n");
        this->reason_string->add_reason(this->reason_string, reasons);
        *reason_string = this->reason_string->get_encoding(this->reason_string);
 
index 0b960ac..fbfde3e 100644 (file)
@@ -551,18 +551,22 @@ METHOD(imv_agent_if_t, solicit_recommendation, TNC_Result,
                                        case IMV_WORKITEM_FILE_MEAS:
                                        case IMV_WORKITEM_DIR_REF_MEAS:
                                        case IMV_WORKITEM_DIR_MEAS:
-                                               session->remove_workitem(session, enumerator);
-                                               result_str = "pending file measurements";
-                                               eval = TNC_IMV_EVALUATION_RESULT_ERROR;
-                                               rec = workitem->set_result(workitem, result_str, eval);
-                                               state->update_recommendation(state, rec, eval);
-                                               imcv_db->finalize_workitem(imcv_db, workitem);
-                                               workitem->destroy(workitem);
+                                               result_str = "Pending file measurements";
                                                pending_file_meas++;
                                                break;
-                                       default:
+                                       case IMV_WORKITEM_TPM_ATTEST:
+                                               attestation_state->finalize_components(attestation_state);
+                                               result_str = "Pending component evidence";
                                                break;
+                                       default:
+                                               continue;
                                }
+                               session->remove_workitem(session, enumerator);
+                               eval = TNC_IMV_EVALUATION_RESULT_ERROR;
+                               rec = workitem->set_result(workitem, result_str, eval);
+                               state->update_recommendation(state, rec, eval);
+                               imcv_db->finalize_workitem(imcv_db, workitem);
+                               workitem->destroy(workitem);
                        }
                        enumerator->destroy(enumerator);
 
index f5f1162..bd1109a 100644 (file)
@@ -424,9 +424,6 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg,
                                {
                                        DBG1(DBG_IMV, "received PCR Composite does not match "
                                                                  "constructed one");
-                                       state->update_recommendation(state,
-                                                               TNC_IMV_ACTION_RECOMMENDATION_ISOLATE,
-                                                               TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR);
                                        attestation_state->set_measurement_error(attestation_state,
                                                                                IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL);
                                        goto quote_error;
@@ -435,9 +432,6 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg,
 
                                if (!pts->verify_quote_signature(pts, quote_info, tpm_quote_sig))
                                {
-                                       state->update_recommendation(state,
-                                                               TNC_IMV_ACTION_RECOMMENDATION_ISOLATE,
-                                                               TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR);
                                        attestation_state->set_measurement_error(attestation_state,
                                                                                IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL);
                                        goto quote_error;
@@ -471,12 +465,20 @@ quote_error:
                                                                         IMV_ATTESTATION_ERROR_COMP_EVID_PEND |
                                                                         IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL))
                                                {
-                                                       result_str = "attestation failed";
-                                                       eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT;
+                                                       imv_reason_string_t *reason_string;
+                                                       chunk_t result;
+
+                                                       reason_string = imv_reason_string_create("en", ", ");
+                                                       attestation_state->add_comp_evid_reasons(
+                                                                                       attestation_state, reason_string);
+                                                       result = reason_string->get_encoding(reason_string);
+                                                       result_str = strndup(result.ptr, result.len);
+                                                       reason_string->destroy(reason_string);
+                                                       eval = TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR;
                                                }
                                                else
                                                {
-                                                       result_str = "attestation successful";
+                                                       result_str = strdup("attestation successful");
                                                        eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT;
                                                }
                                                session->remove_workitem(session, enumerator);
@@ -484,6 +486,7 @@ quote_error:
                                                state->update_recommendation(state, rec, eval);
                                                imcv_db->finalize_workitem(imcv_db, workitem);
                                                workitem->destroy(workitem);
+                                               free(result_str);
                                                break;
                                        }
                                }
index 4701175..200de1e 100644 (file)
@@ -290,42 +290,48 @@ METHOD(imv_state_t, update_recommendation, void,
        this->eval = tncif_policy_update_evaluation(this->eval, eval);
 }
 
-METHOD(imv_state_t, get_reason_string, bool,
-       private_imv_attestation_state_t *this, enumerator_t *language_enumerator,
-       chunk_t *reason_string, char **reason_language)
+METHOD(imv_attestation_state_t, add_file_meas_reasons, void,
+       private_imv_attestation_state_t *this, imv_reason_string_t *reason_string)
 {
-       *reason_language = imv_lang_string_select_lang(language_enumerator,
-                                                                                         languages, countof(languages));
-
-       /* Instantiate a TNC Reason String object */
-       DESTROY_IF(this->reason_string);
-       this->reason_string = imv_reason_string_create(*reason_language);
-
        if (this->measurement_error & IMV_ATTESTATION_ERROR_FILE_MEAS_FAIL)
        {
-               this->reason_string->add_reason(this->reason_string,
-                                                                               reason_file_meas_fail);
+               reason_string->add_reason(reason_string, reason_file_meas_fail);
        }
        if (this->measurement_error & IMV_ATTESTATION_ERROR_FILE_MEAS_PEND)
        {
-               this->reason_string->add_reason(this->reason_string,
-                                                                               reason_file_meas_pend);
+               reason_string->add_reason(reason_string, reason_file_meas_pend);
        }
+}
+
+METHOD(imv_attestation_state_t, add_comp_evid_reasons, void,
+       private_imv_attestation_state_t *this, imv_reason_string_t *reason_string)
+{
        if (this->measurement_error & IMV_ATTESTATION_ERROR_COMP_EVID_FAIL)
        {
-               this->reason_string->add_reason(this->reason_string,
-                                                                               reason_comp_evid_fail);
+               reason_string->add_reason(reason_string, reason_comp_evid_fail);
        }
        if (this->measurement_error & IMV_ATTESTATION_ERROR_COMP_EVID_PEND)
        {
-               this->reason_string->add_reason(this->reason_string,
-                                                                               reason_comp_evid_pend);
+               reason_string->add_reason(reason_string, reason_comp_evid_pend);
        }
        if (this->measurement_error & IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL)
        {
-               this->reason_string->add_reason(this->reason_string,
-                                                                               reason_tpm_quote_fail);
+               reason_string->add_reason(reason_string, reason_tpm_quote_fail);
        }
+}
+
+METHOD(imv_state_t, get_reason_string, bool,
+       private_imv_attestation_state_t *this, enumerator_t *language_enumerator,
+       chunk_t *reason_string, char **reason_language)
+{
+       *reason_language = imv_lang_string_select_lang(language_enumerator,
+                                                                                         languages, countof(languages));
+
+       /* Instantiate a TNC Reason String object */
+       DESTROY_IF(this->reason_string);
+       this->reason_string = imv_reason_string_create(*reason_language, "\n");
+       add_file_meas_reasons(this, this->reason_string);
+       add_comp_evid_reasons(this, this->reason_string);
        *reason_string = this->reason_string->get_encoding(this->reason_string);
 
        return TRUE;
@@ -461,9 +467,6 @@ METHOD(imv_attestation_state_t, finalize_components, void,
                if (!entry->comp->finalize(entry->comp, entry->qualifier))
                {
                        set_measurement_error(this, IMV_ATTESTATION_ERROR_COMP_EVID_PEND);
-                       update_recommendation(this,
-                                        TNC_IMV_ACTION_RECOMMENDATION_ISOLATE,
-                                        TNC_IMV_EVALUATION_RESULT_ERROR);
                }
                free_func_comp(entry);
        }
@@ -514,6 +517,8 @@ imv_state_t *imv_attestation_state_create(TNC_ConnectionID connection_id)
                        .components_finalized = _components_finalized,
                        .get_measurement_error = _get_measurement_error,
                        .set_measurement_error = _set_measurement_error,
+                       .add_file_meas_reasons = _add_file_meas_reasons,
+                       .add_comp_evid_reasons = _add_comp_evid_reasons,
                },
                .connection_id = connection_id,
                .state = TNC_CONNECTION_STATE_CREATE,
index 27d1ae8..6ee9ed1 100644 (file)
@@ -25,6 +25,7 @@
 #define IMV_ATTESTATION_STATE_H_
 
 #include <imv/imv_state.h>
+#include <imv/imv_reason_string.h>
 #include <pts/pts.h>
 #include <pts/pts_database.h>
 #include <pts/components/pts_component.h>
@@ -150,6 +151,21 @@ struct imv_attestation_state_t {
        void (*set_measurement_error)(imv_attestation_state_t *this,
                                                                  u_int32_t error);
 
+       /**
+        * Returns a concatenation of File Measurement reason strings
+        *
+        * @param reason_string         Concatenated reason strings
+        */
+       void (*add_file_meas_reasons)(imv_attestation_state_t *this,
+                                                                 imv_reason_string_t *reason_string);
+
+       /**
+        * Returns a concatenation of Component Evidence reason strings
+        *
+        * @param reason_string         Concatenated reason strings
+        */
+       void (*add_comp_evid_reasons)(imv_attestation_state_t *this,
+                                                                 imv_reason_string_t *reason_string);
 };
 
 /**