ipsec attest now deletes file hashes
authorAndreas Steffen <andreas.steffen@strongswan.org>
Sun, 22 Jul 2012 07:29:39 +0000 (09:29 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Sun, 22 Jul 2012 07:29:39 +0000 (09:29 +0200)
src/libpts/plugins/imv_attestation/attest_db.c
src/libpts/plugins/imv_attestation/build-database.sh [changed mode: 0644->0755]

index ebd6606..55afcab 100644 (file)
@@ -1248,6 +1248,25 @@ METHOD(attest_db_t, delete, bool,
 {
        bool success;
 
+       /* delete a file measurement hash for a given product */
+       if (this->algo && this->pid && this->fid)
+       {
+               success = this->db->execute(this->db, NULL,
+                                                               "DELETE FROM file_hashes "
+                                                               "WHERE algo = ? AND product = ? "
+                                                               "AND file = ? AND directory = ?",
+                                                               DB_UINT, this->algo, DB_UINT, this->pid,
+                                                               DB_UINT, this->fid, DB_UINT, this->cid) > 0;
+
+               printf("%4d: %s%s%s\n", this->fid, this->dir, this->did ? "/":"",
+                                                               this->file);
+               printf("%N value for product '%s' %sdeleted from database\n",
+                               pts_meas_algorithm_names, this->algo, this->product,
+                               success ? "" : "could not be ");
+
+               return success;
+       }
+
        if (this->pid && (this->fid || this->did))
        {
                printf("deletion of product/file entries not supported yet\n");
@@ -1370,7 +1389,6 @@ attest_db_t *attest_db_create(char *uri)
                        .destroy = _destroy,
                },
                .dir = strdup(""),
-               .algo = PTS_MEAS_ALGO_SHA256,
                .db = lib->db->create(lib->db, uri),
        );
 
old mode 100644 (file)
new mode 100755 (executable)
index 91c644c..b24ad02
@@ -233,4 +233,9 @@ ipsec attest --add --product "$p" --sha1-ima --relative --dir  /usr/lib/xorg/mod
 ipsec attest --add --product "$p" --sha1-ima --relative --dir  /usr/lib/xorg/modules/extensions
 ipsec attest --add --product "$p" --sha1-ima --relative --dir  /usr/lib/xorg/modules/input
 ipsec attest --add --product "$p" --sha1-ima --relative --dir  /usr/share/fonts/truetype/ubuntu-font-family
-
+ipsec attest --del --product "$p" --sha1                --file /lib/resolvconf/list-records
+ipsec attest --del --product "$p" --sha1-ima            --file /lib/resolvconf/list-records
+ipsec attest --del --product "$p" --sha1                --file /usr/bin/lsb_release
+ipsec attest --del --product "$p" --sha1-ima            --file /usr/bin/lsb_release
+ipsec attest --del --product "$p" --sha1                --file /usr/share/language-tools/language-options
+ipsec attest --del --product "$p" --sha1-ima            --file /usr/share/language-tools/language-options