projects / strongswan.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 459c50c)
improved control when an attribute request is sent
authorAndreas Steffen <andreas.steffen@strongswan.org>
Sun, 3 Feb 2013 19:48:05 +0000 (20:48 +0100)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Sun, 3 Feb 2013 19:48:05 +0000 (20:48 +0100)
src/libimcv/plugins/imv_os/imv_os.c patch | blob | history
src/libimcv/plugins/imv_os/imv_os_state.c patch | blob | history
src/libimcv/plugins/imv_os/imv_os_state.h patch | blob | history

diff --git a/src/libimcv/plugins/imv_os/imv_os.c b/src/libimcv/plugins/imv_os/imv_os.c
index 65538df..ecc6cfc 100644 (file)
--- a/src/libimcv/plugins/imv_os/imv_os.c
+++ b/src/libimcv/plugins/imv_os/imv_os.c
@@ -360,7 +360,9 @@ static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg)
                out_msg->add_attribute(out_msg, attr);
        }
 
-       if (fatal_error)
+       if (fatal_error ||
+          (os_state->get_attribute_request(os_state) &&
+               os_state->get_info(os_state, NULL, NULL, NULL) == NULL))
        {
                state->set_recommendation(state,
                                                                TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
@@ -371,7 +373,8 @@ static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg)
        /* If all Installed Packages attributes were received, go to assessment */
        if (!assessment &&
                !os_state->get_package_request(os_state) &&
-               !os_state->get_angel_count(os_state))
+               !os_state->get_angel_count(os_state) &&
+                os_state->get_info(os_state, NULL, NULL, NULL))
        {
                int device_id, count, count_update, count_blacklist, count_ok;
                u_int os_settings;
@@ -518,6 +521,8 @@ TNC_Result TNC_IMV_BatchEnding(TNC_IMVID imv_id,
 {
        imv_state_t *state;
        imv_os_state_t *os_state;
+       TNC_IMV_Action_Recommendation rec;
+       TNC_IMV_Evaluation_Result eval;
        TNC_Result result = TNC_RESULT_SUCCESS;
 
        if (!imv_os)
@@ -531,6 +536,18 @@ TNC_Result TNC_IMV_BatchEnding(TNC_IMVID imv_id,
        }
        os_state = (imv_os_state_t*)state;
 
+       state->get_recommendation(state, &rec, &eval);
+
+       /*
+        * Don't send an attribute request if an evaluation is available 
+        * or if an attribute request has already been sent
+        */
+       if (eval != TNC_IMV_EVALUATION_RESULT_DONT_KNOW ||
+               os_state->get_attribute_request(os_state))
+       {
+               return TNC_RESULT_SUCCESS;
+       }
+
        if (os_state->get_info(os_state, NULL, NULL, NULL) == NULL)
        {
                imv_msg_t *out_msg;
@@ -548,6 +565,7 @@ TNC_Result TNC_IMV_BatchEnding(TNC_IMVID imv_id,
                attr_cast->add(attr_cast, PEN_IETF, IETF_ATTR_FORWARDING_ENABLED);
                attr_cast->add(attr_cast, PEN_IETF, IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED);
                out_msg->add_attribute(out_msg, attr);
+               os_state->set_attribute_request(os_state, TRUE);
 
                /* send PA-TNC message with excl flag not set */
                result = out_msg->send(out_msg, FALSE);
diff --git a/src/libimcv/plugins/imv_os/imv_os_state.c b/src/libimcv/plugins/imv_os/imv_os_state.c
index ca6e050..00e0424 100644 (file)
--- a/src/libimcv/plugins/imv_os/imv_os_state.c
+++ b/src/libimcv/plugins/imv_os/imv_os_state.c
@@ -137,6 +137,11 @@ struct private_imv_os_state_t {
        int count_ok;
 
        /**
+        * Attribute request sent - mandatory response expected
+        */
+       bool attribute_request;
+
+       /**
         * OS Installed Package request sent - mandatory response expected
         */
        bool package_request;
@@ -506,6 +511,18 @@ METHOD(imv_os_state_t, get_count, void,
        }
 }
 
+METHOD(imv_os_state_t, set_attribute_request, void,
+       private_imv_os_state_t *this, bool set)
+{
+       this->attribute_request = set;
+}
+
+METHOD(imv_os_state_t, get_attribute_request, bool,
+       private_imv_os_state_t *this)
+{
+       return this->attribute_request;
+}
+
 METHOD(imv_os_state_t, set_package_request, void,
        private_imv_os_state_t *this, bool set)
 {
@@ -597,6 +614,8 @@ imv_state_t *imv_os_state_create(TNC_ConnectionID connection_id)
                        .get_info = _get_info,
                        .set_count = _set_count,
                        .get_count = _get_count,
+                       .set_attribute_request = _set_attribute_request,
+                       .get_attribute_request = _get_attribute_request,
                        .set_package_request = _set_package_request,
                        .get_package_request = _get_package_request,
                        .set_device_id = _set_device_id,
diff --git a/src/libimcv/plugins/imv_os/imv_os_state.h b/src/libimcv/plugins/imv_os/imv_os_state.h
index 05abdbb..d3e3191 100644 (file)
--- a/src/libimcv/plugins/imv_os/imv_os_state.h
+++ b/src/libimcv/plugins/imv_os/imv_os_state.h
@@ -87,6 +87,21 @@ struct imv_os_state_t {
         */
        void (*get_count)(imv_os_state_t *this, int *count, int *count_update,
                                          int *count_blacklist, int *count_ok);
+
+       /**
+        * Set/reset attribute request status
+        *
+        * @param set                   TRUE to set, FALSE to clear
+        */
+       void (*set_attribute_request)(imv_os_state_t *this, bool set);
+
+       /**
+        * Get attribute request status
+        *
+        * @return                              TRUE if set, FALSE if unset
+        */
+       bool (*get_attribute_request)(imv_os_state_t *this);
+
        /**
         * Set/reset OS Installed Packages request status
         *
strongSwan - IPsec VPN