sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-04 00:00:14 -04:00
Code Issues Projects Releases Wiki Activity

implemented policy rules for OS IMV

Browse Source
This commit is contained in:
Andreas Steffen 2013-05-14 00:21:56 +02:00
parent 7daf6d8cc5
commit 4f9aabbfd7
20 changed files with 3220 additions and 101 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/libimcv/Makefile.am
View File

@ -15,6 +15,8 @@ libimcv_la_SOURCES = \
imv/imv_lang_string.h imv/imv_lang_string.c \
imv/imv_reason_string.h imv/imv_reason_string.c \
imv/imv_remediation_string.h imv/imv_remediation_string.c \
imv/imv_workitem.h imv/imv_workitem.c \
imv/tables.sql imv/data.sql \
ietf/ietf_attr.h ietf/ietf_attr.c \
ietf/ietf_attr_assess_result.h ietf/ietf_attr_assess_result.c \
ietf/ietf_attr_attr_request.h ietf/ietf_attr_attr_request.c \

459
src/libimcv/imv/data.sql Normal file
View File

@ -0,0 +1,459 @@
/* Products */
INSERT INTO products ( /* 1 */
name
) VALUES (
'Debian 7.0'
);
INSERT INTO products ( /* 2 */
name
) VALUES (
'Debian 7.0 i686'
);
INSERT INTO products ( /* 3 */
name
) VALUES (
'Debian 7.0 x86_64'
);
INSERT INTO products ( /* 4 */
name
) VALUES (
'Ubuntu 10.04'
);
INSERT INTO products ( /* 5 */
name
) VALUES (
'Ubuntu 10.04 i686'
);
INSERT INTO products ( /* 6 */
name
) VALUES (
'Ubuntu 10.04 x86_64'
);
INSERT INTO products ( /* 7 */
name
) VALUES (
'Ubuntu 10.10'
);
INSERT INTO products ( /* 8 */
name
) VALUES (
'Ubuntu 10.10 i686'
);
INSERT INTO products ( /* 9 */
name
) VALUES (
'Ubuntu 10.10 x86_64'
);
INSERT INTO products ( /* 10 */
name
) VALUES (
'Ubuntu 11.04'
);
INSERT INTO products ( /* 11 */
name
) VALUES (
'Ubuntu 11.04 i686'
);
INSERT INTO products ( /* 12 */
name
) VALUES (
'Ubuntu 11.04 x86_64'
);
INSERT INTO products ( /* 13 */
name
) VALUES (
'Ubuntu 11.10'
);
INSERT INTO products ( /* 14 */
name
) VALUES (
'Ubuntu 11.10 i686'
);
INSERT INTO products ( /* 15 */
name
) VALUES (
'Ubuntu 11.10 x86_64'
);
INSERT INTO products ( /* 16 */
name
) VALUES (
'Ubuntu 12.04'
);
INSERT INTO products ( /* 17 */
name
) VALUES (
'Ubuntu 12.04 i686'
);
INSERT INTO products ( /* 18 */
name
) VALUES (
'Ubuntu 12.04 x86_64'
);
INSERT INTO products ( /* 19 */
name
) VALUES (
'Ubuntu 12.10'
);
INSERT INTO products ( /* 20 */
name
) VALUES (
'Ubuntu 12.10 i686'
);
INSERT INTO products ( /* 21 */
name
) VALUES (
'Ubuntu 12.10 x86_64'
);
INSERT INTO products ( /* 22 */
name
) VALUES (
'Ubuntu 13.04'
);
INSERT INTO products ( /* 23 */
name
) VALUES (
'Ubuntu 13.04 i686'
);
INSERT INTO products ( /* 24 */
name
) VALUES (
'Ubuntu 13.04 x86_64'
);
/* Directories */
INSERT INTO directories ( /* 1 */
path
) VALUES (
'/bin'
);
INSERT INTO directories ( /* 2 */
path
) VALUES (
'/etc'
);
INSERT INTO directories ( /* 3 */
path
) VALUES (
'/lib'
);
INSERT INTO directories ( /* 4 */
path
) VALUES (
'/lib/i386-linux-gnu'
);
INSERT INTO directories ( /* 5 */
path
) VALUES (
'/lib/x86_64-linux-gnu'
);
INSERT INTO directories ( /* 6 */
path
) VALUES (
'/lib/xtables'
);
INSERT INTO directories ( /* 7 */
path
) VALUES (
'/sbin'
);
INSERT INTO directories ( /* 8 */
path
) VALUES (
'/usr/bin'
);
INSERT INTO directories ( /* 9 */
path
) VALUES (
'/usr/lib'
);
INSERT INTO directories ( /* 10 */
path
) VALUES (
'/usr/lib/i386-linux-gnu'
);
INSERT INTO directories ( /* 11 */
path
) VALUES (
'/usr/lib/x86_64-linux-gnu'
);
INSERT INTO directories ( /* 12 */
path
) VALUES (
'/usr/sbin'
);
/* Files */
INSERT INTO files ( /* 1 */
name, dir
) VALUES (
'libcrypto.so.1.0.0', 5
);
INSERT INTO files ( /* 2 */
name, dir
) VALUES (
'libcrypto.so.1.0.0', 11
);
INSERT INTO files ( /* 3 */
name, dir
) VALUES (
'libssl.so.1.0.0', 5
);
INSERT INTO files ( /* 4 */
name, dir
) VALUES (
'libssl.so.1.0.0', 11
);
INSERT INTO files ( /* 5 */
name, dir
) VALUES (
'openssl', 8
);
/* Product-File */
INSERT INTO product_file (
product, file, measurement
) VALUES (
3, 1, 1
);
INSERT INTO product_file (
product, file, measurement
) VALUES (
3, 3, 1
);
INSERT INTO product_file (
product, file, measurement
) VALUES (
3, 5, 1
);
/* Algorithms */
INSERT INTO algorithms (
id, name
) VALUES (
65536, 'SHA1-IMA'
);
INSERT INTO algorithms (
id, name
) VALUES (
32768, 'SHA1'
);
INSERT INTO algorithms (
id, name
) VALUES (
16384, 'SHA256'
);
INSERT INTO algorithms (
id, name
) VALUES (
8192, 'SHA384'
);
/* File Hashes */
INSERT INTO file_hashes (
product, file, algo, hash
) VALUES (
3, 2, 32768, X'6c6f8e12f6cbfba612e780374c4cdcd40f20968a'
);
INSERT INTO file_hashes (
product, file, algo, hash
) VALUES (
3, 2, 16384, X'dbcecd19d59310183cf5c31ddee29e8d7bec64d3f9583aad074330a1b3024b07'
);
INSERT INTO file_hashes (
product, file, algo, hash
) VALUES (
3, 2, 8192, X'197c5385e5853003188833d4f991136c1b0875fa416a60b1159f64e57e457b3184762c884a802a2bda194c058e3bd953'
);
INSERT INTO file_hashes (
product, file, algo, hash
) VALUES (
3, 4, 32768, X'3ad204f99eb7262efab79cfca02628870ea76361'
);
INSERT INTO file_hashes (
product, file, algo, hash
) VALUES (
3, 4, 16384, X'3a2170aad92fdd58b55e0e199822bc873cf587b2d1eb1ed7ed8dcea97ae86376'
);
INSERT INTO file_hashes (
product, file, algo, hash
) VALUES (
3, 4, 8192, X'f778076baa876b5e4b502494a3db081fb09dd870dee6991d54104a74b7e009c58fe261db5ffd13c11e08ef0cefcfa59f'
);
INSERT INTO file_hashes (
product, file, algo, hash
) VALUES (
3, 5, 32768, X'ecd9c7076cc0572724c7a67db7f19c2831e0445f'
);
INSERT INTO file_hashes (
product, file, algo, hash
) VALUES (
3, 5, 16384, X'28f3ea5afd34444c8232ea75003131e294a0c9b847de300e4b205d38c1a41305'
);
INSERT INTO file_hashes (
product, file, algo, hash
) VALUES (
3, 5, 8192, X'51921a8b9322f2d3f06d55002ff40a79da67e70cb563b2a50977642d603dfac2ccbb68b3d32a8bb350769b75d6254208'
);
INSERT INTO file_hashes (
product, file, algo, hash
) VALUES (
21, 1, 32768, X'd9309b9e45928239d7a7b18711e690792632cce4'
);
INSERT INTO file_hashes (
product, file, algo, hash
) VALUES (
21, 1, 16384, X'dbfa1856d278d8707c4989b30dd065b4bcd309908f0f2e6e66ff2aa83ff93f59'
);
INSERT INTO file_hashes (
product, file, algo, hash
) VALUES (
21, 1, 8192, X'fb8d027f03bb5ebb47741ed247eb9e174127b714d20229885feb37e0979aeb14a1b74020cded891d680441093625729c'
);
INSERT INTO file_hashes (
product, file, algo, hash
) VALUES (
21, 3, 32768, X'3715f2f94016a91fab5bbc503f0f1d43c5a9fc2b'
);
INSERT INTO file_hashes (
product, file, algo, hash
) VALUES (
21, 3, 16384, X'c03a5296b5decb87b01517f9927a8b2349dfb29ff9f5ba084f994c155ca5d4be'
);
INSERT INTO file_hashes (
product, file, algo, hash
) VALUES (
21, 3, 8192, X'b8bc345f56115235cc6091f61e312ce43ea54a5b99e7295002ae7b415fd35e06ec4c731ab70ad00d784bb53a318a2fa0'
);
INSERT INTO file_hashes (
product, file, algo, hash
) VALUES (
21, 5, 32768, X'e59602f4edf24c1b36199588886d06665d4adcd7'
);
INSERT INTO file_hashes (
product, file, algo, hash
) VALUES (
21, 5, 16384, X'090e1b77bda7fe665e498c6b5e09dbb7ddc5cfe57f213de48f4fb6736484f500'
);
INSERT INTO file_hashes (
product, file, algo, hash
) VALUES (
21, 5, 8192, X'7cbdb4612a13443dba910ecdef5161f2213e52c9b4a2eef14bcee5d287e9df931cd022e9e9715518ad9c9b6e3384a668'
);
/* Packages */
INSERT INTO packages ( /* 1 */
name
) VALUES (
'libssl-dev'
);
INSERT INTO packages ( /* 2 */
name
) VALUES (
'libssl1.0.0'
);
INSERT INTO packages ( /* 3 */
name
) VALUES (
'libssl1.0.0-dbg'
);
INSERT INTO packages ( /* 4 */
name
) VALUES (
'openssl'
);
/* Versions */
INSERT INTO versions (
package, product, release, time
) values (
1, 1, '1.0.1e-2', 1366531494
);
INSERT INTO versions (
package, product, release, time
) values (
2, 1, '1.0.1e-2', 1366531494
);
INSERT INTO versions (
package, product, release, time
) values (
3, 1, '1.0.1e-2', 1366531494
);
INSERT INTO versions (
package, product, release, time
) values (
4, 1, '1.0.1e-2', 1366531494
);

71
src/libimcv/imv/imv_database.c
View File

@ -16,10 +16,12 @@
#define _GNU_SOURCE
#include <stdio.h>
#include <stdarg.h>
#include <string.h>
#include <time.h>
#include "imv_database.h"
#include "imv_workitem.h"
#include <utils/debug.h>
@ -218,6 +220,74 @@ METHOD(imv_database_t, policy_script, bool,
return TRUE;
}
typedef struct {
/** implements enumerator_t */
enumerator_t public;
/** session ID */
int session_id;
/** database enumerator */
enumerator_t *e;
} workitem_enumerator_t;
/**
* Implementation of enumerator.enumerate
*/
static bool workitem_enumerator_enumerate(workitem_enumerator_t *this, ...)
{
imv_workitem_t **workitem;
imv_workitem_type_t type;
int rec_fail, rec_noresult;
char *argument;
va_list args;
va_start(args, this);
workitem = va_arg(args, imv_workitem_t**);
va_end(args);
if (this->e->enumerate(this->e, &type, &argument, &rec_fail, &rec_noresult))
{
*workitem = imv_workitem_create(this->session_id, type, argument,
rec_fail, rec_noresult);
return TRUE;
}
return FALSE;
}
/**
* Implementation of enumerator.destroy
*/
static void workitem_enumerator_destroy(workitem_enumerator_t *this)
{
this->e->destroy(this->e);
free(this);
}
METHOD(imv_database_t, create_workitem_enumerator, enumerator_t*,
private_imv_database_t *this, int session_id)
{
workitem_enumerator_t *enumerator;
enumerator_t *e;
e = this->db->query(this->db,
"SELECT type, argument, rec_fail, rec_noresult "
"FROM workitems WHERE session = ?",
DB_INT, session_id, DB_INT, DB_TEXT, DB_INT, DB_INT);
if (!e)
{
return NULL;
}
INIT(enumerator,
.public = {
.enumerate = (void*)workitem_enumerator_enumerate,
.destroy = (void*)workitem_enumerator_destroy,
},
.e = e,
);
return (enumerator_t*)enumerator;
}
METHOD(imv_database_t, get_database, database_t*,
private_imv_database_t *this)
{
@ -244,6 +314,7 @@ imv_database_t *imv_database_create(char *uri)
.add_product = _add_product,
.add_device = _add_device,
.policy_script = _policy_script,
.create_workitem_enumerator = _create_workitem_enumerator,
.get_database = _get_database,
.destroy = _destroy,
},

9
src/libimcv/imv/imv_database.h
View File

@ -71,6 +71,15 @@ struct imv_database_t {
*/
bool (*policy_script)(imv_database_t *this, int session_id, bool start);
/**
* Create enumerator for workitems assigned to a session ID
*
* @param session_id Session ID
* @return Enumerator of workitems assigned to session ID
*/
enumerator_t* (*create_workitem_enumerator)(imv_database_t *this,
int session_id);
/**
* Get database handle
*

7
src/libimcv/imv/imv_msg.c
View File

@ -318,6 +318,12 @@ METHOD(imv_msg_t, receive, TNC_Result,
return TNC_RESULT_SUCCESS;
}
METHOD(imv_msg_t, get_attribute_count, int,
private_imv_msg_t *this)
{
return this->attr_list->get_count(this->attr_list);
}
METHOD(imv_msg_t, create_attribute_enumerator, enumerator_t*,
private_imv_msg_t *this)
{
@ -363,6 +369,7 @@ imv_msg_t *imv_msg_create(imv_agent_t *agent, imv_state_t *state,
.send_assessment = _send_assessment,
.receive = _receive,
.add_attribute = _add_attribute,
.get_attribute_count = _get_attribute_count,
.create_attribute_enumerator = _create_attribute_enumerator,
.get_encoding = _get_encoding,
.destroy = _destroy,

7
src/libimcv/imv/imv_msg.h
View File

@ -91,6 +91,13 @@ struct imv_msg_t {
*/
void (*add_attribute)(imv_msg_t *this, pa_tnc_attr_t *attr);
/**
* Get the number of PA-TNC attributes in the send queue
*
* @return number of PA-TNC attribute in send queue
*/
int (*get_attribute_count)(imv_msg_t *this);
/**
* Enumerator over PA-TNC attributes contained in the PA-TNC message
*

35
src/libimcv/imv/imv_state.h
View File

@ -22,6 +22,8 @@
#ifndef IMV_STATE_H_
#define IMV_STATE_H_
#include "imv_workitem.h"
#include <tncifimv.h>
#include <library.h>
@ -108,6 +110,39 @@ struct imv_state_t {
*/
int (*get_session_id)(imv_state_t *this);
/**
* Add workitem to list
*
* @param workitem Workitem to be added
*/
void (*add_workitem)(imv_state_t *this, imv_workitem_t *workitem);
/**
* Return number of pending workitems
*
* @return Number of pending workitems
*/
int (*get_workitem_count)(imv_state_t *this);
/**
* Create an enumerator over the pending workitems
*
* @return Workitem enumerator
*/
enumerator_t* (*create_workitem_enumerator)(imv_state_t *this);
/**
* Finalize a workitem
*
* @param enumerator Current enumerator position pointing to workitem
* @param workitem Workitem to be finalized
* @param result Result description as a text
* @param eval Evaluation Result
*/
void (*finalize_workitem)(imv_state_t *this, enumerator_t *enumerator,
imv_workitem_t *workitem, char *result,
TNC_IMV_Evaluation_Result eval);
/**
* Change the connection state
*

163
src/libimcv/imv/imv_workitem.c Normal file
View File

@ -0,0 +1,163 @@
/*
* Copyright (C) 2013 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#include "imv_workitem.h"
#include <utils/debug.h>
#include <tncif_names.h>
typedef struct private_imv_workitem_t private_imv_workitem_t;
ENUM(imv_workitem_type_names, IMV_WORKITEM_START, IMV_WORKITEM_UDP_SCAN,
"START",
"PCKGS",
"UNSRC",
"FWDEN",
"PWDEN",
"FMEAS",
"DMEAS",
"TCPSC",
"UDPSC"
);
/**
* Private data of a imv_workitem_t object.
*
*/
struct private_imv_workitem_t {
/**
* Public imv_workitem_t interface.
*/
imv_workitem_t public;
/**
* Session ID
*/
int session_id;
/**
* Workitem type
*/
imv_workitem_type_t type;
/**
* Argument string
*/
char *argument;
/**
* Result string
*/
char *result;
/**
* IMV action recommendation
*/
TNC_IMV_Action_Recommendation rec_fail;
/**
* IMV action recommendation
*/
TNC_IMV_Action_Recommendation rec_noresult;
/**
* IMV action recommendation
*/
TNC_IMV_Action_Recommendation rec_final;
};
METHOD(imv_workitem_t, get_session_id, int,
private_imv_workitem_t *this)
{
return this->session_id;
}
METHOD(imv_workitem_t, get_type, imv_workitem_type_t,
private_imv_workitem_t *this)
{
return this->type;
}
METHOD(imv_workitem_t, get_argument, char*,
private_imv_workitem_t *this)
{
return this->argument;
}
METHOD(imv_workitem_t, set_result, TNC_IMV_Action_Recommendation,
private_imv_workitem_t *this, char *result, TNC_IMV_Evaluation_Result eval)
{
this->result = strdup(result);
switch (eval)
{
case TNC_IMV_EVALUATION_RESULT_COMPLIANT:
this->rec_final = TNC_IMV_ACTION_RECOMMENDATION_ALLOW;
break;
case TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR:
case TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MAJOR:
this->rec_final = this->rec_fail;
break;
case TNC_IMV_EVALUATION_RESULT_ERROR:
case TNC_IMV_EVALUATION_RESULT_DONT_KNOW:
default:
this->rec_final = this->rec_noresult;
break;
}
DBG2(DBG_IMV, "workitem %N: %N%s%s", imv_workitem_type_names, this->type,
TNC_IMV_Action_Recommendation_names, this->rec_final,
strlen(result) ? " - " : "", result);
return this->rec_final;
}
METHOD(imv_workitem_t, destroy, void,
private_imv_workitem_t *this)
{
free(this->argument);
free(this->result);
free(this);
}
/**
* See header
*/
imv_workitem_t *imv_workitem_create(int session_id, imv_workitem_type_t type,
char *argument,
TNC_IMV_Action_Recommendation rec_fail,
TNC_IMV_Action_Recommendation rec_noresult)
{
private_imv_workitem_t *this;
INIT(this,
.public = {
.get_session_id = _get_session_id,
.get_type = _get_type,
.get_argument = _get_argument,
.set_result = _set_result,
.destroy = _destroy,
},
.session_id = session_id,
.type = type,
.argument = strdup(argument),
.rec_fail = rec_fail,
.rec_noresult = rec_noresult,
.rec_final = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
);
return &this->public;
}

101
src/libimcv/imv/imv_workitem.h Normal file
View File

@ -0,0 +1,101 @@
/*
* Copyright (C) 2013 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
/**
*
* @defgroup imv_workitem_t imv_workitem
* @{ @ingroup libimcv_imv
*/
#ifndef IMV_WORKITEM_H_
#define IMV_WORKITEM_H_
#include <tncifimv.h>
#include <library.h>
typedef struct imv_workitem_t imv_workitem_t;
typedef enum imv_workitem_type_t imv_workitem_type_t;
enum imv_workitem_type_t {
IMV_WORKITEM_START = 0,
IMV_WORKITEM_PACKAGES = 1,
IMV_WORKITEM_UNKNOWN_SOURCE = 2,
IMV_WORKITEM_FORWARDING = 3,
IMV_WORKITEM_DEFAULT_PWD = 4,
IMV_WORKITEM_FILE_MEAS = 5,
IMV_WORKITEM_DIR_MEAS = 6,
IMV_WORKITEM_TCP_SCAN = 7,
IMV_WORKITEM_UDP_SCAN = 8
};
extern enum_name_t *imv_workitem_type_names;
/**
* IMV database interface
*/
struct imv_workitem_t {
/**
* Get workitem type
*
* @return Session ID
*/
int (*get_session_id)(imv_workitem_t *this);
/**
* Get workitem type
*
* @return Workitem type
*/
imv_workitem_type_t (*get_type)(imv_workitem_t *this);
/**
* Get argument string
*
* @return Argument string
*/
char* (*get_argument)(imv_workitem_t *this);
/**
* Set result string
*
* @param result Result string
* @param eval Evaluation Result
*/
TNC_IMV_Action_Recommendation(*set_result)(imv_workitem_t *this,
char *result, TNC_IMV_Evaluation_Result eval);
/**
* Destroys an imv_workitem_t object
*/
void (*destroy)(imv_workitem_t *this);
};
/**
* Create an imv_workitem_t instance
*
* @param session_id Session ID to which workitem is assigned
* @param type Workitem type
* @param argument Argument string
* @param rec_fail Recommendation with minor/major non-compliance case
* @param rec_noresult Recommendation in don't know/error case
*/
imv_workitem_t *imv_workitem_create(int session_id, imv_workitem_type_t type,
char *argument,
TNC_IMV_Action_Recommendation rec_fail,
TNC_IMV_Action_Recommendation rec_noresult);
#endif /** IMV_WORKITEM_H_ @}*/

18
src/libpts/plugins/imv_attestation/tables.sql → src/libimcv/imv/tables.sql
View File

@ -1,4 +1,4 @@
/* PTS SQLite database */
/* IMV PTS SQLite database */
DROP TABLE IF EXISTS directories;
CREATE TABLE directories (
@ -66,6 +66,22 @@ CREATE TABLE sessions (
product INTEGER DEFAULT 0 REFERENCES products(id)
);
DROP TABLE IF EXISTS workitems;
CREATE TABLE workitems (
id integer NOT NULL PRIMARY KEY AUTOINCREMENT,
session integer NOT NULL REFERENCES sessions(id),
type integer DEFAULT 0,
argument text NOT NULL,
rec_fail integer DEFAULT 1,
rec_noresult integer DEFAULT 1,
rec_final integer DEFAULT 3,
result text
);
DROP INDEX IF EXISTS workitems_session;
CREATE INDEX workitems_sessions ON workitems (
session
);
DROP TABLE IF EXISTS components;
CREATE TABLE components (
id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,

6
src/libimcv/ita/ita_attr_get_settings.c
View File

@ -203,7 +203,7 @@ METHOD(ita_attr_get_settings_t, create_enumerator, enumerator_t*,
/**
* Described in header.
*/
pa_tnc_attr_t *ita_attr_get_settings_create(void)
pa_tnc_attr_t *ita_attr_get_settings_create(char *name)
{
private_ita_attr_get_settings_t *this;
@ -227,6 +227,10 @@ pa_tnc_attr_t *ita_attr_get_settings_create(void)
.ref = 1,
);
if (name)
{
add(this, name);
}
return &this->public.pa_tnc_attribute;
}

6
src/libimcv/ita/ita_attr_get_settings.h
View File

@ -52,9 +52,11 @@ struct ita_attr_get_settings_t {
};
/**
* Creates an ita_attr_get_settings_t object with an empty settings list
* Creates an ita_attr_get_settings_t object with an optional first entry
*
* @param name name of the requested setting or NULL
*/
pa_tnc_attr_t* ita_attr_get_settings_create(void);
pa_tnc_attr_t* ita_attr_get_settings_create(char *name);
/**
* Creates an ita_attr_get_settings_t object from received data

268
src/libimcv/plugins/imv_os/imv_os.c
View File

@ -12,6 +12,8 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#define _GNU_SOURCE
#include <stdio.h>
#include "imv_os_state.h"
#include "imv_os_database.h"
@ -53,6 +55,8 @@ static pen_type_t msg_types[] = {
static imv_agent_t *imv_os;
static char non_market_apps_str[] = "install_non_market_apps";
/**
* Flag set when corresponding attribute has been received
*/
@ -66,7 +70,9 @@ enum imv_os_attr_t {
IMV_OS_ATTR_FORWARDING_ENABLED = (1<<4),
IMV_OS_ATTR_FACTORY_DEFAULT_PWD_ENABLED = (1<<5),
IMV_OS_ATTR_DEVICE_ID = (1<<6),
IMV_OS_ATTR_ALL = (1<<7)-1
IMV_OS_ATTR_MUST = (1<<7)-1,
IMV_OS_ATTR_INSTALLED_PACKAGES = (1<<7),
IMV_OS_ATTR_SETTINGS = (1<<8)
};
/**
@ -151,7 +157,6 @@ static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg)
chunk_t os_name = chunk_empty;
chunk_t os_version = chunk_empty;
bool fatal_error = FALSE, assessment = FALSE;
char non_market_apps_str[] = "install_non_market_apps";
os_state = (imv_os_state_t*)state;
@ -284,6 +289,8 @@ static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg)
enumerator_t *e;
status_t status;
os_state->set_received(os_state,
IMV_OS_ATTR_INSTALLED_PACKAGES);
if (!os_db)
{
break;
@ -318,6 +325,8 @@ static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg)
char *name;
chunk_t value;
os_state->set_received(os_state, IMV_OS_ATTR_SETTINGS);
attr_cast = (ita_attr_settings_t*)attr;
e = attr_cast->create_enumerator(attr_cast);
while (e->enumerate(e, &name, &value))
@ -326,7 +335,7 @@ static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg)
chunk_equals(value, chunk_from_chars('1')))
{
os_state->set_os_settings(os_state,
OS_SETTINGS_NON_MARKET_APPS);
OS_SETTINGS_UNKNOWN_SOURCE);
}
DBG1(DBG_IMV, "setting '%s'\n %.*s",
name, value.len, value.ptr);
@ -340,8 +349,8 @@ static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg)
int session_id, device_id;
chunk_t value;
os_state->set_received(os_state,
IMV_OS_ATTR_DEVICE_ID);
os_state->set_received(os_state, IMV_OS_ATTR_DEVICE_ID);
value = attr->get_value(attr);
DBG1(DBG_IMV, "device ID is %.*s", value.len, value.ptr);
@ -396,43 +405,6 @@ static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg)
assessment = TRUE;
}
/* If all Installed Packages attributes were received, go to assessment */
if (!assessment &&
os_state->get_handshake_state(os_state) == IMV_OS_STATE_POLICY_START &&
!os_state->get_angel_count(os_state))
{
int count, count_update, count_blacklist, count_ok;
u_int os_settings;
os_settings = os_state->get_os_settings(os_state);
os_state->get_count(os_state, &count, &count_update, &count_blacklist,
&count_ok);
DBG1(DBG_IMV, "processed %d packages: %d not updated, %d blacklisted, "
"%d ok, %d not found", count, count_update, count_blacklist,
count_ok, count - count_update - count_blacklist - count_ok);
/* Store device information in database */
if (os_db)
{
os_db->set_device_info(os_db, state->get_session_id(state),
count, count_update, count_blacklist, os_settings);
}
if (count_update || count_blacklist || os_settings)
{
state->set_recommendation(state,
TNC_IMV_ACTION_RECOMMENDATION_ISOLATE,
TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR);
}
else
{
state->set_recommendation(state,
TNC_IMV_ACTION_RECOMMENDATION_ALLOW,
TNC_IMV_EVALUATION_RESULT_COMPLIANT);
}
assessment = TRUE;
}
if (assessment)
{
result = out_msg->send_assessment(out_msg);
@ -587,45 +559,44 @@ TNC_Result TNC_IMV_BatchEnding(TNC_IMVID imv_id,
imv_msg_t *out_msg;
imv_state_t *state;
imv_database_t *imv_db;
imv_workitem_t *workitem;
imv_os_state_t *os_state;
imv_os_handshake_state_t handshake_state;
pa_tnc_attr_t *attr;
TNC_Result result;
TNC_Result result = TNC_RESULT_SUCCESS;
enumerator_t *enumerator;
u_int received;
char *result_str;
bool fail;
if (!imv_os)
{
DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name);
return TNC_RESULT_NOT_INITIALIZED;
}
imv_db = imv_os->get_database(imv_os);
if (!imv_os->get_state(imv_os, connection_id, &state))
{
return TNC_RESULT_FATAL;
}
os_state = (imv_os_state_t*)state;
handshake_state = os_state->get_handshake_state(os_state);
received = os_state->get_received(os_state);
/* create an empty out message - we might need it */
out_msg = imv_msg_create(imv_os, state, connection_id, imv_id,
TNC_IMCID_ANY, msg_types[0]);
if (handshake_state == IMV_OS_STATE_INIT)
{
if (received != IMV_OS_ATTR_ALL)
if ((received & IMV_OS_ATTR_MUST) != IMV_OS_ATTR_MUST)
{
/* send an attribute request for missing attributes */
out_msg = imv_msg_create(imv_os, state, connection_id, imv_id,
TNC_IMCID_ANY, msg_types[0]);
/* create attribute request for missing mandatory attributes */
out_msg->add_attribute(out_msg, build_attr_request(received));
/* send PA-TNC message with excl flag not set */
result = out_msg->send(out_msg, FALSE);
out_msg->destroy(out_msg);
if (result != TNC_RESULT_SUCCESS)
{
return result;
}
}
}
if (handshake_state < IMV_OS_STATE_POLICY_START)
{
if (((received & IMV_OS_ATTR_PRODUCT_INFORMATION) &&
@ -633,32 +604,17 @@ TNC_Result TNC_IMV_BatchEnding(TNC_IMVID imv_id,
((received & IMV_OS_ATTR_DEVICE_ID) ||
(handshake_state == IMV_OS_STATE_ATTR_REQ)))
{
imv_db = imv_os->get_database(imv_os);
if (imv_db)
{
/* trigger the policy manager */
imv_db->policy_script(imv_db, state->get_session_id(state),
TRUE);
imv_db->policy_script(imv_db, state->get_session_id(state), TRUE);
}
os_state->set_handshake_state(os_state, IMV_OS_STATE_POLICY_START);
/* requesting installed packages */
attr = ietf_attr_attr_request_create(PEN_IETF,
IETF_ATTR_INSTALLED_PACKAGES);
out_msg = imv_msg_create(imv_os, state, connection_id, imv_id,
TNC_IMCID_ANY, msg_types[0]);
out_msg->add_attribute(out_msg, attr);
/* send PA-TNC message with excl flag set */
result = out_msg->send(out_msg, TRUE);
out_msg->destroy(out_msg);
return result;
handshake_state = IMV_OS_STATE_POLICY_START;
}
if (handshake_state == IMV_OS_STATE_ATTR_REQ)
else if (handshake_state == IMV_OS_STATE_ATTR_REQ)
{
/**
* Both the IETF Product Information and IETF String Version
* both the IETF Product Information and IETF String Version
* attribute should have been present
*/
state->set_recommendation(state,
@ -666,8 +622,6 @@ TNC_Result TNC_IMV_BatchEnding(TNC_IMVID imv_id,
TNC_IMV_EVALUATION_RESULT_ERROR);
/* send assessment */
out_msg = imv_msg_create(imv_os, state, connection_id, imv_id,
TNC_IMCID_ANY, msg_types[0]);
result = out_msg->send_assessment(out_msg);
out_msg->destroy(out_msg);
@ -677,10 +631,164 @@ TNC_Result TNC_IMV_BatchEnding(TNC_IMVID imv_id,
}
return imv_os->provide_recommendation(imv_os, state);
}
os_state->set_handshake_state(os_state, IMV_OS_STATE_ATTR_REQ);
else
{
handshake_state = IMV_OS_STATE_ATTR_REQ;
}
os_state->set_handshake_state(os_state, handshake_state);
}
return TNC_RESULT_SUCCESS;
if (handshake_state == IMV_OS_STATE_POLICY_START)
{
if (imv_db)
{
enumerator = imv_db->create_workitem_enumerator(imv_db,
state->get_session_id(state));
if (!enumerator)
{
return TNC_RESULT_SUCCESS;
}
while (enumerator->enumerate(enumerator, &workitem))
{
switch (workitem->get_type(workitem))
{
case IMV_WORKITEM_PACKAGES:
attr = ietf_attr_attr_request_create(PEN_IETF,
IETF_ATTR_INSTALLED_PACKAGES);
out_msg->add_attribute(out_msg, attr);
state->add_workitem(state, workitem);
break;
case IMV_WORKITEM_UNKNOWN_SOURCE:
attr = ita_attr_get_settings_create(non_market_apps_str);
out_msg->add_attribute(out_msg, attr);
state->add_workitem(state, workitem);
break;
case IMV_WORKITEM_FORWARDING:
case IMV_WORKITEM_DEFAULT_PWD:
state->add_workitem(state, workitem);
break;
case IMV_WORKITEM_START:
handshake_state = IMV_OS_STATE_WORKITEMS;
/* fall through to default */
default:
workitem->destroy(workitem);
}
}
enumerator->destroy(enumerator);
}
else
{
/* TODO: define workitems without DB access */
handshake_state = IMV_OS_STATE_WORKITEMS;
}
os_state->set_handshake_state(os_state, handshake_state);
}
if (handshake_state == IMV_OS_STATE_WORKITEMS)
{
enumerator = state->create_workitem_enumerator(state);
while (enumerator->enumerate(enumerator, &workitem))
{
switch (workitem->get_type(workitem))
{
case IMV_WORKITEM_PACKAGES:
{
int count, count_update, count_blacklist, count_ok, ret;
if (!(received & IMV_OS_ATTR_INSTALLED_PACKAGES) ||
os_state->get_angel_count(os_state))
{
break;
}
os_state->get_count(os_state, &count, &count_update,
&count_blacklist, &count_ok);
fail = count_update || count_blacklist;
ret = asprintf(&result_str, "processed %d packages: "
"%d not updated, %d blacklisted, %d ok, "
"%d not found",
count, count_update, count_blacklist, count_ok,
count - count_update - count_blacklist - count_ok);
if (ret == -1)
{
result_str = strdup("");
}
state->finalize_workitem(state, enumerator, workitem,
result_str, fail ?
TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR :
TNC_IMV_EVALUATION_RESULT_COMPLIANT);
free(result_str);
break;
}
case IMV_WORKITEM_UNKNOWN_SOURCE:
if (!(received & IMV_OS_ATTR_SETTINGS))
{
break;
}
fail = os_state->get_os_settings(os_state) &
OS_SETTINGS_UNKNOWN_SOURCE;
result_str = fail ? "unknown sources enabled" : "";
state->finalize_workitem(state, enumerator, workitem,
result_str, fail ?
TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR :
TNC_IMV_EVALUATION_RESULT_COMPLIANT);
break;
case IMV_WORKITEM_FORWARDING:
if (!(received & IMV_OS_ATTR_FORWARDING_ENABLED))
{
break;
}
fail = os_state->get_os_settings(os_state) &
OS_SETTINGS_FWD_ENABLED;
result_str = fail ? "forwarding enabled" : "";
state->finalize_workitem(state, enumerator, workitem,
result_str, fail ?
TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR :
TNC_IMV_EVALUATION_RESULT_COMPLIANT);
break;
case IMV_WORKITEM_DEFAULT_PWD:
if (!(received & IMV_OS_ATTR_FACTORY_DEFAULT_PWD_ENABLED))
{
break;
}
fail = os_state->get_os_settings(os_state) &
OS_SETTINGS_DEFAULT_PWD_ENABLED;
result_str = fail ? "default password enabled" : "";
state->finalize_workitem(state, enumerator, workitem,
result_str, fail ?
TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MAJOR :
TNC_IMV_EVALUATION_RESULT_COMPLIANT);
break;
default:
break;
}
}
enumerator->destroy(enumerator);
/* finalized all workitems ? */
if (state->get_workitem_count(state) == 0)
{
result = out_msg->send_assessment(out_msg);
out_msg->destroy(out_msg);
if (result != TNC_RESULT_SUCCESS)
{
return result;
}
return imv_os->provide_recommendation(imv_os, state);
}
}
/* send non-empty PA-TNC message with excl flag not set */
if (out_msg->get_attribute_count(out_msg))
{
result = out_msg->send(out_msg, FALSE);
}
out_msg->destroy(out_msg);
return result;
}
/**

131
src/libimcv/plugins/imv_os/imv_os_state.c
View File

@ -14,6 +14,7 @@
*/
#include "imv_os_state.h"
#include "imv/imv_lang_string.h"
#include "imv/imv_reason_string.h"
#include "imv/imv_remediation_string.h"
@ -76,6 +77,11 @@ struct private_imv_os_state_t {
*/
int session_id;
/**
* List of workitems
*/
linked_list_t *workitems;
/**
* IMV action recommendation
*/
@ -281,16 +287,16 @@ static imv_lang_string_t instr_default_pwd_enabled_descr[] = {
};
/**
* Instruction strings for "Install Non-Market Apps"
* Instruction strings for "Unknown Source"
*/
static imv_lang_string_t instr_non_market_apps_title[] = {
static imv_lang_string_t instr_unknown_source_title[] = {
{ "en", "Unknown Software Origin" },
{ "de", "Unbekannte Softwareherkunft" },
{ "pl", "Nieznane pochodzenie softwaru" },
{ NULL, NULL }
};
static imv_lang_string_t instr_non_market_apps_descr[] = {
static imv_lang_string_t instr_unknown_source_descr[] = {
{ "en", "Do not allow the installation of apps from unknown sources" },
{ "de", "Erlauben Sie nicht die Installation von Apps aus unbekannten Quellen" },
{ "pl", "Proszę nie dopuszczać do instalacji Apps z nieznanych źródeł" },
@ -363,6 +369,112 @@ METHOD(imv_state_t, get_session_id, int,
return this->session_id;
}
METHOD(imv_state_t, add_workitem, void,
private_imv_os_state_t *this, imv_workitem_t *workitem)
{
this->workitems->insert_last(this->workitems, workitem);
}
METHOD(imv_state_t, get_workitem_count, int,
private_imv_os_state_t *this)
{
return this->workitems->get_count(this->workitems);
}
METHOD(imv_state_t, create_workitem_enumerator, enumerator_t*,
private_imv_os_state_t *this)
{
return this->workitems->create_enumerator(this->workitems);
}
METHOD(imv_state_t, finalize_workitem, void,
private_imv_os_state_t *this, enumerator_t *enumerator,
imv_workitem_t *workitem, char *result, TNC_IMV_Evaluation_Result eval)
{
TNC_IMV_Action_Recommendation rec;
this->workitems->remove_at(this->workitems, enumerator);
rec = workitem->set_result(workitem, result, eval);
/* Update overall evaluation result */
switch (this->eval)
{
case TNC_IMV_EVALUATION_RESULT_COMPLIANT:
switch (eval)
{
case TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR:
case TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MAJOR:
case TNC_IMV_EVALUATION_RESULT_ERROR:
this->eval = eval;
break;
default:
break;
}
break;
case TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR:
switch (eval)
{
case TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MAJOR:
case TNC_IMV_EVALUATION_RESULT_ERROR:
this->eval = eval;
break;
default:
break;
}
break;
case TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MAJOR:
switch (eval)
{
case TNC_IMV_EVALUATION_RESULT_ERROR:
this->eval = eval;
break;
default:
break;
}
break;
case TNC_IMV_EVALUATION_RESULT_DONT_KNOW:
this->eval = eval;
break;
default:
break;
}
/* Update overall action recommendation */
switch (this->rec)
{
case TNC_IMV_ACTION_RECOMMENDATION_ALLOW:
switch (rec)
{
case TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS:
case TNC_IMV_ACTION_RECOMMENDATION_ISOLATE:
this->rec = rec;
break;
default:
break;
}
break;
case TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS:
switch (rec)
{
case TNC_IMV_ACTION_RECOMMENDATION_ISOLATE:
this->rec = rec;
break;
default:
break;
}
break;
case TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION:
this->rec = rec;
break;
default:
break;
}
/* TODO update workitem in IMV database */
workitem->destroy(workitem);
}
METHOD(imv_state_t, change_state, void,
private_imv_os_state_t *this, TNC_ConnectionState new_state)
{
@ -462,11 +574,11 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
instr_default_pwd_enabled_title,
instr_default_pwd_enabled_descr, NULL, NULL);
}
if (this->os_settings & OS_SETTINGS_NON_MARKET_APPS)
if (this->os_settings & OS_SETTINGS_UNKNOWN_SOURCE)
{
this->remediation_string->add_instruction(this->remediation_string,
instr_non_market_apps_title,
instr_non_market_apps_descr, NULL, NULL);
instr_unknown_source_title,
instr_unknown_source_descr, NULL, NULL);
}
*string = this->remediation_string->get_encoding(this->remediation_string);
@ -481,6 +593,8 @@ METHOD(imv_state_t, destroy, void,
{
DESTROY_IF(this->reason_string);
DESTROY_IF(this->remediation_string);
this->workitems->destroy_offset(this->workitems,
offsetof(imv_workitem_t, destroy));
this->update_packages->destroy_function(this->update_packages, free);
this->remove_packages->destroy_function(this->remove_packages, free);
free(this->info);
@ -652,6 +766,10 @@ imv_state_t *imv_os_state_create(TNC_ConnectionID connection_id)
.get_ar_id = _get_ar_id,
.set_session_id = _set_session_id,
.get_session_id = _get_session_id,
.add_workitem = _add_workitem,
.get_workitem_count = _get_workitem_count,
.create_workitem_enumerator = _create_workitem_enumerator,
.finalize_workitem = _finalize_workitem,
.change_state = _change_state,
.get_recommendation = _get_recommendation,
.set_recommendation = _set_recommendation,
@ -679,6 +797,7 @@ imv_state_t *imv_os_state_create(TNC_ConnectionID connection_id)
.rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
.eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
.connection_id = connection_id,
.workitems = linked_list_create(),
.update_packages = linked_list_create(),
.remove_packages = linked_list_create(),
);

5
src/libimcv/plugins/imv_os/imv_os_state.h
View File

@ -38,7 +38,8 @@ typedef enum os_settings_t os_settings_t;
enum imv_os_handshake_state_t {
IMV_OS_STATE_INIT,
IMV_OS_STATE_ATTR_REQ,
IMV_OS_STATE_POLICY_START
IMV_OS_STATE_POLICY_START,
IMV_OS_STATE_WORKITEMS
};
/**
@ -47,7 +48,7 @@ enum imv_os_handshake_state_t {
enum os_settings_t {
OS_SETTINGS_FWD_ENABLED = (1<<0),
OS_SETTINGS_DEFAULT_PWD_ENABLED = (1<<1),
OS_SETTINGS_NON_MARKET_APPS = (1<<2)
OS_SETTINGS_UNKNOWN_SOURCE = (1<<2)
};
/**

56
src/libimcv/plugins/imv_scanner/imv_scanner_state.c
View File

@ -73,6 +73,11 @@ struct private_imv_scanner_state_t {
*/
int session_id;
/**
* List of workitems
*/
linked_list_t *workitems;
/**
* IMV action recommendation
*/
@ -187,6 +192,16 @@ METHOD(imv_state_t, set_ar_id, void,
this->ar_id_value = chunk_clone(id_value);
}
METHOD(imv_state_t, get_ar_id, chunk_t,
private_imv_scanner_state_t *this, u_int32_t *id_type)
{
if (id_type)
{
*id_type = this->ar_id_type;
}
return this->ar_id_value;
}
METHOD(imv_state_t, set_session_id, void,
private_imv_scanner_state_t *this, int session_id)
{
@ -199,14 +214,34 @@ METHOD(imv_state_t, get_session_id, int,
return this->session_id;
}
METHOD(imv_state_t, get_ar_id, chunk_t,
private_imv_scanner_state_t *this, u_int32_t *id_type)
METHOD(imv_state_t, add_workitem, void,
private_imv_scanner_state_t *this, imv_workitem_t *workitem)
{
if (id_type)
{
*id_type = this->ar_id_type;
}
return this->ar_id_value;
this->workitems->insert_last(this->workitems, workitem);
}
METHOD(imv_state_t, get_workitem_count, int,
private_imv_scanner_state_t *this)
{
return this->workitems->get_count(this->workitems);
}
METHOD(imv_state_t, create_workitem_enumerator, enumerator_t*,
private_imv_scanner_state_t *this)
{
return this->workitems->create_enumerator(this->workitems);
}
METHOD(imv_state_t, finalize_workitem, void,
private_imv_scanner_state_t *this, enumerator_t *enumerator,
imv_workitem_t *workitem, char *result, TNC_IMV_Evaluation_Result eval)
{
TNC_IMV_Action_Recommendation rec;
this->workitems->remove_at(this->workitems, enumerator);
rec = workitem->set_result(workitem, result, eval);
/* TODO update workitem in IMV database */
workitem->destroy(workitem);
}
METHOD(imv_state_t, change_state, void,
@ -284,6 +319,8 @@ METHOD(imv_state_t, destroy, void,
{
DESTROY_IF(this->reason_string);
DESTROY_IF(this->remediation_string);
this->workitems->destroy_offset(this->workitems,
offsetof(imv_workitem_t, destroy));
this->violating_ports->destroy_function(this->violating_ports, free);
free(this->ar_id_value.ptr);
free(this);
@ -315,6 +352,10 @@ imv_state_t *imv_scanner_state_create(TNC_ConnectionID connection_id)
.get_ar_id = _get_ar_id,
.set_session_id = _set_session_id,
.get_session_id = _get_session_id,
.add_workitem = _add_workitem,
.get_workitem_count = _get_workitem_count,
.create_workitem_enumerator = _create_workitem_enumerator,
.finalize_workitem = _finalize_workitem,
.change_state = _change_state,
.get_recommendation = _get_recommendation,
.set_recommendation = _set_recommendation,
@ -328,6 +369,7 @@ imv_state_t *imv_scanner_state_create(TNC_ConnectionID connection_id)
.rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
.eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
.connection_id = connection_id,
.workitems = linked_list_create(),
.violating_ports = linked_list_create(),
);

41
src/libimcv/plugins/imv_test/imv_test_state.c
View File

@ -73,6 +73,11 @@ struct private_imv_test_state_t {
*/
int session_id;
/**
* List of workitems
*/
linked_list_t *workitems;
/**
* IMV action recommendation
*/
@ -187,6 +192,36 @@ METHOD(imv_state_t, get_session_id, int,
return this->session_id;
}
METHOD(imv_state_t, add_workitem, void,
private_imv_test_state_t *this, imv_workitem_t *workitem)
{
this->workitems->insert_last(this->workitems, workitem);
}
METHOD(imv_state_t, get_workitem_count, int,
private_imv_test_state_t *this)
{
return this->workitems->get_count(this->workitems);
}
METHOD(imv_state_t, create_workitem_enumerator, enumerator_t*,
private_imv_test_state_t *this)
{
return this->workitems->create_enumerator(this->workitems);
}
METHOD(imv_state_t, finalize_workitem, void,
private_imv_test_state_t *this, enumerator_t *enumerator,
imv_workitem_t *workitem, char *result, TNC_IMV_Evaluation_Result eval)
{
TNC_IMV_Action_Recommendation rec;
this->workitems->remove_at(this->workitems, enumerator);
rec = workitem->set_result(workitem, result, eval);
/* TODO update workitem in IMV database */
workitem->destroy(workitem);
}
METHOD(imv_state_t, change_state, void,
private_imv_test_state_t *this, TNC_ConnectionState new_state)
{
@ -236,6 +271,8 @@ METHOD(imv_state_t, destroy, void,
private_imv_test_state_t *this)
{
DESTROY_IF(this->reason_string);
this->workitems->destroy_offset(this->workitems,
offsetof(imv_workitem_t, destroy));
this->imcs->destroy_function(this->imcs, free);
free(this->ar_id_value.ptr);
free(this);
@ -326,6 +363,10 @@ imv_state_t *imv_test_state_create(TNC_ConnectionID connection_id)
.get_ar_id = _get_ar_id,
.set_session_id = _set_session_id,
.get_session_id = _get_session_id,
.add_workitem = _add_workitem,
.get_workitem_count = _get_workitem_count,
.create_workitem_enumerator = _create_workitem_enumerator,
.finalize_workitem = _finalize_workitem,
.change_state = _change_state,
.get_recommendation = _get_recommendation,
.set_recommendation = _set_recommendation,

3
src/libpts/plugins/imv_attestation/Makefile.am
View File

@ -24,8 +24,7 @@ imv_attestation_la_LDFLAGS = -module -avoid-version
ipsec_PROGRAMS = attest
attest_SOURCES = attest.c \
attest_usage.h attest_usage.c \
attest_db.h attest_db.c \
tables.sql data.sql
attest_db.h attest_db.c
attest_LDADD = \
$(top_builddir)/src/libimcv/libimcv.la \
$(top_builddir)/src/libpts/libpts.la \

41
src/libpts/plugins/imv_attestation/imv_attestation_state.c
View File

@ -78,6 +78,11 @@ struct private_imv_attestation_state_t {
*/
int session_id;
/**
* List of workitems
*/
linked_list_t *workitems;
/**
* IMV Attestation handshake state
*/
@ -260,6 +265,36 @@ METHOD(imv_state_t, get_session_id, int,
return this->session_id;
}
METHOD(imv_state_t, add_workitem, void,
private_imv_attestation_state_t *this, imv_workitem_t *workitem)
{
this->workitems->insert_last(this->workitems, workitem);
}
METHOD(imv_state_t, get_workitem_count, int,
private_imv_attestation_state_t *this)
{
return this->workitems->get_count(this->workitems);
}
METHOD(imv_state_t, create_workitem_enumerator, enumerator_t*,
private_imv_attestation_state_t *this)
{
return this->workitems->create_enumerator(this->workitems);
}
METHOD(imv_state_t, finalize_workitem, void,
private_imv_attestation_state_t *this, enumerator_t *enumerator,
imv_workitem_t *workitem, char *result, TNC_IMV_Evaluation_Result eval)
{
TNC_IMV_Action_Recommendation rec;
this->workitems->remove_at(this->workitems, enumerator);
rec = workitem->set_result(workitem, result, eval);
/* TODO update workitem in IMV database */
workitem->destroy(workitem);
}
METHOD(imv_state_t, change_state, void,
private_imv_attestation_state_t *this, TNC_ConnectionState new_state)
{
@ -334,6 +369,8 @@ METHOD(imv_state_t, destroy, void,
private_imv_attestation_state_t *this)
{
DESTROY_IF(this->reason_string);
this->workitems->destroy_offset(this->workitems,
offsetof(imv_workitem_t, destroy));
this->file_meas_requests->destroy_function(this->file_meas_requests, free);
this->components->destroy_function(this->components, (void *)free_func_comp);
this->pts->destroy(this->pts);
@ -529,6 +566,10 @@ imv_state_t *imv_attestation_state_create(TNC_ConnectionID connection_id)
.get_ar_id = _get_ar_id,
.set_session_id = _set_session_id,
.get_session_id = _get_session_id,
.add_workitem = _add_workitem,
.get_workitem_count = _get_workitem_count,
.create_workitem_enumerator = _create_workitem_enumerator,
.finalize_workitem = _finalize_workitem,
.change_state = _change_state,
.get_recommendation = _get_recommendation,
.set_recommendation = _set_recommendation,

1892
testing/config/kernel/config-3.9 Normal file
View File

File diff suppressed because it is too large Load Diff