summaryrefslogtreecommitdiff
path: root/src/libimcv/plugins/imv_scanner
diff options
context:
space:
mode:
authorRomain Francoise <rfrancoise@debian.org>2014-10-21 19:28:38 +0200
committerRomain Francoise <rfrancoise@debian.org>2014-10-21 19:41:50 +0200
commitb23b0e5609ed4b3d29396a1727aab035fa4a395f (patch)
tree091d0b144dd92a0c124b7fbe9eae68f79cb975dc /src/libimcv/plugins/imv_scanner
parent4a01a7e2574040cf246fd00ebff173b873c17349 (diff)
downloadvyos-strongswan-b23b0e5609ed4b3d29396a1727aab035fa4a395f.tar.gz
vyos-strongswan-b23b0e5609ed4b3d29396a1727aab035fa4a395f.zip
Import upstream release 5.2.1
Diffstat (limited to 'src/libimcv/plugins/imv_scanner')
-rw-r--r--src/libimcv/plugins/imv_scanner/Makefile.in8
-rw-r--r--src/libimcv/plugins/imv_scanner/imv_scanner_agent.c23
-rw-r--r--src/libimcv/plugins/imv_scanner/imv_scanner_state.c14
3 files changed, 37 insertions, 8 deletions
diff --git a/src/libimcv/plugins/imv_scanner/Makefile.in b/src/libimcv/plugins/imv_scanner/Makefile.in
index 18446e73a..2677b339a 100644
--- a/src/libimcv/plugins/imv_scanner/Makefile.in
+++ b/src/libimcv/plugins/imv_scanner/Makefile.in
@@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libimcv/plugins/imv_scanner/imv_scanner_agent.c b/src/libimcv/plugins/imv_scanner/imv_scanner_agent.c
index 85ef23b80..cbabc80bf 100644
--- a/src/libimcv/plugins/imv_scanner/imv_scanner_agent.c
+++ b/src/libimcv/plugins/imv_scanner/imv_scanner_agent.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -94,10 +94,14 @@ static TNC_Result receive_msg(private_imv_scanner_agent_t *this,
ietf_attr_port_filter_t *port_filter_attr;
bool fatal_error = FALSE;
+ /* generate an outgoing PA-TNC message - we might need it */
+ out_msg = imv_msg_create_as_reply(in_msg);
+
/* parse received PA-TNC message and handle local and remote errors */
- result = in_msg->receive(in_msg, &fatal_error);
+ result = in_msg->receive(in_msg, out_msg, &fatal_error);
if (result != TNC_RESULT_SUCCESS)
{
+ out_msg->destroy(out_msg);
return result;
}
@@ -121,17 +125,20 @@ static TNC_Result receive_msg(private_imv_scanner_agent_t *this,
state->set_recommendation(state,
TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
TNC_IMV_EVALUATION_RESULT_ERROR);
- out_msg = imv_msg_create_as_reply(in_msg);
result = out_msg->send_assessment(out_msg);
- out_msg->destroy(out_msg);
- if (result != TNC_RESULT_SUCCESS)
+ if (result == TNC_RESULT_SUCCESS)
{
- return result;
+ result = this->agent->provide_recommendation(this->agent, state);
}
- return this->agent->provide_recommendation(this->agent, state);
}
+ else
+ {
+ /* send PA-TNC message with the EXCL flag set */
+ result = out_msg->send(out_msg, TRUE);
+ }
+ out_msg->destroy(out_msg);
- return TNC_RESULT_SUCCESS;
+ return result;
}
METHOD(imv_agent_if_t, receive_message, TNC_Result,
diff --git a/src/libimcv/plugins/imv_scanner/imv_scanner_state.c b/src/libimcv/plugins/imv_scanner/imv_scanner_state.c
index 24a49a76c..8f9593f17 100644
--- a/src/libimcv/plugins/imv_scanner/imv_scanner_state.c
+++ b/src/libimcv/plugins/imv_scanner/imv_scanner_state.c
@@ -71,6 +71,11 @@ struct private_imv_scanner_state_t {
imv_session_t *session;
/**
+ * PA-TNC attribute segmentation contracts associated with TNCCS connection
+ */
+ seg_contract_manager_t *contracts;
+
+ /**
* IMV action recommendation
*/
TNC_IMV_Action_Recommendation rec;
@@ -211,6 +216,12 @@ METHOD(imv_state_t, get_session, imv_session_t*,
return this->session;
}
+METHOD(imv_state_t, get_contracts, seg_contract_manager_t*,
+ private_imv_scanner_state_t *this)
+{
+ return this->contracts;
+}
+
METHOD(imv_state_t, change_state, void,
private_imv_scanner_state_t *this, TNC_ConnectionState new_state)
{
@@ -299,6 +310,7 @@ METHOD(imv_state_t, destroy, void,
DESTROY_IF(this->reason_string);
DESTROY_IF(this->remediation_string);
DESTROY_IF(&this->port_filter_attr->pa_tnc_attribute);
+ this->contracts->destroy(this->contracts);
this->violating_ports->destroy_function(this->violating_ports, free);
free(this);
}
@@ -354,6 +366,7 @@ imv_state_t *imv_scanner_state_create(TNC_ConnectionID connection_id)
.get_action_flags = _get_action_flags,
.set_session = _set_session,
.get_session= _get_session,
+ .get_contracts = _get_contracts,
.change_state = _change_state,
.get_recommendation = _get_recommendation,
.set_recommendation = _set_recommendation,
@@ -372,6 +385,7 @@ imv_state_t *imv_scanner_state_create(TNC_ConnectionID connection_id)
.rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
.eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
.connection_id = connection_id,
+ .contracts = seg_contract_manager_create(),
.violating_ports = linked_list_create(),
);
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-02 19:19:28 +0000