diff options
Diffstat (limited to 'src/libimcv/plugins/imv_scanner')
| -rw-r--r-- | src/libimcv/plugins/imv_scanner/Makefile.in | 8 | ||||
| -rw-r--r-- | src/libimcv/plugins/imv_scanner/imv_scanner_agent.c | 23 | ||||
| -rw-r--r-- | src/libimcv/plugins/imv_scanner/imv_scanner_state.c | 14 |
3 files changed, 37 insertions, 8 deletions
diff --git a/src/libimcv/plugins/imv_scanner/Makefile.in b/src/libimcv/plugins/imv_scanner/Makefile.in index 18446e73a..2677b339a 100644 --- a/src/libimcv/plugins/imv_scanner/Makefile.in +++ b/src/libimcv/plugins/imv_scanner/Makefile.in @@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libimcv/plugins/imv_scanner/imv_scanner_agent.c b/src/libimcv/plugins/imv_scanner/imv_scanner_agent.c index 85ef23b80..cbabc80bf 100644 --- a/src/libimcv/plugins/imv_scanner/imv_scanner_agent.c +++ b/src/libimcv/plugins/imv_scanner/imv_scanner_agent.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2013 Andreas Steffen + * Copyright (C) 2013-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -94,10 +94,14 @@ static TNC_Result receive_msg(private_imv_scanner_agent_t *this, ietf_attr_port_filter_t *port_filter_attr; bool fatal_error = FALSE; + /* generate an outgoing PA-TNC message - we might need it */ + out_msg = imv_msg_create_as_reply(in_msg); + /* parse received PA-TNC message and handle local and remote errors */ - result = in_msg->receive(in_msg, &fatal_error); + result = in_msg->receive(in_msg, out_msg, &fatal_error); if (result != TNC_RESULT_SUCCESS) { + out_msg->destroy(out_msg); return result; } @@ -121,17 +125,20 @@ static TNC_Result receive_msg(private_imv_scanner_agent_t *this, state->set_recommendation(state, TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION, TNC_IMV_EVALUATION_RESULT_ERROR); - out_msg = imv_msg_create_as_reply(in_msg); result = out_msg->send_assessment(out_msg); - out_msg->destroy(out_msg); - if (result != TNC_RESULT_SUCCESS) + if (result == TNC_RESULT_SUCCESS) { - return result; + result = this->agent->provide_recommendation(this->agent, state); } - return this->agent->provide_recommendation(this->agent, state); } + else + { + /* send PA-TNC message with the EXCL flag set */ + result = out_msg->send(out_msg, TRUE); + } + out_msg->destroy(out_msg); - return TNC_RESULT_SUCCESS; + return result; } METHOD(imv_agent_if_t, receive_message, TNC_Result, diff --git a/src/libimcv/plugins/imv_scanner/imv_scanner_state.c b/src/libimcv/plugins/imv_scanner/imv_scanner_state.c index 24a49a76c..8f9593f17 100644 --- a/src/libimcv/plugins/imv_scanner/imv_scanner_state.c +++ b/src/libimcv/plugins/imv_scanner/imv_scanner_state.c @@ -71,6 +71,11 @@ struct private_imv_scanner_state_t { imv_session_t *session; /** + * PA-TNC attribute segmentation contracts associated with TNCCS connection + */ + seg_contract_manager_t *contracts; + + /** * IMV action recommendation */ TNC_IMV_Action_Recommendation rec; @@ -211,6 +216,12 @@ METHOD(imv_state_t, get_session, imv_session_t*, return this->session; } +METHOD(imv_state_t, get_contracts, seg_contract_manager_t*, + private_imv_scanner_state_t *this) +{ + return this->contracts; +} + METHOD(imv_state_t, change_state, void, private_imv_scanner_state_t *this, TNC_ConnectionState new_state) { @@ -299,6 +310,7 @@ METHOD(imv_state_t, destroy, void, DESTROY_IF(this->reason_string); DESTROY_IF(this->remediation_string); DESTROY_IF(&this->port_filter_attr->pa_tnc_attribute); + this->contracts->destroy(this->contracts); this->violating_ports->destroy_function(this->violating_ports, free); free(this); } @@ -354,6 +366,7 @@ imv_state_t *imv_scanner_state_create(TNC_ConnectionID connection_id) .get_action_flags = _get_action_flags, .set_session = _set_session, .get_session= _get_session, + .get_contracts = _get_contracts, .change_state = _change_state, .get_recommendation = _get_recommendation, .set_recommendation = _set_recommendation, @@ -372,6 +385,7 @@ imv_state_t *imv_scanner_state_create(TNC_ConnectionID connection_id) .rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION, .eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW, .connection_id = connection_id, + .contracts = seg_contract_manager_create(), .violating_ports = linked_list_create(), ); |