diff options
Diffstat (limited to 'src/libimcv/plugins')
31 files changed, 2928 insertions, 2106 deletions
diff --git a/src/libimcv/plugins/imc_os/Makefile.am b/src/libimcv/plugins/imc_os/Makefile.am index 0bfe776a5..83c46558b 100644 --- a/src/libimcv/plugins/imc_os/Makefile.am +++ b/src/libimcv/plugins/imc_os/Makefile.am @@ -1,8 +1,10 @@ - -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libtncif \ +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libtncif \ -I$(top_srcdir)/src/libimcv -AM_CFLAGS = -rdynamic +AM_CFLAGS = \ + -rdynamic imcv_LTLIBRARIES = imc-os.la @@ -12,4 +14,3 @@ imc_os_la_LIBADD = $(top_builddir)/src/libimcv/libimcv.la \ imc_os_la_SOURCES = imc_os.c imc_os_state.h imc_os_state.c imc_os_la_LDFLAGS = -module -avoid-version - diff --git a/src/libimcv/plugins/imc_os/Makefile.in b/src/libimcv/plugins/imc_os/Makefile.in index 351e659ad..729fa8478 100644 --- a/src/libimcv/plugins/imc_os/Makefile.in +++ b/src/libimcv/plugins/imc_os/Makefile.in @@ -62,7 +62,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/macros/with.m4 \ $(top_srcdir)/m4/macros/enable-disable.m4 \ $(top_srcdir)/m4/macros/add-plugin.m4 \ - $(top_srcdir)/configure.in + $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d @@ -102,7 +102,10 @@ imc_os_la_DEPENDENCIES = $(top_builddir)/src/libimcv/libimcv.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la am_imc_os_la_OBJECTS = imc_os.lo imc_os_state.lo imc_os_la_OBJECTS = $(am_imc_os_la_OBJECTS) -imc_os_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +imc_os_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(imc_os_la_LDFLAGS) $(LDFLAGS) -o $@ DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) @@ -111,13 +114,26 @@ am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ - --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ - $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ CCLD = $(CC) -LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ - --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ - $(LDFLAGS) -o $@ +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; SOURCES = $(imc_os_la_SOURCES) DIST_SOURCES = $(imc_os_la_SOURCES) am__can_run_installinfo = \ @@ -131,6 +147,7 @@ DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ @@ -143,6 +160,8 @@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CHECK_CFLAGS = @CHECK_CFLAGS@ CHECK_LIBS = @CHECK_LIBS@ +COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ +COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -158,6 +177,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ GREP = @GREP@ @@ -166,6 +186,7 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LCOV = @LCOV@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ @@ -212,6 +233,7 @@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ SOCKLIB = @SOCKLIB@ STRIP = @STRIP@ +UNWINDLIB = @UNWINDLIB@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ @@ -240,6 +262,7 @@ charon_natt_port = @charon_natt_port@ charon_plugins = @charon_plugins@ charon_udp_port = @charon_udp_port@ clearsilver_LIBS = @clearsilver_LIBS@ +cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ @@ -317,10 +340,14 @@ top_srcdir = @top_srcdir@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libtncif \ +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libtncif \ -I$(top_srcdir)/src/libimcv -AM_CFLAGS = -rdynamic +AM_CFLAGS = \ + -rdynamic + imcv_LTLIBRARIES = imc-os.la imc_os_la_LIBADD = $(top_builddir)/src/libimcv/libimcv.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la @@ -394,7 +421,7 @@ clean-imcvLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done imc-os.la: $(imc_os_la_OBJECTS) $(imc_os_la_DEPENDENCIES) $(EXTRA_imc_os_la_DEPENDENCIES) - $(imc_os_la_LINK) -rpath $(imcvdir) $(imc_os_la_OBJECTS) $(imc_os_la_LIBADD) $(LIBS) + $(AM_V_CCLD)$(imc_os_la_LINK) -rpath $(imcvdir) $(imc_os_la_OBJECTS) $(imc_os_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -406,25 +433,25 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imc_os_state.Plo@am__quote@ .c.o: -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(COMPILE) -c $< +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< .c.obj: -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: -@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo diff --git a/src/libimcv/plugins/imc_os/imc_os.c b/src/libimcv/plugins/imc_os/imc_os.c index f6e205ce7..2558be9f8 100644 --- a/src/libimcv/plugins/imc_os/imc_os.c +++ b/src/libimcv/plugins/imc_os/imc_os.c @@ -30,6 +30,7 @@ #include <ita/ita_attr_get_settings.h> #include <ita/ita_attr_settings.h> #include <ita/ita_attr_angel.h> +#include <ita/ita_attr_device_id.h> #include <os_info/os_info.h> #include <tncif_pa_subtypes.h> @@ -213,7 +214,7 @@ static void add_fwd_enabled(imc_msg_t *msg) os_fwd_status_t fwd_status; fwd_status = os->get_fwd_status(os); - DBG1(DBG_IMC, "IPv4 forwarding status: %N", + DBG1(DBG_IMC, "IPv4 forwarding is %N", os_fwd_status_names, fwd_status); attr = ietf_attr_fwd_enabled_create(fwd_status); msg->add_attribute(msg, attr); @@ -226,12 +227,43 @@ static void add_default_pwd_enabled(imc_msg_t *msg) { pa_tnc_attr_t *attr; - DBG1(DBG_IMC, "factory default password: disabled"); + DBG1(DBG_IMC, "factory default password is disabled"); attr = ietf_attr_default_pwd_enabled_create(FALSE); msg->add_attribute(msg, attr); } /** + * Add ITA Device ID attribute to the send queue + */ +static void add_device_id(imc_msg_t *msg) +{ + pa_tnc_attr_t *attr; + chunk_t value; + char *name; + + name = os->get_type(os) == OS_TYPE_ANDROID ? + "android_id" : "/var/lib/dbus/machine-id"; + value = os->get_setting(os, name); + + if (value.len == 0) + { + DBG1(DBG_IMC, "no device ID available"); + return; + } + + /* trim trailing newline character */ + if (value.ptr[value.len - 1] == '\n') + { + value.len--; + } + + DBG1(DBG_IMC, "device ID is %.*s", value.len, value.ptr); + attr = ita_attr_device_id_create(value); + msg->add_attribute(msg, attr); + free(value.ptr); +} + +/** * Add an IETF Installed Packages attribute to the send queue */ static void add_installed_packages(imc_state_t *state, imc_msg_t *msg) @@ -365,6 +397,7 @@ TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id, add_op_status(out_msg); add_fwd_enabled(out_msg); add_default_pwd_enabled(out_msg); + add_device_id(out_msg); /* send PA-TNC message with the excl flag not set */ result = out_msg->send(out_msg, FALSE); @@ -410,35 +443,45 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg) e = attr_cast->create_enumerator(attr_cast); while (e->enumerate(e, &entry)) { - if (entry->vendor_id != PEN_IETF) + if (entry->vendor_id == PEN_IETF) { - continue; + switch (entry->type) + { + case IETF_ATTR_PRODUCT_INFORMATION: + add_product_info(out_msg); + break; + case IETF_ATTR_STRING_VERSION: + add_string_version(out_msg); + break; + case IETF_ATTR_NUMERIC_VERSION: + add_numeric_version(out_msg); + break; + case IETF_ATTR_OPERATIONAL_STATUS: + add_op_status(out_msg); + break; + case IETF_ATTR_FORWARDING_ENABLED: + add_fwd_enabled(out_msg); + break; + case IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED: + add_default_pwd_enabled(out_msg); + break; + case IETF_ATTR_INSTALLED_PACKAGES: + add_installed_packages(state, out_msg); + break; + default: + break; + } } - switch (entry->type) + else if (entry->vendor_id == PEN_ITA) { - case IETF_ATTR_PRODUCT_INFORMATION: - add_product_info(out_msg); - break; - case IETF_ATTR_STRING_VERSION: - add_string_version(out_msg); - break; - case IETF_ATTR_NUMERIC_VERSION: - add_numeric_version(out_msg); - break; - case IETF_ATTR_OPERATIONAL_STATUS: - add_op_status(out_msg); - break; - case IETF_ATTR_FORWARDING_ENABLED: - add_fwd_enabled(out_msg); - break; - case IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED: - add_default_pwd_enabled(out_msg); - break; - case IETF_ATTR_INSTALLED_PACKAGES: - add_installed_packages(state, out_msg); - break; - default: - break; + switch (entry->type) + { + case ITA_ATTR_DEVICE_ID: + add_device_id(out_msg); + break; + default: + break; + } } } e->destroy(e); diff --git a/src/libimcv/plugins/imc_scanner/Makefile.am b/src/libimcv/plugins/imc_scanner/Makefile.am index f27d73b67..b294541c4 100644 --- a/src/libimcv/plugins/imc_scanner/Makefile.am +++ b/src/libimcv/plugins/imc_scanner/Makefile.am @@ -1,8 +1,10 @@ - -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libtncif \ +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libtncif \ -I$(top_srcdir)/src/libimcv -AM_CFLAGS = -rdynamic +AM_CFLAGS = \ + -rdynamic imcv_LTLIBRARIES = imc-scanner.la @@ -12,4 +14,3 @@ imc_scanner_la_LIBADD = $(top_builddir)/src/libimcv/libimcv.la \ imc_scanner_la_SOURCES = imc_scanner.c imc_scanner_state.h imc_scanner_state.c imc_scanner_la_LDFLAGS = -module -avoid-version - diff --git a/src/libimcv/plugins/imc_scanner/Makefile.in b/src/libimcv/plugins/imc_scanner/Makefile.in index 7ac9e0812..39d3ae685 100644 --- a/src/libimcv/plugins/imc_scanner/Makefile.in +++ b/src/libimcv/plugins/imc_scanner/Makefile.in @@ -62,7 +62,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/macros/with.m4 \ $(top_srcdir)/m4/macros/enable-disable.m4 \ $(top_srcdir)/m4/macros/add-plugin.m4 \ - $(top_srcdir)/configure.in + $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d @@ -102,22 +102,39 @@ imc_scanner_la_DEPENDENCIES = $(top_builddir)/src/libimcv/libimcv.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la am_imc_scanner_la_OBJECTS = imc_scanner.lo imc_scanner_state.lo imc_scanner_la_OBJECTS = $(am_imc_scanner_la_OBJECTS) -imc_scanner_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(imc_scanner_la_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +imc_scanner_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(AM_CFLAGS) $(CFLAGS) $(imc_scanner_la_LDFLAGS) $(LDFLAGS) -o \ + $@ DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ - --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ - $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ CCLD = $(CC) -LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ - --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ - $(LDFLAGS) -o $@ +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; SOURCES = $(imc_scanner_la_SOURCES) DIST_SOURCES = $(imc_scanner_la_SOURCES) am__can_run_installinfo = \ @@ -131,6 +148,7 @@ DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ @@ -143,6 +161,8 @@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CHECK_CFLAGS = @CHECK_CFLAGS@ CHECK_LIBS = @CHECK_LIBS@ +COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ +COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -158,6 +178,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ GREP = @GREP@ @@ -166,6 +187,7 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LCOV = @LCOV@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ @@ -212,6 +234,7 @@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ SOCKLIB = @SOCKLIB@ STRIP = @STRIP@ +UNWINDLIB = @UNWINDLIB@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ @@ -240,6 +263,7 @@ charon_natt_port = @charon_natt_port@ charon_plugins = @charon_plugins@ charon_udp_port = @charon_udp_port@ clearsilver_LIBS = @clearsilver_LIBS@ +cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ @@ -317,10 +341,14 @@ top_srcdir = @top_srcdir@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libtncif \ +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libtncif \ -I$(top_srcdir)/src/libimcv -AM_CFLAGS = -rdynamic +AM_CFLAGS = \ + -rdynamic + imcv_LTLIBRARIES = imc-scanner.la imc_scanner_la_LIBADD = $(top_builddir)/src/libimcv/libimcv.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la @@ -394,7 +422,7 @@ clean-imcvLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done imc-scanner.la: $(imc_scanner_la_OBJECTS) $(imc_scanner_la_DEPENDENCIES) $(EXTRA_imc_scanner_la_DEPENDENCIES) - $(imc_scanner_la_LINK) -rpath $(imcvdir) $(imc_scanner_la_OBJECTS) $(imc_scanner_la_LIBADD) $(LIBS) + $(AM_V_CCLD)$(imc_scanner_la_LINK) -rpath $(imcvdir) $(imc_scanner_la_OBJECTS) $(imc_scanner_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -406,25 +434,25 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imc_scanner_state.Plo@am__quote@ .c.o: -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(COMPILE) -c $< +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< .c.obj: -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: -@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo diff --git a/src/libimcv/plugins/imc_test/Makefile.am b/src/libimcv/plugins/imc_test/Makefile.am index b55e7bcd4..b1a719ab4 100644 --- a/src/libimcv/plugins/imc_test/Makefile.am +++ b/src/libimcv/plugins/imc_test/Makefile.am @@ -1,8 +1,10 @@ - -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libtncif \ +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libtncif \ -I$(top_srcdir)/src/libimcv -AM_CFLAGS = -rdynamic +AM_CFLAGS = \ + -rdynamic imcv_LTLIBRARIES = imc-test.la @@ -12,4 +14,3 @@ imc_test_la_LIBADD = $(top_builddir)/src/libimcv/libimcv.la \ imc_test_la_SOURCES = imc_test.c imc_test_state.h imc_test_state.c imc_test_la_LDFLAGS = -module -avoid-version - diff --git a/src/libimcv/plugins/imc_test/Makefile.in b/src/libimcv/plugins/imc_test/Makefile.in index 1a3e64e38..5cc1f0d7b 100644 --- a/src/libimcv/plugins/imc_test/Makefile.in +++ b/src/libimcv/plugins/imc_test/Makefile.in @@ -62,7 +62,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/macros/with.m4 \ $(top_srcdir)/m4/macros/enable-disable.m4 \ $(top_srcdir)/m4/macros/add-plugin.m4 \ - $(top_srcdir)/configure.in + $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d @@ -102,7 +102,10 @@ imc_test_la_DEPENDENCIES = $(top_builddir)/src/libimcv/libimcv.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la am_imc_test_la_OBJECTS = imc_test.lo imc_test_state.lo imc_test_la_OBJECTS = $(am_imc_test_la_OBJECTS) -imc_test_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +imc_test_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(imc_test_la_LDFLAGS) $(LDFLAGS) -o $@ DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) @@ -111,13 +114,26 @@ am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ - --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ - $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ CCLD = $(CC) -LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ - --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ - $(LDFLAGS) -o $@ +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; SOURCES = $(imc_test_la_SOURCES) DIST_SOURCES = $(imc_test_la_SOURCES) am__can_run_installinfo = \ @@ -131,6 +147,7 @@ DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ @@ -143,6 +160,8 @@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CHECK_CFLAGS = @CHECK_CFLAGS@ CHECK_LIBS = @CHECK_LIBS@ +COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ +COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -158,6 +177,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ GREP = @GREP@ @@ -166,6 +186,7 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LCOV = @LCOV@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ @@ -212,6 +233,7 @@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ SOCKLIB = @SOCKLIB@ STRIP = @STRIP@ +UNWINDLIB = @UNWINDLIB@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ @@ -240,6 +262,7 @@ charon_natt_port = @charon_natt_port@ charon_plugins = @charon_plugins@ charon_udp_port = @charon_udp_port@ clearsilver_LIBS = @clearsilver_LIBS@ +cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ @@ -317,10 +340,14 @@ top_srcdir = @top_srcdir@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libtncif \ +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libtncif \ -I$(top_srcdir)/src/libimcv -AM_CFLAGS = -rdynamic +AM_CFLAGS = \ + -rdynamic + imcv_LTLIBRARIES = imc-test.la imc_test_la_LIBADD = $(top_builddir)/src/libimcv/libimcv.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la @@ -394,7 +421,7 @@ clean-imcvLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done imc-test.la: $(imc_test_la_OBJECTS) $(imc_test_la_DEPENDENCIES) $(EXTRA_imc_test_la_DEPENDENCIES) - $(imc_test_la_LINK) -rpath $(imcvdir) $(imc_test_la_OBJECTS) $(imc_test_la_LIBADD) $(LIBS) + $(AM_V_CCLD)$(imc_test_la_LINK) -rpath $(imcvdir) $(imc_test_la_OBJECTS) $(imc_test_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -406,25 +433,25 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imc_test_state.Plo@am__quote@ .c.o: -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(COMPILE) -c $< +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< .c.obj: -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: -@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo diff --git a/src/libimcv/plugins/imv_os/Makefile.am b/src/libimcv/plugins/imv_os/Makefile.am index 58edc6963..4713b0913 100644 --- a/src/libimcv/plugins/imv_os/Makefile.am +++ b/src/libimcv/plugins/imv_os/Makefile.am @@ -1,8 +1,10 @@ - -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libtncif \ +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libtncif \ -I$(top_srcdir)/src/libimcv -AM_CFLAGS = -rdynamic +AM_CFLAGS = \ + -rdynamic imcv_LTLIBRARIES = imv-os.la @@ -11,14 +13,14 @@ imv_os_la_LIBADD = $(top_builddir)/src/libimcv/libimcv.la \ imv_os_la_SOURCES = \ imv_os.c imv_os_state.h imv_os_state.c \ + imv_os_agent.h imv_os_agent.c \ imv_os_database.c imv_os_database.h imv_os_la_LDFLAGS = -module -avoid-version ipsec_PROGRAMS = pacman -pacman_SOURCES = pacman.c +pacman_SOURCES = pacman.c pacman_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la pacman.o : $(top_builddir)/config.status EXTRA_DIST = pacman.sh - diff --git a/src/libimcv/plugins/imv_os/Makefile.in b/src/libimcv/plugins/imv_os/Makefile.in index e375f7cbb..1718be000 100644 --- a/src/libimcv/plugins/imv_os/Makefile.in +++ b/src/libimcv/plugins/imv_os/Makefile.in @@ -64,7 +64,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/macros/with.m4 \ $(top_srcdir)/m4/macros/enable-disable.m4 \ $(top_srcdir)/m4/macros/add-plugin.m4 \ - $(top_srcdir)/configure.in + $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d @@ -102,9 +102,13 @@ am__installdirs = "$(DESTDIR)$(imcvdir)" "$(DESTDIR)$(ipsecdir)" LTLIBRARIES = $(imcv_LTLIBRARIES) imv_os_la_DEPENDENCIES = $(top_builddir)/src/libimcv/libimcv.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la -am_imv_os_la_OBJECTS = imv_os.lo imv_os_state.lo imv_os_database.lo +am_imv_os_la_OBJECTS = imv_os.lo imv_os_state.lo imv_os_agent.lo \ + imv_os_database.lo imv_os_la_OBJECTS = $(am_imv_os_la_OBJECTS) -imv_os_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +imv_os_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(imv_os_la_LDFLAGS) $(LDFLAGS) -o $@ PROGRAMS = $(ipsec_PROGRAMS) @@ -118,13 +122,26 @@ am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ - --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ - $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ CCLD = $(CC) -LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ - --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ - $(LDFLAGS) -o $@ +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; SOURCES = $(imv_os_la_SOURCES) $(pacman_SOURCES) DIST_SOURCES = $(imv_os_la_SOURCES) $(pacman_SOURCES) am__can_run_installinfo = \ @@ -138,6 +155,7 @@ DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ @@ -150,6 +168,8 @@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CHECK_CFLAGS = @CHECK_CFLAGS@ CHECK_LIBS = @CHECK_LIBS@ +COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ +COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -165,6 +185,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ GREP = @GREP@ @@ -173,6 +194,7 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LCOV = @LCOV@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ @@ -219,6 +241,7 @@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ SOCKLIB = @SOCKLIB@ STRIP = @STRIP@ +UNWINDLIB = @UNWINDLIB@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ @@ -247,6 +270,7 @@ charon_natt_port = @charon_natt_port@ charon_plugins = @charon_plugins@ charon_udp_port = @charon_udp_port@ clearsilver_LIBS = @clearsilver_LIBS@ +cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ @@ -324,20 +348,25 @@ top_srcdir = @top_srcdir@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libtncif \ +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libtncif \ -I$(top_srcdir)/src/libimcv -AM_CFLAGS = -rdynamic +AM_CFLAGS = \ + -rdynamic + imcv_LTLIBRARIES = imv-os.la imv_os_la_LIBADD = $(top_builddir)/src/libimcv/libimcv.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la imv_os_la_SOURCES = \ imv_os.c imv_os_state.h imv_os_state.c \ + imv_os_agent.h imv_os_agent.c \ imv_os_database.c imv_os_database.h imv_os_la_LDFLAGS = -module -avoid-version -pacman_SOURCES = pacman.c +pacman_SOURCES = pacman.c pacman_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la EXTRA_DIST = pacman.sh all: all-am @@ -407,7 +436,7 @@ clean-imcvLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done imv-os.la: $(imv_os_la_OBJECTS) $(imv_os_la_DEPENDENCIES) $(EXTRA_imv_os_la_DEPENDENCIES) - $(imv_os_la_LINK) -rpath $(imcvdir) $(imv_os_la_OBJECTS) $(imv_os_la_LIBADD) $(LIBS) + $(AM_V_CCLD)$(imv_os_la_LINK) -rpath $(imcvdir) $(imv_os_la_OBJECTS) $(imv_os_la_LIBADD) $(LIBS) install-ipsecPROGRAMS: $(ipsec_PROGRAMS) @$(NORMAL_INSTALL) @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \ @@ -456,7 +485,7 @@ clean-ipsecPROGRAMS: rm -f $$list pacman$(EXEEXT): $(pacman_OBJECTS) $(pacman_DEPENDENCIES) $(EXTRA_pacman_DEPENDENCIES) @rm -f pacman$(EXEEXT) - $(LINK) $(pacman_OBJECTS) $(pacman_LDADD) $(LIBS) + $(AM_V_CCLD)$(LINK) $(pacman_OBJECTS) $(pacman_LDADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -465,30 +494,31 @@ distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imv_os.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imv_os_agent.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imv_os_database.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imv_os_state.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pacman.Po@am__quote@ .c.o: -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(COMPILE) -c $< +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< .c.obj: -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: -@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo diff --git a/src/libimcv/plugins/imv_os/imv_os.c b/src/libimcv/plugins/imv_os/imv_os.c index f1cb74e50..ba0fa8153 100644 --- a/src/libimcv/plugins/imv_os/imv_os.c +++ b/src/libimcv/plugins/imv_os/imv_os.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012-2013 Andreas Steffen + * Copyright (C) 2013 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -13,599 +13,12 @@ * for more details. */ -#include "imv_os_state.h" -#include "imv_os_database.h" - -#include <imv/imv_agent.h> -#include <imv/imv_msg.h> -#include <ietf/ietf_attr.h> -#include <ietf/ietf_attr_attr_request.h> -#include <ietf/ietf_attr_default_pwd_enabled.h> -#include <ietf/ietf_attr_fwd_enabled.h> -#include <ietf/ietf_attr_installed_packages.h> -#include <ietf/ietf_attr_numeric_version.h> -#include <ietf/ietf_attr_op_status.h> -#include <ietf/ietf_attr_pa_tnc_error.h> -#include <ietf/ietf_attr_product_info.h> -#include <ietf/ietf_attr_remediation_instr.h> -#include <ietf/ietf_attr_string_version.h> -#include <ita/ita_attr.h> -#include <ita/ita_attr_get_settings.h> -#include <ita/ita_attr_settings.h> -#include <ita/ita_attr_angel.h> - -#include <tncif_names.h> -#include <tncif_pa_subtypes.h> - -#include <pen/pen.h> -#include <collections/linked_list.h> -#include <utils/debug.h> -#include <utils/lexparser.h> - -/* IMV definitions */ +#include "imv_os_agent.h" static const char imv_name[] = "OS"; +static const imv_agent_create_t imv_agent_create = imv_os_agent_create; -static pen_type_t msg_types[] = { - { PEN_IETF, PA_SUBTYPE_IETF_OPERATING_SYSTEM } -}; - -static imv_agent_t *imv_os; - -/** - * IMV OS database - */ -static imv_os_database_t *os_db; - -/* - * see section 3.8.1 of TCG TNC IF-IMV Specification 1.3 - */ -TNC_Result TNC_IMV_Initialize(TNC_IMVID imv_id, - TNC_Version min_version, - TNC_Version max_version, - TNC_Version *actual_version) -{ - char *uri; - - if (imv_os) - { - DBG1(DBG_IMV, "IMV \"%s\" has already been initialized", imv_name); - return TNC_RESULT_ALREADY_INITIALIZED; - } - imv_os = imv_agent_create(imv_name, msg_types, countof(msg_types), - imv_id, actual_version); - if (!imv_os) - { - return TNC_RESULT_FATAL; - } - if (min_version > TNC_IFIMV_VERSION_1 || max_version < TNC_IFIMV_VERSION_1) - { - DBG1(DBG_IMV, "no common IF-IMV version"); - return TNC_RESULT_NO_COMMON_VERSION; - } - - /* attach OS database */ - uri = lib->settings->get_str(lib->settings, - "libimcv.plugins.imv-os.database", NULL); - if (uri) - { - os_db = imv_os_database_create(uri); - } - - return TNC_RESULT_SUCCESS; -} - -/** - * see section 3.8.2 of TCG TNC IF-IMV Specification 1.3 - */ -TNC_Result TNC_IMV_NotifyConnectionChange(TNC_IMVID imv_id, - TNC_ConnectionID connection_id, - TNC_ConnectionState new_state) -{ - imv_state_t *state; - - if (!imv_os) - { - DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name); - return TNC_RESULT_NOT_INITIALIZED; - } - switch (new_state) - { - case TNC_CONNECTION_STATE_CREATE: - state = imv_os_state_create(connection_id); - return imv_os->create_state(imv_os, state); - case TNC_CONNECTION_STATE_DELETE: - return imv_os->delete_state(imv_os, connection_id); - default: - return imv_os->change_state(imv_os, connection_id, - new_state, NULL); - } -} - -static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg) -{ - imv_msg_t *out_msg; - imv_os_state_t *os_state; - enumerator_t *enumerator; - pa_tnc_attr_t *attr; - pen_type_t type; - TNC_Result result; - chunk_t os_name = chunk_empty; - chunk_t os_version = chunk_empty; - bool fatal_error = FALSE, assessment = FALSE; - char non_market_apps_str[] = "install_non_market_apps"; - char android_id_str[] = "android_id"; - char machine_id_str[] = "/var/lib/dbus/machine-id"; - - os_state = (imv_os_state_t*)state; - - /* parse received PA-TNC message and handle local and remote errors */ - result = in_msg->receive(in_msg, &fatal_error); - if (result != TNC_RESULT_SUCCESS) - { - return result; - } - - out_msg = imv_msg_create_as_reply(in_msg); - - /* analyze PA-TNC attributes */ - enumerator = in_msg->create_attribute_enumerator(in_msg); - while (enumerator->enumerate(enumerator, &attr)) - { - type = attr->get_type(attr); - - if (type.vendor_id == PEN_IETF) - { - switch (type.type) - { - case IETF_ATTR_PRODUCT_INFORMATION: - { - ietf_attr_product_info_t *attr_cast; - pen_t vendor_id; - - attr_cast = (ietf_attr_product_info_t*)attr; - os_name = attr_cast->get_info(attr_cast, &vendor_id, NULL); - if (vendor_id != PEN_IETF) - { - DBG1(DBG_IMV, "operating system name is '%.*s' " - "from vendor %N", os_name.len, os_name.ptr, - pen_names, vendor_id); - } - else - { - DBG1(DBG_IMV, "operating system name is '%.*s'", - os_name.len, os_name.ptr); - } - break; - } - case IETF_ATTR_STRING_VERSION: - { - ietf_attr_string_version_t *attr_cast; - - attr_cast = (ietf_attr_string_version_t*)attr; - os_version = attr_cast->get_version(attr_cast, NULL, NULL); - if (os_version.len) - { - DBG1(DBG_IMV, "operating system version is '%.*s'", - os_version.len, os_version.ptr); - } - break; - } - case IETF_ATTR_NUMERIC_VERSION: - { - ietf_attr_numeric_version_t *attr_cast; - u_int32_t major, minor; - - attr_cast = (ietf_attr_numeric_version_t*)attr; - attr_cast->get_version(attr_cast, &major, &minor); - DBG1(DBG_IMV, "operating system numeric version is %d.%d", - major, minor); - break; - } - case IETF_ATTR_OPERATIONAL_STATUS: - { - ietf_attr_op_status_t *attr_cast; - op_status_t op_status; - op_result_t op_result; - time_t last_boot; - - attr_cast = (ietf_attr_op_status_t*)attr; - op_status = attr_cast->get_status(attr_cast); - op_result = attr_cast->get_result(attr_cast); - last_boot = attr_cast->get_last_use(attr_cast); - DBG1(DBG_IMV, "operational status: %N, result: %N", - op_status_names, op_status, op_result_names, op_result); - DBG1(DBG_IMV, "last boot: %T", &last_boot, TRUE); - break; - } - case IETF_ATTR_FORWARDING_ENABLED: - { - ietf_attr_fwd_enabled_t *attr_cast; - os_fwd_status_t fwd_status; - - attr_cast = (ietf_attr_fwd_enabled_t*)attr; - fwd_status = attr_cast->get_status(attr_cast); - DBG1(DBG_IMV, "IPv4 forwarding status: %N", - os_fwd_status_names, fwd_status); - if (fwd_status == OS_FWD_ENABLED) - { - os_state->set_os_settings(os_state, - OS_SETTINGS_FWD_ENABLED); - } - break; - } - case IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED: - { - ietf_attr_default_pwd_enabled_t *attr_cast; - bool default_pwd_status; - - attr_cast = (ietf_attr_default_pwd_enabled_t*)attr; - default_pwd_status = attr_cast->get_status(attr_cast); - DBG1(DBG_IMV, "factory default password: %sabled", - default_pwd_status ? "en":"dis"); - if (default_pwd_status) - { - os_state->set_os_settings(os_state, - OS_SETTINGS_DEFAULT_PWD_ENABLED); - } - break; - } - case IETF_ATTR_INSTALLED_PACKAGES: - { - ietf_attr_installed_packages_t *attr_cast; - enumerator_t *e; - status_t status; - - /* Received at least one Installed Packages attribute */ - os_state->set_package_request(os_state, FALSE); - - if (!os_db) - { - break; - } - attr_cast = (ietf_attr_installed_packages_t*)attr; - - e = attr_cast->create_enumerator(attr_cast); - status = os_db->check_packages(os_db, os_state, e); - e->destroy(e); - - if (status == FAILED) - { - state->set_recommendation(state, - TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION, - TNC_IMV_EVALUATION_RESULT_ERROR); - assessment = TRUE; - } - break; - } - default: - break; - } - } - else if (type.vendor_id == PEN_ITA) - { - switch (type.type) - { - case ITA_ATTR_SETTINGS: - { - ita_attr_settings_t *attr_cast; - enumerator_t *e; - char *name; - chunk_t value; - - attr_cast = (ita_attr_settings_t*)attr; - e = attr_cast->create_enumerator(attr_cast); - while (e->enumerate(e, &name, &value)) - { - if (streq(name, non_market_apps_str) && - chunk_equals(value, chunk_from_chars('1'))) - { - os_state->set_os_settings(os_state, - OS_SETTINGS_NON_MARKET_APPS); - } - else if ((streq(name, android_id_str) || - streq(name, machine_id_str)) && os_db) - { - os_state->set_device_id(os_state, - os_db->get_device_id(os_db, value)); - } - DBG1(DBG_IMV, "setting '%s'\n %.*s", - name, value.len, value.ptr); - } - e->destroy(e); - break; - } - case ITA_ATTR_START_ANGEL: - os_state->set_angel_count(os_state, TRUE); - break; - case ITA_ATTR_STOP_ANGEL: - os_state->set_angel_count(os_state, FALSE); - break; - default: - break; - } - } - } - enumerator->destroy(enumerator); - - if (os_name.len && os_version.len) - { - os_type_t os_type; - ita_attr_get_settings_t *attr_cast; - - /* set the OS type, name and version */ - os_type = os_type_from_name(os_name); - os_state->set_info(os_state,os_type, os_name, os_version); +/* include generic TGC TNC IF-IMV API code below */ - /* requesting installed packages */ - os_state->set_package_request(os_state, TRUE); - attr = ietf_attr_attr_request_create(PEN_IETF, - IETF_ATTR_INSTALLED_PACKAGES); - out_msg->add_attribute(out_msg, attr); +#include <imv/imv_if.h> - /* requesting Android or Linux settings */ - attr = ita_attr_get_settings_create(); - attr_cast = (ita_attr_get_settings_t*)attr; - - if (os_type == OS_TYPE_ANDROID) - { - attr_cast->add(attr_cast, android_id_str); - attr_cast->add(attr_cast, non_market_apps_str); - } - else - { - attr_cast->add(attr_cast, machine_id_str); - attr_cast->add(attr_cast, "/proc/sys/kernel/tainted"); - } - out_msg->add_attribute(out_msg, attr); - } - - if (fatal_error || - (os_state->get_attribute_request(os_state) && - os_state->get_info(os_state, NULL, NULL, NULL) == NULL)) - { - state->set_recommendation(state, - TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION, - TNC_IMV_EVALUATION_RESULT_ERROR); - assessment = TRUE; - } - - /* If all Installed Packages attributes were received, go to assessment */ - if (!assessment && - !os_state->get_package_request(os_state) && - !os_state->get_angel_count(os_state) && - os_state->get_info(os_state, NULL, NULL, NULL)) - { - int device_id, count, count_update, count_blacklist, count_ok; - u_int os_settings; - u_int32_t id_type; - chunk_t id_value; - - os_settings = os_state->get_os_settings(os_state); - os_state->get_count(os_state, &count, &count_update, &count_blacklist, - &count_ok); - DBG1(DBG_IMV, "processed %d packages: %d not updated, %d blacklisted, " - "%d ok, %d not found", count, count_update, count_blacklist, - count_ok, count - count_update - count_blacklist - count_ok); - - /* Store device information in database */ - device_id = os_state->get_device_id(os_state); - id_value = state->get_ar_id(state, &id_type); - if (os_db && device_id) - { - os_db->set_device_info(os_db, device_id, id_type, id_value, - os_state->get_info(os_state, NULL, NULL, NULL), - count, count_update, count_blacklist, os_settings); - } - - if (count_update || count_blacklist || os_settings) - { - state->set_recommendation(state, - TNC_IMV_ACTION_RECOMMENDATION_ISOLATE, - TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR); - } - else - { - state->set_recommendation(state, - TNC_IMV_ACTION_RECOMMENDATION_ALLOW, - TNC_IMV_EVALUATION_RESULT_COMPLIANT); - } - assessment = TRUE; - } - - if (assessment) - { - result = out_msg->send_assessment(out_msg); - out_msg->destroy(out_msg); - if (result != TNC_RESULT_SUCCESS) - { - return result; - } - return imv_os->provide_recommendation(imv_os, state); - } - - /* send PA-TNC message with excl flag set */ - result = out_msg->send(out_msg, TRUE); - out_msg->destroy(out_msg); - - return result; - } - -/** - * see section 3.8.4 of TCG TNC IF-IMV Specification 1.3 - */ -TNC_Result TNC_IMV_ReceiveMessage(TNC_IMVID imv_id, - TNC_ConnectionID connection_id, - TNC_BufferReference msg, - TNC_UInt32 msg_len, - TNC_MessageType msg_type) -{ - imv_state_t *state; - imv_msg_t *in_msg; - TNC_Result result; - - if (!imv_os) - { - DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name); - return TNC_RESULT_NOT_INITIALIZED; - } - if (!imv_os->get_state(imv_os, connection_id, &state)) - { - return TNC_RESULT_FATAL; - } - in_msg = imv_msg_create_from_data(imv_os, state, connection_id, msg_type, - chunk_create(msg, msg_len)); - result = receive_message(state, in_msg); - in_msg->destroy(in_msg); - - return result; -} - -/** - * see section 3.8.6 of TCG TNC IF-IMV Specification 1.3 - */ -TNC_Result TNC_IMV_ReceiveMessageLong(TNC_IMVID imv_id, - TNC_ConnectionID connection_id, - TNC_UInt32 msg_flags, - TNC_BufferReference msg, - TNC_UInt32 msg_len, - TNC_VendorID msg_vid, - TNC_MessageSubtype msg_subtype, - TNC_UInt32 src_imc_id, - TNC_UInt32 dst_imv_id) -{ - imv_state_t *state; - imv_msg_t *in_msg; - TNC_Result result; - - if (!imv_os) - { - DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name); - return TNC_RESULT_NOT_INITIALIZED; - } - if (!imv_os->get_state(imv_os, connection_id, &state)) - { - return TNC_RESULT_FATAL; - } - in_msg = imv_msg_create_from_long_data(imv_os, state, connection_id, - src_imc_id, dst_imv_id, msg_vid, msg_subtype, - chunk_create(msg, msg_len)); - result =receive_message(state, in_msg); - in_msg->destroy(in_msg); - - return result; -} - -/** - * see section 3.8.7 of TCG TNC IF-IMV Specification 1.3 - */ -TNC_Result TNC_IMV_SolicitRecommendation(TNC_IMVID imv_id, - TNC_ConnectionID connection_id) -{ - imv_state_t *state; - - if (!imv_os) - { - DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name); - return TNC_RESULT_NOT_INITIALIZED; - } - if (!imv_os->get_state(imv_os, connection_id, &state)) - { - return TNC_RESULT_FATAL; - } - return imv_os->provide_recommendation(imv_os, state); -} - -/** - * see section 3.8.8 of TCG TNC IF-IMV Specification 1.3 - */ -TNC_Result TNC_IMV_BatchEnding(TNC_IMVID imv_id, - TNC_ConnectionID connection_id) -{ - imv_state_t *state; - imv_os_state_t *os_state; - TNC_IMV_Action_Recommendation rec; - TNC_IMV_Evaluation_Result eval; - TNC_Result result = TNC_RESULT_SUCCESS; - - if (!imv_os) - { - DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name); - return TNC_RESULT_NOT_INITIALIZED; - } - if (!imv_os->get_state(imv_os, connection_id, &state)) - { - return TNC_RESULT_FATAL; - } - os_state = (imv_os_state_t*)state; - - state->get_recommendation(state, &rec, &eval); - - /* - * Don't send an attribute request if an evaluation is available - * or if an attribute request has already been sent - */ - if (eval != TNC_IMV_EVALUATION_RESULT_DONT_KNOW || - os_state->get_attribute_request(os_state)) - { - return TNC_RESULT_SUCCESS; - } - - if (os_state->get_info(os_state, NULL, NULL, NULL) == NULL) - { - imv_msg_t *out_msg; - pa_tnc_attr_t *attr; - ietf_attr_attr_request_t *attr_cast; - - out_msg = imv_msg_create(imv_os, state, connection_id, imv_id, - TNC_IMCID_ANY, msg_types[0]); - attr = ietf_attr_attr_request_create(PEN_IETF, - IETF_ATTR_PRODUCT_INFORMATION); - attr_cast = (ietf_attr_attr_request_t*)attr; - attr_cast->add(attr_cast, PEN_IETF, IETF_ATTR_STRING_VERSION); - attr_cast->add(attr_cast, PEN_IETF, IETF_ATTR_NUMERIC_VERSION); - attr_cast->add(attr_cast, PEN_IETF, IETF_ATTR_OPERATIONAL_STATUS); - attr_cast->add(attr_cast, PEN_IETF, IETF_ATTR_FORWARDING_ENABLED); - attr_cast->add(attr_cast, PEN_IETF, IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED); - out_msg->add_attribute(out_msg, attr); - os_state->set_attribute_request(os_state, TRUE); - - /* send PA-TNC message with excl flag not set */ - result = out_msg->send(out_msg, FALSE); - out_msg->destroy(out_msg); - } - - return result; -} - -/** - * see section 3.8.9 of TCG TNC IF-IMV Specification 1.3 - */ -TNC_Result TNC_IMV_Terminate(TNC_IMVID imv_id) -{ - if (!imv_os) - { - DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name); - return TNC_RESULT_NOT_INITIALIZED; - } - DESTROY_IF(os_db); - - imv_os->destroy(imv_os); - imv_os = NULL; - - return TNC_RESULT_SUCCESS; -} - -/** - * see section 4.2.8.1 of TCG TNC IF-IMV Specification 1.3 - */ -TNC_Result TNC_IMV_ProvideBindFunction(TNC_IMVID imv_id, - TNC_TNCS_BindFunctionPointer bind_function) -{ - if (!imv_os) - { - DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name); - return TNC_RESULT_NOT_INITIALIZED; - } - return imv_os->bind_functions(imv_os, bind_function); -} diff --git a/src/libimcv/plugins/imv_os/imv_os_agent.c b/src/libimcv/plugins/imv_os/imv_os_agent.c new file mode 100644 index 000000000..ba3f3afc6 --- /dev/null +++ b/src/libimcv/plugins/imv_os/imv_os_agent.c @@ -0,0 +1,805 @@ +/* + * Copyright (C) 2013 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#define _GNU_SOURCE +#include <stdio.h> + +#include "imv_os_agent.h" +#include "imv_os_state.h" +#include "imv_os_database.h" + +#include <imcv.h> +#include <imv/imv_agent.h> +#include <imv/imv_msg.h> +#include <ietf/ietf_attr.h> +#include <ietf/ietf_attr_attr_request.h> +#include <ietf/ietf_attr_default_pwd_enabled.h> +#include <ietf/ietf_attr_fwd_enabled.h> +#include <ietf/ietf_attr_installed_packages.h> +#include <ietf/ietf_attr_numeric_version.h> +#include <ietf/ietf_attr_op_status.h> +#include <ietf/ietf_attr_pa_tnc_error.h> +#include <ietf/ietf_attr_product_info.h> +#include <ietf/ietf_attr_remediation_instr.h> +#include <ietf/ietf_attr_string_version.h> +#include <ita/ita_attr.h> +#include <ita/ita_attr_get_settings.h> +#include <ita/ita_attr_settings.h> +#include <ita/ita_attr_angel.h> +#include <ita/ita_attr_device_id.h> + +#include <tncif_names.h> +#include <tncif_pa_subtypes.h> + +#include <pen/pen.h> +#include <utils/debug.h> + +typedef struct private_imv_os_agent_t private_imv_os_agent_t; +typedef enum imv_os_attr_t imv_os_attr_t; + +/* Subscribed PA-TNC message subtypes */ +static pen_type_t msg_types[] = { + { PEN_IETF, PA_SUBTYPE_IETF_OPERATING_SYSTEM } +}; + +static char unknown_source_str[] = "install_non_market_apps"; + +/** + * Flag set when corresponding attribute has been received + */ +enum imv_os_attr_t { + IMV_OS_ATTR_PRODUCT_INFORMATION = (1<<0), + IMV_OS_ATTR_STRING_VERSION = (1<<1), + IMV_OS_ATTR_NUMERIC_VERSION = (1<<2), + IMV_OS_ATTR_OPERATIONAL_STATUS = (1<<3), + IMV_OS_ATTR_FORWARDING_ENABLED = (1<<4), + IMV_OS_ATTR_FACTORY_DEFAULT_PWD_ENABLED = (1<<5), + IMV_OS_ATTR_DEVICE_ID = (1<<6), + IMV_OS_ATTR_MUST = (1<<7)-1, + IMV_OS_ATTR_INSTALLED_PACKAGES = (1<<7), + IMV_OS_ATTR_SETTINGS = (1<<8) +}; + +/** + * Private data of an imv_os_agent_t object. + */ +struct private_imv_os_agent_t { + + /** + * Public members of imv_os_agent_t + */ + imv_agent_if_t public; + + /** + * IMV agent responsible for generic functions + */ + imv_agent_t *agent; + + /** + * IMV OS database + */ + imv_os_database_t *db; + +}; + +METHOD(imv_agent_if_t, bind_functions, TNC_Result, + private_imv_os_agent_t *this, TNC_TNCS_BindFunctionPointer bind_function) +{ + return this->agent->bind_functions(this->agent, bind_function); +} + +METHOD(imv_agent_if_t, notify_connection_change, TNC_Result, + private_imv_os_agent_t *this, TNC_ConnectionID id, + TNC_ConnectionState new_state) +{ + TNC_IMV_Action_Recommendation rec; + imv_state_t *state; + imv_session_t *session; + + switch (new_state) + { + case TNC_CONNECTION_STATE_CREATE: + state = imv_os_state_create(id); + return this->agent->create_state(this->agent, state); + case TNC_CONNECTION_STATE_DELETE: + return this->agent->delete_state(this->agent, id); + case TNC_CONNECTION_STATE_ACCESS_ALLOWED: + case TNC_CONNECTION_STATE_ACCESS_ISOLATED: + case TNC_CONNECTION_STATE_ACCESS_NONE: + if (imcv_db && this->agent->get_state(this->agent, id, &state)) + { + switch (new_state) + { + case TNC_CONNECTION_STATE_ACCESS_ALLOWED: + rec = TNC_IMV_ACTION_RECOMMENDATION_ALLOW; + break; + case TNC_CONNECTION_STATE_ACCESS_ISOLATED: + rec = TNC_IMV_ACTION_RECOMMENDATION_ISOLATE; + break; + case TNC_CONNECTION_STATE_ACCESS_NONE: + default: + rec = TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS; + } + session = state->get_session(state); + imcv_db->add_recommendation(imcv_db, session, rec); + imcv_db->policy_script(imcv_db, session, FALSE); + } + /* fall through to default state */ + default: + return this->agent->change_state(this->agent, id, new_state, NULL); + } +} + +/** + * Process a received message + */ +static TNC_Result receive_msg(private_imv_os_agent_t *this, imv_state_t *state, + imv_msg_t *in_msg) +{ + imv_msg_t *out_msg; + imv_os_state_t *os_state; + enumerator_t *enumerator; + pa_tnc_attr_t *attr; + pen_type_t type; + TNC_Result result; + chunk_t os_name = chunk_empty; + chunk_t os_version = chunk_empty; + bool fatal_error = FALSE, assessment = FALSE; + + os_state = (imv_os_state_t*)state; + + /* parse received PA-TNC message and handle local and remote errors */ + result = in_msg->receive(in_msg, &fatal_error); + if (result != TNC_RESULT_SUCCESS) + { + return result; + } + + out_msg = imv_msg_create_as_reply(in_msg); + + /* analyze PA-TNC attributes */ + enumerator = in_msg->create_attribute_enumerator(in_msg); + while (enumerator->enumerate(enumerator, &attr)) + { + type = attr->get_type(attr); + + if (type.vendor_id == PEN_IETF) + { + switch (type.type) + { + case IETF_ATTR_PRODUCT_INFORMATION: + { + ietf_attr_product_info_t *attr_cast; + pen_t vendor_id; + + state->set_action_flags(state, + IMV_OS_ATTR_PRODUCT_INFORMATION); + attr_cast = (ietf_attr_product_info_t*)attr; + os_name = attr_cast->get_info(attr_cast, &vendor_id, NULL); + if (vendor_id != PEN_IETF) + { + DBG1(DBG_IMV, "operating system name is '%.*s' " + "from vendor %N", os_name.len, os_name.ptr, + pen_names, vendor_id); + } + else + { + DBG1(DBG_IMV, "operating system name is '%.*s'", + os_name.len, os_name.ptr); + } + break; + } + case IETF_ATTR_STRING_VERSION: + { + ietf_attr_string_version_t *attr_cast; + + state->set_action_flags(state, + IMV_OS_ATTR_STRING_VERSION); + attr_cast = (ietf_attr_string_version_t*)attr; + os_version = attr_cast->get_version(attr_cast, NULL, NULL); + if (os_version.len) + { + DBG1(DBG_IMV, "operating system version is '%.*s'", + os_version.len, os_version.ptr); + } + break; + } + case IETF_ATTR_NUMERIC_VERSION: + { + ietf_attr_numeric_version_t *attr_cast; + u_int32_t major, minor; + + state->set_action_flags(state, + IMV_OS_ATTR_NUMERIC_VERSION); + attr_cast = (ietf_attr_numeric_version_t*)attr; + attr_cast->get_version(attr_cast, &major, &minor); + DBG1(DBG_IMV, "operating system numeric version is %d.%d", + major, minor); + break; + } + case IETF_ATTR_OPERATIONAL_STATUS: + { + ietf_attr_op_status_t *attr_cast; + op_status_t op_status; + op_result_t op_result; + time_t last_boot; + + state->set_action_flags(state, + IMV_OS_ATTR_OPERATIONAL_STATUS); + attr_cast = (ietf_attr_op_status_t*)attr; + op_status = attr_cast->get_status(attr_cast); + op_result = attr_cast->get_result(attr_cast); + last_boot = attr_cast->get_last_use(attr_cast); + DBG1(DBG_IMV, "operational status: %N, result: %N", + op_status_names, op_status, op_result_names, op_result); + DBG1(DBG_IMV, "last boot: %T", &last_boot, TRUE); + break; + } + case IETF_ATTR_FORWARDING_ENABLED: + { + ietf_attr_fwd_enabled_t *attr_cast; + os_fwd_status_t fwd_status; + + state->set_action_flags(state, + IMV_OS_ATTR_FORWARDING_ENABLED); + attr_cast = (ietf_attr_fwd_enabled_t*)attr; + fwd_status = attr_cast->get_status(attr_cast); + DBG1(DBG_IMV, "IPv4 forwarding is %N", + os_fwd_status_names, fwd_status); + if (fwd_status == OS_FWD_ENABLED) + { + os_state->set_os_settings(os_state, + OS_SETTINGS_FWD_ENABLED); + } + break; + } + case IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED: + { + ietf_attr_default_pwd_enabled_t *attr_cast; + bool default_pwd_status; + + state->set_action_flags(state, + IMV_OS_ATTR_FACTORY_DEFAULT_PWD_ENABLED); + attr_cast = (ietf_attr_default_pwd_enabled_t*)attr; + default_pwd_status = attr_cast->get_status(attr_cast); + DBG1(DBG_IMV, "factory default password is %sabled", + default_pwd_status ? "en":"dis"); + if (default_pwd_status) + { + os_state->set_os_settings(os_state, + OS_SETTINGS_DEFAULT_PWD_ENABLED); + } + break; + } + case IETF_ATTR_INSTALLED_PACKAGES: + { + ietf_attr_installed_packages_t *attr_cast; + enumerator_t *e; + status_t status; + + state->set_action_flags(state, + IMV_OS_ATTR_INSTALLED_PACKAGES); + if (!this->db) + { + break; + } + attr_cast = (ietf_attr_installed_packages_t*)attr; + + e = attr_cast->create_enumerator(attr_cast); + status = this->db->check_packages(this->db, os_state, e); + e->destroy(e); + + if (status == FAILED) + { + state->set_recommendation(state, + TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION, + TNC_IMV_EVALUATION_RESULT_ERROR); + assessment = TRUE; + } + break; + } + default: + break; + } + } + else if (type.vendor_id == PEN_ITA) + { + switch (type.type) + { + case ITA_ATTR_SETTINGS: + { + ita_attr_settings_t *attr_cast; + enumerator_t *e; + char *name; + chunk_t value; + + state->set_action_flags(state, IMV_OS_ATTR_SETTINGS); + + attr_cast = (ita_attr_settings_t*)attr; + e = attr_cast->create_enumerator(attr_cast); + while (e->enumerate(e, &name, &value)) + { + if (streq(name, unknown_source_str) && + chunk_equals(value, chunk_from_chars('1'))) + { + os_state->set_os_settings(os_state, + OS_SETTINGS_UNKNOWN_SOURCE); + } + DBG1(DBG_IMV, "setting '%s'\n %.*s", + name, value.len, value.ptr); + } + e->destroy(e); + break; + } + case ITA_ATTR_DEVICE_ID: + { + chunk_t value; + + state->set_action_flags(state, IMV_OS_ATTR_DEVICE_ID); + + value = attr->get_value(attr); + os_state->set_device_id(os_state, value); + DBG1(DBG_IMV, "device ID is %.*s", value.len, value.ptr); + break; + } + case ITA_ATTR_START_ANGEL: + os_state->set_angel_count(os_state, TRUE); + break; + case ITA_ATTR_STOP_ANGEL: + os_state->set_angel_count(os_state, FALSE); + break; + default: + break; + } + } + } + enumerator->destroy(enumerator); + + /** + * The IETF Product Information and String Version attributes + * are supposed to arrive in the same PA-TNC message + */ + if (os_name.len && os_version.len) + { + os_type_t os_type; + + /* set the OS type, name and version */ + os_type = os_type_from_name(os_name); + os_state->set_info(os_state,os_type, os_name, os_version); + + if (imcv_db) + { + imcv_db->add_product(imcv_db, state->get_session(state), + os_state->get_info(os_state, NULL, NULL, NULL)); + } + } + + if (fatal_error) + { + state->set_recommendation(state, + TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION, + TNC_IMV_EVALUATION_RESULT_ERROR); + assessment = TRUE; + } + + if (assessment) + { + os_state->set_handshake_state(os_state, IMV_OS_STATE_END); + result = out_msg->send_assessment(out_msg); + out_msg->destroy(out_msg); + if (result != TNC_RESULT_SUCCESS) + { + return result; + } + return this->agent->provide_recommendation(this->agent, state); + } + + /* send PA-TNC message with excl flag set */ + result = out_msg->send(out_msg, TRUE); + out_msg->destroy(out_msg); + + return result; + } + +METHOD(imv_agent_if_t, receive_message, TNC_Result, + private_imv_os_agent_t *this, TNC_ConnectionID id, + TNC_MessageType msg_type, chunk_t msg) +{ + imv_state_t *state; + imv_msg_t *in_msg; + TNC_Result result; + + if (!this->agent->get_state(this->agent, id, &state)) + { + return TNC_RESULT_FATAL; + } + in_msg = imv_msg_create_from_data(this->agent, state, id, msg_type, msg); + result = receive_msg(this, state, in_msg); + in_msg->destroy(in_msg); + + return result; +} + +METHOD(imv_agent_if_t, receive_message_long, TNC_Result, + private_imv_os_agent_t *this, TNC_ConnectionID id, + TNC_UInt32 src_imc_id, TNC_UInt32 dst_imv_id, + TNC_VendorID msg_vid, TNC_MessageSubtype msg_subtype, chunk_t msg) +{ + imv_state_t *state; + imv_msg_t *in_msg; + TNC_Result result; + + if (!this->agent->get_state(this->agent, id, &state)) + { + return TNC_RESULT_FATAL; + } + in_msg = imv_msg_create_from_long_data(this->agent, state, id, + src_imc_id, dst_imv_id, msg_vid, msg_subtype, msg); + result = receive_msg(this, state, in_msg); + in_msg->destroy(in_msg); + + return result; + +} + +/** + * Build an IETF Attribute Request attribute for missing attributes + */ +static pa_tnc_attr_t* build_attr_request(u_int32_t received) +{ + pa_tnc_attr_t *attr; + ietf_attr_attr_request_t *attr_cast; + + attr = ietf_attr_attr_request_create(PEN_RESERVED, 0); + attr_cast = (ietf_attr_attr_request_t*)attr; + + if (!(received & IMV_OS_ATTR_PRODUCT_INFORMATION) || + !(received & IMV_OS_ATTR_STRING_VERSION)) + { + attr_cast->add(attr_cast, PEN_IETF, IETF_ATTR_PRODUCT_INFORMATION); + attr_cast->add(attr_cast, PEN_IETF, IETF_ATTR_STRING_VERSION); + } + if (!(received & IMV_OS_ATTR_NUMERIC_VERSION)) + { + attr_cast->add(attr_cast, PEN_IETF, IETF_ATTR_NUMERIC_VERSION); + } + if (!(received & IMV_OS_ATTR_OPERATIONAL_STATUS)) + { + attr_cast->add(attr_cast, PEN_IETF, IETF_ATTR_OPERATIONAL_STATUS); + } + if (!(received & IMV_OS_ATTR_FORWARDING_ENABLED)) + { + attr_cast->add(attr_cast, PEN_IETF, IETF_ATTR_FORWARDING_ENABLED); + } + if (!(received & IMV_OS_ATTR_FACTORY_DEFAULT_PWD_ENABLED)) + { + attr_cast->add(attr_cast, PEN_IETF, + IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED); + } + if (!(received & IMV_OS_ATTR_DEVICE_ID)) + { + attr_cast->add(attr_cast, PEN_ITA, ITA_ATTR_DEVICE_ID); + } + + return attr; +} + +METHOD(imv_agent_if_t, batch_ending, TNC_Result, + private_imv_os_agent_t *this, TNC_ConnectionID id) +{ + imv_msg_t *out_msg; + imv_state_t *state; + imv_session_t *session; + imv_workitem_t *workitem; + imv_os_state_t *os_state; + imv_os_handshake_state_t handshake_state; + pa_tnc_attr_t *attr; + TNC_IMVID imv_id; + TNC_Result result = TNC_RESULT_SUCCESS; + bool no_workitems = TRUE; + enumerator_t *enumerator; + u_int32_t received; + + if (!this->agent->get_state(this->agent, id, &state)) + { + return TNC_RESULT_FATAL; + } + os_state = (imv_os_state_t*)state; + handshake_state = os_state->get_handshake_state(os_state); + received = state->get_action_flags(state); + session = state->get_session(state); + imv_id = this->agent->get_id(this->agent); + + if (handshake_state == IMV_OS_STATE_END) + { + return TNC_RESULT_SUCCESS; + } + + /* create an empty out message - we might need it */ + out_msg = imv_msg_create(this->agent, state, id, imv_id, TNC_IMCID_ANY, + msg_types[0]); + + if (handshake_state == IMV_OS_STATE_INIT) + { + if ((received & IMV_OS_ATTR_MUST) != IMV_OS_ATTR_MUST) + { + /* create attribute request for missing mandatory attributes */ + out_msg->add_attribute(out_msg, build_attr_request(received)); + } + } + + if (handshake_state < IMV_OS_STATE_POLICY_START) + { + if (((received & IMV_OS_ATTR_PRODUCT_INFORMATION) && + (received & IMV_OS_ATTR_STRING_VERSION)) && + ((received & IMV_OS_ATTR_DEVICE_ID) || + (handshake_state == IMV_OS_STATE_ATTR_REQ))) + { + if (imcv_db) + { + imcv_db->add_device(imcv_db, session, + os_state->get_device_id(os_state)); + + /* trigger the policy manager */ + imcv_db->policy_script(imcv_db, session, TRUE); + } + else + { + DBG2(DBG_IMV, "no workitems available - no evaluation possible"); + state->set_recommendation(state, + TNC_IMV_ACTION_RECOMMENDATION_ALLOW, + TNC_IMV_EVALUATION_RESULT_DONT_KNOW); + } + handshake_state = IMV_OS_STATE_POLICY_START; + } + else if (handshake_state == IMV_OS_STATE_ATTR_REQ) + { + /** + * both the IETF Product Information and IETF String Version + * attribute should have been present + */ + state->set_recommendation(state, + TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION, + TNC_IMV_EVALUATION_RESULT_ERROR); + + /* send assessment */ + result = out_msg->send_assessment(out_msg); + out_msg->destroy(out_msg); + + if (result != TNC_RESULT_SUCCESS) + { + return result; + } + return this->agent->provide_recommendation(this->agent, state); + } + else + { + handshake_state = IMV_OS_STATE_ATTR_REQ; + } + os_state->set_handshake_state(os_state, handshake_state); + } + + if (handshake_state == IMV_OS_STATE_POLICY_START && session) + { + enumerator = session->create_workitem_enumerator(session); + if (enumerator) + { + while (enumerator->enumerate(enumerator, &workitem)) + { + if (workitem->get_imv_id(workitem) != TNC_IMVID_ANY) + { + continue; + } + + switch (workitem->get_type(workitem)) + { + case IMV_WORKITEM_PACKAGES: + attr = ietf_attr_attr_request_create(PEN_IETF, + IETF_ATTR_INSTALLED_PACKAGES); + out_msg->add_attribute(out_msg, attr); + break; + case IMV_WORKITEM_UNKNOWN_SOURCE: + attr = ita_attr_get_settings_create(unknown_source_str); + out_msg->add_attribute(out_msg, attr); + break; + case IMV_WORKITEM_FORWARDING: + case IMV_WORKITEM_DEFAULT_PWD: + break; + default: + continue; + } + workitem->set_imv_id(workitem, imv_id); + no_workitems = FALSE; + } + enumerator->destroy(enumerator); + + if (no_workitems) + { + DBG2(DBG_IMV, "IMV %d has no workitems - " + "no evaluation requested", imv_id); + state->set_recommendation(state, + TNC_IMV_ACTION_RECOMMENDATION_ALLOW, + TNC_IMV_EVALUATION_RESULT_DONT_KNOW); + } + handshake_state = IMV_OS_STATE_WORKITEMS; + os_state->set_handshake_state(os_state, handshake_state); + } + } + + if (handshake_state == IMV_OS_STATE_WORKITEMS && session) + { + TNC_IMV_Evaluation_Result eval; + TNC_IMV_Action_Recommendation rec; + char result_str[BUF_LEN]; + bool fail; + + enumerator = session->create_workitem_enumerator(session); + while (enumerator->enumerate(enumerator, &workitem)) + { + if (workitem->get_imv_id(workitem) != imv_id) + { + continue; + } + eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW; + + switch (workitem->get_type(workitem)) + { + case IMV_WORKITEM_PACKAGES: + { + int count, count_update, count_blacklist, count_ok; + + if (!(received & IMV_OS_ATTR_INSTALLED_PACKAGES) || + os_state->get_angel_count(os_state)) + { + continue; + } + os_state->get_count(os_state, &count, &count_update, + &count_blacklist, &count_ok); + fail = count_update || count_blacklist; + eval = fail ? TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR : + TNC_IMV_EVALUATION_RESULT_COMPLIANT; + snprintf(result_str, BUF_LEN, "processed %d packages: " + "%d not updated, %d blacklisted, %d ok, " + "%d not found", + count, count_update, count_blacklist, count_ok, + count - count_update - count_blacklist - count_ok); + break; + } + case IMV_WORKITEM_UNKNOWN_SOURCE: + if (!(received & IMV_OS_ATTR_SETTINGS)) + { + continue; + } + fail = os_state->get_os_settings(os_state) & + OS_SETTINGS_UNKNOWN_SOURCE; + eval = fail ? TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR : + TNC_IMV_EVALUATION_RESULT_COMPLIANT; + snprintf(result_str, BUF_LEN, "unknown sources%s enabled", + fail ? "" : " not"); + break; + case IMV_WORKITEM_FORWARDING: + if (!(received & IMV_OS_ATTR_FORWARDING_ENABLED)) + { + continue; + } + fail = os_state->get_os_settings(os_state) & + OS_SETTINGS_FWD_ENABLED; + eval = fail ? TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MAJOR : + TNC_IMV_EVALUATION_RESULT_COMPLIANT; + snprintf(result_str, BUF_LEN, "forwarding%s enabled", + fail ? "" : " not"); + break; + case IMV_WORKITEM_DEFAULT_PWD: + if (!(received & IMV_OS_ATTR_FACTORY_DEFAULT_PWD_ENABLED)) + { + continue; + } + fail = os_state->get_os_settings(os_state) & + OS_SETTINGS_DEFAULT_PWD_ENABLED; + eval = fail ? TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MAJOR : + TNC_IMV_EVALUATION_RESULT_COMPLIANT; + snprintf(result_str, BUF_LEN, "factory default password%s enabled", + fail ? "" : " not"); + break; + default: + continue; + } + if (eval != TNC_IMV_EVALUATION_RESULT_DONT_KNOW) + { + session->remove_workitem(session, enumerator); + rec = workitem->set_result(workitem, result_str, eval); + state->update_recommendation(state, rec, eval); + imcv_db->finalize_workitem(imcv_db, workitem); + workitem->destroy(workitem); + } + } + enumerator->destroy(enumerator); + + /* finalized all workitems ? */ + if (session->get_workitem_count(session, imv_id) == 0) + { + os_state->set_handshake_state(os_state, IMV_OS_STATE_END); + + result = out_msg->send_assessment(out_msg); + out_msg->destroy(out_msg); + if (result != TNC_RESULT_SUCCESS) + { + return result; + } + return this->agent->provide_recommendation(this->agent, state); + } + } + + /* send non-empty PA-TNC message with excl flag not set */ + if (out_msg->get_attribute_count(out_msg)) + { + result = out_msg->send(out_msg, FALSE); + } + out_msg->destroy(out_msg); + + return result; +} + +METHOD(imv_agent_if_t, solicit_recommendation, TNC_Result, + private_imv_os_agent_t *this, TNC_ConnectionID id) +{ + imv_state_t *state; + + if (!this->agent->get_state(this->agent, id, &state)) + { + return TNC_RESULT_FATAL; + } + return this->agent->provide_recommendation(this->agent, state); +} + +METHOD(imv_agent_if_t, destroy, void, + private_imv_os_agent_t *this) +{ + DESTROY_IF(this->agent); + DESTROY_IF(this->db); + free(this); +} + +/** + * Described in header. + */ +imv_agent_if_t *imv_os_agent_create(const char *name, TNC_IMVID id, + TNC_Version *actual_version) +{ + private_imv_os_agent_t *this; + + INIT(this, + .public = { + .bind_functions = _bind_functions, + .notify_connection_change = _notify_connection_change, + .receive_message = _receive_message, + .receive_message_long = _receive_message_long, + .batch_ending = _batch_ending, + .solicit_recommendation = _solicit_recommendation, + .destroy = _destroy, + }, + .agent = imv_agent_create(name, msg_types, countof(msg_types), id, + actual_version), + .db = imv_os_database_create(imcv_db), + ); + + if (!this->agent) + { + destroy(this); + return NULL; + } + return &this->public; +} + diff --git a/src/libimcv/plugins/imv_os/imv_os_agent.h b/src/libimcv/plugins/imv_os/imv_os_agent.h new file mode 100644 index 000000000..cec1b1f20 --- /dev/null +++ b/src/libimcv/plugins/imv_os/imv_os_agent.h @@ -0,0 +1,36 @@ +/* + * Copyright (C) 2013 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup imv_os_agent_t imv_os_agent + * @{ @ingroup imv_os + */ + +#ifndef IMV_OS_AGENT_H_ +#define IMV_OS_AGENT_H_ + +#include <imv/imv_agent_if.h> + +/** + * Creates an OS IMV agent + * + * @param name Name of the IMV + * @param id ID of the IMV + * @param actual_version TNC IF-IMV version + */ +imv_agent_if_t* imv_os_agent_create(const char* name, TNC_IMVID id, + TNC_Version *actual_version); + +#endif /** IMV_OS_AGENT_H_ @}*/ diff --git a/src/libimcv/plugins/imv_os/imv_os_database.c b/src/libimcv/plugins/imv_os/imv_os_database.c index a7f9f2eed..d2a08b0fa 100644 --- a/src/libimcv/plugins/imv_os/imv_os_database.c +++ b/src/libimcv/plugins/imv_os/imv_os_database.c @@ -44,32 +44,20 @@ METHOD(imv_os_database_t, check_packages, status_t, enumerator_t *package_enumerator) { char *product, *package, *release, *cur_release; - u_char *pos; - chunk_t os_name, os_version, name, version; + chunk_t name, version; os_type_t os_type; - size_t os_version_len; - os_package_state_t package_state; - int pid, gid; + int pid, gid, security, blacklist; int count = 0, count_ok = 0, count_no_match = 0, count_blacklist = 0; enumerator_t *e; status_t status = SUCCESS; bool found, match; - state->get_info(state, &os_type, &os_name, &os_version); + product = state->get_info(state, &os_type, NULL, NULL); if (os_type == OS_TYPE_ANDROID) { /*no package dependency on Android version */ - product = strdup(enum_to_name(os_type_names, os_type)); - } - else - { - /* remove appended platform info */ - pos = memchr(os_version.ptr, ' ', os_version.len); - os_version_len = pos ? (pos - os_version.ptr) : os_version.len; - product = malloc(os_name.len + 1 + os_version_len + 1); - sprintf(product, "%.*s %.*s", (int)os_name.len, os_name.ptr, - (int)os_version_len, os_version.ptr); + product = enum_to_name(os_type_names, os_type); } DBG1(DBG_IMV, "processing installed '%s' packages", product); @@ -79,13 +67,11 @@ METHOD(imv_os_database_t, check_packages, status_t, DB_TEXT, product, DB_INT); if (!e) { - free(product); return FAILED; } if (!e->enumerate(e, &pid)) { e->destroy(e); - free(product); return NOT_FOUND; } e->destroy(e); @@ -102,7 +88,6 @@ METHOD(imv_os_database_t, check_packages, status_t, DB_TEXT, package, DB_INT); if (!e) { - free(product); free(package); return FAILED; } @@ -125,12 +110,11 @@ METHOD(imv_os_database_t, check_packages, status_t, /* Enumerate over all acceptable versions */ e = this->db->query(this->db, - "SELECT release, security FROM versions " + "SELECT release, security, blacklist FROM versions " "WHERE product = ? AND package = ?", - DB_INT, pid, DB_INT, gid, DB_TEXT, DB_INT); + DB_INT, pid, DB_INT, gid, DB_TEXT, DB_INT, DB_INT); if (!e) { - free(product); free(package); free(release); return FAILED; @@ -138,7 +122,7 @@ METHOD(imv_os_database_t, check_packages, status_t, found = FALSE; match = FALSE; - while (e->enumerate(e, &cur_release, &package_state)) + while (e->enumerate(e, &cur_release, &security, &blacklist)) { found = TRUE; if (streq(release, cur_release) || streq("*", cur_release)) @@ -153,17 +137,18 @@ METHOD(imv_os_database_t, check_packages, status_t, { if (match) { - if (package_state == OS_PACKAGE_STATE_BLACKLIST) + if (blacklist) { DBG2(DBG_IMV, "package '%s' (%s) is blacklisted", package, release); count_blacklist++; - state->add_bad_package(state, package, package_state); + state->add_bad_package(state, package, + OS_PACKAGE_STATE_BLACKLIST); } else { - DBG2(DBG_IMV, "package '%s' (%s)%N is ok", package, release, - os_package_state_names, package_state); + DBG2(DBG_IMV, "package '%s' (%s)%s is ok", package, release, + security ? " [s]" : ""); count_ok++; } } @@ -171,7 +156,8 @@ METHOD(imv_os_database_t, check_packages, status_t, { DBG1(DBG_IMV, "package '%s' (%s) no match", package, release); count_no_match++; - state->add_bad_package(state, package, package_state); + state->add_bad_package(state, package, + OS_PACKAGE_STATE_SECURITY); } } else @@ -181,154 +167,49 @@ METHOD(imv_os_database_t, check_packages, status_t, free(package); free(release); } - free(product); state->set_count(state, count, count_no_match, count_blacklist, count_ok); return status; } -METHOD(imv_os_database_t, get_device_id, int, - private_imv_os_database_t *this, chunk_t value) -{ - enumerator_t *e; - int id; - - /* get primary key of device ID */ - e = this->db->query(this->db, "SELECT id FROM devices WHERE value = ?", - DB_BLOB, value, DB_INT); - if (!e) - { - return 0; - } - if (e->enumerate(e, &id)) - { - /* device ID already exists in database - return primary key */ - e->destroy(e); - return id; - } - e->destroy(e); - - /* register new device ID in database and return primary key */ - return (this->db->execute(this->db, &id, - "INSERT INTO devices (value) VALUES (?)", DB_BLOB, value) == 1) ? - id : 0; -} - METHOD(imv_os_database_t, set_device_info, void, - private_imv_os_database_t *this, int device_id, u_int32_t ar_id_type, - chunk_t ar_id_value, char *os_info, int count, int count_update, - int count_blacklist, u_int flags) + private_imv_os_database_t *this, int session_id, int count, + int count_update, int count_blacklist, u_int flags) { - enumerator_t *e; - time_t last_time; - int pid = 0, last_pid = 0, iid = 0, last_iid; - int last_count_update = 0, last_count_blacklist = 0; - u_int last_flags; - bool found = FALSE; - - /* get primary key of OS info string if it exists */ - e = this->db->query(this->db, - "SELECT id FROM products WHERE name = ?", DB_TEXT, os_info, - DB_INT); - if (e) - { - e->enumerate(e, &pid); - e->destroy(e); - } - - /* if OS info string has not been found - register it */ - if (!pid) - { - this->db->execute(this->db, &pid, - "INSERT INTO products (name) VALUES (?)", DB_TEXT, os_info); - } - - /* get primary key of AR identity if it exists */ - e = this->db->query(this->db, - "SELECT id FROM identities WHERE type = ? AND data = ?", - DB_INT, ar_id_type, DB_BLOB, ar_id_value, DB_INT); - if (e) - { - e->enumerate(e, &iid); - e->destroy(e); - } - - /* if AR identity has not been found - register it */ - if (!iid) - { - this->db->execute(this->db, &iid, - "INSERT INTO identities (type, data) VALUES (?, ?)", - DB_INT, ar_id_type, DB_BLOB, ar_id_value); - } - - /* get latest device info record if it exists */ - e = this->db->query(this->db, - "SELECT time, ar_id, product, count_update, count_blacklist, flags " - "FROM device_infos WHERE device = ? ORDER BY time DESC", - DB_INT, device_id, DB_INT, DB_INT, DB_INT, DB_INT, DB_INT, DB_UINT); - if (e) - { - found = e->enumerate(e, &last_time, &last_iid, &last_pid, - &last_count_update, &last_count_blacklist, - &last_flags); - e->destroy(e); - } - if (found && !last_count_update && !last_count_blacklist && !last_flags && - iid == last_iid && pid == last_pid) - { - /* update device info */ - this->db->execute(this->db, NULL, - "UPDATE device_infos SET time = ?, count = ?, count_update = ?, " - "count_blacklist = ?, flags = ? WHERE device = ? AND time = ?", - DB_UINT, time(NULL), DB_INT, count, DB_INT, count_update, - DB_INT, count_blacklist, DB_UINT, flags, - DB_INT, device_id, DB_UINT, last_time); - } - else - { - /* insert device info */ - this->db->execute(this->db, NULL, - "INSERT INTO device_infos (device, time, ar_id, product, count, " - "count_update, count_blacklist, flags) " - "VALUES (?, ?, ?, ?, ?, ?, ?, ?)", - DB_INT, device_id, DB_UINT, time(NULL), DB_INT, iid, DB_INT, pid, - DB_INT, count, DB_INT, count_update, DB_INT, count_blacklist, - DB_UINT, flags); - } + this->db->execute(this->db, NULL, + "INSERT INTO device_infos (session, count, count_update, " + "count_blacklist, flags) VALUES (?, ?, ?, ?, ?)", + DB_INT, session_id, DB_INT, count, DB_INT, count_update, + DB_INT, count_blacklist, DB_UINT, flags); } METHOD(imv_os_database_t, destroy, void, private_imv_os_database_t *this) { - this->db->destroy(this->db); free(this); } /** * See header */ -imv_os_database_t *imv_os_database_create(char *uri) +imv_os_database_t *imv_os_database_create(imv_database_t *imv_db) { private_imv_os_database_t *this; + if (!imv_db) + { + return NULL; + } + INIT(this, .public = { .check_packages = _check_packages, - .get_device_id = _get_device_id, .set_device_info = _set_device_info, .destroy = _destroy, }, - .db = lib->db->create(lib->db, uri), + .db = imv_db->get_database(imv_db), ); - if (!this->db) - { - DBG1(DBG_IMV, - "failed to connect to OS database '%s'", uri); - free(this); - return NULL; - } - return &this->public; } diff --git a/src/libimcv/plugins/imv_os/imv_os_database.h b/src/libimcv/plugins/imv_os/imv_os_database.h index 01d7e84a2..7b9ef3c33 100644 --- a/src/libimcv/plugins/imv_os/imv_os_database.h +++ b/src/libimcv/plugins/imv_os/imv_os_database.h @@ -22,6 +22,7 @@ #define IMV_OS_DATABASE_H_ #include "imv_os_state.h" +#include "imv/imv_database.h" #include <library.h> @@ -42,32 +43,20 @@ struct imv_os_database_t { enumerator_t *package_enumerator); /** - * Get the primary database key of the device ID - * - * @param value Device ID value - */ - int (*get_device_id)(imv_os_database_t *this, chunk_t value); - - /** - * Set health infos for a given device - * - * @param device_id Device ID primary key - * @param ar_id_type Access Requestor ID Type - * @param ar_id_value Access Requestor ID Value - * @param os_info OS info string - * @param count Number of installed packages - * @param count_update Number of packages to be updated - * @param count_blacklist Number of blacklisted packages - * @param flags Various flags, e.g. illegal OS settings - */ - void (*set_device_info)(imv_os_database_t *this, int device_id, - u_int32_t ar_id_type, chunk_t ar_id_value, - char *os_info, int count, int count_update, - int count_blacklist, u_int flags); + * Set health infos for a given device + * + * @param sesson_id Session ID + * @param count Number of installed packages + * @param count_update Number of packages to be updated + * @param count_blacklist Number of blacklisted packages + * @param flags Various flags, e.g. illegal OS settings + */ + void (*set_device_info)(imv_os_database_t *this, int session_id, int count, + int count_update, int count_blacklist, u_int flags); /** - * Destroys an imv_os_database_t object. - */ + * Destroys an imv_os_database_t object. + */ void (*destroy)(imv_os_database_t *this); }; @@ -75,8 +64,8 @@ struct imv_os_database_t { /** * Create an imv_os_database_t instance * - * @param uri database uri + * @param imv_db Already attached IMV database */ -imv_os_database_t* imv_os_database_create(char *uri); +imv_os_database_t* imv_os_database_create(imv_database_t *imv_db); #endif /** IMV_OS_DATABASE_H_ @}*/ diff --git a/src/libimcv/plugins/imv_os/imv_os_state.c b/src/libimcv/plugins/imv_os/imv_os_state.c index 073d7133a..f6d904c3c 100644 --- a/src/libimcv/plugins/imv_os/imv_os_state.c +++ b/src/libimcv/plugins/imv_os/imv_os_state.c @@ -14,10 +14,13 @@ */ #include "imv_os_state.h" + #include "imv/imv_lang_string.h" #include "imv/imv_reason_string.h" #include "imv/imv_remediation_string.h" +#include <tncif_policy.h> + #include <utils/debug.h> #include <collections/linked_list.h> @@ -62,6 +65,11 @@ struct private_imv_os_state_t { u_int32_t max_msg_len; /** + * Flags set for completed actions + */ + u_int32_t action_flags; + + /** * Access Requestor ID Type */ u_int32_t ar_id_type; @@ -72,6 +80,11 @@ struct private_imv_os_state_t { chunk_t ar_id_value; /** + * IMV database session associated with TNCCS connection + */ + imv_session_t *session; + + /** * IMV action recommendation */ TNC_IMV_Action_Recommendation rec; @@ -82,6 +95,11 @@ struct private_imv_os_state_t { TNC_IMV_Evaluation_Result eval; /** + * IMV OS handshake state + */ + imv_os_handshake_state_t handshake_state; + + /** * OS Product Information (concatenation of OS Name and Version) */ char *info; @@ -122,9 +140,9 @@ struct private_imv_os_state_t { imv_remediation_string_t *remediation_string; /** - * Primary database key of device ID + * Dgevice ID */ - int device_id; + chunk_t device_id; /** * Number of processed packages @@ -147,16 +165,6 @@ struct private_imv_os_state_t { int count_ok; /** - * Attribute request sent - mandatory response expected - */ - bool attribute_request; - - /** - * OS Installed Package request sent - mandatory response expected - */ - bool package_request; - - /** * OS Settings */ u_int os_settings; @@ -276,16 +284,16 @@ static imv_lang_string_t instr_default_pwd_enabled_descr[] = { }; /** - * Instruction strings for "Install Non-Market Apps" + * Instruction strings for "Unknown Source" */ -static imv_lang_string_t instr_non_market_apps_title[] = { +static imv_lang_string_t instr_unknown_source_title[] = { { "en", "Unknown Software Origin" }, { "de", "Unbekannte Softwareherkunft" }, { "pl", "Nieznane pochodzenie softwaru" }, { NULL, NULL } }; -static imv_lang_string_t instr_non_market_apps_descr[] = { +static imv_lang_string_t instr_unknown_source_descr[] = { { "en", "Do not allow the installation of apps from unknown sources" }, { "de", "Erlauben Sie nicht die Installation von Apps aus unbekannten Quellen" }, { "pl", "Proszę nie dopuszczać do instalacji Apps z nieznanych źródeł" }, @@ -329,6 +337,18 @@ METHOD(imv_state_t, get_max_msg_len, u_int32_t, return this->max_msg_len; } +METHOD(imv_state_t, set_action_flags, void, + private_imv_os_state_t *this, u_int32_t flags) +{ + this->action_flags |= flags; +} + +METHOD(imv_state_t, get_action_flags, u_int32_t, + private_imv_os_state_t *this) +{ + return this->action_flags; +} + METHOD(imv_state_t, set_ar_id, void, private_imv_os_state_t *this, u_int32_t id_type, chunk_t id_value) { @@ -346,15 +366,21 @@ METHOD(imv_state_t, get_ar_id, chunk_t, return this->ar_id_value; } -METHOD(imv_state_t, change_state, void, - private_imv_os_state_t *this, TNC_ConnectionState new_state) +METHOD(imv_state_t, set_session, void, + private_imv_os_state_t *this, imv_session_t *session) { - this->state = new_state; + this->session = session; +} + +METHOD(imv_state_t, get_session, imv_session_t*, + private_imv_os_state_t *this) +{ + return this->session; } METHOD(imv_state_t, get_recommendation, void, private_imv_os_state_t *this, TNC_IMV_Action_Recommendation *rec, - TNC_IMV_Evaluation_Result *eval) + TNC_IMV_Evaluation_Result *eval) { *rec = this->rec; *eval = this->eval; @@ -362,12 +388,26 @@ METHOD(imv_state_t, get_recommendation, void, METHOD(imv_state_t, set_recommendation, void, private_imv_os_state_t *this, TNC_IMV_Action_Recommendation rec, - TNC_IMV_Evaluation_Result eval) + TNC_IMV_Evaluation_Result eval) { this->rec = rec; this->eval = eval; } +METHOD(imv_state_t, update_recommendation, void, + private_imv_os_state_t *this, TNC_IMV_Action_Recommendation rec, + TNC_IMV_Evaluation_Result eval) +{ + this->rec = tncif_policy_update_recommendation(this->rec, rec); + this->eval = tncif_policy_update_evaluation(this->eval, eval); +} + +METHOD(imv_state_t, change_state, void, + private_imv_os_state_t *this, TNC_ConnectionState new_state) +{ + this->state = new_state; +} + METHOD(imv_state_t, get_reason_string, bool, private_imv_os_state_t *this, enumerator_t *language_enumerator, chunk_t *reason_string, char **reason_language) @@ -445,11 +485,11 @@ METHOD(imv_state_t, get_remediation_instructions, bool, instr_default_pwd_enabled_title, instr_default_pwd_enabled_descr, NULL, NULL); } - if (this->os_settings & OS_SETTINGS_NON_MARKET_APPS) + if (this->os_settings & OS_SETTINGS_UNKNOWN_SOURCE) { this->remediation_string->add_instruction(this->remediation_string, - instr_non_market_apps_title, - instr_non_market_apps_descr, NULL, NULL); + instr_unknown_source_title, + instr_unknown_source_descr, NULL, NULL); } *string = this->remediation_string->get_encoding(this->remediation_string); @@ -462,6 +502,7 @@ METHOD(imv_state_t, get_remediation_instructions, bool, METHOD(imv_state_t, destroy, void, private_imv_os_state_t *this) { + DESTROY_IF(this->session); DESTROY_IF(this->reason_string); DESTROY_IF(this->remediation_string); this->update_packages->destroy_function(this->update_packages, free); @@ -470,9 +511,22 @@ METHOD(imv_state_t, destroy, void, free(this->name.ptr); free(this->version.ptr); free(this->ar_id_value.ptr); + free(this->device_id.ptr); free(this); } +METHOD(imv_os_state_t, set_handshake_state, void, + private_imv_os_state_t *this, imv_os_handshake_state_t new_state) +{ + this->handshake_state = new_state; +} + +METHOD(imv_os_state_t, get_handshake_state, imv_os_handshake_state_t, + private_imv_os_state_t *this) +{ + return this->handshake_state; +} + METHOD(imv_os_state_t, set_info, void, private_imv_os_state_t *this, os_type_t type, chunk_t name, chunk_t version) { @@ -539,37 +593,13 @@ METHOD(imv_os_state_t, get_count, void, } } -METHOD(imv_os_state_t, set_attribute_request, void, - private_imv_os_state_t *this, bool set) -{ - this->attribute_request = set; -} - -METHOD(imv_os_state_t, get_attribute_request, bool, - private_imv_os_state_t *this) -{ - return this->attribute_request; -} - -METHOD(imv_os_state_t, set_package_request, void, - private_imv_os_state_t *this, bool set) -{ - this->package_request = set; -} - -METHOD(imv_os_state_t, get_package_request, bool, - private_imv_os_state_t *this) -{ - return this->package_request; -} - METHOD(imv_os_state_t, set_device_id, void, - private_imv_os_state_t *this, int id) + private_imv_os_state_t *this, chunk_t id) { - this->device_id = id; + this->device_id = chunk_clone(id); } -METHOD(imv_os_state_t, get_device_id, int, +METHOD(imv_os_state_t, get_device_id, chunk_t, private_imv_os_state_t *this) { return this->device_id; @@ -631,23 +661,26 @@ imv_state_t *imv_os_state_create(TNC_ConnectionID connection_id) .set_flags = _set_flags, .set_max_msg_len = _set_max_msg_len, .get_max_msg_len = _get_max_msg_len, + .set_action_flags = _set_action_flags, + .get_action_flags = _get_action_flags, .set_ar_id = _set_ar_id, .get_ar_id = _get_ar_id, + .set_session = _set_session, + .get_session = _get_session, .change_state = _change_state, .get_recommendation = _get_recommendation, .set_recommendation = _set_recommendation, + .update_recommendation = _update_recommendation, .get_reason_string = _get_reason_string, .get_remediation_instructions = _get_remediation_instructions, .destroy = _destroy, }, + .set_handshake_state = _set_handshake_state, + .get_handshake_state = _get_handshake_state, .set_info = _set_info, .get_info = _get_info, .set_count = _set_count, .get_count = _get_count, - .set_attribute_request = _set_attribute_request, - .get_attribute_request = _get_attribute_request, - .set_package_request = _set_package_request, - .get_package_request = _get_package_request, .set_device_id = _set_device_id, .get_device_id = _get_device_id, .set_os_settings = _set_os_settings, diff --git a/src/libimcv/plugins/imv_os/imv_os_state.h b/src/libimcv/plugins/imv_os/imv_os_state.h index 1c2adeaf9..97f695319 100644 --- a/src/libimcv/plugins/imv_os/imv_os_state.h +++ b/src/libimcv/plugins/imv_os/imv_os_state.h @@ -29,12 +29,27 @@ #include <library.h> typedef struct imv_os_state_t imv_os_state_t; +typedef enum imv_os_handshake_state_t imv_os_handshake_state_t; typedef enum os_settings_t os_settings_t; +/** + * IMV OS Handshake States (state machine) + */ +enum imv_os_handshake_state_t { + IMV_OS_STATE_INIT, + IMV_OS_STATE_ATTR_REQ, + IMV_OS_STATE_POLICY_START, + IMV_OS_STATE_WORKITEMS, + IMV_OS_STATE_END +}; + +/** + * Flags for detected OS Settings + */ enum os_settings_t { - OS_SETTINGS_FWD_ENABLED = 1, - OS_SETTINGS_DEFAULT_PWD_ENABLED = 2, - OS_SETTINGS_NON_MARKET_APPS = 4 + OS_SETTINGS_FWD_ENABLED = (1<<0), + OS_SETTINGS_DEFAULT_PWD_ENABLED = (1<<1), + OS_SETTINGS_UNKNOWN_SOURCE = (1<<2) }; /** @@ -48,6 +63,21 @@ struct imv_os_state_t { imv_state_t interface; /** + * Set state of the handshake + * + * @param new_state the handshake state of IMV + */ + void (*set_handshake_state)(imv_os_state_t *this, + imv_os_handshake_state_t new_state); + + /** + * Get state of the handshake + * + * @return the handshake state of IMV + */ + imv_os_handshake_state_t (*get_handshake_state)(imv_os_state_t *this); + + /** * Set OS Product Information * * @param type OS type (enumerated) @@ -91,46 +121,18 @@ struct imv_os_state_t { int *count_blacklist, int *count_ok); /** - * Set/reset attribute request status - * - * @param set TRUE to set, FALSE to clear - */ - void (*set_attribute_request)(imv_os_state_t *this, bool set); - - /** - * Get attribute request status - * - * @return TRUE if set, FALSE if unset - */ - bool (*get_attribute_request)(imv_os_state_t *this); - - /** - * Set/reset OS Installed Packages request status - * - * @param set TRUE to set, FALSE to clear - */ - void (*set_package_request)(imv_os_state_t *this, bool set); - - /** - * Get OS Installed Packages request status - * - * @return TRUE if set, FALSE if unset - */ - bool (*get_package_request)(imv_os_state_t *this); - - /** * Set device ID * - * @param device_id Device ID primary database key + * @param device_id Device ID */ - void (*set_device_id)(imv_os_state_t *this, int id); + void (*set_device_id)(imv_os_state_t *this, chunk_t id); /** * Get device ID * - * @return Device ID primary database key + * @return Device ID */ - int (*get_device_id)(imv_os_state_t *this); + chunk_t (*get_device_id)(imv_os_state_t *this); /** * Set OS settings diff --git a/src/libimcv/plugins/imv_os/pacman.c b/src/libimcv/plugins/imv_os/pacman.c index 25e63760b..57cc62a08 100644 --- a/src/libimcv/plugins/imv_os/pacman.c +++ b/src/libimcv/plugins/imv_os/pacman.c @@ -21,12 +21,33 @@ #include <errno.h> #include <syslog.h> #include <time.h> +#include <sys/stat.h> #include "imv_os_state.h" #include <library.h> #include <utils/debug.h> +typedef enum pacman_state_t pacman_state_t; + +enum pacman_state_t { + PACMAN_STATE_BEGIN_PACKAGE, + PACMAN_STATE_VERSION, + PACMAN_STATE_END_PACKAGE +}; + +typedef struct stats_t stats_t; + +struct stats_t { + time_t release; + int product; + int packages; + int new_packages; + int new_versions; + int updated_versions; + int deleted_versions; +}; + /** * global debug output variables */ @@ -88,54 +109,186 @@ static void usage(void) } /** - * Extract the time the package file was generated + * Update the package database */ -static time_t extract_time(char *line) +static bool update_database(database_t *db, char *package, char *version, + bool security, stats_t *stats) { - struct tm t; - char wday[4], mon[4]; - char* months[] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun", - "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" }; - int i; - - if (sscanf(line, "Generated: %3s %3s %2d %2d:%2d:%2d %4d UTC", wday, mon, - &t.tm_mday, &t.tm_hour, &t.tm_min, &t.tm_sec, &t.tm_year) != 7) + char *cur_version, *version_update = NULL, *version_delete = NULL; + int cur_security, security_update = 0, security_delete = 0; + int pac_id = 0, vid = 0, vid_update = 0, vid_delete = 0; + u_int cur_time; + bool add_version = TRUE; + enumerator_t *e; + + /* increment package count */ + stats->packages++; + + /* check if package is already in database */ + e = db->query(db, "SELECT id FROM packages WHERE name = ?", + DB_TEXT, package, DB_INT); + if (!e) { - return UNDEFINED_TIME; + return FALSE; } - t.tm_isdst = 0; - t.tm_year -= 1900; - t.tm_mon = 12; + if (!e->enumerate(e, &pac_id)) + { + pac_id = 0; + } + e->destroy(e); - for (i = 0; i < countof(months); i++) + if (!pac_id && security) { - if (streq(mon, months[i])) + if (db->execute(db, &pac_id, "INSERT INTO packages (name) VALUES (?)", + DB_TEXT, package) != 1) { - t.tm_mon = i; + fprintf(stderr, "could not store package '%s' to database\n", + package); + return FALSE; + } + stats->new_packages++; + } + + /* check for package versions already in database */ + e = db->query(db, + "SELECT id, release, security, time FROM versions " + "WHERE package = ? AND product = ?", DB_INT, pac_id, + DB_INT, stats->product, DB_INT, DB_TEXT, DB_INT, DB_UINT); + if (!e) + { + return FALSE; + } + + while (e->enumerate(e, &vid, &cur_version, &cur_security, &cur_time)) + { + if (streq(version, cur_version)) + { + /* already in data base */ + add_version = FALSE; break; } + else if (stats->release >= cur_time) + { + if (security) + { + if (cur_security) + { + vid_update = vid; + version_update = strdup(cur_version); + security_update = cur_security; + } + else + { + vid_delete = vid; + version_delete = strdup(cur_version); + security_delete = cur_security; + } + } + else + { + if (!cur_security) + { + vid_update = vid; + version_update = strdup(cur_version); + security_update = cur_security; + } + } + } + else + { + if (security == cur_security) + { + add_version = FALSE; + } + } + } + e->destroy(e); + + if ((!vid && !security) || (vid && !add_version)) + { + free(version_update); + free(version_delete); + return TRUE; + } + + if ((!vid && security) || (vid && !vid_update)) + { + printf("%s (%s) %s\n", package, version, security ? "[s]" : ""); + + if (db->execute(db, &vid, + "INSERT INTO versions " + "(package, product, release, security, time) " + "VALUES (?, ?, ?, ?, ?)", DB_INT, pac_id, DB_INT, stats->product, + DB_TEXT, version, DB_INT, security, DB_INT, stats->release) != 1) + { + fprintf(stderr, "could not store version '%s' to database\n", + version); + free(version_update); + free(version_delete); + return FALSE; + } + stats->new_versions++; + } + else + { + printf("%s (%s) %s updated by\n", + package, version_update, security_update ? "[s]" : ""); + printf("%s (%s) %s\n", package, version, security ? "[s]" : ""); + + if (db->execute(db, NULL, + "UPDATE versions SET release = ?, time = ? WHERE id = ?", + DB_TEXT, version, DB_INT, stats->release, DB_INT, vid_update) <= 0) + { + fprintf(stderr, "could not update version '%s' to database\n", + version); + free(version_update); + free(version_delete); + return FALSE; + } + stats->updated_versions++; } - if (t.tm_mon == 12) + + if (vid_delete) { - return UNDEFINED_TIME; + printf("%s (%s) %s deleted\n", + package, version_delete, security_delete ? "[s]" : ""); + if (db->execute(db, NULL, + "DELETE FROM versions WHERE id = ?", + DB_INT, vid_delete) <= 0) + { + fprintf(stderr, "could not delete version '%s' from database\n", + version_delete); + free(version_update); + free(version_delete); + return FALSE; + } + stats->deleted_versions++; } + free(version_update); + free(version_delete); - return mktime(&t) - timezone; + return TRUE; } /** * Process a package file and store updates in the database */ -static void process_packages(char *filename, char *product, bool update) +static void process_packages(char *filename, char *product, bool security) { - char *uri, line[12288], *pos; - int count = 0, errored = 0, vulnerable = 0, new_packages = 0; - int new_versions = 0, updated_versions = 0, deleted_versions = 0; - time_t gen_time; - u_int32_t pid = 0; + char *uri, line[BUF_LEN], *pos, *package = NULL, *version = NULL; + pacman_state_t pacman_state; enumerator_t *e; database_t *db; + int pid; FILE *file; + stats_t stats; + bool success; + + /* initialize statistics */ + memset(&stats, 0x00, sizeof(stats_t)); + + /* Set release date to current time */ + stats.release = time(NULL); /* opening package file */ printf("loading\"%s\"\n", filename); @@ -167,13 +320,13 @@ static void process_packages(char *filename, char *product, bool update) DB_TEXT, product, DB_INT); if (e) { - if (!e->enumerate(e, &pid)) + if (e->enumerate(e, &pid)) { - pid = 0; + stats.product = pid; } e->destroy(e); } - if (!pid) + if (!stats.product) { if (db->execute(db, &pid, "INSERT INTO products (name) VALUES (?)", DB_TEXT, product) != 1) @@ -184,248 +337,78 @@ static void process_packages(char *filename, char *product, bool update) db->destroy(db); exit(EXIT_FAILURE); } + stats.product = pid; } + pacman_state = PACMAN_STATE_BEGIN_PACKAGE; + while (fgets(line, sizeof(line), file)) { - char *package, *version; - char *cur_version, *version_update = NULL, *version_delete = NULL; - bool security, add_version = TRUE; - int cur_security, security_update = 0, security_delete = 0; - u_int32_t gid = 0, vid = 0, vid_update = 0, vid_delete = 0; - time_t cur_time; - - count++; - if (count == 1) - { - printf("%s", line); - } - if (count == 3) - { - gen_time = extract_time(line); - - if (gen_time == UNDEFINED_TIME) - { - fprintf(stderr, "could not extract generation time\n"); - fclose(file); - db->destroy(db); - exit(EXIT_FAILURE); - } - printf("Generated: %T\n", &gen_time, TRUE); - } - if (count < 7) - { - continue; - } + /* set read pointer to beginning of line */ + pos = line; - /* look for the package name */ - pos = strchr(line, ' '); - if (!pos) + switch (pacman_state) { - fprintf(stderr, "could not extract package name from '%.*s'\n", - (int)(strlen(line)-1), line); - errored++; - continue; - } - *pos++ = '\0'; - package = line; - - /* look for version string in parentheses */ - if (*pos == '(') - { - version = ++pos; - pos = strchr(pos, ')'); - if (pos) - { - *pos++ = '\0'; - } - else - { - fprintf(stderr, "could not extract package version from " - "'%.*s'\n", (int)(strlen(line)-1), line); - errored++; - continue; - } - } - else - { - /* no version information, skip entry */ - continue; - } - security = (strstr(pos, "[security]") != NULL); - if (security) - { - vulnerable++; - } - - /* handle non-security packages in update mode only */ - if (!update && !security) - { - continue; - } - - /* check if package is already in database */ - e = db->query(db, "SELECT id FROM packages WHERE name = ?", - DB_TEXT, package, DB_INT); - if (e) - { - if (!e->enumerate(e, &gid)) - { - gid = 0; - } - e->destroy(e); - } - if (!gid && security) - { - if (db->execute(db, &gid, "INSERT INTO packages (name) VALUES (?)", - DB_TEXT, package) != 1) - { - fprintf(stderr, "could not store package '%s' to database\n", - package); - fclose(file); - db->destroy(db); - exit(EXIT_FAILURE); - } - new_packages++; - } - - /* check for package versions already in database */ - e = db->query(db, - "SELECT id, release, security, time FROM versions " - "WHERE package = ? AND product = ?", - DB_INT, gid, DB_INT, pid, DB_INT, DB_TEXT, DB_INT, DB_INT); - if (!e) - { - break; - } - while (e->enumerate(e, &vid, &cur_version, &cur_security, &cur_time)) - { - if (streq(version, cur_version)) - { - /* already in data base */ - add_version = FALSE; + case PACMAN_STATE_BEGIN_PACKAGE: + pos = strstr(pos, "Package: "); + if (!pos) + { + continue; + } + pos += 9; + package = pos; + pos = strchr(pos, '\n'); + if (pos) + { + package = strndup(package, pos - package); + pacman_state = PACMAN_STATE_VERSION; + } break; - } - else if (gen_time > cur_time) - { - if (security) + case PACMAN_STATE_VERSION: + pos = strstr(pos, "Version: "); + if (!pos) { - if (cur_security) - { - vid_update = vid; - version_update = strdup(cur_version); - security_update = cur_security; - } - else - { - vid_delete = vid; - version_delete = strdup(cur_version); - security_delete = cur_security; - } + continue; } - else + pos += 9; + version = pos; + pos = strchr(pos, '\n'); + if (pos) { - if (!cur_security) - { - vid_update = vid; - version_update = strdup(cur_version); - security_update = cur_security; - } + version = strndup(version, pos - version); + pacman_state = PACMAN_STATE_END_PACKAGE; } - } - else - { - if (security == cur_security) + break; + case PACMAN_STATE_END_PACKAGE: + if (*pos != '\n') { - add_version = FALSE; + continue; } - } - } - e->destroy(e); - - if ((!vid && !security) || (vid && !add_version)) - { - free(version_update); - free(version_delete); - continue; - } - - if ((!vid && security) || (vid && !vid_update)) - { - printf("%s (%s) %s\n", package, version, security ? "[s]" : ""); - - if (db->execute(db, &vid, - "INSERT INTO versions " - "(package, product, release, security, time) " - "VALUES (?, ?, ?, ?, ?)", DB_INT, gid, DB_INT, pid, - DB_TEXT, version, DB_INT, security, DB_INT, gen_time) != 1) - { - fprintf(stderr, "could not store version '%s' to database\n", - version); - free(version_update); - free(version_delete); - fclose(file); - db->destroy(db); - exit(EXIT_FAILURE); - } - new_versions++; - } - else - { - printf("%s (%s) %s updated by\n", - package, version_update, security_update ? "[s]" : ""); - printf("%s (%s) %s\n", package, version, security ? "[s]" : ""); - - if (db->execute(db, NULL, - "UPDATE versions SET release = ?, time = ? WHERE id = ?", - DB_TEXT, version, DB_INT, gen_time, DB_INT, vid_update) <= 0) - { - fprintf(stderr, "could not update version '%s' to database\n", - version); - free(version_update); - free(version_delete); - fclose(file); - db->destroy(db); - exit(EXIT_FAILURE); - } - updated_versions++; - } - - if (vid_delete) - { - printf("%s (%s) %s deleted\n", - package, version_delete, security_delete ? "[s]" : ""); - - if (db->execute(db, NULL, - "DELETE FROM versions WHERE id = ?", - DB_INT, vid_delete) <= 0) - { - fprintf(stderr, "could not delete version '%s' from database\n", - version_delete); - free(version_update); - free(version_delete); - fclose(file); - db->destroy(db); - exit(EXIT_FAILURE); - } - deleted_versions++; + success = update_database(db, package, version, security, &stats); + free(package); + free(version); + if (!success) + { + fclose(file); + db->destroy(db); + exit(EXIT_FAILURE); + } + pacman_state = PACMAN_STATE_BEGIN_PACKAGE; } - free(version_update); - free(version_delete); } fclose(file); db->destroy(db); - printf("processed %d packages, %d security, %d new packages, " - "%d new versions, %d updated versions, %d deleted versions, " - "%d errored\n", count - 6, vulnerable, new_packages, new_versions, - updated_versions, deleted_versions, errored); + printf("processed %d packages, %d new packages, %d new versions, " + "%d updated versions, %d deleted versions\n", + stats.packages, stats.new_packages, stats.new_versions, + stats.updated_versions, stats.deleted_versions); } static void do_args(int argc, char *argv[]) { char *filename = NULL, *product = NULL; - bool update = FALSE; + bool security = FALSE; /* reinit getopt state */ optind = 0; @@ -438,7 +421,7 @@ static void do_args(int argc, char *argv[]) { "help", no_argument, NULL, 'h' }, { "file", required_argument, NULL, 'f' }, { "product", required_argument, NULL, 'p' }, - { "update", no_argument, NULL, 'u' }, + { "security", no_argument, NULL, 's' }, { 0,0,0,0 } }; @@ -456,8 +439,8 @@ static void do_args(int argc, char *argv[]) case 'p': product = optarg; continue; - case 'u': - update = TRUE; + case 's': + security = TRUE; continue; } break; @@ -465,7 +448,7 @@ static void do_args(int argc, char *argv[]) if (filename && product) { - process_packages(filename, product, update); + process_packages(filename, product, security); } else { @@ -487,7 +470,7 @@ int main(int argc, char *argv[]) { exit(SS_RC_LIBSTRONGSWAN_INTEGRITY); } - if (!lib->plugins->load(lib->plugins, NULL, + if (!lib->plugins->load(lib->plugins, lib->settings->get_str(lib->settings, "attest.load", "sqlite"))) { exit(SS_RC_INITIALIZATION_FAILED); diff --git a/src/libimcv/plugins/imv_os/pacman.sh b/src/libimcv/plugins/imv_os/pacman.sh index e9134ea5d..e99de0cb5 100755 --- a/src/libimcv/plugins/imv_os/pacman.sh +++ b/src/libimcv/plugins/imv_os/pacman.sh @@ -1,40 +1,160 @@ #!/bin/sh -DATE=`date +%Y%m%d` -DEBIAN=http://packages.debian.org -UBUNTU=http://packages.ubuntu.com -UBUNTU_VERSIONS="quantal precise oneiric lucid" -PACKAGES=allpackages?format=txt.gz +DIR="/etc/pts" +DATE=`date +%Y%m%d-%H%M` +UBUNTU="http://security.ubuntu.com/ubuntu/dists" +UBUNTU_VERSIONS="raring quantal precise lucid" +UBUNTU_DIRS="main multiverse restricted universe" +UBUNTU_ARCH="binary-amd64 binary-i386" +DEBIAN="http://security.debian.org/dists" +DEBIAN_VERSIONS="jessie wheezy squeeze" +DEBIAN_DIRS="main contrib non-free" +DEBIAN_ARCH="binary-amd64 binary-i386" PACMAN=/usr/libexec/ipsec/pacman -DIR=/etc/pts +PACMAN_LOG="$DIR/$DATE-pacman.log" -cd $DIR +cd $DIR/dists for v in $UBUNTU_VERSIONS do - wget $UBUNTU/$v/$PACKAGES -O $DATE-$v.txt.gz - wget $UBUNTU/$v-updates/$PACKAGES -O $DATE-$v-updates.txt.gz + for a in $UBUNTU_ARCH + do + mkdir -p $v-security/$a $v-updates/$a + for d in $UBUNTU_DIRS + do + wget $UBUNTU/$v-security/$d/$a/Packages.bz2 -O $v-security/$a/Packages-$d.bz2 + bunzip2 -f $v-security/$a/Packages-$d.bz2 + wget $UBUNTU/$v-updates/$d/$a/Packages.bz2 -O $v-updates/$a/Packages-$d.bz2 + bunzip2 -f $v-updates/$a/Packages-$d.bz2 + done + done done -wget $DEBIAN/stable/$PACKAGES -O $DATE-squeeze.txt.gz -gunzip *.gz +for v in $DEBIAN_VERSIONS +do + for a in $DEBIAN_ARCH + do + mkdir -p $v-updates/$a + for d in $DEBIAN_DIRS + do + wget $DEBIAN/$v/updates/$d/$a/Packages.bz2 -O $v-updates/$a/Packages-$d.bz2 + bunzip2 -f $v-updates/$a/Packages-$d.bz2 + done + done +done + +for f in raring-security/binary-amd64/* +do + $PACMAN --product "Ubuntu 13.04 x86_64" --file $f --security >> $PACMAN_LOG +done +echo +for f in raring-updates/binary-amd64/* +do + $PACMAN --product "Ubuntu 13.04 x86_64" --file $f >> $PACMAN_LOG +done +echo +for f in raring-security/binary-i386/* +do + $PACMAN --product "Ubuntu 13.04 i686" --file $f --security >> $PACMAN_LOG +done +echo +for f in raring-updates/binary-i386/* +do + $PACMAN --product "Ubuntu 13.04 i686" --file $f >> $PACMAN_LOG +done +echo -$PACMAN --product "Ubuntu 12.10" --file $DATE-quantal.txt +for f in quantal-security/binary-amd64/* +do + $PACMAN --product "Ubuntu 12.10 x86_64" --file $f --security >> $PACMAN_LOG +done echo -$PACMAN --product "Ubuntu 12.10" --file $DATE-quantal-updates.txt --update +for f in quantal-updates/binary-amd64/* +do + $PACMAN --product "Ubuntu 12.10 x86_64" --file $f >> $PACMAN_LOG +done echo -$PACMAN --product "Ubuntu 12.04" --file $DATE-precise.txt +for f in quantal-security/binary-i386/* +do + $PACMAN --product "Ubuntu 12.10 i686" --file $f --security >> $PACMAN_LOG +done echo -$PACMAN --product "Ubuntu 12.04" --file $DATE-precise-updates.txt --update +for f in quantal-updates/binary-i386/* +do + $PACMAN --product "Ubuntu 12.10 i686" --file $f >> $PACMAN_LOG +done echo -$PACMAN --product "Ubuntu 11.10" --file $DATE-oneiric.txt + +for f in precise-security/binary-amd64/* +do + $PACMAN --product "Ubuntu 12.04 x86_64" --file $f --security >> $PACMAN_LOG +done echo -$PACMAN --product "Ubuntu 11.10" --file $DATE-oneiric-updates.txt --update +for f in precise-updates/binary-amd64/* +do + $PACMAN --product "Ubuntu 12.04 x86_64" --file $f >> $PACMAN_LOG +done echo -$PACMAN --product "Ubuntu 10.04" --file $DATE-lucid.txt +for f in precise-security/binary-i386/* +do + $PACMAN --product "Ubuntu 12.04 i686" --file $f --security >> $PACMAN_LOG +done echo -$PACMAN --product "Ubuntu 10.04" --file $DATE-lucid-updates.txt --update +for f in precise-updates/binary-i386/* +do + $PACMAN --product "Ubuntu 12.04 i686" --file $f >> $PACMAN_LOG +done echo -$PACMAN --product "Debian squeeze" --file $DATE-squeeze.txt -cp config.db config.db-$DATE +for f in lucid-security/binary-amd64/* +do + $PACMAN --product "Ubuntu 10.04 x86_64" --file $f --security >> $PACMAN_LOG +done +echo +for f in lucid-updates/binary-amd64/* +do + $PACMAN --product "Ubuntu 10.04 x86_64" --file $f >> $PACMAN_LOG +done +echo +for f in lucid-security/binary-i386/* +do + $PACMAN --product "Ubuntu 10.04 i686" --file $f --security >> $PACMAN_LOG +done +echo +for f in lucid-updates/binary-i386/* +do + $PACMAN --product "Ubuntu 10.04 i686" --file $f >> $PACMAN_LOG +done +echo + +for f in jessie-updates/binary-amd64/* +do + $PACMAN --product "Debian 8.0 x86_64" --file $f --security >> $PACMAN_LOG +done +echo +for f in jessie-updates/binary-i386/* +do + $PACMAN --product "Debian 8.0 i686" --file $f --security >> $PACMAN_LOG +done + +for f in wheezy-updates/binary-amd64/* +do + $PACMAN --product "Debian 7.0 x86_64" --file $f --security >> $PACMAN_LOG +done +echo +for f in wheezy-updates/binary-i386/* +do + $PACMAN --product "Debian 7.0 i686" --file $f --security >> $PACMAN_LOG +done + +for f in squeeze-updates/binary-amd64/* +do + $PACMAN --product "Debian 6.0 x86_64" --file $f --security >> $PACMAN_LOG +done +echo +for f in squeeze-updates/binary-i386/* +do + $PACMAN --product "Debian 6.0 i686" --file $f --security >> $PACMAN_LOG +done + +cp $DIR/config.db $DIR/config.db-$DATE diff --git a/src/libimcv/plugins/imv_scanner/Makefile.am b/src/libimcv/plugins/imv_scanner/Makefile.am index df2158e72..625e62316 100644 --- a/src/libimcv/plugins/imv_scanner/Makefile.am +++ b/src/libimcv/plugins/imv_scanner/Makefile.am @@ -1,15 +1,18 @@ - -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libtncif \ +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libtncif \ -I$(top_srcdir)/src/libimcv -AM_CFLAGS = -rdynamic +AM_CFLAGS = \ + -rdynamic imcv_LTLIBRARIES = imv-scanner.la imv_scanner_la_LIBADD = $(top_builddir)/src/libimcv/libimcv.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la -imv_scanner_la_SOURCES = imv_scanner.c imv_scanner_state.h imv_scanner_state.c +imv_scanner_la_SOURCES = \ + imv_scanner.c imv_scanner_state.h imv_scanner_state.c \ + imv_scanner_agent.h imv_scanner_agent.c imv_scanner_la_LDFLAGS = -module -avoid-version - diff --git a/src/libimcv/plugins/imv_scanner/Makefile.in b/src/libimcv/plugins/imv_scanner/Makefile.in index cfd4463a2..e336b86bb 100644 --- a/src/libimcv/plugins/imv_scanner/Makefile.in +++ b/src/libimcv/plugins/imv_scanner/Makefile.in @@ -62,7 +62,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/macros/with.m4 \ $(top_srcdir)/m4/macros/enable-disable.m4 \ $(top_srcdir)/m4/macros/add-plugin.m4 \ - $(top_srcdir)/configure.in + $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d @@ -100,24 +100,42 @@ am__installdirs = "$(DESTDIR)$(imcvdir)" LTLIBRARIES = $(imcv_LTLIBRARIES) imv_scanner_la_DEPENDENCIES = $(top_builddir)/src/libimcv/libimcv.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la -am_imv_scanner_la_OBJECTS = imv_scanner.lo imv_scanner_state.lo +am_imv_scanner_la_OBJECTS = imv_scanner.lo imv_scanner_state.lo \ + imv_scanner_agent.lo imv_scanner_la_OBJECTS = $(am_imv_scanner_la_OBJECTS) -imv_scanner_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(imv_scanner_la_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +imv_scanner_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(AM_CFLAGS) $(CFLAGS) $(imv_scanner_la_LDFLAGS) $(LDFLAGS) -o \ + $@ DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ - --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ - $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ CCLD = $(CC) -LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ - --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ - $(LDFLAGS) -o $@ +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; SOURCES = $(imv_scanner_la_SOURCES) DIST_SOURCES = $(imv_scanner_la_SOURCES) am__can_run_installinfo = \ @@ -131,6 +149,7 @@ DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ @@ -143,6 +162,8 @@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CHECK_CFLAGS = @CHECK_CFLAGS@ CHECK_LIBS = @CHECK_LIBS@ +COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ +COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -158,6 +179,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ GREP = @GREP@ @@ -166,6 +188,7 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LCOV = @LCOV@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ @@ -212,6 +235,7 @@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ SOCKLIB = @SOCKLIB@ STRIP = @STRIP@ +UNWINDLIB = @UNWINDLIB@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ @@ -240,6 +264,7 @@ charon_natt_port = @charon_natt_port@ charon_plugins = @charon_plugins@ charon_udp_port = @charon_udp_port@ clearsilver_LIBS = @clearsilver_LIBS@ +cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ @@ -317,15 +342,22 @@ top_srcdir = @top_srcdir@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libtncif \ +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libtncif \ -I$(top_srcdir)/src/libimcv -AM_CFLAGS = -rdynamic +AM_CFLAGS = \ + -rdynamic + imcv_LTLIBRARIES = imv-scanner.la imv_scanner_la_LIBADD = $(top_builddir)/src/libimcv/libimcv.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la -imv_scanner_la_SOURCES = imv_scanner.c imv_scanner_state.h imv_scanner_state.c +imv_scanner_la_SOURCES = \ + imv_scanner.c imv_scanner_state.h imv_scanner_state.c \ + imv_scanner_agent.h imv_scanner_agent.c + imv_scanner_la_LDFLAGS = -module -avoid-version all: all-am @@ -394,7 +426,7 @@ clean-imcvLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done imv-scanner.la: $(imv_scanner_la_OBJECTS) $(imv_scanner_la_DEPENDENCIES) $(EXTRA_imv_scanner_la_DEPENDENCIES) - $(imv_scanner_la_LINK) -rpath $(imcvdir) $(imv_scanner_la_OBJECTS) $(imv_scanner_la_LIBADD) $(LIBS) + $(AM_V_CCLD)$(imv_scanner_la_LINK) -rpath $(imcvdir) $(imv_scanner_la_OBJECTS) $(imv_scanner_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -403,28 +435,29 @@ distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imv_scanner.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imv_scanner_agent.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imv_scanner_state.Plo@am__quote@ .c.o: -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(COMPILE) -c $< +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< .c.obj: -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: -@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo diff --git a/src/libimcv/plugins/imv_scanner/imv_scanner.c b/src/libimcv/plugins/imv_scanner/imv_scanner.c index 16ce0863f..6f5e82355 100644 --- a/src/libimcv/plugins/imv_scanner/imv_scanner.c +++ b/src/libimcv/plugins/imv_scanner/imv_scanner.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2012 Andreas Steffen + * Copyright (C) 2013 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -13,432 +13,12 @@ * for more details. */ -#include "imv_scanner_state.h" - -#include <imv/imv_agent.h> -#include <imv/imv_msg.h> -#include <ietf/ietf_attr.h> -#include <ietf/ietf_attr_attr_request.h> -#include <ietf/ietf_attr_pa_tnc_error.h> -#include <ietf/ietf_attr_port_filter.h> - -#include <tncif_names.h> -#include <tncif_pa_subtypes.h> - -#include <pen/pen.h> -#include <collections/linked_list.h> -#include <utils/lexparser.h> -#include <utils/debug.h> - -/* IMV definitions */ +#include "imv_scanner_agent.h" static const char imv_name[] = "Scanner"; +static const imv_agent_create_t imv_agent_create = imv_scanner_agent_create; -static pen_type_t msg_types[] = { - { PEN_IETF, PA_SUBTYPE_IETF_VPN } -}; - -static imv_agent_t *imv_scanner; - -typedef struct port_range_t port_range_t; - -struct port_range_t { - u_int16_t start, stop; -}; - - -/** - * Default port policy - * - * TRUE: all server ports on the TNC client must be closed - * FALSE: any server port on the TNC client is allowed to be open - */ -static bool closed_port_policy = TRUE; - -/** - * List of TCP and UDP port ranges - * - * TRUE: server ports on the TNC client that are allowed to be open - * FALSE: server ports on the TNC client that must be closed - */ -static linked_list_t *tcp_ports, *udp_ports; - -/** - * Get a TCP or UDP port list from strongswan.conf - */ -static linked_list_t* get_port_list(char *label) -{ - char key[40], *value; - linked_list_t *list; - chunk_t port_list, port_item, port_start; - port_range_t *port_range; - - list = linked_list_create(); - - snprintf(key, sizeof(key), "libimcv.plugins.imv-scanner.%s_ports", label); - value = lib->settings->get_str(lib->settings, key, NULL); - if (!value) - { - DBG1(DBG_IMV, "%s not defined", key); - return list; - } - port_list = chunk_create(value, strlen(value)); - DBG2(DBG_IMV, "list of %s ports that %s:", label, - closed_port_policy ? "are allowed to be open" : "must be closed"); - - while (eat_whitespace(&port_list)) - { - if (!extract_token(&port_item, ' ', &port_list)) - { - /* reached last port item */ - port_item = port_list; - port_list = chunk_empty; - } - port_range = malloc_thing(port_range_t); - port_range->start = atoi(port_item.ptr); - - if (extract_token(&port_start, '-', &port_item) && port_item.len) - { - port_range->stop = atoi(port_item.ptr); - } - else - { - port_range->stop = port_range->start; - } - DBG2(DBG_IMV, "%5u - %5u", port_range->start, port_range->stop); - list->insert_last(list, port_range); - } - - return list; -} - - -/* - * see section 3.8.1 of TCG TNC IF-IMV Specification 1.3 - */ -TNC_Result TNC_IMV_Initialize(TNC_IMVID imv_id, - TNC_Version min_version, - TNC_Version max_version, - TNC_Version *actual_version) -{ - if (imv_scanner) - { - DBG1(DBG_IMV, "IMV \"%s\" has already been initialized", imv_name); - return TNC_RESULT_ALREADY_INITIALIZED; - } - imv_scanner = imv_agent_create(imv_name, msg_types, countof(msg_types), - imv_id, actual_version); - if (!imv_scanner) - { - return TNC_RESULT_FATAL; - } - if (min_version > TNC_IFIMV_VERSION_1 || max_version < TNC_IFIMV_VERSION_1) - { - DBG1(DBG_IMV, "no common IF-IMV version"); - return TNC_RESULT_NO_COMMON_VERSION; - } - - /* set the default port policy to closed (TRUE) or open (FALSE) */ - closed_port_policy = lib->settings->get_bool(lib->settings, - "libimcv.plugins.imv-scanner.closed_port_policy", TRUE); - DBG2(DBG_IMV, "default port policy is %s ports", - closed_port_policy ? "closed" : "open"); - - /* get the list of open|closed ports */ - tcp_ports = get_port_list("tcp"); - udp_ports = get_port_list("udp"); - - return TNC_RESULT_SUCCESS; -} - -/** - * see section 3.8.2 of TCG TNC IF-IMV Specification 1.3 - */ -TNC_Result TNC_IMV_NotifyConnectionChange(TNC_IMVID imv_id, - TNC_ConnectionID connection_id, - TNC_ConnectionState new_state) -{ - imv_state_t *state; - - if (!imv_scanner) - { - DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name); - return TNC_RESULT_NOT_INITIALIZED; - } - switch (new_state) - { - case TNC_CONNECTION_STATE_CREATE: - state = imv_scanner_state_create(connection_id); - return imv_scanner->create_state(imv_scanner, state); - case TNC_CONNECTION_STATE_DELETE: - return imv_scanner->delete_state(imv_scanner, connection_id); - default: - return imv_scanner->change_state(imv_scanner, connection_id, - new_state, NULL); - } -} - -static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg) -{ - imv_msg_t *out_msg; - enumerator_t *enumerator; - pa_tnc_attr_t *attr; - pen_type_t type; - TNC_Result result; - bool fatal_error = FALSE; +/* include generic TGC TNC IF-IMV API code below */ - /* parse received PA-TNC message and handle local and remote errors */ - result = in_msg->receive(in_msg, &fatal_error); - if (result != TNC_RESULT_SUCCESS) - { - return result; - } +#include <imv/imv_if.h> - /* analyze PA-TNC attributes */ - enumerator = in_msg->create_attribute_enumerator(in_msg); - while (enumerator->enumerate(enumerator, &attr)) - { - type = attr->get_type(attr); - - if (type.vendor_id == PEN_IETF && type.type == IETF_ATTR_PORT_FILTER) - { - imv_scanner_state_t *imv_scanner_state; - ietf_attr_port_filter_t *attr_port_filter; - enumerator_t *enumerator; - u_int8_t protocol; - u_int16_t port; - bool blocked, compliant = TRUE; - - - imv_scanner_state = (imv_scanner_state_t*)state; - attr_port_filter = (ietf_attr_port_filter_t*)attr; - enumerator = attr_port_filter->create_port_enumerator(attr_port_filter); - while (enumerator->enumerate(enumerator, &blocked, &protocol, &port)) - { - enumerator_t *e; - port_range_t *port_range; - bool passed, found = FALSE; - char buf[20]; - - if (blocked) - { - /* ignore closed ports */ - continue; - } - - e = (protocol == IPPROTO_TCP) ? - tcp_ports->create_enumerator(tcp_ports) : - udp_ports->create_enumerator(udp_ports); - while (e->enumerate(e, &port_range)) - { - if (port >= port_range->start && port <= port_range->stop) - { - found = TRUE; - break; - } - } - e->destroy(e); - - passed = (closed_port_policy == found); - DBG2(DBG_IMV, "%s port %5u %s: %s", - (protocol == IPPROTO_TCP) ? "tcp" : "udp", port, - blocked ? "closed" : "open", passed ? "ok" : "fatal"); - if (!passed) - { - compliant = FALSE; - snprintf(buf, sizeof(buf), "%s/%u", - (protocol == IPPROTO_TCP) ? "tcp" : "udp", port); - imv_scanner_state->add_violating_port(imv_scanner_state, - strdup(buf)); - } - } - enumerator->destroy(enumerator); - - if (compliant) - { - state->set_recommendation(state, - TNC_IMV_ACTION_RECOMMENDATION_ALLOW, - TNC_IMV_EVALUATION_RESULT_COMPLIANT); - } - else - { - state->set_recommendation(state, - TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS, - TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MAJOR); - } - } - } - enumerator->destroy(enumerator); - - if (fatal_error) - { - state->set_recommendation(state, - TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION, - TNC_IMV_EVALUATION_RESULT_ERROR); - } - - out_msg = imv_msg_create_as_reply(in_msg); - result = out_msg->send_assessment(out_msg); - out_msg->destroy(out_msg); - if (result != TNC_RESULT_SUCCESS) - { - return result; - } - return imv_scanner->provide_recommendation(imv_scanner, state); - } - -/** - * see section 3.8.4 of TCG TNC IF-IMV Specification 1.3 - */ -TNC_Result TNC_IMV_ReceiveMessage(TNC_IMVID imv_id, - TNC_ConnectionID connection_id, - TNC_BufferReference msg, - TNC_UInt32 msg_len, - TNC_MessageType msg_type) -{ - imv_state_t *state; - imv_msg_t *in_msg; - TNC_Result result; - - if (!imv_scanner) - { - DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name); - return TNC_RESULT_NOT_INITIALIZED; - } - if (!imv_scanner->get_state(imv_scanner, connection_id, &state)) - { - return TNC_RESULT_FATAL; - } - - in_msg = imv_msg_create_from_data(imv_scanner, state, connection_id, msg_type, - chunk_create(msg, msg_len)); - result = receive_message(state, in_msg); - in_msg->destroy(in_msg); - - return result; -} - -/** - * see section 3.8.6 of TCG TNC IF-IMV Specification 1.3 - */ -TNC_Result TNC_IMV_ReceiveMessageLong(TNC_IMVID imv_id, - TNC_ConnectionID connection_id, - TNC_UInt32 msg_flags, - TNC_BufferReference msg, - TNC_UInt32 msg_len, - TNC_VendorID msg_vid, - TNC_MessageSubtype msg_subtype, - TNC_UInt32 src_imc_id, - TNC_UInt32 dst_imv_id) -{ - imv_state_t *state; - imv_msg_t *in_msg; - TNC_Result result; - - if (!imv_scanner) - { - DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name); - return TNC_RESULT_NOT_INITIALIZED; - } - if (!imv_scanner->get_state(imv_scanner, connection_id, &state)) - { - return TNC_RESULT_FATAL; - } - in_msg = imv_msg_create_from_long_data(imv_scanner, state, connection_id, - src_imc_id, dst_imv_id, msg_vid, msg_subtype, - chunk_create(msg, msg_len)); - result =receive_message(state, in_msg); - in_msg->destroy(in_msg); - - return result; -} - -/** - * see section 3.8.7 of TCG TNC IF-IMV Specification 1.3 - */ -TNC_Result TNC_IMV_SolicitRecommendation(TNC_IMVID imv_id, - TNC_ConnectionID connection_id) -{ - imv_state_t *state; - - if (!imv_scanner) - { - DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name); - return TNC_RESULT_NOT_INITIALIZED; - } - if (!imv_scanner->get_state(imv_scanner, connection_id, &state)) - { - return TNC_RESULT_FATAL; - } - return imv_scanner->provide_recommendation(imv_scanner, state); -} - -/** - * see section 3.8.8 of TCG TNC IF-IMV Specification 1.3 - */ -TNC_Result TNC_IMV_BatchEnding(TNC_IMVID imv_id, - TNC_ConnectionID connection_id) -{ - imv_state_t *state; - imv_msg_t *out_msg; - pa_tnc_attr_t *attr; - TNC_IMV_Action_Recommendation rec; - TNC_IMV_Evaluation_Result eval; - TNC_Result result = TNC_RESULT_SUCCESS; - - if (!imv_scanner) - { - DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name); - return TNC_RESULT_NOT_INITIALIZED; - } - if (!imv_scanner->get_state(imv_scanner, connection_id, &state)) - { - return TNC_RESULT_FATAL; - } - state->get_recommendation(state, &rec, &eval); - if (rec == TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION) - { - out_msg = imv_msg_create(imv_scanner, state, connection_id, imv_id, - TNC_IMCID_ANY, msg_types[0]); - attr = ietf_attr_attr_request_create(PEN_IETF, IETF_ATTR_PORT_FILTER); - out_msg->add_attribute(out_msg, attr); - - /* send PA-TNC message with excl flag not set */ - result = out_msg->send(out_msg, FALSE); - out_msg->destroy(out_msg); - - } - return result; -} - -/** - * see section 3.8.9 of TCG TNC IF-IMV Specification 1.3 - */ -TNC_Result TNC_IMV_Terminate(TNC_IMVID imv_id) -{ - if (!imv_scanner) - { - DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name); - return TNC_RESULT_NOT_INITIALIZED; - } - tcp_ports->destroy_function(tcp_ports, free); - udp_ports->destroy_function(udp_ports, free); - imv_scanner->destroy(imv_scanner); - imv_scanner = NULL; - - return TNC_RESULT_SUCCESS; -} - -/** - * see section 4.2.8.1 of TCG TNC IF-IMV Specification 1.3 - */ -TNC_Result TNC_IMV_ProvideBindFunction(TNC_IMVID imv_id, - TNC_TNCS_BindFunctionPointer bind_function) -{ - if (!imv_scanner) - { - DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name); - return TNC_RESULT_NOT_INITIALIZED; - } - return imv_scanner->bind_functions(imv_scanner, bind_function); -} diff --git a/src/libimcv/plugins/imv_scanner/imv_scanner_agent.c b/src/libimcv/plugins/imv_scanner/imv_scanner_agent.c new file mode 100644 index 000000000..d1e093137 --- /dev/null +++ b/src/libimcv/plugins/imv_scanner/imv_scanner_agent.c @@ -0,0 +1,526 @@ +/* + * Copyright (C) 2013 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "imv_scanner_agent.h" +#include "imv_scanner_state.h" + +#include <imcv.h> +#include <imv/imv_agent.h> +#include <imv/imv_msg.h> +#include <ietf/ietf_attr.h> +#include <ietf/ietf_attr_attr_request.h> +#include <ietf/ietf_attr_pa_tnc_error.h> +#include <ietf/ietf_attr_port_filter.h> + +#include <tncif_names.h> +#include <tncif_pa_subtypes.h> + +#include <pen/pen.h> +#include <utils/debug.h> +#include <utils/lexparser.h> + +typedef struct private_imv_scanner_agent_t private_imv_scanner_agent_t; + +/* Subscribed PA-TNC message subtypes */ +static pen_type_t msg_types[] = { + { PEN_IETF, PA_SUBTYPE_IETF_VPN } +}; + +/** + * Private data of an imv_scanner_agent_t object. + */ +struct private_imv_scanner_agent_t { + + /** + * Public members of imv_scanner_agent_t + */ + imv_agent_if_t public; + + /** + * IMV agent responsible for generic functions + */ + imv_agent_t *agent; + +}; + +METHOD(imv_agent_if_t, bind_functions, TNC_Result, + private_imv_scanner_agent_t *this, TNC_TNCS_BindFunctionPointer bind_function) +{ + return this->agent->bind_functions(this->agent, bind_function); +} + +METHOD(imv_agent_if_t, notify_connection_change, TNC_Result, + private_imv_scanner_agent_t *this, TNC_ConnectionID id, + TNC_ConnectionState new_state) +{ + imv_state_t *state; + + switch (new_state) + { + case TNC_CONNECTION_STATE_CREATE: + state = imv_scanner_state_create(id); + return this->agent->create_state(this->agent, state); + case TNC_CONNECTION_STATE_DELETE: + return this->agent->delete_state(this->agent, id); + default: + return this->agent->change_state(this->agent, id, new_state, NULL); + } +} + +/** + * Process a received message + */ +static TNC_Result receive_msg(private_imv_scanner_agent_t *this, + imv_state_t *state, imv_msg_t *in_msg) +{ + imv_msg_t *out_msg; + imv_scanner_state_t *scanner_state; + enumerator_t *enumerator; + pa_tnc_attr_t *attr; + pen_type_t type; + TNC_Result result; + ietf_attr_port_filter_t *port_filter_attr; + bool fatal_error = FALSE; + + /* parse received PA-TNC message and handle local and remote errors */ + result = in_msg->receive(in_msg, &fatal_error); + if (result != TNC_RESULT_SUCCESS) + { + return result; + } + + /* analyze PA-TNC attributes */ + enumerator = in_msg->create_attribute_enumerator(in_msg); + while (enumerator->enumerate(enumerator, &attr)) + { + type = attr->get_type(attr); + + if (type.vendor_id == PEN_IETF && type.type == IETF_ATTR_PORT_FILTER) + { + scanner_state = (imv_scanner_state_t*)state; + port_filter_attr = (ietf_attr_port_filter_t*)attr->get_ref(attr); + scanner_state->set_port_filter_attr(scanner_state, port_filter_attr); + } + } + enumerator->destroy(enumerator); + + if (fatal_error) + { + state->set_recommendation(state, + TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION, + TNC_IMV_EVALUATION_RESULT_ERROR); + out_msg = imv_msg_create_as_reply(in_msg); + result = out_msg->send_assessment(out_msg); + out_msg->destroy(out_msg); + if (result != TNC_RESULT_SUCCESS) + { + return result; + } + return this->agent->provide_recommendation(this->agent, state); + } + + return TNC_RESULT_SUCCESS; +} + +METHOD(imv_agent_if_t, receive_message, TNC_Result, + private_imv_scanner_agent_t *this, TNC_ConnectionID id, + TNC_MessageType msg_type, chunk_t msg) +{ + imv_state_t *state; + imv_msg_t *in_msg; + TNC_Result result; + + if (!this->agent->get_state(this->agent, id, &state)) + { + return TNC_RESULT_FATAL; + } + in_msg = imv_msg_create_from_data(this->agent, state, id, msg_type, msg); + result = receive_msg(this, state, in_msg); + in_msg->destroy(in_msg); + + return result; +} + +METHOD(imv_agent_if_t, receive_message_long, TNC_Result, + private_imv_scanner_agent_t *this, TNC_ConnectionID id, + TNC_UInt32 src_imc_id, TNC_UInt32 dst_imv_id, + TNC_VendorID msg_vid, TNC_MessageSubtype msg_subtype, chunk_t msg) +{ + imv_state_t *state; + imv_msg_t *in_msg; + TNC_Result result; + + if (!this->agent->get_state(this->agent, id, &state)) + { + return TNC_RESULT_FATAL; + } + in_msg = imv_msg_create_from_long_data(this->agent, state, id, + src_imc_id, dst_imv_id, msg_vid, msg_subtype, msg); + result = receive_msg(this, state, in_msg); + in_msg->destroy(in_msg); + + return result; + +} + +typedef struct port_range_t port_range_t; + +struct port_range_t { + u_int16_t start, stop; +}; + +/** + * Parse a TCP or UDP port list from an argument string + */ +static linked_list_t* get_port_list(u_int8_t protocol_family, + bool closed_port_policy, char *arg_str) +{ + chunk_t port_list, port_item, port_start; + port_range_t *port_range; + linked_list_t *list; + + list = linked_list_create(); + + port_list = chunk_from_str(arg_str); + DBG2(DBG_IMV, "list of %s ports that %s:", + (protocol_family == IPPROTO_TCP) ? "tcp" : "udp", + closed_port_policy ? "are allowed to be open" : "must be closed"); + + while (eat_whitespace(&port_list)) + { + if (!extract_token(&port_item, ' ', &port_list)) + { + /* reached last port item */ + port_item = port_list; + port_list = chunk_empty; + } + port_range = malloc_thing(port_range_t); + port_range->start = atoi(port_item.ptr); + + if (extract_token(&port_start, '-', &port_item) && port_item.len) + { + port_range->stop = atoi(port_item.ptr); + } + else + { + port_range->stop = port_range->start; + } + DBG2(DBG_IMV, "%5u - %5u", port_range->start, port_range->stop); + list->insert_last(list, port_range); + } + + return list; +} + +METHOD(imv_agent_if_t, batch_ending, TNC_Result, + private_imv_scanner_agent_t *this, TNC_ConnectionID id) +{ + imv_msg_t *out_msg; + imv_state_t *state; + imv_session_t *session; + imv_workitem_t *workitem; + imv_scanner_state_t *scanner_state; + imv_scanner_handshake_state_t handshake_state; + pa_tnc_attr_t *attr; + ietf_attr_port_filter_t *port_filter_attr; + TNC_IMVID imv_id; + TNC_Result result = TNC_RESULT_SUCCESS; + bool no_workitems = TRUE; + enumerator_t *enumerator; + + if (!this->agent->get_state(this->agent, id, &state)) + { + return TNC_RESULT_FATAL; + } + scanner_state = (imv_scanner_state_t*)state; + handshake_state = scanner_state->get_handshake_state(scanner_state); + port_filter_attr = scanner_state->get_port_filter_attr(scanner_state); + session = state->get_session(state); + imv_id = this->agent->get_id(this->agent); + + if (handshake_state == IMV_SCANNER_STATE_END) + { + return TNC_RESULT_SUCCESS; + } + + /* create an empty out message - we might need it */ + out_msg = imv_msg_create(this->agent, state, id, imv_id, TNC_IMCID_ANY, + msg_types[0]); + + if (!session) + { + DBG2(DBG_IMV, "no workitems available - no evaluation possible"); + state->set_recommendation(state, + TNC_IMV_ACTION_RECOMMENDATION_ALLOW, + TNC_IMV_EVALUATION_RESULT_DONT_KNOW); + result = out_msg->send_assessment(out_msg); + out_msg->destroy(out_msg); + scanner_state->set_handshake_state(scanner_state, IMV_SCANNER_STATE_END); + + if (result != TNC_RESULT_SUCCESS) + { + return result; + } + return this->agent->provide_recommendation(this->agent, state); + } + + if (handshake_state == IMV_SCANNER_STATE_INIT) + { + enumerator = session->create_workitem_enumerator(session); + if (enumerator) + { + while (enumerator->enumerate(enumerator, &workitem)) + { + if (workitem->get_imv_id(workitem) != TNC_IMVID_ANY) + { + continue; + } + + switch (workitem->get_type(workitem)) + { + case IMV_WORKITEM_TCP_PORT_OPEN: + case IMV_WORKITEM_TCP_PORT_BLOCK: + case IMV_WORKITEM_UDP_PORT_OPEN: + case IMV_WORKITEM_UDP_PORT_BLOCK: + if (!port_filter_attr && + handshake_state != IMV_SCANNER_STATE_ATTR_REQ) + { + attr = ietf_attr_attr_request_create(PEN_IETF, + IETF_ATTR_PORT_FILTER); + out_msg->add_attribute(out_msg, attr); + handshake_state = IMV_SCANNER_STATE_ATTR_REQ; + } + break; + default: + continue; + } + workitem->set_imv_id(workitem, imv_id); + no_workitems = FALSE; + } + enumerator->destroy(enumerator); + + if (no_workitems) + { + DBG2(DBG_IMV, "IMV %d has no workitems - " + "no evaluation requested", imv_id); + state->set_recommendation(state, + TNC_IMV_ACTION_RECOMMENDATION_ALLOW, + TNC_IMV_EVALUATION_RESULT_DONT_KNOW); + } + handshake_state = IMV_SCANNER_STATE_WORKITEMS; + scanner_state->set_handshake_state(scanner_state, handshake_state); + } + } + + if (handshake_state == IMV_SCANNER_STATE_WORKITEMS && port_filter_attr) + { + TNC_IMV_Evaluation_Result eval; + TNC_IMV_Action_Recommendation rec; + u_int8_t protocol_family, protocol; + u_int16_t port; + bool closed_port_policy, blocked, first; + char result_str[BUF_LEN], *pos, *protocol_str; + size_t len; + int written; + linked_list_t *port_list; + enumerator_t *e1, *e2; + + enumerator = session->create_workitem_enumerator(session); + while (enumerator->enumerate(enumerator, &workitem)) + { + if (workitem->get_imv_id(workitem) != imv_id) + { + continue; + } + eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT; + + switch (workitem->get_type(workitem)) + { + case IMV_WORKITEM_TCP_PORT_OPEN: + protocol_family = IPPROTO_TCP; + closed_port_policy = TRUE; + break; + case IMV_WORKITEM_TCP_PORT_BLOCK: + protocol_family = IPPROTO_TCP; + closed_port_policy = FALSE; + break; + case IMV_WORKITEM_UDP_PORT_OPEN: + protocol_family = IPPROTO_UDP; + closed_port_policy = TRUE; + break; + case IMV_WORKITEM_UDP_PORT_BLOCK: + protocol_family = IPPROTO_UDP; + closed_port_policy = FALSE; + break; + default: + continue; + } + port_list = get_port_list(protocol_family, closed_port_policy, + workitem->get_arg_str(workitem)); + protocol_str = (protocol_family == IPPROTO_TCP) ? "tcp" : "udp"; + result_str[0] = '\0'; + pos = result_str; + len = BUF_LEN; + first = TRUE; + + e1 = port_filter_attr->create_port_enumerator(port_filter_attr); + while (e1->enumerate(e1, &blocked, &protocol, &port)) + { + port_range_t *port_range; + bool passed, found = FALSE; + char buf[20]; + + if (blocked || protocol != protocol_family) + { + /* ignore closed ports or non-matching protocols */ + continue; + } + + e2 = port_list->create_enumerator(port_list); + while (e2->enumerate(e2, &port_range)) + { + if (port >= port_range->start && port <= port_range->stop) + { + found = TRUE; + break; + } + } + e2->destroy(e2); + + passed = (closed_port_policy == found); + DBG2(DBG_IMV, "%s port %5u open: %s", protocol_str, port, + passed ? "ok" : "fatal"); + if (!passed) + { + eval = TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR; + snprintf(buf, sizeof(buf), "%s/%u", protocol_str, port); + scanner_state->add_violating_port(scanner_state, strdup(buf)); + if (first) + { + written = snprintf(pos, len, "violating %s ports:", + protocol_str); + if (written > 0 && written < len) + { + pos += written; + len -= written; + } + first = FALSE; + } + written = snprintf(pos, len, " %u", port); + if (written < 0 || written >= len) + { + pos += len - 1; + *pos = '\0'; + } + else + { + pos += written; + len -= written; + } + } + } + e1->destroy(e1); + + if (first) + { + snprintf(pos, len, "no violating %s ports", protocol_str); + } + port_list->destroy(port_list); + + session->remove_workitem(session, enumerator); + rec = workitem->set_result(workitem, result_str, eval); + state->update_recommendation(state, rec, eval); + imcv_db->finalize_workitem(imcv_db, workitem); + workitem->destroy(workitem); + } + enumerator->destroy(enumerator); + } + + /* finalized all workitems ? */ + if (handshake_state == IMV_SCANNER_STATE_WORKITEMS && + session->get_workitem_count(session, imv_id) == 0) + { + result = out_msg->send_assessment(out_msg); + out_msg->destroy(out_msg); + scanner_state->set_handshake_state(scanner_state, IMV_SCANNER_STATE_END); + + if (result != TNC_RESULT_SUCCESS) + { + return result; + } + return this->agent->provide_recommendation(this->agent, state); + } + + /* send non-empty PA-TNC message with excl flag not set */ + if (out_msg->get_attribute_count(out_msg)) + { + result = out_msg->send(out_msg, FALSE); + } + out_msg->destroy(out_msg); + + return result; +} + +METHOD(imv_agent_if_t, solicit_recommendation, TNC_Result, + private_imv_scanner_agent_t *this, TNC_ConnectionID id) +{ + imv_state_t *state; + + if (!this->agent->get_state(this->agent, id, &state)) + { + return TNC_RESULT_FATAL; + } + return this->agent->provide_recommendation(this->agent, state); +} + +METHOD(imv_agent_if_t, destroy, void, + private_imv_scanner_agent_t *this) +{ + this->agent->destroy(this->agent); + free(this); +} + +/** + * Described in header. + */ +imv_agent_if_t *imv_scanner_agent_create(const char *name, TNC_IMVID id, + TNC_Version *actual_version) +{ + private_imv_scanner_agent_t *this; + imv_agent_t *agent; + + agent = imv_agent_create(name, msg_types, countof(msg_types), id, + actual_version); + if (!agent) + { + return NULL; + } + + INIT(this, + .public = { + .bind_functions = _bind_functions, + .notify_connection_change = _notify_connection_change, + .receive_message = _receive_message, + .receive_message_long = _receive_message_long, + .batch_ending = _batch_ending, + .solicit_recommendation = _solicit_recommendation, + .destroy = _destroy, + }, + .agent = agent, + ); + + return &this->public; +} + diff --git a/src/libimcv/plugins/imv_scanner/imv_scanner_agent.h b/src/libimcv/plugins/imv_scanner/imv_scanner_agent.h new file mode 100644 index 000000000..155453363 --- /dev/null +++ b/src/libimcv/plugins/imv_scanner/imv_scanner_agent.h @@ -0,0 +1,36 @@ +/* + * Copyright (C) 2013 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup imv_scanner_agent_t imv_scanner_agent + * @{ @ingroup imv_scanner + */ + +#ifndef IMV_SCANNER_AGENT_H_ +#define IMV_SCANNER_AGENT_H_ + +#include <imv/imv_agent_if.h> + +/** + * Creates a Scanner IMV agent + * + * @param name Name of the IMV + * @param id ID of the IMV + * @param actual_version TNC IF-IMV version + */ +imv_agent_if_t* imv_scanner_agent_create(const char* name, TNC_IMVID id, + TNC_Version *actual_version); + +#endif /** IMV_SCANNER_AGENT_H_ @}*/ diff --git a/src/libimcv/plugins/imv_scanner/imv_scanner_state.c b/src/libimcv/plugins/imv_scanner/imv_scanner_state.c index 2123af7a8..4c570c46a 100644 --- a/src/libimcv/plugins/imv_scanner/imv_scanner_state.c +++ b/src/libimcv/plugins/imv_scanner/imv_scanner_state.c @@ -18,6 +18,8 @@ #include "imv/imv_reason_string.h" #include "imv/imv_remediation_string.h" +#include <tncif_policy.h> + #include <utils/lexparser.h> #include <utils/debug.h> @@ -59,6 +61,11 @@ struct private_imv_scanner_state_t { u_int32_t max_msg_len; /** + * Flags set for completed actions + */ + u_int32_t action_flags; + + /** * Access Requestor ID Type */ u_int32_t ar_id_type; @@ -69,6 +76,11 @@ struct private_imv_scanner_state_t { chunk_t ar_id_value; /** + * IMV database session associatied with TNCCS connection + */ + imv_session_t *session; + + /** * IMV action recommendation */ TNC_IMV_Action_Recommendation rec; @@ -79,6 +91,16 @@ struct private_imv_scanner_state_t { TNC_IMV_Evaluation_Result eval; /** + * IMV Scanner handshake state + */ + imv_scanner_handshake_state_t handshake_state; + + /** + * Copy of the received IEEE Port Filter attribute + */ + ietf_attr_port_filter_t *port_filter_attr; + + /** * List with ports that should be closed */ linked_list_t *violating_ports; @@ -175,6 +197,18 @@ METHOD(imv_state_t, get_max_msg_len, u_int32_t, return this->max_msg_len; } +METHOD(imv_state_t, set_action_flags, void, + private_imv_scanner_state_t *this, u_int32_t flags) +{ + this->action_flags |= flags; +} + +METHOD(imv_state_t, get_action_flags, u_int32_t, + private_imv_scanner_state_t *this) +{ + return this->action_flags; +} + METHOD(imv_state_t, set_ar_id, void, private_imv_scanner_state_t *this, u_int32_t id_type, chunk_t id_value) { @@ -192,6 +226,18 @@ METHOD(imv_state_t, get_ar_id, chunk_t, return this->ar_id_value; } +METHOD(imv_state_t, set_session, void, + private_imv_scanner_state_t *this, imv_session_t *session) +{ + this->session = session; +} + +METHOD(imv_state_t, get_session, imv_session_t*, + private_imv_scanner_state_t *this) +{ + return this->session; +} + METHOD(imv_state_t, change_state, void, private_imv_scanner_state_t *this, TNC_ConnectionState new_state) { @@ -200,7 +246,7 @@ METHOD(imv_state_t, change_state, void, METHOD(imv_state_t, get_recommendation, void, private_imv_scanner_state_t *this, TNC_IMV_Action_Recommendation *rec, - TNC_IMV_Evaluation_Result *eval) + TNC_IMV_Evaluation_Result *eval) { *rec = this->rec; *eval = this->eval; @@ -208,17 +254,25 @@ METHOD(imv_state_t, get_recommendation, void, METHOD(imv_state_t, set_recommendation, void, private_imv_scanner_state_t *this, TNC_IMV_Action_Recommendation rec, - TNC_IMV_Evaluation_Result eval) + TNC_IMV_Evaluation_Result eval) { this->rec = rec; this->eval = eval; } +METHOD(imv_state_t, update_recommendation, void, + private_imv_scanner_state_t *this, TNC_IMV_Action_Recommendation rec, + TNC_IMV_Evaluation_Result eval) +{ + this->rec = tncif_policy_update_recommendation(this->rec, rec); + this->eval = tncif_policy_update_evaluation(this->eval, eval); +} + METHOD(imv_state_t, get_reason_string, bool, private_imv_scanner_state_t *this, enumerator_t *language_enumerator, chunk_t *reason_string, char **reason_language) { - if (!this->violating_ports) + if (this->violating_ports->get_count(this->violating_ports) == 0) { return FALSE; } @@ -228,7 +282,10 @@ METHOD(imv_state_t, get_reason_string, bool, /* Instantiate a TNC Reason String object */ DESTROY_IF(this->reason_string); this->reason_string = imv_reason_string_create(*reason_language); - this->reason_string->add_reason(this->reason_string, reasons); + if (this->rec != TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION) + { + this->reason_string->add_reason(this->reason_string, reasons); + } *reason_string = this->reason_string->get_encoding(this->reason_string); return TRUE; @@ -238,7 +295,7 @@ METHOD(imv_state_t, get_remediation_instructions, bool, private_imv_scanner_state_t *this, enumerator_t *language_enumerator, chunk_t *string, char **lang_code, char **uri) { - if (!this->violating_ports) + if (this->violating_ports->get_count(this->violating_ports) == 0) { return FALSE; } @@ -265,13 +322,40 @@ METHOD(imv_state_t, get_remediation_instructions, bool, METHOD(imv_state_t, destroy, void, private_imv_scanner_state_t *this) { + DESTROY_IF(this->session); DESTROY_IF(this->reason_string); DESTROY_IF(this->remediation_string); + DESTROY_IF(&this->port_filter_attr->pa_tnc_attribute); this->violating_ports->destroy_function(this->violating_ports, free); free(this->ar_id_value.ptr); free(this); } +METHOD(imv_scanner_state_t, set_handshake_state, void, + private_imv_scanner_state_t *this, imv_scanner_handshake_state_t new_state) +{ + this->handshake_state = new_state; +} + +METHOD(imv_scanner_state_t, get_handshake_state, imv_scanner_handshake_state_t, + private_imv_scanner_state_t *this) +{ + return this->handshake_state; +} + +METHOD(imv_scanner_state_t, set_port_filter_attr, void, + private_imv_scanner_state_t *this, ietf_attr_port_filter_t *attr) +{ + DESTROY_IF(&this->port_filter_attr->pa_tnc_attribute); + this->port_filter_attr = attr; +} + +METHOD(imv_scanner_state_t, get_port_filter_attr, ietf_attr_port_filter_t*, + private_imv_scanner_state_t *this) +{ + return this->port_filter_attr; +} + METHOD(imv_scanner_state_t, add_violating_port, void, private_imv_scanner_state_t *this, char *port) { @@ -294,15 +378,24 @@ imv_state_t *imv_scanner_state_create(TNC_ConnectionID connection_id) .set_flags = _set_flags, .set_max_msg_len = _set_max_msg_len, .get_max_msg_len = _get_max_msg_len, + .set_action_flags = _set_action_flags, + .get_action_flags = _get_action_flags, .set_ar_id = _set_ar_id, .get_ar_id = _get_ar_id, + .set_session = _set_session, + .get_session= _get_session, .change_state = _change_state, .get_recommendation = _get_recommendation, .set_recommendation = _set_recommendation, + .update_recommendation = _update_recommendation, .get_reason_string = _get_reason_string, .get_remediation_instructions = _get_remediation_instructions, .destroy = _destroy, }, + .set_handshake_state = _set_handshake_state, + .get_handshake_state = _get_handshake_state, + .set_port_filter_attr = _set_port_filter_attr, + .get_port_filter_attr = _get_port_filter_attr, .add_violating_port = _add_violating_port, }, .state = TNC_CONNECTION_STATE_CREATE, diff --git a/src/libimcv/plugins/imv_scanner/imv_scanner_state.h b/src/libimcv/plugins/imv_scanner/imv_scanner_state.h index a15eb0778..7f147f864 100644 --- a/src/libimcv/plugins/imv_scanner/imv_scanner_state.h +++ b/src/libimcv/plugins/imv_scanner/imv_scanner_state.h @@ -1,5 +1,6 @@ /* - * Copyright (C) 2011 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil + * Copyright (C) 2011-2013 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -24,9 +25,22 @@ #define IMV_SCANNER_STATE_H_ #include <imv/imv_state.h> +#include <ietf/ietf_attr_port_filter.h> + #include <library.h> typedef struct imv_scanner_state_t imv_scanner_state_t; +typedef enum imv_scanner_handshake_state_t imv_scanner_handshake_state_t; + +/** + * IMV Scanner Handshake States (state machine) + */ +enum imv_scanner_handshake_state_t { + IMV_SCANNER_STATE_INIT, + IMV_SCANNER_STATE_ATTR_REQ, + IMV_SCANNER_STATE_WORKITEMS, + IMV_SCANNER_STATE_END +}; /** * Internal state of an imv_scanner_t connection instance @@ -39,6 +53,36 @@ struct imv_scanner_state_t { imv_state_t interface; /** + * Set state of the handshake + * + * @param new_state the handshake state of IMV + */ + void (*set_handshake_state)(imv_scanner_state_t *this, + imv_scanner_handshake_state_t new_state); + + /** + * Get state of the handshake + * + * @return the handshake state of IMV + */ + imv_scanner_handshake_state_t (*get_handshake_state)(imv_scanner_state_t *this); + + /** + * Store an IETF Port Filter attribute for later evaluation + * + * @param attr IETF Port Filter attribute + */ + void (*set_port_filter_attr)(imv_scanner_state_t *this, + ietf_attr_port_filter_t *attr); + + /** + * Get the stored IETF Port Filter attribute + * + * @return IETF Port Filter attribute + */ + ietf_attr_port_filter_t* (*get_port_filter_attr)(imv_scanner_state_t *this); + + /** * add a violating TCP or UDP port */ void (*add_violating_port)(imv_scanner_state_t *this, char *port); diff --git a/src/libimcv/plugins/imv_test/Makefile.am b/src/libimcv/plugins/imv_test/Makefile.am index 4ca5b852b..34922867e 100644 --- a/src/libimcv/plugins/imv_test/Makefile.am +++ b/src/libimcv/plugins/imv_test/Makefile.am @@ -1,15 +1,18 @@ - -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libtncif \ +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libtncif \ -I$(top_srcdir)/src/libimcv -AM_CFLAGS = -rdynamic +AM_CFLAGS = \ + -rdynamic imcv_LTLIBRARIES = imv-test.la imv_test_la_LIBADD = $(top_builddir)/src/libimcv/libimcv.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la -imv_test_la_SOURCES = imv_test.c imv_test_state.h imv_test_state.c +imv_test_la_SOURCES = \ + imv_test.c imv_test_state.h imv_test_state.c \ + imv_test_agent.h imv_test_agent.c imv_test_la_LDFLAGS = -module -avoid-version - diff --git a/src/libimcv/plugins/imv_test/Makefile.in b/src/libimcv/plugins/imv_test/Makefile.in index 4cf92ddf5..e77573395 100644 --- a/src/libimcv/plugins/imv_test/Makefile.in +++ b/src/libimcv/plugins/imv_test/Makefile.in @@ -62,7 +62,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/macros/with.m4 \ $(top_srcdir)/m4/macros/enable-disable.m4 \ $(top_srcdir)/m4/macros/add-plugin.m4 \ - $(top_srcdir)/configure.in + $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d @@ -100,9 +100,13 @@ am__installdirs = "$(DESTDIR)$(imcvdir)" LTLIBRARIES = $(imcv_LTLIBRARIES) imv_test_la_DEPENDENCIES = $(top_builddir)/src/libimcv/libimcv.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la -am_imv_test_la_OBJECTS = imv_test.lo imv_test_state.lo +am_imv_test_la_OBJECTS = imv_test.lo imv_test_state.lo \ + imv_test_agent.lo imv_test_la_OBJECTS = $(am_imv_test_la_OBJECTS) -imv_test_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +imv_test_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(imv_test_la_LDFLAGS) $(LDFLAGS) -o $@ DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) @@ -111,13 +115,26 @@ am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ - --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ - $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ CCLD = $(CC) -LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ - --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ - $(LDFLAGS) -o $@ +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; SOURCES = $(imv_test_la_SOURCES) DIST_SOURCES = $(imv_test_la_SOURCES) am__can_run_installinfo = \ @@ -131,6 +148,7 @@ DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ @@ -143,6 +161,8 @@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CHECK_CFLAGS = @CHECK_CFLAGS@ CHECK_LIBS = @CHECK_LIBS@ +COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ +COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -158,6 +178,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ GREP = @GREP@ @@ -166,6 +187,7 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LCOV = @LCOV@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ @@ -212,6 +234,7 @@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ SOCKLIB = @SOCKLIB@ STRIP = @STRIP@ +UNWINDLIB = @UNWINDLIB@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ @@ -240,6 +263,7 @@ charon_natt_port = @charon_natt_port@ charon_plugins = @charon_plugins@ charon_udp_port = @charon_udp_port@ clearsilver_LIBS = @clearsilver_LIBS@ +cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ @@ -317,15 +341,22 @@ top_srcdir = @top_srcdir@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libtncif \ +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libtncif \ -I$(top_srcdir)/src/libimcv -AM_CFLAGS = -rdynamic +AM_CFLAGS = \ + -rdynamic + imcv_LTLIBRARIES = imv-test.la imv_test_la_LIBADD = $(top_builddir)/src/libimcv/libimcv.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la -imv_test_la_SOURCES = imv_test.c imv_test_state.h imv_test_state.c +imv_test_la_SOURCES = \ + imv_test.c imv_test_state.h imv_test_state.c \ + imv_test_agent.h imv_test_agent.c + imv_test_la_LDFLAGS = -module -avoid-version all: all-am @@ -394,7 +425,7 @@ clean-imcvLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done imv-test.la: $(imv_test_la_OBJECTS) $(imv_test_la_DEPENDENCIES) $(EXTRA_imv_test_la_DEPENDENCIES) - $(imv_test_la_LINK) -rpath $(imcvdir) $(imv_test_la_OBJECTS) $(imv_test_la_LIBADD) $(LIBS) + $(AM_V_CCLD)$(imv_test_la_LINK) -rpath $(imcvdir) $(imv_test_la_OBJECTS) $(imv_test_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -403,28 +434,29 @@ distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imv_test.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imv_test_agent.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imv_test_state.Plo@am__quote@ .c.o: -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(COMPILE) -c $< +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< .c.obj: -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: -@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo diff --git a/src/libimcv/plugins/imv_test/imv_test.c b/src/libimcv/plugins/imv_test/imv_test.c index df45ce69a..964faef65 100644 --- a/src/libimcv/plugins/imv_test/imv_test.c +++ b/src/libimcv/plugins/imv_test/imv_test.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2012 Andreas Steffen + * Copyright (C) 2013 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -13,350 +13,12 @@ * for more details. */ -#include "imv_test_state.h" - -#include <imv/imv_agent.h> -#include <imv/imv_msg.h> -#include <ietf/ietf_attr.h> -#include <ietf/ietf_attr_pa_tnc_error.h> -#include <ita/ita_attr.h> -#include <ita/ita_attr_command.h> -#include <ita/ita_attr_dummy.h> - -#include <tncif_names.h> -#include <tncif_pa_subtypes.h> - -#include <pen/pen.h> -#include <utils/debug.h> - -/* IMV definitions */ +#include "imv_test_agent.h" static const char imv_name[] = "Test"; +static const imv_agent_create_t imv_agent_create = imv_test_agent_create; -static pen_type_t msg_types[] = { - { PEN_ITA, PA_SUBTYPE_ITA_TEST } -}; - -static imv_agent_t *imv_test; - -/** - * see section 3.8.1 of TCG TNC IF-IMV Specification 1.3 - */ -TNC_Result TNC_IMV_Initialize(TNC_IMVID imv_id, - TNC_Version min_version, - TNC_Version max_version, - TNC_Version *actual_version) -{ - if (imv_test) - { - DBG1(DBG_IMV, "IMV \"%s\" has already been initialized", imv_name); - return TNC_RESULT_ALREADY_INITIALIZED; - } - imv_test = imv_agent_create(imv_name, msg_types, countof(msg_types), - imv_id, actual_version); - if (!imv_test) - { - return TNC_RESULT_FATAL; - } - if (min_version > TNC_IFIMV_VERSION_1 || max_version < TNC_IFIMV_VERSION_1) - { - DBG1(DBG_IMV, "no common IF-IMV version"); - return TNC_RESULT_NO_COMMON_VERSION; - } - return TNC_RESULT_SUCCESS; -} - -/** - * see section 3.8.2 of TCG TNC IF-IMV Specification 1.3 - */ -TNC_Result TNC_IMV_NotifyConnectionChange(TNC_IMVID imv_id, - TNC_ConnectionID connection_id, - TNC_ConnectionState new_state) -{ - imv_state_t *state; - - if (!imv_test) - { - DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name); - return TNC_RESULT_NOT_INITIALIZED; - } - switch (new_state) - { - case TNC_CONNECTION_STATE_CREATE: - state = imv_test_state_create(connection_id); - return imv_test->create_state(imv_test, state); - case TNC_CONNECTION_STATE_DELETE: - return imv_test->delete_state(imv_test, connection_id); - default: - return imv_test->change_state(imv_test, connection_id, - new_state, NULL); - } -} - -static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg) -{ - imv_msg_t *out_msg; - imv_test_state_t *test_state; - enumerator_t *enumerator; - pa_tnc_attr_t *attr; - pen_type_t attr_type; - TNC_Result result; - int rounds; - bool fatal_error = FALSE, received_command = FALSE, retry = FALSE; - - /* parse received PA-TNC message and handle local and remote errors */ - result = in_msg->receive(in_msg, &fatal_error); - if (result != TNC_RESULT_SUCCESS) - { - return result; - } - - /* add any new IMC and set its number of rounds */ - rounds = lib->settings->get_int(lib->settings, - "libimcv.plugins.imv-test.rounds", 0); - test_state = (imv_test_state_t*)state; - test_state->add_imc(test_state, in_msg->get_src_id(in_msg), rounds); - - /* analyze PA-TNC attributes */ - enumerator = in_msg->create_attribute_enumerator(in_msg); - while (enumerator->enumerate(enumerator, &attr)) - { - attr_type = attr->get_type(attr); - - if (attr_type.vendor_id != PEN_ITA) - { - continue; - } - if (attr_type.type == ITA_ATTR_COMMAND) - { - ita_attr_command_t *ita_attr; - char *command; - - received_command = TRUE; - ita_attr = (ita_attr_command_t*)attr; - command = ita_attr->get_command(ita_attr); - - if (streq(command, "allow")) - { - state->set_recommendation(state, - TNC_IMV_ACTION_RECOMMENDATION_ALLOW, - TNC_IMV_EVALUATION_RESULT_COMPLIANT); - } - else if (streq(command, "isolate")) - { - state->set_recommendation(state, - TNC_IMV_ACTION_RECOMMENDATION_ISOLATE, - TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR); - } - else if (streq(command, "block") || streq(command, "none")) - { - state->set_recommendation(state, - TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS, - TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MAJOR); - } - else if (streq(command, "retry")) - { - retry = TRUE; - } - else - { - DBG1(DBG_IMV, "unsupported ITA Command '%s'", command); - state->set_recommendation(state, - TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION, - TNC_IMV_EVALUATION_RESULT_ERROR); - } - } - else if (attr_type.type == ITA_ATTR_DUMMY) - { - ita_attr_dummy_t *ita_attr; - - ita_attr = (ita_attr_dummy_t*)attr; - DBG1(DBG_IMV, "received dummy attribute value (%d bytes)", - ita_attr->get_size(ita_attr)); - } - } - enumerator->destroy(enumerator); - - if (fatal_error) - { - state->set_recommendation(state, - TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION, - TNC_IMV_EVALUATION_RESULT_ERROR); - out_msg = imv_msg_create_as_reply(in_msg); - result = out_msg->send_assessment(out_msg); - out_msg->destroy(out_msg); - if (result != TNC_RESULT_SUCCESS) - { - return result; - } - return imv_test->provide_recommendation(imv_test, state); - } - - /* request a handshake retry ? */ - if (retry) - { - test_state->set_rounds(test_state, rounds); - return imv_test->request_handshake_retry(imv_test->get_id(imv_test), - state->get_connection_id(state), - TNC_RETRY_REASON_IMV_SERIOUS_EVENT); - } +/* include generic TGC TNC IF-IMV API code below */ - /* repeat the measurement ? */ - if (test_state->another_round(test_state, in_msg->get_src_id(in_msg))) - { - out_msg = imv_msg_create_as_reply(in_msg); - attr = ita_attr_command_create("repeat"); - out_msg->add_attribute(out_msg, attr); +#include <imv/imv_if.h> - /* send PA-TNC message with excl flag set */ - result = out_msg->send(out_msg, TRUE); - out_msg->destroy(out_msg); - - return result; - } - - if (received_command) - { - out_msg = imv_msg_create_as_reply(in_msg); - result = out_msg->send_assessment(out_msg); - out_msg->destroy(out_msg); - if (result != TNC_RESULT_SUCCESS) - { - return result; - } - return imv_test->provide_recommendation(imv_test, state); - } - else - { - return TNC_RESULT_SUCCESS; - } -} - -/** - * see section 3.8.4 of TCG TNC IF-IMV Specification 1.3 - */ -TNC_Result TNC_IMV_ReceiveMessage(TNC_IMVID imv_id, - TNC_ConnectionID connection_id, - TNC_BufferReference msg, - TNC_UInt32 msg_len, - TNC_MessageType msg_type) -{ - imv_state_t *state; - imv_msg_t *in_msg; - TNC_Result result; - - if (!imv_test) - { - DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name); - return TNC_RESULT_NOT_INITIALIZED; - } - if (!imv_test->get_state(imv_test, connection_id, &state)) - { - return TNC_RESULT_FATAL; - } - in_msg = imv_msg_create_from_data(imv_test, state, connection_id, msg_type, - chunk_create(msg, msg_len)); - result = receive_message(state, in_msg); - in_msg->destroy(in_msg); - - return result; -} - -/** - * see section 3.8.6 of TCG TNC IF-IMV Specification 1.3 - */ -TNC_Result TNC_IMV_ReceiveMessageLong(TNC_IMVID imv_id, - TNC_ConnectionID connection_id, - TNC_UInt32 msg_flags, - TNC_BufferReference msg, - TNC_UInt32 msg_len, - TNC_VendorID msg_vid, - TNC_MessageSubtype msg_subtype, - TNC_UInt32 src_imc_id, - TNC_UInt32 dst_imv_id) -{ - imv_state_t *state; - imv_msg_t *in_msg; - TNC_Result result; - - if (!imv_test) - { - DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name); - return TNC_RESULT_NOT_INITIALIZED; - } - if (!imv_test->get_state(imv_test, connection_id, &state)) - { - return TNC_RESULT_FATAL; - } - in_msg = imv_msg_create_from_long_data(imv_test, state, connection_id, - src_imc_id, dst_imv_id, msg_vid, msg_subtype, - chunk_create(msg, msg_len)); - result =receive_message(state, in_msg); - in_msg->destroy(in_msg); - - return result; -} - -/** - * see section 3.8.7 of TCG TNC IF-IMV Specification 1.3 - */ -TNC_Result TNC_IMV_SolicitRecommendation(TNC_IMVID imv_id, - TNC_ConnectionID connection_id) -{ - imv_state_t *state; - - if (!imv_test) - { - DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name); - return TNC_RESULT_NOT_INITIALIZED; - } - if (!imv_test->get_state(imv_test, connection_id, &state)) - { - return TNC_RESULT_FATAL; - } - return imv_test->provide_recommendation(imv_test, state); -} - -/** - * see section 3.8.8 of TCG TNC IF-IMV Specification 1.3 - */ -TNC_Result TNC_IMV_BatchEnding(TNC_IMVID imv_id, - TNC_ConnectionID connection_id) -{ - if (!imv_test) - { - DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name); - return TNC_RESULT_NOT_INITIALIZED; - } - return TNC_RESULT_SUCCESS; -} - -/** - * see section 3.8.9 of TCG TNC IF-IMV Specification 1.3 - */ -TNC_Result TNC_IMV_Terminate(TNC_IMVID imv_id) -{ - if (!imv_test) - { - DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name); - return TNC_RESULT_NOT_INITIALIZED; - } - imv_test->destroy(imv_test); - imv_test = NULL; - - return TNC_RESULT_SUCCESS; -} - -/** - * see section 4.2.8.1 of TCG TNC IF-IMV Specification 1.3 - */ -TNC_Result TNC_IMV_ProvideBindFunction(TNC_IMVID imv_id, - TNC_TNCS_BindFunctionPointer bind_function) -{ - if (!imv_test) - { - DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name); - return TNC_RESULT_NOT_INITIALIZED; - } - return imv_test->bind_functions(imv_test, bind_function); -} diff --git a/src/libimcv/plugins/imv_test/imv_test_agent.c b/src/libimcv/plugins/imv_test/imv_test_agent.c new file mode 100644 index 000000000..87d69373f --- /dev/null +++ b/src/libimcv/plugins/imv_test/imv_test_agent.c @@ -0,0 +1,321 @@ +/* + * Copyright (C) 2013 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "imv_test_agent.h" +#include "imv_test_state.h" + +#include <imv/imv_agent.h> +#include <imv/imv_msg.h> +#include <ietf/ietf_attr.h> +#include <ietf/ietf_attr_pa_tnc_error.h> +#include <ita/ita_attr.h> +#include <ita/ita_attr_get_settings.h> +#include <ita/ita_attr_command.h> +#include <ita/ita_attr_dummy.h> + +#include <tncif_names.h> +#include <tncif_pa_subtypes.h> + +#include <pen/pen.h> +#include <utils/debug.h> + +typedef struct private_imv_test_agent_t private_imv_test_agent_t; + +/* Subscribed PA-TNC message subtypes */ +static pen_type_t msg_types[] = { + { PEN_ITA, PA_SUBTYPE_ITA_TEST } +}; + +/** + * Private data of an imv_test_agent_t object. + */ +struct private_imv_test_agent_t { + + /** + * Public members of imv_test_agent_t + */ + imv_agent_if_t public; + + /** + * IMV agent responsible for generic functions + */ + imv_agent_t *agent; + +}; + +METHOD(imv_agent_if_t, bind_functions, TNC_Result, + private_imv_test_agent_t *this, TNC_TNCS_BindFunctionPointer bind_function) +{ + return this->agent->bind_functions(this->agent, bind_function); +} + +METHOD(imv_agent_if_t, notify_connection_change, TNC_Result, + private_imv_test_agent_t *this, TNC_ConnectionID id, + TNC_ConnectionState new_state) +{ + imv_state_t *state; + + switch (new_state) + { + case TNC_CONNECTION_STATE_CREATE: + state = imv_test_state_create(id); + return this->agent->create_state(this->agent, state); + case TNC_CONNECTION_STATE_DELETE: + return this->agent->delete_state(this->agent, id); + default: + return this->agent->change_state(this->agent, id, new_state, NULL); + } +} + +/** + * Process a received message + */ +static TNC_Result receive_msg(private_imv_test_agent_t *this, imv_state_t *state, + imv_msg_t *in_msg) +{ + imv_msg_t *out_msg; + imv_test_state_t *test_state; + enumerator_t *enumerator; + pa_tnc_attr_t *attr; + pen_type_t attr_type; + TNC_Result result; + int rounds; + bool fatal_error = FALSE, received_command = FALSE, retry = FALSE; + + /* parse received PA-TNC message and handle local and remote errors */ + result = in_msg->receive(in_msg, &fatal_error); + if (result != TNC_RESULT_SUCCESS) + { + return result; + } + + /* add any new IMC and set its number of rounds */ + rounds = lib->settings->get_int(lib->settings, + "libimcv.plugins.imv-test.rounds", 0); + test_state = (imv_test_state_t*)state; + test_state->add_imc(test_state, in_msg->get_src_id(in_msg), rounds); + + /* analyze PA-TNC attributes */ + enumerator = in_msg->create_attribute_enumerator(in_msg); + while (enumerator->enumerate(enumerator, &attr)) + { + attr_type = attr->get_type(attr); + + if (attr_type.vendor_id != PEN_ITA) + { + continue; + } + if (attr_type.type == ITA_ATTR_COMMAND) + { + ita_attr_command_t *ita_attr; + char *command; + + received_command = TRUE; + ita_attr = (ita_attr_command_t*)attr; + command = ita_attr->get_command(ita_attr); + + if (streq(command, "allow")) + { + state->set_recommendation(state, + TNC_IMV_ACTION_RECOMMENDATION_ALLOW, + TNC_IMV_EVALUATION_RESULT_COMPLIANT); + } + else if (streq(command, "isolate")) + { + state->set_recommendation(state, + TNC_IMV_ACTION_RECOMMENDATION_ISOLATE, + TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR); + } + else if (streq(command, "block") || streq(command, "none")) + { + state->set_recommendation(state, + TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS, + TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MAJOR); + } + else if (streq(command, "retry")) + { + retry = TRUE; + } + else + { + DBG1(DBG_IMV, "unsupported ITA Command '%s'", command); + state->set_recommendation(state, + TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION, + TNC_IMV_EVALUATION_RESULT_ERROR); + } + } + else if (attr_type.type == ITA_ATTR_DUMMY) + { + ita_attr_dummy_t *ita_attr; + + ita_attr = (ita_attr_dummy_t*)attr; + DBG1(DBG_IMV, "received dummy attribute value (%d bytes)", + ita_attr->get_size(ita_attr)); + } + } + enumerator->destroy(enumerator); + + if (fatal_error) + { + state->set_recommendation(state, + TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION, + TNC_IMV_EVALUATION_RESULT_ERROR); + out_msg = imv_msg_create_as_reply(in_msg); + result = out_msg->send_assessment(out_msg); + out_msg->destroy(out_msg); + if (result != TNC_RESULT_SUCCESS) + { + return result; + } + return this->agent->provide_recommendation(this->agent, state); + } + + /* request a handshake retry ? */ + if (retry) + { + test_state->set_rounds(test_state, rounds); + return this->agent->request_handshake_retry( + this->agent->get_id(this->agent), + state->get_connection_id(state), + TNC_RETRY_REASON_IMV_SERIOUS_EVENT); + } + + /* repeat the measurement ? */ + if (test_state->another_round(test_state, in_msg->get_src_id(in_msg))) + { + out_msg = imv_msg_create_as_reply(in_msg); + attr = ita_attr_command_create("repeat"); + out_msg->add_attribute(out_msg, attr); + + /* send PA-TNC message with excl flag set */ + result = out_msg->send(out_msg, TRUE); + out_msg->destroy(out_msg); + + return result; + } + + if (received_command) + { + out_msg = imv_msg_create_as_reply(in_msg); + result = out_msg->send_assessment(out_msg); + out_msg->destroy(out_msg); + if (result != TNC_RESULT_SUCCESS) + { + return result; + } + return this->agent->provide_recommendation(this->agent, state); + } + else + { + return TNC_RESULT_SUCCESS; + } + } + +METHOD(imv_agent_if_t, receive_message, TNC_Result, + private_imv_test_agent_t *this, TNC_ConnectionID id, + TNC_MessageType msg_type, chunk_t msg) +{ + imv_state_t *state; + imv_msg_t *in_msg; + TNC_Result result; + + if (!this->agent->get_state(this->agent, id, &state)) + { + return TNC_RESULT_FATAL; + } + in_msg = imv_msg_create_from_data(this->agent, state, id, msg_type, msg); + result = receive_msg(this, state, in_msg); + in_msg->destroy(in_msg); + + return result; +} + +METHOD(imv_agent_if_t, receive_message_long, TNC_Result, + private_imv_test_agent_t *this, TNC_ConnectionID id, + TNC_UInt32 src_imc_id, TNC_UInt32 dst_imv_id, + TNC_VendorID msg_vid, TNC_MessageSubtype msg_subtype, chunk_t msg) +{ + imv_state_t *state; + imv_msg_t *in_msg; + TNC_Result result; + + if (!this->agent->get_state(this->agent, id, &state)) + { + return TNC_RESULT_FATAL; + } + in_msg = imv_msg_create_from_long_data(this->agent, state, id, + src_imc_id, dst_imv_id, msg_vid, msg_subtype, msg); + result = receive_msg(this, state, in_msg); + in_msg->destroy(in_msg); + + return result; + +} + +METHOD(imv_agent_if_t, batch_ending, TNC_Result, + private_imv_test_agent_t *this, TNC_ConnectionID id) +{ + return TNC_RESULT_SUCCESS; +} + +METHOD(imv_agent_if_t, solicit_recommendation, TNC_Result, + private_imv_test_agent_t *this, TNC_ConnectionID id) +{ + imv_state_t *state; + + if (!this->agent->get_state(this->agent, id, &state)) + { + return TNC_RESULT_FATAL; + } + return this->agent->provide_recommendation(this->agent, state); +} + +METHOD(imv_agent_if_t, destroy, void, + private_imv_test_agent_t *this) +{ + DESTROY_IF(this->agent); + free(this); +} + +/** + * Described in header. + */ +imv_agent_if_t *imv_test_agent_create(const char *name, TNC_IMVID id, + TNC_Version *actual_version) +{ + private_imv_test_agent_t *this; + + INIT(this, + .public = { + .bind_functions = _bind_functions, + .notify_connection_change = _notify_connection_change, + .receive_message = _receive_message, + .receive_message_long = _receive_message_long, + .batch_ending = _batch_ending, + .solicit_recommendation = _solicit_recommendation, + .destroy = _destroy, + }, + .agent = imv_agent_create(name, msg_types, countof(msg_types), id, + actual_version), + ); + + if (!this->agent) + { + destroy(this); + return NULL; + } + return &this->public; +} + diff --git a/src/libimcv/plugins/imv_test/imv_test_agent.h b/src/libimcv/plugins/imv_test/imv_test_agent.h new file mode 100644 index 000000000..15508d375 --- /dev/null +++ b/src/libimcv/plugins/imv_test/imv_test_agent.h @@ -0,0 +1,36 @@ +/* + * Copyright (C) 2013 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup imv_test_agent_t imv_test_agent + * @{ @ingroup imv_test + */ + +#ifndef IMV_TEST_AGENT_H_ +#define IMV_TEST_AGENT_H_ + +#include <imv/imv_agent_if.h> + +/** + * Creates a Test IMV agent + * + * @param name Name of the IMV + * @param id ID of the IMV + * @param actual_version TNC IF-IMV version + */ +imv_agent_if_t* imv_test_agent_create(const char* name, TNC_IMVID id, + TNC_Version *actual_version); + +#endif /** IMV_TEST_AGENT_H_ @}*/ diff --git a/src/libimcv/plugins/imv_test/imv_test_state.c b/src/libimcv/plugins/imv_test/imv_test_state.c index 41da44d67..0da09df67 100644 --- a/src/libimcv/plugins/imv_test/imv_test_state.c +++ b/src/libimcv/plugins/imv_test/imv_test_state.c @@ -17,6 +17,8 @@ #include "imv/imv_lang_string.h" #include "imv/imv_reason_string.h" +#include <tncif_policy.h> + #include <utils/lexparser.h> #include <collections/linked_list.h> #include <utils/debug.h> @@ -69,6 +71,11 @@ struct private_imv_test_state_t { chunk_t ar_id_value; /** + * IMV database session associated with TNCCS connection + */ + imv_session_t *session; + + /** * IMV action recommendation */ TNC_IMV_Action_Recommendation rec; @@ -170,6 +177,18 @@ METHOD(imv_state_t, get_ar_id, chunk_t, return this->ar_id_value; } +METHOD(imv_state_t, set_session, void, + private_imv_test_state_t *this, imv_session_t *session) +{ + this->session = session; +} + +METHOD(imv_state_t, get_session, imv_session_t*, + private_imv_test_state_t *this) +{ + return this->session; +} + METHOD(imv_state_t, change_state, void, private_imv_test_state_t *this, TNC_ConnectionState new_state) { @@ -192,6 +211,14 @@ METHOD(imv_state_t, set_recommendation, void, this->eval = eval; } +METHOD(imv_state_t, update_recommendation, void, + private_imv_test_state_t *this, TNC_IMV_Action_Recommendation rec, + TNC_IMV_Evaluation_Result eval) +{ + this->rec = tncif_policy_update_recommendation(this->rec, rec); + this->eval = tncif_policy_update_evaluation(this->eval, eval); +} + METHOD(imv_state_t, get_reason_string, bool, private_imv_test_state_t *this, enumerator_t *language_enumerator, chunk_t *reason_string, char **reason_language) @@ -218,6 +245,7 @@ METHOD(imv_state_t, get_remediation_instructions, bool, METHOD(imv_state_t, destroy, void, private_imv_test_state_t *this) { + DESTROY_IF(this->session); DESTROY_IF(this->reason_string); this->imcs->destroy_function(this->imcs, free); free(this->ar_id_value.ptr); @@ -307,9 +335,12 @@ imv_state_t *imv_test_state_create(TNC_ConnectionID connection_id) .get_max_msg_len = _get_max_msg_len, .set_ar_id = _set_ar_id, .get_ar_id = _get_ar_id, + .set_session = _set_session, + .get_session = _get_session, .change_state = _change_state, .get_recommendation = _get_recommendation, .set_recommendation = _set_recommendation, + .update_recommendation = _update_recommendation, .get_reason_string = _get_reason_string, .get_remediation_instructions = _get_remediation_instructions, .destroy = _destroy, |