Annotation of embedaddon/strongswan/src/libimcv/plugins/imv_scanner/imv_scanner_state.c, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2011-2014 Andreas Steffen
! 3: * HSR Hochschule fuer Technik Rapperswil
! 4: *
! 5: * This program is free software; you can redistribute it and/or modify it
! 6: * under the terms of the GNU General Public License as published by the
! 7: * Free Software Foundation; either version 2 of the License, or (at your
! 8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 9: *
! 10: * This program is distributed in the hope that it will be useful, but
! 11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 13: * for more details.
! 14: */
! 15:
! 16: #include "imv_scanner_state.h"
! 17: #include "imv/imv_lang_string.h"
! 18: #include "imv/imv_reason_string.h"
! 19: #include "imv/imv_remediation_string.h"
! 20:
! 21: #include <tncif_policy.h>
! 22:
! 23: #include <utils/lexparser.h>
! 24: #include <utils/debug.h>
! 25:
! 26: typedef struct private_imv_scanner_state_t private_imv_scanner_state_t;
! 27:
! 28: /**
! 29: * Private data of an imv_scanner_state_t object.
! 30: */
! 31: struct private_imv_scanner_state_t {
! 32:
! 33: /**
! 34: * Public members of imv_scanner_state_t
! 35: */
! 36: imv_scanner_state_t public;
! 37:
! 38: /**
! 39: * TNCCS connection ID
! 40: */
! 41: TNC_ConnectionID connection_id;
! 42:
! 43: /**
! 44: * TNCCS connection state
! 45: */
! 46: TNC_ConnectionState state;
! 47:
! 48: /**
! 49: * Does the TNCCS connection support long message types?
! 50: */
! 51: bool has_long;
! 52:
! 53: /**
! 54: * Does the TNCCS connection support exclusive delivery?
! 55: */
! 56: bool has_excl;
! 57:
! 58: /**
! 59: * Maximum PA-TNC message size for this TNCCS connection
! 60: */
! 61: uint32_t max_msg_len;
! 62:
! 63: /**
! 64: * Flags set for completed actions
! 65: */
! 66: uint32_t action_flags;
! 67:
! 68: /**
! 69: * IMV database session associated with TNCCS connection
! 70: */
! 71: imv_session_t *session;
! 72:
! 73: /**
! 74: * PA-TNC attribute segmentation contracts associated with TNCCS connection
! 75: */
! 76: seg_contract_manager_t *contracts;
! 77:
! 78: /**
! 79: * IMV action recommendation
! 80: */
! 81: TNC_IMV_Action_Recommendation rec;
! 82:
! 83: /**
! 84: * IMV evaluation result
! 85: */
! 86: TNC_IMV_Evaluation_Result eval;
! 87:
! 88: /**
! 89: * IMV Scanner handshake state
! 90: */
! 91: imv_scanner_handshake_state_t handshake_state;
! 92:
! 93: /**
! 94: * Copy of the received IEEE Port Filter attribute
! 95: */
! 96: ietf_attr_port_filter_t *port_filter_attr;
! 97:
! 98: /**
! 99: * List with ports that should be closed
! 100: */
! 101: linked_list_t *violating_ports;
! 102:
! 103: /**
! 104: * TNC Reason String
! 105: */
! 106: imv_reason_string_t *reason_string;
! 107:
! 108: /**
! 109: * IETF Remediation Instructions String
! 110: */
! 111: imv_remediation_string_t *remediation_string;
! 112:
! 113: };
! 114:
! 115: /**
! 116: * Supported languages
! 117: */
! 118: static char* languages[] = { "en", "de", "fr", "pl" };
! 119:
! 120: /**
! 121: * Reason strings for "Port Filter"
! 122: */
! 123: static imv_lang_string_t reasons[] = {
! 124: { "en", "Open server ports were detected" },
! 125: { "de", "Offene Serverports wurden festgestellt" },
! 126: { "fr", "Il y a des ports du serveur ouverts" },
! 127: { "pl", "Są otwarte porty serwera" },
! 128: { NULL, NULL }
! 129: };
! 130:
! 131: /**
! 132: * Instruction strings for "Port Filters"
! 133: */
! 134: static imv_lang_string_t instr_ports_title[] = {
! 135: { "en", "Open Server Ports" },
! 136: { "de", "Offene Server Ports" },
! 137: { "fr", "Ports ouverts du serveur" },
! 138: { "pl", "Otwarte Porty Serwera" },
! 139: { NULL, NULL }
! 140: };
! 141:
! 142: static imv_lang_string_t instr_ports_descr[] = {
! 143: { "en", "Open Internet ports have been detected" },
! 144: { "de", "Offenen Internet-Ports wurden festgestellt" },
! 145: { "fr", "Il y'a des ports Internet ouverts" },
! 146: { "pl", "Porty internetowe są otwarte" },
! 147: { NULL, NULL }
! 148: };
! 149:
! 150: static imv_lang_string_t instr_ports_header[] = {
! 151: { "en", "Please close the following server ports:" },
! 152: { "de", "Bitte schliessen Sie die folgenden Serverports:" },
! 153: { "fr", "Fermez les ports du serveur suivants s'il vous plait:" },
! 154: { "pl", "Proszę zamknąć następujące porty serwera:" },
! 155: { NULL, NULL }
! 156: };
! 157:
! 158: METHOD(imv_state_t, get_connection_id, TNC_ConnectionID,
! 159: private_imv_scanner_state_t *this)
! 160: {
! 161: return this->connection_id;
! 162: }
! 163:
! 164: METHOD(imv_state_t, has_long, bool,
! 165: private_imv_scanner_state_t *this)
! 166: {
! 167: return this->has_long;
! 168: }
! 169:
! 170: METHOD(imv_state_t, has_excl, bool,
! 171: private_imv_scanner_state_t *this)
! 172: {
! 173: return this->has_excl;
! 174: }
! 175:
! 176: METHOD(imv_state_t, set_flags, void,
! 177: private_imv_scanner_state_t *this, bool has_long, bool has_excl)
! 178: {
! 179: this->has_long = has_long;
! 180: this->has_excl = has_excl;
! 181: }
! 182:
! 183: METHOD(imv_state_t, set_max_msg_len, void,
! 184: private_imv_scanner_state_t *this, uint32_t max_msg_len)
! 185: {
! 186: this->max_msg_len = max_msg_len;
! 187: }
! 188:
! 189: METHOD(imv_state_t, get_max_msg_len, uint32_t,
! 190: private_imv_scanner_state_t *this)
! 191: {
! 192: return this->max_msg_len;
! 193: }
! 194:
! 195: METHOD(imv_state_t, set_action_flags, void,
! 196: private_imv_scanner_state_t *this, uint32_t flags)
! 197: {
! 198: this->action_flags |= flags;
! 199: }
! 200:
! 201: METHOD(imv_state_t, get_action_flags, uint32_t,
! 202: private_imv_scanner_state_t *this)
! 203: {
! 204: return this->action_flags;
! 205: }
! 206:
! 207: METHOD(imv_state_t, set_session, void,
! 208: private_imv_scanner_state_t *this, imv_session_t *session)
! 209: {
! 210: this->session = session;
! 211: }
! 212:
! 213: METHOD(imv_state_t, get_session, imv_session_t*,
! 214: private_imv_scanner_state_t *this)
! 215: {
! 216: return this->session;
! 217: }
! 218:
! 219: METHOD(imv_state_t, get_contracts, seg_contract_manager_t*,
! 220: private_imv_scanner_state_t *this)
! 221: {
! 222: return this->contracts;
! 223: }
! 224:
! 225: METHOD(imv_state_t, change_state, TNC_ConnectionState,
! 226: private_imv_scanner_state_t *this, TNC_ConnectionState new_state)
! 227: {
! 228: TNC_ConnectionState old_state;
! 229:
! 230: old_state = this->state;
! 231: this->state = new_state;
! 232: return old_state;
! 233: }
! 234:
! 235: METHOD(imv_state_t, get_recommendation, void,
! 236: private_imv_scanner_state_t *this, TNC_IMV_Action_Recommendation *rec,
! 237: TNC_IMV_Evaluation_Result *eval)
! 238: {
! 239: *rec = this->rec;
! 240: *eval = this->eval;
! 241: }
! 242:
! 243: METHOD(imv_state_t, set_recommendation, void,
! 244: private_imv_scanner_state_t *this, TNC_IMV_Action_Recommendation rec,
! 245: TNC_IMV_Evaluation_Result eval)
! 246: {
! 247: this->rec = rec;
! 248: this->eval = eval;
! 249: }
! 250:
! 251: METHOD(imv_state_t, update_recommendation, void,
! 252: private_imv_scanner_state_t *this, TNC_IMV_Action_Recommendation rec,
! 253: TNC_IMV_Evaluation_Result eval)
! 254: {
! 255: this->rec = tncif_policy_update_recommendation(this->rec, rec);
! 256: this->eval = tncif_policy_update_evaluation(this->eval, eval);
! 257: }
! 258:
! 259: METHOD(imv_state_t, get_reason_string, bool,
! 260: private_imv_scanner_state_t *this, enumerator_t *language_enumerator,
! 261: chunk_t *reason_string, char **reason_language)
! 262: {
! 263: if (this->violating_ports->get_count(this->violating_ports) == 0)
! 264: {
! 265: return FALSE;
! 266: }
! 267: *reason_language = imv_lang_string_select_lang(language_enumerator,
! 268: languages, countof(languages));
! 269:
! 270: /* Instantiate a TNC Reason String object */
! 271: DESTROY_IF(this->reason_string);
! 272: this->reason_string = imv_reason_string_create(*reason_language, "\n");
! 273: if (this->rec != TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION)
! 274: {
! 275: this->reason_string->add_reason(this->reason_string, reasons);
! 276: }
! 277: *reason_string = this->reason_string->get_encoding(this->reason_string);
! 278:
! 279: return TRUE;
! 280: }
! 281:
! 282: METHOD(imv_state_t, get_remediation_instructions, bool,
! 283: private_imv_scanner_state_t *this, enumerator_t *language_enumerator,
! 284: chunk_t *string, char **lang_code, char **uri)
! 285: {
! 286: if (this->violating_ports->get_count(this->violating_ports) == 0)
! 287: {
! 288: return FALSE;
! 289: }
! 290: *lang_code = imv_lang_string_select_lang(language_enumerator,
! 291: languages, countof(languages));
! 292:
! 293: /* Instantiate an IETF Remediation Instructions String object */
! 294: DESTROY_IF(this->remediation_string);
! 295: this->remediation_string = imv_remediation_string_create(
! 296: TRUE, *lang_code); /* TODO get os_type */
! 297:
! 298: this->remediation_string->add_instruction(this->remediation_string,
! 299: instr_ports_title,
! 300: instr_ports_descr,
! 301: instr_ports_header,
! 302: this->violating_ports);
! 303: *string = this->remediation_string->get_encoding(this->remediation_string);
! 304: *uri = lib->settings->get_str(lib->settings,
! 305: "%s.plugins.imv-scanner.remediation_uri", NULL, lib->ns);
! 306:
! 307: return TRUE;
! 308: }
! 309:
! 310: METHOD(imv_state_t, reset, void,
! 311: private_imv_scanner_state_t *this)
! 312: {
! 313: DESTROY_IF(this->reason_string);
! 314: DESTROY_IF(this->remediation_string);
! 315: this->reason_string = NULL;
! 316: this->remediation_string = NULL;
! 317: this->rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION;
! 318: this->eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
! 319:
! 320: this->action_flags = 0;
! 321:
! 322: this->handshake_state = IMV_SCANNER_STATE_INIT;
! 323:
! 324: DESTROY_IF(&this->port_filter_attr->pa_tnc_attribute);
! 325: this->port_filter_attr = NULL;
! 326: this->violating_ports->destroy_function(this->violating_ports, free);
! 327: this->violating_ports = linked_list_create();
! 328: }
! 329:
! 330: METHOD(imv_state_t, destroy, void,
! 331: private_imv_scanner_state_t *this)
! 332: {
! 333: DESTROY_IF(this->session);
! 334: DESTROY_IF(this->reason_string);
! 335: DESTROY_IF(this->remediation_string);
! 336: DESTROY_IF(&this->port_filter_attr->pa_tnc_attribute);
! 337: this->contracts->destroy(this->contracts);
! 338: this->violating_ports->destroy_function(this->violating_ports, free);
! 339: free(this);
! 340: }
! 341:
! 342: METHOD(imv_scanner_state_t, set_handshake_state, void,
! 343: private_imv_scanner_state_t *this, imv_scanner_handshake_state_t new_state)
! 344: {
! 345: this->handshake_state = new_state;
! 346: }
! 347:
! 348: METHOD(imv_scanner_state_t, get_handshake_state, imv_scanner_handshake_state_t,
! 349: private_imv_scanner_state_t *this)
! 350: {
! 351: return this->handshake_state;
! 352: }
! 353:
! 354: METHOD(imv_scanner_state_t, set_port_filter_attr, void,
! 355: private_imv_scanner_state_t *this, ietf_attr_port_filter_t *attr)
! 356: {
! 357: DESTROY_IF(&this->port_filter_attr->pa_tnc_attribute);
! 358: this->port_filter_attr = attr;
! 359: }
! 360:
! 361: METHOD(imv_scanner_state_t, get_port_filter_attr, ietf_attr_port_filter_t*,
! 362: private_imv_scanner_state_t *this)
! 363: {
! 364: return this->port_filter_attr;
! 365: }
! 366:
! 367: METHOD(imv_scanner_state_t, add_violating_port, void,
! 368: private_imv_scanner_state_t *this, char *port)
! 369: {
! 370: this->violating_ports->insert_last(this->violating_ports, port);
! 371: }
! 372:
! 373: /**
! 374: * Described in header.
! 375: */
! 376: imv_state_t *imv_scanner_state_create(TNC_ConnectionID connection_id)
! 377: {
! 378: private_imv_scanner_state_t *this;
! 379:
! 380: INIT(this,
! 381: .public = {
! 382: .interface = {
! 383: .get_connection_id = _get_connection_id,
! 384: .has_long = _has_long,
! 385: .has_excl = _has_excl,
! 386: .set_flags = _set_flags,
! 387: .set_max_msg_len = _set_max_msg_len,
! 388: .get_max_msg_len = _get_max_msg_len,
! 389: .set_action_flags = _set_action_flags,
! 390: .get_action_flags = _get_action_flags,
! 391: .set_session = _set_session,
! 392: .get_session= _get_session,
! 393: .get_contracts = _get_contracts,
! 394: .change_state = _change_state,
! 395: .get_recommendation = _get_recommendation,
! 396: .set_recommendation = _set_recommendation,
! 397: .update_recommendation = _update_recommendation,
! 398: .get_reason_string = _get_reason_string,
! 399: .get_remediation_instructions = _get_remediation_instructions,
! 400: .reset = _reset,
! 401: .destroy = _destroy,
! 402: },
! 403: .set_handshake_state = _set_handshake_state,
! 404: .get_handshake_state = _get_handshake_state,
! 405: .set_port_filter_attr = _set_port_filter_attr,
! 406: .get_port_filter_attr = _get_port_filter_attr,
! 407: .add_violating_port = _add_violating_port,
! 408: },
! 409: .state = TNC_CONNECTION_STATE_CREATE,
! 410: .rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
! 411: .eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
! 412: .connection_id = connection_id,
! 413: .contracts = seg_contract_manager_create(),
! 414: .violating_ports = linked_list_create(),
! 415: );
! 416:
! 417: return &this->public.interface;
! 418: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>