Annotation of embedaddon/strongswan/src/libimcv/plugins/imv_scanner/imv_scanner_state.c, revision 1.1.1.1
1.1 misho 1: /*
2: * Copyright (C) 2011-2014 Andreas Steffen
3: * HSR Hochschule fuer Technik Rapperswil
4: *
5: * This program is free software; you can redistribute it and/or modify it
6: * under the terms of the GNU General Public License as published by the
7: * Free Software Foundation; either version 2 of the License, or (at your
8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9: *
10: * This program is distributed in the hope that it will be useful, but
11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13: * for more details.
14: */
15:
16: #include "imv_scanner_state.h"
17: #include "imv/imv_lang_string.h"
18: #include "imv/imv_reason_string.h"
19: #include "imv/imv_remediation_string.h"
20:
21: #include <tncif_policy.h>
22:
23: #include <utils/lexparser.h>
24: #include <utils/debug.h>
25:
26: typedef struct private_imv_scanner_state_t private_imv_scanner_state_t;
27:
28: /**
29: * Private data of an imv_scanner_state_t object.
30: */
31: struct private_imv_scanner_state_t {
32:
33: /**
34: * Public members of imv_scanner_state_t
35: */
36: imv_scanner_state_t public;
37:
38: /**
39: * TNCCS connection ID
40: */
41: TNC_ConnectionID connection_id;
42:
43: /**
44: * TNCCS connection state
45: */
46: TNC_ConnectionState state;
47:
48: /**
49: * Does the TNCCS connection support long message types?
50: */
51: bool has_long;
52:
53: /**
54: * Does the TNCCS connection support exclusive delivery?
55: */
56: bool has_excl;
57:
58: /**
59: * Maximum PA-TNC message size for this TNCCS connection
60: */
61: uint32_t max_msg_len;
62:
63: /**
64: * Flags set for completed actions
65: */
66: uint32_t action_flags;
67:
68: /**
69: * IMV database session associated with TNCCS connection
70: */
71: imv_session_t *session;
72:
73: /**
74: * PA-TNC attribute segmentation contracts associated with TNCCS connection
75: */
76: seg_contract_manager_t *contracts;
77:
78: /**
79: * IMV action recommendation
80: */
81: TNC_IMV_Action_Recommendation rec;
82:
83: /**
84: * IMV evaluation result
85: */
86: TNC_IMV_Evaluation_Result eval;
87:
88: /**
89: * IMV Scanner handshake state
90: */
91: imv_scanner_handshake_state_t handshake_state;
92:
93: /**
94: * Copy of the received IEEE Port Filter attribute
95: */
96: ietf_attr_port_filter_t *port_filter_attr;
97:
98: /**
99: * List with ports that should be closed
100: */
101: linked_list_t *violating_ports;
102:
103: /**
104: * TNC Reason String
105: */
106: imv_reason_string_t *reason_string;
107:
108: /**
109: * IETF Remediation Instructions String
110: */
111: imv_remediation_string_t *remediation_string;
112:
113: };
114:
115: /**
116: * Supported languages
117: */
118: static char* languages[] = { "en", "de", "fr", "pl" };
119:
120: /**
121: * Reason strings for "Port Filter"
122: */
123: static imv_lang_string_t reasons[] = {
124: { "en", "Open server ports were detected" },
125: { "de", "Offene Serverports wurden festgestellt" },
126: { "fr", "Il y a des ports du serveur ouverts" },
127: { "pl", "Są otwarte porty serwera" },
128: { NULL, NULL }
129: };
130:
131: /**
132: * Instruction strings for "Port Filters"
133: */
134: static imv_lang_string_t instr_ports_title[] = {
135: { "en", "Open Server Ports" },
136: { "de", "Offene Server Ports" },
137: { "fr", "Ports ouverts du serveur" },
138: { "pl", "Otwarte Porty Serwera" },
139: { NULL, NULL }
140: };
141:
142: static imv_lang_string_t instr_ports_descr[] = {
143: { "en", "Open Internet ports have been detected" },
144: { "de", "Offenen Internet-Ports wurden festgestellt" },
145: { "fr", "Il y'a des ports Internet ouverts" },
146: { "pl", "Porty internetowe są otwarte" },
147: { NULL, NULL }
148: };
149:
150: static imv_lang_string_t instr_ports_header[] = {
151: { "en", "Please close the following server ports:" },
152: { "de", "Bitte schliessen Sie die folgenden Serverports:" },
153: { "fr", "Fermez les ports du serveur suivants s'il vous plait:" },
154: { "pl", "Proszę zamknąć następujące porty serwera:" },
155: { NULL, NULL }
156: };
157:
158: METHOD(imv_state_t, get_connection_id, TNC_ConnectionID,
159: private_imv_scanner_state_t *this)
160: {
161: return this->connection_id;
162: }
163:
164: METHOD(imv_state_t, has_long, bool,
165: private_imv_scanner_state_t *this)
166: {
167: return this->has_long;
168: }
169:
170: METHOD(imv_state_t, has_excl, bool,
171: private_imv_scanner_state_t *this)
172: {
173: return this->has_excl;
174: }
175:
176: METHOD(imv_state_t, set_flags, void,
177: private_imv_scanner_state_t *this, bool has_long, bool has_excl)
178: {
179: this->has_long = has_long;
180: this->has_excl = has_excl;
181: }
182:
183: METHOD(imv_state_t, set_max_msg_len, void,
184: private_imv_scanner_state_t *this, uint32_t max_msg_len)
185: {
186: this->max_msg_len = max_msg_len;
187: }
188:
189: METHOD(imv_state_t, get_max_msg_len, uint32_t,
190: private_imv_scanner_state_t *this)
191: {
192: return this->max_msg_len;
193: }
194:
195: METHOD(imv_state_t, set_action_flags, void,
196: private_imv_scanner_state_t *this, uint32_t flags)
197: {
198: this->action_flags |= flags;
199: }
200:
201: METHOD(imv_state_t, get_action_flags, uint32_t,
202: private_imv_scanner_state_t *this)
203: {
204: return this->action_flags;
205: }
206:
207: METHOD(imv_state_t, set_session, void,
208: private_imv_scanner_state_t *this, imv_session_t *session)
209: {
210: this->session = session;
211: }
212:
213: METHOD(imv_state_t, get_session, imv_session_t*,
214: private_imv_scanner_state_t *this)
215: {
216: return this->session;
217: }
218:
219: METHOD(imv_state_t, get_contracts, seg_contract_manager_t*,
220: private_imv_scanner_state_t *this)
221: {
222: return this->contracts;
223: }
224:
225: METHOD(imv_state_t, change_state, TNC_ConnectionState,
226: private_imv_scanner_state_t *this, TNC_ConnectionState new_state)
227: {
228: TNC_ConnectionState old_state;
229:
230: old_state = this->state;
231: this->state = new_state;
232: return old_state;
233: }
234:
235: METHOD(imv_state_t, get_recommendation, void,
236: private_imv_scanner_state_t *this, TNC_IMV_Action_Recommendation *rec,
237: TNC_IMV_Evaluation_Result *eval)
238: {
239: *rec = this->rec;
240: *eval = this->eval;
241: }
242:
243: METHOD(imv_state_t, set_recommendation, void,
244: private_imv_scanner_state_t *this, TNC_IMV_Action_Recommendation rec,
245: TNC_IMV_Evaluation_Result eval)
246: {
247: this->rec = rec;
248: this->eval = eval;
249: }
250:
251: METHOD(imv_state_t, update_recommendation, void,
252: private_imv_scanner_state_t *this, TNC_IMV_Action_Recommendation rec,
253: TNC_IMV_Evaluation_Result eval)
254: {
255: this->rec = tncif_policy_update_recommendation(this->rec, rec);
256: this->eval = tncif_policy_update_evaluation(this->eval, eval);
257: }
258:
259: METHOD(imv_state_t, get_reason_string, bool,
260: private_imv_scanner_state_t *this, enumerator_t *language_enumerator,
261: chunk_t *reason_string, char **reason_language)
262: {
263: if (this->violating_ports->get_count(this->violating_ports) == 0)
264: {
265: return FALSE;
266: }
267: *reason_language = imv_lang_string_select_lang(language_enumerator,
268: languages, countof(languages));
269:
270: /* Instantiate a TNC Reason String object */
271: DESTROY_IF(this->reason_string);
272: this->reason_string = imv_reason_string_create(*reason_language, "\n");
273: if (this->rec != TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION)
274: {
275: this->reason_string->add_reason(this->reason_string, reasons);
276: }
277: *reason_string = this->reason_string->get_encoding(this->reason_string);
278:
279: return TRUE;
280: }
281:
282: METHOD(imv_state_t, get_remediation_instructions, bool,
283: private_imv_scanner_state_t *this, enumerator_t *language_enumerator,
284: chunk_t *string, char **lang_code, char **uri)
285: {
286: if (this->violating_ports->get_count(this->violating_ports) == 0)
287: {
288: return FALSE;
289: }
290: *lang_code = imv_lang_string_select_lang(language_enumerator,
291: languages, countof(languages));
292:
293: /* Instantiate an IETF Remediation Instructions String object */
294: DESTROY_IF(this->remediation_string);
295: this->remediation_string = imv_remediation_string_create(
296: TRUE, *lang_code); /* TODO get os_type */
297:
298: this->remediation_string->add_instruction(this->remediation_string,
299: instr_ports_title,
300: instr_ports_descr,
301: instr_ports_header,
302: this->violating_ports);
303: *string = this->remediation_string->get_encoding(this->remediation_string);
304: *uri = lib->settings->get_str(lib->settings,
305: "%s.plugins.imv-scanner.remediation_uri", NULL, lib->ns);
306:
307: return TRUE;
308: }
309:
310: METHOD(imv_state_t, reset, void,
311: private_imv_scanner_state_t *this)
312: {
313: DESTROY_IF(this->reason_string);
314: DESTROY_IF(this->remediation_string);
315: this->reason_string = NULL;
316: this->remediation_string = NULL;
317: this->rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION;
318: this->eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
319:
320: this->action_flags = 0;
321:
322: this->handshake_state = IMV_SCANNER_STATE_INIT;
323:
324: DESTROY_IF(&this->port_filter_attr->pa_tnc_attribute);
325: this->port_filter_attr = NULL;
326: this->violating_ports->destroy_function(this->violating_ports, free);
327: this->violating_ports = linked_list_create();
328: }
329:
330: METHOD(imv_state_t, destroy, void,
331: private_imv_scanner_state_t *this)
332: {
333: DESTROY_IF(this->session);
334: DESTROY_IF(this->reason_string);
335: DESTROY_IF(this->remediation_string);
336: DESTROY_IF(&this->port_filter_attr->pa_tnc_attribute);
337: this->contracts->destroy(this->contracts);
338: this->violating_ports->destroy_function(this->violating_ports, free);
339: free(this);
340: }
341:
342: METHOD(imv_scanner_state_t, set_handshake_state, void,
343: private_imv_scanner_state_t *this, imv_scanner_handshake_state_t new_state)
344: {
345: this->handshake_state = new_state;
346: }
347:
348: METHOD(imv_scanner_state_t, get_handshake_state, imv_scanner_handshake_state_t,
349: private_imv_scanner_state_t *this)
350: {
351: return this->handshake_state;
352: }
353:
354: METHOD(imv_scanner_state_t, set_port_filter_attr, void,
355: private_imv_scanner_state_t *this, ietf_attr_port_filter_t *attr)
356: {
357: DESTROY_IF(&this->port_filter_attr->pa_tnc_attribute);
358: this->port_filter_attr = attr;
359: }
360:
361: METHOD(imv_scanner_state_t, get_port_filter_attr, ietf_attr_port_filter_t*,
362: private_imv_scanner_state_t *this)
363: {
364: return this->port_filter_attr;
365: }
366:
367: METHOD(imv_scanner_state_t, add_violating_port, void,
368: private_imv_scanner_state_t *this, char *port)
369: {
370: this->violating_ports->insert_last(this->violating_ports, port);
371: }
372:
373: /**
374: * Described in header.
375: */
376: imv_state_t *imv_scanner_state_create(TNC_ConnectionID connection_id)
377: {
378: private_imv_scanner_state_t *this;
379:
380: INIT(this,
381: .public = {
382: .interface = {
383: .get_connection_id = _get_connection_id,
384: .has_long = _has_long,
385: .has_excl = _has_excl,
386: .set_flags = _set_flags,
387: .set_max_msg_len = _set_max_msg_len,
388: .get_max_msg_len = _get_max_msg_len,
389: .set_action_flags = _set_action_flags,
390: .get_action_flags = _get_action_flags,
391: .set_session = _set_session,
392: .get_session= _get_session,
393: .get_contracts = _get_contracts,
394: .change_state = _change_state,
395: .get_recommendation = _get_recommendation,
396: .set_recommendation = _set_recommendation,
397: .update_recommendation = _update_recommendation,
398: .get_reason_string = _get_reason_string,
399: .get_remediation_instructions = _get_remediation_instructions,
400: .reset = _reset,
401: .destroy = _destroy,
402: },
403: .set_handshake_state = _set_handshake_state,
404: .get_handshake_state = _get_handshake_state,
405: .set_port_filter_attr = _set_port_filter_attr,
406: .get_port_filter_attr = _get_port_filter_attr,
407: .add_violating_port = _add_violating_port,
408: },
409: .state = TNC_CONNECTION_STATE_CREATE,
410: .rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
411: .eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
412: .connection_id = connection_id,
413: .contracts = seg_contract_manager_create(),
414: .violating_ports = linked_list_create(),
415: );
416:
417: return &this->public.interface;
418: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>