b085b85a37f6e49ef10c866d4a14d54bdf45e819
[strongswan.git] / src / libimcv / plugins / imv_os / imv_os.c
1 /*
2 * Copyright (C) 2012 Andreas Steffen
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "imv_os_state.h"
17
18 #include <imv/imv_agent.h>
19 #include <pa_tnc/pa_tnc_msg.h>
20 #include <ietf/ietf_attr.h>
21 #include <ietf/ietf_attr_attr_request.h>
22 #include <ietf/ietf_attr_default_pwd_enabled.h>
23 #include <ietf/ietf_attr_fwd_enabled.h>
24 #include <ietf/ietf_attr_installed_packages.h>
25 #include <ietf/ietf_attr_op_status.h>
26 #include <ietf/ietf_attr_pa_tnc_error.h>
27 #include <ietf/ietf_attr_product_info.h>
28 #include <ietf/ietf_attr_string_version.h>
29 #include <os_info/os_info.h>
30
31 #include <tncif_names.h>
32 #include <tncif_pa_subtypes.h>
33
34 #include <pen/pen.h>
35 #include <utils/linked_list.h>
36 #include <debug.h>
37
38 /* IMV definitions */
39
40 static const char imv_name[] = "OS";
41
42 #define IMV_VENDOR_ID PEN_IETF
43 #define IMV_SUBTYPE PA_SUBTYPE_IETF_OPERATING_SYSTEM
44
45 static imv_agent_t *imv_os;
46
47 /*
48 * see section 3.8.1 of TCG TNC IF-IMV Specification 1.3
49 */
50 TNC_Result TNC_IMV_Initialize(TNC_IMVID imv_id,
51 TNC_Version min_version,
52 TNC_Version max_version,
53 TNC_Version *actual_version)
54 {
55 if (imv_os)
56 {
57 DBG1(DBG_IMV, "IMV \"%s\" has already been initialized", imv_name);
58 return TNC_RESULT_ALREADY_INITIALIZED;
59 }
60 imv_os = imv_agent_create(imv_name, IMV_VENDOR_ID, IMV_SUBTYPE,
61 imv_id, actual_version);
62 if (!imv_os)
63 {
64 return TNC_RESULT_FATAL;
65 }
66 if (min_version > TNC_IFIMV_VERSION_1 || max_version < TNC_IFIMV_VERSION_1)
67 {
68 DBG1(DBG_IMV, "no common IF-IMV version");
69 return TNC_RESULT_NO_COMMON_VERSION;
70 }
71
72 return TNC_RESULT_SUCCESS;
73 }
74
75 /**
76 * see section 3.8.2 of TCG TNC IF-IMV Specification 1.3
77 */
78 TNC_Result TNC_IMV_NotifyConnectionChange(TNC_IMVID imv_id,
79 TNC_ConnectionID connection_id,
80 TNC_ConnectionState new_state)
81 {
82 imv_state_t *state;
83
84 if (!imv_os)
85 {
86 DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name);
87 return TNC_RESULT_NOT_INITIALIZED;
88 }
89 switch (new_state)
90 {
91 case TNC_CONNECTION_STATE_CREATE:
92 state = imv_os_state_create(connection_id);
93 return imv_os->create_state(imv_os, state);
94 case TNC_CONNECTION_STATE_DELETE:
95 return imv_os->delete_state(imv_os, connection_id);
96 default:
97 return imv_os->change_state(imv_os, connection_id,
98 new_state, NULL);
99 }
100 }
101
102 static TNC_Result receive_message(TNC_IMVID imv_id,
103 TNC_ConnectionID connection_id,
104 TNC_UInt32 msg_flags,
105 chunk_t msg,
106 TNC_VendorID msg_vid,
107 TNC_MessageSubtype msg_subtype,
108 TNC_UInt32 src_imc_id,
109 TNC_UInt32 dst_imv_id)
110 {
111 pa_tnc_msg_t *pa_tnc_msg;
112 pa_tnc_attr_t *attr;
113 pen_type_t type;
114 linked_list_t *attr_list;
115 imv_state_t *state;
116 imv_os_state_t *os_state;
117 enumerator_t *enumerator;
118 TNC_Result result;
119 chunk_t os_name = chunk_empty;
120 chunk_t os_version = chunk_empty;
121 bool fatal_error, assessment = FALSE;
122
123 if (!imv_os)
124 {
125 DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name);
126 return TNC_RESULT_NOT_INITIALIZED;
127 }
128
129 /* get current IMV state */
130 if (!imv_os->get_state(imv_os, connection_id, &state))
131 {
132 return TNC_RESULT_FATAL;
133 }
134 os_state = (imv_os_state_t*)state;
135
136 /* parse received PA-TNC message and automatically handle any errors */
137 result = imv_os->receive_message(imv_os, state, msg, msg_vid,
138 msg_subtype, src_imc_id, dst_imv_id, &pa_tnc_msg);
139
140 /* no parsed PA-TNC attributes available if an error occurred */
141 if (!pa_tnc_msg)
142 {
143 return result;
144 }
145
146 /* preprocess any IETF standard error attributes */
147 fatal_error = pa_tnc_msg->process_ietf_std_errors(pa_tnc_msg);
148
149 /* analyze PA-TNC attributes */
150 attr_list = linked_list_create();
151 enumerator = pa_tnc_msg->create_attribute_enumerator(pa_tnc_msg);
152 while (enumerator->enumerate(enumerator, &attr))
153 {
154 type = attr->get_type(attr);
155
156 if (type.vendor_id != PEN_IETF)
157 {
158 continue;
159 }
160 switch (type.type)
161 {
162 case IETF_ATTR_PRODUCT_INFORMATION:
163 {
164 ietf_attr_product_info_t *attr_cast;
165
166 attr_cast = (ietf_attr_product_info_t*)attr;
167 os_name = attr_cast->get_info(attr_cast, NULL, NULL);
168 DBG1(DBG_IMV, "operating system name is '%.*s'",
169 os_name.len, os_name.ptr);
170 break;
171 }
172 case IETF_ATTR_STRING_VERSION:
173 {
174 ietf_attr_string_version_t *attr_cast;
175
176 attr_cast = (ietf_attr_string_version_t*)attr;
177 os_version = attr_cast->get_version(attr_cast, NULL, NULL);
178 if (os_version.len)
179 {
180 DBG1(DBG_IMV, "operating system version is '%.*s'",
181 os_version.len, os_version.ptr);
182 }
183 break;
184 }
185 case IETF_ATTR_OPERATIONAL_STATUS:
186 {
187 ietf_attr_op_status_t *attr_cast;
188 op_status_t op_status;
189 op_result_t op_result;
190 time_t last_boot;
191
192 attr_cast = (ietf_attr_op_status_t*)attr;
193 op_status = attr_cast->get_status(attr_cast);
194 op_result = attr_cast->get_result(attr_cast);
195 last_boot = attr_cast->get_last_use(attr_cast);
196 DBG1(DBG_IMV, "operational status: %N, result: %N",
197 op_status_names, op_status, op_result_names, op_result);
198 DBG1(DBG_IMV, "last boot: %T", &last_boot, TRUE);
199 break;
200 }
201 case IETF_ATTR_FORWARDING_ENABLED:
202 {
203 ietf_attr_fwd_enabled_t *attr_cast;
204 os_fwd_status_t fwd_status;
205
206 attr_cast = (ietf_attr_fwd_enabled_t*)attr;
207 fwd_status = attr_cast->get_status(attr_cast);
208 DBG1(DBG_IMV, "IPv4 forwarding status: %N",
209 os_fwd_status_names, fwd_status);
210 break;
211 }
212 case IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED:
213 {
214 ietf_attr_default_pwd_enabled_t *attr_cast;
215 bool default_pwd_status;
216
217 attr_cast = (ietf_attr_default_pwd_enabled_t*)attr;
218 default_pwd_status = attr_cast->get_status(attr_cast);
219 DBG1(DBG_IMV, "factory default password: %sabled",
220 default_pwd_status ? "en":"dis");
221 break;
222 }
223 case IETF_ATTR_INSTALLED_PACKAGES:
224 {
225 ietf_attr_installed_packages_t *attr_cast;
226 enumerator_t *e;
227 chunk_t name, version;
228
229 attr_cast = (ietf_attr_installed_packages_t*)attr;
230 e = attr_cast->create_enumerator(attr_cast);
231 while (e->enumerate(e, &name, &version))
232 {
233 DBG1(DBG_IMV, "package '%.*s' %.*s", name.len, name.ptr,
234 version.len, version.ptr);
235 }
236 e->destroy(e);
237
238 state->set_recommendation(state,
239 TNC_IMV_ACTION_RECOMMENDATION_ALLOW,
240 TNC_IMV_EVALUATION_RESULT_COMPLIANT);
241 assessment = TRUE;
242 break;
243 }
244 default:
245 break;
246 }
247 }
248 enumerator->destroy(enumerator);
249
250 if (os_name.len && os_version.len)
251 {
252 char *product_info;
253
254 os_state->set_info(os_state, os_name, os_version);
255 product_info = os_state->get_info(os_state);
256
257 if (streq(product_info, "Windows 1.2.3"))
258 {
259 DBG1(DBG_IMV, "OS '%s' is not supported", product_info);
260
261 state->set_recommendation(state,
262 TNC_IMV_ACTION_RECOMMENDATION_ISOLATE,
263 TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR);
264 assessment = TRUE;
265 }
266 else
267 {
268 DBG1(DBG_IMV, "requesting installed packages for '%s'",
269 product_info);
270 attr = ietf_attr_attr_request_create(PEN_IETF,
271 IETF_ATTR_INSTALLED_PACKAGES);
272 attr_list->insert_last(attr_list, attr);
273 }
274 }
275 pa_tnc_msg->destroy(pa_tnc_msg);
276
277 if (fatal_error)
278 {
279 state->set_recommendation(state,
280 TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
281 TNC_IMV_EVALUATION_RESULT_ERROR);
282 assessment = TRUE;
283 }
284
285 if (assessment)
286 {
287 attr_list->destroy_offset(attr_list, offsetof(pa_tnc_attr_t, destroy));
288 return imv_os->provide_recommendation(imv_os, connection_id, src_imc_id);
289 }
290
291 result = imv_os->send_message(imv_os, connection_id, TRUE, imv_id,
292 src_imc_id, attr_list);
293 attr_list->destroy(attr_list);
294
295 return result;
296 }
297
298 /**
299 * see section 3.8.4 of TCG TNC IF-IMV Specification 1.3
300 */
301 TNC_Result TNC_IMV_ReceiveMessage(TNC_IMVID imv_id,
302 TNC_ConnectionID connection_id,
303 TNC_BufferReference msg,
304 TNC_UInt32 msg_len,
305 TNC_MessageType msg_type)
306 {
307 TNC_VendorID msg_vid;
308 TNC_MessageSubtype msg_subtype;
309
310 msg_vid = msg_type >> 8;
311 msg_subtype = msg_type & TNC_SUBTYPE_ANY;
312
313 return receive_message(imv_id, connection_id, 0, chunk_create(msg, msg_len),
314 msg_vid, msg_subtype, 0, TNC_IMVID_ANY);
315 }
316
317 /**
318 * see section 3.8.6 of TCG TNC IF-IMV Specification 1.3
319 */
320 TNC_Result TNC_IMV_ReceiveMessageLong(TNC_IMVID imv_id,
321 TNC_ConnectionID connection_id,
322 TNC_UInt32 msg_flags,
323 TNC_BufferReference msg,
324 TNC_UInt32 msg_len,
325 TNC_VendorID msg_vid,
326 TNC_MessageSubtype msg_subtype,
327 TNC_UInt32 src_imc_id,
328 TNC_UInt32 dst_imv_id)
329 {
330 return receive_message(imv_id, connection_id, msg_flags,
331 chunk_create(msg, msg_len), msg_vid, msg_subtype,
332 src_imc_id, dst_imv_id);
333 }
334
335 /**
336 * see section 3.8.7 of TCG TNC IF-IMV Specification 1.3
337 */
338 TNC_Result TNC_IMV_SolicitRecommendation(TNC_IMVID imv_id,
339 TNC_ConnectionID connection_id)
340 {
341 if (!imv_os)
342 {
343 DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name);
344 return TNC_RESULT_NOT_INITIALIZED;
345 }
346 return imv_os->provide_recommendation(imv_os, connection_id,
347 TNC_IMCID_ANY);
348 }
349
350 /**
351 * see section 3.8.8 of TCG TNC IF-IMV Specification 1.3
352 */
353 TNC_Result TNC_IMV_BatchEnding(TNC_IMVID imv_id,
354 TNC_ConnectionID connection_id)
355 {
356 imv_state_t *state;
357 imv_os_state_t *os_state;
358 TNC_Result result = TNC_RESULT_SUCCESS;
359
360 if (!imv_os)
361 {
362 DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name);
363 return TNC_RESULT_NOT_INITIALIZED;
364 }
365
366 /* get current IMV state */
367 if (!imv_os->get_state(imv_os, connection_id, &state))
368 {
369 return TNC_RESULT_FATAL;
370 }
371 os_state = (imv_os_state_t*)state;
372
373 if (os_state->get_info(os_state) == NULL)
374 {
375 pa_tnc_attr_t *attr;
376 linked_list_t *attr_list;
377 ietf_attr_attr_request_t *attr_cast;
378
379 attr_list = linked_list_create();
380 attr = ietf_attr_attr_request_create(PEN_IETF,
381 IETF_ATTR_PRODUCT_INFORMATION);
382 attr_cast = (ietf_attr_attr_request_t*)attr;
383 attr_cast->add(attr_cast, PEN_IETF, IETF_ATTR_STRING_VERSION);
384 attr_cast->add(attr_cast, PEN_IETF, IETF_ATTR_OPERATIONAL_STATUS);
385 attr_cast->add(attr_cast, PEN_IETF, IETF_ATTR_FORWARDING_ENABLED);
386 attr_cast->add(attr_cast, PEN_IETF, IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED);
387 attr_list->insert_last(attr_list, attr);
388 result = imv_os->send_message(imv_os, connection_id, FALSE, imv_id,
389 TNC_IMCID_ANY, attr_list);
390 attr_list->destroy(attr_list);
391 }
392
393 return result;
394 }
395
396 /**
397 * see section 3.8.9 of TCG TNC IF-IMV Specification 1.3
398 */
399 TNC_Result TNC_IMV_Terminate(TNC_IMVID imv_id)
400 {
401 if (!imv_os)
402 {
403 DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name);
404 return TNC_RESULT_NOT_INITIALIZED;
405 }
406 imv_os->destroy(imv_os);
407 imv_os = NULL;
408
409 return TNC_RESULT_SUCCESS;
410 }
411
412 /**
413 * see section 4.2.8.1 of TCG TNC IF-IMV Specification 1.3
414 */
415 TNC_Result TNC_IMV_ProvideBindFunction(TNC_IMVID imv_id,
416 TNC_TNCS_BindFunctionPointer bind_function)
417 {
418 if (!imv_os)
419 {
420 DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name);
421 return TNC_RESULT_NOT_INITIALIZED;
422 }
423 return imv_os->bind_functions(imv_os, bind_function);
424 }