7796a47b3ec7df4c4a4841c54eb50e7d66dc06cf
[strongswan.git] / src / libimcv / plugins / imv_os / imv_os_state.c
1 /*
2 * Copyright (C) 2012 Andreas Steffen
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "imv_os_state.h"
17
18 #include <utils/debug.h>
19 #include <collections/linked_list.h>
20
21 typedef struct private_imv_os_state_t private_imv_os_state_t;
22 typedef struct package_entry_t package_entry_t;
23 typedef struct reason_entry_t reason_entry_t;
24 typedef struct instruction_entry_t instruction_entry_t;
25
26 /**
27 * Private data of an imv_os_state_t object.
28 */
29 struct private_imv_os_state_t {
30
31 /**
32 * Public members of imv_os_state_t
33 */
34 imv_os_state_t public;
35
36 /**
37 * TNCCS connection ID
38 */
39 TNC_ConnectionID connection_id;
40
41 /**
42 * TNCCS connection state
43 */
44 TNC_ConnectionState state;
45
46 /**
47 * Does the TNCCS connection support long message types?
48 */
49 bool has_long;
50
51 /**
52 * Does the TNCCS connection support exclusive delivery?
53 */
54 bool has_excl;
55
56 /**
57 * Maximum PA-TNC message size for this TNCCS connection
58 */
59 u_int32_t max_msg_len;
60
61 /**
62 * IMV action recommendation
63 */
64 TNC_IMV_Action_Recommendation rec;
65
66 /**
67 * IMV evaluation result
68 */
69 TNC_IMV_Evaluation_Result eval;
70
71 /**
72 * OS Product Information (concatenation of OS Name and Version)
73 */
74 char *info;
75
76 /**
77 * OS Type
78 */
79 os_type_t type;
80
81 /**
82 * OS Name
83 */
84 chunk_t name;
85
86 /**
87 * OS Version
88 */
89 chunk_t version;
90
91 /**
92 * List of vulnerable or blacklisted packages
93 */
94 linked_list_t *bad_packages;
95
96 /**
97 * Local copy of the remediation instruction string
98 */
99 char *instructions;
100
101 /**
102 * Number of processed packages
103 */
104 int count;
105
106 /**
107 * Number of not updated packages
108 */
109 int count_update;
110
111 /**
112 * Number of blacklisted packages
113 */
114 int count_blacklist;
115
116 /**
117 * Number of whitelisted packages
118 */
119 int count_ok;
120
121 /**
122 * OS Installed Package request sent - mandatory response expected
123 */
124 bool package_request;
125
126 /**
127 * Angel count
128 */
129 int angel_count;
130
131 };
132
133 /**
134 * Store a bad package entry
135 */
136 struct package_entry_t {
137 char *name;
138 os_package_state_t state;
139 };
140
141 /**
142 * Free a bad package entry
143 */
144 static void free_package_entry(package_entry_t *this)
145 {
146 free(this->name);
147 free(this);
148 }
149
150 /**
151 * Define an internal reason string entry
152 */
153 struct reason_entry_t {
154 char *lang;
155 char *string;
156 };
157
158 /**
159 * Table of multi-lingual reason string entries
160 */
161 static reason_entry_t reasons[] = {
162 { "en", "Vulnerable or blacklisted software packages were found" },
163 { "de", "Schwachstellenbehaftete oder gesperrte Softwarepakete wurden gefunden" },
164 };
165
166 /**
167 * Define a remediation instruction string entry
168 */
169 struct instruction_entry_t {
170 char *lang;
171 char *update_string;
172 char *removal_string;
173 };
174
175 /**
176 * Tables of multi-lingual remediation instruction string entries
177 */
178 static instruction_entry_t instructions [] = {
179 { "en", "Please update the following software packages:\n",
180 "Please remove the following software packages:\n" },
181 { "de", "Bitte updaten Sie die folgenden Softwarepakete\n",
182 "Bitte entfernen Sie die folgenden Softwarepakete\n" },
183 { "pl", "Proszę zaktualizować następujące pakiety:\n",
184 "Proszę usunąć następujące pakiety:\n" }
185 };
186
187 METHOD(imv_state_t, get_connection_id, TNC_ConnectionID,
188 private_imv_os_state_t *this)
189 {
190 return this->connection_id;
191 }
192
193 METHOD(imv_state_t, has_long, bool,
194 private_imv_os_state_t *this)
195 {
196 return this->has_long;
197 }
198
199 METHOD(imv_state_t, has_excl, bool,
200 private_imv_os_state_t *this)
201 {
202 return this->has_excl;
203 }
204
205 METHOD(imv_state_t, set_flags, void,
206 private_imv_os_state_t *this, bool has_long, bool has_excl)
207 {
208 this->has_long = has_long;
209 this->has_excl = has_excl;
210 }
211
212 METHOD(imv_state_t, set_max_msg_len, void,
213 private_imv_os_state_t *this, u_int32_t max_msg_len)
214 {
215 this->max_msg_len = max_msg_len;
216 }
217
218 METHOD(imv_state_t, get_max_msg_len, u_int32_t,
219 private_imv_os_state_t *this)
220 {
221 return this->max_msg_len;
222 }
223
224 METHOD(imv_state_t, change_state, void,
225 private_imv_os_state_t *this, TNC_ConnectionState new_state)
226 {
227 this->state = new_state;
228 }
229
230 METHOD(imv_state_t, get_recommendation, void,
231 private_imv_os_state_t *this, TNC_IMV_Action_Recommendation *rec,
232 TNC_IMV_Evaluation_Result *eval)
233 {
234 *rec = this->rec;
235 *eval = this->eval;
236 }
237
238 METHOD(imv_state_t, set_recommendation, void,
239 private_imv_os_state_t *this, TNC_IMV_Action_Recommendation rec,
240 TNC_IMV_Evaluation_Result eval)
241 {
242 this->rec = rec;
243 this->eval = eval;
244 }
245
246 METHOD(imv_state_t, get_reason_string, bool,
247 private_imv_os_state_t *this, enumerator_t *language_enumerator,
248 char **reason_string, char **reason_language)
249 {
250 bool match = FALSE;
251 char *lang;
252 int i;
253
254 if (!this->count_update && !this->count_blacklist)
255 {
256 return FALSE;
257 }
258
259 /* set the default language */
260 *reason_language = reasons[0].lang;
261 *reason_string = reasons[0].string;
262
263 while (language_enumerator->enumerate(language_enumerator, &lang))
264 {
265 for (i = 0; i < countof(reasons); i++)
266 {
267 if (streq(lang, reasons[i].lang))
268 {
269 match = TRUE;
270 *reason_language = reasons[i].lang;
271 *reason_string = reasons[i].string;
272 break;
273 }
274 }
275 if (match)
276 {
277 break;
278 }
279 }
280
281 return TRUE;
282
283 }
284
285 METHOD(imv_state_t, get_remediation_instructions, bool,
286 private_imv_os_state_t *this, enumerator_t *language_enumerator,
287 char **string, char **lang_code, char **uri)
288 {
289 bool match = FALSE;
290 char *lang, *pos;
291 enumerator_t *enumerator;
292 package_entry_t *entry;
293 int i, i_chosen = 0, len = 0;
294
295 if (!this->count_update && !this->count_blacklist)
296 {
297 return FALSE;
298 }
299
300 while (language_enumerator->enumerate(language_enumerator, &lang))
301 {
302 for (i = 0; i < countof(instructions); i++)
303 {
304 if (streq(lang, instructions[i].lang))
305 {
306 match = TRUE;
307 i_chosen = i;
308 break;
309 }
310 }
311 if (match)
312 {
313 break;
314 }
315 }
316 *lang_code = instructions[i_chosen].lang;
317
318 /* Compute the size of the remediation string */
319 if (this->count_update)
320 {
321 len += strlen(instructions[i_chosen].update_string);
322 }
323 if (this->count_blacklist)
324 {
325 len += strlen(instructions[i_chosen].removal_string);
326 }
327
328 enumerator = this->bad_packages->create_enumerator(this->bad_packages);
329 while (enumerator->enumerate(enumerator, &entry))
330 {
331 len += strlen(entry->name) + 1;
332 }
333 enumerator->destroy(enumerator);
334
335 /* Allocate memory for the remediation instructions */
336 pos = this->instructions = malloc(len + 1);
337
338 /* List of blacklisted packages, if any */
339 if (this->count_blacklist)
340 {
341 strcpy(pos, instructions[i_chosen].removal_string);
342 pos += strlen(instructions[i_chosen].removal_string);
343
344 enumerator = this->bad_packages->create_enumerator(this->bad_packages);
345 while (enumerator->enumerate(enumerator, &entry))
346 {
347 if (entry->state == OS_PACKAGE_STATE_BLACKLIST)
348 {
349 strcpy(pos, entry->name);
350 pos += strlen(entry->name);
351 *pos++ = '\n';
352 }
353 }
354 enumerator->destroy(enumerator);
355 }
356
357 /* List of packages in need of an update, if any */
358 if (this->count_update)
359 {
360 strcpy(pos, instructions[i_chosen].update_string);
361 pos += strlen(instructions[i_chosen].update_string);
362
363 enumerator = this->bad_packages->create_enumerator(this->bad_packages);
364 while (enumerator->enumerate(enumerator, &entry))
365 {
366 if (entry->state != OS_PACKAGE_STATE_BLACKLIST)
367 {
368 strcpy(pos, entry->name);
369 pos += strlen(entry->name);
370 *pos++ = '\n';
371 }
372 }
373 enumerator->destroy(enumerator);
374 }
375
376 *pos = '\0';
377 *string = this->instructions;
378 *uri = lib->settings->get_str(lib->settings,
379 "libimcv.plugins.imv-os.remediation_uri", NULL);
380
381 return TRUE;
382 }
383
384 METHOD(imv_state_t, destroy, void,
385 private_imv_os_state_t *this)
386 {
387 this->bad_packages->destroy_function(this->bad_packages,
388 (void*)free_package_entry);
389 free(this->instructions);
390 free(this->info);
391 free(this->name.ptr);
392 free(this->version.ptr);
393 free(this);
394 }
395
396 METHOD(imv_os_state_t, set_info, void,
397 private_imv_os_state_t *this, os_type_t type, chunk_t name, chunk_t version)
398 {
399 int len = name.len + 1 + version.len + 1;
400
401 /* OS info is a concatenation of OS name and OS version */
402 free(this->info);
403 this->info = malloc(len);
404 snprintf(this->info, len, "%.*s %.*s", name.len, name.ptr,
405 version.len, version.ptr);
406 this->type = type;
407 this->name = chunk_clone(name);
408 this->version = chunk_clone(version);
409 }
410
411 METHOD(imv_os_state_t, get_info, char*,
412 private_imv_os_state_t *this, os_type_t *type, chunk_t *name,
413 chunk_t *version)
414 {
415 if (type)
416 {
417 *type = this->type;
418 }
419 if (name)
420 {
421 *name = this->name;
422 }
423 if (version)
424 {
425 *version = this->version;
426 }
427 return this->info;
428 }
429
430 METHOD(imv_os_state_t, set_count, void,
431 private_imv_os_state_t *this, int count, int count_update,
432 int count_blacklist, int count_ok)
433 {
434 this->count += count;
435 this->count_update += count_update;
436 this->count_blacklist += count_blacklist;
437 this->count_ok += count_ok;
438 }
439
440 METHOD(imv_os_state_t, get_count, void,
441 private_imv_os_state_t *this, int *count, int *count_update,
442 int *count_blacklist, int *count_ok)
443 {
444 if (count)
445 {
446 *count = this->count;
447 }
448 if (count_update)
449 {
450 *count_update = this->count_update;
451 }
452 if (count_blacklist)
453 {
454 *count_blacklist = this->count_blacklist;
455 }
456 if (count_ok)
457 {
458 *count_ok = this->count_ok;
459 }
460 }
461
462 METHOD(imv_os_state_t, set_package_request, void,
463 private_imv_os_state_t *this, bool set)
464 {
465 this->package_request = set;
466 }
467
468 METHOD(imv_os_state_t, get_package_request, bool,
469 private_imv_os_state_t *this)
470 {
471 return this->package_request;
472 }
473
474 METHOD(imv_os_state_t, set_angel_count, void,
475 private_imv_os_state_t *this, bool start)
476 {
477 this->angel_count += start ? 1 : -1;
478 }
479
480 METHOD(imv_os_state_t, get_angel_count, int,
481 private_imv_os_state_t *this)
482 {
483 return this->angel_count;
484 }
485
486 METHOD(imv_os_state_t, add_bad_package, void,
487 private_imv_os_state_t *this, char *package,
488 os_package_state_t package_state)
489 {
490 package_entry_t *entry;
491
492 entry = malloc_thing(package_entry_t);
493 entry->name = strdup(package);
494 entry->state = package_state;
495 this->bad_packages->insert_last(this->bad_packages, entry);
496 }
497
498 /**
499 * Described in header.
500 */
501 imv_state_t *imv_os_state_create(TNC_ConnectionID connection_id)
502 {
503 private_imv_os_state_t *this;
504
505 INIT(this,
506 .public = {
507 .interface = {
508 .get_connection_id = _get_connection_id,
509 .has_long = _has_long,
510 .has_excl = _has_excl,
511 .set_flags = _set_flags,
512 .set_max_msg_len = _set_max_msg_len,
513 .get_max_msg_len = _get_max_msg_len,
514 .change_state = _change_state,
515 .get_recommendation = _get_recommendation,
516 .set_recommendation = _set_recommendation,
517 .get_reason_string = _get_reason_string,
518 .get_remediation_instructions = _get_remediation_instructions,
519 .destroy = _destroy,
520 },
521 .set_info = _set_info,
522 .get_info = _get_info,
523 .set_count = _set_count,
524 .get_count = _get_count,
525 .set_package_request = _set_package_request,
526 .get_package_request = _get_package_request,
527 .set_angel_count = _set_angel_count,
528 .get_angel_count = _get_angel_count,
529 .add_bad_package = _add_bad_package,
530 },
531 .state = TNC_CONNECTION_STATE_CREATE,
532 .rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
533 .eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
534 .connection_id = connection_id,
535 .bad_packages = linked_list_create(),
536 );
537
538 return &this->public.interface;
539 }
540
541