projects / strongswan.git / blob
? search:


44f07533bfa9880bbc1f30a3d210f84bd30569fc
[strongswan.git] / src / libimcv / plugins / imv_scanner / imv_scanner_state.c
1 /*
2 * Copyright (C) 2011-2012 Andreas Steffen
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "imv_scanner_state.h"
17
18 #include <utils/lexparser.h>
19 #include <utils/debug.h>
20
21 typedef struct private_imv_scanner_state_t private_imv_scanner_state_t;
22
23 /**
24 * Private data of an imv_scanner_state_t object.
25 */
26 struct private_imv_scanner_state_t {
27
28 /**
29 * Public members of imv_scanner_state_t
30 */
31 imv_scanner_state_t public;
32
33 /**
34 * TNCCS connection ID
35 */
36 TNC_ConnectionID connection_id;
37
38 /**
39 * TNCCS connection state
40 */
41 TNC_ConnectionState state;
42
43 /**
44 * Does the TNCCS connection support long message types?
45 */
46 bool has_long;
47
48 /**
49 * Does the TNCCS connection support exclusive delivery?
50 */
51 bool has_excl;
52
53 /**
54 * Maximum PA-TNC message size for this TNCCS connection
55 */
56 u_int32_t max_msg_len;
57
58 /**
59 * IMV action recommendation
60 */
61 TNC_IMV_Action_Recommendation rec;
62
63 /**
64 * IMV evaluation result
65 */
66 TNC_IMV_Evaluation_Result eval;
67
68 /**
69 * String with list of ports that should be closed
70 */
71 char *violating_ports;
72
73 /**
74 * Local copy of the remediation instruction string
75 */
76 char *instructions;
77 };
78
79 typedef struct entry_t entry_t;
80
81 /**
82 * Define an internal reason string entry
83 */
84 struct entry_t {
85 char *lang;
86 char *string;
87 };
88
89 /**
90 * Table of multi-lingual reason string entries
91 */
92 static entry_t reasons[] = {
93 { "en", "Open server ports were detected" },
94 { "de", "Offene Serverports wurden festgestellt" },
95 { "fr", "Il y a des ports du serveur ouverts" },
96 { "pl", "Są otwarte porty serwera" }
97 };
98
99 /**
100 * Table of multi-lingual remediation instruction string entries
101 */
102 static entry_t instructions [] = {
103 { "en", "Please close the following server ports:" },
104 { "de", "Bitte schliessen Sie die folgenden Serverports:" },
105 { "fr", "Fermez les ports du serveur suivants s'il vous plait:" },
106 { "pl", "Proszę zamknąć następujące porty serwera:" }
107 };
108
109 METHOD(imv_state_t, get_connection_id, TNC_ConnectionID,
110 private_imv_scanner_state_t *this)
111 {
112 return this->connection_id;
113 }
114
115 METHOD(imv_state_t, has_long, bool,
116 private_imv_scanner_state_t *this)
117 {
118 return this->has_long;
119 }
120
121 METHOD(imv_state_t, has_excl, bool,
122 private_imv_scanner_state_t *this)
123 {
124 return this->has_excl;
125 }
126
127 METHOD(imv_state_t, set_flags, void,
128 private_imv_scanner_state_t *this, bool has_long, bool has_excl)
129 {
130 this->has_long = has_long;
131 this->has_excl = has_excl;
132 }
133
134 METHOD(imv_state_t, set_max_msg_len, void,
135 private_imv_scanner_state_t *this, u_int32_t max_msg_len)
136 {
137 this->max_msg_len = max_msg_len;
138 }
139
140 METHOD(imv_state_t, get_max_msg_len, u_int32_t,
141 private_imv_scanner_state_t *this)
142 {
143 return this->max_msg_len;
144 }
145
146 METHOD(imv_state_t, change_state, void,
147 private_imv_scanner_state_t *this, TNC_ConnectionState new_state)
148 {
149 this->state = new_state;
150 }
151
152 METHOD(imv_state_t, get_recommendation, void,
153 private_imv_scanner_state_t *this, TNC_IMV_Action_Recommendation *rec,
154 TNC_IMV_Evaluation_Result *eval)
155 {
156 *rec = this->rec;
157 *eval = this->eval;
158 }
159
160 METHOD(imv_state_t, set_recommendation, void,
161 private_imv_scanner_state_t *this, TNC_IMV_Action_Recommendation rec,
162 TNC_IMV_Evaluation_Result eval)
163 {
164 this->rec = rec;
165 this->eval = eval;
166 }
167
168 METHOD(imv_state_t, get_reason_string, bool,
169 private_imv_scanner_state_t *this, enumerator_t *language_enumerator,
170 char **reason_string, char **reason_language)
171 {
172 bool match = FALSE;
173 char *lang;
174 int i;
175
176 if (!this->violating_ports)
177 {
178 return FALSE;
179 }
180
181 /* set the default language */
182 *reason_language = reasons[0].lang;
183 *reason_string = reasons[0].string;
184
185 while (language_enumerator->enumerate(language_enumerator, &lang))
186 {
187 for (i = 0; i < countof(reasons); i++)
188 {
189 if (streq(lang, reasons[i].lang))
190 {
191 match = TRUE;
192 *reason_language = reasons[i].lang;
193 *reason_string = reasons[i].string;
194 break;
195 }
196 }
197 if (match)
198 {
199 break;
200 }
201 }
202
203 return TRUE;
204 }
205
206 METHOD(imv_state_t, get_remediation_instructions, bool,
207 private_imv_scanner_state_t *this, enumerator_t *language_enumerator,
208 char **string, char **lang_code)
209 {
210 bool match = FALSE;
211 char *lang;
212 int i;
213
214 if (!this->violating_ports)
215 {
216 return FALSE;
217 }
218
219 /* set the default language */
220 *lang_code = instructions[0].lang;
221 *string = instructions[0].string;
222
223 while (language_enumerator->enumerate(language_enumerator, &lang))
224 {
225 for (i = 0; i < countof(instructions); i++)
226 {
227 if (streq(lang, instructions[i].lang))
228 {
229 match = TRUE;
230 *lang_code = instructions[i].lang;
231 *string = instructions[i].string;
232 break;
233 }
234 }
235 if (match)
236 {
237 break;
238 }
239 }
240 this->instructions = malloc(strlen(*string) +
241 strlen(this->violating_ports) + 1);
242 sprintf(this->instructions, "%s%s", *string, this->violating_ports);
243 *string = this->instructions;
244
245 return TRUE;
246 }
247
248 METHOD(imv_state_t, destroy, void,
249 private_imv_scanner_state_t *this)
250 {
251 free(this->violating_ports);
252 free(this->instructions);
253 free(this);
254 }
255
256 METHOD(imv_scanner_state_t, set_violating_ports, void,
257 private_imv_scanner_state_t *this, char *ports)
258 {
259 this->violating_ports = strdup(ports);
260 }
261
262 /**
263 * Described in header.
264 */
265 imv_state_t *imv_scanner_state_create(TNC_ConnectionID connection_id)
266 {
267 private_imv_scanner_state_t *this;
268
269 INIT(this,
270 .public = {
271 .interface = {
272 .get_connection_id = _get_connection_id,
273 .has_long = _has_long,
274 .has_excl = _has_excl,
275 .set_flags = _set_flags,
276 .set_max_msg_len = _set_max_msg_len,
277 .get_max_msg_len = _get_max_msg_len,
278 .change_state = _change_state,
279 .get_recommendation = _get_recommendation,
280 .set_recommendation = _set_recommendation,
281 .get_reason_string = _get_reason_string,
282 .get_remediation_instructions = _get_remediation_instructions,
283 .destroy = _destroy,
284 },
285 .set_violating_ports = _set_violating_ports,
286 },
287 .state = TNC_CONNECTION_STATE_CREATE,
288 .rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
289 .eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
290 .connection_id = connection_id,
291 );
292
293 return &this->public.interface;
294 }
295
296
strongSwan - IPsec VPN