projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
libimcv: Move settings to <ns>.imcv and <ns>.plugins with fallback
[strongswan.git] / src / libimcv / plugins / imv_scanner / imv_scanner_state.c
1 /*
2 * Copyright (C) 2011-2013 Andreas Steffen
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "imv_scanner_state.h"
17 #include "imv/imv_lang_string.h"
18 #include "imv/imv_reason_string.h"
19 #include "imv/imv_remediation_string.h"
20
21 #include <tncif_policy.h>
22
23 #include <utils/lexparser.h>
24 #include <utils/debug.h>
25
26 typedef struct private_imv_scanner_state_t private_imv_scanner_state_t;
27
28 /**
29 * Private data of an imv_scanner_state_t object.
30 */
31 struct private_imv_scanner_state_t {
32
33 /**
34 * Public members of imv_scanner_state_t
35 */
36 imv_scanner_state_t public;
37
38 /**
39 * TNCCS connection ID
40 */
41 TNC_ConnectionID connection_id;
42
43 /**
44 * TNCCS connection state
45 */
46 TNC_ConnectionState state;
47
48 /**
49 * Does the TNCCS connection support long message types?
50 */
51 bool has_long;
52
53 /**
54 * Does the TNCCS connection support exclusive delivery?
55 */
56 bool has_excl;
57
58 /**
59 * Maximum PA-TNC message size for this TNCCS connection
60 */
61 u_int32_t max_msg_len;
62
63 /**
64 * Flags set for completed actions
65 */
66 u_int32_t action_flags;
67
68 /**
69 * Access Requestor ID Type
70 */
71 u_int32_t ar_id_type;
72
73 /**
74 * Access Requestor ID Value
75 */
76 chunk_t ar_id_value;
77
78 /**
79 * IMV database session associatied with TNCCS connection
80 */
81 imv_session_t *session;
82
83 /**
84 * IMV action recommendation
85 */
86 TNC_IMV_Action_Recommendation rec;
87
88 /**
89 * IMV evaluation result
90 */
91 TNC_IMV_Evaluation_Result eval;
92
93 /**
94 * IMV Scanner handshake state
95 */
96 imv_scanner_handshake_state_t handshake_state;
97
98 /**
99 * Copy of the received IEEE Port Filter attribute
100 */
101 ietf_attr_port_filter_t *port_filter_attr;
102
103 /**
104 * List with ports that should be closed
105 */
106 linked_list_t *violating_ports;
107
108 /**
109 * TNC Reason String
110 */
111 imv_reason_string_t *reason_string;
112
113 /**
114 * IETF Remediation Instructions String
115 */
116 imv_remediation_string_t *remediation_string;
117
118 };
119
120 /**
121 * Supported languages
122 */
123 static char* languages[] = { "en", "de", "fr", "pl" };
124
125 /**
126 * Reason strings for "Port Filter"
127 */
128 static imv_lang_string_t reasons[] = {
129 { "en", "Open server ports were detected" },
130 { "de", "Offene Serverports wurden festgestellt" },
131 { "fr", "Il y a des ports du serveur ouverts" },
132 { "pl", "Są otwarte porty serwera" },
133 { NULL, NULL }
134 };
135
136 /**
137 * Instruction strings for "Port Filters"
138 */
139 static imv_lang_string_t instr_ports_title[] = {
140 { "en", "Open Server Ports" },
141 { "de", "Offene Server Ports" },
142 { "fr", "Ports ouverts du serveur" },
143 { "pl", "Otwarte Porty Serwera" },
144 { NULL, NULL }
145 };
146
147 static imv_lang_string_t instr_ports_descr[] = {
148 { "en", "Open Internet ports have been detected" },
149 { "de", "Offenen Internet-Ports wurden festgestellt" },
150 { "fr", "Il y'a des ports Internet ouverts" },
151 { "pl", "Porty internetowe są otwarte" },
152 { NULL, NULL }
153 };
154
155 static imv_lang_string_t instr_ports_header[] = {
156 { "en", "Please close the following server ports:" },
157 { "de", "Bitte schliessen Sie die folgenden Serverports:" },
158 { "fr", "Fermez les ports du serveur suivants s'il vous plait:" },
159 { "pl", "Proszę zamknąć następujące porty serwera:" },
160 { NULL, NULL }
161 };
162
163 METHOD(imv_state_t, get_connection_id, TNC_ConnectionID,
164 private_imv_scanner_state_t *this)
165 {
166 return this->connection_id;
167 }
168
169 METHOD(imv_state_t, has_long, bool,
170 private_imv_scanner_state_t *this)
171 {
172 return this->has_long;
173 }
174
175 METHOD(imv_state_t, has_excl, bool,
176 private_imv_scanner_state_t *this)
177 {
178 return this->has_excl;
179 }
180
181 METHOD(imv_state_t, set_flags, void,
182 private_imv_scanner_state_t *this, bool has_long, bool has_excl)
183 {
184 this->has_long = has_long;
185 this->has_excl = has_excl;
186 }
187
188 METHOD(imv_state_t, set_max_msg_len, void,
189 private_imv_scanner_state_t *this, u_int32_t max_msg_len)
190 {
191 this->max_msg_len = max_msg_len;
192 }
193
194 METHOD(imv_state_t, get_max_msg_len, u_int32_t,
195 private_imv_scanner_state_t *this)
196 {
197 return this->max_msg_len;
198 }
199
200 METHOD(imv_state_t, set_action_flags, void,
201 private_imv_scanner_state_t *this, u_int32_t flags)
202 {
203 this->action_flags |= flags;
204 }
205
206 METHOD(imv_state_t, get_action_flags, u_int32_t,
207 private_imv_scanner_state_t *this)
208 {
209 return this->action_flags;
210 }
211
212 METHOD(imv_state_t, set_ar_id, void,
213 private_imv_scanner_state_t *this, u_int32_t id_type, chunk_t id_value)
214 {
215 this->ar_id_type = id_type;
216 this->ar_id_value = chunk_clone(id_value);
217 }
218
219 METHOD(imv_state_t, get_ar_id, chunk_t,
220 private_imv_scanner_state_t *this, u_int32_t *id_type)
221 {
222 if (id_type)
223 {
224 *id_type = this->ar_id_type;
225 }
226 return this->ar_id_value;
227 }
228
229 METHOD(imv_state_t, set_session, void,
230 private_imv_scanner_state_t *this, imv_session_t *session)
231 {
232 this->session = session;
233 }
234
235 METHOD(imv_state_t, get_session, imv_session_t*,
236 private_imv_scanner_state_t *this)
237 {
238 return this->session;
239 }
240
241 METHOD(imv_state_t, change_state, void,
242 private_imv_scanner_state_t *this, TNC_ConnectionState new_state)
243 {
244 this->state = new_state;
245 }
246
247 METHOD(imv_state_t, get_recommendation, void,
248 private_imv_scanner_state_t *this, TNC_IMV_Action_Recommendation *rec,
249 TNC_IMV_Evaluation_Result *eval)
250 {
251 *rec = this->rec;
252 *eval = this->eval;
253 }
254
255 METHOD(imv_state_t, set_recommendation, void,
256 private_imv_scanner_state_t *this, TNC_IMV_Action_Recommendation rec,
257 TNC_IMV_Evaluation_Result eval)
258 {
259 this->rec = rec;
260 this->eval = eval;
261 }
262
263 METHOD(imv_state_t, update_recommendation, void,
264 private_imv_scanner_state_t *this, TNC_IMV_Action_Recommendation rec,
265 TNC_IMV_Evaluation_Result eval)
266 {
267 this->rec = tncif_policy_update_recommendation(this->rec, rec);
268 this->eval = tncif_policy_update_evaluation(this->eval, eval);
269 }
270
271 METHOD(imv_state_t, get_reason_string, bool,
272 private_imv_scanner_state_t *this, enumerator_t *language_enumerator,
273 chunk_t *reason_string, char **reason_language)
274 {
275 if (this->violating_ports->get_count(this->violating_ports) == 0)
276 {
277 return FALSE;
278 }
279 *reason_language = imv_lang_string_select_lang(language_enumerator,
280 languages, countof(languages));
281
282 /* Instantiate a TNC Reason String object */
283 DESTROY_IF(this->reason_string);
284 this->reason_string = imv_reason_string_create(*reason_language, "\n");
285 if (this->rec != TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION)
286 {
287 this->reason_string->add_reason(this->reason_string, reasons);
288 }
289 *reason_string = this->reason_string->get_encoding(this->reason_string);
290
291 return TRUE;
292 }
293
294 METHOD(imv_state_t, get_remediation_instructions, bool,
295 private_imv_scanner_state_t *this, enumerator_t *language_enumerator,
296 chunk_t *string, char **lang_code, char **uri)
297 {
298 if (this->violating_ports->get_count(this->violating_ports) == 0)
299 {
300 return FALSE;
301 }
302 *lang_code = imv_lang_string_select_lang(language_enumerator,
303 languages, countof(languages));
304
305 /* Instantiate an IETF Remediation Instructions String object */
306 DESTROY_IF(this->remediation_string);
307 this->remediation_string = imv_remediation_string_create(
308 TRUE, *lang_code); /* TODO get os_type */
309
310 this->remediation_string->add_instruction(this->remediation_string,
311 instr_ports_title,
312 instr_ports_descr,
313 instr_ports_header,
314 this->violating_ports);
315 *string = this->remediation_string->get_encoding(this->remediation_string);
316 *uri = lib->settings->get_str(lib->settings,
317 "%s.plugins.imv-scanner.remediation_uri", NULL, lib->ns);
318
319 return TRUE;
320 }
321
322 METHOD(imv_state_t, destroy, void,
323 private_imv_scanner_state_t *this)
324 {
325 DESTROY_IF(this->session);
326 DESTROY_IF(this->reason_string);
327 DESTROY_IF(this->remediation_string);
328 DESTROY_IF(&this->port_filter_attr->pa_tnc_attribute);
329 this->violating_ports->destroy_function(this->violating_ports, free);
330 free(this->ar_id_value.ptr);
331 free(this);
332 }
333
334 METHOD(imv_scanner_state_t, set_handshake_state, void,
335 private_imv_scanner_state_t *this, imv_scanner_handshake_state_t new_state)
336 {
337 this->handshake_state = new_state;
338 }
339
340 METHOD(imv_scanner_state_t, get_handshake_state, imv_scanner_handshake_state_t,
341 private_imv_scanner_state_t *this)
342 {
343 return this->handshake_state;
344 }
345
346 METHOD(imv_scanner_state_t, set_port_filter_attr, void,
347 private_imv_scanner_state_t *this, ietf_attr_port_filter_t *attr)
348 {
349 DESTROY_IF(&this->port_filter_attr->pa_tnc_attribute);
350 this->port_filter_attr = attr;
351 }
352
353 METHOD(imv_scanner_state_t, get_port_filter_attr, ietf_attr_port_filter_t*,
354 private_imv_scanner_state_t *this)
355 {
356 return this->port_filter_attr;
357 }
358
359 METHOD(imv_scanner_state_t, add_violating_port, void,
360 private_imv_scanner_state_t *this, char *port)
361 {
362 this->violating_ports->insert_last(this->violating_ports, port);
363 }
364
365 /**
366 * Described in header.
367 */
368 imv_state_t *imv_scanner_state_create(TNC_ConnectionID connection_id)
369 {
370 private_imv_scanner_state_t *this;
371
372 INIT(this,
373 .public = {
374 .interface = {
375 .get_connection_id = _get_connection_id,
376 .has_long = _has_long,
377 .has_excl = _has_excl,
378 .set_flags = _set_flags,
379 .set_max_msg_len = _set_max_msg_len,
380 .get_max_msg_len = _get_max_msg_len,
381 .set_action_flags = _set_action_flags,
382 .get_action_flags = _get_action_flags,
383 .set_ar_id = _set_ar_id,
384 .get_ar_id = _get_ar_id,
385 .set_session = _set_session,
386 .get_session= _get_session,
387 .change_state = _change_state,
388 .get_recommendation = _get_recommendation,
389 .set_recommendation = _set_recommendation,
390 .update_recommendation = _update_recommendation,
391 .get_reason_string = _get_reason_string,
392 .get_remediation_instructions = _get_remediation_instructions,
393 .destroy = _destroy,
394 },
395 .set_handshake_state = _set_handshake_state,
396 .get_handshake_state = _get_handshake_state,
397 .set_port_filter_attr = _set_port_filter_attr,
398 .get_port_filter_attr = _get_port_filter_attr,
399 .add_violating_port = _add_violating_port,
400 },
401 .state = TNC_CONNECTION_STATE_CREATE,
402 .rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
403 .eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
404 .connection_id = connection_id,
405 .violating_ports = linked_list_create(),
406 );
407
408 return &this->public.interface;
409 }
410
411
strongSwan - IPsec VPN