{
imv_msg_t *out_msg;
imv_state_t *state;
+ imv_session_t *session;
imv_workitem_t *workitem;
imv_os_state_t *os_state;
imv_os_handshake_state_t handshake_state;
pa_tnc_attr_t *attr;
TNC_Result result = TNC_RESULT_SUCCESS;
enumerator_t *enumerator;
- imv_session_t *session;
u_int received;
if (!imv_os)
/* trigger the policy manager */
imcv_db->policy_script(imcv_db, session, TRUE);
}
+ else
+ {
+ /* just gather information without evaluation */
+ state->set_recommendation(state,
+ TNC_IMV_ACTION_RECOMMENDATION_ALLOW,
+ TNC_IMV_EVALUATION_RESULT_DONT_KNOW);
+ }
handshake_state = IMV_OS_STATE_POLICY_START;
}
else if (handshake_state == IMV_OS_STATE_ATTR_REQ)
static imv_agent_t *imv_scanner;
+/**
+ * Flag set when corresponding attribute has been received
+ */
+typedef enum imv_scanner_attr_t imv_scanner_attr_t;
+
+enum imv_scanner_attr_t {
+ IMV_SCANNER_ATTR_PORT_FILTER = (1<<0)
+};
+
typedef struct port_range_t port_range_t;
struct port_range_t {
if (type.vendor_id == PEN_IETF && type.type == IETF_ATTR_PORT_FILTER)
{
- imv_scanner_state_t *imv_scanner_state;
+ imv_scanner_state_t *scanner_state;
ietf_attr_port_filter_t *attr_port_filter;
enumerator_t *enumerator;
u_int8_t protocol;
bool blocked, compliant = TRUE;
- imv_scanner_state = (imv_scanner_state_t*)state;
+ scanner_state = (imv_scanner_state_t*)state;
+ scanner_state->set_received(scanner_state,
+ IMV_SCANNER_ATTR_PORT_FILTER);
attr_port_filter = (ietf_attr_port_filter_t*)attr;
+
enumerator = attr_port_filter->create_port_enumerator(attr_port_filter);
while (enumerator->enumerate(enumerator, &blocked, &protocol, &port))
{
compliant = FALSE;
snprintf(buf, sizeof(buf), "%s/%u",
(protocol == IPPROTO_TCP) ? "tcp" : "udp", port);
- imv_scanner_state->add_violating_port(imv_scanner_state,
- strdup(buf));
+ scanner_state->add_violating_port(scanner_state, strdup(buf));
}
}
enumerator->destroy(enumerator);
TNC_IMV_Evaluation_Result eval;
/**
+ * IMV Scanner handshake state
+ */
+ imv_scanner_handshake_state_t handshake_state;
+
+ /**
+ * Flags set for received attributes
+ */
+ u_int received_flags;
+
+ /**
* List with ports that should be closed
*/
linked_list_t *violating_ports;
free(this);
}
+METHOD(imv_scanner_state_t, set_handshake_state, void,
+ private_imv_scanner_state_t *this, imv_scanner_handshake_state_t new_state)
+{
+ this->handshake_state = new_state;
+}
+
+METHOD(imv_scanner_state_t, get_handshake_state, imv_scanner_handshake_state_t,
+ private_imv_scanner_state_t *this)
+{
+ return this->handshake_state;
+}
+
+METHOD(imv_scanner_state_t, set_received, void,
+ private_imv_scanner_state_t *this, u_int flags)
+{
+ this->received_flags |= flags;
+}
+
+METHOD(imv_scanner_state_t, get_received, u_int,
+ private_imv_scanner_state_t *this)
+{
+ return this->received_flags;
+}
+
+
METHOD(imv_scanner_state_t, add_violating_port, void,
private_imv_scanner_state_t *this, char *port)
{
.get_remediation_instructions = _get_remediation_instructions,
.destroy = _destroy,
},
+ .set_handshake_state = _set_handshake_state,
+ .get_handshake_state = _get_handshake_state,
+ .set_received = _set_received,
+ .get_received = _get_received,
.add_violating_port = _add_violating_port,
},
.state = TNC_CONNECTION_STATE_CREATE,
/*
- * Copyright (C) 2011 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2011-2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
#include <library.h>
typedef struct imv_scanner_state_t imv_scanner_state_t;
+typedef enum imv_scanner_handshake_state_t imv_scanner_handshake_state_t;
+
+/**
+ * IMV Scanner Handshake States (state machine)
+ */
+enum imv_scanner_handshake_state_t {
+ IMV_SCANNER_STATE_INIT,
+ IMV_SCANNER_STATE_POLICY_START,
+ IMV_SCANNER_STATE_WORKITEMS
+};
/**
* Internal state of an imv_scanner_t connection instance
imv_state_t interface;
/**
+ * Set state of the handshake
+ *
+ * @param new_state the handshake state of IMV
+ */
+ void (*set_handshake_state)(imv_scanner_state_t *this,
+ imv_scanner_handshake_state_t new_state);
+
+ /**
+ * Get state of the handshake
+ *
+ * @return the handshake state of IMV
+ */
+ imv_scanner_handshake_state_t (*get_handshake_state)(imv_scanner_state_t *this);
+
+ /**
+ * Set flags for received attributes
+ *
+ * @param flags Flags to be set
+ */
+ void (*set_received)(imv_scanner_state_t *this, u_int flags);
+
+ /**
+ * Get flags set for received attributes
+ *
+ * @return Flags set for received attributes
+ */
+ u_int (*get_received)(imv_scanner_state_t *this);
+
+ /**
* add a violating TCP or UDP port
*/
void (*add_violating_port)(imv_scanner_state_t *this, char *port);
projects / strongswan.git / commitdiff