created a simple IMV Policy Manager
authorAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 17 May 2013 19:38:54 +0000 (21:38 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 21 Jun 2013 21:25:22 +0000 (23:25 +0200)
src/libimcv/.gitignore [new file with mode: 0644]
src/libimcv/Makefile.am
src/libimcv/imv/imv_policy_manager.c [new file with mode: 0644]
src/libimcv/imv/imv_policy_manager_usage.c [new file with mode: 0644]
src/libimcv/imv/imv_policy_manager_usage.h [new file with mode: 0644]

diff --git a/src/libimcv/.gitignore b/src/libimcv/.gitignore
new file mode 100644 (file)
index 0000000..9105a6f
--- /dev/null
@@ -0,0 +1 @@
+imv_policy_manager
index 13531fe..44e812c 100644 (file)
@@ -46,6 +46,14 @@ libimcv_la_SOURCES = \
 ipsec_SCRIPTS = imv/_imv_policy
 EXTRA_DIST = imv/_imv_policy
 
+ipsec_PROGRAMS = imv_policy_manager
+imv_policy_manager_SOURCES = \
+       imv/imv_policy_manager.c \
+       imv/imv_policy_manager_usage.h imv/imv_policy_manager_usage.c
+imv_policy_manager_LDADD = \
+       $(top_builddir)/src/libstrongswan/libstrongswan.la
+#imv/imv_policy_manager.o :    $(top_builddir)/config.status
+
 SUBDIRS = .
 
 if USE_IMC_TEST
diff --git a/src/libimcv/imv/imv_policy_manager.c b/src/libimcv/imv/imv_policy_manager.c
new file mode 100644 (file)
index 0000000..128c7a2
--- /dev/null
@@ -0,0 +1,170 @@
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "imv_policy_manager_usage.h"
+#include "imv_workitem.h"
+#include <library.h>
+#include <utils/debug.h>
+
+#include <stdlib.h>
+#include <stdio.h>
+
+/**
+ * global debug output variables
+ */
+static int debug_level = 2;
+static bool stderr_quiet = FALSE;
+
+/**
+ * attest dbg function
+ */
+static void stderr_dbg(debug_t group, level_t level, char *fmt, ...)
+{
+       va_list args;
+
+       if (level <= debug_level)
+       {
+               if (!stderr_quiet)
+               {
+                       va_start(args, fmt);
+                       vfprintf(stderr, fmt, args);
+                       fprintf(stderr, "\n");
+                       va_end(args);
+               }
+       }
+}
+
+bool policy_start(database_t *db, int session_id)
+{
+       if (db->execute(db, NULL,
+                               "INSERT INTO workitems (session, type, argument, "
+                               "rec_fail, rec_noresult) VALUES (?, ?, ?, ?, ?)",
+                               DB_INT, session_id, DB_INT, IMV_WORKITEM_PACKAGES,
+                               DB_TEXT, "",
+                               DB_INT, TNC_IMV_ACTION_RECOMMENDATION_ISOLATE,
+                               DB_INT, TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS) != 1)
+       {
+               return FALSE;
+       }
+       if (db->execute(db, NULL,
+                               "INSERT INTO workitems (session, type, argument, "
+                               "rec_fail, rec_noresult) VALUES (?, ?, ?, ?, ?)",
+                               DB_INT, session_id, DB_INT, IMV_WORKITEM_FORWARDING,
+                               DB_TEXT, "",
+                               DB_INT, TNC_IMV_ACTION_RECOMMENDATION_ISOLATE,
+                               DB_INT, TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS) != 1)
+       {
+               return FALSE;
+       }
+       if (db->execute(db, NULL,
+                               "INSERT INTO workitems (session, type, argument, "
+                               "rec_fail, rec_noresult) VALUES (?, ?, ?, ?, ?)",
+                               DB_INT, session_id, DB_INT, IMV_WORKITEM_TCP_SCAN,
+                               DB_TEXT, "22",
+                               DB_INT, TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS,
+                               DB_INT, TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS) != 1)
+       {
+               return FALSE;
+       }
+
+       return TRUE;
+}
+
+bool policy_stop(database_t *db, int session_id)
+{
+       return db->execute(db, NULL,
+                               "DELETE FROM workitems WHERE session = ?",
+                               DB_UINT, session_id) > 0;
+}
+
+int main(int argc, char *argv[])
+{
+       database_t *db;
+       char *uri, *tnc_session_id;
+       int session_id;
+       bool start, success;
+
+       /* enable attest debugging hook */
+       dbg = stderr_dbg;
+
+       atexit(library_deinit);
+
+       /* initialize library */
+       if (!library_init(NULL))
+       {
+               exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
+       }
+       if (!lib->plugins->load(lib->plugins, NULL, 
+                       lib->settings->get_str(lib->settings, "imv_policy_manager.load",
+                                "sqlite")))
+       {
+               exit(SS_RC_INITIALIZATION_FAILED);
+       }
+
+       if (argc < 2)
+       {
+               usage();
+               exit(SS_RC_INITIALIZATION_FAILED);
+       }
+       if (streq(argv[1], "start"))
+       {
+               start = TRUE;
+       }
+       else if (streq(argv[1], "stop"))
+       {
+               start = FALSE;
+       }
+       else
+       {
+               usage();
+               exit(SS_RC_INITIALIZATION_FAILED);
+       }
+
+       /* get session ID */
+       tnc_session_id = getenv("TNC_SESSION_ID");
+       if (!tnc_session_id)
+       {
+               fprintf(stderr, "environment variable TNC_SESSION_ID is not defined\n");
+               exit(SS_RC_INITIALIZATION_FAILED);
+       }
+       session_id = atoi(tnc_session_id);
+       
+       /* attach database */
+       uri = lib->settings->get_str(lib->settings, "imv_policy_manager.database",
+                                                                                               "sqlite:///etc/pts/config.db");
+       db = lib->db->create(lib->db, uri);
+       if (!db)
+       {
+               fprintf(stderr, "opening database failed.\n");
+               exit(SS_RC_INITIALIZATION_FAILED);
+       }
+
+       if (start)
+       {
+               success = policy_start(db, session_id);
+       }
+       else
+       {
+               success = policy_stop(db, session_id);
+       }
+       db->destroy(db);
+
+       fprintf(stderr, "imv_policy_manager %s %s\n", start ? "start" : "stop",
+                       success ? "successful" : "failed");
+
+       exit(EXIT_SUCCESS);
+}
+
diff --git a/src/libimcv/imv/imv_policy_manager_usage.c b/src/libimcv/imv/imv_policy_manager_usage.c
new file mode 100644 (file)
index 0000000..3167a54
--- /dev/null
@@ -0,0 +1,29 @@
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include <stdio.h>
+
+#include "imv_policy_manager_usage.h"
+
+/**
+ * print imv_policy_manager usage info
+ */
+void usage(void)
+{
+       printf("\
+Usage:\n\
+  imv_policy_manager start|stop\n");
+}
+
diff --git a/src/libimcv/imv/imv_policy_manager_usage.h b/src/libimcv/imv/imv_policy_manager_usage.h
new file mode 100644 (file)
index 0000000..9c90d40
--- /dev/null
@@ -0,0 +1,24 @@
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef IMV_POLICY_MANAGER_USAGE_H_
+#define IMV_POLICY_MANAGER_USAGE_H_
+
+/**
+ * print imv_policy_manager usage info
+ */
+void usage(void);
+
+#endif /* IMV_POLICY_MANAGER_USAGE_H_ */