reformulated recommendation policies
authorAndreas Steffen <andreas.steffen@strongswan.org>
Tue, 16 Nov 2010 09:59:53 +0000 (10:59 +0100)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Tue, 16 Nov 2010 10:00:40 +0000 (11:00 +0100)
src/libcharon/plugins/tnc_imv/tnc_imv_recommendations.c

index 58ad37c..a50e7fa 100644 (file)
@@ -32,6 +32,11 @@ struct recommendation_entry_t {
        TNC_IMVID id;
 
        /**
+        * Received a recommendation message from this IMV?
+        */
+       bool have_recommendation;
+
+       /**
         * Action Recommendation provided by IMV instance
         */
   TNC_IMV_Action_Recommendation rec;
@@ -76,6 +81,7 @@ METHOD(recommendations_t, provide_recommendation, TNC_Result,
                if (entry->id == id)
                {
                        found = TRUE;
+                       entry->have_recommendation = TRUE;
                        entry->rec = rec;
                        entry->eval = eval;
                        break;
@@ -109,8 +115,7 @@ METHOD(recommendations_t, have_recommendation, bool,
        enumerator = this->recs->create_enumerator(this->recs);
        while (enumerator->enumerate(enumerator, &entry))
        {
-               if (entry->rec == TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION ||
-                       entry->eval == TNC_IMV_EVALUATION_RESULT_DONT_KNOW)
+               if (!entry->have_recommendation)
                {
                        incomplete = TRUE;
                        break;
@@ -120,94 +125,118 @@ METHOD(recommendations_t, have_recommendation, bool,
                        final_rec = entry->rec;
                        final_eval = entry->eval;
                        first = FALSE;
+                       continue;
                }
                switch (policy)
                {
                        case RECOMMENDATION_POLICY_DEFAULT:
-                               /* Consolidate action recommendations */
-                               if (entry->rec == TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS)
-                               {
-                                       final_rec = TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS;
-                               }
-                               else if (entry->rec == TNC_IMV_ACTION_RECOMMENDATION_ISOLATE &&
-                                                final_rec != TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS)
-                               {
-                                       final_rec = TNC_IMV_ACTION_RECOMMENDATION_ISOLATE;
-                               }
-                               else
-                               {
-                                       final_rec = TNC_IMV_ACTION_RECOMMENDATION_ALLOW;
-                               }
-
-                               /* Consolidate evaluation results */
-                               if (entry->eval == TNC_IMV_EVALUATION_RESULT_ERROR)
-                               {
-                                       final_eval = TNC_IMV_EVALUATION_RESULT_ERROR;
-                               }
-                               else if (entry->eval == TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MAJOR &&
-                                                final_eval != TNC_IMV_EVALUATION_RESULT_ERROR)
-                               {
-                                       final_eval = TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MAJOR;
-                               }
-                               else if (entry->eval ==  TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR &&
-                                                final_eval != TNC_IMV_EVALUATION_RESULT_ERROR &&
-                                                final_eval != TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MAJOR)
+                               switch (entry->rec)
                                {
-                                       final_eval = TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR;
+                                       case TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS:
+                                               final_rec = entry->rec;
+                                               break;
+                                       case TNC_IMV_ACTION_RECOMMENDATION_ISOLATE:
+                                               if (final_rec != TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS)
+                                               {
+                                                       final_rec = entry->rec;
+                                               };
+                                               break;
+                                       case TNC_IMV_ACTION_RECOMMENDATION_ALLOW:
+                                               if (final_rec == TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION)
+                                               {
+                                                       final_rec = entry->rec;
+                                               };
+                                               break;
+                                       case TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION:
+                                               break;
                                }
-                               else if (entry->eval == TNC_IMV_EVALUATION_RESULT_COMPLIANT)
+                               switch (entry->eval)
                                {
-                                       final_eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT;
+                                       case TNC_IMV_EVALUATION_RESULT_ERROR:
+                                               final_eval = entry->eval;
+                                               break;
+                                       case TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MAJOR:
+                                               if (final_eval != TNC_IMV_EVALUATION_RESULT_ERROR)
+                                               {
+                                                       final_eval = entry->eval;
+                                               }
+                                               break;
+                                       case TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR:
+                                               if (final_eval != TNC_IMV_EVALUATION_RESULT_ERROR &&
+                                                       final_eval != TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MAJOR)
+                                               {
+                                                       final_eval = entry->eval;
+                                               }
+                                               break;
+                                       case TNC_IMV_EVALUATION_RESULT_COMPLIANT:
+                                               if (final_eval == TNC_IMV_EVALUATION_RESULT_DONT_KNOW)
+                                               {
+                                                       final_eval = entry->eval;
+                                               }
+                                               break;
+                                       case TNC_IMV_EVALUATION_RESULT_DONT_KNOW:
+                                               break;
                                }
                                break;
+
                        case RECOMMENDATION_POLICY_ALL:
-                               /* Consolidate action recommendations */
                                if (entry->rec != final_rec)
                                {
                                        final_rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION;
                                }
-
-                               /* Consolidate evaluation results */
                                if (entry->eval != final_eval)
                                {
                                        final_eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
                                }
                                break;
-                       case RECOMMENDATION_POLICY_ANY:
-                               /* Consolidate action recommendations */
-                               if (entry->rec == TNC_IMV_ACTION_RECOMMENDATION_ALLOW)
-                               {
-                                       final_rec = TNC_IMV_ACTION_RECOMMENDATION_ALLOW;
-                               }
-                               else if (entry->rec == TNC_IMV_ACTION_RECOMMENDATION_ISOLATE &&
-                                                final_rec != TNC_IMV_ACTION_RECOMMENDATION_ALLOW)
-                               {
-                                       final_rec = TNC_IMV_ACTION_RECOMMENDATION_ISOLATE;
-                               }
-                               else
-                               {
-                                       final_rec = TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS;
-                               }
 
-                               /* Consolidate evaluation results */
-                               if (entry->eval == TNC_IMV_EVALUATION_RESULT_COMPLIANT)
-                               {
-                                       final_eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT;
-                               }
-                               else if (entry->eval == TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR &&
-                                                final_eval != TNC_IMV_EVALUATION_RESULT_COMPLIANT)
-                               {
-                                       final_eval = TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR;
-                               }
-                               else if (entry->eval ==  TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MAJOR &&
-                                                final_eval != TNC_IMV_EVALUATION_RESULT_COMPLIANT &&
-                                                final_eval != TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR)
+                       case RECOMMENDATION_POLICY_ANY:
+                               switch (entry->rec)
                                {
-                                       final_eval = TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MAJOR;
+                                       case TNC_IMV_ACTION_RECOMMENDATION_ALLOW:
+                                               final_rec = entry->rec;
+                                               break;
+                                       case TNC_IMV_ACTION_RECOMMENDATION_ISOLATE:
+                                               if (final_rec != TNC_IMV_ACTION_RECOMMENDATION_ALLOW)
+                                               {
+                                                       final_rec = entry->rec;
+                                               };
+                                               break;
+                                       case TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS:
+                                               if (final_rec == TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION)
+                                               {
+                                                       final_rec = entry->rec;
+                                               };
+                                               break;
+                                       case TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION:
+                                               break;
                                }
-                               else if (entry->eval == TNC_IMV_EVALUATION_RESULT_ERROR)
+                               switch (entry->eval)
                                {
-                                       final_eval = TNC_IMV_EVALUATION_RESULT_ERROR;
+                                       case TNC_IMV_EVALUATION_RESULT_COMPLIANT:
+                                               final_eval = entry->eval;
+                                               break;
+                                       case TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR:
+                                               if (final_eval != TNC_IMV_EVALUATION_RESULT_COMPLIANT)
+                                               {
+                                                       final_eval = entry->eval;
+                                               }
+                                               break;
+                                       case TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MAJOR:
+                                               if (final_eval != TNC_IMV_EVALUATION_RESULT_COMPLIANT &&
+                                                       final_eval != TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR)
+                                               {
+                                                       final_eval = entry->eval;
+                                               }
+                                               break;
+                                       case TNC_IMV_EVALUATION_RESULT_ERROR:
+                                               if (final_eval == TNC_IMV_EVALUATION_RESULT_DONT_KNOW)
+                                               {
+                                                       final_eval = entry->eval;
+                                               }
+                                               break;
+                                       case TNC_IMV_EVALUATION_RESULT_DONT_KNOW:
+                                               break;
                                }
                }
        }
@@ -254,6 +283,7 @@ recommendations_t* tnc_imv_recommendations_create(linked_list_t *imv_list)
        {
                entry = malloc_thing(recommendation_entry_t);
                entry->id = imv->get_id(imv);
+               entry->have_recommendation = FALSE;
                entry->rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION;
                entry->eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
                this->recs->insert_last(this->recs, entry);