centralized processing of assessment information
authorAndreas Steffen <andreas.steffen@strongswan.org>
Sun, 11 Nov 2012 09:51:19 +0000 (10:51 +0100)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Mon, 12 Nov 2012 09:45:38 +0000 (10:45 +0100)
src/libcharon/plugins/tnccs_20/tnccs_20.c
src/libimcv/imc/imc_msg.c
src/libimcv/imv/imv_msg.c
src/libimcv/imv/imv_state.h
src/libimcv/plugins/imc_os/imc_os.c
src/libimcv/plugins/imc_scanner/imc_scanner.c
src/libimcv/plugins/imv_os/imv_os_state.c
src/libimcv/plugins/imv_scanner/imv_scanner_state.c
src/libimcv/plugins/imv_test/imv_test_state.c
src/libpts/plugins/imv_attestation/imv_attestation_state.c

index 8540f46..e1ba566 100644 (file)
@@ -369,10 +369,9 @@ static void handle_message(private_tnccs_20_t *this, pb_tnc_msg_t *msg)
                        reason_msg = (pb_reason_string_msg_t*)msg;
                        reason_string = reason_msg->get_reason_string(reason_msg);
                        language_code = reason_msg->get_language_code(reason_msg);
-                       DBG2(DBG_TNC, "reason string is '%.*s'", (int)reason_string.len,
-                                                                                                        reason_string.ptr);
-                       DBG2(DBG_TNC, "language code is '%.*s'", (int)language_code.len,
-                                                                                                        language_code.ptr);
+                       DBG1(DBG_TNC, "reason string is '%.*s' [%.*s]",
+                                (int)reason_string.len, reason_string.ptr,
+                                (int)language_code.len, language_code.ptr);
                        break;
                }
                default:
index 60613d0..788408c 100644 (file)
@@ -17,6 +17,7 @@
 
 #include "ietf/ietf_attr.h"
 #include "ietf/ietf_attr_assess_result.h"
+#include "ietf/ietf_attr_remediation_instr.h"
 
 #include <tncif_names.h>
 
@@ -167,13 +168,38 @@ METHOD(imc_msg_t, send_, TNC_Result,
        return result;
 }
 
+/**
+ * Print a clearly visible assessment header to the log
+ */
+static void print_assessment_header(const char *name, TNC_UInt32 id, bool *first)
+{
+       if (*first)
+       {
+               DBG1(DBG_IMC, "***** assessment of IMC %u \"%s\" *****", id, name);
+               *first = FALSE;
+       }
+}
+
+/**
+ * Print a clearly visible assessment trailer to the log
+ */
+static void print_assessment_trailer(bool first)
+{
+       if (!first)
+       {
+               DBG1(DBG_IMC, "***** end of assessment *****");
+       }
+}
+
 METHOD(imc_msg_t, receive, TNC_Result,
        private_imc_msg_t *this, bool *fatal_error)
 {
+       TNC_UInt32 target_imc_id;
        enumerator_t *enumerator;
        pa_tnc_attr_t *attr;
        pen_type_t attr_type;
        chunk_t msg;
+       bool first = TRUE;
 
        if (this->state->has_long(this->state))
        {
@@ -235,6 +261,10 @@ METHOD(imc_msg_t, receive, TNC_Result,
                        return TNC_RESULT_FATAL;
        }
 
+       /* determine target IMC ID */
+       target_imc_id = (this->dst_id != TNC_IMCID_ANY) ?
+                                        this->dst_id : this->agent->get_id(this->agent);
+
        /* preprocess any received IETF standard error attributes */
        *fatal_error = this->pa_msg->process_ietf_std_errors(this->pa_msg);
 
@@ -244,24 +274,63 @@ METHOD(imc_msg_t, receive, TNC_Result,
        {
                attr_type = attr->get_type(attr);
                
-               if (attr_type.vendor_id == PEN_IETF &&
-                       attr_type.type == IETF_ATTR_ASSESSMENT_RESULT)
+               if (attr_type.vendor_id != PEN_IETF)
+               {
+                       continue;
+               }
+               if (attr_type.type == IETF_ATTR_ASSESSMENT_RESULT)
                {
                        ietf_attr_assess_result_t *attr_cast;
-                       TNC_UInt32 target_imc_id;
                        TNC_IMV_Evaluation_Result result;
 
                        attr_cast = (ietf_attr_assess_result_t*)attr;
                        result =  attr_cast->get_result(attr_cast);
-                       target_imc_id = (this->dst_id != TNC_IMCID_ANY) ?
-                                                        this->dst_id : this->agent->get_id(this->agent); 
                        this->state->set_result(this->state, target_imc_id, result);
 
-                       DBG1(DBG_IMC, "set assessment result for IMC %u to '%N'",
-                                target_imc_id, TNC_IMV_Evaluation_Result_names, result);
+                       print_assessment_header(this->agent->get_name(this->agent),
+                                                                       target_imc_id, &first);
+                       DBG1(DBG_IMC, "assessment result is '%N'",
+                                TNC_IMV_Evaluation_Result_names, result);
+               }
+               else if (attr_type.type == IETF_ATTR_REMEDIATION_INSTRUCTIONS)
+               {
+                       ietf_attr_remediation_instr_t *attr_cast;
+                       pen_type_t parameters_type;
+                       chunk_t parameters, string, lang_code;
+
+                       attr_cast = (ietf_attr_remediation_instr_t*)attr;
+                       parameters_type = attr_cast->get_parameters_type(attr_cast);
+                       parameters = attr_cast->get_parameters(attr_cast);
+
+                       print_assessment_header(this->agent->get_name(this->agent),
+                                                                       target_imc_id, &first);
+                       if (parameters_type.vendor_id == PEN_IETF)
+                       {
+                               switch (parameters_type.type)
+                               {
+                                       case IETF_REMEDIATION_PARAMETERS_URI:
+                                               DBG1(DBG_IMC, "remediation uri: '%.*s'",
+                                                                          parameters.len, parameters.ptr);
+                                               break;
+                                       case IETF_REMEDIATION_PARAMETERS_STRING:
+                                               string = attr_cast->get_string(attr_cast, &lang_code);
+                                               DBG1(DBG_IMC, "remediation string: '%.*s' [%.*s]",
+                                                                          string.len, string.ptr,
+                                                                          lang_code.len, lang_code.ptr);
+                                               break;
+                                       default:
+                                               DBG1(DBG_IMC, "remediation parameters %B", &parameters);
+                               }
+                       }
+                       else
+                       {
+                               DBG1(DBG_IMC, "remediation parameters %B", &parameters);
+                       }
                }
        }
        enumerator->destroy(enumerator);
+
+       print_assessment_trailer(first);
                
        return TNC_RESULT_SUCCESS;
 }
index d7fd436..b628c32 100644 (file)
@@ -191,7 +191,7 @@ METHOD(imv_msg_t, send_assessment, TNC_Result,
        TNC_IMV_Action_Recommendation rec;
        TNC_IMV_Evaluation_Result eval;
        pa_tnc_attr_t *attr;
-       char *string, *lang_code;
+       char *string = NULL, *lang_code = NULL, *uri = NULL;
        enumerator_t *e;
 
        /* Send an IETF Assessment Result attribute if enabled */
@@ -202,17 +202,27 @@ METHOD(imv_msg_t, send_assessment, TNC_Result,
                attr = ietf_attr_assess_result_create(eval);
                add_attribute(this, attr);
 
+               /* Send IETF Remediation Instructions if available */
                if (eval != TNC_IMV_EVALUATION_RESULT_COMPLIANT)
                {
                        e = this->agent->create_language_enumerator(this->agent,
-                                                                                                               this->state);
+                                                                       this->state);
                        if (this->state->get_remediation_instructions(this->state,
-                                                                                               e, &string, &lang_code))
+                                                                       e, &string, &lang_code, &uri))
                        {
-                               attr = ietf_attr_remediation_instr_create_from_string(
+                               if (string && lang_code)
+                               {
+                                       attr = ietf_attr_remediation_instr_create_from_string(
                                                                        chunk_create(string, strlen(string)),
                                                                        chunk_create(lang_code, strlen(lang_code)));
-                               add_attribute(this, attr);
+                                       add_attribute(this, attr);
+                               }
+                               if (uri)
+                               {
+                                       attr = ietf_attr_remediation_instr_create_from_uri(
+                                                                       chunk_create(uri, strlen(uri)));
+                                       add_attribute(this, attr);
+                               }
                        }
                        e->destroy(e);
                }
index a81fdfa..6b9bbe7 100644 (file)
@@ -124,11 +124,13 @@ struct imv_state_t {
         * @param language_enumerator   language enumerator
         * @param string                                remediation instruction string
         * @param lang_code                             language of the remediation instructions
+        * @param uri                                   remediation URI
         * @return                                              TRUE if remediation instructions were found
         */
        bool (*get_remediation_instructions)(imv_state_t *this,
                                                                                 enumerator_t *language_enumerator,
-                                                                                char **string, char **lang_code);
+                                                                                char **string, char **lang_code,
+                                                                                char **uri);
 
        /**
         * Destroys an imv_state_t object
index 5f2af9b..a179e45 100644 (file)
@@ -25,7 +25,6 @@
 #include <ietf/ietf_attr_numeric_version.h>
 #include <ietf/ietf_attr_op_status.h>
 #include <ietf/ietf_attr_product_info.h>
-#include <ietf/ietf_attr_remediation_instr.h>
 #include <ietf/ietf_attr_string_version.h>
 #include <ita/ita_attr.h>
 #include <ita/ita_attr_get_settings.h>
@@ -444,39 +443,6 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
                                }
                                e->destroy(e);
                        }
-                       else if (type.type == IETF_ATTR_REMEDIATION_INSTRUCTIONS)
-                       {
-                               ietf_attr_remediation_instr_t *attr_cast;
-                               pen_type_t parameters_type;
-                               chunk_t parameters, string, lang_code;
-
-                               attr_cast = (ietf_attr_remediation_instr_t*)attr;
-                               parameters_type = attr_cast->get_parameters_type(attr_cast);
-                               parameters = attr_cast->get_parameters(attr_cast);
-
-                               if (parameters_type.vendor_id == PEN_IETF)
-                               {
-                                       switch (parameters_type.type)
-                                       {
-                                               case IETF_REMEDIATION_PARAMETERS_URI:
-                                                       DBG1(DBG_IMC, "remediation uri: '%.*s'",
-                                                                                  parameters.len, parameters.ptr);
-                                                       break;
-                                               case IETF_REMEDIATION_PARAMETERS_STRING:
-                                                       string = attr_cast->get_string(attr_cast, &lang_code);
-                                                       DBG1(DBG_IMC, "remediation string: '%.*s' [%.*s]",
-                                                                                  string.len, string.ptr,
-                                                                                  lang_code.len, lang_code.ptr);
-                                                       break;
-                                               default:
-                                                       DBG1(DBG_IMC, "remediation parameters %B", &parameters);
-                                       }
-                               }
-                               else
-                               {
-                                       DBG1(DBG_IMC, "remediation parameters %B", &parameters);
-                               }
-                       }
                }
                else if (type.vendor_id == PEN_ITA && type.type == ITA_ATTR_GET_SETTINGS)
                {
index 36ff2dd..f233f22 100644 (file)
@@ -20,7 +20,6 @@
 #include <ietf/ietf_attr.h>
 #include <ietf/ietf_attr_attr_request.h>
 #include <ietf/ietf_attr_port_filter.h>
-#include <ietf/ietf_attr_remediation_instr.h>
 
 #include <tncif_pa_subtypes.h>
 
@@ -340,39 +339,6 @@ static TNC_Result receive_message(imc_msg_t *in_msg)
                        }
                        e->destroy(e);
                }
-               else if (attr_type.type == IETF_ATTR_REMEDIATION_INSTRUCTIONS)
-               {
-                       ietf_attr_remediation_instr_t *attr_cast;
-                       pen_type_t parameters_type;
-                       chunk_t parameters, string, lang_code;
-
-                       attr_cast = (ietf_attr_remediation_instr_t*)attr;
-                       parameters_type = attr_cast->get_parameters_type(attr_cast);
-                       parameters = attr_cast->get_parameters(attr_cast);
-
-                       if (parameters_type.vendor_id == PEN_IETF)
-                       {
-                               switch (parameters_type.type)
-                               {
-                                       case IETF_REMEDIATION_PARAMETERS_URI:
-                                               DBG1(DBG_IMC, "remediation uri: '%.*s'",
-                                                                          parameters.len, parameters.ptr);
-                                               break;
-                                       case IETF_REMEDIATION_PARAMETERS_STRING:
-                                               string = attr_cast->get_string(attr_cast, &lang_code);
-                                               DBG1(DBG_IMC, "remediation string: '%.*s' [%.*s]",
-                                                                          string.len, string.ptr,
-                                                                          lang_code.len, lang_code.ptr);
-                                               break;
-                                       default:
-                                               DBG1(DBG_IMC, "remediation parameters %B", &parameters);
-                               }
-                       }
-                       else
-                       {
-                               DBG1(DBG_IMC, "remediation parameters %B", &parameters);
-                       }
-               }
        }
        enumerator->destroy(enumerator);
 
index fec49fe..1aaf73b 100644 (file)
@@ -199,7 +199,7 @@ METHOD(imv_state_t, get_reason_string, bool,
 
 METHOD(imv_state_t, get_remediation_instructions, bool,
        private_imv_os_state_t *this, enumerator_t *language_enumerator,
-       char **string, char **lang_code)
+       char **string, char **lang_code, char **uri)
 {
        return FALSE;
 }
index 44f0753..60bdcc8 100644 (file)
@@ -205,7 +205,7 @@ METHOD(imv_state_t, get_reason_string, bool,
 
 METHOD(imv_state_t, get_remediation_instructions, bool,
        private_imv_scanner_state_t *this, enumerator_t *language_enumerator,
-       char **string, char **lang_code)
+       char **string, char **lang_code, char **uri)
 {
        bool match = FALSE;
        char *lang;
@@ -241,6 +241,8 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
                                                                strlen(this->violating_ports) + 1);
        sprintf(this->instructions, "%s%s", *string, this->violating_ports);
        *string = this->instructions;
+       *uri = lib->settings->get_str(lib->settings,
+                               "libimcv.plugins.imv-scanner.remediation_uri", NULL);
 
        return TRUE;
 }
index adfe862..9b8635d 100644 (file)
@@ -197,9 +197,9 @@ METHOD(imv_state_t, get_reason_string, bool,
 
 METHOD(imv_state_t, get_remediation_instructions, bool,
        private_imv_test_state_t *this, enumerator_t *language_enumerator,
-       char **string, char **lang_code)
+       char **string, char **lang_code, char **uri)
 {
-
+       return FALSE;
 }
 
 METHOD(imv_state_t, destroy, void,
index b9adbc0..4151ccb 100644 (file)
@@ -244,7 +244,7 @@ METHOD(imv_state_t, get_reason_string, bool,
 
 METHOD(imv_state_t, get_remediation_instructions, bool,
        private_imv_attestation_state_t *this, enumerator_t *language_enumerator,
-       char **string, char **lang_code)
+       char **string, char **lang_code, char **uri)
 {
        return FALSE;
 }