reason_msg = (pb_reason_string_msg_t*)msg;
reason_string = reason_msg->get_reason_string(reason_msg);
language_code = reason_msg->get_language_code(reason_msg);
- DBG2(DBG_TNC, "reason string is '%.*s'", (int)reason_string.len,
- reason_string.ptr);
- DBG2(DBG_TNC, "language code is '%.*s'", (int)language_code.len,
- language_code.ptr);
+ DBG1(DBG_TNC, "reason string is '%.*s' [%.*s]",
+ (int)reason_string.len, reason_string.ptr,
+ (int)language_code.len, language_code.ptr);
break;
}
default:
#include "ietf/ietf_attr.h"
#include "ietf/ietf_attr_assess_result.h"
+#include "ietf/ietf_attr_remediation_instr.h"
#include <tncif_names.h>
return result;
}
+/**
+ * Print a clearly visible assessment header to the log
+ */
+static void print_assessment_header(const char *name, TNC_UInt32 id, bool *first)
+{
+ if (*first)
+ {
+ DBG1(DBG_IMC, "***** assessment of IMC %u \"%s\" *****", id, name);
+ *first = FALSE;
+ }
+}
+
+/**
+ * Print a clearly visible assessment trailer to the log
+ */
+static void print_assessment_trailer(bool first)
+{
+ if (!first)
+ {
+ DBG1(DBG_IMC, "***** end of assessment *****");
+ }
+}
+
METHOD(imc_msg_t, receive, TNC_Result,
private_imc_msg_t *this, bool *fatal_error)
{
+ TNC_UInt32 target_imc_id;
enumerator_t *enumerator;
pa_tnc_attr_t *attr;
pen_type_t attr_type;
chunk_t msg;
+ bool first = TRUE;
if (this->state->has_long(this->state))
{
return TNC_RESULT_FATAL;
}
+ /* determine target IMC ID */
+ target_imc_id = (this->dst_id != TNC_IMCID_ANY) ?
+ this->dst_id : this->agent->get_id(this->agent);
+
/* preprocess any received IETF standard error attributes */
*fatal_error = this->pa_msg->process_ietf_std_errors(this->pa_msg);
{
attr_type = attr->get_type(attr);
- if (attr_type.vendor_id == PEN_IETF &&
- attr_type.type == IETF_ATTR_ASSESSMENT_RESULT)
+ if (attr_type.vendor_id != PEN_IETF)
+ {
+ continue;
+ }
+ if (attr_type.type == IETF_ATTR_ASSESSMENT_RESULT)
{
ietf_attr_assess_result_t *attr_cast;
- TNC_UInt32 target_imc_id;
TNC_IMV_Evaluation_Result result;
attr_cast = (ietf_attr_assess_result_t*)attr;
result = attr_cast->get_result(attr_cast);
- target_imc_id = (this->dst_id != TNC_IMCID_ANY) ?
- this->dst_id : this->agent->get_id(this->agent);
this->state->set_result(this->state, target_imc_id, result);
- DBG1(DBG_IMC, "set assessment result for IMC %u to '%N'",
- target_imc_id, TNC_IMV_Evaluation_Result_names, result);
+ print_assessment_header(this->agent->get_name(this->agent),
+ target_imc_id, &first);
+ DBG1(DBG_IMC, "assessment result is '%N'",
+ TNC_IMV_Evaluation_Result_names, result);
+ }
+ else if (attr_type.type == IETF_ATTR_REMEDIATION_INSTRUCTIONS)
+ {
+ ietf_attr_remediation_instr_t *attr_cast;
+ pen_type_t parameters_type;
+ chunk_t parameters, string, lang_code;
+
+ attr_cast = (ietf_attr_remediation_instr_t*)attr;
+ parameters_type = attr_cast->get_parameters_type(attr_cast);
+ parameters = attr_cast->get_parameters(attr_cast);
+
+ print_assessment_header(this->agent->get_name(this->agent),
+ target_imc_id, &first);
+ if (parameters_type.vendor_id == PEN_IETF)
+ {
+ switch (parameters_type.type)
+ {
+ case IETF_REMEDIATION_PARAMETERS_URI:
+ DBG1(DBG_IMC, "remediation uri: '%.*s'",
+ parameters.len, parameters.ptr);
+ break;
+ case IETF_REMEDIATION_PARAMETERS_STRING:
+ string = attr_cast->get_string(attr_cast, &lang_code);
+ DBG1(DBG_IMC, "remediation string: '%.*s' [%.*s]",
+ string.len, string.ptr,
+ lang_code.len, lang_code.ptr);
+ break;
+ default:
+ DBG1(DBG_IMC, "remediation parameters %B", ¶meters);
+ }
+ }
+ else
+ {
+ DBG1(DBG_IMC, "remediation parameters %B", ¶meters);
+ }
}
}
enumerator->destroy(enumerator);
+
+ print_assessment_trailer(first);
return TNC_RESULT_SUCCESS;
}
TNC_IMV_Action_Recommendation rec;
TNC_IMV_Evaluation_Result eval;
pa_tnc_attr_t *attr;
- char *string, *lang_code;
+ char *string = NULL, *lang_code = NULL, *uri = NULL;
enumerator_t *e;
/* Send an IETF Assessment Result attribute if enabled */
attr = ietf_attr_assess_result_create(eval);
add_attribute(this, attr);
+ /* Send IETF Remediation Instructions if available */
if (eval != TNC_IMV_EVALUATION_RESULT_COMPLIANT)
{
e = this->agent->create_language_enumerator(this->agent,
- this->state);
+ this->state);
if (this->state->get_remediation_instructions(this->state,
- e, &string, &lang_code))
+ e, &string, &lang_code, &uri))
{
- attr = ietf_attr_remediation_instr_create_from_string(
+ if (string && lang_code)
+ {
+ attr = ietf_attr_remediation_instr_create_from_string(
chunk_create(string, strlen(string)),
chunk_create(lang_code, strlen(lang_code)));
- add_attribute(this, attr);
+ add_attribute(this, attr);
+ }
+ if (uri)
+ {
+ attr = ietf_attr_remediation_instr_create_from_uri(
+ chunk_create(uri, strlen(uri)));
+ add_attribute(this, attr);
+ }
}
e->destroy(e);
}
* @param language_enumerator language enumerator
* @param string remediation instruction string
* @param lang_code language of the remediation instructions
+ * @param uri remediation URI
* @return TRUE if remediation instructions were found
*/
bool (*get_remediation_instructions)(imv_state_t *this,
enumerator_t *language_enumerator,
- char **string, char **lang_code);
+ char **string, char **lang_code,
+ char **uri);
/**
* Destroys an imv_state_t object
#include <ietf/ietf_attr_numeric_version.h>
#include <ietf/ietf_attr_op_status.h>
#include <ietf/ietf_attr_product_info.h>
-#include <ietf/ietf_attr_remediation_instr.h>
#include <ietf/ietf_attr_string_version.h>
#include <ita/ita_attr.h>
#include <ita/ita_attr_get_settings.h>
}
e->destroy(e);
}
- else if (type.type == IETF_ATTR_REMEDIATION_INSTRUCTIONS)
- {
- ietf_attr_remediation_instr_t *attr_cast;
- pen_type_t parameters_type;
- chunk_t parameters, string, lang_code;
-
- attr_cast = (ietf_attr_remediation_instr_t*)attr;
- parameters_type = attr_cast->get_parameters_type(attr_cast);
- parameters = attr_cast->get_parameters(attr_cast);
-
- if (parameters_type.vendor_id == PEN_IETF)
- {
- switch (parameters_type.type)
- {
- case IETF_REMEDIATION_PARAMETERS_URI:
- DBG1(DBG_IMC, "remediation uri: '%.*s'",
- parameters.len, parameters.ptr);
- break;
- case IETF_REMEDIATION_PARAMETERS_STRING:
- string = attr_cast->get_string(attr_cast, &lang_code);
- DBG1(DBG_IMC, "remediation string: '%.*s' [%.*s]",
- string.len, string.ptr,
- lang_code.len, lang_code.ptr);
- break;
- default:
- DBG1(DBG_IMC, "remediation parameters %B", ¶meters);
- }
- }
- else
- {
- DBG1(DBG_IMC, "remediation parameters %B", ¶meters);
- }
- }
}
else if (type.vendor_id == PEN_ITA && type.type == ITA_ATTR_GET_SETTINGS)
{
#include <ietf/ietf_attr.h>
#include <ietf/ietf_attr_attr_request.h>
#include <ietf/ietf_attr_port_filter.h>
-#include <ietf/ietf_attr_remediation_instr.h>
#include <tncif_pa_subtypes.h>
}
e->destroy(e);
}
- else if (attr_type.type == IETF_ATTR_REMEDIATION_INSTRUCTIONS)
- {
- ietf_attr_remediation_instr_t *attr_cast;
- pen_type_t parameters_type;
- chunk_t parameters, string, lang_code;
-
- attr_cast = (ietf_attr_remediation_instr_t*)attr;
- parameters_type = attr_cast->get_parameters_type(attr_cast);
- parameters = attr_cast->get_parameters(attr_cast);
-
- if (parameters_type.vendor_id == PEN_IETF)
- {
- switch (parameters_type.type)
- {
- case IETF_REMEDIATION_PARAMETERS_URI:
- DBG1(DBG_IMC, "remediation uri: '%.*s'",
- parameters.len, parameters.ptr);
- break;
- case IETF_REMEDIATION_PARAMETERS_STRING:
- string = attr_cast->get_string(attr_cast, &lang_code);
- DBG1(DBG_IMC, "remediation string: '%.*s' [%.*s]",
- string.len, string.ptr,
- lang_code.len, lang_code.ptr);
- break;
- default:
- DBG1(DBG_IMC, "remediation parameters %B", ¶meters);
- }
- }
- else
- {
- DBG1(DBG_IMC, "remediation parameters %B", ¶meters);
- }
- }
}
enumerator->destroy(enumerator);
METHOD(imv_state_t, get_remediation_instructions, bool,
private_imv_os_state_t *this, enumerator_t *language_enumerator,
- char **string, char **lang_code)
+ char **string, char **lang_code, char **uri)
{
return FALSE;
}
METHOD(imv_state_t, get_remediation_instructions, bool,
private_imv_scanner_state_t *this, enumerator_t *language_enumerator,
- char **string, char **lang_code)
+ char **string, char **lang_code, char **uri)
{
bool match = FALSE;
char *lang;
strlen(this->violating_ports) + 1);
sprintf(this->instructions, "%s%s", *string, this->violating_ports);
*string = this->instructions;
+ *uri = lib->settings->get_str(lib->settings,
+ "libimcv.plugins.imv-scanner.remediation_uri", NULL);
return TRUE;
}
METHOD(imv_state_t, get_remediation_instructions, bool,
private_imv_test_state_t *this, enumerator_t *language_enumerator,
- char **string, char **lang_code)
+ char **string, char **lang_code, char **uri)
{
-
+ return FALSE;
}
METHOD(imv_state_t, destroy, void,
METHOD(imv_state_t, get_remediation_instructions, bool,
private_imv_attestation_state_t *this, enumerator_t *language_enumerator,
- char **string, char **lang_code)
+ char **string, char **lang_code, char **uri)
{
return FALSE;
}
projects / strongswan.git / commitdiff