return NULL;
}
+METHOD(imv_manager_t, get_recommendation_policy, recommendation_policy_t,
+ private_tnc_imv_manager_t *this)
+{
+ return this->policy;
+}
+
METHOD(imv_manager_t, create_recommendations, recommendations_t*,
private_tnc_imv_manager_t *this)
{
.public = {
.add = _add,
.remove = _remove_, /* avoid name conflict with stdio.h */
+ .get_recommendation_policy = _get_recommendation_policy,
.create_recommendations = _create_recommendations,
.enforce_recommendation = _enforce_recommendation,
.notify_connection_change = _notify_connection_change,
);
policy = enum_from_name(recommendation_policy_names,
lib->settings->get_str(lib->settings,
- "charon.plugins.tnc-imv.recommendation_policy", "any"));
- this->policy = (policy != -1) ? policy : RECOMMENDATION_POLICY_NONE;
+ "charon.plugins.tnc-imv.recommendation_policy", "default"));
+ this->policy = (policy != -1) ? policy : RECOMMENDATION_POLICY_DEFAULT;
DBG1(DBG_TNC, "TNC recommendation policy is '%N'",
recommendation_policy_names, this->policy);
*/
#include <debug.h>
-#include <utils/linked_list.h>
+#include <daemon.h>
#include <threading/mutex.h>
#include <tnc/tncifimv_names.h>
#include <tnc/imv/imv_recommendations.h>
private_tnc_imv_recommendations_t *this, TNC_IMV_Action_Recommendation *rec,
TNC_IMV_Evaluation_Result *eval)
{
- /* TODO */
- *rec = TNC_IMV_ACTION_RECOMMENDATION_ALLOW;
- *eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT;
+ enumerator_t *enumerator;
+ recommendation_entry_t *entry;
+ recommendation_policy_t policy;
+ TNC_IMV_Action_Recommendation final_rec;
+ TNC_IMV_Evaluation_Result final_eval;
+ bool first = TRUE, incomplete = FALSE;
+
+ *rec = final_rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION;
+ *eval = final_eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
+
+ if (this->recs->get_count(this->recs) == 0)
+ {
+ DBG1(DBG_TNC, "there are no IMVs to make a recommendation");
+ return TRUE;
+ }
+ policy = charon->imvs->get_recommendation_policy(charon->imvs);
+
+ enumerator = this->recs->create_enumerator(this->recs);
+ while (enumerator->enumerate(enumerator, &entry))
+ {
+ if (entry->rec == TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION ||
+ entry->eval == TNC_IMV_EVALUATION_RESULT_DONT_KNOW)
+ {
+ incomplete = TRUE;
+ break;
+ }
+ if (first)
+ {
+ final_rec = entry->rec;
+ final_eval = entry->eval;
+ first = FALSE;
+ }
+ switch (policy)
+ {
+ case RECOMMENDATION_POLICY_DEFAULT:
+ /* Consolidate action recommendations */
+ if (entry->rec == TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS)
+ {
+ final_rec = TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS;
+ }
+ else if (entry->rec == TNC_IMV_ACTION_RECOMMENDATION_ISOLATE &&
+ final_rec != TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS)
+ {
+ final_rec = TNC_IMV_ACTION_RECOMMENDATION_ISOLATE;
+ }
+ else
+ {
+ final_rec = TNC_IMV_ACTION_RECOMMENDATION_ALLOW;
+ }
+
+ /* Consolidate evaluation results */
+ if (entry->eval == TNC_IMV_EVALUATION_RESULT_ERROR)
+ {
+ final_eval = TNC_IMV_EVALUATION_RESULT_ERROR;
+ }
+ else if (entry->eval == TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MAJOR &&
+ final_eval != TNC_IMV_EVALUATION_RESULT_ERROR)
+ {
+ final_eval = TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MAJOR;
+ }
+ else if (entry->eval == TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR &&
+ final_eval != TNC_IMV_EVALUATION_RESULT_ERROR &&
+ final_eval != TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MAJOR)
+ {
+ final_eval = TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR;
+ }
+ else if (entry->eval == TNC_IMV_EVALUATION_RESULT_COMPLIANT)
+ {
+ final_eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT;
+ }
+ break;
+ case RECOMMENDATION_POLICY_ALL:
+ /* Consolidate action recommendations */
+ if (entry->rec != final_rec)
+ {
+ final_rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION;
+ }
+
+ /* Consolidate evaluation results */
+ if (entry->eval != final_eval)
+ {
+ final_eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
+ }
+ break;
+ case RECOMMENDATION_POLICY_ANY:
+ /* Consolidate action recommendations */
+ if (entry->rec == TNC_IMV_ACTION_RECOMMENDATION_ALLOW)
+ {
+ final_rec = TNC_IMV_ACTION_RECOMMENDATION_ALLOW;
+ }
+ else if (entry->rec == TNC_IMV_ACTION_RECOMMENDATION_ISOLATE &&
+ final_rec != TNC_IMV_ACTION_RECOMMENDATION_ALLOW)
+ {
+ final_rec = TNC_IMV_ACTION_RECOMMENDATION_ISOLATE;
+ }
+ else
+ {
+ final_rec = TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS;
+ }
+
+ /* Consolidate evaluation results */
+ if (entry->eval == TNC_IMV_EVALUATION_RESULT_COMPLIANT)
+ {
+ final_eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT;
+ }
+ else if (entry->eval == TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR &&
+ final_eval != TNC_IMV_EVALUATION_RESULT_COMPLIANT)
+ {
+ final_eval = TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR;
+ }
+ else if (entry->eval == TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MAJOR &&
+ final_eval != TNC_IMV_EVALUATION_RESULT_COMPLIANT &&
+ final_eval != TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR)
+ {
+ final_eval = TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MAJOR;
+ }
+ else if (entry->eval == TNC_IMV_EVALUATION_RESULT_ERROR)
+ {
+ final_eval = TNC_IMV_EVALUATION_RESULT_ERROR;
+ }
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ if (incomplete)
+ {
+ return FALSE;
+ }
+ *rec = final_rec;
+ *eval = final_eval;
return TRUE;
}
+
METHOD(recommendations_t, destroy, void,
private_tnc_imv_recommendations_t *this)
{
projects / strongswan.git / commitdiff