From 3de9a31a493f1cacfa1599efdf28d3dc6b561886 Mon Sep 17 00:00:00 2001
From: Andreas Steffen <andreas.steffen@strongswan.org>
Date: Sun, 11 Nov 2012 10:51:19 +0100
Subject: [PATCH] centralized processing of assessment information

---
 src/libcharon/plugins/tnccs_20/tnccs_20.c          |  7 +-
 src/libimcv/imc/imc_msg.c                          | 83 ++++++++++++++++++++--
 src/libimcv/imv/imv_msg.c                          | 20 ++++--
 src/libimcv/imv/imv_state.h                        |  4 +-
 src/libimcv/plugins/imc_os/imc_os.c                | 34 ---------
 src/libimcv/plugins/imc_scanner/imc_scanner.c      | 34 ---------
 src/libimcv/plugins/imv_os/imv_os_state.c          |  2 +-
 .../plugins/imv_scanner/imv_scanner_state.c        |  4 +-
 src/libimcv/plugins/imv_test/imv_test_state.c      |  4 +-
 .../imv_attestation/imv_attestation_state.c        |  2 +-
 10 files changed, 104 insertions(+), 90 deletions(-)

diff --git a/src/libcharon/plugins/tnccs_20/tnccs_20.c b/src/libcharon/plugins/tnccs_20/tnccs_20.c
index 8540f46..e1ba566 100644
--- a/src/libcharon/plugins/tnccs_20/tnccs_20.c
+++ b/src/libcharon/plugins/tnccs_20/tnccs_20.c
@@ -369,10 +369,9 @@ static void handle_message(private_tnccs_20_t *this, pb_tnc_msg_t *msg)
 			reason_msg = (pb_reason_string_msg_t*)msg;
 			reason_string = reason_msg->get_reason_string(reason_msg);
 			language_code = reason_msg->get_language_code(reason_msg);
-			DBG2(DBG_TNC, "reason string is '%.*s'", (int)reason_string.len,
-													 reason_string.ptr);
-			DBG2(DBG_TNC, "language code is '%.*s'", (int)language_code.len,
-													 language_code.ptr);
+			DBG1(DBG_TNC, "reason string is '%.*s' [%.*s]",
+				 (int)reason_string.len, reason_string.ptr,
+				 (int)language_code.len, language_code.ptr);
 			break;
 		}
 		default:
diff --git a/src/libimcv/imc/imc_msg.c b/src/libimcv/imc/imc_msg.c
index 60613d0..788408c 100644
--- a/src/libimcv/imc/imc_msg.c
+++ b/src/libimcv/imc/imc_msg.c
@@ -17,6 +17,7 @@
 
 #include "ietf/ietf_attr.h"
 #include "ietf/ietf_attr_assess_result.h"
+#include "ietf/ietf_attr_remediation_instr.h"
 
 #include <tncif_names.h>
 
@@ -167,13 +168,38 @@ METHOD(imc_msg_t, send_, TNC_Result,
 	return result;
 }
 
+/**
+ * Print a clearly visible assessment header to the log
+ */
+static void print_assessment_header(const char *name, TNC_UInt32 id, bool *first)
+{
+	if (*first)
+	{
+		DBG1(DBG_IMC, "***** assessment of IMC %u \"%s\" *****", id, name);
+		*first = FALSE;
+	}
+}
+
+/**
+ * Print a clearly visible assessment trailer to the log
+ */
+static void print_assessment_trailer(bool first)
+{
+	if (!first)
+	{
+		DBG1(DBG_IMC, "***** end of assessment *****");
+	}
+}
+
 METHOD(imc_msg_t, receive, TNC_Result,
 	private_imc_msg_t *this, bool *fatal_error)
 {
+	TNC_UInt32 target_imc_id;
 	enumerator_t *enumerator;
 	pa_tnc_attr_t *attr;
 	pen_type_t attr_type;
 	chunk_t msg;
+	bool first = TRUE;
 
 	if (this->state->has_long(this->state))
 	{
@@ -235,6 +261,10 @@ METHOD(imc_msg_t, receive, TNC_Result,
 			return TNC_RESULT_FATAL;
 	}
 
+	/* determine target IMC ID */
+	target_imc_id = (this->dst_id != TNC_IMCID_ANY) ?
+					 this->dst_id : this->agent->get_id(this->agent);
+
 	/* preprocess any received IETF standard error attributes */
 	*fatal_error = this->pa_msg->process_ietf_std_errors(this->pa_msg);
 
@@ -244,24 +274,63 @@ METHOD(imc_msg_t, receive, TNC_Result,
 	{
 		attr_type = attr->get_type(attr);
 		
-		if (attr_type.vendor_id == PEN_IETF &&
-			attr_type.type == IETF_ATTR_ASSESSMENT_RESULT)
+		if (attr_type.vendor_id != PEN_IETF)
+		{
+			continue;
+		}
+		if (attr_type.type == IETF_ATTR_ASSESSMENT_RESULT)
 		{
 			ietf_attr_assess_result_t *attr_cast;
-			TNC_UInt32 target_imc_id;
 			TNC_IMV_Evaluation_Result result;
 
 			attr_cast = (ietf_attr_assess_result_t*)attr;
 			result =  attr_cast->get_result(attr_cast);
-			target_imc_id = (this->dst_id != TNC_IMCID_ANY) ?
-							 this->dst_id : this->agent->get_id(this->agent); 
 			this->state->set_result(this->state, target_imc_id, result);
 
-			DBG1(DBG_IMC, "set assessment result for IMC %u to '%N'",
-				 target_imc_id, TNC_IMV_Evaluation_Result_names, result);
+			print_assessment_header(this->agent->get_name(this->agent),
+									target_imc_id, &first);
+			DBG1(DBG_IMC, "assessment result is '%N'",
+				 TNC_IMV_Evaluation_Result_names, result);
+		}
+		else if (attr_type.type == IETF_ATTR_REMEDIATION_INSTRUCTIONS)
+		{
+			ietf_attr_remediation_instr_t *attr_cast;
+			pen_type_t parameters_type;
+			chunk_t parameters, string, lang_code;
+
+			attr_cast = (ietf_attr_remediation_instr_t*)attr;
+			parameters_type = attr_cast->get_parameters_type(attr_cast);
+			parameters = attr_cast->get_parameters(attr_cast);
+
+			print_assessment_header(this->agent->get_name(this->agent),
+									target_imc_id, &first);
+			if (parameters_type.vendor_id == PEN_IETF)
+			{
+				switch (parameters_type.type)
+				{
+					case IETF_REMEDIATION_PARAMETERS_URI:
+						DBG1(DBG_IMC, "remediation uri: '%.*s'",
+									   parameters.len, parameters.ptr);
+						break;
+					case IETF_REMEDIATION_PARAMETERS_STRING:
+						string = attr_cast->get_string(attr_cast, &lang_code);
+						DBG1(DBG_IMC, "remediation string: '%.*s' [%.*s]",
+									   string.len, string.ptr,
+									   lang_code.len, lang_code.ptr);
+						break;
+					default:
+						DBG1(DBG_IMC, "remediation parameters %B", &parameters);
+				}
+			}
+			else
+			{
+				DBG1(DBG_IMC, "remediation parameters %B", &parameters);
+			}
 		}
 	}
 	enumerator->destroy(enumerator);
+
+	print_assessment_trailer(first);
 		
 	return TNC_RESULT_SUCCESS;
 }
diff --git a/src/libimcv/imv/imv_msg.c b/src/libimcv/imv/imv_msg.c
index d7fd436..b628c32 100644
--- a/src/libimcv/imv/imv_msg.c
+++ b/src/libimcv/imv/imv_msg.c
@@ -191,7 +191,7 @@ METHOD(imv_msg_t, send_assessment, TNC_Result,
 	TNC_IMV_Action_Recommendation rec;
 	TNC_IMV_Evaluation_Result eval;
 	pa_tnc_attr_t *attr;
-	char *string, *lang_code;
+	char *string = NULL, *lang_code = NULL, *uri = NULL;
 	enumerator_t *e;
 
 	/* Send an IETF Assessment Result attribute if enabled */
@@ -202,17 +202,27 @@ METHOD(imv_msg_t, send_assessment, TNC_Result,
 		attr = ietf_attr_assess_result_create(eval);
 		add_attribute(this, attr);
 
+		/* Send IETF Remediation Instructions if available */
 		if (eval != TNC_IMV_EVALUATION_RESULT_COMPLIANT)
 		{
 			e = this->agent->create_language_enumerator(this->agent,
-														this->state);
+									this->state);
 			if (this->state->get_remediation_instructions(this->state,
-												e, &string, &lang_code))
+									e, &string, &lang_code, &uri))
 			{
-				attr = ietf_attr_remediation_instr_create_from_string(
+				if (string && lang_code)
+				{
+					attr = ietf_attr_remediation_instr_create_from_string(
 									chunk_create(string, strlen(string)),
 									chunk_create(lang_code, strlen(lang_code)));
-				add_attribute(this, attr);
+					add_attribute(this, attr);
+				}
+				if (uri)
+				{
+					attr = ietf_attr_remediation_instr_create_from_uri(
+									chunk_create(uri, strlen(uri)));
+					add_attribute(this, attr);
+				}
 			}
 			e->destroy(e);
 		}
diff --git a/src/libimcv/imv/imv_state.h b/src/libimcv/imv/imv_state.h
index a81fdfa..6b9bbe7 100644
--- a/src/libimcv/imv/imv_state.h
+++ b/src/libimcv/imv/imv_state.h
@@ -124,11 +124,13 @@ struct imv_state_t {
 	 * @param language_enumerator	language enumerator
 	 * @param string				remediation instruction string
 	 * @param lang_code				language of the remediation instructions
+	 * @param uri					remediation URI
 	 * @return						TRUE if remediation instructions were found
 	 */
 	bool (*get_remediation_instructions)(imv_state_t *this,
 										 enumerator_t *language_enumerator,
-										 char **string, char **lang_code);
+										 char **string, char **lang_code,
+										 char **uri);
 
 	/**
 	 * Destroys an imv_state_t object
diff --git a/src/libimcv/plugins/imc_os/imc_os.c b/src/libimcv/plugins/imc_os/imc_os.c
index 5f2af9b..a179e45 100644
--- a/src/libimcv/plugins/imc_os/imc_os.c
+++ b/src/libimcv/plugins/imc_os/imc_os.c
@@ -25,7 +25,6 @@
 #include <ietf/ietf_attr_numeric_version.h>
 #include <ietf/ietf_attr_op_status.h>
 #include <ietf/ietf_attr_product_info.h>
-#include <ietf/ietf_attr_remediation_instr.h>
 #include <ietf/ietf_attr_string_version.h>
 #include <ita/ita_attr.h>
 #include <ita/ita_attr_get_settings.h>
@@ -444,39 +443,6 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
 				}
 				e->destroy(e);
 			}
-			else if (type.type == IETF_ATTR_REMEDIATION_INSTRUCTIONS)
-			{
-				ietf_attr_remediation_instr_t *attr_cast;
-				pen_type_t parameters_type;
-				chunk_t parameters, string, lang_code;
-
-				attr_cast = (ietf_attr_remediation_instr_t*)attr;
-				parameters_type = attr_cast->get_parameters_type(attr_cast);
-				parameters = attr_cast->get_parameters(attr_cast);
-
-				if (parameters_type.vendor_id == PEN_IETF)
-				{
-					switch (parameters_type.type)
-					{
-						case IETF_REMEDIATION_PARAMETERS_URI:
-							DBG1(DBG_IMC, "remediation uri: '%.*s'",
-										   parameters.len, parameters.ptr);
-							break;
-						case IETF_REMEDIATION_PARAMETERS_STRING:
-							string = attr_cast->get_string(attr_cast, &lang_code);
-							DBG1(DBG_IMC, "remediation string: '%.*s' [%.*s]",
-										   string.len, string.ptr,
-										   lang_code.len, lang_code.ptr);
-							break;
-						default:
-							DBG1(DBG_IMC, "remediation parameters %B", &parameters);
-					}
-				}
-				else
-				{
-					DBG1(DBG_IMC, "remediation parameters %B", &parameters);
-				}
-			}
 		}
 		else if (type.vendor_id == PEN_ITA && type.type == ITA_ATTR_GET_SETTINGS)
 		{
diff --git a/src/libimcv/plugins/imc_scanner/imc_scanner.c b/src/libimcv/plugins/imc_scanner/imc_scanner.c
index 36ff2dd..f233f22 100644
--- a/src/libimcv/plugins/imc_scanner/imc_scanner.c
+++ b/src/libimcv/plugins/imc_scanner/imc_scanner.c
@@ -20,7 +20,6 @@
 #include <ietf/ietf_attr.h>
 #include <ietf/ietf_attr_attr_request.h>
 #include <ietf/ietf_attr_port_filter.h>
-#include <ietf/ietf_attr_remediation_instr.h>
 
 #include <tncif_pa_subtypes.h>
 
@@ -340,39 +339,6 @@ static TNC_Result receive_message(imc_msg_t *in_msg)
 			}
 			e->destroy(e);
 		}
-		else if (attr_type.type == IETF_ATTR_REMEDIATION_INSTRUCTIONS)
-		{
-			ietf_attr_remediation_instr_t *attr_cast;
-			pen_type_t parameters_type;
-			chunk_t parameters, string, lang_code;
-
-			attr_cast = (ietf_attr_remediation_instr_t*)attr;
-			parameters_type = attr_cast->get_parameters_type(attr_cast);
-			parameters = attr_cast->get_parameters(attr_cast);
-
-			if (parameters_type.vendor_id == PEN_IETF)
-			{
-				switch (parameters_type.type)
-				{
-					case IETF_REMEDIATION_PARAMETERS_URI:
-						DBG1(DBG_IMC, "remediation uri: '%.*s'",
-									   parameters.len, parameters.ptr);
-						break;
-					case IETF_REMEDIATION_PARAMETERS_STRING:
-						string = attr_cast->get_string(attr_cast, &lang_code);
-						DBG1(DBG_IMC, "remediation string: '%.*s' [%.*s]",
-									   string.len, string.ptr,
-									   lang_code.len, lang_code.ptr);
-						break;
-					default:
-						DBG1(DBG_IMC, "remediation parameters %B", &parameters);
-				}
-			}
-			else
-			{
-				DBG1(DBG_IMC, "remediation parameters %B", &parameters);
-			}
-		}
 	}
 	enumerator->destroy(enumerator);
 
diff --git a/src/libimcv/plugins/imv_os/imv_os_state.c b/src/libimcv/plugins/imv_os/imv_os_state.c
index fec49fe..1aaf73b 100644
--- a/src/libimcv/plugins/imv_os/imv_os_state.c
+++ b/src/libimcv/plugins/imv_os/imv_os_state.c
@@ -199,7 +199,7 @@ METHOD(imv_state_t, get_reason_string, bool,
 
 METHOD(imv_state_t, get_remediation_instructions, bool,
 	private_imv_os_state_t *this, enumerator_t *language_enumerator,
-	char **string, char **lang_code)
+	char **string, char **lang_code, char **uri)
 {
 	return FALSE;
 }
diff --git a/src/libimcv/plugins/imv_scanner/imv_scanner_state.c b/src/libimcv/plugins/imv_scanner/imv_scanner_state.c
index 44f0753..60bdcc8 100644
--- a/src/libimcv/plugins/imv_scanner/imv_scanner_state.c
+++ b/src/libimcv/plugins/imv_scanner/imv_scanner_state.c
@@ -205,7 +205,7 @@ METHOD(imv_state_t, get_reason_string, bool,
 
 METHOD(imv_state_t, get_remediation_instructions, bool,
 	private_imv_scanner_state_t *this, enumerator_t *language_enumerator,
-	char **string, char **lang_code)
+	char **string, char **lang_code, char **uri)
 {
 	bool match = FALSE;
 	char *lang;
@@ -241,6 +241,8 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
 								strlen(this->violating_ports) + 1);
 	sprintf(this->instructions, "%s%s", *string, this->violating_ports);
 	*string = this->instructions;
+	*uri = lib->settings->get_str(lib->settings,
+				"libimcv.plugins.imv-scanner.remediation_uri", NULL);
 
 	return TRUE;
 }
diff --git a/src/libimcv/plugins/imv_test/imv_test_state.c b/src/libimcv/plugins/imv_test/imv_test_state.c
index adfe862..9b8635d 100644
--- a/src/libimcv/plugins/imv_test/imv_test_state.c
+++ b/src/libimcv/plugins/imv_test/imv_test_state.c
@@ -197,9 +197,9 @@ METHOD(imv_state_t, get_reason_string, bool,
 
 METHOD(imv_state_t, get_remediation_instructions, bool,
 	private_imv_test_state_t *this, enumerator_t *language_enumerator,
-	char **string, char **lang_code)
+	char **string, char **lang_code, char **uri)
 {
-
+	return FALSE;
 }
 
 METHOD(imv_state_t, destroy, void,
diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_state.c b/src/libpts/plugins/imv_attestation/imv_attestation_state.c
index b9adbc0..4151ccb 100644
--- a/src/libpts/plugins/imv_attestation/imv_attestation_state.c
+++ b/src/libpts/plugins/imv_attestation/imv_attestation_state.c
@@ -244,7 +244,7 @@ METHOD(imv_state_t, get_reason_string, bool,
 
 METHOD(imv_state_t, get_remediation_instructions, bool,
 	private_imv_attestation_state_t *this, enumerator_t *language_enumerator,
-	char **string, char **lang_code)
+	char **string, char **lang_code, char **uri)
 {
 	return FALSE;
 }
-- 
2.7.4