]> git.ipfire.org Git - people/ms/strongswan.git/blob - src/libimcv/imv/imv_policy_manager.c
projects / people / ms / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
created a simple IMV Policy Manager
[people/ms/strongswan.git] / src / libimcv / imv / imv_policy_manager.c
1 /*
2 * Copyright (C) 2013 Andreas Steffen
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "imv_policy_manager_usage.h"
17 #include "imv_workitem.h"
18
19 #include <library.h>
20 #include <utils/debug.h>
21
22 #include <stdlib.h>
23 #include <stdio.h>
24
25 /**
26 * global debug output variables
27 */
28 static int debug_level = 2;
29 static bool stderr_quiet = FALSE;
30
31 /**
32 * attest dbg function
33 */
34 static void stderr_dbg(debug_t group, level_t level, char *fmt, ...)
35 {
36 va_list args;
37
38 if (level <= debug_level)
39 {
40 if (!stderr_quiet)
41 {
42 va_start(args, fmt);
43 vfprintf(stderr, fmt, args);
44 fprintf(stderr, "\n");
45 va_end(args);
46 }
47 }
48 }
49
50 bool policy_start(database_t *db, int session_id)
51 {
52 if (db->execute(db, NULL,
53 "INSERT INTO workitems (session, type, argument, "
54 "rec_fail, rec_noresult) VALUES (?, ?, ?, ?, ?)",
55 DB_INT, session_id, DB_INT, IMV_WORKITEM_PACKAGES,
56 DB_TEXT, "",
57 DB_INT, TNC_IMV_ACTION_RECOMMENDATION_ISOLATE,
58 DB_INT, TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS) != 1)
59 {
60 return FALSE;
61 }
62 if (db->execute(db, NULL,
63 "INSERT INTO workitems (session, type, argument, "
64 "rec_fail, rec_noresult) VALUES (?, ?, ?, ?, ?)",
65 DB_INT, session_id, DB_INT, IMV_WORKITEM_FORWARDING,
66 DB_TEXT, "",
67 DB_INT, TNC_IMV_ACTION_RECOMMENDATION_ISOLATE,
68 DB_INT, TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS) != 1)
69 {
70 return FALSE;
71 }
72 if (db->execute(db, NULL,
73 "INSERT INTO workitems (session, type, argument, "
74 "rec_fail, rec_noresult) VALUES (?, ?, ?, ?, ?)",
75 DB_INT, session_id, DB_INT, IMV_WORKITEM_TCP_SCAN,
76 DB_TEXT, "22",
77 DB_INT, TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS,
78 DB_INT, TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS) != 1)
79 {
80 return FALSE;
81 }
82
83 return TRUE;
84 }
85
86 bool policy_stop(database_t *db, int session_id)
87 {
88 return db->execute(db, NULL,
89 "DELETE FROM workitems WHERE session = ?",
90 DB_UINT, session_id) > 0;
91 }
92
93 int main(int argc, char *argv[])
94 {
95 database_t *db;
96 char *uri, *tnc_session_id;
97 int session_id;
98 bool start, success;
99
100 /* enable attest debugging hook */
101 dbg = stderr_dbg;
102
103 atexit(library_deinit);
104
105 /* initialize library */
106 if (!library_init(NULL))
107 {
108 exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
109 }
110 if (!lib->plugins->load(lib->plugins, NULL,
111 lib->settings->get_str(lib->settings, "imv_policy_manager.load",
112 "sqlite")))
113 {
114 exit(SS_RC_INITIALIZATION_FAILED);
115 }
116
117 if (argc < 2)
118 {
119 usage();
120 exit(SS_RC_INITIALIZATION_FAILED);
121 }
122 if (streq(argv[1], "start"))
123 {
124 start = TRUE;
125 }
126 else if (streq(argv[1], "stop"))
127 {
128 start = FALSE;
129 }
130 else
131 {
132 usage();
133 exit(SS_RC_INITIALIZATION_FAILED);
134 }
135
136 /* get session ID */
137 tnc_session_id = getenv("TNC_SESSION_ID");
138 if (!tnc_session_id)
139 {
140 fprintf(stderr, "environment variable TNC_SESSION_ID is not defined\n");
141 exit(SS_RC_INITIALIZATION_FAILED);
142 }
143 session_id = atoi(tnc_session_id);
144
145 /* attach database */
146 uri = lib->settings->get_str(lib->settings, "imv_policy_manager.database",
147 "sqlite:///etc/pts/config.db");
148 db = lib->db->create(lib->db, uri);
149 if (!db)
150 {
151 fprintf(stderr, "opening database failed.\n");
152 exit(SS_RC_INITIALIZATION_FAILED);
153 }
154
155 if (start)
156 {
157 success = policy_start(db, session_id);
158 }
159 else
160 {
161 success = policy_stop(db, session_id);
162 }
163 db->destroy(db);
164
165 fprintf(stderr, "imv_policy_manager %s %s\n", start ? "start" : "stop",
166 success ? "successful" : "failed");
167
168 exit(EXIT_SUCCESS);
169 }
170
Michael's strongswan development tree