private_imv_hcd_agent_t *this, TNC_ConnectionID id)
{
imv_state_t *state;
+ imv_hcd_state_t* hcd_state;
+ imv_hcd_handshake_state_t handshake_state;
+ enum_name_t *pa_subtype_names;
+ bool missing = FALSE;
+ uint32_t received;
+ int i;
if (!this->agent->get_state(this->agent, id, &state))
{
return TNC_RESULT_FATAL;
}
+ hcd_state = (imv_hcd_state_t*)state;
+ handshake_state = hcd_state->get_handshake_state(hcd_state);
+
+ if (handshake_state == IMV_HCD_STATE_ATTR_REQ)
+ {
+ pa_subtype_names = get_pa_subtype_names(PEN_PWG);
+
+ for (i = 1; i < countof(msg_types); i++)
+ {
+ hcd_state->set_subtype(hcd_state, msg_types[i].type);
+ received = state->get_action_flags(state);
+ if ((received & IMV_HCD_ATTR_MUST) != IMV_HCD_ATTR_MUST)
+ {
+ DBG1(DBG_IMV, "missing attributes for PA subtype %N/%N",
+ pen_names, PEN_PWG, pa_subtype_names, msg_types[i].type);
+ missing = TRUE;
+ }
+ }
+
+ if (missing)
+ {
+ state->set_recommendation(state,
+ TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS ,
+ TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MAJOR);
+ }
+ else
+ {
+ state->set_recommendation(state,
+ TNC_IMV_ACTION_RECOMMENDATION_ALLOW ,
+ TNC_IMV_EVALUATION_RESULT_COMPLIANT);
+ }
+ }
+ hcd_state->set_handshake_state(hcd_state, IMV_HCD_STATE_END);
+
return this->agent->provide_recommendation(this->agent, state);
}
*/
#include "imv_hcd_state.h"
+#include "imv/imv_lang_string.h"
+#include "imv/imv_reason_string.h"
#include <tncif_policy.h>
*/
imv_hcd_handshake_state_t handshake_state;
+ /**
+ * TNC Reason String
+ */
+ imv_reason_string_t *reason_string;
+
+};
+
+/**
+ * Supported languages
+ */
+static char* languages[] = { "en", "de", "fr", "pl" };
+
+/**
+ * Reason strings for "Port Filter"
+ */
+static imv_lang_string_t reasons[] = {
+ { "en", "Mandatory HCD attributes are missing" },
+ { "de", "Obligatorische HCD Attribute fehlen" },
+ { "fr", "Il manque des attributes HCD obligatoires" },
+ { "pl", "Brakuje atrybutów obowiązkowych" },
+ { NULL, NULL }
};
METHOD(imv_state_t, get_connection_id, TNC_ConnectionID,
private_imv_hcd_state_t *this, enumerator_t *language_enumerator,
chunk_t *reason_string, char **reason_language)
{
- return FALSE;
+ if (this->rec == TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION)
+ {
+ return FALSE;
+ }
+ *reason_language = imv_lang_string_select_lang(language_enumerator,
+ languages, countof(languages));
+
+ /* Instantiate a TNC Reason String object */
+ DESTROY_IF(this->reason_string);
+ this->reason_string = imv_reason_string_create(*reason_language, "\n");
+ this->reason_string->add_reason(this->reason_string, reasons);
+ *reason_string = this->reason_string->get_encoding(this->reason_string);
+
+ return TRUE;
}
METHOD(imv_state_t, get_remediation_instructions, bool,
private_imv_hcd_state_t *this)
{
DESTROY_IF(this->session);
+ DESTROY_IF(this->reason_string);
this->contracts->destroy(this->contracts);
free(this);
}
-dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA.* successful::YES
-dave:: cat /var/log/daemon.log::PDP server.*aaa.strongswan.org.*is listening on port 271::YES
-dave:: cat /var/log/daemon.log::PB-TNC assessment result is.*don.*t know::YES
-dave:: cat /var/log/daemon.log::PB-TNC access recommendation is .*Access Denied::YES
-dave:: cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES
carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA.* successful::YES
carol::cat /var/log/daemon.log::PDP server.*aaa.strongswan.org.*is listening on port 271::YES
-carol:: cat /var/log/daemon.log::PB-TNC assessment result is.*don.*t know::YES
+carol:: cat /var/log/daemon.log::PB-TNC assessment result is.*non-compliant major::YES
carol:: cat /var/log/daemon.log::PB-TNC access recommendation is .*Access Denied::YES
+carol:: cat /var/log/daemon.log::reason string is.*Mandatory HCD attributes are missing::YES
carol:: cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES
+dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA.* successful::YES
+dave:: cat /var/log/daemon.log::PDP server.*aaa.strongswan.org.*is listening on port 271::YES
+dave:: cat /var/log/daemon.log::PB-TNC assessment result is.*non-compliant major::YES
+dave:: cat /var/log/daemon.log::PB-TNC access recommendation is .*Access Denied::YES
+dave:: cat /var/log/daemon.log::reason string is.*Mandatory HCD attributes are missing::YES
+dave:: cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES
alice::cat /var/log/daemon.log::user AR identity.*dave.*authenticated by certificate::YES
alice::cat /var/log/daemon.log::user AR identity.*carol.*authenticated by certificate::YES
-alice::cat /var/log/daemon.log::policy enforced on peer.*dave@strongswan.org.*is.*no access::YES
alice::cat /var/log/daemon.log::policy enforced on peer.*carol@strongswan.org.*is.*no access::YES
+alice::cat /var/log/daemon.log::policy enforced on peer.*dave@strongswan.org.*is.*no access::YES
moon:: cat /var/log/daemon.log::RADIUS authentication of.*dave@strongswan.org.*failed::YES
moon:: cat /var/log/daemon.log::RADIUS authentication of.*dave@strongswan.org.*failed::YES
+
projects / thirdparty / strongswan.git / commitdiff
