From: Andreas Steffen <andreas.steffen@strongswan.org>
Date: Fri, 17 May 2013 19:38:21 +0000 (+0200)
Subject: register received scanner attributes
X-Git-Tag: 5.1.0dr1~71
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1571a11fa44edd7e5a3e5ef2040f8539024ea72f;p=thirdparty%2Fstrongswan.git

register received scanner attributes
---

diff --git a/src/libimcv/plugins/imv_os/imv_os.c b/src/libimcv/plugins/imv_os/imv_os.c
index f25c547d32..69043ccbb2 100644
--- a/src/libimcv/plugins/imv_os/imv_os.c
+++ b/src/libimcv/plugins/imv_os/imv_os.c
@@ -553,13 +553,13 @@ TNC_Result TNC_IMV_BatchEnding(TNC_IMVID imv_id, TNC_ConnectionID connection_id)
 {
 	imv_msg_t *out_msg;
 	imv_state_t *state;
+	imv_session_t *session;
 	imv_workitem_t *workitem;
 	imv_os_state_t *os_state;
 	imv_os_handshake_state_t handshake_state;
 	pa_tnc_attr_t *attr;
 	TNC_Result result = TNC_RESULT_SUCCESS;
 	enumerator_t *enumerator;
-	imv_session_t *session;
 	u_int received;
 
 	if (!imv_os)
@@ -601,6 +601,13 @@ TNC_Result TNC_IMV_BatchEnding(TNC_IMVID imv_id, TNC_ConnectionID connection_id)
 				/* trigger the policy manager */
 				imcv_db->policy_script(imcv_db, session, TRUE);
 			}
+			else
+			{
+				/* just gather information without evaluation */
+				state->set_recommendation(state,
+								TNC_IMV_ACTION_RECOMMENDATION_ALLOW,
+								TNC_IMV_EVALUATION_RESULT_DONT_KNOW);
+			}
 			handshake_state = IMV_OS_STATE_POLICY_START;
 		}
 		else if (handshake_state == IMV_OS_STATE_ATTR_REQ)
diff --git a/src/libimcv/plugins/imv_scanner/imv_scanner.c b/src/libimcv/plugins/imv_scanner/imv_scanner.c
index 16ce0863f0..5557bbc6b1 100644
--- a/src/libimcv/plugins/imv_scanner/imv_scanner.c
+++ b/src/libimcv/plugins/imv_scanner/imv_scanner.c
@@ -40,6 +40,15 @@ static pen_type_t msg_types[] = {
 
 static imv_agent_t *imv_scanner;
 
+/**
+ * Flag set when corresponding attribute has been received
+ */
+typedef enum imv_scanner_attr_t imv_scanner_attr_t;
+
+enum imv_scanner_attr_t {
+	IMV_SCANNER_ATTR_PORT_FILTER =         (1<<0)
+};
+
 typedef struct port_range_t port_range_t;
 
 struct port_range_t {
@@ -202,7 +211,7 @@ static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg)
 
 		if (type.vendor_id == PEN_IETF && type.type == IETF_ATTR_PORT_FILTER)
 		{
-			imv_scanner_state_t *imv_scanner_state;
+			imv_scanner_state_t *scanner_state;
 			ietf_attr_port_filter_t *attr_port_filter;
 			enumerator_t *enumerator;
 			u_int8_t protocol;
@@ -210,8 +219,11 @@ static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg)
 			bool blocked, compliant = TRUE;
 
 
-			imv_scanner_state = (imv_scanner_state_t*)state;
+			scanner_state = (imv_scanner_state_t*)state;
+			scanner_state->set_received(scanner_state,
+										IMV_SCANNER_ATTR_PORT_FILTER);
 			attr_port_filter = (ietf_attr_port_filter_t*)attr;
+
 			enumerator = attr_port_filter->create_port_enumerator(attr_port_filter);
 			while (enumerator->enumerate(enumerator, &blocked, &protocol, &port))
 			{
@@ -248,8 +260,7 @@ static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg)
 					compliant = FALSE;
 					snprintf(buf, sizeof(buf), "%s/%u",
 							(protocol == IPPROTO_TCP) ? "tcp" : "udp", port);
-					imv_scanner_state->add_violating_port(imv_scanner_state,
-														  strdup(buf));
+					scanner_state->add_violating_port(scanner_state, strdup(buf));
 				}
 			}
 			enumerator->destroy(enumerator);
diff --git a/src/libimcv/plugins/imv_scanner/imv_scanner_state.c b/src/libimcv/plugins/imv_scanner/imv_scanner_state.c
index de0ed62302..eeecd41443 100644
--- a/src/libimcv/plugins/imv_scanner/imv_scanner_state.c
+++ b/src/libimcv/plugins/imv_scanner/imv_scanner_state.c
@@ -85,6 +85,16 @@ struct private_imv_scanner_state_t {
 	 */
 	TNC_IMV_Evaluation_Result eval;
 
+	/**
+	 * IMV Scanner handshake state
+	 */
+	imv_scanner_handshake_state_t handshake_state;
+
+	/**
+	 * Flags set for received attributes
+	 */
+	u_int received_flags;
+
 	/**
 	 * List with ports that should be closed
 	 */
@@ -300,6 +310,31 @@ METHOD(imv_state_t, destroy, void,
 	free(this);
 }
 
+METHOD(imv_scanner_state_t, set_handshake_state, void,
+	private_imv_scanner_state_t *this, imv_scanner_handshake_state_t new_state)
+{
+	this->handshake_state = new_state;
+}
+
+METHOD(imv_scanner_state_t, get_handshake_state, imv_scanner_handshake_state_t,
+	private_imv_scanner_state_t *this)
+{
+	return this->handshake_state;
+}
+
+METHOD(imv_scanner_state_t, set_received, void,
+	private_imv_scanner_state_t *this, u_int flags)
+{
+	this->received_flags |= flags;
+}
+
+METHOD(imv_scanner_state_t, get_received, u_int,
+	private_imv_scanner_state_t *this)
+{
+	return this->received_flags;
+}
+
+
 METHOD(imv_scanner_state_t, add_violating_port, void,
 	private_imv_scanner_state_t *this, char *port)
 {
@@ -334,6 +369,10 @@ imv_state_t *imv_scanner_state_create(TNC_ConnectionID connection_id)
 				.get_remediation_instructions = _get_remediation_instructions,
 				.destroy = _destroy,
 			},
+			.set_handshake_state = _set_handshake_state,
+			.get_handshake_state = _get_handshake_state,
+			.set_received = _set_received,
+			.get_received = _get_received,
 			.add_violating_port = _add_violating_port,
 		},
 		.state = TNC_CONNECTION_STATE_CREATE,
diff --git a/src/libimcv/plugins/imv_scanner/imv_scanner_state.h b/src/libimcv/plugins/imv_scanner/imv_scanner_state.h
index a15eb07782..0543338b34 100644
--- a/src/libimcv/plugins/imv_scanner/imv_scanner_state.h
+++ b/src/libimcv/plugins/imv_scanner/imv_scanner_state.h
@@ -1,5 +1,6 @@
 /*
- * Copyright (C) 2011 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2011-2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -27,6 +28,16 @@
 #include <library.h>
 
 typedef struct imv_scanner_state_t imv_scanner_state_t;
+typedef enum imv_scanner_handshake_state_t imv_scanner_handshake_state_t;
+
+/**
+ * IMV Scanner Handshake States (state machine)
+ */
+enum imv_scanner_handshake_state_t {
+	IMV_SCANNER_STATE_INIT,
+	IMV_SCANNER_STATE_POLICY_START,
+	IMV_SCANNER_STATE_WORKITEMS
+};
 
 /**
  * Internal state of an imv_scanner_t connection instance
@@ -38,6 +49,35 @@ struct imv_scanner_state_t {
 	 */
 	imv_state_t interface;
 
+	/**
+	 * Set state of the handshake
+	 *
+	 * @param new_state			the handshake state of IMV
+	 */
+	void (*set_handshake_state)(imv_scanner_state_t *this,
+								imv_scanner_handshake_state_t new_state);
+
+	/**
+	 * Get state of the handshake
+	 *
+	 * @return					the handshake state of IMV
+	 */
+	imv_scanner_handshake_state_t (*get_handshake_state)(imv_scanner_state_t *this);
+
+	/**
+	 * Set flags for received attributes
+	 *
+	 * @param flags			Flags to be set
+	 */
+	void (*set_received)(imv_scanner_state_t *this, u_int flags);
+
+	/**
+	 * Get flags set for received attributes
+	 *
+	 * @return				Flags set for received attributes
+	 */
+	u_int (*get_received)(imv_scanner_state_t *this);
+
 	/**
 	 * add a violating TCP or UDP port
 	 */