From: Andreas Steffen <andreas.steffen@strongswan.org>
Date: Fri, 17 May 2013 19:38:54 +0000 (+0200)
Subject: created a simple IMV Policy Manager
X-Git-Tag: 5.1.0dr1~70
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1ecff25917f5bd77a4b42b548369b1f3f211ae77;p=thirdparty%2Fstrongswan.git

created a simple IMV Policy Manager
---

diff --git a/src/libimcv/.gitignore b/src/libimcv/.gitignore
new file mode 100644
index 0000000000..9105a6f396
--- /dev/null
+++ b/src/libimcv/.gitignore
@@ -0,0 +1 @@
+imv_policy_manager
diff --git a/src/libimcv/Makefile.am b/src/libimcv/Makefile.am
index 13531fef62..44e812c924 100644
--- a/src/libimcv/Makefile.am
+++ b/src/libimcv/Makefile.am
@@ -46,6 +46,14 @@ libimcv_la_SOURCES = \
 ipsec_SCRIPTS = imv/_imv_policy
 EXTRA_DIST = imv/_imv_policy
 
+ipsec_PROGRAMS = imv_policy_manager
+imv_policy_manager_SOURCES = \
+	imv/imv_policy_manager.c \
+	imv/imv_policy_manager_usage.h imv/imv_policy_manager_usage.c
+imv_policy_manager_LDADD = \
+	$(top_builddir)/src/libstrongswan/libstrongswan.la
+#imv/imv_policy_manager.o :	$(top_builddir)/config.status
+
 SUBDIRS = .
 
 if USE_IMC_TEST
diff --git a/src/libimcv/imv/imv_policy_manager.c b/src/libimcv/imv/imv_policy_manager.c
new file mode 100644
index 0000000000..128c7a2966
--- /dev/null
+++ b/src/libimcv/imv/imv_policy_manager.c
@@ -0,0 +1,170 @@
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "imv_policy_manager_usage.h"
+#include "imv_workitem.h"
+ 
+#include <library.h>
+#include <utils/debug.h>
+
+#include <stdlib.h>
+#include <stdio.h>
+
+/**
+ * global debug output variables
+ */
+static int debug_level = 2;
+static bool stderr_quiet = FALSE;
+
+/**
+ * attest dbg function
+ */
+static void stderr_dbg(debug_t group, level_t level, char *fmt, ...)
+{
+	va_list args;
+
+	if (level <= debug_level)
+	{
+		if (!stderr_quiet)
+		{
+			va_start(args, fmt);
+			vfprintf(stderr, fmt, args);
+			fprintf(stderr, "\n");
+			va_end(args);
+		}
+	}
+}
+
+bool policy_start(database_t *db, int session_id)
+{
+ 	if (db->execute(db, NULL,
+				"INSERT INTO workitems (session, type, argument, "
+				"rec_fail, rec_noresult) VALUES (?, ?, ?, ?, ?)",
+				DB_INT, session_id, DB_INT, IMV_WORKITEM_PACKAGES,
+				DB_TEXT, "",
+				DB_INT, TNC_IMV_ACTION_RECOMMENDATION_ISOLATE,
+				DB_INT, TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS) != 1)
+	{
+		return FALSE;
+	}
+	if (db->execute(db, NULL,
+				"INSERT INTO workitems (session, type, argument, "
+				"rec_fail, rec_noresult) VALUES (?, ?, ?, ?, ?)",
+				DB_INT, session_id, DB_INT, IMV_WORKITEM_FORWARDING,
+				DB_TEXT, "",
+				DB_INT, TNC_IMV_ACTION_RECOMMENDATION_ISOLATE,
+				DB_INT, TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS) != 1)
+	{
+		return FALSE;
+	}
+	if (db->execute(db, NULL,
+				"INSERT INTO workitems (session, type, argument, "
+				"rec_fail, rec_noresult) VALUES (?, ?, ?, ?, ?)",
+				DB_INT, session_id, DB_INT, IMV_WORKITEM_TCP_SCAN,
+				DB_TEXT, "22",
+				DB_INT, TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS,
+				DB_INT, TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS) != 1)
+	{
+		return FALSE;
+	}
+
+	return TRUE;
+}
+
+bool policy_stop(database_t *db, int session_id)
+{
+	return db->execute(db, NULL,
+				"DELETE FROM workitems WHERE session = ?",
+				DB_UINT, session_id) > 0;
+}
+
+int main(int argc, char *argv[])
+{
+	database_t *db;
+	char *uri, *tnc_session_id;
+	int session_id;
+	bool start, success;
+
+	/* enable attest debugging hook */
+	dbg = stderr_dbg;
+
+	atexit(library_deinit);
+
+	/* initialize library */
+	if (!library_init(NULL))
+	{
+		exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
+	}
+	if (!lib->plugins->load(lib->plugins, NULL, 
+			lib->settings->get_str(lib->settings, "imv_policy_manager.load",
+				 "sqlite")))
+	{
+		exit(SS_RC_INITIALIZATION_FAILED);
+	}
+
+	if (argc < 2)
+	{
+		usage();
+		exit(SS_RC_INITIALIZATION_FAILED);
+	}
+	if (streq(argv[1], "start"))
+	{
+		start = TRUE;
+	}
+	else if (streq(argv[1], "stop"))
+	{
+		start = FALSE;
+	}
+	else
+	{
+		usage();
+		exit(SS_RC_INITIALIZATION_FAILED);
+	}
+
+	/* get session ID */
+	tnc_session_id = getenv("TNC_SESSION_ID");
+	if (!tnc_session_id)
+	{
+		fprintf(stderr, "environment variable TNC_SESSION_ID is not defined\n");
+		exit(SS_RC_INITIALIZATION_FAILED);
+	}
+	session_id = atoi(tnc_session_id);
+	
+	/* attach database */
+	uri = lib->settings->get_str(lib->settings, "imv_policy_manager.database",
+												"sqlite:///etc/pts/config.db");
+	db = lib->db->create(lib->db, uri);
+	if (!db)
+	{
+		fprintf(stderr, "opening database failed.\n");
+		exit(SS_RC_INITIALIZATION_FAILED);
+	}
+
+	if (start)
+	{
+		success = policy_start(db, session_id);
+	}
+	else
+	{
+		success = policy_stop(db, session_id);
+	}
+	db->destroy(db);
+
+	fprintf(stderr, "imv_policy_manager %s %s\n", start ? "start" : "stop",
+			success ? "successful" : "failed");
+
+	exit(EXIT_SUCCESS);
+}
+
diff --git a/src/libimcv/imv/imv_policy_manager_usage.c b/src/libimcv/imv/imv_policy_manager_usage.c
new file mode 100644
index 0000000000..3167a54419
--- /dev/null
+++ b/src/libimcv/imv/imv_policy_manager_usage.c
@@ -0,0 +1,29 @@
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include <stdio.h>
+
+#include "imv_policy_manager_usage.h"
+
+/**
+ * print imv_policy_manager usage info
+ */
+void usage(void)
+{
+	printf("\
+Usage:\n\
+  imv_policy_manager start|stop\n");
+}
+
diff --git a/src/libimcv/imv/imv_policy_manager_usage.h b/src/libimcv/imv/imv_policy_manager_usage.h
new file mode 100644
index 0000000000..9c90d40c6c
--- /dev/null
+++ b/src/libimcv/imv/imv_policy_manager_usage.h
@@ -0,0 +1,24 @@
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef IMV_POLICY_MANAGER_USAGE_H_
+#define IMV_POLICY_MANAGER_USAGE_H_
+
+/**
+ * print imv_policy_manager usage info
+ */
+void usage(void);
+
+#endif /* IMV_POLICY_MANAGER_USAGE_H_ */