implemented ITA Get Settings and ITA Settings attributes

2 files changed, 274 insertions, 171 deletions

diff --git a/src/libimcv/plugins/imc_os/imc_os.c b/src/libimcv/plugins/imc_os/imc_os.c
index e011c2bd5..7510b2619 100644
--- a/src/libimcv/plugins/imc_os/imc_os.c
+++ b/src/libimcv/plugins/imc_os/imc_os.c
@@ -27,6 +27,9 @@
 #include <ietf/ietf_attr_product_info.h>
 #include <ietf/ietf_attr_remediation_instr.h>
 #include <ietf/ietf_attr_string_version.h>
+#include <ita/ita_attr.h>
+#include <ita/ita_attr_get_settings.h>
+#include <ita/ita_attr_settings.h>
 #include <os_info/os_info.h>
 
 #include <tncif_pa_subtypes.h>
@@ -247,6 +250,43 @@ static void add_installed_packages(imc_msg_t *msg)
 }
 
 /**
+ * Add ITA Settings attribute to the send queue
+ */
+static void add_settings(enumerator_t *enumerator, imc_msg_t *msg)
+{
+	pa_tnc_attr_t *attr = NULL;
+	ita_attr_settings_t *attr_cast;
+	chunk_t value;
+	char *name;
+	bool first = TRUE;
+
+	while (enumerator->enumerate(enumerator, &name))
+	{
+		DBG1(DBG_IMC, "setting '%s'", name);
+
+		value = os->get_setting(os, name);
+		if (!value.ptr)
+		{
+			DBG1(DBG_IMC, "  failed to get setting");
+			continue;
+		}
+		if (first)
+		{
+			attr = ita_attr_settings_create();
+			first = FALSE;
+		}
+		attr_cast = (ita_attr_settings_t*)attr;
+		attr_cast->add(attr_cast, name, value);
+		chunk_free(&value);
+	}
+
+	if (attr)
+	{
+		msg->add_attribute(msg, attr);
+	}
+}
+
+/**
  * see section 3.8.3 of TCG TNC IF-IMC Specification 1.3
  */
 TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id,
@@ -290,7 +330,7 @@ static TNC_Result receive_message(imc_msg_t *in_msg)
 	imc_msg_t *out_msg;
 	enumerator_t *enumerator;
 	pa_tnc_attr_t *attr;
-	pen_type_t attr_type;
+	pen_type_t type;
 	TNC_Result result;
 	bool fatal_error = FALSE;
 
@@ -306,89 +346,99 @@ static TNC_Result receive_message(imc_msg_t *in_msg)
 	enumerator = in_msg->create_attribute_enumerator(in_msg);
 	while (enumerator->enumerate(enumerator, &attr))
 	{
-		attr_type = attr->get_type(attr);
+		type = attr->get_type(attr);
 
-		if (attr_type.vendor_id != PEN_IETF)
-		{
-			continue;
-		}
-		if (attr_type.type == IETF_ATTR_ATTRIBUTE_REQUEST)
+		if (type.vendor_id == PEN_IETF)
 		{
-			ietf_attr_attr_request_t *attr_cast;
-			pen_type_t *entry;
-			enumerator_t *e;
+			if (type.type == IETF_ATTR_ATTRIBUTE_REQUEST)
+			{
+				ietf_attr_attr_request_t *attr_cast;
+				pen_type_t *entry;
+				enumerator_t *e;
 
-			attr_cast = (ietf_attr_attr_request_t*)attr;
+				attr_cast = (ietf_attr_attr_request_t*)attr;
 
-			e = attr_cast->create_enumerator(attr_cast);
-			while (e->enumerate(e, &entry))
+				e = attr_cast->create_enumerator(attr_cast);
+				while (e->enumerate(e, &entry))
+				{
+					if (entry->vendor_id != PEN_IETF)
+					{
+						continue;
+					}
+					switch (entry->type)
+					{
+						case IETF_ATTR_PRODUCT_INFORMATION:
+							add_product_info(out_msg);
+							break;
+						case IETF_ATTR_STRING_VERSION:
+							add_string_version(out_msg);
+							break;
+						case IETF_ATTR_NUMERIC_VERSION:
+							add_numeric_version(out_msg);
+							break;
+						case IETF_ATTR_OPERATIONAL_STATUS:
+							add_op_status(out_msg);
+							break;
+						case IETF_ATTR_FORWARDING_ENABLED:
+							add_fwd_enabled(out_msg);
+							break;
+						case IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED:
+							add_default_pwd_enabled(out_msg);
+							break;
+						case IETF_ATTR_INSTALLED_PACKAGES:
+							add_installed_packages(out_msg);
+							break;
+						default:
+							break;
+					}
+				}
+				e->destroy(e);
+			}
+			else if (type.type == IETF_ATTR_REMEDIATION_INSTRUCTIONS)
 			{
-				if (entry->vendor_id != PEN_IETF)
+				ietf_attr_remediation_instr_t *attr_cast;
+				pen_type_t parameters_type;
+				chunk_t parameters, string, lang_code;
+
+				attr_cast = (ietf_attr_remediation_instr_t*)attr;
+				parameters_type = attr_cast->get_parameters_type(attr_cast);
+				parameters = attr_cast->get_parameters(attr_cast);
+
+				if (parameters_type.vendor_id == PEN_IETF)
 				{
-					continue;
+					switch (parameters_type.type)
+					{
+						case IETF_REMEDIATION_PARAMETERS_URI:
+							DBG1(DBG_IMC, "remediation uri: '%.*s'",
+										   parameters.len, parameters.ptr);
+							break;
+						case IETF_REMEDIATION_PARAMETERS_STRING:
+							string = attr_cast->get_string(attr_cast, &lang_code);
+							DBG1(DBG_IMC, "remediation string: '%.*s' [%.*s]",
+										   string.len, string.ptr,
+										   lang_code.len, lang_code.ptr);
+							break;
+						default:
+							DBG1(DBG_IMC, "remediation parameters %B", &parameters);
+					}
 				}
-				switch (entry->type)
+				else
 				{
-					case IETF_ATTR_PRODUCT_INFORMATION:
-						add_product_info(out_msg);
-						break;
-					case IETF_ATTR_STRING_VERSION:
-						add_string_version(out_msg);
-						break;
-					case IETF_ATTR_NUMERIC_VERSION:
-						add_numeric_version(out_msg);
-						break;
-					case IETF_ATTR_OPERATIONAL_STATUS:
-						add_op_status(out_msg);
-						break;
-					case IETF_ATTR_FORWARDING_ENABLED:
-						add_fwd_enabled(out_msg);
-						break;
-					case IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED:
-						add_default_pwd_enabled(out_msg);
-						break;
-					case IETF_ATTR_INSTALLED_PACKAGES:
-						add_installed_packages(out_msg);
-						break;
-					default:
-						break;
+					DBG1(DBG_IMC, "remediation parameters %B", &parameters);
 				}
 			}
-			e->destroy(e);
 		}
-		else if (attr_type.type == IETF_ATTR_REMEDIATION_INSTRUCTIONS)
+		else if (type.vendor_id == PEN_ITA && type.type == ITA_ATTR_GET_SETTINGS)
 		{
-			ietf_attr_remediation_instr_t *attr_cast;
-			pen_type_t parameters_type;
-			chunk_t parameters, string, lang_code;
+			ita_attr_get_settings_t *attr_cast;
+			enumerator_t *e;
 
-			attr_cast = (ietf_attr_remediation_instr_t*)attr;
-			parameters_type = attr_cast->get_parameters_type(attr_cast);
-			parameters = attr_cast->get_parameters(attr_cast);
+			attr_cast = (ita_attr_get_settings_t*)attr;
 
-			if (parameters_type.vendor_id == PEN_IETF)
-			{
-				switch (parameters_type.type)
-				{
-					case IETF_REMEDIATION_PARAMETERS_URI:
-						DBG1(DBG_IMC, "remediation uri: '%.*s'",
-									   parameters.len, parameters.ptr);
-						break;
-					case IETF_REMEDIATION_PARAMETERS_STRING:
-						string = attr_cast->get_string(attr_cast, &lang_code);
-						DBG1(DBG_IMC, "remediation string: '%.*s' [%.*s]",
-									   string.len, string.ptr,
-									   lang_code.len, lang_code.ptr);
-						break;
-					default:
-						DBG1(DBG_IMC, "remediation parameters %B", &parameters);
-				}						
-			}
-			else
-			{
-				DBG1(DBG_IMC, "remediation parameters %B", &parameters);
-			}
-		}	
+			e = attr_cast->create_enumerator(attr_cast);
+			add_settings(e, out_msg);
+			e->destroy(e);
+		}
 	}
 	enumerator->destroy(enumerator);
 
diff --git a/src/libimcv/plugins/imv_os/imv_os.c b/src/libimcv/plugins/imv_os/imv_os.c
index 487c9a9d1..663914b32 100644
--- a/src/libimcv/plugins/imv_os/imv_os.c
+++ b/src/libimcv/plugins/imv_os/imv_os.c
@@ -28,7 +28,9 @@
 #include <ietf/ietf_attr_product_info.h>
 #include <ietf/ietf_attr_remediation_instr.h>
 #include <ietf/ietf_attr_string_version.h>
-#include <os_info/os_info.h>
+#include <ita/ita_attr.h>
+#include <ita/ita_attr_get_settings.h>
+#include <ita/ita_attr_settings.h>
 
 #include <tncif_names.h>
 #include <tncif_pa_subtypes.h>
@@ -36,6 +38,7 @@
 #include <pen/pen.h>
 #include <collections/linked_list.h>
 #include <utils/debug.h>
+#include <utils/lexparser.h>
 
 /* IMV definitions */
 
@@ -102,6 +105,23 @@ TNC_Result TNC_IMV_NotifyConnectionChange(TNC_IMVID imv_id,
 	}
 }
 
+/**
+ * print multi-line values to debug output
+ */
+static void dbg_imv_multi_line(chunk_t value)
+{
+	chunk_t line;
+
+	while (extract_token(&line, '\n', &value))
+	{
+		DBG2(DBG_IMV, "  %.*s", line.len, line.ptr);
+	}
+	if (value.len)
+	{
+		DBG2(DBG_IMV, "  %.*s", value.len, value.ptr);
+	}
+}
+
 static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg)
 {
 	imv_msg_t *out_msg;
@@ -130,117 +150,132 @@ static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg)
 	{
 		type = attr->get_type(attr);
 
-		if (type.vendor_id != PEN_IETF)
-		{
-			continue;
-		}
-		switch (type.type)
+		if (type.vendor_id == PEN_IETF)
 		{
-			case IETF_ATTR_PRODUCT_INFORMATION:
+			switch (type.type)
 			{
-				ietf_attr_product_info_t *attr_cast;
-				pen_t vendor_id;
-
-				attr_cast = (ietf_attr_product_info_t*)attr;
-				os_name = attr_cast->get_info(attr_cast, &vendor_id, NULL);
-				if (vendor_id != PEN_IETF)
+				case IETF_ATTR_PRODUCT_INFORMATION:
 				{
-					DBG1(DBG_IMV, "operating system name is '%.*s' "
-								  "from vendor %N", os_name.len, os_name.ptr,
-								   pen_names, vendor_id);
+					ietf_attr_product_info_t *attr_cast;
+					pen_t vendor_id;
+
+					attr_cast = (ietf_attr_product_info_t*)attr;
+					os_name = attr_cast->get_info(attr_cast, &vendor_id, NULL);
+					if (vendor_id != PEN_IETF)
+					{
+						DBG1(DBG_IMV, "operating system name is '%.*s' "
+									  "from vendor %N", os_name.len, os_name.ptr,
+									   pen_names, vendor_id);
+					}
+					else
+					{
+						DBG1(DBG_IMV, "operating system name is '%.*s'",
+									   os_name.len, os_name.ptr);
+					}
+					break;
 				}
-				else
+				case IETF_ATTR_STRING_VERSION:
 				{
-					DBG1(DBG_IMV, "operating system name is '%.*s'",
-								   os_name.len, os_name.ptr);
+					ietf_attr_string_version_t *attr_cast;
+
+					attr_cast = (ietf_attr_string_version_t*)attr;
+					os_version = attr_cast->get_version(attr_cast, NULL, NULL);
+					if (os_version.len)
+					{
+						DBG1(DBG_IMV, "operating system version is '%.*s'",
+									   os_version.len, os_version.ptr);
+					}
+					break;
 				}
-				break;
-			}
-			case IETF_ATTR_STRING_VERSION:
-			{
-				ietf_attr_string_version_t *attr_cast;
-
-				attr_cast = (ietf_attr_string_version_t*)attr;
-				os_version = attr_cast->get_version(attr_cast, NULL, NULL);
-				if (os_version.len)
+				case IETF_ATTR_NUMERIC_VERSION:
 				{
-					DBG1(DBG_IMV, "operating system version is '%.*s'",
-								   os_version.len, os_version.ptr);
+					ietf_attr_numeric_version_t *attr_cast;
+					u_int32_t major, minor;
+
+					attr_cast = (ietf_attr_numeric_version_t*)attr;
+					attr_cast->get_version(attr_cast, &major, &minor);
+					DBG1(DBG_IMV, "operating system numeric version is %d.%d",
+								   major, minor);
+					break;
 				}
-				break;
-			}
-			case IETF_ATTR_NUMERIC_VERSION:
-			{
-				ietf_attr_numeric_version_t *attr_cast;
-				u_int32_t major, minor;
-
-				attr_cast = (ietf_attr_numeric_version_t*)attr;
-				attr_cast->get_version(attr_cast, &major, &minor);
-				DBG1(DBG_IMV, "operating system numeric version is %d.%d",
-							   major, minor);
-				break;
-			}
-			case IETF_ATTR_OPERATIONAL_STATUS:
-			{
-				ietf_attr_op_status_t *attr_cast;
-				op_status_t op_status;
-				op_result_t op_result;
-				time_t last_boot;
-
-				attr_cast = (ietf_attr_op_status_t*)attr;
-				op_status = attr_cast->get_status(attr_cast);
-				op_result = attr_cast->get_result(attr_cast);
-				last_boot = attr_cast->get_last_use(attr_cast);
-				DBG1(DBG_IMV, "operational status: %N, result: %N",
-					 op_status_names, op_status, op_result_names, op_result);
-				DBG1(DBG_IMV, "last boot: %T", &last_boot, TRUE);
-				break;
-			}
-			case IETF_ATTR_FORWARDING_ENABLED:
-			{
-				ietf_attr_fwd_enabled_t *attr_cast;
-				os_fwd_status_t fwd_status;
-
-				attr_cast = (ietf_attr_fwd_enabled_t*)attr;
-				fwd_status = attr_cast->get_status(attr_cast);
-				DBG1(DBG_IMV, "IPv4 forwarding status: %N",
-							   os_fwd_status_names, fwd_status);
-				break;
-			}
-			case IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED:
-			{
-				ietf_attr_default_pwd_enabled_t *attr_cast;
-				bool default_pwd_status;
-
-				attr_cast = (ietf_attr_default_pwd_enabled_t*)attr;
-				default_pwd_status = attr_cast->get_status(attr_cast);
-				DBG1(DBG_IMV, "factory default password: %sabled",
-							   default_pwd_status ? "en":"dis");
-				break;
-			}
-			case IETF_ATTR_INSTALLED_PACKAGES:
-			{
-				ietf_attr_installed_packages_t *attr_cast;
-				enumerator_t *e;
-				chunk_t name, version;
-
-				attr_cast = (ietf_attr_installed_packages_t*)attr;
-				e = attr_cast->create_enumerator(attr_cast);
-				while (e->enumerate(e, &name, &version))
+				case IETF_ATTR_OPERATIONAL_STATUS:
 				{
-					DBG1(DBG_IMV, "package '%.*s' %.*s", name.len, name.ptr,
-								   version.len, version.ptr);
+					ietf_attr_op_status_t *attr_cast;
+					op_status_t op_status;
+					op_result_t op_result;
+					time_t last_boot;
+
+					attr_cast = (ietf_attr_op_status_t*)attr;
+					op_status = attr_cast->get_status(attr_cast);
+					op_result = attr_cast->get_result(attr_cast);
+					last_boot = attr_cast->get_last_use(attr_cast);
+					DBG1(DBG_IMV, "operational status: %N, result: %N",
+						 op_status_names, op_status, op_result_names, op_result);
+					DBG1(DBG_IMV, "last boot: %T", &last_boot, TRUE);
+					break;
 				}
-				e->destroy(e);
-
-				state->set_recommendation(state,
-									  TNC_IMV_ACTION_RECOMMENDATION_ALLOW,
-									  TNC_IMV_EVALUATION_RESULT_COMPLIANT);
-				assessment = TRUE;
-				break;
+				case IETF_ATTR_FORWARDING_ENABLED:
+				{
+					ietf_attr_fwd_enabled_t *attr_cast;
+					os_fwd_status_t fwd_status;
+
+					attr_cast = (ietf_attr_fwd_enabled_t*)attr;
+					fwd_status = attr_cast->get_status(attr_cast);
+					DBG1(DBG_IMV, "IPv4 forwarding status: %N",
+								   os_fwd_status_names, fwd_status);
+					break;
+				}
+				case IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED:
+				{
+					ietf_attr_default_pwd_enabled_t *attr_cast;
+					bool default_pwd_status;
+
+					attr_cast = (ietf_attr_default_pwd_enabled_t*)attr;
+					default_pwd_status = attr_cast->get_status(attr_cast);
+					DBG1(DBG_IMV, "factory default password: %sabled",
+								   default_pwd_status ? "en":"dis");
+					break;
+				}
+				case IETF_ATTR_INSTALLED_PACKAGES:
+				{
+					ietf_attr_installed_packages_t *attr_cast;
+					enumerator_t *e;
+					chunk_t name, version;
+
+					attr_cast = (ietf_attr_installed_packages_t*)attr;
+					e = attr_cast->create_enumerator(attr_cast);
+					while (e->enumerate(e, &name, &version))
+					{
+						DBG1(DBG_IMV, "package '%.*s' %.*s", name.len, name.ptr,
+									   version.len, version.ptr);
+					}
+					e->destroy(e);
+
+					state->set_recommendation(state,
+										  TNC_IMV_ACTION_RECOMMENDATION_ALLOW,
+										  TNC_IMV_EVALUATION_RESULT_COMPLIANT);
+					assessment = TRUE;
+					break;
+				}
+				default:
+					break;
 			}
-			default:
-				break;
+		}
+		else if (type.vendor_id == PEN_ITA && type.type == ITA_ATTR_SETTINGS)
+		{
+			ita_attr_settings_t *attr_cast;
+			enumerator_t *e;
+			char *name;
+			chunk_t value;
+
+			attr_cast = (ita_attr_settings_t*)attr;
+			e = attr_cast->create_enumerator(attr_cast);
+			while (e->enumerate(e, &name, &value))
+			{
+				DBG1(DBG_IMV, "setting '%s'", name);
+				dbg_imv_multi_line(value);
+			}
+			e->destroy(e);
 		}
 	}
 	enumerator->destroy(enumerator);
@@ -275,11 +310,29 @@ static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg)
 		}
 		else
 		{
+			ita_attr_get_settings_t *attr_cast;
+
 			DBG1(DBG_IMV, "requesting installed packages for '%s'",
 						   product_info);
 			attr = ietf_attr_attr_request_create(PEN_IETF,
 								IETF_ATTR_INSTALLED_PACKAGES);
 			out_msg->add_attribute(out_msg, attr);
+
+			/* requesting Android or Linux settings */
+			attr = ita_attr_get_settings_create();
+			attr_cast = (ita_attr_get_settings_t*)attr;
+
+			if (chunk_equals(os_name, chunk_create("Android", 7)))
+			{
+				attr_cast->add(attr_cast, "android_id");
+				attr_cast->add(attr_cast, "install_non_market_apps");
+			}
+			else
+			{
+				attr_cast->add(attr_cast, "/proc/sys/kernel/random/boot_id");
+				attr_cast->add(attr_cast, "/proc/sys/kernel/tainted");
+			}
+			out_msg->add_attribute(out_msg, attr);
 		}
 	}