aboutsummaryrefslogtreecommitdiffstats
path: root/src/libimcv/plugins/imv_os/imv_os.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/libimcv/plugins/imv_os/imv_os.c')
-rw-r--r--src/libimcv/plugins/imv_os/imv_os.c255
1 files changed, 154 insertions, 101 deletions
diff --git a/src/libimcv/plugins/imv_os/imv_os.c b/src/libimcv/plugins/imv_os/imv_os.c
index 487c9a9d1..663914b32 100644
--- a/src/libimcv/plugins/imv_os/imv_os.c
+++ b/src/libimcv/plugins/imv_os/imv_os.c
@@ -28,7 +28,9 @@
#include <ietf/ietf_attr_product_info.h>
#include <ietf/ietf_attr_remediation_instr.h>
#include <ietf/ietf_attr_string_version.h>
-#include <os_info/os_info.h>
+#include <ita/ita_attr.h>
+#include <ita/ita_attr_get_settings.h>
+#include <ita/ita_attr_settings.h>
#include <tncif_names.h>
#include <tncif_pa_subtypes.h>
@@ -36,6 +38,7 @@
#include <pen/pen.h>
#include <collections/linked_list.h>
#include <utils/debug.h>
+#include <utils/lexparser.h>
/* IMV definitions */
@@ -102,6 +105,23 @@ TNC_Result TNC_IMV_NotifyConnectionChange(TNC_IMVID imv_id,
}
}
+/**
+ * print multi-line values to debug output
+ */
+static void dbg_imv_multi_line(chunk_t value)
+{
+ chunk_t line;
+
+ while (extract_token(&line, '\n', &value))
+ {
+ DBG2(DBG_IMV, " %.*s", line.len, line.ptr);
+ }
+ if (value.len)
+ {
+ DBG2(DBG_IMV, " %.*s", value.len, value.ptr);
+ }
+}
+
static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg)
{
imv_msg_t *out_msg;
@@ -130,117 +150,132 @@ static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg)
{
type = attr->get_type(attr);
- if (type.vendor_id != PEN_IETF)
- {
- continue;
- }
- switch (type.type)
+ if (type.vendor_id == PEN_IETF)
{
- case IETF_ATTR_PRODUCT_INFORMATION:
+ switch (type.type)
{
- ietf_attr_product_info_t *attr_cast;
- pen_t vendor_id;
-
- attr_cast = (ietf_attr_product_info_t*)attr;
- os_name = attr_cast->get_info(attr_cast, &vendor_id, NULL);
- if (vendor_id != PEN_IETF)
+ case IETF_ATTR_PRODUCT_INFORMATION:
{
- DBG1(DBG_IMV, "operating system name is '%.*s' "
- "from vendor %N", os_name.len, os_name.ptr,
- pen_names, vendor_id);
+ ietf_attr_product_info_t *attr_cast;
+ pen_t vendor_id;
+
+ attr_cast = (ietf_attr_product_info_t*)attr;
+ os_name = attr_cast->get_info(attr_cast, &vendor_id, NULL);
+ if (vendor_id != PEN_IETF)
+ {
+ DBG1(DBG_IMV, "operating system name is '%.*s' "
+ "from vendor %N", os_name.len, os_name.ptr,
+ pen_names, vendor_id);
+ }
+ else
+ {
+ DBG1(DBG_IMV, "operating system name is '%.*s'",
+ os_name.len, os_name.ptr);
+ }
+ break;
}
- else
+ case IETF_ATTR_STRING_VERSION:
{
- DBG1(DBG_IMV, "operating system name is '%.*s'",
- os_name.len, os_name.ptr);
+ ietf_attr_string_version_t *attr_cast;
+
+ attr_cast = (ietf_attr_string_version_t*)attr;
+ os_version = attr_cast->get_version(attr_cast, NULL, NULL);
+ if (os_version.len)
+ {
+ DBG1(DBG_IMV, "operating system version is '%.*s'",
+ os_version.len, os_version.ptr);
+ }
+ break;
}
- break;
- }
- case IETF_ATTR_STRING_VERSION:
- {
- ietf_attr_string_version_t *attr_cast;
-
- attr_cast = (ietf_attr_string_version_t*)attr;
- os_version = attr_cast->get_version(attr_cast, NULL, NULL);
- if (os_version.len)
+ case IETF_ATTR_NUMERIC_VERSION:
{
- DBG1(DBG_IMV, "operating system version is '%.*s'",
- os_version.len, os_version.ptr);
+ ietf_attr_numeric_version_t *attr_cast;
+ u_int32_t major, minor;
+
+ attr_cast = (ietf_attr_numeric_version_t*)attr;
+ attr_cast->get_version(attr_cast, &major, &minor);
+ DBG1(DBG_IMV, "operating system numeric version is %d.%d",
+ major, minor);
+ break;
}
- break;
- }
- case IETF_ATTR_NUMERIC_VERSION:
- {
- ietf_attr_numeric_version_t *attr_cast;
- u_int32_t major, minor;
-
- attr_cast = (ietf_attr_numeric_version_t*)attr;
- attr_cast->get_version(attr_cast, &major, &minor);
- DBG1(DBG_IMV, "operating system numeric version is %d.%d",
- major, minor);
- break;
- }
- case IETF_ATTR_OPERATIONAL_STATUS:
- {
- ietf_attr_op_status_t *attr_cast;
- op_status_t op_status;
- op_result_t op_result;
- time_t last_boot;
-
- attr_cast = (ietf_attr_op_status_t*)attr;
- op_status = attr_cast->get_status(attr_cast);
- op_result = attr_cast->get_result(attr_cast);
- last_boot = attr_cast->get_last_use(attr_cast);
- DBG1(DBG_IMV, "operational status: %N, result: %N",
- op_status_names, op_status, op_result_names, op_result);
- DBG1(DBG_IMV, "last boot: %T", &last_boot, TRUE);
- break;
- }
- case IETF_ATTR_FORWARDING_ENABLED:
- {
- ietf_attr_fwd_enabled_t *attr_cast;
- os_fwd_status_t fwd_status;
-
- attr_cast = (ietf_attr_fwd_enabled_t*)attr;
- fwd_status = attr_cast->get_status(attr_cast);
- DBG1(DBG_IMV, "IPv4 forwarding status: %N",
- os_fwd_status_names, fwd_status);
- break;
- }
- case IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED:
- {
- ietf_attr_default_pwd_enabled_t *attr_cast;
- bool default_pwd_status;
-
- attr_cast = (ietf_attr_default_pwd_enabled_t*)attr;
- default_pwd_status = attr_cast->get_status(attr_cast);
- DBG1(DBG_IMV, "factory default password: %sabled",
- default_pwd_status ? "en":"dis");
- break;
- }
- case IETF_ATTR_INSTALLED_PACKAGES:
- {
- ietf_attr_installed_packages_t *attr_cast;
- enumerator_t *e;
- chunk_t name, version;
-
- attr_cast = (ietf_attr_installed_packages_t*)attr;
- e = attr_cast->create_enumerator(attr_cast);
- while (e->enumerate(e, &name, &version))
+ case IETF_ATTR_OPERATIONAL_STATUS:
{
- DBG1(DBG_IMV, "package '%.*s' %.*s", name.len, name.ptr,
- version.len, version.ptr);
+ ietf_attr_op_status_t *attr_cast;
+ op_status_t op_status;
+ op_result_t op_result;
+ time_t last_boot;
+
+ attr_cast = (ietf_attr_op_status_t*)attr;
+ op_status = attr_cast->get_status(attr_cast);
+ op_result = attr_cast->get_result(attr_cast);
+ last_boot = attr_cast->get_last_use(attr_cast);
+ DBG1(DBG_IMV, "operational status: %N, result: %N",
+ op_status_names, op_status, op_result_names, op_result);
+ DBG1(DBG_IMV, "last boot: %T", &last_boot, TRUE);
+ break;
}
- e->destroy(e);
-
- state->set_recommendation(state,
- TNC_IMV_ACTION_RECOMMENDATION_ALLOW,
- TNC_IMV_EVALUATION_RESULT_COMPLIANT);
- assessment = TRUE;
- break;
+ case IETF_ATTR_FORWARDING_ENABLED:
+ {
+ ietf_attr_fwd_enabled_t *attr_cast;
+ os_fwd_status_t fwd_status;
+
+ attr_cast = (ietf_attr_fwd_enabled_t*)attr;
+ fwd_status = attr_cast->get_status(attr_cast);
+ DBG1(DBG_IMV, "IPv4 forwarding status: %N",
+ os_fwd_status_names, fwd_status);
+ break;
+ }
+ case IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED:
+ {
+ ietf_attr_default_pwd_enabled_t *attr_cast;
+ bool default_pwd_status;
+
+ attr_cast = (ietf_attr_default_pwd_enabled_t*)attr;
+ default_pwd_status = attr_cast->get_status(attr_cast);
+ DBG1(DBG_IMV, "factory default password: %sabled",
+ default_pwd_status ? "en":"dis");
+ break;
+ }
+ case IETF_ATTR_INSTALLED_PACKAGES:
+ {
+ ietf_attr_installed_packages_t *attr_cast;
+ enumerator_t *e;
+ chunk_t name, version;
+
+ attr_cast = (ietf_attr_installed_packages_t*)attr;
+ e = attr_cast->create_enumerator(attr_cast);
+ while (e->enumerate(e, &name, &version))
+ {
+ DBG1(DBG_IMV, "package '%.*s' %.*s", name.len, name.ptr,
+ version.len, version.ptr);
+ }
+ e->destroy(e);
+
+ state->set_recommendation(state,
+ TNC_IMV_ACTION_RECOMMENDATION_ALLOW,
+ TNC_IMV_EVALUATION_RESULT_COMPLIANT);
+ assessment = TRUE;
+ break;
+ }
+ default:
+ break;
}
- default:
- break;
+ }
+ else if (type.vendor_id == PEN_ITA && type.type == ITA_ATTR_SETTINGS)
+ {
+ ita_attr_settings_t *attr_cast;
+ enumerator_t *e;
+ char *name;
+ chunk_t value;
+
+ attr_cast = (ita_attr_settings_t*)attr;
+ e = attr_cast->create_enumerator(attr_cast);
+ while (e->enumerate(e, &name, &value))
+ {
+ DBG1(DBG_IMV, "setting '%s'", name);
+ dbg_imv_multi_line(value);
+ }
+ e->destroy(e);
}
}
enumerator->destroy(enumerator);
@@ -275,11 +310,29 @@ static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg)
}
else
{
+ ita_attr_get_settings_t *attr_cast;
+
DBG1(DBG_IMV, "requesting installed packages for '%s'",
product_info);
attr = ietf_attr_attr_request_create(PEN_IETF,
IETF_ATTR_INSTALLED_PACKAGES);
out_msg->add_attribute(out_msg, attr);
+
+ /* requesting Android or Linux settings */
+ attr = ita_attr_get_settings_create();
+ attr_cast = (ita_attr_get_settings_t*)attr;
+
+ if (chunk_equals(os_name, chunk_create("Android", 7)))
+ {
+ attr_cast->add(attr_cast, "android_id");
+ attr_cast->add(attr_cast, "install_non_market_apps");
+ }
+ else
+ {
+ attr_cast->add(attr_cast, "/proc/sys/kernel/random/boot_id");
+ attr_cast->add(attr_cast, "/proc/sys/kernel/tainted");
+ }
+ out_msg->add_attribute(out_msg, attr);
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-24 18:17:38 +0000