Imported Upstream version 5.0.4

4 files changed, 73 insertions, 3 deletions

diff --git a/src/libcharon/plugins/tnc_ifmap/Makefile.in b/src/libcharon/plugins/tnc_ifmap/Makefile.in
index 96912c618..ed3775e9d 100644
--- a/src/libcharon/plugins/tnc_ifmap/Makefile.in
+++ b/src/libcharon/plugins/tnc_ifmap/Makefile.in
@@ -255,6 +255,7 @@ dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
 exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
 gtk_CFLAGS = @gtk_CFLAGS@
 gtk_LIBS = @gtk_LIBS@
 h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c
index 4b2538e34..4ad19c530 100644
--- a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c
+++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c
@@ -71,8 +71,8 @@ static bool publish_device_ip_addresses(private_tnc_ifmap_listener_t *this)
  */
 static bool reload_metadata(private_tnc_ifmap_listener_t *this)
 {
-	enumerator_t *enumerator;
 	ike_sa_t *ike_sa;
+	enumerator_t *enumerator;
 	bool success = TRUE;
 
 	enumerator = charon->controller->create_ike_sa_enumerator(
@@ -83,7 +83,8 @@ static bool reload_metadata(private_tnc_ifmap_listener_t *this)
 		{
 			continue;
 		}
-		if (!this->ifmap->publish_ike_sa(this->ifmap, ike_sa, TRUE))
+		if (!this->ifmap->publish_ike_sa(this->ifmap, ike_sa, TRUE) ||
+			!this->ifmap->publish_virtual_ips(this->ifmap, ike_sa, TRUE))
 		{
 			success = FALSE;
 			break;
@@ -104,6 +105,13 @@ METHOD(listener_t, ike_updown, bool,
 	return TRUE;
 }
 
+METHOD(listener_t, assign_vips, bool,
+	private_tnc_ifmap_listener_t *this, ike_sa_t *ike_sa, bool assign)
+{
+	this->ifmap->publish_virtual_ips(this->ifmap, ike_sa, assign);
+	return TRUE;
+}
+
 METHOD(listener_t, alert, bool,
 	private_tnc_ifmap_listener_t *this, ike_sa_t *ike_sa, alert_t alert,
 	va_list args)
@@ -144,6 +152,7 @@ tnc_ifmap_listener_t *tnc_ifmap_listener_create(bool reload)
 		.public = {
 			.listener = {
 				.ike_updown = _ike_updown,
+				.assign_vips = _assign_vips,
 				.alert = _alert,
 			},
 			.destroy = _destroy,
diff --git a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c
index 8d5da5812..df7d2e2a1 100644
--- a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c
+++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c
@@ -579,6 +579,55 @@ METHOD(tnc_ifmap_soap_t, publish_device_ip, bool,
 	return success;
 }
 
+METHOD(tnc_ifmap_soap_t, publish_virtual_ips, bool,
+	private_tnc_ifmap_soap_t *this, ike_sa_t *ike_sa, bool assign)
+{
+	tnc_ifmap_soap_msg_t *soap_msg;
+	xmlNodePtr request, node;
+	u_int32_t ike_sa_id;
+	enumerator_t *enumerator;
+	host_t *vip;
+	bool success;
+
+	/* extract relevant data from IKE_SA*/
+	ike_sa_id = ike_sa->get_unique_id(ike_sa);
+
+	/* build publish request */
+	request = create_publish_request(this);
+
+	enumerator = ike_sa->create_virtual_ip_enumerator(ike_sa, FALSE);
+	while (enumerator->enumerate(enumerator, &vip))
+	{
+		/**
+		 * update or delete access-request-ip metadata for a virtual IP address
+		 */
+		if (assign)
+		{
+			node = xmlNewNode(NULL, "update");
+		}
+		else
+		{
+			node = create_delete_filter(this, "access-request-ip");
+		}
+		xmlAddChild(request, node);
+
+		/* add access-request, virtual ip-address and [if assign] metadata */
+			xmlAddChild(node, create_access_request(this, ike_sa_id));
+			xmlAddChild(node, create_ip_address(this, vip));
+			if (assign)
+		{
+			xmlAddChild(node, create_metadata(this, "access-request-ip"));
+		}
+	}
+	enumerator->destroy(enumerator);
+
+	soap_msg = tnc_ifmap_soap_msg_create(this->uri, this->user_pass, this->tls);
+	success = soap_msg->post(soap_msg, request, "publishReceived", NULL);
+	soap_msg->destroy(soap_msg);
+
+	return success;
+}
+
 METHOD(tnc_ifmap_soap_t, publish_enforcement_report, bool,
 	private_tnc_ifmap_soap_t *this, host_t *host, char *action, char *reason)
 {
@@ -851,6 +900,7 @@ tnc_ifmap_soap_t *tnc_ifmap_soap_create()
 			.purgePublisher = _purgePublisher,
 			.publish_ike_sa = _publish_ike_sa,
 			.publish_device_ip = _publish_device_ip,
+			.publish_virtual_ips = _publish_virtual_ips,
 			.publish_enforcement_report = _publish_enforcement_report,
 			.endSession = _endSession,
 			.get_session_id = _get_session_id,
diff --git a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.h b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.h
index 4a0434a54..fbc65a2b1 100644
--- a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.h
+++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.h
@@ -56,7 +56,7 @@ struct tnc_ifmap_soap_t {
 	/**
 	 * Publish metadata about established/deleted IKE_SAs
 	 *
-	 * @param ike_sa		IKE_SA for which metadate is published
+	 * @param ike_sa		IKE_SA for which metadata is published
 	 * @param up			TRUE if IKE_SEA is up, FALSE if down
 	 * @return				TRUE if command was successful
 	 */
@@ -71,6 +71,16 @@ struct tnc_ifmap_soap_t {
 	bool (*publish_device_ip)(tnc_ifmap_soap_t *this, host_t *host);
 
 	/**
+	 * Publish Virtual IP access-request-ip metadata
+	 *
+	 * @param ike_sa		IKE_SA for which Virtual IP metadata is published
+	 * @param assign		TRUE if assigned, FALSE if removed
+	 * @return				TRUE if command was successful
+	 */
+	bool (*publish_virtual_ips)(tnc_ifmap_soap_t *this, ike_sa_t *ike_sa,
+								bool assign);
+
+	/**
 	 * Publish enforcement-report metadata
 	 *
 	 * @param host			Host to be enforced