Imported Upstream version 4.5.1

8 files changed, 742 insertions, 20 deletions

diff --git a/src/libcharon/plugins/tnc_imc/Makefile.am b/src/libcharon/plugins/tnc_imc/Makefile.am
index ca8869460..2c551813e 100644
--- a/src/libcharon/plugins/tnc_imc/Makefile.am
+++ b/src/libcharon/plugins/tnc_imc/Makefile.am
@@ -1,11 +1,9 @@
 
 INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
-	-I$(top_srcdir)/src/libcharon `xml2-config --cflags`
+	-I$(top_srcdir)/src/libcharon
 
 AM_CFLAGS = -rdynamic
 
-libstrongswan_tnc_imc_la_LIBADD = -ltnc
-
 if MONOLITHIC
 noinst_LTLIBRARIES = libstrongswan-tnc-imc.la
 else
@@ -13,7 +11,8 @@ plugin_LTLIBRARIES = libstrongswan-tnc-imc.la
 endif
 
 libstrongswan_tnc_imc_la_SOURCES = \
-	tnc_imc_plugin.h tnc_imc_plugin.c
+	tnc_imc_plugin.h tnc_imc_plugin.c tnc_imc.h tnc_imc.c \
+	tnc_imc_manager.h tnc_imc_manager.c tnc_imc_bind_function.c
 
 libstrongswan_tnc_imc_la_LDFLAGS = -module -avoid-version
 
diff --git a/src/libcharon/plugins/tnc_imc/Makefile.in b/src/libcharon/plugins/tnc_imc/Makefile.in
index 9a8794e93..dc44408ff 100644
--- a/src/libcharon/plugins/tnc_imc/Makefile.in
+++ b/src/libcharon/plugins/tnc_imc/Makefile.in
@@ -74,8 +74,9 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
 LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
-libstrongswan_tnc_imc_la_DEPENDENCIES =
-am_libstrongswan_tnc_imc_la_OBJECTS = tnc_imc_plugin.lo
+libstrongswan_tnc_imc_la_LIBADD =
+am_libstrongswan_tnc_imc_la_OBJECTS = tnc_imc_plugin.lo tnc_imc.lo \
+	tnc_imc_manager.lo tnc_imc_bind_function.lo
 libstrongswan_tnc_imc_la_OBJECTS =  \
 	$(am_libstrongswan_tnc_imc_la_OBJECTS)
 libstrongswan_tnc_imc_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
@@ -221,9 +222,7 @@ includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
 ipsecdir = @ipsecdir@
-ipsecgid = @ipsecgid@
 ipsecgroup = @ipsecgroup@
-ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libcharon_plugins = @libcharon_plugins@
 libdir = @libdir@
@@ -262,6 +261,8 @@ sbindir = @sbindir@
 scepclient_plugins = @scepclient_plugins@
 scripts_plugins = @scripts_plugins@
 sharedstatedir = @sharedstatedir@
+soup_CFLAGS = @soup_CFLAGS@
+soup_LIBS = @soup_LIBS@
 srcdir = @srcdir@
 strongswan_conf = @strongswan_conf@
 sysconfdir = @sysconfdir@
@@ -273,14 +274,14 @@ urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
 INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
-	-I$(top_srcdir)/src/libcharon `xml2-config --cflags`
+	-I$(top_srcdir)/src/libcharon
 
 AM_CFLAGS = -rdynamic
-libstrongswan_tnc_imc_la_LIBADD = -ltnc
 @MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-tnc-imc.la
 @MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-tnc-imc.la
 libstrongswan_tnc_imc_la_SOURCES = \
-	tnc_imc_plugin.h tnc_imc_plugin.c
+	tnc_imc_plugin.h tnc_imc_plugin.c tnc_imc.h tnc_imc.c \
+	tnc_imc_manager.h tnc_imc_manager.c tnc_imc_bind_function.c
 
 libstrongswan_tnc_imc_la_LDFLAGS = -module -avoid-version
 all: all-am
@@ -366,6 +367,9 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnc_imc.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnc_imc_bind_function.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnc_imc_manager.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnc_imc_plugin.Plo@am__quote@
 
 .c.o:
diff --git a/src/libcharon/plugins/tnc_imc/tnc_imc.c b/src/libcharon/plugins/tnc_imc/tnc_imc.c
new file mode 100644
index 000000000..174084436
--- /dev/null
+++ b/src/libcharon/plugins/tnc_imc/tnc_imc.c
@@ -0,0 +1,207 @@
+/*
+ * Copyright (C) 2006 Mike McCauley
+ * Copyright (C) 2010 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "tnc_imc.h"
+
+#include <dlfcn.h>
+
+#include <debug.h>
+#include <library.h>
+
+typedef struct private_tnc_imc_t private_tnc_imc_t;
+
+/**
+ * Private data of an imv_t object.
+ */
+struct private_tnc_imc_t {
+
+	/**
+	 * Public members of imc_t.
+	 */
+	imc_t public;
+
+	/**
+	 * Path of loaded IMC
+	 */
+	char *path;
+
+	/**
+	 * Name of loaded IMC
+	 */
+	char *name;
+
+	/**
+	 * Handle of loaded IMC
+	 */
+	void *handle;
+
+	/**
+	 * ID of loaded IMC
+	 */
+	TNC_IMCID id;
+
+	/**
+	 * List of message types supported by IMC
+	 */
+	TNC_MessageTypeList supported_types;
+
+	/**
+	 * Number of supported message types
+	 */
+	TNC_UInt32 type_count;
+};
+
+METHOD(imc_t, set_id, void,
+	private_tnc_imc_t *this, TNC_IMCID id)
+{
+	this->id = id;
+}
+
+METHOD(imc_t, get_id, TNC_IMCID,
+	private_tnc_imc_t *this)
+{
+	return this->id;
+}
+
+METHOD(imc_t, get_name, char*,
+	private_tnc_imc_t *this)
+{
+	return this->name;
+}
+
+METHOD(imc_t, set_message_types, void,
+	private_tnc_imc_t *this, TNC_MessageTypeList supported_types,
+							 TNC_UInt32 type_count)
+{
+	/* Free an existing MessageType list */
+	free(this->supported_types);
+	this->supported_types = NULL;
+
+	/* Store the new MessageType list */
+	this->type_count = type_count;
+	if (type_count && supported_types)
+	{
+		size_t size = type_count * sizeof(TNC_MessageType);
+
+		this->supported_types = malloc(size);
+		memcpy(this->supported_types, supported_types, size);
+	}
+	DBG2(DBG_TNC, "IMC %u supports %u message types", this->id, type_count);
+}
+
+METHOD(imc_t, type_supported, bool,
+	private_tnc_imc_t *this, TNC_MessageType message_type)
+{
+	TNC_VendorID msg_vid, vid;
+	TNC_MessageSubtype msg_subtype, subtype;
+	int i;
+
+    msg_vid = (message_type >> 8) & TNC_VENDORID_ANY;
+	msg_subtype = message_type & TNC_SUBTYPE_ANY;
+
+	for (i = 0; i < this->type_count; i++)
+	{
+	    vid = (this->supported_types[i] >> 8) & TNC_VENDORID_ANY;
+	    subtype = this->supported_types[i] & TNC_SUBTYPE_ANY;
+
+	    if (this->supported_types[i] == message_type
+		|| (subtype == TNC_SUBTYPE_ANY
+			&& (msg_vid == vid || vid == TNC_VENDORID_ANY))
+		|| (vid == TNC_VENDORID_ANY 
+		    && (msg_subtype == subtype || subtype == TNC_SUBTYPE_ANY)))
+		{
+			return TRUE;
+		}
+	}
+	return FALSE;
+}
+
+METHOD(imc_t, destroy, void,
+	private_tnc_imc_t *this)
+{
+	dlclose(this->handle);
+	free(this->supported_types);
+	free(this->name);
+	free(this->path);
+	free(this);
+}
+
+/**
+ * Described in header.
+ */
+imc_t* tnc_imc_create(char *name, char *path)
+{
+	private_tnc_imc_t *this;
+
+	INIT(this,
+		.public = {
+			.set_id = _set_id,
+			.get_id = _get_id,
+			.get_name = _get_name,
+			.set_message_types = _set_message_types,
+			.type_supported = _type_supported,
+			.destroy = _destroy,
+        },
+		.name = name,
+		.path = path,
+	);
+
+	this->handle = dlopen(path, RTLD_LAZY);
+	if (!this->handle)
+	{
+		DBG1(DBG_TNC, "IMC \"%s\" failed to load: %s", name, dlerror());
+		free(this);
+		return NULL;
+	}
+
+	this->public.initialize = dlsym(this->handle, "TNC_IMC_Initialize");
+	if (!this->public.initialize)
+    {
+		DBG1(DBG_TNC, "could not resolve TNC_IMC_Initialize in %s: %s\n",
+					   path, dlerror());
+		dlclose(this->handle);
+		free(this);
+		return NULL;
+	}
+	this->public.notify_connection_change =
+						 dlsym(this->handle, "TNC_IMC_NotifyConnectionChange");
+    this->public.begin_handshake = dlsym(this->handle, "TNC_IMC_BeginHandshake");
+	if (!this->public.begin_handshake)
+    {
+		DBG1(DBG_TNC, "could not resolve TNC_IMC_BeginHandshake in %s: %s\n",
+					   path, dlerror());
+		dlclose(this->handle);
+		free(this);
+		return NULL;
+	}
+    this->public.receive_message =
+						dlsym(this->handle, "TNC_IMC_ReceiveMessage");
+    this->public.batch_ending =
+						dlsym(this->handle, "TNC_IMC_BatchEnding");
+    this->public.terminate =
+						dlsym(this->handle, "TNC_IMC_Terminate");
+    this->public.provide_bind_function =
+						dlsym(this->handle, "TNC_IMC_ProvideBindFunction");
+    if (!this->public.provide_bind_function)
+	{
+		DBG1(DBG_TNC, "could not resolve TNC_IMC_ProvideBindFunction in %s: %s\n",
+					  path, dlerror());
+		dlclose(this->handle);
+		free(this);
+		return NULL;
+	}
+
+	return &this->public;
+}
diff --git a/src/libcharon/plugins/tnc_imc/tnc_imc.h b/src/libcharon/plugins/tnc_imc/tnc_imc.h
new file mode 100644
index 000000000..10a67f90b
--- /dev/null
+++ b/src/libcharon/plugins/tnc_imc/tnc_imc.h
@@ -0,0 +1,36 @@
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ *
+ * @defgroup tnc_imc_t tnc_imc
+ * @{ @ingroup tnc_imc
+ */
+
+#ifndef TNC_IMC_H_
+#define TNC_IMC_H_
+
+#include <tnc/imc/imc.h>
+
+/**
+ * Create an Integrity Measurement Collector.
+ *
+ * @param name			name of the IMC
+ * @param filename		path to the dynamic IMC library
+ * @return				instance of the imc_t interface
+ */
+imc_t* tnc_imc_create(char *name, char *filename);
+
+#endif /** TNC_IMC_H_ @}*/
diff --git a/src/libcharon/plugins/tnc_imc/tnc_imc_bind_function.c b/src/libcharon/plugins/tnc_imc/tnc_imc_bind_function.c
new file mode 100644
index 000000000..e18f1b006
--- /dev/null
+++ b/src/libcharon/plugins/tnc_imc/tnc_imc_bind_function.c
@@ -0,0 +1,83 @@
+/*
+ * Copyright (C) 2006 Mike McCauley
+ * Copyright (C) 2010 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "tnc_imc.h"
+
+#include <debug.h>
+#include <daemon.h>
+
+#define TNC_IMVID_ANY	0xffff
+
+/**
+ * Called by the IMC to inform a TNCC about the set of message types the IMC
+ * is able to receive
+ */
+TNC_Result TNC_TNCC_ReportMessageTypes(TNC_IMCID imc_id,
+									   TNC_MessageTypeList supported_types,
+									   TNC_UInt32 type_count)
+{
+	return charon->imcs->set_message_types(charon->imcs, imc_id,
+										   supported_types, type_count);
+}
+
+/**
+ * Called by the IMC to ask a TNCC to retry an Integrity Check Handshake
+ */
+TNC_Result TNC_TNCC_RequestHandshakeRetry(TNC_IMCID imc_id,
+										  TNC_ConnectionID connection_id,
+										  TNC_RetryReason reason)
+{
+	return charon->tnccs->request_handshake_retry(charon->tnccs, TRUE, imc_id,
+												  connection_id, reason);
+}
+
+/**
+ * Called by the IMC when an IMC-IMV message is to be sent
+ */
+TNC_Result TNC_TNCC_SendMessage(TNC_IMCID imc_id,
+								TNC_ConnectionID connection_id,
+								TNC_BufferReference msg,
+								TNC_UInt32 msg_len,
+								TNC_MessageType msg_type)
+{
+	return charon->tnccs->send_message(charon->tnccs, imc_id, TNC_IMVID_ANY,
+									   connection_id, msg, msg_len, msg_type);
+}
+
+/**
+ * Called by the IMC when it needs a function pointer
+ */
+TNC_Result TNC_TNCC_BindFunction(TNC_IMCID id,
+								 char *function_name,
+								 void **function_pointer)
+{
+	if (streq(function_name, "TNC_TNCC_ReportMessageTypes"))
+	{
+		*function_pointer = (void*)TNC_TNCC_ReportMessageTypes;
+	}
+    else if (streq(function_name, "TNC_TNCC_RequestHandshakeRetry"))
+	{
+		*function_pointer = (void*)TNC_TNCC_RequestHandshakeRetry;
+	}
+    else if (streq(function_name, "TNC_TNCC_SendMessage"))
+	{
+		*function_pointer = (void*)TNC_TNCC_SendMessage;
+	}
+    else
+	{
+		return TNC_RESULT_INVALID_PARAMETER;
+	}
+    return TNC_RESULT_SUCCESS;
+}
diff --git a/src/libcharon/plugins/tnc_imc/tnc_imc_manager.c b/src/libcharon/plugins/tnc_imc/tnc_imc_manager.c
new file mode 100644
index 000000000..aa20534f5
--- /dev/null
+++ b/src/libcharon/plugins/tnc_imc/tnc_imc_manager.c
@@ -0,0 +1,238 @@
+/*
+ * Copyright (C) 2006 Mike McCauley
+ * Copyright (C) 2010 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "tnc_imc_manager.h"
+
+#include <tnc/imc/imc_manager.h>
+#include <tnc/tncifimc.h>
+
+#include <debug.h>
+#include <library.h>
+#include <utils/linked_list.h>
+
+typedef struct private_tnc_imc_manager_t private_tnc_imc_manager_t;
+
+/**
+ * Private data of an imc_manager_t object.
+ */
+struct private_tnc_imc_manager_t {
+
+	/**
+	 * Public members of imc_manager_t.
+	 */
+	imc_manager_t public;
+
+	/**
+	 * Linked list of IMCs
+	 */
+	linked_list_t *imcs;
+
+	/**
+	 * Next IMC ID to be assigned
+	 */
+	TNC_IMCID next_imc_id;
+};
+
+METHOD(imc_manager_t, add, bool,
+	private_tnc_imc_manager_t *this, imc_t *imc)
+{
+	TNC_Version version;
+
+	/* Initialize the module */
+	imc->set_id(imc, this->next_imc_id);
+	if (imc->initialize(imc->get_id(imc), TNC_IFIMC_VERSION_1,
+			TNC_IFIMC_VERSION_1, &version) != TNC_RESULT_SUCCESS)
+	{
+		DBG1(DBG_TNC, "IMC \"%s\" failed to initialize", imc->get_name(imc));
+		return FALSE;
+	}
+	this->imcs->insert_last(this->imcs, imc);
+	this->next_imc_id++;
+
+	if (imc->provide_bind_function(imc->get_id(imc), TNC_TNCC_BindFunction)
+			!= TNC_RESULT_SUCCESS)
+	{
+		DBG1(DBG_TNC, "IMC \"%s\" failed to obtain bind function",
+					   imc->get_name(imc));
+		this->imcs->remove_last(this->imcs, (void**)&imc);
+		return FALSE;
+	}
+
+	return TRUE;
+}
+
+METHOD(imc_manager_t, remove_, imc_t*,
+	private_tnc_imc_manager_t *this, TNC_IMCID id)
+{
+	enumerator_t *enumerator;
+	imc_t *imc;
+
+	enumerator = this->imcs->create_enumerator(this->imcs);
+	while (enumerator->enumerate(enumerator, &imc))
+	{
+		if (id == imc->get_id(imc))
+		{
+			this->imcs->remove_at(this->imcs, enumerator);
+			return imc;
+		}
+	}
+	enumerator->destroy(enumerator);
+	return NULL;
+}
+
+METHOD(imc_manager_t, get_preferred_language, char*,
+	private_tnc_imc_manager_t *this)
+{
+	return lib->settings->get_str(lib->settings,
+					"charon.plugins.tnc-imc.preferred_language", "en");
+}
+
+METHOD(imc_manager_t, notify_connection_change, void,
+	private_tnc_imc_manager_t *this, TNC_ConnectionID id,
+									 TNC_ConnectionState state)
+{
+	enumerator_t *enumerator;
+	imc_t *imc;
+
+	enumerator = this->imcs->create_enumerator(this->imcs);
+	while (enumerator->enumerate(enumerator, &imc))
+	{
+		if (imc->notify_connection_change)
+		{
+			imc->notify_connection_change(imc->get_id(imc), id, state);
+		}
+	}
+	enumerator->destroy(enumerator);
+}
+
+METHOD(imc_manager_t, begin_handshake, void,
+	private_tnc_imc_manager_t *this, TNC_ConnectionID id)
+{
+	enumerator_t *enumerator;
+	imc_t *imc;
+
+	enumerator = this->imcs->create_enumerator(this->imcs);
+	while (enumerator->enumerate(enumerator, &imc))
+	{
+		imc->begin_handshake(imc->get_id(imc), id);
+	}
+	enumerator->destroy(enumerator);
+}
+
+METHOD(imc_manager_t, set_message_types, TNC_Result,
+	private_tnc_imc_manager_t *this, TNC_IMCID id,
+									 TNC_MessageTypeList supported_types,
+									 TNC_UInt32 type_count)
+{
+	enumerator_t *enumerator;
+	imc_t *imc;
+	TNC_Result result = TNC_RESULT_FATAL;
+
+	enumerator = this->imcs->create_enumerator(this->imcs);
+	while (enumerator->enumerate(enumerator, &imc))
+	{
+		if (id == imc->get_id(imc))
+		{
+			imc->set_message_types(imc, supported_types, type_count);
+			result = TNC_RESULT_SUCCESS;
+			break;
+		}
+	}
+	enumerator->destroy(enumerator);
+	return result;
+}
+
+METHOD(imc_manager_t, receive_message, void,
+	private_tnc_imc_manager_t *this, TNC_ConnectionID connection_id,
+									 TNC_BufferReference message,
+									 TNC_UInt32 message_len,
+									 TNC_MessageType message_type)
+{
+	enumerator_t *enumerator;
+	imc_t *imc;
+
+	enumerator = this->imcs->create_enumerator(this->imcs);
+	while (enumerator->enumerate(enumerator, &imc))
+	{
+		if (imc->receive_message && imc->type_supported(imc, message_type))
+		{
+			imc->receive_message(imc->get_id(imc), connection_id,
+								 message, message_len, message_type);
+		}
+	}
+	enumerator->destroy(enumerator);
+}
+
+METHOD(imc_manager_t, batch_ending, void,
+	private_tnc_imc_manager_t *this, TNC_ConnectionID id)
+{
+	enumerator_t *enumerator;
+	imc_t *imc;
+
+	enumerator = this->imcs->create_enumerator(this->imcs);
+	while (enumerator->enumerate(enumerator, &imc))
+	{
+		if (imc->batch_ending)
+		{
+			imc->batch_ending(imc->get_id(imc), id);
+		}
+	}
+	enumerator->destroy(enumerator);
+}
+
+METHOD(imc_manager_t, destroy, void,
+	private_tnc_imc_manager_t *this)
+{
+	imc_t *imc;
+
+	while (this->imcs->remove_last(this->imcs, (void**)&imc) == SUCCESS)
+	{
+		if (imc->terminate &&
+			imc->terminate(imc->get_id(imc)) != TNC_RESULT_SUCCESS)
+		{
+			DBG1(DBG_TNC, "IMC \"%s\" not terminated successfully",
+						   imc->get_name(imc));
+		}
+		imc->destroy(imc);
+	}
+	this->imcs->destroy(this->imcs);
+	free(this);
+}
+
+/**
+ * Described in header.
+ */
+imc_manager_t* tnc_imc_manager_create(void)
+{
+	private_tnc_imc_manager_t *this;
+
+	INIT(this,
+		.public = {
+			.add = _add,
+			.remove = _remove_, /* avoid name conflict with stdio.h */
+			.get_preferred_language = _get_preferred_language,
+			.notify_connection_change = _notify_connection_change,
+			.begin_handshake = _begin_handshake,
+			.set_message_types = _set_message_types,
+			.receive_message = _receive_message,
+			.batch_ending = _batch_ending,
+			.destroy = _destroy,
+		},
+		.imcs = linked_list_create(),
+		.next_imc_id = 1,
+	);
+
+	return &this->public;
+}
diff --git a/src/libcharon/plugins/tnc_imc/tnc_imc_manager.h b/src/libcharon/plugins/tnc_imc/tnc_imc_manager.h
new file mode 100644
index 000000000..ed490293b
--- /dev/null
+++ b/src/libcharon/plugins/tnc_imc/tnc_imc_manager.h
@@ -0,0 +1,32 @@
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ *
+ * @defgroup tnc_imc_manager tnc_imc_manager
+ * @{ @ingroup tnc_imc
+ */
+
+#ifndef TNC_IMC_MANAGER_H_
+#define TNC_IMC_MANAGER_H_
+
+#include <tnc/imc/imc_manager.h>
+
+/**
+ * Create an IMC manager instance.
+ */
+imc_manager_t *tnc_imc_manager_create();
+
+#endif /** TNC_IMC_MANAGER_H_ @}*/
diff --git a/src/libcharon/plugins/tnc_imc/tnc_imc_plugin.c b/src/libcharon/plugins/tnc_imc/tnc_imc_plugin.c
index 0ce930ba3..89888040a 100644
--- a/src/libcharon/plugins/tnc_imc/tnc_imc_plugin.c
+++ b/src/libcharon/plugins/tnc_imc/tnc_imc_plugin.c
@@ -14,15 +14,137 @@
  */
 
 #include "tnc_imc_plugin.h"
+#include "tnc_imc_manager.h"
+#include "tnc_imc.h"
 
-#include <libtnctncc.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/mman.h>
+#include <unistd.h>
+#include <errno.h>
+#include <fcntl.h>
 
 #include <daemon.h>
+#include <utils/lexparser.h>
+
+/**
+ * load IMCs from a configuration file
+ */
+static bool load_imcs(char *filename)
+{
+	int fd, line_nr = 0;
+	chunk_t src, line;
+	struct stat sb;
+	void *addr;
+
+	DBG1(DBG_TNC, "loading IMCs from '%s'", filename);
+	fd = open(filename, O_RDONLY);
+	if (fd == -1)
+	{
+		DBG1(DBG_TNC, "opening configuration file '%s' failed: %s", filename,
+			 strerror(errno));
+		return FALSE;
+	}
+	if (fstat(fd, &sb) == -1)
+	{
+		DBG1(DBG_LIB, "getting file size of '%s' failed: %s", filename,
+			 strerror(errno));
+		close(fd);
+		return FALSE;
+	}
+	addr = mmap(NULL, sb.st_size, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
+	if (addr == MAP_FAILED)
+	{
+		DBG1(DBG_LIB, "mapping '%s' failed: %s", filename, strerror(errno));
+		close(fd);
+		return FALSE;
+	}
+	src = chunk_create(addr, sb.st_size);
+
+	while (fetchline(&src, &line))
+	{
+		char *name, *path;
+		chunk_t token;
+		imc_t *imc;
+
+		line_nr++;
+
+		/* skip comments or empty lines */
+		if (*line.ptr == '#' || !eat_whitespace(&line))
+		{
+			continue;
+		}
+
+		/* determine keyword */
+		if (!extract_token(&token, ' ', &line))
+		{
+			DBG1(DBG_TNC, "line %d: keyword must be followed by a space",
+						   line_nr);
+			return FALSE;
+		}
+
+		/* only interested in IMCs */
+		if (!match("IMC", &token))
+		{
+			continue;
+		}
+
+		/* advance to the IMC name and extract it */
+		if (!extract_token(&token, '"', &line) ||
+			!extract_token(&token, '"', &line))
+		{
+			DBG1(DBG_TNC, "line %d: IMC name must be set in double quotes",
+						   line_nr);
+			return FALSE;
+		}
+
+		/* copy the IMC name */
+		name = malloc(token.len + 1);
+		memcpy(name, token.ptr, token.len);
+		name[token.len] = '\0';
+
+		/* advance to the IMC path and extract it */
+		if (!eat_whitespace(&line))
+		{
+			DBG1(DBG_TNC, "line %d: IMC path is missing", line_nr);
+			free(name);
+			return FALSE;
+		}
+		if (!extract_token(&token, ' ', &line))
+		{
+			token = line;
+		}
+
+		/* copy the IMC path */
+		path = malloc(token.len + 1);
+		memcpy(path, token.ptr, token.len);
+		path[token.len] = '\0';
+
+		/* load and register IMC instance */
+		imc = tnc_imc_create(name, path);
+		if (!imc)
+		{
+			free(name);
+			free(path);
+			return FALSE;
+		}
+		if (!charon->imcs->add(charon->imcs, imc))
+		{
+			imc->destroy(imc);
+			return FALSE;
+		}
+		DBG1(DBG_TNC, "IMC %u \"%s\" loaded from '%s'", imc->get_id(imc),
+														name, path);
+	}
+	munmap(addr, sb.st_size);
+	close(fd);
+	return TRUE;
+}
 
 METHOD(plugin_t, destroy, void,
 	tnc_imc_plugin_t *this)
 {
-	libtnc_tncc_Terminate();
+	charon->imcs->destroy(charon->imcs);
 	free(this);
 }
 
@@ -31,7 +153,7 @@ METHOD(plugin_t, destroy, void,
  */
 plugin_t *tnc_imc_plugin_create()
 {
-	char *tnc_config, *pref_lang;
+	char *tnc_config;
 	tnc_imc_plugin_t *this;
 
 	INIT(this,
@@ -40,18 +162,19 @@ plugin_t *tnc_imc_plugin_create()
 		},
 	);
 
-	pref_lang = lib->settings->get_str(lib->settings,
-					"charon.plugins.tnc-imc.preferred_language", "en");
+	/* Create IMC manager */
+	charon->imcs = tnc_imc_manager_create();
+
+	/* Load IMCs and abort if not all instances initalize successfully */
 	tnc_config = lib->settings->get_str(lib->settings,
 					"charon.plugins.tnc-imc.tnc_config", "/etc/tnc_config");
-
-	if (libtnc_tncc_Initialize(tnc_config) != TNC_RESULT_SUCCESS)
+	if (!load_imcs(tnc_config))
 	{
+		charon->imcs->destroy(charon->imcs);
+		charon->imcs = NULL;
 		free(this);
-		DBG1(DBG_TNC, "TNC IMC initialization failed");
 		return NULL;
 	}
-
 	return &this->plugin;
 }