Imported Upstream version 5.0.3

9 files changed, 124 insertions, 15 deletions

diff --git a/src/libimcv/imv/imv_agent.c b/src/libimcv/imv/imv_agent.c
index 6a33e396c..879a0103a 100644
--- a/src/libimcv/imv/imv_agent.c
+++ b/src/libimcv/imv/imv_agent.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2013 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -18,8 +18,11 @@
 #include "ietf/ietf_attr_assess_result.h"
 
 #include <tncif_names.h>
+#include <tncif_identity.h>
 
 #include <utils/debug.h>
+#include <collections/linked_list.h>
+#include <bio/bio_reader.h>
 #include <threading/rwlock.h>
 
 typedef struct private_imv_agent_t private_imv_agent_t;
@@ -210,8 +213,6 @@ METHOD(imv_agent_t, bind_functions, TNC_Result,
 	{
 		this->reserve_additional_id = NULL;
 	}
-	DBG2(DBG_IMV, "IMV %u \"%s\" provided with bind function",
-				  this->id, this->name);
 
 	if (this->report_message_types_long)
 	{
@@ -352,12 +353,59 @@ static u_int32_t get_uint_attribute(private_imv_agent_t *this, TNC_ConnectionID
 	return 0;
  }
 
+/**
+ * Read a TNC identity attribute
+ */
+static linked_list_t* get_identity_attribute(private_imv_agent_t *this,
+											 TNC_ConnectionID id,
+											 TNC_AttributeID attribute_id)
+{
+	TNC_UInt32 len;
+	char buf[2048];
+	u_int32_t count;
+	tncif_identity_t *tnc_id;
+	bio_reader_t *reader;
+	linked_list_t *list;
+
+	list = linked_list_create();
+
+	if (!this->get_attribute ||
+		 this->get_attribute(this->id, id, attribute_id, sizeof(buf), buf, &len)
+				!= TNC_RESULT_SUCCESS || len > sizeof(buf))
+	{
+		return list;
+	}
+
+	reader = bio_reader_create(chunk_create(buf, len));
+	if (!reader->read_uint32(reader, &count))
+	{
+			goto end;
+	}
+	while (count--)
+	{
+		tnc_id = tncif_identity_create_empty();
+		if (!tnc_id->process(tnc_id, reader))
+		{
+			tnc_id->destroy(tnc_id);
+			goto end;
+		}
+		list->insert_last(list, tnc_id);
+	}
+
+end:
+	reader->destroy(reader);
+	return list;
+ }
+
 METHOD(imv_agent_t, create_state, TNC_Result,
 	private_imv_agent_t *this, imv_state_t *state)
 {
 	TNC_ConnectionID conn_id;
 	char *tnccs_p = NULL, *tnccs_v = NULL, *t_p = NULL, *t_v = NULL;
 	bool has_long = FALSE, has_excl = FALSE, has_soh = FALSE;
+	linked_list_t *ar_identities;
+	enumerator_t *enumerator;
+	tncif_identity_t *tnc_id;
 	u_int32_t max_msg_len;
 
 	conn_id = state->get_connection_id(state);
@@ -378,6 +426,7 @@ METHOD(imv_agent_t, create_state, TNC_Result,
 	t_p = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFT_PROTOCOL);
 	t_v = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFT_VERSION);
 	max_msg_len = get_uint_attribute(this, conn_id, TNC_ATTRIBUTEID_MAX_MESSAGE_SIZE);
+	ar_identities = get_identity_attribute(this, conn_id, TNC_ATTRIBUTEID_AR_IDENTITIES);
 
 	state->set_flags(state, has_long, has_excl);
 	state->set_max_msg_len(state, max_msg_len);
@@ -389,6 +438,36 @@ METHOD(imv_agent_t, create_state, TNC_Result,
 	DBG2(DBG_IMV, "  over %s %s with maximum PA-TNC message size of %u bytes",
 				  t_p ? t_p:"?", t_v ? t_v :"?", max_msg_len);
 
+	enumerator = ar_identities->create_enumerator(ar_identities);
+	while (enumerator->enumerate(enumerator, &tnc_id))
+	{
+		pen_type_t id_type, subject_type, auth_type;
+		u_int32_t tcg_id_type, tcg_subject_type, tcg_auth_type;
+		chunk_t id_value;
+
+		id_type = tnc_id->get_identity_type(tnc_id);
+		id_value = tnc_id->get_identity_value(tnc_id);
+		subject_type = tnc_id->get_subject_type(tnc_id);
+		auth_type = tnc_id->get_auth_type(tnc_id);
+
+		tcg_id_type =      (id_type.vendor_id == PEN_TCG) ?
+							id_type.type : TNC_ID_UNKNOWN;
+		tcg_subject_type = (subject_type.vendor_id == PEN_TCG) ?
+							subject_type.type : TNC_SUBJECT_UNKNOWN;
+		tcg_auth_type =    (auth_type.vendor_id == PEN_TCG) ?
+							auth_type.type : TNC_AUTH_UNKNOWN;
+
+
+		DBG2(DBG_IMV, "  %N AR identity '%.*s' authenticated by %N",
+			 TNC_Subject_names, tcg_subject_type,
+			 id_value.len, id_value.ptr,
+			 TNC_Authentication_names, tcg_auth_type);
+		state->set_ar_id(state, tcg_id_type, id_value);
+	}
+	enumerator->destroy(enumerator);
+
+	ar_identities->destroy_offset(ar_identities,
+						   offsetof(tncif_identity_t, destroy));
 	free(tnccs_p);
 	free(tnccs_v);
 	free(t_p);
diff --git a/src/libimcv/imv/imv_agent.h b/src/libimcv/imv/imv_agent.h
index 5b2cffefe..6f3d2b4b7 100644
--- a/src/libimcv/imv/imv_agent.h
+++ b/src/libimcv/imv/imv_agent.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2013 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -16,7 +16,7 @@
 /**
  *
  * @defgroup imv_agent_t imv_agent
- * @{ @ingroup imv_agent
+ * @{ @ingroup libimcv_imv
  */
 
 #ifndef IMV_AGENT_H_
diff --git a/src/libimcv/imv/imv_lang_string.h b/src/libimcv/imv/imv_lang_string.h
index 90a66db76..56b4572f8 100644
--- a/src/libimcv/imv/imv_lang_string.h
+++ b/src/libimcv/imv/imv_lang_string.h
@@ -16,7 +16,7 @@
 /**
  *
  * @defgroup imv_lang_string_t imv_lang_string
- * @{ @ingroup imv_lang_string
+ * @{ @ingroup libimcv_imv
  */
 
 #ifndef IMV_LANG_STRING_H_
diff --git a/src/libimcv/imv/imv_msg.c b/src/libimcv/imv/imv_msg.c
index 4ed19dd13..496d0ee1c 100644
--- a/src/libimcv/imv/imv_msg.c
+++ b/src/libimcv/imv/imv_msg.c
@@ -102,6 +102,12 @@ METHOD(imv_msg_t, set_msg_type, void,
 	}
 }
 
+METHOD(imv_msg_t, get_msg_type, pen_type_t,
+	private_imv_msg_t *this)
+{
+	return this->msg_type;
+}
+
 METHOD(imv_msg_t, add_attribute, void,
 	private_imv_msg_t *this, pa_tnc_attr_t *attr)
 {
@@ -352,6 +358,7 @@ imv_msg_t *imv_msg_create(imv_agent_t *agent, imv_state_t *state,
 			.get_src_id = _get_src_id,
 			.get_dst_id = _get_dst_id,
 			.set_msg_type = _set_msg_type,
+			.get_msg_type = _get_msg_type,
 			.send = _send_,
 			.send_assessment = _send_assessment,
 			.receive = _receive,
diff --git a/src/libimcv/imv/imv_msg.h b/src/libimcv/imv/imv_msg.h
index b639712e8..9e56d9fe7 100644
--- a/src/libimcv/imv/imv_msg.h
+++ b/src/libimcv/imv/imv_msg.h
@@ -14,8 +14,8 @@
  */
 
 /**
- * @defgroup imv_msg imv_msg
- * @{ @ingroup libimcv
+ * @defgroup imv_msg_t imv_msg
+ * @{ @ingroup libimcv_imv
  */
 
 #ifndef IMV_MSG_H_
@@ -55,6 +55,13 @@ struct imv_msg_t {
 	void (*set_msg_type)(imv_msg_t *this, pen_type_t msg_type);
 
 	/**
+	 * Get the type of a PA-TNC message.
+	 *
+	 * @return					message type
+	 */
+	pen_type_t (*get_msg_type)(imv_msg_t *this);
+
+	/**
 	 * Sends one or multiple PA-TNC messages
 	 *
 	 * @param excl				set the excl message flag if supported
@@ -148,7 +155,6 @@ imv_msg_t* imv_msg_create_from_data(imv_agent_t *agent, imv_state_t *state,
  * @param connection_id			connection ID
  * @param src_id				source IMC ID
  * @param dst_id				destination IMV ID
- * @param msg_flags				PA-TNC message flags
  * @param msg_vid				PA-TNC message vendor ID
  * @param msg_subtype			PA-TNC subtype
  * @param msg					received PA-TNC message blob
diff --git a/src/libimcv/imv/imv_reason_string.c b/src/libimcv/imv/imv_reason_string.c
index 18eade01b..d1447ec35 100644
--- a/src/libimcv/imv/imv_reason_string.c
+++ b/src/libimcv/imv/imv_reason_string.c
@@ -51,7 +51,7 @@ METHOD(imv_reason_string_t, add_reason, void,
 	if (this->reasons.len)
 	{
 		/* append any further reasons */
-		this->reasons = chunk_cat("cm", this->reasons, chunk_from_chars('\n'),
+		this->reasons = chunk_cat("mcc", this->reasons, chunk_from_chars('\n'),
 								  chunk_create(s_reason, strlen(s_reason)));
 	}
 	else
diff --git a/src/libimcv/imv/imv_reason_string.h b/src/libimcv/imv/imv_reason_string.h
index 320b2476a..cb4c27f93 100644
--- a/src/libimcv/imv/imv_reason_string.h
+++ b/src/libimcv/imv/imv_reason_string.h
@@ -16,7 +16,7 @@
 /**
  *
  * @defgroup imv_reason_string_t imv_reason_string
- * @{ @ingroup imv_reason_string
+ * @{ @ingroup libimcv_imv
  */
 
 #ifndef IMV_REASON_STRING_H_
diff --git a/src/libimcv/imv/imv_remediation_string.h b/src/libimcv/imv/imv_remediation_string.h
index 9249c2aab..605013abb 100644
--- a/src/libimcv/imv/imv_remediation_string.h
+++ b/src/libimcv/imv/imv_remediation_string.h
@@ -16,7 +16,7 @@
 /**
  *
  * @defgroup imv_remediation_string_t imv_remediation_string
- * @{ @ingroup imv_remediation_string
+ * @{ @ingroup libimcv_imv
  */
 
 #ifndef IMV_REMEDIATION_STRING_H_
diff --git a/src/libimcv/imv/imv_state.h b/src/libimcv/imv/imv_state.h
index f40402e2b..d1a87d2d7 100644
--- a/src/libimcv/imv/imv_state.h
+++ b/src/libimcv/imv/imv_state.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2013 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -16,7 +16,7 @@
 /**
  *
  * @defgroup imv_state_t imv_state
- * @{ @ingroup imv_state
+ * @{ @ingroup libimcv_imv
  */
 
 #ifndef IMV_STATE_H_
@@ -66,7 +66,7 @@ struct imv_state_t {
 	/**
 	 * Set the maximum size of a PA-TNC message for this TNCCS connection
 	 *
-	 * @max_msg_len			maximum size of a PA-TNC message
+	 * @param max_msg_len	maximum size of a PA-TNC message
 	 */
 	void (*set_max_msg_len)(imv_state_t *this, u_int32_t max_msg_len);
 
@@ -78,6 +78,23 @@ struct imv_state_t {
 	u_int32_t (*get_max_msg_len)(imv_state_t *this);
 
 	/**
+	 * Set Access Requestor ID
+	 *
+	 * @param id_type		Access Requestor TCG Standard ID Type
+	 * @param id_value		Access Requestor TCG Standard ID Value
+	 *
+	 */
+	void (*set_ar_id)(imv_state_t *this, u_int32_t id_type, chunk_t id_value);
+
+	/**
+	 * Get Access Requestor ID
+	 *
+	 * @param id_type		Access Requestor TCG Standard ID Type
+	 * @return				Access Requestor TCG Standard ID Value
+	 */
+	chunk_t (*get_ar_id)(imv_state_t *this, u_int32_t *id_type);
+
+	/**
 	 * Change the connection state
 	 *
 	 * @param new_state		new connection state