diff options
Diffstat (limited to 'src/libcharon/plugins/tnccs_20')
13 files changed, 236 insertions, 190 deletions
diff --git a/src/libcharon/plugins/tnccs_20/Makefile.am b/src/libcharon/plugins/tnccs_20/Makefile.am index d72fd3e34..ec17e6412 100644 --- a/src/libcharon/plugins/tnccs_20/Makefile.am +++ b/src/libcharon/plugins/tnccs_20/Makefile.am @@ -1,6 +1,9 @@ -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ - -I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libtls +INCLUDES = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libtls \ + -I$(top_srcdir)/src/libtncif \ + -I$(top_srcdir)/src/libtnccs AM_CFLAGS = -rdynamic @@ -8,7 +11,9 @@ if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-tnccs-20.la else plugin_LTLIBRARIES = libstrongswan-tnccs-20.la -libstrongswan_tnccs_20_la_LIBADD = $(top_builddir)/src/libtls/libtls.la +libstrongswan_tnccs_20_la_LIBADD = \ + $(top_builddir)/src/libtncif/libtncif.la \ + $(top_builddir)/src/libtnccs/libtnccs.la endif libstrongswan_tnccs_20_la_SOURCES = \ diff --git a/src/libcharon/plugins/tnccs_20/Makefile.in b/src/libcharon/plugins/tnccs_20/Makefile.in index bbfcc2760..b0078f338 100644 --- a/src/libcharon/plugins/tnccs_20/Makefile.in +++ b/src/libcharon/plugins/tnccs_20/Makefile.in @@ -75,7 +75,8 @@ am__base_list = \ am__installdirs = "$(DESTDIR)$(plugindir)" LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) @MONOLITHIC_FALSE@libstrongswan_tnccs_20_la_DEPENDENCIES = \ -@MONOLITHIC_FALSE@ $(top_builddir)/src/libtls/libtls.la +@MONOLITHIC_FALSE@ $(top_builddir)/src/libtncif/libtncif.la \ +@MONOLITHIC_FALSE@ $(top_builddir)/src/libtnccs/libtnccs.la am_libstrongswan_tnccs_20_la_OBJECTS = tnccs_20_plugin.lo tnccs_20.lo \ pb_tnc_batch.lo pb_tnc_msg.lo pb_experimental_msg.lo \ pb_pa_msg.lo pb_assessment_result_msg.lo \ @@ -200,6 +201,9 @@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +axis2c_CFLAGS = @axis2c_CFLAGS@ +axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -208,6 +212,7 @@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ c_plugins = @c_plugins@ +clearsilver_LIBS = @clearsilver_LIBS@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ @@ -224,11 +229,13 @@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ +imcvdir = @imcvdir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -272,6 +279,7 @@ sharedstatedir = @sharedstatedir@ soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ +starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ @@ -282,13 +290,19 @@ top_srcdir = @top_srcdir@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ - -I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libtls +INCLUDES = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libtls \ + -I$(top_srcdir)/src/libtncif \ + -I$(top_srcdir)/src/libtnccs AM_CFLAGS = -rdynamic @MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-tnccs-20.la @MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-tnccs-20.la -@MONOLITHIC_FALSE@libstrongswan_tnccs_20_la_LIBADD = $(top_builddir)/src/libtls/libtls.la +@MONOLITHIC_FALSE@libstrongswan_tnccs_20_la_LIBADD = \ +@MONOLITHIC_FALSE@ $(top_builddir)/src/libtncif/libtncif.la \ +@MONOLITHIC_FALSE@ $(top_builddir)/src/libtnccs/libtnccs.la + libstrongswan_tnccs_20_la_SOURCES = \ tnccs_20_plugin.h tnccs_20_plugin.c tnccs_20.h tnccs_20.c \ batch/pb_tnc_batch.h batch/pb_tnc_batch.c \ diff --git a/src/libcharon/plugins/tnccs_20/batch/pb_tnc_batch.c b/src/libcharon/plugins/tnccs_20/batch/pb_tnc_batch.c index 3f38543ed..c6a4bb599 100644 --- a/src/libcharon/plugins/tnccs_20/batch/pb_tnc_batch.c +++ b/src/libcharon/plugins/tnccs_20/batch/pb_tnc_batch.c @@ -18,12 +18,14 @@ #include "messages/pb_error_msg.h" #include "state_machine/pb_tnc_state_machine.h" -#include <debug.h> -#include <utils/linked_list.h> -#include <tls_writer.h> -#include <tls_reader.h> #include <tnc/tnccs/tnccs.h> +#include <utils/linked_list.h> +#include <bio/bio_writer.h> +#include <bio/bio_reader.h> +#include <pen/pen.h> +#include <debug.h> + ENUM(pb_tnc_batch_type_names, PB_BATCH_CDATA, PB_BATCH_CLOSE, "CDATA", "SDATA", @@ -142,7 +144,7 @@ METHOD(pb_tnc_batch_t, build, void, enumerator_t *enumerator; pb_tnc_msg_type_t msg_type; pb_tnc_msg_t *msg; - tls_writer_t *writer; + bio_writer_t *writer; /* compute total PB-TNC batch size by summing over all messages */ batch_len = PB_TNC_BATCH_HEADER_SIZE; @@ -156,7 +158,7 @@ METHOD(pb_tnc_batch_t, build, void, enumerator->destroy(enumerator); /* build PB-TNC batch header */ - writer = tls_writer_create(batch_len); + writer = bio_writer_create(batch_len); writer->write_uint8 (writer, PB_TNC_VERSION); writer->write_uint8 (writer, this->is_server ? PB_TNC_BATCH_FLAG_D : PB_TNC_BATCH_FLAG_NONE); @@ -178,7 +180,7 @@ METHOD(pb_tnc_batch_t, build, void, flags |= PB_TNC_FLAG_NOSKIP; } writer->write_uint8 (writer, flags); - writer->write_uint24(writer, IETF_VENDOR_ID); + writer->write_uint24(writer, PEN_IETF); writer->write_uint32(writer, msg_type); writer->write_uint32(writer, msg_len); writer->write_data (writer, msg_value); @@ -192,7 +194,7 @@ METHOD(pb_tnc_batch_t, build, void, static status_t process_batch_header(private_pb_tnc_batch_t *this, pb_tnc_state_machine_t *state_machine) { - tls_reader_t *reader; + bio_reader_t *reader; pb_tnc_msg_t *msg; pb_error_msg_t *err_msg; u_int8_t version, flags, reserved, type; @@ -203,12 +205,12 @@ static status_t process_batch_header(private_pb_tnc_batch_t *this, { DBG1(DBG_TNC, "%u bytes insufficient to parse PB-TNC batch header", this->encoding.len); - msg = pb_error_msg_create_with_offset(TRUE, IETF_VENDOR_ID, + msg = pb_error_msg_create_with_offset(TRUE, PEN_IETF, PB_ERROR_INVALID_PARAMETER, 0); goto fatal; } - reader = tls_reader_create(this->encoding); + reader = bio_reader_create(this->encoding); reader->read_uint8 (reader, &version); reader->read_uint8 (reader, &flags); reader->read_uint8 (reader, &reserved); @@ -220,7 +222,7 @@ static status_t process_batch_header(private_pb_tnc_batch_t *this, if (version != PB_TNC_VERSION) { DBG1(DBG_TNC, "unsupported TNCCS batch version 0x%01x", version); - msg = pb_error_msg_create(TRUE, IETF_VENDOR_ID, + msg = pb_error_msg_create(TRUE, PEN_IETF, PB_ERROR_VERSION_NOT_SUPPORTED); err_msg = (pb_error_msg_t*)msg; err_msg->set_bad_version(err_msg, version); @@ -233,7 +235,7 @@ static status_t process_batch_header(private_pb_tnc_batch_t *this, { DBG1(DBG_TNC, "wrong Directionality: batch is from a PB %s", directionality ? "server" : "client"); - msg = pb_error_msg_create_with_offset(TRUE, IETF_VENDOR_ID, + msg = pb_error_msg_create_with_offset(TRUE, PEN_IETF, PB_ERROR_INVALID_PARAMETER, 1); goto fatal; } @@ -243,7 +245,7 @@ static status_t process_batch_header(private_pb_tnc_batch_t *this, if (this->type > PB_BATCH_ROOF) { DBG1(DBG_TNC, "unknown PB-TNC batch type: %d", this->type); - msg = pb_error_msg_create_with_offset(TRUE, IETF_VENDOR_ID, + msg = pb_error_msg_create_with_offset(TRUE, PEN_IETF, PB_ERROR_INVALID_PARAMETER, 3); goto fatal; } @@ -252,7 +254,7 @@ static status_t process_batch_header(private_pb_tnc_batch_t *this, { DBG1(DBG_TNC, "unexpected PB-TNC batch type: %N", pb_tnc_batch_type_names, this->type); - msg = pb_error_msg_create(TRUE, IETF_VENDOR_ID, + msg = pb_error_msg_create(TRUE, PEN_IETF, PB_ERROR_UNEXPECTED_BATCH_TYPE); goto fatal; } @@ -262,7 +264,7 @@ static status_t process_batch_header(private_pb_tnc_batch_t *this, { DBG1(DBG_TNC, "%u bytes of data is not equal to batch length of %u bytes", this->encoding.len, batch_len); - msg = pb_error_msg_create_with_offset(TRUE, IETF_VENDOR_ID, + msg = pb_error_msg_create_with_offset(TRUE, PEN_IETF, PB_ERROR_INVALID_PARAMETER, 4); goto fatal; } @@ -277,7 +279,7 @@ fatal: static status_t process_tnc_msg(private_pb_tnc_batch_t *this) { - tls_reader_t *reader; + bio_reader_t *reader; pb_tnc_msg_t *pb_tnc_msg, *msg; u_int8_t flags; u_int32_t vendor_id, msg_type, msg_len, offset; @@ -291,12 +293,12 @@ static status_t process_tnc_msg(private_pb_tnc_batch_t *this) { DBG1(DBG_TNC, "%u bytes insufficient to parse PB-TNC message header", data.len); - msg = pb_error_msg_create_with_offset(TRUE, IETF_VENDOR_ID, + msg = pb_error_msg_create_with_offset(TRUE, PEN_IETF, PB_ERROR_INVALID_PARAMETER, this->offset); goto fatal; } - reader = tls_reader_create(data); + reader = bio_reader_create(data); reader->read_uint8 (reader, &flags); reader->read_uint24(reader, &vendor_id); reader->read_uint32(reader, &msg_type); @@ -308,15 +310,15 @@ static status_t process_tnc_msg(private_pb_tnc_batch_t *this) if (msg_len > data.len) { DBG1(DBG_TNC, "%u bytes insufficient to parse PB-TNC message", data.len); - msg = pb_error_msg_create_with_offset(TRUE, IETF_VENDOR_ID, + msg = pb_error_msg_create_with_offset(TRUE, PEN_IETF, PB_ERROR_INVALID_PARAMETER, this->offset + 8); goto fatal; } - if (vendor_id == RESERVED_VENDOR_ID) + if (vendor_id == PEN_RESERVED) { - DBG1(DBG_TNC, "Vendor ID 0x%06x is reserved", RESERVED_VENDOR_ID); - msg = pb_error_msg_create_with_offset(TRUE, IETF_VENDOR_ID, + DBG1(DBG_TNC, "Vendor ID 0x%06x is reserved", PEN_RESERVED); + msg = pb_error_msg_create_with_offset(TRUE, PEN_IETF, PB_ERROR_INVALID_PARAMETER, this->offset + 1); goto fatal; @@ -326,19 +328,19 @@ static status_t process_tnc_msg(private_pb_tnc_batch_t *this) { DBG1(DBG_TNC, "PB-TNC message Type 0x%08x is reserved", PB_TNC_RESERVED_MSG_TYPE); - msg = pb_error_msg_create_with_offset(TRUE, IETF_VENDOR_ID, + msg = pb_error_msg_create_with_offset(TRUE, PEN_IETF, PB_ERROR_INVALID_PARAMETER, this->offset + 4); goto fatal; } - if (vendor_id != IETF_VENDOR_ID || msg_type > PB_MSG_ROOF) + if (vendor_id != PEN_IETF || msg_type > PB_MSG_ROOF) { if (msg_len < PB_TNC_HEADER_SIZE) { DBG1(DBG_TNC, "%u bytes too small for PB-TNC message length", msg_len); - msg = pb_error_msg_create_with_offset(TRUE, IETF_VENDOR_ID, + msg = pb_error_msg_create_with_offset(TRUE, PEN_IETF, PB_ERROR_INVALID_PARAMETER, this->offset + 8); goto fatal; } @@ -347,7 +349,7 @@ static status_t process_tnc_msg(private_pb_tnc_batch_t *this) { DBG1(DBG_TNC, "reject PB-TNC message (Vendor ID 0x%06x / " "Type 0x%08x)", vendor_id, msg_type); - msg = pb_error_msg_create_with_offset(TRUE, IETF_VENDOR_ID, + msg = pb_error_msg_create_with_offset(TRUE, PEN_IETF, PB_ERROR_UNSUPPORTED_MANDATORY_MSG, this->offset); goto fatal; } @@ -367,7 +369,7 @@ static status_t process_tnc_msg(private_pb_tnc_batch_t *this) DBG1(DBG_TNC, "%N message must%s have NOSKIP flag set", pb_tnc_msg_type_names, msg_type, pb_tnc_msg_infos[msg_type].has_noskip_flag ? "" : " not"); - msg = pb_error_msg_create_with_offset(TRUE, IETF_VENDOR_ID, + msg = pb_error_msg_create_with_offset(TRUE, PEN_IETF, PB_ERROR_INVALID_PARAMETER, this->offset); goto fatal; } @@ -380,7 +382,7 @@ static status_t process_tnc_msg(private_pb_tnc_batch_t *this) pb_tnc_msg_type_names, msg_type, pb_tnc_msg_infos[msg_type].exact_size ? "exactly" : "at least", pb_tnc_msg_infos[msg_type].min_size, msg_len); - msg = pb_error_msg_create_with_offset(TRUE, IETF_VENDOR_ID, + msg = pb_error_msg_create_with_offset(TRUE, PEN_IETF, PB_ERROR_INVALID_PARAMETER, this->offset); goto fatal; } @@ -393,7 +395,7 @@ static status_t process_tnc_msg(private_pb_tnc_batch_t *this) { DBG1(DBG_TNC,"reject %N message received from a PB-TNC client", pb_tnc_msg_type_names, msg_type); - msg = pb_error_msg_create_with_offset(TRUE, IETF_VENDOR_ID, + msg = pb_error_msg_create_with_offset(TRUE, PEN_IETF, PB_ERROR_INVALID_PARAMETER, this->offset); goto fatal; } @@ -415,8 +417,8 @@ static status_t process_tnc_msg(private_pb_tnc_batch_t *this) status = pb_tnc_msg->process(pb_tnc_msg, &offset); if (status == FAILED || status == VERIFY_ERROR) { - msg = pb_error_msg_create_with_offset(TRUE, IETF_VENDOR_ID, - PB_ERROR_INVALID_PARAMETER, this->offset); + msg = pb_error_msg_create_with_offset(TRUE, PEN_IETF, + PB_ERROR_INVALID_PARAMETER, this->offset + offset); this->errors->insert_last(this->errors, msg); } if (status == FAILED) diff --git a/src/libcharon/plugins/tnccs_20/messages/pb_access_recommendation_msg.c b/src/libcharon/plugins/tnccs_20/messages/pb_access_recommendation_msg.c index 41b9e31f6..fa3deddf6 100644 --- a/src/libcharon/plugins/tnccs_20/messages/pb_access_recommendation_msg.c +++ b/src/libcharon/plugins/tnccs_20/messages/pb_access_recommendation_msg.c @@ -15,8 +15,8 @@ #include "pb_access_recommendation_msg.h" -#include <tls_writer.h> -#include <tls_reader.h> +#include <bio/bio_writer.h> +#include <bio/bio_reader.h> #include <debug.h> ENUM(pb_access_recommendation_code_names, PB_REC_ACCESS_ALLOWED, PB_REC_QUARANTINED, @@ -80,10 +80,10 @@ METHOD(pb_tnc_msg_t, get_encoding, chunk_t, METHOD(pb_tnc_msg_t, build, void, private_pb_access_recommendation_msg_t *this) { - tls_writer_t *writer; + bio_writer_t *writer; /* build message */ - writer = tls_writer_create(ACCESS_RECOMMENDATION_MSG_SIZE); + writer = bio_writer_create(ACCESS_RECOMMENDATION_MSG_SIZE); writer->write_uint16(writer, ACCESS_RECOMMENDATION_RESERVED); writer->write_uint16(writer, this->recommendation); free(this->encoding.ptr); @@ -95,11 +95,11 @@ METHOD(pb_tnc_msg_t, build, void, METHOD(pb_tnc_msg_t, process, status_t, private_pb_access_recommendation_msg_t *this, u_int32_t *offset) { - tls_reader_t *reader; + bio_reader_t *reader; u_int16_t reserved; /* process message */ - reader = tls_reader_create(this->encoding); + reader = bio_reader_create(this->encoding); reader->read_uint16(reader, &reserved); reader->read_uint16(reader, &this->recommendation); reader->destroy(reader); diff --git a/src/libcharon/plugins/tnccs_20/messages/pb_assessment_result_msg.c b/src/libcharon/plugins/tnccs_20/messages/pb_assessment_result_msg.c index c91e54176..0d558c0d4 100644 --- a/src/libcharon/plugins/tnccs_20/messages/pb_assessment_result_msg.c +++ b/src/libcharon/plugins/tnccs_20/messages/pb_assessment_result_msg.c @@ -15,9 +15,10 @@ #include "pb_assessment_result_msg.h" -#include <tls_writer.h> -#include <tls_reader.h> -#include <tnc/tncifimv.h> +#include <tncifimv.h> + +#include <bio/bio_writer.h> +#include <bio/bio_reader.h> #include <debug.h> typedef struct private_pb_assessment_result_msg_t private_pb_assessment_result_msg_t; @@ -75,10 +76,10 @@ METHOD(pb_tnc_msg_t, get_encoding, chunk_t, METHOD(pb_tnc_msg_t, build, void, private_pb_assessment_result_msg_t *this) { - tls_writer_t *writer; + bio_writer_t *writer; /* build message */ - writer = tls_writer_create(ASSESSMENT_RESULT_MSG_SIZE); + writer = bio_writer_create(ASSESSMENT_RESULT_MSG_SIZE); writer->write_uint32(writer, this->assessment_result); free(this->encoding.ptr); this->encoding = writer->get_buf(writer); @@ -89,10 +90,10 @@ METHOD(pb_tnc_msg_t, build, void, METHOD(pb_tnc_msg_t, process, status_t, private_pb_assessment_result_msg_t *this, u_int32_t *offset) { - tls_reader_t *reader; + bio_reader_t *reader; /* process message */ - reader = tls_reader_create(this->encoding); + reader = bio_reader_create(this->encoding); reader->read_uint32(reader, &this->assessment_result); reader->destroy(reader); diff --git a/src/libcharon/plugins/tnccs_20/messages/pb_error_msg.c b/src/libcharon/plugins/tnccs_20/messages/pb_error_msg.c index e1755c512..03e3cec92 100644 --- a/src/libcharon/plugins/tnccs_20/messages/pb_error_msg.c +++ b/src/libcharon/plugins/tnccs_20/messages/pb_error_msg.c @@ -15,11 +15,13 @@ #include "pb_error_msg.h" -#include <debug.h> -#include <tls_writer.h> -#include <tls_reader.h> #include <tnc/tnccs/tnccs.h> +#include <bio/bio_writer.h> +#include <bio/bio_reader.h> +#include <pen/pen.h> +#include <debug.h> + ENUM(pb_tnc_error_code_names, PB_ERROR_UNEXPECTED_BATCH_TYPE, PB_ERROR_VERSION_NOT_SUPPORTED, "Unexpected Batch Type", @@ -116,10 +118,10 @@ METHOD(pb_tnc_msg_t, get_encoding, chunk_t, METHOD(pb_tnc_msg_t, build, void, private_pb_error_msg_t *this) { - tls_writer_t *writer; + bio_writer_t *writer; /* build message header */ - writer = tls_writer_create(ERROR_HEADER_SIZE); + writer = bio_writer_create(ERROR_HEADER_SIZE); writer->write_uint8 (writer, this->fatal ? ERROR_FLAG_FATAL : ERROR_FLAG_NONE); writer->write_uint24(writer, this->vendor_id); @@ -152,24 +154,25 @@ METHOD(pb_tnc_msg_t, process, status_t, { u_int8_t flags, max_version, min_version; u_int16_t reserved; - tls_reader_t *reader; + bio_reader_t *reader; if (this->encoding.len < ERROR_HEADER_SIZE) { DBG1(DBG_TNC,"%N message is shorter than header size of %u bytes", pb_tnc_msg_type_names, PB_MSG_ERROR, ERROR_HEADER_SIZE); + *offset = 0; return FAILED; } /* process message header */ - reader = tls_reader_create(this->encoding); + reader = bio_reader_create(this->encoding); reader->read_uint8 (reader, &flags); reader->read_uint24(reader, &this->vendor_id); reader->read_uint16(reader, &this->error_code); reader->read_uint16(reader, &reserved); this->fatal = (flags & ERROR_FLAG_FATAL) != ERROR_FLAG_NONE; - if (this->vendor_id == IETF_VENDOR_ID && reader->remaining(reader) == 4) + if (this->vendor_id == PEN_IETF && reader->remaining(reader) == 4) { if (this->error_code == PB_ERROR_VERSION_NOT_SUPPORTED) { diff --git a/src/libcharon/plugins/tnccs_20/messages/pb_language_preference_msg.c b/src/libcharon/plugins/tnccs_20/messages/pb_language_preference_msg.c index 9a94edf30..297cc8df7 100644 --- a/src/libcharon/plugins/tnccs_20/messages/pb_language_preference_msg.c +++ b/src/libcharon/plugins/tnccs_20/messages/pb_language_preference_msg.c @@ -15,8 +15,8 @@ #include "pb_language_preference_msg.h" -#include <tls_writer.h> -#include <tls_reader.h> +#include <bio/bio_writer.h> +#include <bio/bio_reader.h> #include <debug.h> typedef struct private_pb_language_preference_msg_t private_pb_language_preference_msg_t; diff --git a/src/libcharon/plugins/tnccs_20/messages/pb_pa_msg.c b/src/libcharon/plugins/tnccs_20/messages/pb_pa_msg.c index 8315bfb76..1c4913e5e 100644 --- a/src/libcharon/plugins/tnccs_20/messages/pb_pa_msg.c +++ b/src/libcharon/plugins/tnccs_20/messages/pb_pa_msg.c @@ -17,22 +17,12 @@ #include "pb_pa_msg.h" -#include <tls_writer.h> -#include <tls_reader.h> #include <tnc/tnccs/tnccs.h> -#include <debug.h> -ENUM(pa_tnc_subtype_names, PA_SUBTYPE_TESTING, PA_SUBTYPE_NEA_CLIENT, - "Testing", - "Operating System", - "Anti-Virus", - "Anti-Spyware", - "Anti-Malware", - "Firewall", - "IDPS", - "VPN", - "NEA Client" -); +#include <bio/bio_writer.h> +#include <bio/bio_reader.h> +#include <pen/pen.h> +#include <debug.h> typedef struct private_pb_pa_msg_t private_pb_pa_msg_t; @@ -124,10 +114,10 @@ METHOD(pb_tnc_msg_t, build, void, private_pb_pa_msg_t *this) { chunk_t msg_header; - tls_writer_t *writer; + bio_writer_t *writer; /* build message header */ - writer = tls_writer_create(64); + writer = bio_writer_create(64); writer->write_uint8 (writer, this->excl ? PA_FLAG_EXCL : PA_FLAG_NONE); writer->write_uint24(writer, this->vendor_id); writer->write_uint32(writer, this->subtype); @@ -146,10 +136,10 @@ METHOD(pb_tnc_msg_t, process, status_t, { u_int8_t flags; size_t msg_body_len; - tls_reader_t *reader; + bio_reader_t *reader; /* process message header */ - reader = tls_reader_create(this->encoding); + reader = bio_reader_create(this->encoding); reader->read_uint8 (reader, &flags); reader->read_uint24(reader, &this->vendor_id); reader->read_uint32(reader, &this->subtype); @@ -166,9 +156,9 @@ METHOD(pb_tnc_msg_t, process, status_t, } reader->destroy(reader); - if (this->vendor_id == RESERVED_VENDOR_ID) + if (this->vendor_id == PEN_RESERVED) { - DBG1(DBG_TNC, "Vendor ID 0x%06x is reserved", RESERVED_VENDOR_ID); + DBG1(DBG_TNC, "Vendor ID 0x%06x is reserved", PEN_RESERVED); *offset = 1; return FAILED; } @@ -221,12 +211,6 @@ METHOD(pb_pa_msg_t, get_exclusive_flag, bool, return this->excl; } -METHOD(pb_pa_msg_t, set_exclusive_flag, void, - private_pb_pa_msg_t *this, bool excl) -{ - this->excl = excl; -} - /** * See header */ @@ -247,7 +231,6 @@ pb_tnc_msg_t *pb_pa_msg_create_from_data(chunk_t data) .get_validator_id = _get_validator_id, .get_body = _get_body, .get_exclusive_flag = _get_exclusive_flag, - .set_exclusive_flag = _set_exclusive_flag, }, .type = PB_MSG_PA, .encoding = chunk_clone(data), @@ -261,7 +244,7 @@ pb_tnc_msg_t *pb_pa_msg_create_from_data(chunk_t data) */ pb_tnc_msg_t *pb_pa_msg_create(u_int32_t vendor_id, u_int32_t subtype, u_int16_t collector_id, u_int16_t validator_id, - chunk_t msg_body) + bool excl, chunk_t msg_body) { private_pb_pa_msg_t *this; @@ -279,13 +262,13 @@ pb_tnc_msg_t *pb_pa_msg_create(u_int32_t vendor_id, u_int32_t subtype, .get_validator_id = _get_validator_id, .get_body = _get_body, .get_exclusive_flag = _get_exclusive_flag, - .set_exclusive_flag = _set_exclusive_flag, }, .type = PB_MSG_PA, .vendor_id = vendor_id, .subtype = subtype, .collector_id = collector_id, .validator_id = validator_id, + .excl = excl, .msg_body = chunk_clone(msg_body), ); diff --git a/src/libcharon/plugins/tnccs_20/messages/pb_pa_msg.h b/src/libcharon/plugins/tnccs_20/messages/pb_pa_msg.h index 366d790f6..d9db9a1ce 100644 --- a/src/libcharon/plugins/tnccs_20/messages/pb_pa_msg.h +++ b/src/libcharon/plugins/tnccs_20/messages/pb_pa_msg.h @@ -21,32 +21,11 @@ #ifndef PB_PA_MSG_H_ #define PB_PA_MSG_H_ -typedef enum pa_tnc_subtype_t pa_tnc_subtype_t; typedef struct pb_pa_msg_t pb_pa_msg_t; #include "pb_tnc_msg.h" /** - * PA-TNC Subtypes as defined in section 3.5 of RFC 5792 - */ - enum pa_tnc_subtype_t { - PA_SUBTYPE_TESTING = 0, - PA_SUBTYPE_OPERATING_SYSTEM = 1, - PA_SUBTYPE_ANTI_VIRUS = 2, - PA_SUBTYPE_ANTI_SPYWARE = 3, - PA_SUBTYPE_ANTI_MALWARE = 4, - PA_SUBTYPE_FIREWALL = 5, - PA_SUBTYPE_IDPS = 6, - PA_SUBTYPE_VPN = 7, - PA_SUBTYPE_NEA_CLIENT = 8 -}; - -/** - * enum name for pa_tnc_subtype_t. - */ -extern enum_name_t *pa_tnc_subtype_names; - -/** * Class representing the PB-PA message type. */ struct pb_pa_msg_t { @@ -92,12 +71,6 @@ struct pb_pa_msg_t { */ bool (*get_exclusive_flag)(pb_pa_msg_t *this); - /** - * Set the exclusive flag - * - * @param excl vexclusive flag - */ - void (*set_exclusive_flag)(pb_pa_msg_t *this, bool excl); }; /** @@ -107,11 +80,12 @@ struct pb_pa_msg_t { * @param subtype PA Subtype * @param collector_id Posture Collector ID * @param validator_id Posture Validator ID + * @param excl Exclusive Flag * @param msg_body PA Message Body */ pb_tnc_msg_t *pb_pa_msg_create(u_int32_t vendor_id, u_int32_t subtype, u_int16_t collector_id, u_int16_t validator_id, - chunk_t msg_body); + bool excl, chunk_t msg_body); /** * Create an unprocessed PB-PA message from raw data diff --git a/src/libcharon/plugins/tnccs_20/messages/pb_reason_string_msg.c b/src/libcharon/plugins/tnccs_20/messages/pb_reason_string_msg.c index e361cf2b2..181ecf61b 100644 --- a/src/libcharon/plugins/tnccs_20/messages/pb_reason_string_msg.c +++ b/src/libcharon/plugins/tnccs_20/messages/pb_reason_string_msg.c @@ -15,8 +15,8 @@ #include "pb_reason_string_msg.h" -#include <tls_writer.h> -#include <tls_reader.h> +#include <bio/bio_writer.h> +#include <bio/bio_reader.h> #include <debug.h> typedef struct private_pb_reason_string_msg_t private_pb_reason_string_msg_t; @@ -81,10 +81,10 @@ METHOD(pb_tnc_msg_t, get_encoding, chunk_t, METHOD(pb_tnc_msg_t, build, void, private_pb_reason_string_msg_t *this) { - tls_writer_t *writer; + bio_writer_t *writer; /* build message */ - writer = tls_writer_create(64); + writer = bio_writer_create(64); writer->write_data32(writer, this->reason_string); writer->write_data8 (writer, this->language_code); @@ -97,10 +97,10 @@ METHOD(pb_tnc_msg_t, build, void, METHOD(pb_tnc_msg_t, process, status_t, private_pb_reason_string_msg_t *this, u_int32_t *offset) { - tls_reader_t *reader; + bio_reader_t *reader; /* process message */ - reader = tls_reader_create(this->encoding); + reader = bio_reader_create(this->encoding); if (!reader->read_data32(reader, &this->reason_string)) { DBG1(DBG_TNC, "could not parse reason string"); diff --git a/src/libcharon/plugins/tnccs_20/messages/pb_remediation_parameters_msg.c b/src/libcharon/plugins/tnccs_20/messages/pb_remediation_parameters_msg.c index 79381a7b1..d213db313 100644 --- a/src/libcharon/plugins/tnccs_20/messages/pb_remediation_parameters_msg.c +++ b/src/libcharon/plugins/tnccs_20/messages/pb_remediation_parameters_msg.c @@ -15,8 +15,8 @@ #include "pb_remediation_parameters_msg.h" -#include <tls_writer.h> -#include <tls_reader.h> +#include <bio/bio_writer.h> +#include <bio/bio_reader.h> #include <debug.h> ENUM(pb_tnc_remed_param_type_names, PB_REMEDIATION_URI, PB_REMEDIATION_STRING, @@ -106,10 +106,10 @@ METHOD(pb_tnc_msg_t, get_encoding, chunk_t, METHOD(pb_tnc_msg_t, build, void, private_pb_remediation_parameters_msg_t *this) { - tls_writer_t *writer; + bio_writer_t *writer; /* build message */ - writer = tls_writer_create(64); + writer = bio_writer_create(64); writer->write_uint32(writer, this->vendor_id); writer->write_uint32(writer, this->parameters_type); writer->write_data32(writer, this->remediation_string); @@ -124,10 +124,10 @@ METHOD(pb_tnc_msg_t, build, void, METHOD(pb_tnc_msg_t, process, status_t, private_pb_remediation_parameters_msg_t *this, u_int32_t *offset) { - tls_reader_t *reader; + bio_reader_t *reader; /* process message */ - reader = tls_reader_create(this->encoding); + reader = bio_reader_create(this->encoding); reader->read_uint32(reader, &this->vendor_id); reader->read_uint32(reader, &this->parameters_type); diff --git a/src/libcharon/plugins/tnccs_20/tnccs_20.c b/src/libcharon/plugins/tnccs_20/tnccs_20.c index 9e2081d46..606fc529b 100644 --- a/src/libcharon/plugins/tnccs_20/tnccs_20.c +++ b/src/libcharon/plugins/tnccs_20/tnccs_20.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2010 Sansar Choinyanbuu - * Copyright (C) 2010 Andreas Steffen + * Copyright (C) 2010-2011 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -26,12 +26,17 @@ #include "messages/pb_language_preference_msg.h" #include "state_machine/pb_tnc_state_machine.h" +#include <tncif_names.h> +#include <tncif_pa_subtypes.h> + +#include <tnc/tnc.h> +#include <tnc/tnccs/tnccs_manager.h> +#include <tnc/imc/imc_manager.h> +#include <tnc/imv/imv_manager.h> + #include <debug.h> -#include <daemon.h> #include <threading/mutex.h> -#include <tnc/tncif.h> -#include <tnc/tncifimv.h> -#include <tnc/tnccs/tnccs.h> +#include <pen/pen.h> typedef struct private_tnccs_20_t private_tnccs_20_t; @@ -89,18 +94,21 @@ struct private_tnccs_20_t { * Set of IMV recommendations (TNC Server only) */ recommendations_t *recs; + }; METHOD(tnccs_t, send_msg, TNC_Result, private_tnccs_20_t* this, TNC_IMCID imc_id, TNC_IMVID imv_id, + TNC_UInt32 msg_flags, TNC_BufferReference msg, TNC_UInt32 msg_len, - TNC_MessageType msg_type) + TNC_VendorID msg_vid, + TNC_MessageSubtype msg_subtype) { - TNC_MessageSubtype msg_sub_type; - TNC_VendorID msg_vendor_id; pb_tnc_msg_t *pb_tnc_msg; pb_tnc_batch_type_t batch_type; + enum_name_t *pa_subtype_names; + bool excl; if (!this->send_msg) { @@ -109,12 +117,23 @@ METHOD(tnccs_t, send_msg, TNC_Result, this->is_server ? imv_id : imc_id); return TNC_RESULT_ILLEGAL_OPERATION; } + excl = (msg_flags & TNC_MESSAGE_FLAGS_EXCLUSIVE) != 0; - msg_sub_type = msg_type & TNC_SUBTYPE_ANY; - msg_vendor_id = (msg_type >> 8) & TNC_VENDORID_ANY; + pb_tnc_msg = pb_pa_msg_create(msg_vid, msg_subtype, imc_id, imv_id, + excl, chunk_create(msg, msg_len)); - pb_tnc_msg = pb_pa_msg_create(msg_vendor_id, msg_sub_type, imc_id, imv_id, - chunk_create(msg, msg_len)); + pa_subtype_names = get_pa_subtype_names(msg_vid); + if (pa_subtype_names) + { + DBG2(DBG_TNC, "creating PB-PA message type '%N/%N' 0x%06x/0x%08x", + pen_names, msg_vid, pa_subtype_names, msg_subtype, + msg_vid, msg_subtype); + } + else + { + DBG2(DBG_TNC, "creating PB-PA message type '%N' 0x%06x/0x%08x", + pen_names, msg_vid, msg_vid, msg_subtype); + } /* adding PA message to SDATA or CDATA batch only */ batch_type = this->is_server ? PB_BATCH_SDATA : PB_BATCH_CDATA; @@ -148,27 +167,44 @@ static void handle_message(private_tnccs_20_t *this, pb_tnc_msg_t *msg) case PB_MSG_PA: { pb_pa_msg_t *pa_msg; - TNC_MessageType msg_type; - u_int32_t vendor_id, subtype; + u_int32_t msg_vid, msg_subtype; + u_int16_t imc_id, imv_id; chunk_t msg_body; + bool excl; + enum_name_t *pa_subtype_names; pa_msg = (pb_pa_msg_t*)msg; - vendor_id = pa_msg->get_vendor_id(pa_msg, &subtype); - msg_type = (vendor_id << 8) | (subtype & 0xff); + msg_vid = pa_msg->get_vendor_id(pa_msg, &msg_subtype); msg_body = pa_msg->get_body(pa_msg); + imc_id = pa_msg->get_collector_id(pa_msg); + imv_id = pa_msg->get_validator_id(pa_msg); + excl = pa_msg->get_exclusive_flag(pa_msg); - DBG2(DBG_TNC, "handling PB-PA message type 0x%08x", msg_type); + pa_subtype_names = get_pa_subtype_names(msg_vid); + if (pa_subtype_names) + { + DBG2(DBG_TNC, "handling PB-PA message type '%N/%N' 0x%06x/0x%08x", + pen_names, msg_vid, pa_subtype_names, msg_subtype, + msg_vid, msg_subtype); + } + else + { + DBG2(DBG_TNC, "handling PB-PA message type '%N' 0x%06x/0x%08x", + pen_names, msg_vid, msg_vid, msg_subtype); + } this->send_msg = TRUE; if (this->is_server) { - charon->imvs->receive_message(charon->imvs, - this->connection_id, msg_body.ptr, msg_body.len, msg_type); + tnc->imvs->receive_message(tnc->imvs, this->connection_id, + excl, msg_body.ptr, msg_body.len, + msg_vid, msg_subtype, imc_id, imv_id); } else { - charon->imcs->receive_message(charon->imcs, - this->connection_id, msg_body.ptr, msg_body.len,msg_type); + tnc->imcs->receive_message(tnc->imcs, this->connection_id, + excl, msg_body.ptr, msg_body.len, + msg_vid, msg_subtype, imv_id, imc_id); } this->send_msg = FALSE; break; @@ -205,8 +241,8 @@ static void handle_message(private_tnccs_20_t *this, pb_tnc_msg_t *msg) case PB_REC_QUARANTINED: state = TNC_CONNECTION_STATE_ACCESS_ISOLATED; } - charon->imcs->notify_connection_change(charon->imcs, - this->connection_id, state); + tnc->imcs->notify_connection_change(tnc->imcs, this->connection_id, + state); break; } case PB_MSG_REMEDIATION_PARAMETERS: @@ -231,7 +267,7 @@ static void handle_message(private_tnccs_20_t *this, pb_tnc_msg_t *msg) this->fatal_error = TRUE; } - if (vendor_id == IETF_VENDOR_ID) + if (vendor_id == PEN_IETF) { switch (error_code) { @@ -289,10 +325,10 @@ static void handle_message(private_tnccs_20_t *this, pb_tnc_msg_t *msg) reason_msg = (pb_reason_string_msg_t*)msg; reason_string = reason_msg->get_reason_string(reason_msg); language_code = reason_msg->get_language_code(reason_msg); - DBG2(DBG_TNC, "reason string is '%.*s", reason_string.len, - reason_string.ptr); - DBG2(DBG_TNC, "language code is '%.*s", language_code.len, - language_code.ptr); + DBG2(DBG_TNC, "reason string is '%.*s'", reason_string.len, + reason_string.ptr); + DBG2(DBG_TNC, "language code is '%.*s'", language_code.len, + language_code.ptr); break; } default: @@ -319,6 +355,11 @@ static void build_retry_batch(private_tnccs_20_t *this) pb_tnc_batch_type_names, this->batch->get_type(this->batch)); this->batch->destroy(this->batch); } + if (this->is_server) + { + tnc->imvs->notify_connection_change(tnc->imvs, this->connection_id, + TNC_CONNECTION_STATE_HANDSHAKE); + } this->batch = pb_tnc_batch_create(this->is_server, batch_retry_type); } @@ -333,17 +374,17 @@ METHOD(tls_t, process, status_t, if (this->is_server && !this->connection_id) { - this->connection_id = charon->tnccs->create_connection(charon->tnccs, - (tnccs_t*)this, _send_msg, + this->connection_id = tnc->tnccs->create_connection(tnc->tnccs, + TNCCS_2_0, (tnccs_t*)this, _send_msg, &this->request_handshake_retry, &this->recs); if (!this->connection_id) { return FAILED; } - charon->imvs->notify_connection_change(charon->imvs, - this->connection_id, TNC_CONNECTION_STATE_CREATE); - charon->imvs->notify_connection_change(charon->imvs, - this->connection_id, TNC_CONNECTION_STATE_HANDSHAKE); + tnc->imvs->notify_connection_change(tnc->imvs, this->connection_id, + TNC_CONNECTION_STATE_CREATE); + tnc->imvs->notify_connection_change(tnc->imvs, this->connection_id, + TNC_CONNECTION_STATE_HANDSHAKE); } data = chunk_create(buf, buflen); @@ -372,10 +413,10 @@ METHOD(tls_t, process, status_t, else if (batch_type == PB_BATCH_SRETRY) { /* Restart the measurements */ - charon->imcs->notify_connection_change(charon->imcs, + tnc->imcs->notify_connection_change(tnc->imcs, this->connection_id, TNC_CONNECTION_STATE_HANDSHAKE); this->send_msg = TRUE; - charon->imcs->begin_handshake(charon->imcs, this->connection_id); + tnc->imcs->begin_handshake(tnc->imcs, this->connection_id); this->send_msg = FALSE; } @@ -406,11 +447,11 @@ METHOD(tls_t, process, status_t, this->send_msg = TRUE; if (this->is_server) { - charon->imvs->batch_ending(charon->imvs, this->connection_id); + tnc->imvs->batch_ending(tnc->imvs, this->connection_id); } else { - charon->imcs->batch_ending(charon->imcs, this->connection_id); + tnc->imcs->batch_ending(tnc->imcs, this->connection_id); } this->send_msg = FALSE; } @@ -459,10 +500,11 @@ static void check_and_build_recommendation(private_tnccs_20_t *this) chunk_t reason, language; enumerator_t *enumerator; pb_tnc_msg_t *msg; + pb_access_recommendation_code_t pb_rec; if (!this->recs->have_recommendation(this->recs, &rec, &eval)) { - charon->imvs->solicit_recommendation(charon->imvs, this->connection_id); + tnc->imvs->solicit_recommendation(tnc->imvs, this->connection_id); } if (this->recs->have_recommendation(this->recs, &rec, &eval)) { @@ -472,10 +514,22 @@ static void check_and_build_recommendation(private_tnccs_20_t *this) this->batch->add_msg(this->batch, msg); /** - * IMV Action Recommendation and PB Access Recommendation codes - * are shifted by one. + * Map IMV Action Recommendation codes to PB Access Recommendation codes */ - msg = pb_access_recommendation_msg_create(rec + 1); + switch (rec) + { + case TNC_IMV_ACTION_RECOMMENDATION_ALLOW: + pb_rec = PB_REC_ACCESS_ALLOWED; + break; + case TNC_IMV_ACTION_RECOMMENDATION_ISOLATE: + pb_rec = PB_REC_QUARANTINED; + break; + case TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS: + case TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION: + default: + pb_rec = PB_REC_ACCESS_DENIED; + } + msg = pb_access_recommendation_msg_create(pb_rec); this->batch->add_msg(this->batch, msg); enumerator = this->recs->create_reason_enumerator(this->recs); @@ -485,6 +539,7 @@ static void check_and_build_recommendation(private_tnccs_20_t *this) this->batch->add_msg(this->batch, msg); } enumerator->destroy(enumerator); + this->recs->clear_reasons(this->recs); } } @@ -500,8 +555,8 @@ METHOD(tls_t, build, status_t, pb_tnc_msg_t *msg; char *pref_lang; - this->connection_id = charon->tnccs->create_connection(charon->tnccs, - (tnccs_t*)this, _send_msg, + this->connection_id = tnc->tnccs->create_connection(tnc->tnccs, + TNCCS_2_0, (tnccs_t*)this, _send_msg, &this->request_handshake_retry, NULL); if (!this->connection_id) { @@ -509,7 +564,7 @@ METHOD(tls_t, build, status_t, } /* Create PB-TNC Language Preference message */ - pref_lang = charon->imcs->get_preferred_language(charon->imcs); + pref_lang = tnc->imcs->get_preferred_language(tnc->imcs); msg = pb_language_preference_msg_create(chunk_create(pref_lang, strlen(pref_lang))); this->mutex->lock(this->mutex); @@ -517,12 +572,12 @@ METHOD(tls_t, build, status_t, this->batch->add_msg(this->batch, msg); this->mutex->unlock(this->mutex); - charon->imcs->notify_connection_change(charon->imcs, - this->connection_id, TNC_CONNECTION_STATE_CREATE); - charon->imcs->notify_connection_change(charon->imcs, - this->connection_id, TNC_CONNECTION_STATE_HANDSHAKE); + tnc->imcs->notify_connection_change(tnc->imcs, this->connection_id, + TNC_CONNECTION_STATE_CREATE); + tnc->imcs->notify_connection_change(tnc->imcs, this->connection_id, + TNC_CONNECTION_STATE_HANDSHAKE); this->send_msg = TRUE; - charon->imcs->begin_handshake(charon->imcs, this->connection_id); + tnc->imcs->begin_handshake(tnc->imcs, this->connection_id); this->send_msg = FALSE; } @@ -639,7 +694,7 @@ METHOD(tls_t, is_complete, bool, if (this->recs && this->recs->have_recommendation(this->recs, &rec, &eval)) { - return charon->imvs->enforce_recommendation(charon->imvs, rec, eval); + return tnc->imvs->enforce_recommendation(tnc->imvs, rec, eval); } else { @@ -656,8 +711,8 @@ METHOD(tls_t, get_eap_msk, chunk_t, METHOD(tls_t, destroy, void, private_tnccs_20_t *this) { - charon->tnccs->remove_connection(charon->tnccs, this->connection_id, - this->is_server); + tnc->tnccs->remove_connection(tnc->tnccs, this->connection_id, + this->is_server); this->state_machine->destroy(this->state_machine); this->mutex->destroy(this->mutex); DESTROY_IF(this->batch); diff --git a/src/libcharon/plugins/tnccs_20/tnccs_20_plugin.c b/src/libcharon/plugins/tnccs_20/tnccs_20_plugin.c index e6dc699e6..4f419ecf0 100644 --- a/src/libcharon/plugins/tnccs_20/tnccs_20_plugin.c +++ b/src/libcharon/plugins/tnccs_20/tnccs_20_plugin.c @@ -16,7 +16,7 @@ #include "tnccs_20_plugin.h" #include "tnccs_20.h" -#include <daemon.h> +#include <tnc/tnccs/tnccs_manager.h> METHOD(plugin_t, get_name, char*, tnccs_20_plugin_t *this) @@ -24,11 +24,23 @@ METHOD(plugin_t, get_name, char*, return "tnccs-20"; } +METHOD(plugin_t, get_features, int, + tnccs_20_plugin_t *this, plugin_feature_t *features[]) +{ + static plugin_feature_t f[] = { + PLUGIN_CALLBACK(tnccs_method_register, tnccs_20_create), + PLUGIN_PROVIDE(CUSTOM, "tnccs-2.0"), + PLUGIN_DEPENDS(EAP_SERVER, EAP_TNC), + PLUGIN_DEPENDS(EAP_PEER, EAP_TNC), + PLUGIN_DEPENDS(CUSTOM, "tnccs-manager"), + }; + *features = f; + return countof(f); +} + METHOD(plugin_t, destroy, void, tnccs_20_plugin_t *this) { - charon->tnccs->remove_method(charon->tnccs, - (tnccs_constructor_t)tnccs_20_create); free(this); } @@ -42,14 +54,11 @@ plugin_t *tnccs_20_plugin_create() INIT(this, .plugin = { .get_name = _get_name, - .reload = (void*)return_false, + .get_features = _get_features, .destroy = _destroy, }, ); - charon->tnccs->add_method(charon->tnccs, TNCCS_2_0, - (tnccs_constructor_t)tnccs_20_create); - return &this->plugin; } |