diff options
Diffstat (limited to 'src/libimcv/imv')
-rw-r--r-- | src/libimcv/imv/imv_agent.c | 792 | ||||
-rw-r--r-- | src/libimcv/imv/imv_agent.h | 197 | ||||
-rw-r--r-- | src/libimcv/imv/imv_state.h | 111 |
3 files changed, 1100 insertions, 0 deletions
diff --git a/src/libimcv/imv/imv_agent.c b/src/libimcv/imv/imv_agent.c new file mode 100644 index 000000000..56131c547 --- /dev/null +++ b/src/libimcv/imv/imv_agent.c @@ -0,0 +1,792 @@ +/* + * Copyright (C) 2011 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "imcv.h" +#include "imv_agent.h" + +#include <tncif_names.h> + +#include <debug.h> +#include <utils/linked_list.h> +#include <threading/rwlock.h> + +typedef struct private_imv_agent_t private_imv_agent_t; + +/** + * Private data of an imv_agent_t object. + */ +struct private_imv_agent_t { + + /** + * Public members of imv_agent_t + */ + imv_agent_t public; + + /** + * name of IMV + */ + const char *name; + + /** + * message vendor ID of IMV + */ + TNC_VendorID vendor_id; + + /** + * message subtype of IMV + */ + TNC_MessageSubtype subtype; + + /** + * ID of IMV as assigned by TNCS + */ + TNC_IMVID id; + + /** + * List of additional IMV IDs assigned by TNCS + */ + linked_list_t *additional_ids; + + /** + * list of TNCS connection entries + */ + linked_list_t *connections; + + /** + * rwlock to lock TNCS connection entries + */ + rwlock_t *connection_lock; + + /** + * Inform a TNCS about the set of message types the IMV is able to receive + * + * @param imv_id IMV ID assigned by TNCS + * @param supported_types list of supported message types + * @param type_count number of list elements + * @return TNC result code + */ + TNC_Result (*report_message_types)(TNC_IMVID imv_id, + TNC_MessageTypeList supported_types, + TNC_UInt32 type_count); + + /** + * Inform a TNCS about the set of message types the IMV is able to receive + * + * @param imv_id IMV ID assigned by TNCS + * @param supported_vids list of supported message vendor IDs + * @param supported_subtypes list of supported message subtypes + * @param type_count number of list elements + * @return TNC result code + */ + TNC_Result (*report_message_types_long)(TNC_IMVID imv_id, + TNC_VendorIDList supported_vids, + TNC_MessageSubtypeList supported_subtypes, + TNC_UInt32 type_count); + + /** + * Call when an IMV-IMC message is to be sent + * + * @param imv_id IMV ID assigned by TNCS + * @param connection_id network connection ID assigned by TNCS + * @param msg message to send + * @param msg_len message length in bytes + * @param msg_type message type + * @return TNC result code + */ + TNC_Result (*send_message)(TNC_IMVID imv_id, + TNC_ConnectionID connection_id, + TNC_BufferReference msg, + TNC_UInt32 msg_len, + TNC_MessageType msg_type); + + /** + * Call when an IMV-IMC message is to be sent with long message types + * + * @param imv_id IMV ID assigned by TNCS + * @param connection_id network connection ID assigned by TNCS + * @param msg_flags message flags + * @param msg message to send + * @param msg_len message length in bytes + * @param msg_vid message vendor ID + * @param msg_subtype message subtype + * @param dst_imc_id destination IMC ID + * @return TNC result code + */ + TNC_Result (*send_message_long)(TNC_IMVID imv_id, + TNC_ConnectionID connection_id, + TNC_UInt32 msg_flags, + TNC_BufferReference msg, + TNC_UInt32 msg_len, + TNC_VendorID msg_vid, + TNC_MessageSubtype msg_subtype, + TNC_UInt32 dst_imc_id); + + /** + * Deliver IMV Action Recommendation and IMV Evaluation Results to the TNCS + * + * @param imv_id IMV ID assigned by TNCS + # @param connection_id network connection ID assigned by TNCS + * @param rec IMV action recommendation + * @param eval IMV evaluation result + * @return TNC result code + */ + TNC_Result (*provide_recommendation)(TNC_IMVID imv_id, + TNC_ConnectionID connection_id, + TNC_IMV_Action_Recommendation rec, + TNC_IMV_Evaluation_Result eval); + + /** + * Get the value of an attribute associated with a connection + * or with the TNCS as a whole. + * + * @param imv_id IMV ID assigned by TNCS + * @param connection_id network connection ID assigned by TNCS + * @param attribute_id attribute ID + * @param buffer_len length of buffer in bytes + * @param buffer buffer + * @param out_value_len size in bytes of attribute stored in buffer + * @return TNC result code + */ + TNC_Result (*get_attribute)(TNC_IMVID imv_id, + TNC_ConnectionID connection_id, + TNC_AttributeID attribute_id, + TNC_UInt32 buffer_len, + TNC_BufferReference buffer, + TNC_UInt32 *out_value_len); + + /** + * Set the value of an attribute associated with a connection + * or with the TNCS as a whole. + * + * @param imv_id IMV ID assigned by TNCS + * @param connection_id network connection ID assigned by TNCS + * @param attribute_id attribute ID + * @param buffer_len length of buffer in bytes + * @param buffer buffer + * @return TNC result code + */ + TNC_Result (*set_attribute)(TNC_IMVID imv_id, + TNC_ConnectionID connection_id, + TNC_AttributeID attribute_id, + TNC_UInt32 buffer_len, + TNC_BufferReference buffer); + + /** + * Reserve an additional IMV ID + * + * @param imv_id primary IMV ID assigned by TNCS + * @param out_imv_id additional IMV ID assigned by TNCS + * @return TNC result code + */ + TNC_Result (*reserve_additional_id)(TNC_IMVID imv_id, + TNC_UInt32 *out_imv_id); + +}; + +METHOD(imv_agent_t, bind_functions, TNC_Result, + private_imv_agent_t *this, TNC_TNCS_BindFunctionPointer bind_function) +{ + if (!bind_function) + { + DBG1(DBG_IMV, "TNC server failed to provide bind function"); + return TNC_RESULT_INVALID_PARAMETER; + } + if (bind_function(this->id, "TNC_TNCS_ReportMessageTypes", + (void**)&this->report_message_types) != TNC_RESULT_SUCCESS) + { + this->report_message_types = NULL; + } + if (bind_function(this->id, "TNC_TNCS_ReportMessageTypesLong", + (void**)&this->report_message_types_long) != TNC_RESULT_SUCCESS) + { + this->report_message_types_long = NULL; + } + if (bind_function(this->id, "TNC_TNCS_RequestHandshakeRetry", + (void**)&this->public.request_handshake_retry) != TNC_RESULT_SUCCESS) + { + this->public.request_handshake_retry = NULL; + } + if (bind_function(this->id, "TNC_TNCS_SendMessage", + (void**)&this->send_message) != TNC_RESULT_SUCCESS) + { + this->send_message = NULL; + } + if (bind_function(this->id, "TNC_TNCS_SendMessageLong", + (void**)&this->send_message_long) != TNC_RESULT_SUCCESS) + { + this->send_message_long = NULL; + } + if (bind_function(this->id, "TNC_TNCS_ProvideRecommendation", + (void**)&this->provide_recommendation) != TNC_RESULT_SUCCESS) + { + this->provide_recommendation = NULL; + } + if (bind_function(this->id, "TNC_TNCS_GetAttribute", + (void**)&this->get_attribute) != TNC_RESULT_SUCCESS) + { + this->get_attribute = NULL; + } + if (bind_function(this->id, "TNC_TNCS_SetAttribute", + (void**)&this->set_attribute) != TNC_RESULT_SUCCESS) + { + this->set_attribute = NULL; + } + if (bind_function(this->id, "TNC_TNCC_ReserveAdditionalIMVID", + (void**)&this->reserve_additional_id) != TNC_RESULT_SUCCESS) + { + this->reserve_additional_id = NULL; + } + DBG2(DBG_IMV, "IMV %u \"%s\" provided with bind function", + this->id, this->name); + + if (this->report_message_types_long) + { + this->report_message_types_long(this->id, &this->vendor_id, + &this->subtype, 1); + } + else if (this->report_message_types && + this->vendor_id <= TNC_VENDORID_ANY && + this->subtype <= TNC_SUBTYPE_ANY) + { + TNC_MessageType type; + + type = (this->vendor_id << 8) | this->subtype; + this->report_message_types(this->id, &type, 1); + } + return TNC_RESULT_SUCCESS; +} + +/** + * finds a connection state based on its Connection ID + */ +static imv_state_t* find_connection(private_imv_agent_t *this, + TNC_ConnectionID id) +{ + enumerator_t *enumerator; + imv_state_t *state, *found = NULL; + + this->connection_lock->read_lock(this->connection_lock); + enumerator = this->connections->create_enumerator(this->connections); + while (enumerator->enumerate(enumerator, &state)) + { + if (id == state->get_connection_id(state)) + { + found = state; + break; + } + } + enumerator->destroy(enumerator); + this->connection_lock->unlock(this->connection_lock); + + return found; +} + +/** + * delete a connection state with a given Connection ID + */ +static bool delete_connection(private_imv_agent_t *this, TNC_ConnectionID id) +{ + enumerator_t *enumerator; + imv_state_t *state; + bool found = FALSE; + + this->connection_lock->write_lock(this->connection_lock); + enumerator = this->connections->create_enumerator(this->connections); + while (enumerator->enumerate(enumerator, &state)) + { + if (id == state->get_connection_id(state)) + { + found = TRUE; + state->destroy(state); + this->connections->remove_at(this->connections, enumerator); + break; + } + } + enumerator->destroy(enumerator); + this->connection_lock->unlock(this->connection_lock); + + return found; +} + +/** + * Read a boolean attribute + */ +static bool get_bool_attribute(private_imv_agent_t *this, TNC_ConnectionID id, + TNC_AttributeID attribute_id) +{ + TNC_UInt32 len; + char buf[4]; + + return this->get_attribute && + this->get_attribute(this->id, id, attribute_id, 4, buf, &len) == + TNC_RESULT_SUCCESS && len == 1 && *buf == 0x01; + } + +/** + * Read a string attribute + */ +static char* get_str_attribute(private_imv_agent_t *this, TNC_ConnectionID id, + TNC_AttributeID attribute_id) +{ + TNC_UInt32 len; + char buf[BUF_LEN]; + + if (this->get_attribute && + this->get_attribute(this->id, id, attribute_id, BUF_LEN, buf, &len) == + TNC_RESULT_SUCCESS && len <= BUF_LEN) + { + return strdup(buf); + } + return NULL; + } + +METHOD(imv_agent_t, create_state, TNC_Result, + private_imv_agent_t *this, imv_state_t *state) +{ + TNC_ConnectionID conn_id; + char *tnccs_p = NULL, *tnccs_v = NULL, *t_p = NULL, *t_v = NULL; + bool has_long = FALSE, has_excl = FALSE, has_soh = FALSE; + + conn_id = state->get_connection_id(state); + if (find_connection(this, conn_id)) + { + DBG1(DBG_IMV, "IMV %u \"%s\" already created a state for Connection ID %u", + this->id, this->name, conn_id); + state->destroy(state); + return TNC_RESULT_OTHER; + } + + /* Get and display attributes from TNCS via IF-IMV */ + has_long = get_bool_attribute(this, conn_id, TNC_ATTRIBUTEID_HAS_LONG_TYPES); + has_excl = get_bool_attribute(this, conn_id, TNC_ATTRIBUTEID_HAS_EXCLUSIVE); + has_soh = get_bool_attribute(this, conn_id, TNC_ATTRIBUTEID_HAS_SOH); + tnccs_p = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFTNCCS_PROTOCOL); + tnccs_v = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFTNCCS_VERSION); + t_p = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFT_PROTOCOL); + t_v = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFT_VERSION); + + state->set_flags(state, has_long, has_excl); + + DBG2(DBG_IMV, "IMV %u \"%s\" created a state for Connection ID %u: " + "%s %s with %slong %sexcl %ssoh over %s %s", + this->id, this->name, conn_id, tnccs_p ? tnccs_p:"?", + tnccs_v ? tnccs_v:"?", has_long ? "+":"-", has_excl ? "+":"-", + has_soh ? "+":"-", t_p ? t_p:"?", t_v ? t_v :"?"); + free(tnccs_p); + free(tnccs_v); + free(t_p); + free(t_v); + + this->connection_lock->write_lock(this->connection_lock); + this->connections->insert_last(this->connections, state); + this->connection_lock->unlock(this->connection_lock); + return TNC_RESULT_SUCCESS; +} + +METHOD(imv_agent_t, delete_state, TNC_Result, + private_imv_agent_t *this, TNC_ConnectionID connection_id) +{ + if (!delete_connection(this, connection_id)) + { + DBG1(DBG_IMV, "IMV %u \"%s\" has no state for Connection ID %u", + this->id, this->name, connection_id); + return TNC_RESULT_FATAL; + } + DBG2(DBG_IMV, "IMV %u \"%s\" deleted the state of Connection ID %u", + this->id, this->name, connection_id); + return TNC_RESULT_SUCCESS; +} + +METHOD(imv_agent_t, change_state, TNC_Result, + private_imv_agent_t *this, TNC_ConnectionID connection_id, + TNC_ConnectionState new_state, + imv_state_t **state_p) +{ + imv_state_t *state; + + switch (new_state) + { + case TNC_CONNECTION_STATE_HANDSHAKE: + case TNC_CONNECTION_STATE_ACCESS_ALLOWED: + case TNC_CONNECTION_STATE_ACCESS_ISOLATED: + case TNC_CONNECTION_STATE_ACCESS_NONE: + state = find_connection(this, connection_id); + if (!state) + { + DBG1(DBG_IMV, "IMV %u \"%s\" has no state for Connection ID %u", + this->id, this->name, connection_id); + return TNC_RESULT_FATAL; + } + state->change_state(state, new_state); + DBG2(DBG_IMV, "IMV %u \"%s\" changed state of Connection ID %u to '%N'", + this->id, this->name, connection_id, + TNC_Connection_State_names, new_state); + if (state_p) + { + *state_p = state; + } + break; + case TNC_CONNECTION_STATE_CREATE: + DBG1(DBG_IMV, "state '%N' should be handled by create_state()", + TNC_Connection_State_names, new_state); + return TNC_RESULT_FATAL; + case TNC_CONNECTION_STATE_DELETE: + DBG1(DBG_IMV, "state '%N' should be handled by delete_state()", + TNC_Connection_State_names, new_state); + return TNC_RESULT_FATAL; + default: + DBG1(DBG_IMV, "IMV %u \"%s\" was notified of unknown state %u " + "for Connection ID %u", + this->id, this->name, new_state, connection_id); + return TNC_RESULT_INVALID_PARAMETER; + } + return TNC_RESULT_SUCCESS; +} + +METHOD(imv_agent_t, get_state, bool, + private_imv_agent_t *this, TNC_ConnectionID connection_id, + imv_state_t **state) +{ + *state = find_connection(this, connection_id); + if (!*state) + { + DBG1(DBG_IMV, "IMV %u \"%s\" has no state for Connection ID %u", + this->id, this->name, connection_id); + return FALSE; + } + return TRUE; +} + +METHOD(imv_agent_t, send_message, TNC_Result, + private_imv_agent_t *this, TNC_ConnectionID connection_id, bool excl, + TNC_UInt32 src_imv_id, TNC_UInt32 dst_imc_id, chunk_t msg) +{ + TNC_MessageType type; + TNC_UInt32 msg_flags; + imv_state_t *state; + + state = find_connection(this, connection_id); + if (!state) + { + DBG1(DBG_IMV, "IMV %u \"%s\" has no state for Connection ID %u", + this->id, this->name, connection_id); + return TNC_RESULT_FATAL; + } + + if (state->has_long(state) && this->send_message_long) + { + if (!src_imv_id) + { + src_imv_id = this->id; + } + msg_flags = excl ? TNC_MESSAGE_FLAGS_EXCLUSIVE : 0; + + return this->send_message_long(src_imv_id, connection_id, msg_flags, + msg.ptr, msg.len, this->vendor_id, + this->subtype, dst_imc_id); + } + if (this->send_message) + { + type = (this->vendor_id << 8) | this->subtype; + + return this->send_message(this->id, connection_id, msg.ptr, msg.len, + type); + } + return TNC_RESULT_FATAL; +} + +METHOD(imv_agent_t, set_recommendation, TNC_Result, + private_imv_agent_t *this, TNC_ConnectionID connection_id, + TNC_IMV_Action_Recommendation rec, + TNC_IMV_Evaluation_Result eval) +{ + imv_state_t *state; + + state = find_connection(this, connection_id); + if (!state) + { + DBG1(DBG_IMV, "IMV %u \"%s\" has no state for Connection ID %u", + this->id, this->name, connection_id); + return TNC_RESULT_FATAL; + } + + state->set_recommendation(state, rec, eval); + return this->provide_recommendation(this->id, connection_id, rec, eval); +} + +METHOD(imv_agent_t, receive_message, TNC_Result, + private_imv_agent_t *this, imv_state_t *state, chunk_t msg, + TNC_VendorID msg_vid, TNC_MessageSubtype msg_subtype, + TNC_UInt32 src_imc_id, TNC_UInt32 dst_imv_id, pa_tnc_msg_t **pa_tnc_msg) +{ + pa_tnc_msg_t *pa_msg, *error_msg; + pa_tnc_attr_t *error_attr; + enumerator_t *enumerator; + TNC_MessageType msg_type; + TNC_UInt32 msg_flags, src_imv_id, dst_imc_id; + TNC_ConnectionID connection_id; + TNC_Result result; + + connection_id = state->get_connection_id(state); + + if (state->has_long(state)) + { + if (dst_imv_id != TNC_IMVID_ANY) + { + DBG2(DBG_IMV, "IMV %u \"%s\" received message for Connection ID %u " + "from IMC %u to IMV %u", this->id, this->name, + connection_id, src_imc_id, dst_imv_id); + } + else + { + DBG2(DBG_IMV, "IMV %u \"%s\" received message for Connection ID %u " + "from IMC %u", this->id, this->name, connection_id, + src_imc_id); + } + } + else + { + DBG2(DBG_IMV, "IMV %u \"%s\" received message for Connection ID %u", + this->id, this->name, connection_id); + } + + *pa_tnc_msg = NULL; + pa_msg = pa_tnc_msg_create_from_data(msg); + + switch (pa_msg->process(pa_msg)) + { + case SUCCESS: + *pa_tnc_msg = pa_msg; + break; + case VERIFY_ERROR: + /* build error message */ + error_msg = pa_tnc_msg_create(); + enumerator = pa_msg->create_error_enumerator(pa_msg); + while (enumerator->enumerate(enumerator, &error_attr)) + { + error_msg->add_attribute(error_msg, + error_attr->get_ref(error_attr)); + } + enumerator->destroy(enumerator); + error_msg->build(error_msg); + + /* send error message */ + msg = error_msg->get_encoding(error_msg); + + if (state->has_long(state) && this->send_message_long) + { + if (state->has_excl(state)) + { + msg_flags = TNC_MESSAGE_FLAGS_EXCLUSIVE; + dst_imc_id = src_imc_id; + } + else + { + msg_flags = 0; + dst_imc_id = TNC_IMCID_ANY; + } + src_imv_id = (dst_imv_id == TNC_IMVID_ANY) ? this->id + : dst_imv_id; + + result = this->send_message_long(src_imv_id, connection_id, + msg_flags, msg.ptr, msg.len, msg_vid, + msg_subtype, dst_imc_id); + } + else if (this->send_message) + { + msg_type = (msg_vid << 8) | msg_subtype; + + result = this->send_message(this->id, connection_id, + msg.ptr, msg.len, msg_type); + } + else + { + result = TNC_RESULT_FATAL; + } + + /* clean up */ + error_msg->destroy(error_msg); + pa_msg->destroy(pa_msg); + return result; + case FAILED: + default: + pa_msg->destroy(pa_msg); + state->set_recommendation(state, + TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION, + TNC_IMV_EVALUATION_RESULT_ERROR); + return this->provide_recommendation(this->id, connection_id, + TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION, + TNC_IMV_EVALUATION_RESULT_ERROR); + } + return TNC_RESULT_SUCCESS; +} + +METHOD(imv_agent_t, provide_recommendation, TNC_Result, + private_imv_agent_t *this, TNC_ConnectionID connection_id) +{ + imv_state_t *state; + TNC_IMV_Action_Recommendation rec; + TNC_IMV_Evaluation_Result eval; + TNC_UInt32 lang_len; + char buf[BUF_LEN]; + chunk_t pref_lang = { buf, 0 }, reason_string, reason_lang; + + state = find_connection(this, connection_id); + if (!state) + { + DBG1(DBG_IMV, "IMV %u \"%s\" has no state for Connection ID %u", + this->id, this->name, connection_id); + return TNC_RESULT_FATAL; + } + state->get_recommendation(state, &rec, &eval); + + + /* send a reason string if action recommendation is not allow */ + if (rec != TNC_IMV_ACTION_RECOMMENDATION_ALLOW) + { + /* check if there a preferred language has been requested */ + if (this->get_attribute && + this->get_attribute(this->id, connection_id, + TNC_ATTRIBUTEID_PREFERRED_LANGUAGE, BUF_LEN, + buf, &lang_len) == TNC_RESULT_SUCCESS && + lang_len <= BUF_LEN) + { + pref_lang.len = lang_len; + DBG2(DBG_IMV, "preferred language is '%.*s'", + pref_lang.len, pref_lang.ptr); + } + + /* find a reason string for the preferred or default language and set it */ + if (this->set_attribute && + state->get_reason_string(state, pref_lang, &reason_string, + &reason_lang)) + { + this->set_attribute(this->id, connection_id, + TNC_ATTRIBUTEID_REASON_STRING, + reason_string.len, reason_string.ptr); + this->set_attribute(this->id, connection_id, + TNC_ATTRIBUTEID_REASON_LANGUAGE, + reason_lang.len, reason_lang.ptr); + } + } + + return this->provide_recommendation(this->id, connection_id, rec, eval); +} + +METHOD(imv_agent_t, reserve_additional_ids, TNC_Result, + private_imv_agent_t *this, int count) +{ + TNC_Result result; + TNC_UInt32 id; + void *pointer; + + if (!this->reserve_additional_id) + { + DBG1(DBG_IMV, "IMV %u \"%s\" did not detect the capability to reserve " + "additional IMV IDs from the TNCS", this->id, this->name); + return TNC_RESULT_ILLEGAL_OPERATION; + } + while (count > 0) + { + result = this->reserve_additional_id(this->id, &id); + if (result != TNC_RESULT_SUCCESS) + { + DBG1(DBG_IMV, "IMV %u \"%s\" failed to reserve %d additional IMV IDs", + this->id, this->name, count); + return result; + } + count--; + + /* store the scalar value in the pointer */ + pointer = (void*)id; + this->additional_ids->insert_last(this->additional_ids, pointer); + DBG2(DBG_IMV, "IMV %u \"%s\" reserved additional ID %u", + this->id, this->name, id); + } + return TNC_RESULT_SUCCESS; +} + +METHOD(imv_agent_t, count_additional_ids, int, + private_imv_agent_t *this) +{ + return this->additional_ids->get_count(this->additional_ids); +} + +METHOD(imv_agent_t, create_id_enumerator, enumerator_t*, + private_imv_agent_t *this) +{ + return this->additional_ids->create_enumerator(this->additional_ids); +} + +METHOD(imv_agent_t, destroy, void, + private_imv_agent_t *this) +{ + DBG1(DBG_IMV, "IMV %u \"%s\" terminated", this->id, this->name); + this->additional_ids->destroy(this->additional_ids); + this->connections->destroy_offset(this->connections, + offsetof(imv_state_t, destroy)); + this->connection_lock->destroy(this->connection_lock); + free(this); + + /* decrease the reference count or terminate */ + libimcv_deinit(); +} + +/** + * Described in header. + */ +imv_agent_t *imv_agent_create(const char *name, + pen_t vendor_id, u_int32_t subtype, + TNC_IMVID id, TNC_Version *actual_version) +{ + private_imv_agent_t *this; + + /* initialize or increase the reference count */ + if (!libimcv_init()) + { + return NULL; + } + + INIT(this, + .public = { + .bind_functions = _bind_functions, + .create_state = _create_state, + .delete_state = _delete_state, + .change_state = _change_state, + .get_state = _get_state, + .send_message = _send_message, + .receive_message = _receive_message, + .set_recommendation = _set_recommendation, + .provide_recommendation = _provide_recommendation, + .reserve_additional_ids = _reserve_additional_ids, + .count_additional_ids = _count_additional_ids, + .create_id_enumerator = _create_id_enumerator, + .destroy = _destroy, + }, + .name = name, + .vendor_id = vendor_id, + .subtype = subtype, + .id = id, + .additional_ids = linked_list_create(), + .connections = linked_list_create(), + .connection_lock = rwlock_create(RWLOCK_TYPE_DEFAULT), + ); + + *actual_version = TNC_IFIMV_VERSION_1; + DBG1(DBG_IMV, "IMV %u \"%s\" initialized", this->id, this->name); + + return &this->public; +} + + diff --git a/src/libimcv/imv/imv_agent.h b/src/libimcv/imv/imv_agent.h new file mode 100644 index 000000000..de70f3bc1 --- /dev/null +++ b/src/libimcv/imv/imv_agent.h @@ -0,0 +1,197 @@ +/* + * Copyright (C) 2011 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * + * @defgroup imv_agent_t imv_agent + * @{ @ingroup imv_agent + */ + +#ifndef IMV_AGENT_H_ +#define IMV_AGENT_H_ + +#include "imv_state.h" +#include "pa_tnc/pa_tnc_msg.h" + +#include <tncifimv.h> +#include <pen/pen.h> + +#include <library.h> + +typedef struct imv_agent_t imv_agent_t; + +/** + * Core functions of an Integrity Measurement Verifier (IMV) + */ +struct imv_agent_t { + + /** + * Ask a TNCS to retry an Integrity Check Handshake + * + * @param imv_id IMV ID assigned by TNCS + * @param connection_id network connection ID assigned by TNCS + * @param reason IMV retry reason + * @return TNC result code + */ + TNC_Result (*request_handshake_retry)(TNC_IMVID imv_id, + TNC_ConnectionID connection_id, + TNC_RetryReason reason); + + /** + * Bind TNCS functions + * + * @param bind_function function offered by the TNCS + * @return TNC result code + */ + TNC_Result (*bind_functions)(imv_agent_t *this, + TNC_TNCS_BindFunctionPointer bind_function); + + /** + * Create the IMV state for a TNCCS connection instance + * + * @param state internal IMV state instance + * @return TNC result code + */ + TNC_Result (*create_state)(imv_agent_t *this, imv_state_t *state); + + /** + * Delete the IMV state for a TNCCS connection instance + * + * @param connection_id network connection ID assigned by TNCS + * @return TNC result code + */ + TNC_Result (*delete_state)(imv_agent_t *this, + TNC_ConnectionID connection_id); + + /** + * Change the current state of a TNCCS connection + * + * @param connection_id network connection ID assigned by TNCS + * @param new_state new state of TNCCS connection + * @param state_p internal IMV state instance [optional argument] + * @return TNC result code + */ + TNC_Result (*change_state)(imv_agent_t *this, + TNC_ConnectionID connection_id, + TNC_ConnectionState new_state, + imv_state_t **state_p); + + /** + * Get the IMV state for a TNCCS connection instance + * + * @param connection_id network connection ID assigned by TNCS + * @param state internal IMV state instance + * @return TRUE if the state was found + */ + bool (*get_state)(imv_agent_t *this, + TNC_ConnectionID connection_id, imv_state_t **state); + + /** + * Call when a PA-TNC message is to be sent + * + * @param connection_id network connection ID assigned by TNCS + * @param excl exclusive flag + * @param src_imv_id IMV ID to be set as source + * @param dst_imc_id IMD ID to be set as destination + * @param msg message to send + * @return TNC result code + */ + TNC_Result (*send_message)(imv_agent_t *this, + TNC_ConnectionID connection_id, bool excl, + TNC_UInt32 src_imv_id, TNC_UInt32 dst_imc_id, + chunk_t msg); + + /** + * Call when a PA-TNC message was received + * + * @param state state for current connection + * @param msg received unparsed message + * @param msg_vid message vendorID of the received message + * @param msg_subtype message subtype of the received message + * @param src_imc_id source IMC ID + * @param dst_imv_id destination IMV ID + * @param pa_tnc_message parsed PA-TNC message or NULL if an error occurred + * @return TNC result code + */ + TNC_Result (*receive_message)(imv_agent_t *this, + imv_state_t *state, chunk_t msg, + TNC_VendorID msg_vid, + TNC_MessageSubtype msg_subtype, + TNC_UInt32 src_imc_id, + TNC_UInt32 dst_imv_id, + pa_tnc_msg_t **pa_tnc_msg); + + /** + * Set Action Recommendation and Evaluation Result in the IMV state + * + * @param connection_id network connection ID assigned by TNCS + * @param rec IMV action recommendation + * @param eval IMV evaluation result + * @return TNC result code + */ + TNC_Result (*set_recommendation)(imv_agent_t *this, + TNC_ConnectionID connection_id, + TNC_IMV_Action_Recommendation rec, + TNC_IMV_Evaluation_Result eval); + + /** + * Deliver IMV Action Recommendation and IMV Evaluation Result to the TNCS + * + * @param connection_id network connection ID assigned by TNCS + * @return TNC result code + */ + TNC_Result (*provide_recommendation)(imv_agent_t *this, + TNC_ConnectionID connection_id); + + /** + * Reserve additional IMV IDs from TNCS + * + * @param count number of additional IMV IDs to be assigned + * @return TNC result code + */ + TNC_Result (*reserve_additional_ids)(imv_agent_t *this, int count); + + /** + * Return the number of additional IMV IDs assigned by the TNCS + * + * @return number of additional IMV IDs + */ + int (*count_additional_ids)(imv_agent_t *this); + + /** + * Create an enumerator for the additional IMV IDs + */ + enumerator_t* (*create_id_enumerator)(imv_agent_t *this); + + /** + * Destroys an imv_agent_t object + */ + void (*destroy)(imv_agent_t *this); +}; + +/** + * Create an imv_agent_t object + * + * @param name name of the IMV + * @param vendor_id vendor ID of the IMV + * @param subtype message subtype of the IMV + * @param id ID of the IMV as assigned by the TNCS + * @param actual_version actual version of the IF-IMV API + * + */ +imv_agent_t *imv_agent_create(const char *name, + pen_t vendor_id, u_int32_t subtype, + TNC_IMVID id, TNC_Version *actual_version); + +#endif /** IMV_AGENT_H_ @}*/ diff --git a/src/libimcv/imv/imv_state.h b/src/libimcv/imv/imv_state.h new file mode 100644 index 000000000..9e7a29a9f --- /dev/null +++ b/src/libimcv/imv/imv_state.h @@ -0,0 +1,111 @@ +/* + * Copyright (C) 2011 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * + * @defgroup imv_state_t imv_state + * @{ @ingroup imv_state + */ + +#ifndef IMV_STATE_H_ +#define IMV_STATE_H_ + +#include <tncifimv.h> + +#include <library.h> + +typedef struct imv_state_t imv_state_t; + +/** + * Internal state of an IMV connection instance + */ +struct imv_state_t { + + /** + * Get the TNCS connection ID attached to the state + * + * @return TNCS connection ID of the state + */ + TNC_ConnectionID (*get_connection_id)(imv_state_t *this); + + /** + * Checks if long message types are supported for this TNCCS connection + * + * @return TRUE if set, FALSE otherwise + */ + bool (*has_long)(imv_state_t *this); + + /** + * Checks if the exclusive delivery is supported for this TNCCS connection + * + * @return TRUE if set, FALSE otherwise + */ + bool (*has_excl)(imv_state_t *this); + + /** + * Sets the long message types and exclusive flags for this TNCCS connection + * + * @param has_long TNCCS connection supports long message types + * @param has_excl TNCCS connection supports exclusive delivery + * @return TRUE if set, FALSE otherwise + */ + void (*set_flags)(imv_state_t *this, bool has_long, bool has_excl); + + /** + * Change the connection state + * + * @param new_state new connection state + */ + void (*change_state)(imv_state_t *this, TNC_ConnectionState new_state); + + /** + * Get IMV action recommendation and evaluation result + * + * @param rec IMV action recommendation + * @param eval IMV evaluation result + * + */ + void (*get_recommendation)(imv_state_t *this, + TNC_IMV_Action_Recommendation *rec, + TNC_IMV_Evaluation_Result *eval); + + /** + * Set IMV action recommendation and evaluation result + * + * @param rec IMV action recommendation + * @param eval IMV evaluation result + * + */ + void (*set_recommendation)(imv_state_t *this, + TNC_IMV_Action_Recommendation rec, + TNC_IMV_Evaluation_Result eval); + + /** + * Get reason string based on the preferred language + * + * @param preferred_language preferred language + * @param reason_string reason string + * @param language code language of the returned reason string + * @return TRUE if a reason string was found + */ + bool (*get_reason_string)(imv_state_t *this, chunk_t preferred_language, + chunk_t *reason_string, chunk_t *language_code); + + /** + * Destroys an imv_state_t object + */ + void (*destroy)(imv_state_t *this); +}; + +#endif /** IMV_STATE_H_ @}*/ |