added IMC/IMV support for send_message_long() and reserve_additional_id() functions
[strongswan.git] / src / libimcv / imc / imc_agent.c
1 /*
2 * Copyright (C) 2011 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
3 *
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License as published by the
6 * Free Software Foundation; either version 2 of the License, or (at your
7 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * for more details.
13 */
14
15 #include "imcv.h"
16 #include "imc_agent.h"
17
18 #include <tncif_names.h>
19
20 #include <debug.h>
21 #include <utils/linked_list.h>
22 #include <threading/rwlock.h>
23
24 typedef struct private_imc_agent_t private_imc_agent_t;
25
26 /**
27 * Private data of an imc_agent_t object.
28 */
29 struct private_imc_agent_t {
30
31 /**
32 * Public members of imc_agent_t
33 */
34 imc_agent_t public;
35
36 /**
37 * name of IMC
38 */
39 const char *name;
40
41 /**
42 * message vendor ID of IMC
43 */
44 TNC_VendorID vendor_id;
45
46 /**
47 * message subtype of IMC
48 */
49 TNC_MessageSubtype subtype;
50
51 /**
52 * ID of IMC as assigned by TNCC
53 */
54 TNC_IMCID id;
55
56 /**
57 * list of TNCC connection entries
58 */
59 linked_list_t *connections;
60
61 /**
62 * rwlock to lock TNCC connection entries
63 */
64 rwlock_t *connection_lock;
65
66 /**
67 * Inform a TNCC about the set of message types the IMC is able to receive
68 *
69 * @param imc_id IMC ID assigned by TNCC
70 * @param supported_types list of supported message types
71 * @param type_count number of list elements
72 * @return TNC result code
73 */
74 TNC_Result (*report_message_types)(TNC_IMCID imc_id,
75 TNC_MessageTypeList supported_types,
76 TNC_UInt32 type_count);
77
78 /**
79 * Inform a TNCC about the set of message types the IMC is able to receive
80 *
81 * @param imc_id IMC ID assigned by TNCC
82 * @param supported_vids list of supported message vendor IDs
83 * @param supported_subtypes list of supported message subtypes
84 * @param type_count number of list elements
85 * @return TNC result code
86 */
87 TNC_Result (*report_message_types_long)(TNC_IMCID imc_id,
88 TNC_VendorIDList supported_vids,
89 TNC_MessageSubtypeList supported_subtypes,
90 TNC_UInt32 type_count);
91
92 /**
93 * Call when an IMC-IMC message is to be sent
94 *
95 * @param imc_id IMC ID assigned by TNCC
96 * @param connection_id network connection ID assigned by TNCC
97 * @param msg message to send
98 * @param msg_len message length in bytes
99 * @param msg_type message type
100 * @return TNC result code
101 */
102 TNC_Result (*send_message)(TNC_IMCID imc_id,
103 TNC_ConnectionID connection_id,
104 TNC_BufferReference msg,
105 TNC_UInt32 msg_len,
106 TNC_MessageType msg_type);
107
108
109 /**
110 * Call when an IMC-IMC message is to be sent with long message types
111 *
112 * @param imc_id IMC ID assigned by TNCC
113 * @param connection_id network connection ID assigned by TNCC
114 * @param msg_flags message flags
115 * @param msg message to send
116 * @param msg_len message length in bytes
117 * @param msg_vid message vendor ID
118 * @param msg_subtype message subtype
119 * @param dst_imc_id destination IMV ID
120 * @return TNC result code
121 */
122 TNC_Result (*send_message_long)(TNC_IMCID imc_id,
123 TNC_ConnectionID connection_id,
124 TNC_UInt32 msg_flags,
125 TNC_BufferReference msg,
126 TNC_UInt32 msg_len,
127 TNC_VendorID msg_vid,
128 TNC_MessageSubtype msg_subtype,
129 TNC_UInt32 dst_imv_id);
130
131 /**
132 * Get the value of an attribute associated with a connection
133 * or with the TNCC as a whole.
134 *
135 * @param imc_id IMC ID assigned by TNCC
136 * @param connection_id network connection ID assigned by TNCC
137 * @param attribute_id attribute ID
138 * @param buffer_len length of buffer in bytes
139 * @param buffer buffer
140 * @param out_value_len size in bytes of attribute stored in buffer
141 * @return TNC result code
142 */
143 TNC_Result (*get_attribute)(TNC_IMCID imc_id,
144 TNC_ConnectionID connection_id,
145 TNC_AttributeID attribute_id,
146 TNC_UInt32 buffer_len,
147 TNC_BufferReference buffer,
148 TNC_UInt32 *out_value_len);
149
150 /**
151 * Set the value of an attribute associated with a connection
152 * or with the TNCC as a whole.
153 *
154 * @param imc_id IMV ID assigned by TNCC
155 * @param connection_id network connection ID assigned by TNCC
156 * @param attribute_id attribute ID
157 * @param buffer_len length of buffer in bytes
158 * @param buffer buffer
159 * @return TNC result code
160 */
161 TNC_Result (*set_attribute)(TNC_IMCID imc_id,
162 TNC_ConnectionID connection_id,
163 TNC_AttributeID attribute_id,
164 TNC_UInt32 buffer_len,
165 TNC_BufferReference buffer);
166
167 /**
168 * Reserve an additional IMC ID
169 *
170 * @param imc_id primary IMC ID assigned by TNCC
171 * @param out_imc_id additional IMC ID assigned by TNCC
172 * @return TNC result code
173 */
174 TNC_Result (*reserve_additional_id)(TNC_IMCID imc_id,
175 TNC_UInt32 *out_imc_id);
176
177 };
178
179 METHOD(imc_agent_t, bind_functions, TNC_Result,
180 private_imc_agent_t *this, TNC_TNCC_BindFunctionPointer bind_function)
181 {
182 if (!bind_function)
183 {
184 DBG1(DBG_IMC, "TNC client failed to provide bind function");
185 return TNC_RESULT_INVALID_PARAMETER;
186 }
187 if (bind_function(this->id, "TNC_TNCC_ReportMessageTypes",
188 (void**)&this->report_message_types) != TNC_RESULT_SUCCESS)
189 {
190 this->report_message_types = NULL;
191 }
192 if (bind_function(this->id, "TNC_TNCC_ReportMessageTypesLong",
193 (void**)&this->report_message_types_long) != TNC_RESULT_SUCCESS)
194 {
195 this->report_message_types_long = NULL;
196 }
197 if (bind_function(this->id, "TNC_TNCC_RequestHandshakeRetry",
198 (void**)&this->public.request_handshake_retry) != TNC_RESULT_SUCCESS)
199 {
200 this->public.request_handshake_retry = NULL;
201 }
202 if (bind_function(this->id, "TNC_TNCC_SendMessage",
203 (void**)&this->send_message) != TNC_RESULT_SUCCESS)
204 {
205 this->send_message = NULL;
206 }
207 if (bind_function(this->id, "TNC_TNCC_SendMessageLong",
208 (void**)&this->send_message_long) != TNC_RESULT_SUCCESS)
209 {
210 this->send_message_long = NULL;
211 }
212 if (bind_function(this->id, "TNC_TNCC_GetAttribute",
213 (void**)&this->get_attribute) != TNC_RESULT_SUCCESS)
214 {
215 this->get_attribute = NULL;
216 }
217 if (bind_function(this->id, "TNC_TNCC_SetAttribute",
218 (void**)&this->set_attribute) != TNC_RESULT_SUCCESS)
219 {
220 this->set_attribute = NULL;
221 }
222 if (bind_function(this->id, "TNC_TNCC_ReserveAdditionalIMCID",
223 (void**)&this->reserve_additional_id) != TNC_RESULT_SUCCESS)
224 {
225 this->reserve_additional_id = NULL;
226 }
227 DBG2(DBG_IMC, "IMC %u \"%s\" provided with bind function",
228 this->id, this->name);
229
230 if (this->report_message_types_long)
231 {
232 this->report_message_types_long(this->id, &this->vendor_id,
233 &this->subtype, 1);
234 }
235 else if (this->report_message_types &&
236 this->vendor_id <= TNC_VENDORID_ANY &&
237 this->subtype <= TNC_SUBTYPE_ANY)
238 {
239 TNC_MessageType type;
240
241 type = (this->vendor_id << 8) | this->subtype;
242 this->report_message_types(this->id, &type, 1);
243 }
244 return TNC_RESULT_SUCCESS;
245 }
246
247 /**
248 * finds a connection state based on its Connection ID
249 */
250 static imc_state_t* find_connection(private_imc_agent_t *this,
251 TNC_ConnectionID id)
252 {
253 enumerator_t *enumerator;
254 imc_state_t *state, *found = NULL;
255
256 this->connection_lock->read_lock(this->connection_lock);
257 enumerator = this->connections->create_enumerator(this->connections);
258 while (enumerator->enumerate(enumerator, &state))
259 {
260 if (id == state->get_connection_id(state))
261 {
262 found = state;
263 break;
264 }
265 }
266 enumerator->destroy(enumerator);
267 this->connection_lock->unlock(this->connection_lock);
268
269 return found;
270 }
271
272 /**
273 * delete a connection state with a given Connection ID
274 */
275 static bool delete_connection(private_imc_agent_t *this, TNC_ConnectionID id)
276 {
277 enumerator_t *enumerator;
278 imc_state_t *state;
279 bool found = FALSE;
280
281 this->connection_lock->write_lock(this->connection_lock);
282 enumerator = this->connections->create_enumerator(this->connections);
283 while (enumerator->enumerate(enumerator, &state))
284 {
285 if (id == state->get_connection_id(state))
286 {
287 found = TRUE;
288 state->destroy(state);
289 this->connections->remove_at(this->connections, enumerator);
290 break;
291 }
292 }
293 enumerator->destroy(enumerator);
294 this->connection_lock->unlock(this->connection_lock);
295
296 return found;
297 }
298
299 /**
300 * Read a boolean attribute
301 */
302 static bool get_bool_attribute(private_imc_agent_t *this, TNC_ConnectionID id,
303 TNC_AttributeID attribute_id)
304 {
305 TNC_UInt32 len;
306 char buf[4];
307
308 return this->get_attribute &&
309 this->get_attribute(this->id, id, attribute_id, 4, buf, &len) ==
310 TNC_RESULT_SUCCESS && len == 1 && *buf == 0x01;
311 }
312
313 /**
314 * Read a string attribute
315 */
316 static char* get_str_attribute(private_imc_agent_t *this, TNC_ConnectionID id,
317 TNC_AttributeID attribute_id)
318 {
319 TNC_UInt32 len;
320 char buf[BUF_LEN];
321
322 if (this->get_attribute &&
323 this->get_attribute(this->id, id, attribute_id, BUF_LEN, buf, &len) ==
324 TNC_RESULT_SUCCESS && len <= BUF_LEN)
325 {
326 return strdup(buf);
327 }
328 return NULL;
329 }
330
331 METHOD(imc_agent_t, create_state, TNC_Result,
332 private_imc_agent_t *this, imc_state_t *state)
333 {
334 TNC_ConnectionID conn_id;
335 char *tnccs_p = NULL, *tnccs_v = NULL, *t_p = NULL, *t_v = NULL;
336 bool has_long = FALSE, has_excl = FALSE, has_soh = FALSE;
337
338 conn_id = state->get_connection_id(state);
339 if (find_connection(this, conn_id))
340 {
341 DBG1(DBG_IMC, "IMC %u \"%s\" already created a state for Connection ID %u",
342 this->id, this->name, conn_id);
343 state->destroy(state);
344 return TNC_RESULT_OTHER;
345 }
346
347 /* Get and display attributes from TNCC via IF-IMC */
348 has_long = get_bool_attribute(this, conn_id, TNC_ATTRIBUTEID_HAS_LONG_TYPES);
349 has_excl = get_bool_attribute(this, conn_id, TNC_ATTRIBUTEID_HAS_EXCLUSIVE);
350 has_soh = get_bool_attribute(this, conn_id, TNC_ATTRIBUTEID_HAS_SOH);
351 tnccs_p = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFTNCCS_PROTOCOL);
352 tnccs_v = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFTNCCS_VERSION);
353 t_p = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFT_PROTOCOL);
354 t_v = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFT_VERSION);
355
356 state->set_flags(state, has_long, has_excl);
357
358 DBG2(DBG_IMC, "IMC %u \"%s\" created a state for Connection ID %u: "
359 "%s %s with %slong %sexcl %ssoh over %s %s",
360 this->id, this->name, conn_id, tnccs_p ? tnccs_p:"?",
361 tnccs_v ? tnccs_v:"?", has_long ? "+":"-", has_excl ? "+":"-",
362 has_soh ? "+":"-", t_p ? t_p:"?", t_v ? t_v :"?");
363 free(tnccs_p);
364 free(tnccs_v);
365 free(t_p);
366 free(t_v);
367
368 this->connection_lock->write_lock(this->connection_lock);
369 this->connections->insert_last(this->connections, state);
370 this->connection_lock->unlock(this->connection_lock);
371 return TNC_RESULT_SUCCESS;
372 }
373
374 METHOD(imc_agent_t, delete_state, TNC_Result,
375 private_imc_agent_t *this, TNC_ConnectionID connection_id)
376 {
377 if (!delete_connection(this, connection_id))
378 {
379 DBG1(DBG_IMC, "IMC %u \"%s\" has no state for Connection ID %u",
380 this->id, this->name, connection_id);
381 return TNC_RESULT_FATAL;
382 }
383 DBG2(DBG_IMC, "IMC %u \"%s\" deleted the state of Connection ID %u",
384 this->id, this->name, connection_id);
385 return TNC_RESULT_SUCCESS;
386 }
387
388 METHOD(imc_agent_t, change_state, TNC_Result,
389 private_imc_agent_t *this, TNC_ConnectionID connection_id,
390 TNC_ConnectionState new_state,
391 imc_state_t **state_p)
392 {
393 imc_state_t *state;
394
395 switch (new_state)
396 {
397 case TNC_CONNECTION_STATE_HANDSHAKE:
398 case TNC_CONNECTION_STATE_ACCESS_ALLOWED:
399 case TNC_CONNECTION_STATE_ACCESS_ISOLATED:
400 case TNC_CONNECTION_STATE_ACCESS_NONE:
401 state = find_connection(this, connection_id);
402
403 if (!state)
404 {
405 DBG1(DBG_IMC, "IMC %u \"%s\" has no state for Connection ID %u",
406 this->id, this->name, connection_id);
407 return TNC_RESULT_FATAL;
408 }
409 state->change_state(state, new_state);
410 DBG2(DBG_IMC, "IMC %u \"%s\" changed state of Connection ID %u to '%N'",
411 this->id, this->name, connection_id,
412 TNC_Connection_State_names, new_state);
413 if (state_p)
414 {
415 *state_p = state;
416 }
417 break;
418 case TNC_CONNECTION_STATE_CREATE:
419 DBG1(DBG_IMC, "state '%N' should be handled by create_state()",
420 TNC_Connection_State_names, new_state);
421 return TNC_RESULT_FATAL;
422 case TNC_CONNECTION_STATE_DELETE:
423 DBG1(DBG_IMC, "state '%N' should be handled by delete_state()",
424 TNC_Connection_State_names, new_state);
425 return TNC_RESULT_FATAL;
426 default:
427 DBG1(DBG_IMC, "IMC %u \"%s\" was notified of unknown state %u "
428 "for Connection ID %u",
429 this->id, this->name, new_state, connection_id);
430 return TNC_RESULT_INVALID_PARAMETER;
431 }
432 return TNC_RESULT_SUCCESS;
433 }
434
435 METHOD(imc_agent_t, get_state, bool,
436 private_imc_agent_t *this, TNC_ConnectionID connection_id,
437 imc_state_t **state)
438 {
439 *state = find_connection(this, connection_id);
440 if (!*state)
441 {
442 DBG1(DBG_IMC, "IMC %u \"%s\" has no state for Connection ID %u",
443 this->id, this->name, connection_id);
444 return FALSE;
445 }
446 return TRUE;
447 }
448
449 METHOD(imc_agent_t, send_message, TNC_Result,
450 private_imc_agent_t *this, TNC_ConnectionID connection_id, bool excl,
451 TNC_UInt32 src_imc_id, TNC_UInt32 dst_imv_id, chunk_t msg)
452 {
453 TNC_MessageType type;
454 TNC_UInt32 msg_flags;
455 imc_state_t *state;
456
457 state = find_connection(this, connection_id);
458 if (!state)
459 {
460 DBG1(DBG_IMV, "IMC %u \"%s\" has no state for Connection ID %u",
461 this->id, this->name, connection_id);
462 return TNC_RESULT_FATAL;
463 }
464
465 if (state->has_long(state) && this->send_message_long)
466 {
467 if (!src_imc_id)
468 {
469 src_imc_id = this->id;
470 }
471 msg_flags = excl ? TNC_MESSAGE_FLAGS_EXCLUSIVE : 0;
472
473 return this->send_message_long(src_imc_id, connection_id, msg_flags,
474 msg.ptr, msg.len, this->vendor_id,
475 this->subtype, dst_imv_id);
476 }
477 if (this->send_message)
478 {
479 type = (this->vendor_id << 8) | this->subtype;
480
481 return this->send_message(this->id, connection_id, msg.ptr, msg.len,
482 type);
483 }
484 return TNC_RESULT_FATAL;
485 }
486
487 METHOD(imc_agent_t, receive_message, TNC_Result,
488 private_imc_agent_t *this, TNC_ConnectionID connection_id, chunk_t msg,
489 TNC_MessageType msg_type, pa_tnc_msg_t **pa_tnc_msg)
490 {
491 pa_tnc_msg_t *pa_msg, *error_msg;
492 pa_tnc_attr_t *error_attr;
493 enumerator_t *enumerator;
494 TNC_Result result;
495
496 DBG2(DBG_IMV, "IMC %u \"%s\" received message type 0x%08x for Connection ID %u",
497 this->id, this->name, msg_type, connection_id);
498
499 *pa_tnc_msg = NULL;
500 pa_msg = pa_tnc_msg_create_from_data(msg);
501
502 switch (pa_msg->process(pa_msg))
503 {
504 case SUCCESS:
505 *pa_tnc_msg = pa_msg;
506 break;
507 case VERIFY_ERROR:
508 if (!this->send_message)
509 {
510 /* TNCC doen't have a SendMessage() function */
511 return TNC_RESULT_FATAL;
512 }
513
514 /* build error message */
515 error_msg = pa_tnc_msg_create();
516 enumerator = pa_msg->create_error_enumerator(pa_msg);
517 while (enumerator->enumerate(enumerator, &error_attr))
518 {
519 error_msg->add_attribute(error_msg,
520 error_attr->get_ref(error_attr));
521 }
522 enumerator->destroy(enumerator);
523 error_msg->build(error_msg);
524
525 /* send error message */
526 msg = error_msg->get_encoding(error_msg);
527 result = this->send_message(this->id, connection_id,
528 msg.ptr, msg.len, msg_type);
529
530 /* clean up */
531 error_msg->destroy(error_msg);
532 pa_msg->destroy(pa_msg);
533 return result;
534 case FAILED:
535 default:
536 pa_msg->destroy(pa_msg);
537 return TNC_RESULT_FATAL;
538 }
539 return TNC_RESULT_SUCCESS;
540 }
541
542 METHOD(imc_agent_t, reserve_additional_id, TNC_Result,
543 private_imc_agent_t *this, TNC_UInt32 *id)
544 {
545 if (!this->reserve_additional_id)
546 {
547 return TNC_RESULT_ILLEGAL_OPERATION;
548 }
549 return this->reserve_additional_id(this->id, id);
550 }
551
552 METHOD(imc_agent_t, destroy, void,
553 private_imc_agent_t *this)
554 {
555 DBG1(DBG_IMC, "IMC %u \"%s\" terminated", this->id, this->name);
556 this->connections->destroy_function(this->connections, free);
557 this->connection_lock->destroy(this->connection_lock);
558 free(this);
559
560 /* decrease the reference count or terminate */
561 libimcv_deinit();
562 }
563
564 /**
565 * Described in header.
566 */
567 imc_agent_t *imc_agent_create(const char *name,
568 pen_t vendor_id, u_int32_t subtype,
569 TNC_IMCID id, TNC_Version *actual_version)
570 {
571 private_imc_agent_t *this;
572
573 /* initialize or increase the reference count */
574 if (!libimcv_init())
575 {
576 return NULL;
577 }
578
579 INIT(this,
580 .public = {
581 .bind_functions = _bind_functions,
582 .create_state = _create_state,
583 .delete_state = _delete_state,
584 .change_state = _change_state,
585 .get_state = _get_state,
586 .send_message = _send_message,
587 .receive_message = _receive_message,
588 .reserve_additional_id = _reserve_additional_id,
589 .destroy = _destroy,
590 },
591 .name = name,
592 .vendor_id = vendor_id,
593 .subtype = subtype,
594 .id = id,
595 .connections = linked_list_create(),
596 .connection_lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
597 );
598
599 *actual_version = TNC_IFIMC_VERSION_1;
600 DBG1(DBG_IMC, "IMC %u \"%s\" initialized", this->id, this->name);
601
602 return &this->public;
603 }
604