projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
store the long and excl flags in the connection state
[strongswan.git] / src / libimcv / imc / imc_agent.c
1 /*
2 * Copyright (C) 2011 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
3 *
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License as published by the
6 * Free Software Foundation; either version 2 of the License, or (at your
7 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * for more details.
13 */
14
15 #include "imcv.h"
16 #include "imc_agent.h"
17
18 #include <tncif_names.h>
19
20 #include <debug.h>
21 #include <utils/linked_list.h>
22 #include <threading/rwlock.h>
23
24 typedef struct private_imc_agent_t private_imc_agent_t;
25
26 /**
27 * Private data of an imc_agent_t object.
28 */
29 struct private_imc_agent_t {
30
31 /**
32 * Public members of imc_agent_t
33 */
34 imc_agent_t public;
35
36 /**
37 * name of IMC
38 */
39 const char *name;
40
41 /**
42 * message vendor ID of IMC
43 */
44 TNC_VendorID vendor_id;
45
46 /**
47 * message subtype of IMC
48 */
49 TNC_MessageSubtype subtype;
50
51 /**
52 * ID of IMC as assigned by TNCC
53 */
54 TNC_IMCID id;
55
56 /**
57 * list of TNCC connection entries
58 */
59 linked_list_t *connections;
60
61 /**
62 * rwlock to lock TNCC connection entries
63 */
64 rwlock_t *connection_lock;
65
66 /**
67 * Inform a TNCC about the set of message types the IMC is able to receive
68 *
69 * @param imc_id IMC ID assigned by TNCC
70 * @param supported_types list of supported message types
71 * @param type_count number of list elements
72 * @return TNC result code
73 */
74 TNC_Result (*report_message_types)(TNC_IMCID imc_id,
75 TNC_MessageTypeList supported_types,
76 TNC_UInt32 type_count);
77
78 /**
79 * Inform a TNCC about the set of message types the IMC is able to receive
80 *
81 * @param imc_id IMC ID assigned by TNCC
82 * @param supported_vids list of supported message vendor IDs
83 * @param supported_subtypes list of supported message subtypes
84 * @param type_count number of list elements
85 * @return TNC result code
86 */
87 TNC_Result (*report_message_types_long)(TNC_IMCID imc_id,
88 TNC_VendorIDList supported_vids,
89 TNC_MessageSubtypeList supported_subtypes,
90 TNC_UInt32 type_count);
91
92 /**
93 * Call when an IMC-IMC message is to be sent
94 *
95 * @param imc_id IMC ID assigned by TNCC
96 * @param connection_id network connection ID assigned by TNCC
97 * @param msg message to send
98 * @param msg_len message length in bytes
99 * @param msg_type message type
100 * @return TNC result code
101 */
102 TNC_Result (*send_message)(TNC_IMCID imc_id,
103 TNC_ConnectionID connection_id,
104 TNC_BufferReference msg,
105 TNC_UInt32 msg_len,
106 TNC_MessageType msg_type);
107
108 /**
109 * Get the value of an attribute associated with a connection
110 * or with the TNCC as a whole.
111 *
112 * @param imc_id IMC ID assigned by TNCC
113 * @param connection_id network connection ID assigned by TNCC
114 * @param attribute_id attribute ID
115 * @param buffer_len length of buffer in bytes
116 * @param buffer buffer
117 * @param out_value_len size in bytes of attribute stored in buffer
118 * @return TNC result code
119 */
120 TNC_Result (*get_attribute)(TNC_IMCID imc_id,
121 TNC_ConnectionID connection_id,
122 TNC_AttributeID attribute_id,
123 TNC_UInt32 buffer_len,
124 TNC_BufferReference buffer,
125 TNC_UInt32 *out_value_len);
126
127 /**
128 * Set the value of an attribute associated with a connection
129 * or with the TNCC as a whole.
130 *
131 * @param imc_id IMV ID assigned by TNCC
132 * @param connection_id network connection ID assigned by TNCC
133 * @param attribute_id attribute ID
134 * @param buffer_len length of buffer in bytes
135 * @param buffer buffer
136 * @return TNC result code
137 */
138 TNC_Result (*set_attribute)(TNC_IMCID imc_id,
139 TNC_ConnectionID connection_id,
140 TNC_AttributeID attribute_id,
141 TNC_UInt32 buffer_len,
142 TNC_BufferReference buffer);
143 };
144
145 METHOD(imc_agent_t, bind_functions, TNC_Result,
146 private_imc_agent_t *this, TNC_TNCC_BindFunctionPointer bind_function)
147 {
148 if (!bind_function)
149 {
150 DBG1(DBG_IMC, "TNC client failed to provide bind function");
151 return TNC_RESULT_INVALID_PARAMETER;
152 }
153 if (bind_function(this->id, "TNC_TNCC_ReportMessageTypes",
154 (void**)&this->report_message_types) != TNC_RESULT_SUCCESS)
155 {
156 this->report_message_types = NULL;
157 }
158 if (bind_function(this->id, "TNC_TNCC_ReportMessageTypesLong",
159 (void**)&this->report_message_types_long) != TNC_RESULT_SUCCESS)
160 {
161 this->report_message_types_long = NULL;
162 }
163 if (bind_function(this->id, "TNC_TNCC_RequestHandshakeRetry",
164 (void**)&this->public.request_handshake_retry) != TNC_RESULT_SUCCESS)
165 {
166 this->public.request_handshake_retry = NULL;
167 }
168 if (bind_function(this->id, "TNC_TNCC_SendMessage",
169 (void**)&this->send_message) != TNC_RESULT_SUCCESS)
170 {
171 this->send_message = NULL;
172 }
173 if (bind_function(this->id, "TNC_TNCC_GetAttribute",
174 (void**)&this->get_attribute) != TNC_RESULT_SUCCESS)
175 {
176 this->get_attribute = NULL;
177 }
178 if (bind_function(this->id, "TNC_TNCC_SetAttribute",
179 (void**)&this->set_attribute) != TNC_RESULT_SUCCESS)
180 {
181 this->set_attribute = NULL;
182 }
183 DBG2(DBG_IMC, "IMC %u \"%s\" provided with bind function",
184 this->id, this->name);
185
186 if (this->report_message_types_long)
187 {
188 this->report_message_types_long(this->id, &this->vendor_id,
189 &this->subtype, 1);
190 }
191 else if (this->report_message_types &&
192 this->vendor_id <= TNC_VENDORID_ANY &&
193 this->subtype <= TNC_SUBTYPE_ANY)
194 {
195 TNC_MessageType type;
196
197 type = (this->vendor_id << 8) | this->subtype;
198 this->report_message_types(this->id, &type, 1);
199 }
200 return TNC_RESULT_SUCCESS;
201 }
202
203 /**
204 * finds a connection state based on its Connection ID
205 */
206 static imc_state_t* find_connection(private_imc_agent_t *this,
207 TNC_ConnectionID id)
208 {
209 enumerator_t *enumerator;
210 imc_state_t *state, *found = NULL;
211
212 this->connection_lock->read_lock(this->connection_lock);
213 enumerator = this->connections->create_enumerator(this->connections);
214 while (enumerator->enumerate(enumerator, &state))
215 {
216 if (id == state->get_connection_id(state))
217 {
218 found = state;
219 break;
220 }
221 }
222 enumerator->destroy(enumerator);
223 this->connection_lock->unlock(this->connection_lock);
224
225 return found;
226 }
227
228 /**
229 * delete a connection state with a given Connection ID
230 */
231 static bool delete_connection(private_imc_agent_t *this, TNC_ConnectionID id)
232 {
233 enumerator_t *enumerator;
234 imc_state_t *state;
235 bool found = FALSE;
236
237 this->connection_lock->write_lock(this->connection_lock);
238 enumerator = this->connections->create_enumerator(this->connections);
239 while (enumerator->enumerate(enumerator, &state))
240 {
241 if (id == state->get_connection_id(state))
242 {
243 found = TRUE;
244 state->destroy(state);
245 this->connections->remove_at(this->connections, enumerator);
246 break;
247 }
248 }
249 enumerator->destroy(enumerator);
250 this->connection_lock->unlock(this->connection_lock);
251
252 return found;
253 }
254
255 /**
256 * Read a boolean attribute
257 */
258 static bool get_bool_attribute(private_imc_agent_t *this, TNC_ConnectionID id,
259 TNC_AttributeID attribute_id)
260 {
261 TNC_UInt32 len;
262 char buf[4];
263
264 return this->get_attribute &&
265 this->get_attribute(this->id, id, attribute_id, 4, buf, &len) ==
266 TNC_RESULT_SUCCESS && len == 1 && *buf == 0x01;
267 }
268
269 /**
270 * Read a string attribute
271 */
272 static char* get_str_attribute(private_imc_agent_t *this, TNC_ConnectionID id,
273 TNC_AttributeID attribute_id)
274 {
275 TNC_UInt32 len;
276 char buf[BUF_LEN];
277
278 if (this->get_attribute &&
279 this->get_attribute(this->id, id, attribute_id, BUF_LEN, buf, &len) ==
280 TNC_RESULT_SUCCESS && len <= BUF_LEN)
281 {
282 return strdup(buf);
283 }
284 return NULL;
285 }
286
287 METHOD(imc_agent_t, create_state, TNC_Result,
288 private_imc_agent_t *this, imc_state_t *state)
289 {
290 TNC_ConnectionID conn_id;
291 char *tnccs_p = NULL, *tnccs_v = NULL, *t_p = NULL, *t_v = NULL;
292 bool has_long = FALSE, has_excl = FALSE, has_soh = FALSE;
293
294 conn_id = state->get_connection_id(state);
295 if (find_connection(this, conn_id))
296 {
297 DBG1(DBG_IMC, "IMC %u \"%s\" already created a state for Connection ID %u",
298 this->id, this->name, conn_id);
299 state->destroy(state);
300 return TNC_RESULT_OTHER;
301 }
302
303 /* Get and display attributes from TNCC via IF-IMC */
304 has_long = get_bool_attribute(this, conn_id, TNC_ATTRIBUTEID_HAS_LONG_TYPES);
305 has_excl = get_bool_attribute(this, conn_id, TNC_ATTRIBUTEID_HAS_EXCLUSIVE);
306 has_soh = get_bool_attribute(this, conn_id, TNC_ATTRIBUTEID_HAS_SOH);
307 tnccs_p = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFTNCCS_PROTOCOL);
308 tnccs_v = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFTNCCS_VERSION);
309 t_p = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFT_PROTOCOL);
310 t_v = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFT_VERSION);
311
312 state->set_flags(state, has_long, has_excl);
313
314 DBG2(DBG_IMC, "IMC %u \"%s\" created a state for Connection ID %u: "
315 "%s %s with %slong %sexcl %ssoh over %s %s",
316 this->id, this->name, conn_id, tnccs_p ? tnccs_p:"?",
317 tnccs_v ? tnccs_v:"?", has_long ? "+":"-", has_excl ? "+":"-",
318 has_soh ? "+":"-", t_p ? t_p:"?", t_v ? t_v :"?");
319 free(tnccs_p);
320 free(tnccs_v);
321 free(t_p);
322 free(t_v);
323
324 this->connection_lock->write_lock(this->connection_lock);
325 this->connections->insert_last(this->connections, state);
326 this->connection_lock->unlock(this->connection_lock);
327 return TNC_RESULT_SUCCESS;
328 }
329
330 METHOD(imc_agent_t, delete_state, TNC_Result,
331 private_imc_agent_t *this, TNC_ConnectionID connection_id)
332 {
333 if (!delete_connection(this, connection_id))
334 {
335 DBG1(DBG_IMC, "IMC %u \"%s\" has no state for Connection ID %u",
336 this->id, this->name, connection_id);
337 return TNC_RESULT_FATAL;
338 }
339 DBG2(DBG_IMC, "IMC %u \"%s\" deleted the state of Connection ID %u",
340 this->id, this->name, connection_id);
341 return TNC_RESULT_SUCCESS;
342 }
343
344 METHOD(imc_agent_t, change_state, TNC_Result,
345 private_imc_agent_t *this, TNC_ConnectionID connection_id,
346 TNC_ConnectionState new_state,
347 imc_state_t **state_p)
348 {
349 imc_state_t *state;
350
351 switch (new_state)
352 {
353 case TNC_CONNECTION_STATE_HANDSHAKE:
354 case TNC_CONNECTION_STATE_ACCESS_ALLOWED:
355 case TNC_CONNECTION_STATE_ACCESS_ISOLATED:
356 case TNC_CONNECTION_STATE_ACCESS_NONE:
357 state = find_connection(this, connection_id);
358
359 if (!state)
360 {
361 DBG1(DBG_IMC, "IMC %u \"%s\" has no state for Connection ID %u",
362 this->id, this->name, connection_id);
363 return TNC_RESULT_FATAL;
364 }
365 state->change_state(state, new_state);
366 DBG2(DBG_IMC, "IMC %u \"%s\" changed state of Connection ID %u to '%N'",
367 this->id, this->name, connection_id,
368 TNC_Connection_State_names, new_state);
369 if (state_p)
370 {
371 *state_p = state;
372 }
373 break;
374 case TNC_CONNECTION_STATE_CREATE:
375 DBG1(DBG_IMC, "state '%N' should be handled by create_state()",
376 TNC_Connection_State_names, new_state);
377 return TNC_RESULT_FATAL;
378 case TNC_CONNECTION_STATE_DELETE:
379 DBG1(DBG_IMC, "state '%N' should be handled by delete_state()",
380 TNC_Connection_State_names, new_state);
381 return TNC_RESULT_FATAL;
382 default:
383 DBG1(DBG_IMC, "IMC %u \"%s\" was notified of unknown state %u "
384 "for Connection ID %u",
385 this->id, this->name, new_state, connection_id);
386 return TNC_RESULT_INVALID_PARAMETER;
387 }
388 return TNC_RESULT_SUCCESS;
389 }
390
391 METHOD(imc_agent_t, get_state, bool,
392 private_imc_agent_t *this, TNC_ConnectionID connection_id,
393 imc_state_t **state)
394 {
395 *state = find_connection(this, connection_id);
396 if (!*state)
397 {
398 DBG1(DBG_IMC, "IMC %u \"%s\" has no state for Connection ID %u",
399 this->id, this->name, connection_id);
400 return FALSE;
401 }
402 return TRUE;
403 }
404
405 METHOD(imc_agent_t, send_message, TNC_Result,
406 private_imc_agent_t *this, TNC_ConnectionID connection_id, chunk_t msg)
407 {
408 TNC_MessageType type;
409
410 if (!this->send_message)
411 {
412 return TNC_RESULT_FATAL;
413 }
414 type = (this->vendor_id << 8) | this->subtype;
415 return this->send_message(this->id, connection_id, msg.ptr, msg.len, type);
416 }
417
418 METHOD(imc_agent_t, receive_message, TNC_Result,
419 private_imc_agent_t *this, TNC_ConnectionID connection_id, chunk_t msg,
420 TNC_MessageType msg_type, pa_tnc_msg_t **pa_tnc_msg)
421 {
422 pa_tnc_msg_t *pa_msg, *error_msg;
423 pa_tnc_attr_t *error_attr;
424 enumerator_t *enumerator;
425 TNC_Result result;
426
427 DBG2(DBG_IMV, "IMC %u \"%s\" received message type 0x%08x for Connection ID %u",
428 this->id, this->name, msg_type, connection_id);
429
430 *pa_tnc_msg = NULL;
431 pa_msg = pa_tnc_msg_create_from_data(msg);
432
433 switch (pa_msg->process(pa_msg))
434 {
435 case SUCCESS:
436 *pa_tnc_msg = pa_msg;
437 break;
438 case VERIFY_ERROR:
439 if (!this->send_message)
440 {
441 /* TNCC doen't have a SendMessage() function */
442 return TNC_RESULT_FATAL;
443 }
444
445 /* build error message */
446 error_msg = pa_tnc_msg_create();
447 enumerator = pa_msg->create_error_enumerator(pa_msg);
448 while (enumerator->enumerate(enumerator, &error_attr))
449 {
450 error_msg->add_attribute(error_msg,
451 error_attr->get_ref(error_attr));
452 }
453 enumerator->destroy(enumerator);
454 error_msg->build(error_msg);
455
456 /* send error message */
457 msg = error_msg->get_encoding(error_msg);
458 result = this->send_message(this->id, connection_id,
459 msg.ptr, msg.len, msg_type);
460
461 /* clean up */
462 error_msg->destroy(error_msg);
463 pa_msg->destroy(pa_msg);
464 return result;
465 case FAILED:
466 default:
467 pa_msg->destroy(pa_msg);
468 return TNC_RESULT_FATAL;
469 }
470 return TNC_RESULT_SUCCESS;
471 }
472
473 METHOD(imc_agent_t, destroy, void,
474 private_imc_agent_t *this)
475 {
476 DBG1(DBG_IMC, "IMC %u \"%s\" terminated", this->id, this->name);
477 this->connections->destroy_function(this->connections, free);
478 this->connection_lock->destroy(this->connection_lock);
479 free(this);
480
481 /* decrease the reference count or terminate */
482 libimcv_deinit();
483 }
484
485 /**
486 * Described in header.
487 */
488 imc_agent_t *imc_agent_create(const char *name,
489 pen_t vendor_id, u_int32_t subtype,
490 TNC_IMCID id, TNC_Version *actual_version)
491 {
492 private_imc_agent_t *this;
493
494 /* initialize or increase the reference count */
495 if (!libimcv_init())
496 {
497 return NULL;
498 }
499
500 INIT(this,
501 .public = {
502 .bind_functions = _bind_functions,
503 .create_state = _create_state,
504 .delete_state = _delete_state,
505 .change_state = _change_state,
506 .get_state = _get_state,
507 .send_message = _send_message,
508 .receive_message = _receive_message,
509 .destroy = _destroy,
510 },
511 .name = name,
512 .vendor_id = vendor_id,
513 .subtype = subtype,
514 .id = id,
515 .connections = linked_list_create(),
516 .connection_lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
517 );
518
519 *actual_version = TNC_IFIMC_VERSION_1;
520 DBG1(DBG_IMC, "IMC %u \"%s\" initialized", this->id, this->name);
521
522 return &this->public;
523 }
524
strongSwan - IPsec VPN