Indicate IMV in assessment log statement
[strongswan.git] / src / libimcv / imc / imc_msg.c
1 /*
2 * Copyright (C) 2012 Andreas Steffen
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "imc_msg.h"
17
18 #include "ietf/ietf_attr.h"
19 #include "ietf/ietf_attr_assess_result.h"
20 #include "ietf/ietf_attr_remediation_instr.h"
21
22 #include <tncif_names.h>
23
24 #include <pen/pen.h>
25 #include <collections/linked_list.h>
26 #include <utils/debug.h>
27
28 typedef struct private_imc_msg_t private_imc_msg_t;
29
30 /**
31 * Private data of a imc_msg_t object.
32 *
33 */
34 struct private_imc_msg_t {
35
36 /**
37 * Public imc_msg_t interface.
38 */
39 imc_msg_t public;
40
41 /**
42 * Connection ID
43 */
44 TNC_ConnectionID connection_id;
45
46 /**
47 * source ID
48 */
49 TNC_UInt32 src_id;
50
51 /**
52 * destination ID
53 */
54 TNC_UInt32 dst_id;
55
56 /**
57 * PA-TNC message type
58 */
59 pen_type_t msg_type;
60
61 /**
62 * List of PA-TNC attributes to be sent
63 */
64 linked_list_t *attr_list;
65
66 /**
67 * PA-TNC message
68 */
69 pa_tnc_msg_t *pa_msg;
70
71 /**
72 * Assigned IMC agent
73 */
74 imc_agent_t *agent;
75
76 /**
77 * Assigned IMC state
78 */
79 imc_state_t *state;
80 };
81
82 METHOD(imc_msg_t, get_src_id, TNC_UInt32,
83 private_imc_msg_t *this)
84 {
85 return this->src_id;
86 }
87
88 METHOD(imc_msg_t, get_dst_id, TNC_UInt32,
89 private_imc_msg_t *this)
90 {
91 return this->dst_id;
92 }
93
94 METHOD(imc_msg_t, get_msg_type, pen_type_t,
95 private_imc_msg_t *this)
96 {
97 return this->msg_type;
98 }
99
100 METHOD(imc_msg_t, send_, TNC_Result,
101 private_imc_msg_t *this, bool excl)
102 {
103 pa_tnc_msg_t *pa_tnc_msg;
104 pa_tnc_attr_t *attr;
105 TNC_UInt32 msg_flags;
106 TNC_MessageType msg_type;
107 bool attr_added;
108 chunk_t msg;
109 enumerator_t *enumerator;
110 TNC_Result result = TNC_RESULT_SUCCESS;
111
112 while (this->attr_list->get_count(this->attr_list))
113 {
114 pa_tnc_msg = pa_tnc_msg_create(this->state->get_max_msg_len(this->state));
115 attr_added = FALSE;
116
117 enumerator = this->attr_list->create_enumerator(this->attr_list);
118 while (enumerator->enumerate(enumerator, &attr))
119 {
120 if (pa_tnc_msg->add_attribute(pa_tnc_msg, attr))
121 {
122 attr_added = TRUE;
123 }
124 else
125 {
126 if (attr_added)
127 {
128 break;
129 }
130 else
131 {
132 DBG1(DBG_IMC, "PA-TNC attribute too large to send, deleted");
133 attr->destroy(attr);
134 }
135 }
136 this->attr_list->remove_at(this->attr_list, enumerator);
137 }
138 enumerator->destroy(enumerator);
139
140 /* build and send the PA-TNC message via the IF-IMC interface */
141 if (!pa_tnc_msg->build(pa_tnc_msg))
142 {
143 pa_tnc_msg->destroy(pa_tnc_msg);
144 return TNC_RESULT_FATAL;
145 }
146 msg = pa_tnc_msg->get_encoding(pa_tnc_msg);
147 DBG3(DBG_IMC, "created PA-TNC message: %B", &msg);
148
149 if (this->state->has_long(this->state) && this->agent->send_message_long)
150 {
151 excl = excl && this->state->has_excl(this->state) &&
152 this->dst_id != TNC_IMVID_ANY;
153 msg_flags = excl ? TNC_MESSAGE_FLAGS_EXCLUSIVE : 0;
154 result = this->agent->send_message_long(this->src_id,
155 this->connection_id, msg_flags, msg.ptr, msg.len,
156 this->msg_type.vendor_id, this->msg_type.type,
157 this->dst_id);
158 }
159 else if (this->agent->send_message)
160 {
161 msg_type = (this->msg_type.vendor_id << 8) |
162 (this->msg_type.type & 0x000000ff);
163 result = this->agent->send_message(this->src_id, this->connection_id,
164 msg.ptr, msg.len, msg_type);
165 }
166
167 pa_tnc_msg->destroy(pa_tnc_msg);
168
169 if (result != TNC_RESULT_SUCCESS)
170 {
171 break;
172 }
173 }
174 return result;
175 }
176
177 /**
178 * Print a clearly visible assessment header to the log
179 */
180 static void print_assessment_header(const char *name, TNC_UInt32 dst_id,
181 TNC_UInt32 src_id, bool *first)
182 {
183 if (*first)
184 {
185 if (src_id == TNC_IMCID_ANY)
186 {
187 DBG1(DBG_IMC, "***** assessment of IMC %u \"%s\" *****",
188 dst_id, name);
189 }
190 else
191 {
192 DBG1(DBG_IMC, "***** assessment of IMC %u \"%s\" from IMV %u *****",
193 dst_id, name, src_id);
194 }
195 *first = FALSE;
196 }
197 }
198
199 /**
200 * Print a clearly visible assessment trailer to the log
201 */
202 static void print_assessment_trailer(bool first)
203 {
204 if (!first)
205 {
206 DBG1(DBG_IMC, "***** end of assessment *****");
207 }
208 }
209
210 METHOD(imc_msg_t, receive, TNC_Result,
211 private_imc_msg_t *this, bool *fatal_error)
212 {
213 TNC_UInt32 target_imc_id;
214 enumerator_t *enumerator;
215 pa_tnc_attr_t *attr;
216 pen_type_t attr_type;
217 chunk_t msg;
218 bool first = TRUE;
219
220 if (this->state->has_long(this->state))
221 {
222 if (this->dst_id != TNC_IMCID_ANY)
223 {
224 DBG2(DBG_IMC, "IMC %u \"%s\" received message for Connection ID %u "
225 "from IMV %u to IMC %u",
226 this->agent->get_id(this->agent),
227 this->agent->get_name(this->agent),
228 this->connection_id, this->src_id, this->dst_id);
229 }
230 else
231 {
232 DBG2(DBG_IMC, "IMC %u \"%s\" received message for Connection ID %u "
233 "from IMV %u", this->agent->get_id(this->agent),
234 this->agent->get_name(this->agent),
235 this->connection_id, this->src_id);
236 }
237 }
238 else
239 {
240 DBG2(DBG_IMC, "IMC %u \"%s\" received message for Connection ID %u",
241 this->agent->get_id(this->agent),
242 this->agent->get_name(this->agent),
243 this->connection_id);
244 }
245 msg = this->pa_msg->get_encoding(this->pa_msg);
246 DBG3(DBG_IMC, "%B", &msg);
247
248 switch (this->pa_msg->process(this->pa_msg))
249 {
250 case SUCCESS:
251 break;
252 case VERIFY_ERROR:
253 {
254 imc_msg_t *error_msg;
255 TNC_Result result;
256
257 error_msg = imc_msg_create_as_reply(&this->public);
258
259 /* extract and copy by reference all error attributes */
260 enumerator = this->pa_msg->create_error_enumerator(this->pa_msg);
261 while (enumerator->enumerate(enumerator, &attr))
262 {
263 error_msg->add_attribute(error_msg, attr->get_ref(attr));
264 }
265 enumerator->destroy(enumerator);
266
267 /*
268 * send the PA-TNC message containing all error attributes
269 * with the excl flag set
270 */
271 result = error_msg->send(error_msg, TRUE);
272 error_msg->destroy(error_msg);
273 return result;
274 }
275 case FAILED:
276 default:
277 return TNC_RESULT_FATAL;
278 }
279
280 /* determine target IMC ID */
281 target_imc_id = (this->dst_id != TNC_IMCID_ANY) ?
282 this->dst_id : this->agent->get_id(this->agent);
283
284 /* preprocess any received IETF standard error attributes */
285 *fatal_error = this->pa_msg->process_ietf_std_errors(this->pa_msg);
286
287 /* preprocess any received IETF assessment result attribute */
288 enumerator = this->pa_msg->create_attribute_enumerator(this->pa_msg);
289 while (enumerator->enumerate(enumerator, &attr))
290 {
291 attr_type = attr->get_type(attr);
292
293 if (attr_type.vendor_id != PEN_IETF)
294 {
295 continue;
296 }
297 if (attr_type.type == IETF_ATTR_ASSESSMENT_RESULT)
298 {
299 ietf_attr_assess_result_t *attr_cast;
300 TNC_IMV_Evaluation_Result result;
301
302 attr_cast = (ietf_attr_assess_result_t*)attr;
303 result = attr_cast->get_result(attr_cast);
304 this->state->set_result(this->state, target_imc_id, result);
305
306 print_assessment_header(this->agent->get_name(this->agent),
307 target_imc_id, this->src_id, &first);
308 DBG1(DBG_IMC, "assessment result is '%N'",
309 TNC_IMV_Evaluation_Result_names, result);
310 }
311 else if (attr_type.type == IETF_ATTR_REMEDIATION_INSTRUCTIONS)
312 {
313 ietf_attr_remediation_instr_t *attr_cast;
314 pen_type_t parameters_type;
315 chunk_t parameters, string, lang_code;
316
317 attr_cast = (ietf_attr_remediation_instr_t*)attr;
318 parameters_type = attr_cast->get_parameters_type(attr_cast);
319 parameters = attr_cast->get_parameters(attr_cast);
320
321 print_assessment_header(this->agent->get_name(this->agent),
322 target_imc_id, this->src_id, &first);
323 if (parameters_type.vendor_id == PEN_IETF)
324 {
325 switch (parameters_type.type)
326 {
327 case IETF_REMEDIATION_PARAMETERS_URI:
328 DBG1(DBG_IMC, "remediation uri: %.*s",
329 parameters.len, parameters.ptr);
330 break;
331 case IETF_REMEDIATION_PARAMETERS_STRING:
332 string = attr_cast->get_string(attr_cast, &lang_code);
333 DBG1(DBG_IMC, "remediation string: [%.*s]\n%.*s",
334 lang_code.len, lang_code.ptr,
335 string.len, string.ptr);
336 break;
337 default:
338 DBG1(DBG_IMC, "remediation parameters: %B", &parameters);
339 }
340 }
341 else
342 {
343 DBG1(DBG_IMC, "remediation parameters: %B", &parameters);
344 }
345 }
346 }
347 enumerator->destroy(enumerator);
348
349 print_assessment_trailer(first);
350
351 return TNC_RESULT_SUCCESS;
352 }
353
354 METHOD(imc_msg_t, add_attribute, void,
355 private_imc_msg_t *this, pa_tnc_attr_t *attr)
356 {
357 this->attr_list->insert_last(this->attr_list, attr);
358 }
359
360 METHOD(imc_msg_t, create_attribute_enumerator, enumerator_t*,
361 private_imc_msg_t *this)
362 {
363 return this->pa_msg->create_attribute_enumerator(this->pa_msg);
364 }
365
366 METHOD(imc_msg_t, get_encoding, chunk_t,
367 private_imc_msg_t *this)
368 {
369 if (this->pa_msg)
370 {
371 return this->pa_msg->get_encoding(this->pa_msg);
372 }
373 return chunk_empty;
374 }
375
376 METHOD(imc_msg_t, destroy, void,
377 private_imc_msg_t *this)
378 {
379 this->attr_list->destroy_offset(this->attr_list,
380 offsetof(pa_tnc_attr_t, destroy));
381 DESTROY_IF(this->pa_msg);
382 free(this);
383 }
384
385 /**
386 * See header
387 */
388 imc_msg_t *imc_msg_create(imc_agent_t *agent, imc_state_t *state,
389 TNC_ConnectionID connection_id,
390 TNC_UInt32 src_id, TNC_UInt32 dst_id,
391 pen_type_t msg_type)
392 {
393 private_imc_msg_t *this;
394
395 INIT(this,
396 .public = {
397 .get_src_id = _get_src_id,
398 .get_dst_id = _get_dst_id,
399 .get_msg_type = _get_msg_type,
400 .send = _send_,
401 .receive = _receive,
402 .add_attribute = _add_attribute,
403 .create_attribute_enumerator = _create_attribute_enumerator,
404 .get_encoding = _get_encoding,
405 .destroy = _destroy,
406 },
407 .connection_id = connection_id,
408 .src_id = src_id,
409 .dst_id = dst_id,
410 .msg_type = msg_type,
411 .attr_list = linked_list_create(),
412 .agent = agent,
413 .state = state,
414 );
415
416 return &this->public;
417 }
418
419 /**
420 * See header
421 */
422 imc_msg_t* imc_msg_create_as_reply(imc_msg_t *msg)
423 {
424 private_imc_msg_t *in;
425 TNC_UInt32 src_id;
426
427 in = (private_imc_msg_t*)msg;
428 src_id = (in->dst_id != TNC_IMCID_ANY) ?
429 in->dst_id : in->agent->get_id(in->agent);
430
431 return imc_msg_create(in->agent, in->state, in->connection_id, src_id,
432 in->src_id, in->msg_type);
433 }
434
435 /**
436 * See header
437 */
438 imc_msg_t *imc_msg_create_from_data(imc_agent_t *agent, imc_state_t *state,
439 TNC_ConnectionID connection_id,
440 TNC_MessageType msg_type,
441 chunk_t msg)
442 {
443 TNC_VendorID msg_vid;
444 TNC_MessageSubtype msg_subtype;
445
446 msg_vid = msg_type >> 8;
447 msg_subtype = msg_type & TNC_SUBTYPE_ANY;
448
449 return imc_msg_create_from_long_data(agent, state, connection_id,
450 TNC_IMVID_ANY, agent->get_id(agent),
451 msg_vid, msg_subtype, msg);
452 }
453
454 /**
455 * See header
456 */
457 imc_msg_t *imc_msg_create_from_long_data(imc_agent_t *agent, imc_state_t *state,
458 TNC_ConnectionID connection_id,
459 TNC_UInt32 src_id,
460 TNC_UInt32 dst_id,
461 TNC_VendorID msg_vid,
462 TNC_MessageSubtype msg_subtype,
463 chunk_t msg)
464 {
465 private_imc_msg_t *this;
466
467 this = (private_imc_msg_t*)imc_msg_create(agent, state,
468 connection_id, src_id, dst_id,
469 pen_type_create(msg_vid, msg_subtype));
470 this->pa_msg = pa_tnc_msg_create_from_data(msg);
471
472 return &this->public;
473 }