projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
refactored reason string and remediation instructions framework
[strongswan.git] / src / libimcv / imc / imc_msg.c
1 /*
2 * Copyright (C) 2012 Andreas Steffen
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "imc_msg.h"
17
18 #include "ietf/ietf_attr.h"
19 #include "ietf/ietf_attr_assess_result.h"
20 #include "ietf/ietf_attr_remediation_instr.h"
21
22 #include <tncif_names.h>
23
24 #include <pen/pen.h>
25 #include <collections/linked_list.h>
26 #include <utils/debug.h>
27
28 typedef struct private_imc_msg_t private_imc_msg_t;
29
30 /**
31 * Private data of a imc_msg_t object.
32 *
33 */
34 struct private_imc_msg_t {
35
36 /**
37 * Public imc_msg_t interface.
38 */
39 imc_msg_t public;
40
41 /**
42 * Connection ID
43 */
44 TNC_ConnectionID connection_id;
45
46 /**
47 * source ID
48 */
49 TNC_UInt32 src_id;
50
51 /**
52 * destination ID
53 */
54 TNC_UInt32 dst_id;
55
56 /**
57 * PA-TNC message type
58 */
59 pen_type_t msg_type;
60
61 /**
62 * List of PA-TNC attributes to be sent
63 */
64 linked_list_t *attr_list;
65
66 /**
67 * PA-TNC message
68 */
69 pa_tnc_msg_t *pa_msg;
70
71 /**
72 * Assigned IMC agent
73 */
74 imc_agent_t *agent;
75
76 /**
77 * Assigned IMC state
78 */
79 imc_state_t *state;
80 };
81
82 METHOD(imc_msg_t, get_src_id, TNC_UInt32,
83 private_imc_msg_t *this)
84 {
85 return this->src_id;
86 }
87
88 METHOD(imc_msg_t, get_dst_id, TNC_UInt32,
89 private_imc_msg_t *this)
90 {
91 return this->dst_id;
92 }
93
94 METHOD(imc_msg_t, send_, TNC_Result,
95 private_imc_msg_t *this, bool excl)
96 {
97 pa_tnc_msg_t *pa_tnc_msg;
98 pa_tnc_attr_t *attr;
99 TNC_UInt32 msg_flags;
100 TNC_MessageType msg_type;
101 bool attr_added;
102 chunk_t msg;
103 enumerator_t *enumerator;
104 TNC_Result result = TNC_RESULT_SUCCESS;
105
106 while (this->attr_list->get_count(this->attr_list))
107 {
108 pa_tnc_msg = pa_tnc_msg_create(this->state->get_max_msg_len(this->state));
109 attr_added = FALSE;
110
111 enumerator = this->attr_list->create_enumerator(this->attr_list);
112 while (enumerator->enumerate(enumerator, &attr))
113 {
114 if (pa_tnc_msg->add_attribute(pa_tnc_msg, attr))
115 {
116 attr_added = TRUE;
117 }
118 else
119 {
120 if (attr_added)
121 {
122 break;
123 }
124 else
125 {
126 DBG1(DBG_IMC, "PA-TNC attribute too large to send, deleted");
127 attr->destroy(attr);
128 }
129 }
130 this->attr_list->remove_at(this->attr_list, enumerator);
131 }
132 enumerator->destroy(enumerator);
133
134 /* build and send the PA-TNC message via the IF-IMC interface */
135 if (!pa_tnc_msg->build(pa_tnc_msg))
136 {
137 pa_tnc_msg->destroy(pa_tnc_msg);
138 return TNC_RESULT_FATAL;
139 }
140 msg = pa_tnc_msg->get_encoding(pa_tnc_msg);
141 DBG3(DBG_IMC, "created PA-TNC message: %B", &msg);
142
143 if (this->state->has_long(this->state) && this->agent->send_message_long)
144 {
145 excl = excl && this->state->has_excl(this->state) &&
146 this->dst_id != TNC_IMVID_ANY;
147 msg_flags = excl ? TNC_MESSAGE_FLAGS_EXCLUSIVE : 0;
148 result = this->agent->send_message_long(this->src_id,
149 this->connection_id, msg_flags, msg.ptr, msg.len,
150 this->msg_type.vendor_id, this->msg_type.type,
151 this->dst_id);
152 }
153 else if (this->agent->send_message)
154 {
155 msg_type = (this->msg_type.vendor_id << 8) |
156 (this->msg_type.type & 0x000000ff);
157 result = this->agent->send_message(this->src_id, this->connection_id,
158 msg.ptr, msg.len, msg_type);
159 }
160
161 pa_tnc_msg->destroy(pa_tnc_msg);
162
163 if (result != TNC_RESULT_SUCCESS)
164 {
165 break;
166 }
167 }
168 return result;
169 }
170
171 /**
172 * Print a clearly visible assessment header to the log
173 */
174 static void print_assessment_header(const char *name, TNC_UInt32 id, bool *first)
175 {
176 if (*first)
177 {
178 DBG1(DBG_IMC, "***** assessment of IMC %u \"%s\" *****", id, name);
179 *first = FALSE;
180 }
181 }
182
183 /**
184 * Print a clearly visible assessment trailer to the log
185 */
186 static void print_assessment_trailer(bool first)
187 {
188 if (!first)
189 {
190 DBG1(DBG_IMC, "***** end of assessment *****");
191 }
192 }
193
194 METHOD(imc_msg_t, receive, TNC_Result,
195 private_imc_msg_t *this, bool *fatal_error)
196 {
197 TNC_UInt32 target_imc_id;
198 enumerator_t *enumerator;
199 pa_tnc_attr_t *attr;
200 pen_type_t attr_type;
201 chunk_t msg;
202 bool first = TRUE;
203
204 if (this->state->has_long(this->state))
205 {
206 if (this->dst_id != TNC_IMCID_ANY)
207 {
208 DBG2(DBG_IMC, "IMC %u \"%s\" received message for Connection ID %u "
209 "from IMV %u to IMC %u",
210 this->agent->get_id(this->agent),
211 this->agent->get_name(this->agent),
212 this->connection_id, this->src_id, this->dst_id);
213 }
214 else
215 {
216 DBG2(DBG_IMC, "IMC %u \"%s\" received message for Connection ID %u "
217 "from IMV %u", this->agent->get_id(this->agent),
218 this->agent->get_name(this->agent),
219 this->connection_id, this->src_id);
220 }
221 }
222 else
223 {
224 DBG2(DBG_IMC, "IMC %u \"%s\" received message for Connection ID %u",
225 this->agent->get_id(this->agent),
226 this->agent->get_name(this->agent),
227 this->connection_id);
228 }
229 msg = this->pa_msg->get_encoding(this->pa_msg);
230 DBG3(DBG_IMC, "%B", &msg);
231
232 switch (this->pa_msg->process(this->pa_msg))
233 {
234 case SUCCESS:
235 break;
236 case VERIFY_ERROR:
237 {
238 imc_msg_t *error_msg;
239 TNC_Result result;
240
241 error_msg = imc_msg_create_as_reply(&this->public);
242
243 /* extract and copy by reference all error attributes */
244 enumerator = this->pa_msg->create_error_enumerator(this->pa_msg);
245 while (enumerator->enumerate(enumerator, &attr))
246 {
247 error_msg->add_attribute(error_msg, attr->get_ref(attr));
248 }
249 enumerator->destroy(enumerator);
250
251 /*
252 * send the PA-TNC message containing all error attributes
253 * with the excl flag set
254 */
255 result = error_msg->send(error_msg, TRUE);
256 error_msg->destroy(error_msg);
257 return result;
258 }
259 case FAILED:
260 default:
261 return TNC_RESULT_FATAL;
262 }
263
264 /* determine target IMC ID */
265 target_imc_id = (this->dst_id != TNC_IMCID_ANY) ?
266 this->dst_id : this->agent->get_id(this->agent);
267
268 /* preprocess any received IETF standard error attributes */
269 *fatal_error = this->pa_msg->process_ietf_std_errors(this->pa_msg);
270
271 /* preprocess any received IETF assessment result attribute */
272 enumerator = this->pa_msg->create_attribute_enumerator(this->pa_msg);
273 while (enumerator->enumerate(enumerator, &attr))
274 {
275 attr_type = attr->get_type(attr);
276
277 if (attr_type.vendor_id != PEN_IETF)
278 {
279 continue;
280 }
281 if (attr_type.type == IETF_ATTR_ASSESSMENT_RESULT)
282 {
283 ietf_attr_assess_result_t *attr_cast;
284 TNC_IMV_Evaluation_Result result;
285
286 attr_cast = (ietf_attr_assess_result_t*)attr;
287 result = attr_cast->get_result(attr_cast);
288 this->state->set_result(this->state, target_imc_id, result);
289
290 print_assessment_header(this->agent->get_name(this->agent),
291 target_imc_id, &first);
292 DBG1(DBG_IMC, "assessment result is '%N'",
293 TNC_IMV_Evaluation_Result_names, result);
294 }
295 else if (attr_type.type == IETF_ATTR_REMEDIATION_INSTRUCTIONS)
296 {
297 ietf_attr_remediation_instr_t *attr_cast;
298 pen_type_t parameters_type;
299 chunk_t parameters, string, lang_code;
300
301 attr_cast = (ietf_attr_remediation_instr_t*)attr;
302 parameters_type = attr_cast->get_parameters_type(attr_cast);
303 parameters = attr_cast->get_parameters(attr_cast);
304
305 print_assessment_header(this->agent->get_name(this->agent),
306 target_imc_id, &first);
307 if (parameters_type.vendor_id == PEN_IETF)
308 {
309 switch (parameters_type.type)
310 {
311 case IETF_REMEDIATION_PARAMETERS_URI:
312 DBG1(DBG_IMC, "remediation uri: %.*s",
313 parameters.len, parameters.ptr);
314 break;
315 case IETF_REMEDIATION_PARAMETERS_STRING:
316 string = attr_cast->get_string(attr_cast, &lang_code);
317 DBG1(DBG_IMC, "remediation string: [%.*s]\n%.*s",
318 lang_code.len, lang_code.ptr,
319 string.len, string.ptr);
320 break;
321 default:
322 DBG1(DBG_IMC, "remediation parameters: %B", &parameters);
323 }
324 }
325 else
326 {
327 DBG1(DBG_IMC, "remediation parameters: %B", &parameters);
328 }
329 }
330 }
331 enumerator->destroy(enumerator);
332
333 print_assessment_trailer(first);
334
335 return TNC_RESULT_SUCCESS;
336 }
337
338 METHOD(imc_msg_t, add_attribute, void,
339 private_imc_msg_t *this, pa_tnc_attr_t *attr)
340 {
341 this->attr_list->insert_last(this->attr_list, attr);
342 }
343
344 METHOD(imc_msg_t, create_attribute_enumerator, enumerator_t*,
345 private_imc_msg_t *this)
346 {
347 return this->pa_msg->create_attribute_enumerator(this->pa_msg);
348 }
349
350 METHOD(imc_msg_t, destroy, void,
351 private_imc_msg_t *this)
352 {
353 this->attr_list->destroy_offset(this->attr_list,
354 offsetof(pa_tnc_attr_t, destroy));
355 DESTROY_IF(this->pa_msg);
356 free(this);
357 }
358
359 /**
360 * See header
361 */
362 imc_msg_t *imc_msg_create(imc_agent_t *agent, imc_state_t *state,
363 TNC_ConnectionID connection_id,
364 TNC_UInt32 src_id, TNC_UInt32 dst_id,
365 pen_type_t msg_type)
366 {
367 private_imc_msg_t *this;
368
369 INIT(this,
370 .public = {
371 .get_src_id = _get_src_id,
372 .get_dst_id = _get_dst_id,
373 .send = _send_,
374 .receive = _receive,
375 .add_attribute = _add_attribute,
376 .create_attribute_enumerator = _create_attribute_enumerator,
377 .destroy = _destroy,
378 },
379 .connection_id = connection_id,
380 .src_id = src_id,
381 .dst_id = dst_id,
382 .msg_type = msg_type,
383 .attr_list = linked_list_create(),
384 .agent = agent,
385 .state = state,
386 );
387
388 return &this->public;
389 }
390
391 /**
392 * See header
393 */
394 imc_msg_t* imc_msg_create_as_reply(imc_msg_t *msg)
395 {
396 private_imc_msg_t *in;
397 TNC_UInt32 src_id;
398
399 in = (private_imc_msg_t*)msg;
400 src_id = (in->dst_id != TNC_IMCID_ANY) ?
401 in->dst_id : in->agent->get_id(in->agent);
402
403 return imc_msg_create(in->agent, in->state, in->connection_id, src_id,
404 in->src_id, in->msg_type);
405 }
406
407 /**
408 * See header
409 */
410 imc_msg_t *imc_msg_create_from_data(imc_agent_t *agent, imc_state_t *state,
411 TNC_ConnectionID connection_id,
412 TNC_MessageType msg_type,
413 chunk_t msg)
414 {
415 TNC_VendorID msg_vid;
416 TNC_MessageSubtype msg_subtype;
417
418 msg_vid = msg_type >> 8;
419 msg_subtype = msg_type & TNC_SUBTYPE_ANY;
420
421 return imc_msg_create_from_long_data(agent, state, connection_id,
422 TNC_IMVID_ANY, agent->get_id(agent),
423 msg_vid, msg_subtype, msg);
424 }
425
426 /**
427 * See header
428 */
429 imc_msg_t *imc_msg_create_from_long_data(imc_agent_t *agent, imc_state_t *state,
430 TNC_ConnectionID connection_id,
431 TNC_UInt32 src_id,
432 TNC_UInt32 dst_id,
433 TNC_VendorID msg_vid,
434 TNC_MessageSubtype msg_subtype,
435 chunk_t msg)
436 {
437 private_imc_msg_t *this;
438
439 INIT(this,
440 .public = {
441 .get_src_id = _get_src_id,
442 .get_dst_id = _get_dst_id,
443 .send = _send_,
444 .receive = _receive,
445 .add_attribute = _add_attribute,
446 .create_attribute_enumerator = _create_attribute_enumerator,
447 .destroy = _destroy,
448 },
449 .connection_id = connection_id,
450 .src_id = src_id,
451 .dst_id = dst_id,
452 .msg_type = pen_type_create(msg_vid, msg_subtype),
453 .attr_list = linked_list_create(),
454 .pa_msg = pa_tnc_msg_create_from_data(msg),
455 .agent = agent,
456 .state = state,
457 );
458
459 return &this->public;
460 }
461
strongSwan - IPsec VPN