projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
implemented ReportMessageTypesLong
[strongswan.git] / src / libimcv / imv / imv_agent.c
1 /*
2 * Copyright (C) 2011 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
3 *
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License as published by the
6 * Free Software Foundation; either version 2 of the License, or (at your
7 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * for more details.
13 */
14
15 #include "imcv.h"
16 #include "imv_agent.h"
17
18 #include <tncif_names.h>
19
20 #include <debug.h>
21 #include <utils/linked_list.h>
22 #include <threading/rwlock.h>
23
24 typedef struct private_imv_agent_t private_imv_agent_t;
25
26 /**
27 * Private data of an imv_agent_t object.
28 */
29 struct private_imv_agent_t {
30
31 /**
32 * Public members of imv_agent_t
33 */
34 imv_agent_t public;
35
36 /**
37 * name of IMV
38 */
39 const char *name;
40
41 /**
42 * message vendor ID of IMV
43 */
44 TNC_VendorID vendor_id;
45
46 /**
47 * message subtype of IMV
48 */
49 TNC_MessageSubtype subtype;
50
51 /**
52 * ID of IMV as assigned by TNCS
53 */
54 TNC_IMVID id;
55
56 /**
57 * list of TNCS connection entries
58 */
59 linked_list_t *connections;
60
61 /**
62 * rwlock to lock TNCS connection entries
63 */
64 rwlock_t *connection_lock;
65
66 /**
67 * Inform a TNCS about the set of message types the IMV is able to receive
68 *
69 * @param imv_id IMV ID assigned by TNCS
70 * @param supported_types list of supported message types
71 * @param type_count number of list elements
72 * @return TNC result code
73 */
74 TNC_Result (*report_message_types)(TNC_IMVID imv_id,
75 TNC_MessageTypeList supported_types,
76 TNC_UInt32 type_count);
77
78 /**
79 * Inform a TNCS about the set of message types the IMV is able to receive
80 *
81 * @param imv_id IMV ID assigned by TNCS
82 * @param supported_vids list of supported message vendor IDs
83 * @param supported_subtypes list of supported message subtypes
84 * @param type_count number of list elements
85 * @return TNC result code
86 */
87 TNC_Result (*report_message_types_long)(TNC_IMVID imv_id,
88 TNC_VendorIDList supported_vids,
89 TNC_MessageSubtypeList supported_subtypes,
90 TNC_UInt32 type_count);
91
92 /**
93 * Call when an IMV-IMC message is to be sent
94 *
95 * @param imv_id IMV ID assigned by TNCS
96 * @param connection_id network connection ID assigned by TNCS
97 * @param msg message to send
98 * @param msg_len message length in bytes
99 * @param msg_type message type
100 * @return TNC result code
101 */
102 TNC_Result (*send_message)(TNC_IMVID imv_id,
103 TNC_ConnectionID connection_id,
104 TNC_BufferReference msg,
105 TNC_UInt32 msg_len,
106 TNC_MessageType msg_type);
107
108 /**
109 * Deliver IMV Action Recommendation and IMV Evaluation Results to the TNCS
110 *
111 * @param imv_id IMV ID assigned by TNCS
112 # @param connection_id network connection ID assigned by TNCS
113 * @param rec IMV action recommendation
114 * @param eval IMV evaluation result
115 * @return TNC result code
116 */
117 TNC_Result (*provide_recommendation)(TNC_IMVID imv_id,
118 TNC_ConnectionID connection_id,
119 TNC_IMV_Action_Recommendation rec,
120 TNC_IMV_Evaluation_Result eval);
121
122 /**
123 * Get the value of an attribute associated with a connection
124 * or with the TNCS as a whole.
125 *
126 * @param imv_id IMV ID assigned by TNCS
127 * @param connection_id network connection ID assigned by TNCS
128 * @param attribute_id attribute ID
129 * @param buffer_len length of buffer in bytes
130 * @param buffer buffer
131 * @param out_value_len size in bytes of attribute stored in buffer
132 * @return TNC result code
133 */
134 TNC_Result (*get_attribute)(TNC_IMVID imv_id,
135 TNC_ConnectionID connection_id,
136 TNC_AttributeID attribute_id,
137 TNC_UInt32 buffer_len,
138 TNC_BufferReference buffer,
139 TNC_UInt32 *out_value_len);
140
141 /**
142 * Set the value of an attribute associated with a connection
143 * or with the TNCS as a whole.
144 *
145 * @param imv_id IMV ID assigned by TNCS
146 * @param connection_id network connection ID assigned by TNCS
147 * @param attribute_id attribute ID
148 * @param buffer_len length of buffer in bytes
149 * @param buffer buffer
150 * @return TNC result code
151 */
152 TNC_Result (*set_attribute)(TNC_IMVID imv_id,
153 TNC_ConnectionID connection_id,
154 TNC_AttributeID attribute_id,
155 TNC_UInt32 buffer_len,
156 TNC_BufferReference buffer);
157 };
158
159 METHOD(imv_agent_t, bind_functions, TNC_Result,
160 private_imv_agent_t *this, TNC_TNCS_BindFunctionPointer bind_function)
161 {
162 if (!bind_function)
163 {
164 DBG1(DBG_IMV, "TNC server failed to provide bind function");
165 return TNC_RESULT_INVALID_PARAMETER;
166 }
167 if (bind_function(this->id, "TNC_TNCS_ReportMessageTypes",
168 (void**)&this->report_message_types) != TNC_RESULT_SUCCESS)
169 {
170 this->report_message_types = NULL;
171 }
172 if (bind_function(this->id, "TNC_TNCS_ReportMessageTypesLong",
173 (void**)&this->report_message_types_long) != TNC_RESULT_SUCCESS)
174 {
175 this->report_message_types_long = NULL;
176 }
177 if (bind_function(this->id, "TNC_TNCS_RequestHandshakeRetry",
178 (void**)&this->public.request_handshake_retry) != TNC_RESULT_SUCCESS)
179 {
180 this->public.request_handshake_retry = NULL;
181 }
182 if (bind_function(this->id, "TNC_TNCS_SendMessage",
183 (void**)&this->send_message) != TNC_RESULT_SUCCESS)
184 {
185 this->send_message = NULL;
186 }
187 if (bind_function(this->id, "TNC_TNCS_ProvideRecommendation",
188 (void**)&this->provide_recommendation) != TNC_RESULT_SUCCESS)
189 {
190 this->provide_recommendation = NULL;
191 }
192 if (bind_function(this->id, "TNC_TNCS_GetAttribute",
193 (void**)&this->get_attribute) != TNC_RESULT_SUCCESS)
194 {
195 this->get_attribute = NULL;
196 }
197 if (bind_function(this->id, "TNC_TNCS_SetAttribute",
198 (void**)&this->set_attribute) != TNC_RESULT_SUCCESS)
199 {
200 this->set_attribute = NULL;
201 }
202 DBG2(DBG_IMV, "IMV %u \"%s\" provided with bind function",
203 this->id, this->name);
204
205 if (this->report_message_types_long)
206 {
207 this->report_message_types_long(this->id, &this->vendor_id,
208 &this->subtype, 1);
209 }
210 else if (this->report_message_types &&
211 this->vendor_id <= TNC_VENDORID_ANY &&
212 this->subtype <= TNC_SUBTYPE_ANY)
213 {
214 TNC_MessageType type;
215
216 type = (this->vendor_id << 8) | this->subtype;
217 this->report_message_types(this->id, &type, 1);
218 }
219 return TNC_RESULT_SUCCESS;
220 }
221
222 /**
223 * finds a connection state based on its Connection ID
224 */
225 static imv_state_t* find_connection(private_imv_agent_t *this,
226 TNC_ConnectionID id)
227 {
228 enumerator_t *enumerator;
229 imv_state_t *state, *found = NULL;
230
231 this->connection_lock->read_lock(this->connection_lock);
232 enumerator = this->connections->create_enumerator(this->connections);
233 while (enumerator->enumerate(enumerator, &state))
234 {
235 if (id == state->get_connection_id(state))
236 {
237 found = state;
238 break;
239 }
240 }
241 enumerator->destroy(enumerator);
242 this->connection_lock->unlock(this->connection_lock);
243
244 return found;
245 }
246
247 /**
248 * delete a connection state with a given Connection ID
249 */
250 static bool delete_connection(private_imv_agent_t *this, TNC_ConnectionID id)
251 {
252 enumerator_t *enumerator;
253 imv_state_t *state;
254 bool found = FALSE;
255
256 this->connection_lock->write_lock(this->connection_lock);
257 enumerator = this->connections->create_enumerator(this->connections);
258 while (enumerator->enumerate(enumerator, &state))
259 {
260 if (id == state->get_connection_id(state))
261 {
262 found = TRUE;
263 state->destroy(state);
264 this->connections->remove_at(this->connections, enumerator);
265 break;
266 }
267 }
268 enumerator->destroy(enumerator);
269 this->connection_lock->unlock(this->connection_lock);
270
271 return found;
272 }
273
274 METHOD(imv_agent_t, create_state, TNC_Result,
275 private_imv_agent_t *this, imv_state_t *state)
276 {
277 TNC_ConnectionID connection_id;
278
279 connection_id = state->get_connection_id(state);
280 if (find_connection(this, connection_id))
281 {
282 DBG1(DBG_IMV, "IMV %u \"%s\" already created a state for Connection ID %u",
283 this->id, this->name, connection_id);
284 state->destroy(state);
285 return TNC_RESULT_OTHER;
286 }
287 this->connection_lock->write_lock(this->connection_lock);
288 this->connections->insert_last(this->connections, state);
289 this->connection_lock->unlock(this->connection_lock);
290 DBG2(DBG_IMV, "IMV %u \"%s\" created a state for Connection ID %u",
291 this->id, this->name, connection_id);
292 return TNC_RESULT_SUCCESS;
293 }
294
295 METHOD(imv_agent_t, delete_state, TNC_Result,
296 private_imv_agent_t *this, TNC_ConnectionID connection_id)
297 {
298 if (!delete_connection(this, connection_id))
299 {
300 DBG1(DBG_IMV, "IMV %u \"%s\" has no state for Connection ID %u",
301 this->id, this->name, connection_id);
302 return TNC_RESULT_FATAL;
303 }
304 DBG2(DBG_IMV, "IMV %u \"%s\" deleted the state of Connection ID %u",
305 this->id, this->name, connection_id);
306 return TNC_RESULT_SUCCESS;
307 }
308
309 METHOD(imv_agent_t, change_state, TNC_Result,
310 private_imv_agent_t *this, TNC_ConnectionID connection_id,
311 TNC_ConnectionState new_state,
312 imv_state_t **state_p)
313 {
314 imv_state_t *state;
315
316 switch (new_state)
317 {
318 case TNC_CONNECTION_STATE_HANDSHAKE:
319 case TNC_CONNECTION_STATE_ACCESS_ALLOWED:
320 case TNC_CONNECTION_STATE_ACCESS_ISOLATED:
321 case TNC_CONNECTION_STATE_ACCESS_NONE:
322 state = find_connection(this, connection_id);
323 if (!state)
324 {
325 DBG1(DBG_IMV, "IMV %u \"%s\" has no state for Connection ID %u",
326 this->id, this->name, connection_id);
327 return TNC_RESULT_FATAL;
328 }
329 state->change_state(state, new_state);
330 DBG2(DBG_IMV, "IMV %u \"%s\" changed state of Connection ID %u to '%N'",
331 this->id, this->name, connection_id,
332 TNC_Connection_State_names, new_state);
333 if (state_p)
334 {
335 *state_p = state;
336 }
337 break;
338 case TNC_CONNECTION_STATE_CREATE:
339 DBG1(DBG_IMV, "state '%N' should be handled by create_state()",
340 TNC_Connection_State_names, new_state);
341 return TNC_RESULT_FATAL;
342 case TNC_CONNECTION_STATE_DELETE:
343 DBG1(DBG_IMV, "state '%N' should be handled by delete_state()",
344 TNC_Connection_State_names, new_state);
345 return TNC_RESULT_FATAL;
346 default:
347 DBG1(DBG_IMV, "IMV %u \"%s\" was notified of unknown state %u "
348 "for Connection ID %u",
349 this->id, this->name, new_state, connection_id);
350 return TNC_RESULT_INVALID_PARAMETER;
351 }
352 return TNC_RESULT_SUCCESS;
353 }
354
355 METHOD(imv_agent_t, get_state, bool,
356 private_imv_agent_t *this, TNC_ConnectionID connection_id,
357 imv_state_t **state)
358 {
359 *state = find_connection(this, connection_id);
360 if (!*state)
361 {
362 DBG1(DBG_IMV, "IMV %u \"%s\" has no state for Connection ID %u",
363 this->id, this->name, connection_id);
364 return FALSE;
365 }
366 return TRUE;
367 }
368
369 METHOD(imv_agent_t, send_message, TNC_Result,
370 private_imv_agent_t *this, TNC_ConnectionID connection_id, chunk_t msg)
371 {
372 TNC_MessageType type;
373
374 if (!this->send_message)
375 {
376 return TNC_RESULT_FATAL;
377 }
378 type = (this->vendor_id << 8) | this->subtype;
379 return this->send_message(this->id, connection_id, msg.ptr, msg.len, type);
380 }
381
382 METHOD(imv_agent_t, set_recommendation, TNC_Result,
383 private_imv_agent_t *this, TNC_ConnectionID connection_id,
384 TNC_IMV_Action_Recommendation rec,
385 TNC_IMV_Evaluation_Result eval)
386 {
387 imv_state_t *state;
388
389 state = find_connection(this, connection_id);
390 if (!state)
391 {
392 DBG1(DBG_IMV, "IMV %u \"%s\" has no state for Connection ID %u",
393 this->id, this->name, connection_id);
394 return TNC_RESULT_FATAL;
395 }
396
397 state->set_recommendation(state, rec, eval);
398 return this->provide_recommendation(this->id, connection_id, rec, eval);
399 }
400
401 METHOD(imv_agent_t, receive_message, TNC_Result,
402 private_imv_agent_t *this, TNC_ConnectionID connection_id, chunk_t msg,
403 TNC_MessageType msg_type, pa_tnc_msg_t **pa_tnc_msg)
404 {
405 pa_tnc_msg_t *pa_msg, *error_msg;
406 pa_tnc_attr_t *error_attr;
407 enumerator_t *enumerator;
408 TNC_Result result;
409
410 DBG2(DBG_IMV, "IMV %u \"%s\" received message type 0x%08x for Connection ID %u",
411 this->id, this->name, msg_type, connection_id);
412
413 *pa_tnc_msg = NULL;
414 pa_msg = pa_tnc_msg_create_from_data(msg);
415
416 switch (pa_msg->process(pa_msg))
417 {
418 case SUCCESS:
419 *pa_tnc_msg = pa_msg;
420 break;
421 case VERIFY_ERROR:
422 if (!this->send_message)
423 {
424 /* TNCS doen't have a SendMessage() function */
425 return TNC_RESULT_FATAL;
426 }
427
428 /* build error message */
429 error_msg = pa_tnc_msg_create();
430 enumerator = pa_msg->create_error_enumerator(pa_msg);
431 while (enumerator->enumerate(enumerator, &error_attr))
432 {
433 error_msg->add_attribute(error_msg,
434 error_attr->get_ref(error_attr));
435 }
436 enumerator->destroy(enumerator);
437 error_msg->build(error_msg);
438
439 /* send error message */
440 msg = error_msg->get_encoding(error_msg);
441 result = this->send_message(this->id, connection_id,
442 msg.ptr, msg.len, msg_type);
443
444 /* clean up */
445 error_msg->destroy(error_msg);
446 pa_msg->destroy(pa_msg);
447 return result;
448 case FAILED:
449 default:
450 pa_msg->destroy(pa_msg);
451 return set_recommendation(this, connection_id,
452 TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
453 TNC_IMV_EVALUATION_RESULT_ERROR);
454 }
455 return TNC_RESULT_SUCCESS;
456 }
457
458 METHOD(imv_agent_t, provide_recommendation, TNC_Result,
459 private_imv_agent_t *this, TNC_ConnectionID connection_id)
460 {
461 imv_state_t *state;
462 TNC_IMV_Action_Recommendation rec;
463 TNC_IMV_Evaluation_Result eval;
464 TNC_UInt32 lang_len;
465 char buf[BUF_LEN];
466 chunk_t pref_lang = { buf, 0 }, reason_string, reason_lang;
467
468 state = find_connection(this, connection_id);
469 if (!state)
470 {
471 DBG1(DBG_IMV, "IMV %u \"%s\" has no state for Connection ID %u",
472 this->id, this->name, connection_id);
473 return TNC_RESULT_FATAL;
474 }
475 state->get_recommendation(state, &rec, &eval);
476
477
478 /* send a reason string if action recommendation is not allow */
479 if (rec != TNC_IMV_ACTION_RECOMMENDATION_ALLOW)
480 {
481 /* check if there a preferred language has been requested */
482 if (this->get_attribute &&
483 this->get_attribute(this->id, connection_id,
484 TNC_ATTRIBUTEID_PREFERRED_LANGUAGE, BUF_LEN,
485 buf, &lang_len) == TNC_RESULT_SUCCESS &&
486 lang_len <= BUF_LEN)
487 {
488 pref_lang.len = lang_len;
489 DBG2(DBG_IMV, "preferred language is '%.*s'",
490 pref_lang.len, pref_lang.ptr);
491 }
492
493 /* find a reason string for the preferred or default language and set it */
494 if (this->set_attribute &&
495 state->get_reason_string(state, pref_lang, &reason_string,
496 &reason_lang))
497 {
498 this->set_attribute(this->id, connection_id,
499 TNC_ATTRIBUTEID_REASON_STRING,
500 reason_string.len, reason_string.ptr);
501 this->set_attribute(this->id, connection_id,
502 TNC_ATTRIBUTEID_REASON_LANGUAGE,
503 reason_lang.len, reason_lang.ptr);
504 }
505 }
506
507 return this->provide_recommendation(this->id, connection_id, rec, eval);
508 }
509
510 METHOD(imv_agent_t, destroy, void,
511 private_imv_agent_t *this)
512 {
513 DBG1(DBG_IMV, "IMV %u \"%s\" terminated", this->id, this->name);
514 this->connections->destroy_offset(this->connections,
515 offsetof(imv_state_t, destroy));
516 this->connection_lock->destroy(this->connection_lock);
517 free(this);
518
519 /* decrease the reference count or terminate */
520 libimcv_deinit();
521 }
522
523 /**
524 * Described in header.
525 */
526 imv_agent_t *imv_agent_create(const char *name,
527 pen_t vendor_id, u_int32_t subtype,
528 TNC_IMVID id, TNC_Version *actual_version)
529 {
530 private_imv_agent_t *this;
531
532 /* initialize or increase the reference count */
533 if (!libimcv_init())
534 {
535 return NULL;
536 }
537
538 INIT(this,
539 .public = {
540 .bind_functions = _bind_functions,
541 .create_state = _create_state,
542 .delete_state = _delete_state,
543 .change_state = _change_state,
544 .get_state = _get_state,
545 .send_message = _send_message,
546 .receive_message = _receive_message,
547 .set_recommendation = _set_recommendation,
548 .provide_recommendation = _provide_recommendation,
549 .destroy = _destroy,
550 },
551 .name = name,
552 .vendor_id = vendor_id,
553 .subtype = subtype,
554 .id = id,
555 .connections = linked_list_create(),
556 .connection_lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
557 );
558
559 *actual_version = TNC_IFIMV_VERSION_1;
560 DBG1(DBG_IMV, "IMV %u \"%s\" initialized", this->id, this->name);
561
562 return &this->public;
563 }
564
565
strongSwan - IPsec VPN