updated Copyright info
[strongswan.git] / src / libimcv / imv / imv_agent.c
1 /*
2 * Copyright (C) 2011-2012 Andreas Steffen
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "imcv.h"
17 #include "imv_agent.h"
18
19 #include <tncif_names.h>
20
21 #include <debug.h>
22 #include <threading/rwlock.h>
23
24 typedef struct private_imv_agent_t private_imv_agent_t;
25
26 /**
27 * Private data of an imv_agent_t object.
28 */
29 struct private_imv_agent_t {
30
31 /**
32 * Public members of imv_agent_t
33 */
34 imv_agent_t public;
35
36 /**
37 * name of IMV
38 */
39 const char *name;
40
41 /**
42 * message vendor ID of IMV
43 */
44 TNC_VendorID vendor_id;
45
46 /**
47 * message subtype of IMV
48 */
49 TNC_MessageSubtype subtype;
50
51 /**
52 * Maximum PA-TNC Message size
53 */
54 size_t max_msg_len;
55
56 /**
57 * ID of IMV as assigned by TNCS
58 */
59 TNC_IMVID id;
60
61 /**
62 * List of additional IMV IDs assigned by TNCS
63 */
64 linked_list_t *additional_ids;
65
66 /**
67 * list of TNCS connection entries
68 */
69 linked_list_t *connections;
70
71 /**
72 * rwlock to lock TNCS connection entries
73 */
74 rwlock_t *connection_lock;
75
76 /**
77 * Inform a TNCS about the set of message types the IMV is able to receive
78 *
79 * @param imv_id IMV ID assigned by TNCS
80 * @param supported_types list of supported message types
81 * @param type_count number of list elements
82 * @return TNC result code
83 */
84 TNC_Result (*report_message_types)(TNC_IMVID imv_id,
85 TNC_MessageTypeList supported_types,
86 TNC_UInt32 type_count);
87
88 /**
89 * Inform a TNCS about the set of message types the IMV is able to receive
90 *
91 * @param imv_id IMV ID assigned by TNCS
92 * @param supported_vids list of supported message vendor IDs
93 * @param supported_subtypes list of supported message subtypes
94 * @param type_count number of list elements
95 * @return TNC result code
96 */
97 TNC_Result (*report_message_types_long)(TNC_IMVID imv_id,
98 TNC_VendorIDList supported_vids,
99 TNC_MessageSubtypeList supported_subtypes,
100 TNC_UInt32 type_count);
101
102 /**
103 * Call when an IMV-IMC message is to be sent
104 *
105 * @param imv_id IMV ID assigned by TNCS
106 * @param connection_id network connection ID assigned by TNCS
107 * @param msg message to send
108 * @param msg_len message length in bytes
109 * @param msg_type message type
110 * @return TNC result code
111 */
112 TNC_Result (*send_message)(TNC_IMVID imv_id,
113 TNC_ConnectionID connection_id,
114 TNC_BufferReference msg,
115 TNC_UInt32 msg_len,
116 TNC_MessageType msg_type);
117
118 /**
119 * Call when an IMV-IMC message is to be sent with long message types
120 *
121 * @param imv_id IMV ID assigned by TNCS
122 * @param connection_id network connection ID assigned by TNCS
123 * @param msg_flags message flags
124 * @param msg message to send
125 * @param msg_len message length in bytes
126 * @param msg_vid message vendor ID
127 * @param msg_subtype message subtype
128 * @param dst_imc_id destination IMC ID
129 * @return TNC result code
130 */
131 TNC_Result (*send_message_long)(TNC_IMVID imv_id,
132 TNC_ConnectionID connection_id,
133 TNC_UInt32 msg_flags,
134 TNC_BufferReference msg,
135 TNC_UInt32 msg_len,
136 TNC_VendorID msg_vid,
137 TNC_MessageSubtype msg_subtype,
138 TNC_UInt32 dst_imc_id);
139
140 /**
141 * Deliver IMV Action Recommendation and IMV Evaluation Results to the TNCS
142 *
143 * @param imv_id IMV ID assigned by TNCS
144 # @param connection_id network connection ID assigned by TNCS
145 * @param rec IMV action recommendation
146 * @param eval IMV evaluation result
147 * @return TNC result code
148 */
149 TNC_Result (*provide_recommendation)(TNC_IMVID imv_id,
150 TNC_ConnectionID connection_id,
151 TNC_IMV_Action_Recommendation rec,
152 TNC_IMV_Evaluation_Result eval);
153
154 /**
155 * Get the value of an attribute associated with a connection
156 * or with the TNCS as a whole.
157 *
158 * @param imv_id IMV ID assigned by TNCS
159 * @param connection_id network connection ID assigned by TNCS
160 * @param attribute_id attribute ID
161 * @param buffer_len length of buffer in bytes
162 * @param buffer buffer
163 * @param out_value_len size in bytes of attribute stored in buffer
164 * @return TNC result code
165 */
166 TNC_Result (*get_attribute)(TNC_IMVID imv_id,
167 TNC_ConnectionID connection_id,
168 TNC_AttributeID attribute_id,
169 TNC_UInt32 buffer_len,
170 TNC_BufferReference buffer,
171 TNC_UInt32 *out_value_len);
172
173 /**
174 * Set the value of an attribute associated with a connection
175 * or with the TNCS as a whole.
176 *
177 * @param imv_id IMV ID assigned by TNCS
178 * @param connection_id network connection ID assigned by TNCS
179 * @param attribute_id attribute ID
180 * @param buffer_len length of buffer in bytes
181 * @param buffer buffer
182 * @return TNC result code
183 */
184 TNC_Result (*set_attribute)(TNC_IMVID imv_id,
185 TNC_ConnectionID connection_id,
186 TNC_AttributeID attribute_id,
187 TNC_UInt32 buffer_len,
188 TNC_BufferReference buffer);
189
190 /**
191 * Reserve an additional IMV ID
192 *
193 * @param imv_id primary IMV ID assigned by TNCS
194 * @param out_imv_id additional IMV ID assigned by TNCS
195 * @return TNC result code
196 */
197 TNC_Result (*reserve_additional_id)(TNC_IMVID imv_id,
198 TNC_UInt32 *out_imv_id);
199
200 };
201
202 METHOD(imv_agent_t, bind_functions, TNC_Result,
203 private_imv_agent_t *this, TNC_TNCS_BindFunctionPointer bind_function)
204 {
205 if (!bind_function)
206 {
207 DBG1(DBG_IMV, "TNC server failed to provide bind function");
208 return TNC_RESULT_INVALID_PARAMETER;
209 }
210 if (bind_function(this->id, "TNC_TNCS_ReportMessageTypes",
211 (void**)&this->report_message_types) != TNC_RESULT_SUCCESS)
212 {
213 this->report_message_types = NULL;
214 }
215 if (bind_function(this->id, "TNC_TNCS_ReportMessageTypesLong",
216 (void**)&this->report_message_types_long) != TNC_RESULT_SUCCESS)
217 {
218 this->report_message_types_long = NULL;
219 }
220 if (bind_function(this->id, "TNC_TNCS_RequestHandshakeRetry",
221 (void**)&this->public.request_handshake_retry) != TNC_RESULT_SUCCESS)
222 {
223 this->public.request_handshake_retry = NULL;
224 }
225 if (bind_function(this->id, "TNC_TNCS_SendMessage",
226 (void**)&this->send_message) != TNC_RESULT_SUCCESS)
227 {
228 this->send_message = NULL;
229 }
230 if (bind_function(this->id, "TNC_TNCS_SendMessageLong",
231 (void**)&this->send_message_long) != TNC_RESULT_SUCCESS)
232 {
233 this->send_message_long = NULL;
234 }
235 if (bind_function(this->id, "TNC_TNCS_ProvideRecommendation",
236 (void**)&this->provide_recommendation) != TNC_RESULT_SUCCESS)
237 {
238 this->provide_recommendation = NULL;
239 }
240 if (bind_function(this->id, "TNC_TNCS_GetAttribute",
241 (void**)&this->get_attribute) != TNC_RESULT_SUCCESS)
242 {
243 this->get_attribute = NULL;
244 }
245 if (bind_function(this->id, "TNC_TNCS_SetAttribute",
246 (void**)&this->set_attribute) != TNC_RESULT_SUCCESS)
247 {
248 this->set_attribute = NULL;
249 }
250 if (bind_function(this->id, "TNC_TNCC_ReserveAdditionalIMVID",
251 (void**)&this->reserve_additional_id) != TNC_RESULT_SUCCESS)
252 {
253 this->reserve_additional_id = NULL;
254 }
255 DBG2(DBG_IMV, "IMV %u \"%s\" provided with bind function",
256 this->id, this->name);
257
258 if (this->report_message_types_long)
259 {
260 this->report_message_types_long(this->id, &this->vendor_id,
261 &this->subtype, 1);
262 }
263 else if (this->report_message_types &&
264 this->vendor_id <= TNC_VENDORID_ANY &&
265 this->subtype <= TNC_SUBTYPE_ANY)
266 {
267 TNC_MessageType type;
268
269 type = (this->vendor_id << 8) | this->subtype;
270 this->report_message_types(this->id, &type, 1);
271 }
272 return TNC_RESULT_SUCCESS;
273 }
274
275 /**
276 * finds a connection state based on its Connection ID
277 */
278 static imv_state_t* find_connection(private_imv_agent_t *this,
279 TNC_ConnectionID id)
280 {
281 enumerator_t *enumerator;
282 imv_state_t *state, *found = NULL;
283
284 this->connection_lock->read_lock(this->connection_lock);
285 enumerator = this->connections->create_enumerator(this->connections);
286 while (enumerator->enumerate(enumerator, &state))
287 {
288 if (id == state->get_connection_id(state))
289 {
290 found = state;
291 break;
292 }
293 }
294 enumerator->destroy(enumerator);
295 this->connection_lock->unlock(this->connection_lock);
296
297 return found;
298 }
299
300 /**
301 * delete a connection state with a given Connection ID
302 */
303 static bool delete_connection(private_imv_agent_t *this, TNC_ConnectionID id)
304 {
305 enumerator_t *enumerator;
306 imv_state_t *state;
307 bool found = FALSE;
308
309 this->connection_lock->write_lock(this->connection_lock);
310 enumerator = this->connections->create_enumerator(this->connections);
311 while (enumerator->enumerate(enumerator, &state))
312 {
313 if (id == state->get_connection_id(state))
314 {
315 found = TRUE;
316 state->destroy(state);
317 this->connections->remove_at(this->connections, enumerator);
318 break;
319 }
320 }
321 enumerator->destroy(enumerator);
322 this->connection_lock->unlock(this->connection_lock);
323
324 return found;
325 }
326
327 /**
328 * Read a boolean attribute
329 */
330 static bool get_bool_attribute(private_imv_agent_t *this, TNC_ConnectionID id,
331 TNC_AttributeID attribute_id)
332 {
333 TNC_UInt32 len;
334 char buf[4];
335
336 return this->get_attribute &&
337 this->get_attribute(this->id, id, attribute_id, 4, buf, &len) ==
338 TNC_RESULT_SUCCESS && len == 1 && *buf == 0x01;
339 }
340
341 /**
342 * Read a string attribute
343 */
344 static char* get_str_attribute(private_imv_agent_t *this, TNC_ConnectionID id,
345 TNC_AttributeID attribute_id)
346 {
347 TNC_UInt32 len;
348 char buf[BUF_LEN];
349
350 if (this->get_attribute &&
351 this->get_attribute(this->id, id, attribute_id, BUF_LEN, buf, &len) ==
352 TNC_RESULT_SUCCESS && len <= BUF_LEN)
353 {
354 return strdup(buf);
355 }
356 return NULL;
357 }
358
359 /**
360 * Read an UInt32 attribute
361 */
362 static u_int32_t get_uint_attribute(private_imv_agent_t *this, TNC_ConnectionID id,
363 TNC_AttributeID attribute_id)
364 {
365 TNC_UInt32 len;
366 char buf[4];
367
368 if (this->get_attribute &&
369 this->get_attribute(this->id, id, attribute_id, 4, buf, &len) ==
370 TNC_RESULT_SUCCESS && len == 4)
371 {
372 return untoh32(buf);
373 }
374 return 0;
375 }
376
377 METHOD(imv_agent_t, create_state, TNC_Result,
378 private_imv_agent_t *this, imv_state_t *state)
379 {
380 TNC_ConnectionID conn_id;
381 char *tnccs_p = NULL, *tnccs_v = NULL, *t_p = NULL, *t_v = NULL;
382 bool has_long = FALSE, has_excl = FALSE, has_soh = FALSE;
383 u_int32_t max_msg_len;
384
385 conn_id = state->get_connection_id(state);
386 if (find_connection(this, conn_id))
387 {
388 DBG1(DBG_IMV, "IMV %u \"%s\" already created a state for Connection ID %u",
389 this->id, this->name, conn_id);
390 state->destroy(state);
391 return TNC_RESULT_OTHER;
392 }
393
394 /* Get and display attributes from TNCS via IF-IMV */
395 has_long = get_bool_attribute(this, conn_id, TNC_ATTRIBUTEID_HAS_LONG_TYPES);
396 has_excl = get_bool_attribute(this, conn_id, TNC_ATTRIBUTEID_HAS_EXCLUSIVE);
397 has_soh = get_bool_attribute(this, conn_id, TNC_ATTRIBUTEID_HAS_SOH);
398 tnccs_p = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFTNCCS_PROTOCOL);
399 tnccs_v = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFTNCCS_VERSION);
400 t_p = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFT_PROTOCOL);
401 t_v = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFT_VERSION);
402 max_msg_len = get_uint_attribute(this, conn_id, TNC_ATTRIBUTEID_MAX_MESSAGE_SIZE);
403
404 state->set_flags(state, has_long, has_excl);
405 state->set_max_msg_len(state, max_msg_len);
406
407 DBG2(DBG_IMV, "IMV %u \"%s\" created a state for %s %s Connection ID %u: "
408 "%slong %sexcl %ssoh", this->id, this->name,
409 tnccs_p ? tnccs_p:"?", tnccs_v ? tnccs_v:"?", conn_id,
410 has_long ? "+":"-", has_excl ? "+":"-", has_soh ? "+":"-");
411 DBG2(DBG_IMV, " over %s %s with maximum PA-TNC message size of %u bytes",
412 t_p ? t_p:"?", t_v ? t_v :"?", max_msg_len);
413
414 free(tnccs_p);
415 free(tnccs_v);
416 free(t_p);
417 free(t_v);
418
419 this->connection_lock->write_lock(this->connection_lock);
420 this->connections->insert_last(this->connections, state);
421 this->connection_lock->unlock(this->connection_lock);
422 return TNC_RESULT_SUCCESS;
423 }
424
425 METHOD(imv_agent_t, delete_state, TNC_Result,
426 private_imv_agent_t *this, TNC_ConnectionID connection_id)
427 {
428 if (!delete_connection(this, connection_id))
429 {
430 DBG1(DBG_IMV, "IMV %u \"%s\" has no state for Connection ID %u",
431 this->id, this->name, connection_id);
432 return TNC_RESULT_FATAL;
433 }
434 DBG2(DBG_IMV, "IMV %u \"%s\" deleted the state of Connection ID %u",
435 this->id, this->name, connection_id);
436 return TNC_RESULT_SUCCESS;
437 }
438
439 METHOD(imv_agent_t, change_state, TNC_Result,
440 private_imv_agent_t *this, TNC_ConnectionID connection_id,
441 TNC_ConnectionState new_state,
442 imv_state_t **state_p)
443 {
444 imv_state_t *state;
445
446 switch (new_state)
447 {
448 case TNC_CONNECTION_STATE_HANDSHAKE:
449 case TNC_CONNECTION_STATE_ACCESS_ALLOWED:
450 case TNC_CONNECTION_STATE_ACCESS_ISOLATED:
451 case TNC_CONNECTION_STATE_ACCESS_NONE:
452 state = find_connection(this, connection_id);
453 if (!state)
454 {
455 DBG1(DBG_IMV, "IMV %u \"%s\" has no state for Connection ID %u",
456 this->id, this->name, connection_id);
457 return TNC_RESULT_FATAL;
458 }
459 state->change_state(state, new_state);
460 DBG2(DBG_IMV, "IMV %u \"%s\" changed state of Connection ID %u to '%N'",
461 this->id, this->name, connection_id,
462 TNC_Connection_State_names, new_state);
463 if (state_p)
464 {
465 *state_p = state;
466 }
467 break;
468 case TNC_CONNECTION_STATE_CREATE:
469 DBG1(DBG_IMV, "state '%N' should be handled by create_state()",
470 TNC_Connection_State_names, new_state);
471 return TNC_RESULT_FATAL;
472 case TNC_CONNECTION_STATE_DELETE:
473 DBG1(DBG_IMV, "state '%N' should be handled by delete_state()",
474 TNC_Connection_State_names, new_state);
475 return TNC_RESULT_FATAL;
476 default:
477 DBG1(DBG_IMV, "IMV %u \"%s\" was notified of unknown state %u "
478 "for Connection ID %u",
479 this->id, this->name, new_state, connection_id);
480 return TNC_RESULT_INVALID_PARAMETER;
481 }
482 return TNC_RESULT_SUCCESS;
483 }
484
485 METHOD(imv_agent_t, get_state, bool,
486 private_imv_agent_t *this, TNC_ConnectionID connection_id,
487 imv_state_t **state)
488 {
489 *state = find_connection(this, connection_id);
490 if (!*state)
491 {
492 DBG1(DBG_IMV, "IMV %u \"%s\" has no state for Connection ID %u",
493 this->id, this->name, connection_id);
494 return FALSE;
495 }
496 return TRUE;
497 }
498
499 METHOD(imv_agent_t, send_message, TNC_Result,
500 private_imv_agent_t *this, TNC_ConnectionID connection_id, bool excl,
501 TNC_UInt32 src_imv_id, TNC_UInt32 dst_imc_id, linked_list_t *attr_list)
502 {
503 TNC_MessageType type;
504 TNC_UInt32 msg_flags;
505 TNC_Result result = TNC_RESULT_FATAL;
506 imv_state_t *state;
507 pa_tnc_attr_t *attr;
508 pa_tnc_msg_t *pa_tnc_msg;
509 chunk_t msg;
510 enumerator_t *enumerator;
511 bool attr_added;
512
513 state = find_connection(this, connection_id);
514 if (!state)
515 {
516 DBG1(DBG_IMV, "IMV %u \"%s\" has no state for Connection ID %u",
517 this->id, this->name, connection_id);
518 return TNC_RESULT_FATAL;
519 }
520
521 while (attr_list->get_count(attr_list))
522 {
523 pa_tnc_msg = pa_tnc_msg_create(this->max_msg_len);
524 attr_added = FALSE;
525
526 enumerator = attr_list->create_enumerator(attr_list);
527 while (enumerator->enumerate(enumerator, &attr))
528 {
529 if (pa_tnc_msg->add_attribute(pa_tnc_msg, attr))
530 {
531 attr_added = TRUE;
532 }
533 else
534 {
535 if (attr_added)
536 {
537 break;
538 }
539 else
540 {
541 DBG1(DBG_IMV, "PA-TNC attribute too large to send, deleted");
542 attr->destroy(attr);
543 }
544 }
545 attr_list->remove_at(attr_list, enumerator);
546 }
547 enumerator->destroy(enumerator);
548
549 /* build and send the PA-TNC message via the IF-IMV interface */
550 pa_tnc_msg->build(pa_tnc_msg);
551 msg = pa_tnc_msg->get_encoding(pa_tnc_msg);
552
553 if (state->has_long(state) && this->send_message_long)
554 {
555 if (!src_imv_id)
556 {
557 src_imv_id = this->id;
558 }
559 msg_flags = excl ? TNC_MESSAGE_FLAGS_EXCLUSIVE : 0;
560
561 result = this->send_message_long(src_imv_id, connection_id,
562 msg_flags, msg.ptr, msg.len, this->vendor_id,
563 this->subtype, dst_imc_id);
564 }
565 else if (this->send_message)
566 {
567 type = (this->vendor_id << 8) | this->subtype;
568
569 result = this->send_message(this->id, connection_id, msg.ptr,
570 msg.len, type);
571 }
572
573 pa_tnc_msg->destroy(pa_tnc_msg);
574
575 if (result != TNC_RESULT_SUCCESS)
576 {
577 break;
578 }
579 }
580 return result;
581 }
582
583 METHOD(imv_agent_t, set_recommendation, TNC_Result,
584 private_imv_agent_t *this, TNC_ConnectionID connection_id,
585 TNC_IMV_Action_Recommendation rec,
586 TNC_IMV_Evaluation_Result eval)
587 {
588 imv_state_t *state;
589
590 state = find_connection(this, connection_id);
591 if (!state)
592 {
593 DBG1(DBG_IMV, "IMV %u \"%s\" has no state for Connection ID %u",
594 this->id, this->name, connection_id);
595 return TNC_RESULT_FATAL;
596 }
597
598 state->set_recommendation(state, rec, eval);
599 return this->provide_recommendation(this->id, connection_id, rec, eval);
600 }
601
602 METHOD(imv_agent_t, receive_message, TNC_Result,
603 private_imv_agent_t *this, imv_state_t *state, chunk_t msg,
604 TNC_VendorID msg_vid, TNC_MessageSubtype msg_subtype,
605 TNC_UInt32 src_imc_id, TNC_UInt32 dst_imv_id, pa_tnc_msg_t **pa_tnc_msg)
606 {
607 pa_tnc_msg_t *pa_msg;
608 pa_tnc_attr_t *error_attr;
609 linked_list_t *error_attr_list;
610 enumerator_t *enumerator;
611 TNC_UInt32 src_imv_id, dst_imc_id;
612 TNC_ConnectionID connection_id;
613 TNC_Result result;
614
615 connection_id = state->get_connection_id(state);
616
617 if (state->has_long(state))
618 {
619 if (dst_imv_id != TNC_IMVID_ANY)
620 {
621 DBG2(DBG_IMV, "IMV %u \"%s\" received message for Connection ID %u "
622 "from IMC %u to IMV %u", this->id, this->name,
623 connection_id, src_imc_id, dst_imv_id);
624 }
625 else
626 {
627 DBG2(DBG_IMV, "IMV %u \"%s\" received message for Connection ID %u "
628 "from IMC %u", this->id, this->name, connection_id,
629 src_imc_id);
630 }
631 }
632 else
633 {
634 DBG2(DBG_IMV, "IMV %u \"%s\" received message for Connection ID %u",
635 this->id, this->name, connection_id);
636 }
637
638 *pa_tnc_msg = NULL;
639 pa_msg = pa_tnc_msg_create_from_data(msg);
640
641 switch (pa_msg->process(pa_msg))
642 {
643 case SUCCESS:
644 *pa_tnc_msg = pa_msg;
645 break;
646 case VERIFY_ERROR:
647 /* extract and copy by refence all error attributes */
648 error_attr_list = linked_list_create();
649
650 enumerator = pa_msg->create_error_enumerator(pa_msg);
651 while (enumerator->enumerate(enumerator, &error_attr))
652 {
653 error_attr_list->insert_last(error_attr_list,
654 error_attr->get_ref(error_attr));
655 }
656 enumerator->destroy(enumerator);
657
658 src_imv_id = (dst_imv_id == TNC_IMVID_ANY) ? this->id : dst_imv_id;
659 dst_imc_id = state->has_excl(state) ? src_imc_id : TNC_IMCID_ANY;
660
661 result = send_message(this, connection_id, state->has_excl(state),
662 src_imv_id, dst_imc_id, error_attr_list);
663
664 error_attr_list->destroy(error_attr_list);
665 pa_msg->destroy(pa_msg);
666 return result;
667 case FAILED:
668 default:
669 pa_msg->destroy(pa_msg);
670 state->set_recommendation(state,
671 TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
672 TNC_IMV_EVALUATION_RESULT_ERROR);
673 return this->provide_recommendation(this->id, connection_id,
674 TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
675 TNC_IMV_EVALUATION_RESULT_ERROR);
676 }
677 return TNC_RESULT_SUCCESS;
678 }
679
680 METHOD(imv_agent_t, provide_recommendation, TNC_Result,
681 private_imv_agent_t *this, TNC_ConnectionID connection_id)
682 {
683 imv_state_t *state;
684 TNC_IMV_Action_Recommendation rec;
685 TNC_IMV_Evaluation_Result eval;
686 TNC_UInt32 lang_len;
687 char buf[BUF_LEN];
688 chunk_t pref_lang = { buf, 0 }, reason_string, reason_lang;
689
690 state = find_connection(this, connection_id);
691 if (!state)
692 {
693 DBG1(DBG_IMV, "IMV %u \"%s\" has no state for Connection ID %u",
694 this->id, this->name, connection_id);
695 return TNC_RESULT_FATAL;
696 }
697 state->get_recommendation(state, &rec, &eval);
698
699
700 /* send a reason string if action recommendation is not allow */
701 if (rec != TNC_IMV_ACTION_RECOMMENDATION_ALLOW)
702 {
703 /* check if there a preferred language has been requested */
704 if (this->get_attribute &&
705 this->get_attribute(this->id, connection_id,
706 TNC_ATTRIBUTEID_PREFERRED_LANGUAGE, BUF_LEN,
707 buf, &lang_len) == TNC_RESULT_SUCCESS &&
708 lang_len <= BUF_LEN)
709 {
710 pref_lang.len = lang_len;
711 DBG2(DBG_IMV, "preferred language is '%.*s'",
712 pref_lang.len, pref_lang.ptr);
713 }
714
715 /* find a reason string for the preferred or default language and set it */
716 if (this->set_attribute &&
717 state->get_reason_string(state, pref_lang, &reason_string,
718 &reason_lang))
719 {
720 this->set_attribute(this->id, connection_id,
721 TNC_ATTRIBUTEID_REASON_STRING,
722 reason_string.len, reason_string.ptr);
723 this->set_attribute(this->id, connection_id,
724 TNC_ATTRIBUTEID_REASON_LANGUAGE,
725 reason_lang.len, reason_lang.ptr);
726 }
727 }
728
729 return this->provide_recommendation(this->id, connection_id, rec, eval);
730 }
731
732 METHOD(imv_agent_t, reserve_additional_ids, TNC_Result,
733 private_imv_agent_t *this, int count)
734 {
735 TNC_Result result;
736 TNC_UInt32 id;
737 void *pointer;
738
739 if (!this->reserve_additional_id)
740 {
741 DBG1(DBG_IMV, "IMV %u \"%s\" did not detect the capability to reserve "
742 "additional IMV IDs from the TNCS", this->id, this->name);
743 return TNC_RESULT_ILLEGAL_OPERATION;
744 }
745 while (count > 0)
746 {
747 result = this->reserve_additional_id(this->id, &id);
748 if (result != TNC_RESULT_SUCCESS)
749 {
750 DBG1(DBG_IMV, "IMV %u \"%s\" failed to reserve %d additional IMV IDs",
751 this->id, this->name, count);
752 return result;
753 }
754 count--;
755
756 /* store the scalar value in the pointer */
757 pointer = (void*)id;
758 this->additional_ids->insert_last(this->additional_ids, pointer);
759 DBG2(DBG_IMV, "IMV %u \"%s\" reserved additional ID %u",
760 this->id, this->name, id);
761 }
762 return TNC_RESULT_SUCCESS;
763 }
764
765 METHOD(imv_agent_t, count_additional_ids, int,
766 private_imv_agent_t *this)
767 {
768 return this->additional_ids->get_count(this->additional_ids);
769 }
770
771 METHOD(imv_agent_t, create_id_enumerator, enumerator_t*,
772 private_imv_agent_t *this)
773 {
774 return this->additional_ids->create_enumerator(this->additional_ids);
775 }
776
777 METHOD(imv_agent_t, destroy, void,
778 private_imv_agent_t *this)
779 {
780 DBG1(DBG_IMV, "IMV %u \"%s\" terminated", this->id, this->name);
781 this->additional_ids->destroy(this->additional_ids);
782 this->connections->destroy_offset(this->connections,
783 offsetof(imv_state_t, destroy));
784 this->connection_lock->destroy(this->connection_lock);
785 free(this);
786
787 /* decrease the reference count or terminate */
788 libimcv_deinit();
789 }
790
791 /**
792 * Described in header.
793 */
794 imv_agent_t *imv_agent_create(const char *name,
795 pen_t vendor_id, u_int32_t subtype,
796 TNC_IMVID id, TNC_Version *actual_version)
797 {
798 private_imv_agent_t *this;
799
800 /* initialize or increase the reference count */
801 if (!libimcv_init())
802 {
803 return NULL;
804 }
805
806 INIT(this,
807 .public = {
808 .bind_functions = _bind_functions,
809 .create_state = _create_state,
810 .delete_state = _delete_state,
811 .change_state = _change_state,
812 .get_state = _get_state,
813 .send_message = _send_message,
814 .receive_message = _receive_message,
815 .set_recommendation = _set_recommendation,
816 .provide_recommendation = _provide_recommendation,
817 .reserve_additional_ids = _reserve_additional_ids,
818 .count_additional_ids = _count_additional_ids,
819 .create_id_enumerator = _create_id_enumerator,
820 .destroy = _destroy,
821 },
822 .name = name,
823 .vendor_id = vendor_id,
824 .subtype = subtype,
825 .max_msg_len = 65490,
826 .id = id,
827 .additional_ids = linked_list_create(),
828 .connections = linked_list_create(),
829 .connection_lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
830 );
831
832 *actual_version = TNC_IFIMV_VERSION_1;
833 DBG1(DBG_IMV, "IMV %u \"%s\" initialized", this->id, this->name);
834
835 return &this->public;
836 }
837
838