allow registration of multiple message type
[strongswan.git] / src / libimcv / imv / imv_agent.c
1 /*
2 * Copyright (C) 2011-2012 Andreas Steffen
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "imcv.h"
17 #include "imv_agent.h"
18 #include "ietf/ietf_attr_assess_result.h"
19
20 #include <tncif_names.h>
21
22 #include <debug.h>
23 #include <threading/rwlock.h>
24
25 typedef struct private_imv_agent_t private_imv_agent_t;
26
27 /**
28 * Private data of an imv_agent_t object.
29 */
30 struct private_imv_agent_t {
31
32 /**
33 * Public members of imv_agent_t
34 */
35 imv_agent_t public;
36
37 /**
38 * name of IMV
39 */
40 const char *name;
41
42 /**
43 * message types registered by IMV
44 */
45 pen_type_t *supported_types;
46
47 /**
48 * number of message types registered by IMV
49 */
50 u_int32_t type_count;
51
52 /**
53 * ID of IMV as assigned by TNCS
54 */
55 TNC_IMVID id;
56
57 /**
58 * List of additional IMV IDs assigned by TNCS
59 */
60 linked_list_t *additional_ids;
61
62 /**
63 * list of TNCS connection entries
64 */
65 linked_list_t *connections;
66
67 /**
68 * rwlock to lock TNCS connection entries
69 */
70 rwlock_t *connection_lock;
71
72 /**
73 * Inform a TNCS about the set of message types the IMV is able to receive
74 *
75 * @param imv_id IMV ID assigned by TNCS
76 * @param supported_types list of supported message types
77 * @param type_count number of list elements
78 * @return TNC result code
79 */
80 TNC_Result (*report_message_types)(TNC_IMVID imv_id,
81 TNC_MessageTypeList supported_types,
82 TNC_UInt32 type_count);
83
84 /**
85 * Inform a TNCS about the set of message types the IMV is able to receive
86 *
87 * @param imv_id IMV ID assigned by TNCS
88 * @param supported_vids list of supported message vendor IDs
89 * @param supported_subtypes list of supported message subtypes
90 * @param type_count number of list elements
91 * @return TNC result code
92 */
93 TNC_Result (*report_message_types_long)(TNC_IMVID imv_id,
94 TNC_VendorIDList supported_vids,
95 TNC_MessageSubtypeList supported_subtypes,
96 TNC_UInt32 type_count);
97
98 /**
99 * Call when an IMV-IMC message is to be sent
100 *
101 * @param imv_id IMV ID assigned by TNCS
102 * @param connection_id network connection ID assigned by TNCS
103 * @param msg message to send
104 * @param msg_len message length in bytes
105 * @param msg_type message type
106 * @return TNC result code
107 */
108 TNC_Result (*send_message)(TNC_IMVID imv_id,
109 TNC_ConnectionID connection_id,
110 TNC_BufferReference msg,
111 TNC_UInt32 msg_len,
112 TNC_MessageType msg_type);
113
114 /**
115 * Call when an IMV-IMC message is to be sent with long message types
116 *
117 * @param imv_id IMV ID assigned by TNCS
118 * @param connection_id network connection ID assigned by TNCS
119 * @param msg_flags message flags
120 * @param msg message to send
121 * @param msg_len message length in bytes
122 * @param msg_vid message vendor ID
123 * @param msg_subtype message subtype
124 * @param dst_imc_id destination IMC ID
125 * @return TNC result code
126 */
127 TNC_Result (*send_message_long)(TNC_IMVID imv_id,
128 TNC_ConnectionID connection_id,
129 TNC_UInt32 msg_flags,
130 TNC_BufferReference msg,
131 TNC_UInt32 msg_len,
132 TNC_VendorID msg_vid,
133 TNC_MessageSubtype msg_subtype,
134 TNC_UInt32 dst_imc_id);
135
136 /**
137 * Deliver IMV Action Recommendation and IMV Evaluation Results to the TNCS
138 *
139 * @param imv_id IMV ID assigned by TNCS
140 # @param connection_id network connection ID assigned by TNCS
141 * @param rec IMV action recommendation
142 * @param eval IMV evaluation result
143 * @return TNC result code
144 */
145 TNC_Result (*provide_recommendation)(TNC_IMVID imv_id,
146 TNC_ConnectionID connection_id,
147 TNC_IMV_Action_Recommendation rec,
148 TNC_IMV_Evaluation_Result eval);
149
150 /**
151 * Get the value of an attribute associated with a connection
152 * or with the TNCS as a whole.
153 *
154 * @param imv_id IMV ID assigned by TNCS
155 * @param connection_id network connection ID assigned by TNCS
156 * @param attribute_id attribute ID
157 * @param buffer_len length of buffer in bytes
158 * @param buffer buffer
159 * @param out_value_len size in bytes of attribute stored in buffer
160 * @return TNC result code
161 */
162 TNC_Result (*get_attribute)(TNC_IMVID imv_id,
163 TNC_ConnectionID connection_id,
164 TNC_AttributeID attribute_id,
165 TNC_UInt32 buffer_len,
166 TNC_BufferReference buffer,
167 TNC_UInt32 *out_value_len);
168
169 /**
170 * Set the value of an attribute associated with a connection
171 * or with the TNCS as a whole.
172 *
173 * @param imv_id IMV ID assigned by TNCS
174 * @param connection_id network connection ID assigned by TNCS
175 * @param attribute_id attribute ID
176 * @param buffer_len length of buffer in bytes
177 * @param buffer buffer
178 * @return TNC result code
179 */
180 TNC_Result (*set_attribute)(TNC_IMVID imv_id,
181 TNC_ConnectionID connection_id,
182 TNC_AttributeID attribute_id,
183 TNC_UInt32 buffer_len,
184 TNC_BufferReference buffer);
185
186 /**
187 * Reserve an additional IMV ID
188 *
189 * @param imv_id primary IMV ID assigned by TNCS
190 * @param out_imv_id additional IMV ID assigned by TNCS
191 * @return TNC result code
192 */
193 TNC_Result (*reserve_additional_id)(TNC_IMVID imv_id,
194 TNC_UInt32 *out_imv_id);
195
196 };
197
198 METHOD(imv_agent_t, bind_functions, TNC_Result,
199 private_imv_agent_t *this, TNC_TNCS_BindFunctionPointer bind_function)
200 {
201 if (!bind_function)
202 {
203 DBG1(DBG_IMV, "TNC server failed to provide bind function");
204 return TNC_RESULT_INVALID_PARAMETER;
205 }
206 if (bind_function(this->id, "TNC_TNCS_ReportMessageTypes",
207 (void**)&this->report_message_types) != TNC_RESULT_SUCCESS)
208 {
209 this->report_message_types = NULL;
210 }
211 if (bind_function(this->id, "TNC_TNCS_ReportMessageTypesLong",
212 (void**)&this->report_message_types_long) != TNC_RESULT_SUCCESS)
213 {
214 this->report_message_types_long = NULL;
215 }
216 if (bind_function(this->id, "TNC_TNCS_RequestHandshakeRetry",
217 (void**)&this->public.request_handshake_retry) != TNC_RESULT_SUCCESS)
218 {
219 this->public.request_handshake_retry = NULL;
220 }
221 if (bind_function(this->id, "TNC_TNCS_SendMessage",
222 (void**)&this->send_message) != TNC_RESULT_SUCCESS)
223 {
224 this->send_message = NULL;
225 }
226 if (bind_function(this->id, "TNC_TNCS_SendMessageLong",
227 (void**)&this->send_message_long) != TNC_RESULT_SUCCESS)
228 {
229 this->send_message_long = NULL;
230 }
231 if (bind_function(this->id, "TNC_TNCS_ProvideRecommendation",
232 (void**)&this->provide_recommendation) != TNC_RESULT_SUCCESS)
233 {
234 this->provide_recommendation = NULL;
235 }
236 if (bind_function(this->id, "TNC_TNCS_GetAttribute",
237 (void**)&this->get_attribute) != TNC_RESULT_SUCCESS)
238 {
239 this->get_attribute = NULL;
240 }
241 if (bind_function(this->id, "TNC_TNCS_SetAttribute",
242 (void**)&this->set_attribute) != TNC_RESULT_SUCCESS)
243 {
244 this->set_attribute = NULL;
245 }
246 if (bind_function(this->id, "TNC_TNCC_ReserveAdditionalIMVID",
247 (void**)&this->reserve_additional_id) != TNC_RESULT_SUCCESS)
248 {
249 this->reserve_additional_id = NULL;
250 }
251 DBG2(DBG_IMV, "IMV %u \"%s\" provided with bind function",
252 this->id, this->name);
253
254 if (this->report_message_types_long)
255 {
256 TNC_VendorIDList vendor_id_list;
257 TNC_MessageSubtypeList subtype_list;
258 int i;
259
260 vendor_id_list = malloc(this->type_count * sizeof(TNC_UInt32));
261 subtype_list = malloc(this->type_count * sizeof(TNC_UInt32));
262
263 for (i = 0; i < this->type_count; i++)
264 {
265 vendor_id_list[i] = this->supported_types[i].vendor_id;
266 subtype_list[i] = this->supported_types[i].type;
267 }
268 this->report_message_types_long(this->id, vendor_id_list, subtype_list,
269 this->type_count);
270 free(vendor_id_list);
271 free(subtype_list);
272 }
273 else if (this->report_message_types)
274 {
275 TNC_MessageTypeList type_list;
276 int i;
277
278 type_list = malloc(this->type_count * sizeof(TNC_UInt32));
279
280 for (i = 0; i < this->type_count; i++)
281 {
282 type_list[i] = (this->supported_types[i].vendor_id << 8) |
283 (this->supported_types[i].type & 0xff);
284 }
285 this->report_message_types(this->id, type_list, this->type_count);
286 free(type_list);
287 }
288 return TNC_RESULT_SUCCESS;
289 }
290
291 /**
292 * finds a connection state based on its Connection ID
293 */
294 static imv_state_t* find_connection(private_imv_agent_t *this,
295 TNC_ConnectionID id)
296 {
297 enumerator_t *enumerator;
298 imv_state_t *state, *found = NULL;
299
300 this->connection_lock->read_lock(this->connection_lock);
301 enumerator = this->connections->create_enumerator(this->connections);
302 while (enumerator->enumerate(enumerator, &state))
303 {
304 if (id == state->get_connection_id(state))
305 {
306 found = state;
307 break;
308 }
309 }
310 enumerator->destroy(enumerator);
311 this->connection_lock->unlock(this->connection_lock);
312
313 return found;
314 }
315
316 /**
317 * delete a connection state with a given Connection ID
318 */
319 static bool delete_connection(private_imv_agent_t *this, TNC_ConnectionID id)
320 {
321 enumerator_t *enumerator;
322 imv_state_t *state;
323 bool found = FALSE;
324
325 this->connection_lock->write_lock(this->connection_lock);
326 enumerator = this->connections->create_enumerator(this->connections);
327 while (enumerator->enumerate(enumerator, &state))
328 {
329 if (id == state->get_connection_id(state))
330 {
331 found = TRUE;
332 state->destroy(state);
333 this->connections->remove_at(this->connections, enumerator);
334 break;
335 }
336 }
337 enumerator->destroy(enumerator);
338 this->connection_lock->unlock(this->connection_lock);
339
340 return found;
341 }
342
343 /**
344 * Read a boolean attribute
345 */
346 static bool get_bool_attribute(private_imv_agent_t *this, TNC_ConnectionID id,
347 TNC_AttributeID attribute_id)
348 {
349 TNC_UInt32 len;
350 char buf[4];
351
352 return this->get_attribute &&
353 this->get_attribute(this->id, id, attribute_id, 4, buf, &len) ==
354 TNC_RESULT_SUCCESS && len == 1 && *buf == 0x01;
355 }
356
357 /**
358 * Read a string attribute
359 */
360 static char* get_str_attribute(private_imv_agent_t *this, TNC_ConnectionID id,
361 TNC_AttributeID attribute_id)
362 {
363 TNC_UInt32 len;
364 char buf[BUF_LEN];
365
366 if (this->get_attribute &&
367 this->get_attribute(this->id, id, attribute_id, BUF_LEN, buf, &len) ==
368 TNC_RESULT_SUCCESS && len <= BUF_LEN)
369 {
370 return strdup(buf);
371 }
372 return NULL;
373 }
374
375 /**
376 * Read an UInt32 attribute
377 */
378 static u_int32_t get_uint_attribute(private_imv_agent_t *this, TNC_ConnectionID id,
379 TNC_AttributeID attribute_id)
380 {
381 TNC_UInt32 len;
382 char buf[4];
383
384 if (this->get_attribute &&
385 this->get_attribute(this->id, id, attribute_id, 4, buf, &len) ==
386 TNC_RESULT_SUCCESS && len == 4)
387 {
388 return untoh32(buf);
389 }
390 return 0;
391 }
392
393 METHOD(imv_agent_t, create_state, TNC_Result,
394 private_imv_agent_t *this, imv_state_t *state)
395 {
396 TNC_ConnectionID conn_id;
397 char *tnccs_p = NULL, *tnccs_v = NULL, *t_p = NULL, *t_v = NULL;
398 bool has_long = FALSE, has_excl = FALSE, has_soh = FALSE;
399 u_int32_t max_msg_len;
400
401 conn_id = state->get_connection_id(state);
402 if (find_connection(this, conn_id))
403 {
404 DBG1(DBG_IMV, "IMV %u \"%s\" already created a state for Connection ID %u",
405 this->id, this->name, conn_id);
406 state->destroy(state);
407 return TNC_RESULT_OTHER;
408 }
409
410 /* Get and display attributes from TNCS via IF-IMV */
411 has_long = get_bool_attribute(this, conn_id, TNC_ATTRIBUTEID_HAS_LONG_TYPES);
412 has_excl = get_bool_attribute(this, conn_id, TNC_ATTRIBUTEID_HAS_EXCLUSIVE);
413 has_soh = get_bool_attribute(this, conn_id, TNC_ATTRIBUTEID_HAS_SOH);
414 tnccs_p = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFTNCCS_PROTOCOL);
415 tnccs_v = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFTNCCS_VERSION);
416 t_p = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFT_PROTOCOL);
417 t_v = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFT_VERSION);
418 max_msg_len = get_uint_attribute(this, conn_id, TNC_ATTRIBUTEID_MAX_MESSAGE_SIZE);
419
420 state->set_flags(state, has_long, has_excl);
421 state->set_max_msg_len(state, max_msg_len);
422
423 DBG2(DBG_IMV, "IMV %u \"%s\" created a state for %s %s Connection ID %u: "
424 "%slong %sexcl %ssoh", this->id, this->name,
425 tnccs_p ? tnccs_p:"?", tnccs_v ? tnccs_v:"?", conn_id,
426 has_long ? "+":"-", has_excl ? "+":"-", has_soh ? "+":"-");
427 DBG2(DBG_IMV, " over %s %s with maximum PA-TNC message size of %u bytes",
428 t_p ? t_p:"?", t_v ? t_v :"?", max_msg_len);
429
430 free(tnccs_p);
431 free(tnccs_v);
432 free(t_p);
433 free(t_v);
434
435 this->connection_lock->write_lock(this->connection_lock);
436 this->connections->insert_last(this->connections, state);
437 this->connection_lock->unlock(this->connection_lock);
438 return TNC_RESULT_SUCCESS;
439 }
440
441 METHOD(imv_agent_t, delete_state, TNC_Result,
442 private_imv_agent_t *this, TNC_ConnectionID connection_id)
443 {
444 if (!delete_connection(this, connection_id))
445 {
446 DBG1(DBG_IMV, "IMV %u \"%s\" has no state for Connection ID %u",
447 this->id, this->name, connection_id);
448 return TNC_RESULT_FATAL;
449 }
450 DBG2(DBG_IMV, "IMV %u \"%s\" deleted the state of Connection ID %u",
451 this->id, this->name, connection_id);
452 return TNC_RESULT_SUCCESS;
453 }
454
455 METHOD(imv_agent_t, change_state, TNC_Result,
456 private_imv_agent_t *this, TNC_ConnectionID connection_id,
457 TNC_ConnectionState new_state,
458 imv_state_t **state_p)
459 {
460 imv_state_t *state;
461
462 switch (new_state)
463 {
464 case TNC_CONNECTION_STATE_HANDSHAKE:
465 case TNC_CONNECTION_STATE_ACCESS_ALLOWED:
466 case TNC_CONNECTION_STATE_ACCESS_ISOLATED:
467 case TNC_CONNECTION_STATE_ACCESS_NONE:
468 state = find_connection(this, connection_id);
469 if (!state)
470 {
471 DBG1(DBG_IMV, "IMV %u \"%s\" has no state for Connection ID %u",
472 this->id, this->name, connection_id);
473 return TNC_RESULT_FATAL;
474 }
475 state->change_state(state, new_state);
476 DBG2(DBG_IMV, "IMV %u \"%s\" changed state of Connection ID %u to '%N'",
477 this->id, this->name, connection_id,
478 TNC_Connection_State_names, new_state);
479 if (state_p)
480 {
481 *state_p = state;
482 }
483 break;
484 case TNC_CONNECTION_STATE_CREATE:
485 DBG1(DBG_IMV, "state '%N' should be handled by create_state()",
486 TNC_Connection_State_names, new_state);
487 return TNC_RESULT_FATAL;
488 case TNC_CONNECTION_STATE_DELETE:
489 DBG1(DBG_IMV, "state '%N' should be handled by delete_state()",
490 TNC_Connection_State_names, new_state);
491 return TNC_RESULT_FATAL;
492 default:
493 DBG1(DBG_IMV, "IMV %u \"%s\" was notified of unknown state %u "
494 "for Connection ID %u",
495 this->id, this->name, new_state, connection_id);
496 return TNC_RESULT_INVALID_PARAMETER;
497 }
498 return TNC_RESULT_SUCCESS;
499 }
500
501 METHOD(imv_agent_t, get_state, bool,
502 private_imv_agent_t *this, TNC_ConnectionID connection_id,
503 imv_state_t **state)
504 {
505 *state = find_connection(this, connection_id);
506 if (!*state)
507 {
508 DBG1(DBG_IMV, "IMV %u \"%s\" has no state for Connection ID %u",
509 this->id, this->name, connection_id);
510 return FALSE;
511 }
512 return TRUE;
513 }
514
515 METHOD(imv_agent_t, send_message, TNC_Result,
516 private_imv_agent_t *this, TNC_ConnectionID connection_id, bool excl,
517 TNC_UInt32 src_imv_id, TNC_UInt32 dst_imc_id, TNC_VendorID msg_vid,
518 TNC_MessageSubtype msg_subtype, linked_list_t *attr_list)
519 {
520 TNC_MessageType type;
521 TNC_UInt32 msg_flags;
522 TNC_Result result = TNC_RESULT_FATAL;
523 imv_state_t *state;
524 pa_tnc_attr_t *attr;
525 pa_tnc_msg_t *pa_tnc_msg;
526 chunk_t msg;
527 enumerator_t *enumerator;
528 bool attr_added;
529
530 state = find_connection(this, connection_id);
531 if (!state)
532 {
533 DBG1(DBG_IMV, "IMV %u \"%s\" has no state for Connection ID %u",
534 this->id, this->name, connection_id);
535 return TNC_RESULT_FATAL;
536 }
537
538 while (attr_list->get_count(attr_list))
539 {
540 pa_tnc_msg = pa_tnc_msg_create(state->get_max_msg_len(state));
541 attr_added = FALSE;
542
543 enumerator = attr_list->create_enumerator(attr_list);
544 while (enumerator->enumerate(enumerator, &attr))
545 {
546 if (pa_tnc_msg->add_attribute(pa_tnc_msg, attr))
547 {
548 attr_added = TRUE;
549 }
550 else
551 {
552 if (attr_added)
553 {
554 break;
555 }
556 else
557 {
558 DBG1(DBG_IMV, "PA-TNC attribute too large to send, deleted");
559 attr->destroy(attr);
560 }
561 }
562 attr_list->remove_at(attr_list, enumerator);
563 }
564 enumerator->destroy(enumerator);
565
566 /* build and send the PA-TNC message via the IF-IMV interface */
567 if (!pa_tnc_msg->build(pa_tnc_msg))
568 {
569 pa_tnc_msg->destroy(pa_tnc_msg);
570 return TNC_RESULT_FATAL;
571 }
572 msg = pa_tnc_msg->get_encoding(pa_tnc_msg);
573
574 if (state->has_long(state) && this->send_message_long)
575 {
576 if (!src_imv_id)
577 {
578 src_imv_id = this->id;
579 }
580 msg_flags = excl ? TNC_MESSAGE_FLAGS_EXCLUSIVE : 0;
581
582 result = this->send_message_long(src_imv_id, connection_id,
583 msg_flags, msg.ptr, msg.len, msg_vid,
584 msg_subtype, dst_imc_id);
585 }
586 else if (this->send_message)
587 {
588 type = msg_vid << 8 | msg_subtype;
589
590 result = this->send_message(this->id, connection_id, msg.ptr,
591 msg.len, type);
592 }
593
594 pa_tnc_msg->destroy(pa_tnc_msg);
595
596 if (result != TNC_RESULT_SUCCESS)
597 {
598 break;
599 }
600 }
601 return result;
602 }
603
604 METHOD(imv_agent_t, set_recommendation, TNC_Result,
605 private_imv_agent_t *this, TNC_ConnectionID connection_id,
606 TNC_IMV_Action_Recommendation rec,
607 TNC_IMV_Evaluation_Result eval)
608 {
609 imv_state_t *state;
610
611 state = find_connection(this, connection_id);
612 if (!state)
613 {
614 DBG1(DBG_IMV, "IMV %u \"%s\" has no state for Connection ID %u",
615 this->id, this->name, connection_id);
616 return TNC_RESULT_FATAL;
617 }
618
619 state->set_recommendation(state, rec, eval);
620 return this->provide_recommendation(this->id, connection_id, rec, eval);
621 }
622
623 METHOD(imv_agent_t, receive_message, TNC_Result,
624 private_imv_agent_t *this, imv_state_t *state, chunk_t msg,
625 TNC_VendorID msg_vid, TNC_MessageSubtype msg_subtype,
626 TNC_UInt32 src_imc_id, TNC_UInt32 dst_imv_id, pa_tnc_msg_t **pa_tnc_msg)
627 {
628 pa_tnc_msg_t *pa_msg;
629 pa_tnc_attr_t *error_attr;
630 linked_list_t *error_attr_list;
631 enumerator_t *enumerator;
632 TNC_UInt32 src_imv_id, dst_imc_id;
633 TNC_ConnectionID connection_id;
634 TNC_Result result;
635
636 connection_id = state->get_connection_id(state);
637
638 if (state->has_long(state))
639 {
640 if (dst_imv_id != TNC_IMVID_ANY)
641 {
642 DBG2(DBG_IMV, "IMV %u \"%s\" received message for Connection ID %u "
643 "from IMC %u to IMV %u", this->id, this->name,
644 connection_id, src_imc_id, dst_imv_id);
645 }
646 else
647 {
648 DBG2(DBG_IMV, "IMV %u \"%s\" received message for Connection ID %u "
649 "from IMC %u", this->id, this->name, connection_id,
650 src_imc_id);
651 }
652 }
653 else
654 {
655 DBG2(DBG_IMV, "IMV %u \"%s\" received message for Connection ID %u",
656 this->id, this->name, connection_id);
657 }
658
659 *pa_tnc_msg = NULL;
660 pa_msg = pa_tnc_msg_create_from_data(msg);
661
662 switch (pa_msg->process(pa_msg))
663 {
664 case SUCCESS:
665 *pa_tnc_msg = pa_msg;
666 break;
667 case VERIFY_ERROR:
668 /* extract and copy by refence all error attributes */
669 error_attr_list = linked_list_create();
670
671 enumerator = pa_msg->create_error_enumerator(pa_msg);
672 while (enumerator->enumerate(enumerator, &error_attr))
673 {
674 error_attr_list->insert_last(error_attr_list,
675 error_attr->get_ref(error_attr));
676 }
677 enumerator->destroy(enumerator);
678
679 src_imv_id = (dst_imv_id == TNC_IMVID_ANY) ? this->id : dst_imv_id;
680 dst_imc_id = state->has_excl(state) ? src_imc_id : TNC_IMCID_ANY;
681
682 result = send_message(this, connection_id, state->has_excl(state),
683 src_imv_id, dst_imc_id, msg_vid, msg_subtype,
684 error_attr_list);
685
686 error_attr_list->destroy(error_attr_list);
687 pa_msg->destroy(pa_msg);
688 return result;
689 case FAILED:
690 default:
691 pa_msg->destroy(pa_msg);
692 state->set_recommendation(state,
693 TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
694 TNC_IMV_EVALUATION_RESULT_ERROR);
695 return this->provide_recommendation(this->id, connection_id,
696 TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
697 TNC_IMV_EVALUATION_RESULT_ERROR);
698 }
699 return TNC_RESULT_SUCCESS;
700 }
701
702 METHOD(imv_agent_t, provide_recommendation, TNC_Result,
703 private_imv_agent_t *this, TNC_ConnectionID connection_id,
704 TNC_UInt32 dst_imc_id, TNC_VendorID msg_vid, TNC_MessageSubtype msg_subtype)
705 {
706 imv_state_t *state;
707 linked_list_t *attr_list;
708 pa_tnc_attr_t *attr;
709 TNC_Result result;
710 TNC_IMV_Action_Recommendation rec;
711 TNC_IMV_Evaluation_Result eval;
712 TNC_UInt32 lang_len;
713 char buf[BUF_LEN];
714 chunk_t pref_lang = { buf, 0 }, reason_string, reason_lang;
715
716 state = find_connection(this, connection_id);
717 if (!state)
718 {
719 DBG1(DBG_IMV, "IMV %u \"%s\" has no state for Connection ID %u",
720 this->id, this->name, connection_id);
721 return TNC_RESULT_FATAL;
722 }
723 state->get_recommendation(state, &rec, &eval);
724
725 /* send a reason string if action recommendation is not allow */
726 if (rec != TNC_IMV_ACTION_RECOMMENDATION_ALLOW)
727 {
728 /* check if there a preferred language has been requested */
729 if (this->get_attribute &&
730 this->get_attribute(this->id, connection_id,
731 TNC_ATTRIBUTEID_PREFERRED_LANGUAGE, BUF_LEN,
732 buf, &lang_len) == TNC_RESULT_SUCCESS &&
733 lang_len <= BUF_LEN)
734 {
735 pref_lang.len = lang_len;
736 DBG2(DBG_IMV, "preferred language is '%.*s'", (int)pref_lang.len,
737 pref_lang.ptr);
738 }
739
740 /* find a reason string for the preferred or default language and set it */
741 if (this->set_attribute &&
742 state->get_reason_string(state, pref_lang, &reason_string,
743 &reason_lang))
744 {
745 this->set_attribute(this->id, connection_id,
746 TNC_ATTRIBUTEID_REASON_STRING,
747 reason_string.len, reason_string.ptr);
748 this->set_attribute(this->id, connection_id,
749 TNC_ATTRIBUTEID_REASON_LANGUAGE,
750 reason_lang.len, reason_lang.ptr);
751 }
752 }
753
754 /* Send an IETF Assessment Result attribute if enabled */
755 if (lib->settings->get_bool(lib->settings, "libimcv.assessment_result", TRUE))
756 {
757 attr = ietf_attr_assess_result_create(eval);
758 attr_list = linked_list_create();
759 attr_list->insert_last(attr_list, attr);
760 result = send_message(this, connection_id, FALSE, this->id, dst_imc_id,
761 msg_vid, msg_subtype, attr_list);
762 attr_list->destroy(attr_list);
763 if (result != TNC_RESULT_SUCCESS)
764 {
765 return result;
766 }
767 }
768 return this->provide_recommendation(this->id, connection_id, rec, eval);
769 }
770
771 METHOD(imv_agent_t, reserve_additional_ids, TNC_Result,
772 private_imv_agent_t *this, int count)
773 {
774 TNC_Result result;
775 TNC_UInt32 id;
776 void *pointer;
777
778 if (!this->reserve_additional_id)
779 {
780 DBG1(DBG_IMV, "IMV %u \"%s\" did not detect the capability to reserve "
781 "additional IMV IDs from the TNCS", this->id, this->name);
782 return TNC_RESULT_ILLEGAL_OPERATION;
783 }
784 while (count > 0)
785 {
786 result = this->reserve_additional_id(this->id, &id);
787 if (result != TNC_RESULT_SUCCESS)
788 {
789 DBG1(DBG_IMV, "IMV %u \"%s\" failed to reserve %d additional IMV IDs",
790 this->id, this->name, count);
791 return result;
792 }
793 count--;
794
795 /* store the scalar value in the pointer */
796 pointer = (void*)id;
797 this->additional_ids->insert_last(this->additional_ids, pointer);
798 DBG2(DBG_IMV, "IMV %u \"%s\" reserved additional ID %u",
799 this->id, this->name, id);
800 }
801 return TNC_RESULT_SUCCESS;
802 }
803
804 METHOD(imv_agent_t, count_additional_ids, int,
805 private_imv_agent_t *this)
806 {
807 return this->additional_ids->get_count(this->additional_ids);
808 }
809
810 METHOD(imv_agent_t, create_id_enumerator, enumerator_t*,
811 private_imv_agent_t *this)
812 {
813 return this->additional_ids->create_enumerator(this->additional_ids);
814 }
815
816 METHOD(imv_agent_t, destroy, void,
817 private_imv_agent_t *this)
818 {
819 DBG1(DBG_IMV, "IMV %u \"%s\" terminated", this->id, this->name);
820 this->additional_ids->destroy(this->additional_ids);
821 this->connections->destroy_offset(this->connections,
822 offsetof(imv_state_t, destroy));
823 this->connection_lock->destroy(this->connection_lock);
824 free(this);
825
826 /* decrease the reference count or terminate */
827 libimcv_deinit();
828 }
829
830 /**
831 * Described in header.
832 */
833 imv_agent_t *imv_agent_create(const char *name,
834 pen_type_t *supported_types, u_int32_t type_count,
835 TNC_IMVID id, TNC_Version *actual_version)
836 {
837 private_imv_agent_t *this;
838
839 /* initialize or increase the reference count */
840 if (!libimcv_init())
841 {
842 return NULL;
843 }
844
845 INIT(this,
846 .public = {
847 .bind_functions = _bind_functions,
848 .create_state = _create_state,
849 .delete_state = _delete_state,
850 .change_state = _change_state,
851 .get_state = _get_state,
852 .send_message = _send_message,
853 .receive_message = _receive_message,
854 .set_recommendation = _set_recommendation,
855 .provide_recommendation = _provide_recommendation,
856 .reserve_additional_ids = _reserve_additional_ids,
857 .count_additional_ids = _count_additional_ids,
858 .create_id_enumerator = _create_id_enumerator,
859 .destroy = _destroy,
860 },
861 .name = name,
862 .supported_types = supported_types,
863 .type_count = type_count,
864 .id = id,
865 .additional_ids = linked_list_create(),
866 .connections = linked_list_create(),
867 .connection_lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
868 );
869
870 *actual_version = TNC_IFIMV_VERSION_1;
871 DBG1(DBG_IMV, "IMV %u \"%s\" initialized", this->id, this->name);
872
873 return &this->public;
874 }
875
876