store the long and excl flags in the connection state
[strongswan.git] / src / libimcv / imv / imv_agent.c
1 /*
2 * Copyright (C) 2011 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
3 *
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License as published by the
6 * Free Software Foundation; either version 2 of the License, or (at your
7 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * for more details.
13 */
14
15 #include "imcv.h"
16 #include "imv_agent.h"
17
18 #include <tncif_names.h>
19
20 #include <debug.h>
21 #include <utils/linked_list.h>
22 #include <threading/rwlock.h>
23
24 typedef struct private_imv_agent_t private_imv_agent_t;
25
26 /**
27 * Private data of an imv_agent_t object.
28 */
29 struct private_imv_agent_t {
30
31 /**
32 * Public members of imv_agent_t
33 */
34 imv_agent_t public;
35
36 /**
37 * name of IMV
38 */
39 const char *name;
40
41 /**
42 * message vendor ID of IMV
43 */
44 TNC_VendorID vendor_id;
45
46 /**
47 * message subtype of IMV
48 */
49 TNC_MessageSubtype subtype;
50
51 /**
52 * ID of IMV as assigned by TNCS
53 */
54 TNC_IMVID id;
55
56 /**
57 * list of TNCS connection entries
58 */
59 linked_list_t *connections;
60
61 /**
62 * rwlock to lock TNCS connection entries
63 */
64 rwlock_t *connection_lock;
65
66 /**
67 * Inform a TNCS about the set of message types the IMV is able to receive
68 *
69 * @param imv_id IMV ID assigned by TNCS
70 * @param supported_types list of supported message types
71 * @param type_count number of list elements
72 * @return TNC result code
73 */
74 TNC_Result (*report_message_types)(TNC_IMVID imv_id,
75 TNC_MessageTypeList supported_types,
76 TNC_UInt32 type_count);
77
78 /**
79 * Inform a TNCS about the set of message types the IMV is able to receive
80 *
81 * @param imv_id IMV ID assigned by TNCS
82 * @param supported_vids list of supported message vendor IDs
83 * @param supported_subtypes list of supported message subtypes
84 * @param type_count number of list elements
85 * @return TNC result code
86 */
87 TNC_Result (*report_message_types_long)(TNC_IMVID imv_id,
88 TNC_VendorIDList supported_vids,
89 TNC_MessageSubtypeList supported_subtypes,
90 TNC_UInt32 type_count);
91
92 /**
93 * Call when an IMV-IMC message is to be sent
94 *
95 * @param imv_id IMV ID assigned by TNCS
96 * @param connection_id network connection ID assigned by TNCS
97 * @param msg message to send
98 * @param msg_len message length in bytes
99 * @param msg_type message type
100 * @return TNC result code
101 */
102 TNC_Result (*send_message)(TNC_IMVID imv_id,
103 TNC_ConnectionID connection_id,
104 TNC_BufferReference msg,
105 TNC_UInt32 msg_len,
106 TNC_MessageType msg_type);
107
108 /**
109 * Deliver IMV Action Recommendation and IMV Evaluation Results to the TNCS
110 *
111 * @param imv_id IMV ID assigned by TNCS
112 # @param connection_id network connection ID assigned by TNCS
113 * @param rec IMV action recommendation
114 * @param eval IMV evaluation result
115 * @return TNC result code
116 */
117 TNC_Result (*provide_recommendation)(TNC_IMVID imv_id,
118 TNC_ConnectionID connection_id,
119 TNC_IMV_Action_Recommendation rec,
120 TNC_IMV_Evaluation_Result eval);
121
122 /**
123 * Get the value of an attribute associated with a connection
124 * or with the TNCS as a whole.
125 *
126 * @param imv_id IMV ID assigned by TNCS
127 * @param connection_id network connection ID assigned by TNCS
128 * @param attribute_id attribute ID
129 * @param buffer_len length of buffer in bytes
130 * @param buffer buffer
131 * @param out_value_len size in bytes of attribute stored in buffer
132 * @return TNC result code
133 */
134 TNC_Result (*get_attribute)(TNC_IMVID imv_id,
135 TNC_ConnectionID connection_id,
136 TNC_AttributeID attribute_id,
137 TNC_UInt32 buffer_len,
138 TNC_BufferReference buffer,
139 TNC_UInt32 *out_value_len);
140
141 /**
142 * Set the value of an attribute associated with a connection
143 * or with the TNCS as a whole.
144 *
145 * @param imv_id IMV ID assigned by TNCS
146 * @param connection_id network connection ID assigned by TNCS
147 * @param attribute_id attribute ID
148 * @param buffer_len length of buffer in bytes
149 * @param buffer buffer
150 * @return TNC result code
151 */
152 TNC_Result (*set_attribute)(TNC_IMVID imv_id,
153 TNC_ConnectionID connection_id,
154 TNC_AttributeID attribute_id,
155 TNC_UInt32 buffer_len,
156 TNC_BufferReference buffer);
157 };
158
159 METHOD(imv_agent_t, bind_functions, TNC_Result,
160 private_imv_agent_t *this, TNC_TNCS_BindFunctionPointer bind_function)
161 {
162 if (!bind_function)
163 {
164 DBG1(DBG_IMV, "TNC server failed to provide bind function");
165 return TNC_RESULT_INVALID_PARAMETER;
166 }
167 if (bind_function(this->id, "TNC_TNCS_ReportMessageTypes",
168 (void**)&this->report_message_types) != TNC_RESULT_SUCCESS)
169 {
170 this->report_message_types = NULL;
171 }
172 if (bind_function(this->id, "TNC_TNCS_ReportMessageTypesLong",
173 (void**)&this->report_message_types_long) != TNC_RESULT_SUCCESS)
174 {
175 this->report_message_types_long = NULL;
176 }
177 if (bind_function(this->id, "TNC_TNCS_RequestHandshakeRetry",
178 (void**)&this->public.request_handshake_retry) != TNC_RESULT_SUCCESS)
179 {
180 this->public.request_handshake_retry = NULL;
181 }
182 if (bind_function(this->id, "TNC_TNCS_SendMessage",
183 (void**)&this->send_message) != TNC_RESULT_SUCCESS)
184 {
185 this->send_message = NULL;
186 }
187 if (bind_function(this->id, "TNC_TNCS_ProvideRecommendation",
188 (void**)&this->provide_recommendation) != TNC_RESULT_SUCCESS)
189 {
190 this->provide_recommendation = NULL;
191 }
192 if (bind_function(this->id, "TNC_TNCS_GetAttribute",
193 (void**)&this->get_attribute) != TNC_RESULT_SUCCESS)
194 {
195 this->get_attribute = NULL;
196 }
197 if (bind_function(this->id, "TNC_TNCS_SetAttribute",
198 (void**)&this->set_attribute) != TNC_RESULT_SUCCESS)
199 {
200 this->set_attribute = NULL;
201 }
202 DBG2(DBG_IMV, "IMV %u \"%s\" provided with bind function",
203 this->id, this->name);
204
205 if (this->report_message_types_long)
206 {
207 this->report_message_types_long(this->id, &this->vendor_id,
208 &this->subtype, 1);
209 }
210 else if (this->report_message_types &&
211 this->vendor_id <= TNC_VENDORID_ANY &&
212 this->subtype <= TNC_SUBTYPE_ANY)
213 {
214 TNC_MessageType type;
215
216 type = (this->vendor_id << 8) | this->subtype;
217 this->report_message_types(this->id, &type, 1);
218 }
219 return TNC_RESULT_SUCCESS;
220 }
221
222 /**
223 * finds a connection state based on its Connection ID
224 */
225 static imv_state_t* find_connection(private_imv_agent_t *this,
226 TNC_ConnectionID id)
227 {
228 enumerator_t *enumerator;
229 imv_state_t *state, *found = NULL;
230
231 this->connection_lock->read_lock(this->connection_lock);
232 enumerator = this->connections->create_enumerator(this->connections);
233 while (enumerator->enumerate(enumerator, &state))
234 {
235 if (id == state->get_connection_id(state))
236 {
237 found = state;
238 break;
239 }
240 }
241 enumerator->destroy(enumerator);
242 this->connection_lock->unlock(this->connection_lock);
243
244 return found;
245 }
246
247 /**
248 * delete a connection state with a given Connection ID
249 */
250 static bool delete_connection(private_imv_agent_t *this, TNC_ConnectionID id)
251 {
252 enumerator_t *enumerator;
253 imv_state_t *state;
254 bool found = FALSE;
255
256 this->connection_lock->write_lock(this->connection_lock);
257 enumerator = this->connections->create_enumerator(this->connections);
258 while (enumerator->enumerate(enumerator, &state))
259 {
260 if (id == state->get_connection_id(state))
261 {
262 found = TRUE;
263 state->destroy(state);
264 this->connections->remove_at(this->connections, enumerator);
265 break;
266 }
267 }
268 enumerator->destroy(enumerator);
269 this->connection_lock->unlock(this->connection_lock);
270
271 return found;
272 }
273
274 /**
275 * Read a boolean attribute
276 */
277 static bool get_bool_attribute(private_imv_agent_t *this, TNC_ConnectionID id,
278 TNC_AttributeID attribute_id)
279 {
280 TNC_UInt32 len;
281 char buf[4];
282
283 return this->get_attribute &&
284 this->get_attribute(this->id, id, attribute_id, 4, buf, &len) ==
285 TNC_RESULT_SUCCESS && len == 1 && *buf == 0x01;
286 }
287
288 /**
289 * Read a string attribute
290 */
291 static char* get_str_attribute(private_imv_agent_t *this, TNC_ConnectionID id,
292 TNC_AttributeID attribute_id)
293 {
294 TNC_UInt32 len;
295 char buf[BUF_LEN];
296
297 if (this->get_attribute &&
298 this->get_attribute(this->id, id, attribute_id, BUF_LEN, buf, &len) ==
299 TNC_RESULT_SUCCESS && len <= BUF_LEN)
300 {
301 return strdup(buf);
302 }
303 return NULL;
304 }
305
306 METHOD(imv_agent_t, create_state, TNC_Result,
307 private_imv_agent_t *this, imv_state_t *state)
308 {
309 TNC_ConnectionID conn_id;
310 char *tnccs_p = NULL, *tnccs_v = NULL, *t_p = NULL, *t_v = NULL;
311 bool has_long = FALSE, has_excl = FALSE, has_soh = FALSE;
312
313 conn_id = state->get_connection_id(state);
314 if (find_connection(this, conn_id))
315 {
316 DBG1(DBG_IMV, "IMV %u \"%s\" already created a state for Connection ID %u",
317 this->id, this->name, conn_id);
318 state->destroy(state);
319 return TNC_RESULT_OTHER;
320 }
321
322 /* Get and display attributes from TNCS via IF-IMV */
323 has_long = get_bool_attribute(this, conn_id, TNC_ATTRIBUTEID_HAS_LONG_TYPES);
324 has_excl = get_bool_attribute(this, conn_id, TNC_ATTRIBUTEID_HAS_EXCLUSIVE);
325 has_soh = get_bool_attribute(this, conn_id, TNC_ATTRIBUTEID_HAS_SOH);
326 tnccs_p = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFTNCCS_PROTOCOL);
327 tnccs_v = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFTNCCS_VERSION);
328 t_p = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFT_PROTOCOL);
329 t_v = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFT_VERSION);
330
331 state->set_flags(state, has_long, has_excl);
332
333 DBG2(DBG_IMV, "IMV %u \"%s\" created a state for Connection ID %u: "
334 "%s %s with %slong %sexcl %ssoh over %s %s",
335 this->id, this->name, conn_id, tnccs_p ? tnccs_p:"?",
336 tnccs_v ? tnccs_v:"?", has_long ? "+":"-", has_excl ? "+":"-",
337 has_soh ? "+":"-", t_p ? t_p:"?", t_v ? t_v :"?");
338 free(tnccs_p);
339 free(tnccs_v);
340 free(t_p);
341 free(t_v);
342
343 this->connection_lock->write_lock(this->connection_lock);
344 this->connections->insert_last(this->connections, state);
345 this->connection_lock->unlock(this->connection_lock);
346 return TNC_RESULT_SUCCESS;
347 }
348
349 METHOD(imv_agent_t, delete_state, TNC_Result,
350 private_imv_agent_t *this, TNC_ConnectionID connection_id)
351 {
352 if (!delete_connection(this, connection_id))
353 {
354 DBG1(DBG_IMV, "IMV %u \"%s\" has no state for Connection ID %u",
355 this->id, this->name, connection_id);
356 return TNC_RESULT_FATAL;
357 }
358 DBG2(DBG_IMV, "IMV %u \"%s\" deleted the state of Connection ID %u",
359 this->id, this->name, connection_id);
360 return TNC_RESULT_SUCCESS;
361 }
362
363 METHOD(imv_agent_t, change_state, TNC_Result,
364 private_imv_agent_t *this, TNC_ConnectionID connection_id,
365 TNC_ConnectionState new_state,
366 imv_state_t **state_p)
367 {
368 imv_state_t *state;
369
370 switch (new_state)
371 {
372 case TNC_CONNECTION_STATE_HANDSHAKE:
373 case TNC_CONNECTION_STATE_ACCESS_ALLOWED:
374 case TNC_CONNECTION_STATE_ACCESS_ISOLATED:
375 case TNC_CONNECTION_STATE_ACCESS_NONE:
376 state = find_connection(this, connection_id);
377 if (!state)
378 {
379 DBG1(DBG_IMV, "IMV %u \"%s\" has no state for Connection ID %u",
380 this->id, this->name, connection_id);
381 return TNC_RESULT_FATAL;
382 }
383 state->change_state(state, new_state);
384 DBG2(DBG_IMV, "IMV %u \"%s\" changed state of Connection ID %u to '%N'",
385 this->id, this->name, connection_id,
386 TNC_Connection_State_names, new_state);
387 if (state_p)
388 {
389 *state_p = state;
390 }
391 break;
392 case TNC_CONNECTION_STATE_CREATE:
393 DBG1(DBG_IMV, "state '%N' should be handled by create_state()",
394 TNC_Connection_State_names, new_state);
395 return TNC_RESULT_FATAL;
396 case TNC_CONNECTION_STATE_DELETE:
397 DBG1(DBG_IMV, "state '%N' should be handled by delete_state()",
398 TNC_Connection_State_names, new_state);
399 return TNC_RESULT_FATAL;
400 default:
401 DBG1(DBG_IMV, "IMV %u \"%s\" was notified of unknown state %u "
402 "for Connection ID %u",
403 this->id, this->name, new_state, connection_id);
404 return TNC_RESULT_INVALID_PARAMETER;
405 }
406 return TNC_RESULT_SUCCESS;
407 }
408
409 METHOD(imv_agent_t, get_state, bool,
410 private_imv_agent_t *this, TNC_ConnectionID connection_id,
411 imv_state_t **state)
412 {
413 *state = find_connection(this, connection_id);
414 if (!*state)
415 {
416 DBG1(DBG_IMV, "IMV %u \"%s\" has no state for Connection ID %u",
417 this->id, this->name, connection_id);
418 return FALSE;
419 }
420 return TRUE;
421 }
422
423 METHOD(imv_agent_t, send_message, TNC_Result,
424 private_imv_agent_t *this, TNC_ConnectionID connection_id, chunk_t msg)
425 {
426 TNC_MessageType type;
427
428 if (!this->send_message)
429 {
430 return TNC_RESULT_FATAL;
431 }
432 type = (this->vendor_id << 8) | this->subtype;
433 return this->send_message(this->id, connection_id, msg.ptr, msg.len, type);
434 }
435
436 METHOD(imv_agent_t, set_recommendation, TNC_Result,
437 private_imv_agent_t *this, TNC_ConnectionID connection_id,
438 TNC_IMV_Action_Recommendation rec,
439 TNC_IMV_Evaluation_Result eval)
440 {
441 imv_state_t *state;
442
443 state = find_connection(this, connection_id);
444 if (!state)
445 {
446 DBG1(DBG_IMV, "IMV %u \"%s\" has no state for Connection ID %u",
447 this->id, this->name, connection_id);
448 return TNC_RESULT_FATAL;
449 }
450
451 state->set_recommendation(state, rec, eval);
452 return this->provide_recommendation(this->id, connection_id, rec, eval);
453 }
454
455 METHOD(imv_agent_t, receive_message, TNC_Result,
456 private_imv_agent_t *this, TNC_ConnectionID connection_id, chunk_t msg,
457 TNC_MessageType msg_type, pa_tnc_msg_t **pa_tnc_msg)
458 {
459 pa_tnc_msg_t *pa_msg, *error_msg;
460 pa_tnc_attr_t *error_attr;
461 enumerator_t *enumerator;
462 TNC_Result result;
463
464 DBG2(DBG_IMV, "IMV %u \"%s\" received message type 0x%08x for Connection ID %u",
465 this->id, this->name, msg_type, connection_id);
466
467 *pa_tnc_msg = NULL;
468 pa_msg = pa_tnc_msg_create_from_data(msg);
469
470 switch (pa_msg->process(pa_msg))
471 {
472 case SUCCESS:
473 *pa_tnc_msg = pa_msg;
474 break;
475 case VERIFY_ERROR:
476 if (!this->send_message)
477 {
478 /* TNCS doen't have a SendMessage() function */
479 return TNC_RESULT_FATAL;
480 }
481
482 /* build error message */
483 error_msg = pa_tnc_msg_create();
484 enumerator = pa_msg->create_error_enumerator(pa_msg);
485 while (enumerator->enumerate(enumerator, &error_attr))
486 {
487 error_msg->add_attribute(error_msg,
488 error_attr->get_ref(error_attr));
489 }
490 enumerator->destroy(enumerator);
491 error_msg->build(error_msg);
492
493 /* send error message */
494 msg = error_msg->get_encoding(error_msg);
495 result = this->send_message(this->id, connection_id,
496 msg.ptr, msg.len, msg_type);
497
498 /* clean up */
499 error_msg->destroy(error_msg);
500 pa_msg->destroy(pa_msg);
501 return result;
502 case FAILED:
503 default:
504 pa_msg->destroy(pa_msg);
505 return set_recommendation(this, connection_id,
506 TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
507 TNC_IMV_EVALUATION_RESULT_ERROR);
508 }
509 return TNC_RESULT_SUCCESS;
510 }
511
512 METHOD(imv_agent_t, provide_recommendation, TNC_Result,
513 private_imv_agent_t *this, TNC_ConnectionID connection_id)
514 {
515 imv_state_t *state;
516 TNC_IMV_Action_Recommendation rec;
517 TNC_IMV_Evaluation_Result eval;
518 TNC_UInt32 lang_len;
519 char buf[BUF_LEN];
520 chunk_t pref_lang = { buf, 0 }, reason_string, reason_lang;
521
522 state = find_connection(this, connection_id);
523 if (!state)
524 {
525 DBG1(DBG_IMV, "IMV %u \"%s\" has no state for Connection ID %u",
526 this->id, this->name, connection_id);
527 return TNC_RESULT_FATAL;
528 }
529 state->get_recommendation(state, &rec, &eval);
530
531
532 /* send a reason string if action recommendation is not allow */
533 if (rec != TNC_IMV_ACTION_RECOMMENDATION_ALLOW)
534 {
535 /* check if there a preferred language has been requested */
536 if (this->get_attribute &&
537 this->get_attribute(this->id, connection_id,
538 TNC_ATTRIBUTEID_PREFERRED_LANGUAGE, BUF_LEN,
539 buf, &lang_len) == TNC_RESULT_SUCCESS &&
540 lang_len <= BUF_LEN)
541 {
542 pref_lang.len = lang_len;
543 DBG2(DBG_IMV, "preferred language is '%.*s'",
544 pref_lang.len, pref_lang.ptr);
545 }
546
547 /* find a reason string for the preferred or default language and set it */
548 if (this->set_attribute &&
549 state->get_reason_string(state, pref_lang, &reason_string,
550 &reason_lang))
551 {
552 this->set_attribute(this->id, connection_id,
553 TNC_ATTRIBUTEID_REASON_STRING,
554 reason_string.len, reason_string.ptr);
555 this->set_attribute(this->id, connection_id,
556 TNC_ATTRIBUTEID_REASON_LANGUAGE,
557 reason_lang.len, reason_lang.ptr);
558 }
559 }
560
561 return this->provide_recommendation(this->id, connection_id, rec, eval);
562 }
563
564 METHOD(imv_agent_t, destroy, void,
565 private_imv_agent_t *this)
566 {
567 DBG1(DBG_IMV, "IMV %u \"%s\" terminated", this->id, this->name);
568 this->connections->destroy_offset(this->connections,
569 offsetof(imv_state_t, destroy));
570 this->connection_lock->destroy(this->connection_lock);
571 free(this);
572
573 /* decrease the reference count or terminate */
574 libimcv_deinit();
575 }
576
577 /**
578 * Described in header.
579 */
580 imv_agent_t *imv_agent_create(const char *name,
581 pen_t vendor_id, u_int32_t subtype,
582 TNC_IMVID id, TNC_Version *actual_version)
583 {
584 private_imv_agent_t *this;
585
586 /* initialize or increase the reference count */
587 if (!libimcv_init())
588 {
589 return NULL;
590 }
591
592 INIT(this,
593 .public = {
594 .bind_functions = _bind_functions,
595 .create_state = _create_state,
596 .delete_state = _delete_state,
597 .change_state = _change_state,
598 .get_state = _get_state,
599 .send_message = _send_message,
600 .receive_message = _receive_message,
601 .set_recommendation = _set_recommendation,
602 .provide_recommendation = _provide_recommendation,
603 .destroy = _destroy,
604 },
605 .name = name,
606 .vendor_id = vendor_id,
607 .subtype = subtype,
608 .id = id,
609 .connections = linked_list_create(),
610 .connection_lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
611 );
612
613 *actual_version = TNC_IFIMV_VERSION_1;
614 DBG1(DBG_IMV, "IMV %u \"%s\" initialized", this->id, this->name);
615
616 return &this->public;
617 }
618
619