projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
implemented IETF Operational Status attribute
[strongswan.git] / src / libimcv / plugins / imc_os / imc_os.c
1 /*
2 * Copyright (C) 2011-2012 Andreas Steffen
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "imc_os_state.h"
17
18 #include <imc/imc_agent.h>
19 #include <pa_tnc/pa_tnc_msg.h>
20 #include <ietf/ietf_attr.h>
21 #include <ietf/ietf_attr_assess_result.h>
22 #include <ietf/ietf_attr_attr_request.h>
23 #include <ietf/ietf_attr_default_pwd_enabled.h>
24 #include <ietf/ietf_attr_fwd_enabled.h>
25 #include <ietf/ietf_attr_installed_packages.h>
26 #include <ietf/ietf_attr_op_status.h>
27 #include <ietf/ietf_attr_pa_tnc_error.h>
28 #include <ietf/ietf_attr_product_info.h>
29 #include <ietf/ietf_attr_string_version.h>
30 #include <os_info/os_info.h>
31
32 #include <tncif_pa_subtypes.h>
33
34 #include <pen/pen.h>
35 #include <debug.h>
36
37 /* IMC definitions */
38
39 static const char imc_name[] = "OS";
40
41 #define IMC_VENDOR_ID PEN_IETF
42 #define IMC_SUBTYPE PA_SUBTYPE_IETF_OPERATING_SYSTEM
43
44 static imc_agent_t *imc_os;
45 static os_info_t *os;
46
47 /**
48 * see section 3.8.1 of TCG TNC IF-IMC Specification 1.3
49 */
50 TNC_Result TNC_IMC_Initialize(TNC_IMCID imc_id,
51 TNC_Version min_version,
52 TNC_Version max_version,
53 TNC_Version *actual_version)
54 {
55 if (imc_os)
56 {
57 DBG1(DBG_IMC, "IMC \"%s\" has already been initialized", imc_name);
58 return TNC_RESULT_ALREADY_INITIALIZED;
59 }
60 imc_os = imc_agent_create(imc_name, IMC_VENDOR_ID, IMC_SUBTYPE,
61 imc_id, actual_version);
62 if (!imc_os)
63 {
64 return TNC_RESULT_FATAL;
65 }
66
67 os = os_info_create();
68 if (!os)
69 {
70 imc_os->destroy(imc_os);
71 imc_os = NULL;
72
73 return TNC_RESULT_FATAL;
74 }
75
76 if (min_version > TNC_IFIMC_VERSION_1 || max_version < TNC_IFIMC_VERSION_1)
77 {
78 DBG1(DBG_IMC, "no common IF-IMC version");
79 return TNC_RESULT_NO_COMMON_VERSION;
80 }
81 return TNC_RESULT_SUCCESS;
82 }
83
84 /**
85 * see section 3.8.2 of TCG TNC IF-IMC Specification 1.3
86 */
87 TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id,
88 TNC_ConnectionID connection_id,
89 TNC_ConnectionState new_state)
90 {
91 imc_state_t *state;
92
93 if (!imc_os)
94 {
95 DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
96 return TNC_RESULT_NOT_INITIALIZED;
97 }
98 switch (new_state)
99 {
100 case TNC_CONNECTION_STATE_CREATE:
101 state = imc_os_state_create(connection_id);
102 return imc_os->create_state(imc_os, state);
103 case TNC_CONNECTION_STATE_HANDSHAKE:
104 if (imc_os->change_state(imc_os, connection_id, new_state,
105 &state) != TNC_RESULT_SUCCESS)
106 {
107 return TNC_RESULT_FATAL;
108 }
109 state->set_result(state, imc_id,
110 TNC_IMV_EVALUATION_RESULT_DONT_KNOW);
111 return TNC_RESULT_SUCCESS;
112 case TNC_CONNECTION_STATE_DELETE:
113 return imc_os->delete_state(imc_os, connection_id);
114 default:
115 return imc_os->change_state(imc_os, connection_id,
116 new_state, NULL);
117 }
118 }
119
120 /**
121 * Add IETF Product Information attribute to the send queue
122 */
123 static void add_product_info(linked_list_t *attr_list)
124 {
125 pa_tnc_attr_t *attr;
126
127 attr = ietf_attr_product_info_create(PEN_IETF, 0, os->get_name(os));
128 attr_list->insert_last(attr_list, attr);
129 }
130
131 /**
132 * Add IETF String Version attribute to the send queue
133 */
134 static void add_string_version(linked_list_t *attr_list)
135 {
136 pa_tnc_attr_t *attr;
137
138 attr = ietf_attr_string_version_create(os->get_version(os),
139 chunk_empty, chunk_empty);
140 attr_list->insert_last(attr_list, attr);
141 }
142
143 /**
144 * Add IETF Operational Status attribute to the send queue
145 */
146 static void add_op_status(linked_list_t *attr_list)
147 {
148 pa_tnc_attr_t *attr;
149 time_t uptime, last_boot;
150
151 uptime = os->get_uptime(os);
152 last_boot = uptime ? time(NULL) - uptime : UNDEFINED_TIME;
153 if (last_boot != UNDEFINED_TIME)
154 {
155 DBG1(DBG_IMC, "last boot: %T, %u s ago", &last_boot, TRUE, uptime);
156 }
157 attr = ietf_attr_op_status_create(OP_STATUS_OPERATIONAL,
158 OP_RESULT_SUCCESSFUL, last_boot);
159 attr_list->insert_last(attr_list, attr);
160 }
161
162 /**
163 * Add IETF Forwarding Enabled attribute to the send queue
164 */
165 static void add_fwd_enabled(linked_list_t *attr_list)
166 {
167 pa_tnc_attr_t *attr;
168 os_fwd_status_t fwd_status;
169
170 fwd_status = os->get_fwd_status(os);
171 DBG1(DBG_IMC, "IPv4 forwarding status: %N",
172 os_fwd_status_names, fwd_status);
173 attr = ietf_attr_fwd_enabled_create(fwd_status);
174 attr_list->insert_last(attr_list, attr);
175 }
176
177 /**
178 * Add IETF Factory Default Password Enabled attribute to the send queue
179 */
180 static void add_default_pwd_enabled(linked_list_t *attr_list)
181 {
182 pa_tnc_attr_t *attr;
183
184 DBG1(DBG_IMC, "factory default password: disabled");
185 attr = ietf_attr_default_pwd_enabled_create(FALSE);
186 attr_list->insert_last(attr_list, attr);
187 }
188
189 /**
190 * Add an IETF Installed Packages attribute to the send queue
191 */
192 static void add_installed_packages(linked_list_t *attr_list)
193 {
194 pa_tnc_attr_t *attr;
195 ietf_attr_installed_packages_t *attr_cast;
196 chunk_t libc_name = { "libc-bin", 8 };
197 chunk_t libc_version = { "2.15-0ubuntu10.2", 16 };
198 chunk_t selinux_name = { "selinux", 7 };
199 chunk_t selinux_version = { "1:0.11", 6 };
200
201 attr = ietf_attr_installed_packages_create();
202 attr_cast = (ietf_attr_installed_packages_t*)attr;
203 attr_cast->add(attr_cast, libc_name, libc_version);
204 attr_cast->add(attr_cast, selinux_name, selinux_version);
205 attr_list->insert_last(attr_list, attr);
206 }
207
208 /**
209 * see section 3.8.3 of TCG TNC IF-IMC Specification 1.3
210 */
211 TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id,
212 TNC_ConnectionID connection_id)
213 {
214 TNC_Result result = TNC_RESULT_SUCCESS;
215
216 if (!imc_os)
217 {
218 DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
219 return TNC_RESULT_NOT_INITIALIZED;
220 }
221
222 if (lib->settings->get_bool(lib->settings,
223 "libimcv.plugins.imc-os.send_info", TRUE))
224 {
225 linked_list_t *attr_list;
226
227 attr_list = linked_list_create();
228 add_product_info(attr_list);
229 add_string_version(attr_list);
230 add_op_status(attr_list);
231 add_fwd_enabled(attr_list);
232 add_default_pwd_enabled(attr_list);
233 result = imc_os->send_message(imc_os, connection_id, FALSE, 0,
234 TNC_IMVID_ANY, attr_list);
235 attr_list->destroy(attr_list);
236 }
237
238 return result;
239 }
240
241 static TNC_Result receive_message(TNC_IMCID imc_id,
242 TNC_ConnectionID connection_id,
243 TNC_UInt32 msg_flags,
244 chunk_t msg,
245 TNC_VendorID msg_vid,
246 TNC_MessageSubtype msg_subtype,
247 TNC_UInt32 src_imv_id,
248 TNC_UInt32 dst_imc_id)
249 {
250 pa_tnc_msg_t *pa_tnc_msg;
251 pa_tnc_attr_t *attr;
252 pen_type_t attr_type;
253 linked_list_t *attr_list;
254 imc_state_t *state;
255 enumerator_t *enumerator;
256 TNC_Result result;
257 TNC_UInt32 target_imc_id;
258 bool fatal_error;
259
260 if (!imc_os)
261 {
262 DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
263 return TNC_RESULT_NOT_INITIALIZED;
264 }
265
266 /* get current IMC state */
267 if (!imc_os->get_state(imc_os, connection_id, &state))
268 {
269 return TNC_RESULT_FATAL;
270 }
271
272 /* parse received PA-TNC message and automatically handle any errors */
273 result = imc_os->receive_message(imc_os, state, msg, msg_vid,
274 msg_subtype, src_imv_id, dst_imc_id, &pa_tnc_msg);
275
276 /* no parsed PA-TNC attributes available if an error occurred */
277 if (!pa_tnc_msg)
278 {
279 return result;
280 }
281 target_imc_id = (dst_imc_id == TNC_IMCID_ANY) ? imc_id : dst_imc_id;
282
283 /* preprocess any IETF standard error attributes */
284 fatal_error = pa_tnc_msg->process_ietf_std_errors(pa_tnc_msg);
285
286 /* analyze PA-TNC attributes */
287 attr_list = linked_list_create();
288 enumerator = pa_tnc_msg->create_attribute_enumerator(pa_tnc_msg);
289 while (enumerator->enumerate(enumerator, &attr))
290 {
291 attr_type = attr->get_type(attr);
292
293 if (attr_type.vendor_id != PEN_IETF)
294 {
295 continue;
296 }
297 if (attr_type.type == IETF_ATTR_ATTRIBUTE_REQUEST)
298 {
299 ietf_attr_attr_request_t *attr_cast;
300 pen_type_t *entry;
301 enumerator_t *e;
302
303 attr_cast = (ietf_attr_attr_request_t*)attr;
304
305 e = attr_cast->create_enumerator(attr_cast);
306 while (e->enumerate(e, &entry))
307 {
308 if (entry->vendor_id != PEN_IETF)
309 {
310 continue;
311 }
312 switch (entry->type)
313 {
314 case IETF_ATTR_PRODUCT_INFORMATION:
315 add_product_info(attr_list);
316 break;
317 case IETF_ATTR_STRING_VERSION:
318 add_string_version(attr_list);
319 break;
320 case IETF_ATTR_OPERATIONAL_STATUS:
321 add_op_status(attr_list);
322 break;
323 case IETF_ATTR_FORWARDING_ENABLED:
324 add_fwd_enabled(attr_list);
325 break;
326 case IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED:
327 add_default_pwd_enabled(attr_list);
328 break;
329 case IETF_ATTR_INSTALLED_PACKAGES:
330 add_installed_packages(attr_list);
331 break;
332 default:
333 break;
334 }
335 }
336 e->destroy(e);
337 }
338 else if (attr_type.type == IETF_ATTR_ASSESSMENT_RESULT)
339 {
340 ietf_attr_assess_result_t *attr_cast;
341
342 attr_cast = (ietf_attr_assess_result_t*)attr;
343 state->set_result(state, target_imc_id,
344 attr_cast->get_result(attr_cast));
345 }
346 }
347 enumerator->destroy(enumerator);
348 pa_tnc_msg->destroy(pa_tnc_msg);
349
350 if (fatal_error)
351 {
352 attr_list->destroy_offset(attr_list, offsetof(pa_tnc_attr_t, destroy));
353 return TNC_RESULT_FATAL;
354 }
355
356 if (attr_list->get_count(attr_list))
357 {
358 result = imc_os->send_message(imc_os, connection_id, TRUE, imc_id,
359 src_imv_id, attr_list);
360 }
361 else
362 {
363 result = TNC_RESULT_SUCCESS;
364 }
365 attr_list->destroy(attr_list);
366
367 return result;
368 }
369
370 /**
371 * see section 3.8.4 of TCG TNC IF-IMC Specification 1.3
372
373 */
374 TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id,
375 TNC_ConnectionID connection_id,
376 TNC_BufferReference msg,
377 TNC_UInt32 msg_len,
378 TNC_MessageType msg_type)
379 {
380 TNC_VendorID msg_vid;
381 TNC_MessageSubtype msg_subtype;
382
383 msg_vid = msg_type >> 8;
384 msg_subtype = msg_type & TNC_SUBTYPE_ANY;
385
386 return receive_message(imc_id, connection_id, 0, chunk_create(msg, msg_len),
387 msg_vid, msg_subtype, 0, TNC_IMCID_ANY);
388 }
389
390 /**
391 * see section 3.8.6 of TCG TNC IF-IMV Specification 1.3
392 */
393 TNC_Result TNC_IMC_ReceiveMessageLong(TNC_IMCID imc_id,
394 TNC_ConnectionID connection_id,
395 TNC_UInt32 msg_flags,
396 TNC_BufferReference msg,
397 TNC_UInt32 msg_len,
398 TNC_VendorID msg_vid,
399 TNC_MessageSubtype msg_subtype,
400 TNC_UInt32 src_imv_id,
401 TNC_UInt32 dst_imc_id)
402 {
403 return receive_message(imc_id, connection_id, msg_flags,
404 chunk_create(msg, msg_len), msg_vid, msg_subtype,
405 src_imv_id, dst_imc_id);
406 }
407
408 /**
409 * see section 3.8.7 of TCG TNC IF-IMC Specification 1.3
410 */
411 TNC_Result TNC_IMC_BatchEnding(TNC_IMCID imc_id,
412 TNC_ConnectionID connection_id)
413 {
414 if (!imc_os)
415 {
416 DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
417 return TNC_RESULT_NOT_INITIALIZED;
418 }
419 return TNC_RESULT_SUCCESS;
420 }
421
422 /**
423 * see section 3.8.8 of TCG TNC IF-IMC Specification 1.3
424 */
425 TNC_Result TNC_IMC_Terminate(TNC_IMCID imc_id)
426 {
427 if (!imc_os)
428 {
429 DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
430 return TNC_RESULT_NOT_INITIALIZED;
431 }
432 imc_os->destroy(imc_os);
433 imc_os = NULL;
434
435 os->destroy(os);
436 os = NULL;
437
438 return TNC_RESULT_SUCCESS;
439 }
440
441 /**
442 * see section 4.2.8.1 of TCG TNC IF-IMC Specification 1.3
443 */
444 TNC_Result TNC_IMC_ProvideBindFunction(TNC_IMCID imc_id,
445 TNC_TNCC_BindFunctionPointer bind_function)
446 {
447 if (!imc_os)
448 {
449 DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
450 return TNC_RESULT_NOT_INITIALIZED;
451 }
452 return imc_os->bind_functions(imc_os, bind_function);
453 }
strongSwan - IPsec VPN