sa/tasks/ike_vendor.c sa/tasks/ike_vendor.h \
sa/tasks/task.c sa/tasks/task.h \
tnc/tncif.h tnc/tncifimc.h tnc/tncifimv.h \
-tnc/tncifimv_names.h tnc/tncifimv_names.c\
+tnc/tncifimv_names.h tnc/tncifimv_names.c \
tnc/imc/imc.h tnc/imc/imc_manager.h \
-tnc/imv/imv.h tnc/imv/imv_manager.h \
+tnc/imv/imv.h tnc/imv/imv_manager.h tnc/imv/imv_recommendations.h \
tnc/tnccs/tnccs.c tnc/tnccs/tnccs.h \
tnc/tnccs/tnccs_manager.c tnc/tnccs/tnccs_manager.h
return NULL;
}
-METHOD(imc_manager_t, get_count, int,
- private_tnc_imc_manager_t *this)
-{
- return this->imcs->get_count(this->imcs);
-}
-
METHOD(imc_manager_t, get_preferred_language, char*,
private_tnc_imc_manager_t *this)
{
.public = {
.add = _add,
.remove = _remove_, /* avoid name conflict with stdio.h */
- .get_count = _get_count,
.get_preferred_language = _get_preferred_language,
.notify_connection_change = _notify_connection_change,
.begin_handshake = _begin_handshake,
libstrongswan_tnc_imv_la_SOURCES = \
tnc_imv_plugin.h tnc_imv_plugin.c tnc_imv.h tnc_imv.c \
- tnc_imv_manager.h tnc_imv_manager.c tnc_imv_bind_function.c
+ tnc_imv_manager.h tnc_imv_manager.c tnc_imv_bind_function.c \
+ tnc_imv_recommendations.h tnc_imv_recommendations.c
libstrongswan_tnc_imv_la_LDFLAGS = -module -avoid-version
*/
#include "tnc_imv_manager.h"
+#include "tnc_imv_recommendations.h"
#include <tnc/imv/imv_manager.h>
#include <tnc/tncifimv.h>
+#include <tnc/tncifimv_names.h>
#include <debug.h>
#include <daemon.h>
+#include <threading/mutex.h>
typedef struct private_tnc_imv_manager_t private_tnc_imv_manager_t;
+
/**
* Private data of an imv_manager_t object.
*/
return NULL;
}
-METHOD(imv_manager_t, get_count, int,
+METHOD(imv_manager_t, create_recommendations, recommendations_t*,
private_tnc_imv_manager_t *this)
{
- return this->imvs->get_count(this->imvs);
+ return tnc_imv_recommendations_create(this->imvs);
}
METHOD(imv_manager_t, enforce_recommendation, bool,
.public = {
.add = _add,
.remove = _remove_, /* avoid name conflict with stdio.h */
- .get_count = _get_count,
+ .create_recommendations = _create_recommendations,
.enforce_recommendation = _enforce_recommendation,
.notify_connection_change = _notify_connection_change,
.set_message_types = _set_message_types,
#include <tnc/imv/imv_manager.h>
/**
- * Create an IMC manager instance.
+ * Create an IMV manager instance.
*/
imv_manager_t *tnc_imv_manager_create();
--- /dev/null
+/*
+ * Copyright (C) 2010 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <debug.h>
+#include <utils/linked_list.h>
+#include <threading/mutex.h>
+#include <tnc/tncifimv_names.h>
+#include <tnc/imv/imv_recommendations.h>
+
+typedef struct private_tnc_imv_recommendations_t private_tnc_imv_recommendations_t;
+typedef struct recommendation_entry_t recommendation_entry_t;
+
+/**
+ * Recommendation entry
+ */
+struct recommendation_entry_t {
+
+ /**
+ * IMV ID
+ */
+ TNC_IMVID id;
+
+ /**
+ * Action Recommendation provided by IMV instance
+ */
+ TNC_IMV_Action_Recommendation rec;
+
+ /**
+ * Evaluation Result provided by IMV instance
+ */
+ TNC_IMV_Evaluation_Result eval;
+};
+
+/**
+ * Private data of a recommendations_t object.
+ */
+struct private_tnc_imv_recommendations_t {
+
+ /**
+ * Public members of recommendations_t.
+ */
+ recommendations_t public;
+
+ /**
+ * list of recommendations and evaluations provided by IMVs
+ */
+ linked_list_t *recs;
+};
+
+METHOD(recommendations_t, provide_recommendation, TNC_Result,
+ private_tnc_imv_recommendations_t* this, TNC_IMVID id,
+ TNC_IMV_Action_Recommendation rec,
+ TNC_IMV_Evaluation_Result eval)
+{
+ enumerator_t *enumerator;
+ recommendation_entry_t *entry;
+ bool found = FALSE;
+
+ DBG2(DBG_TNC, "IMV %u provides recommendation '%N' and evaluation '%N'",
+ id, action_recommendation_names, rec, evaluation_result_names, eval);
+
+ enumerator = this->recs->create_enumerator(this->recs);
+ while (enumerator->enumerate(enumerator, &entry))
+ {
+ if (entry->id == id)
+ {
+ found = TRUE;
+ entry->rec = rec;
+ entry->eval = eval;
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ return found ? TNC_RESULT_SUCCESS : TNC_RESULT_FATAL;
+}
+
+METHOD(recommendations_t, have_recommendation, bool,
+ private_tnc_imv_recommendations_t *this, TNC_IMV_Action_Recommendation *rec,
+ TNC_IMV_Evaluation_Result *eval)
+{
+ /* TODO */
+ *rec = TNC_IMV_ACTION_RECOMMENDATION_ALLOW;
+ *eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT;
+ return TRUE;
+}
+
+METHOD(recommendations_t, destroy, void,
+ private_tnc_imv_recommendations_t *this)
+{
+ this->recs->destroy_function(this->recs, free);
+ free(this);
+}
+
+/**
+ * Described in header.
+ */
+recommendations_t* tnc_imv_recommendations_create(linked_list_t *imv_list)
+{
+ private_tnc_imv_recommendations_t *this;
+ recommendation_entry_t *entry;
+ enumerator_t *enumerator;
+ TNC_IMVID id;
+
+ INIT(this,
+ .public = {
+ .provide_recommendation = _provide_recommendation,
+ .have_recommendation = _have_recommendation,
+ .destroy = _destroy,
+ },
+ .recs = linked_list_create(),
+ );
+
+ enumerator = imv_list->create_enumerator(imv_list);
+ while (enumerator->enumerate(enumerator, &id))
+ {
+ entry = malloc_thing(recommendation_entry_t);
+ entry->id = id;
+ entry->rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION;
+ entry->eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
+ this->recs->insert_last(this->recs, entry);
+ }
+ enumerator->destroy(enumerator);
+
+ return &this->public;
+}
--- /dev/null
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ *
+ * @defgroup tnc_imv_manager tnc_imv_manager
+ * @{ @ingroup tnc_imv
+ */
+
+#ifndef TNC_IMV_RECOMMENDATIONS_H_
+#define TNC_IMV_RECOMMENDATIONS_H_
+
+#include <tnc/imv/imv_recommendations.h>
+#include <utils/linked_list.h>
+
+/**
+ * Create an IMV empty recommendations instance
+ */
+recommendations_t *tnc_imv_recommendations_create();
+
+#endif /** TNC_IMV_RECOMMENDATIONS_H_ @}*/
#include <daemon.h>
#include <threading/mutex.h>
#include <tnc/tncif.h>
-#include <tnc/tncifimv_names.h>
#include <tnc/tnccs/tnccs.h>
-typedef struct recommendation_entry_t recommendation_entry_t;
typedef struct private_tnccs_20_t private_tnccs_20_t;
/**
- * Recommendation entry
- */
-struct recommendation_entry_t {
-
- /**
- * IMV ID
- */
- TNC_IMVID id;
-
- /**
- * Action Recommendation provided by IMV instance
- */
- TNC_IMV_Action_Recommendation rec;
-
- /**
- * Evaluation Result provided by IMV instance
- */
- TNC_IMV_Evaluation_Result eval;
-};
-
-/**
* Private data of a tnccs_20_t object.
*/
struct private_tnccs_20_t {
/**
* Mutex locking the batch in construction
*/
- mutex_t *batch_mutex;
+ mutex_t *mutex;
/**
- * Action Recommendations and Evaluations Results provided by IMVs
+ * Set of IMV recommendations (TNC Server only)
*/
- linked_list_t *recommendations;
-
- /**
- * Mutex locking the recommendations list
- */
- mutex_t *recommendation_mutex;
+ recommendations_t *recs;
};
-static bool have_recommendation(private_tnccs_20_t *this,
- TNC_IMV_Action_Recommendation *rec,
- TNC_IMV_Evaluation_Result *eval)
-{
- /* TODO */
- *rec = TNC_IMV_ACTION_RECOMMENDATION_ALLOW;
- *eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT;
- return TRUE;
-}
-
METHOD(tnccs_t, send_message, void,
private_tnccs_20_t* this, TNC_BufferReference message,
TNC_UInt32 message_len,
chunk_t msg = { message, message_len };
DBG1(DBG_TNC, "TNCCS 2.0 send message");
- this->batch_mutex->lock(this->batch_mutex);
+ this->mutex->lock(this->mutex);
this->batch = chunk_cat("mc", this->batch, msg);
- this->batch_mutex->unlock(this->batch_mutex);
-}
-
-METHOD(tnccs_t, provide_recommendation, void,
- private_tnccs_20_t* this, TNC_IMVID id,
- TNC_IMV_Action_Recommendation rec,
- TNC_IMV_Evaluation_Result eval)
-{
- enumerator_t *enumerator;
- recommendation_entry_t *entry;
- bool found = FALSE;
-
- DBG2(DBG_TNC, "IMV %u provides recommendation '%N' and evaluation '%N'",
- id, action_recommendation_names, rec, evaluation_result_names, eval);
-
- this->recommendation_mutex->lock(this->recommendation_mutex);
- enumerator = this->recommendations->create_enumerator(this->recommendations);
- while (enumerator->enumerate(enumerator, &entry))
- {
- if (entry->id == id)
- {
- found = TRUE;
- break;
- }
- }
- enumerator->destroy(enumerator);
-
- if (!found)
- {
- entry = malloc_thing(recommendation_entry_t);
- entry->id = id;
- this->recommendations->insert_last(this->recommendations, entry);
- }
-
- /* Assign provided action recommendation and evaluation result */
- entry->rec = rec;
- entry->eval = eval;
- this->recommendation_mutex->unlock(this->recommendation_mutex);
+ this->mutex->unlock(this->mutex);
}
METHOD(tls_t, process, status_t,
if (this->is_server && !this->connection_id)
{
this->connection_id = charon->tnccs->create_connection(charon->tnccs,
- (tnccs_t*)this,
- _send_message, _provide_recommendation);
+ (tnccs_t*)this, _send_message, &this->recs);
+ if (!this->connection_id)
+ {
+ return FAILED;
+ }
charon->imvs->notify_connection_change(charon->imvs,
this->connection_id, TNC_CONNECTION_STATE_CREATE);
}
char *msg = this->is_server ? "tncs->tncc 2.0|" : "tncc->tncs 2.0|";
size_t len;
- this->batch_mutex->lock(this->batch_mutex);
+ this->mutex->lock(this->mutex);
this->batch = chunk_cat("cm", chunk_create(msg, strlen(msg)), this->batch);
- this->batch_mutex->unlock(this->batch_mutex);
+ this->mutex->unlock(this->mutex);
if (!this->is_server && !this->connection_id)
{
this->connection_id = charon->tnccs->create_connection(charon->tnccs,
(tnccs_t*)this, _send_message, NULL);
+ if (!this->connection_id)
+ {
+ return FAILED;
+ }
charon->imcs->notify_connection_change(charon->imcs,
this->connection_id, TNC_CONNECTION_STATE_CREATE);
charon->imcs->notify_connection_change(charon->imcs,
charon->imcs->begin_handshake(charon->imcs, this->connection_id);
}
- this->batch_mutex->lock(this->batch_mutex);
+ this->mutex->lock(this->mutex);
len = this->batch.len;
*msglen = len;
*buflen = len;
memcpy(buf, this->batch.ptr, len);
chunk_free(&this->batch);
- this->batch_mutex->unlock(this->batch_mutex);
+ this->mutex->unlock(this->mutex);
DBG1(DBG_TNC, "sending TNCCS Batch (%d bytes) for Connection ID %u",
len, this->connection_id);
TNC_IMV_Action_Recommendation rec;
TNC_IMV_Evaluation_Result eval;
- if (this->is_server && have_recommendation(this, &rec, &eval))
+ if (this->recs && this->recs->have_recommendation(this->recs, &rec, &eval))
{
return charon->imvs->enforce_recommendation(charon->imvs, rec);
}
private_tnccs_20_t *this)
{
charon->tnccs->remove_connection(charon->tnccs, this->connection_id);
- this->recommendations->destroy_function(this->recommendations, free);
- this->recommendation_mutex->destroy(this->recommendation_mutex);
- this->batch_mutex->destroy(this->batch_mutex);
+ this->mutex->destroy(this->mutex);
free(this->batch.ptr);
free(this);
}
.destroy = _destroy,
},
.is_server = is_server,
- .recommendations = linked_list_create(),
- .recommendation_mutex = mutex_create(MUTEX_TYPE_DEFAULT),
- .batch_mutex = mutex_create(MUTEX_TYPE_DEFAULT),
+ .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
);
return &this->public;
imc_t* (*remove)(imc_manager_t *this, TNC_IMCID id);
/**
- * Return the number of registered IMCs
- *
- * @return number of IMCs
- */
- int (*get_count)(imc_manager_t *this);
-
- /**
* Return the preferred language for recommendations
*
* @return preferred language string
#define IMV_MANAGER_H_
#include "imv.h"
+#include "imv_recommendations.h"
#include <library.h>
imv_t* (*remove)(imv_manager_t *this, TNC_IMVID id);
/**
- * Return the number of registered IMVs
+ * Create an empty set of IMV recommendations and evaluations
*
- * @return number of IMVs
+ * @return instance of a recommendations_t list
*/
- int (*get_count)(imv_manager_t *this);
+ recommendations_t* (*create_recommendations)(imv_manager_t *this);
/**
* Enforce the TNC recommendation on the IKE_SA by either inserting an
--- /dev/null
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup imv_recommendations imv_recommendations
+ * @{ @ingroup libcharon
+ */
+
+#ifndef IMV_RECOMMENDATIONS_H_
+#define IMV_RECOMMENDATIONS_H_
+
+#include <tnc/tncifimv.h>
+#include <library.h>
+
+typedef struct recommendations_t recommendations_t;
+
+/**
+ * Collection of all IMV action recommendations and evaluation results
+ */
+struct recommendations_t {
+
+ /**
+ * Deliver an IMV action recommendation and IMV evaluation result to the TNCS
+ *
+ * @param imv_id ID of the IMV providing the recommendation
+ * @param recommendation action recommendation
+ * @param evaluation evaluation result
+ */
+ TNC_Result (*provide_recommendation)(recommendations_t *this,
+ TNC_IMVID imv_id,
+ TNC_IMV_Action_Recommendation rec,
+ TNC_IMV_Evaluation_Result eval);
+
+ bool (*have_recommendation)(recommendations_t *this,
+ TNC_IMV_Action_Recommendation *rec,
+ TNC_IMV_Evaluation_Result *eval);
+
+ /**
+ * Destroys an imv_t object.
+ */
+ void (*destroy)(recommendations_t *this);
+};
+
+#endif /** IMV_RECOMMENDATIONS_H_ @}*/
TNC_UInt32 message_len,
TNC_MessageType message_type);
-
-/**
- * Callback function delivering an IMV Action Recommendation and
- * IMV Evaluation Result to the TNCS
- *
- * @param imv_id ID of the IMV providing the recommendation
- * @param recommendation action recommendation
- * @param evaluation evaluation result
- */
-typedef void (*tnccs_provide_recommendation_t)(tnccs_t* tncss,
- TNC_IMVID imv_id,
- TNC_IMV_Action_Recommendation recommendation,
- TNC_IMV_Evaluation_Result evaluation);
-
#endif /** TNCCS_H_ @}*/
#include "tnccs_manager.h"
+#include <tnc/imv/imv_recommendations.h>
+
#include <debug.h>
+#include <daemon.h>
#include <utils/linked_list.h>
#include <threading/rwlock.h>
*/
tnccs_send_message_t send_message;
- /** TNCS provide recommendation function
+ /** collection of IMV recommendations
*
*/
- tnccs_provide_recommendation_t provide_recommendation;
+ recommendations_t *recs;
};
/**
}
METHOD(tnccs_manager_t, create_connection, TNC_ConnectionID,
- private_tnccs_manager_t *this, tnccs_t *tnccs,
- tnccs_send_message_t send_message,
- tnccs_provide_recommendation_t provide_recommendation)
+ private_tnccs_manager_t *this, tnccs_t *tnccs,
+ tnccs_send_message_t send_message, recommendations_t **recs)
{
tnccs_connection_entry_t *entry;
entry = malloc_thing(tnccs_connection_entry_t);
entry->tnccs = tnccs;
entry->send_message = send_message;
- entry->provide_recommendation = provide_recommendation;
-
+ if (recs)
+ {
+ /* we assume a TNC Server needing recommendations from IMVs */
+ if (!charon->imvs)
+ {
+ DBG1(DBG_TNC, "no IMV manager available!");
+ free(entry);
+ return 0;
+ }
+ entry->recs = charon->imvs->create_recommendations(charon->imvs);
+ *recs = entry->recs;
+ }
+ else
+ {
+ /* we assume a TNC Client */
+ if (!charon->imcs)
+ {
+ DBG1(DBG_TNC, "no IMC manager available!");
+ free(entry);
+ return 0;
+ }
+ entry->recs = NULL;
+ }
this->connection_lock->write_lock(this->connection_lock);
entry->id = ++this->connection_id;
this->connections->insert_last(this->connections, entry);
if (id == entry->id)
{
this->connections->remove_at(this->connections, enumerator);
+ if (entry->recs)
+ {
+ entry->recs->destroy(entry->recs);
+ }
free(entry);
DBG1(DBG_TNC, "removed TNCCS Connection ID %u", id);
}
METHOD(tnccs_manager_t, provide_recommendation, TNC_Result,
private_tnccs_manager_t *this, TNC_IMVID imv_id,
TNC_ConnectionID id,
- TNC_IMV_Action_Recommendation recommendation,
- TNC_IMV_Evaluation_Result evaluation)
+ TNC_IMV_Action_Recommendation rec,
+ TNC_IMV_Evaluation_Result eval)
{
enumerator_t *enumerator;
tnccs_connection_entry_t *entry;
- tnccs_provide_recommendation_t provide_recommendation = NULL;
- tnccs_t *tnccs = NULL;
+ recommendations_t *recs = NULL;
this->connection_lock->read_lock(this->connection_lock);
enumerator = this->connections->create_enumerator(this->connections);
{
if (id == entry->id)
{
- tnccs = entry->tnccs;
- provide_recommendation = entry->provide_recommendation;
+ recs = entry->recs;
break;
}
}
enumerator->destroy(enumerator);
this->connection_lock->unlock(this->connection_lock);
- if (tnccs && provide_recommendation)
+ if (recs)
{
- provide_recommendation(tnccs, imv_id, recommendation, evaluation);
+ recs->provide_recommendation(recs, imv_id, rec, eval);
return TNC_RESULT_SUCCESS;
}
return TNC_RESULT_FATAL;
#include "tnccs.h"
+#include <tnc/imv/imv_recommendations.h>
+
typedef struct tnccs_manager_t tnccs_manager_t;
/**
bool is_server);
/**
- * Create a TNCCS connection and assign a unique connection ID as well as
- * callback functions for adding a message to a TNCCS batch and delivering
- * an IMV recommendation, respectively
+ * Create a TNCCS connection and assign a unique connection ID as well a
+ * callback function for adding a message to a TNCCS batch and create
+ * an empty set for collecting IMV recommendations
*
* @param tnccs TNCCS connection instance
* @param send_message TNCCS callback function
- * @param provide_recommendation TNCS callback function
+ * @param recs pointer to IMV recommendation set
* @return assigned connection ID
*/
TNC_ConnectionID (*create_connection)(tnccs_manager_t *this, tnccs_t *tnccs,
- tnccs_send_message_t send_message,
- tnccs_provide_recommendation_t provide_recommendation);
+ tnccs_send_message_t send_message,
+ recommendations_t **recs);
/**
* Remove a TNCCS connection using its connection ID.
projects / strongswan.git / commitdiff