moved tnc_imv plugin to libtnccs thanks to recommendation callback function
authorAndreas Steffen <andreas.steffen@strongswan.org>
Thu, 8 Aug 2013 17:43:43 +0000 (19:43 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Thu, 15 Aug 2013 21:34:22 +0000 (23:34 +0200)
38 files changed:
configure.ac
man/strongswan.conf.5.in
src/libcharon/Makefile.am
src/libcharon/plugins/eap_tnc/eap_tnc.c
src/libcharon/plugins/tnc_imv/Makefile.am [deleted file]
src/libcharon/plugins/tnc_imv/tnc_imv.c [deleted file]
src/libcharon/plugins/tnc_imv/tnc_imv.h [deleted file]
src/libcharon/plugins/tnc_imv/tnc_imv_bind_function.c [deleted file]
src/libcharon/plugins/tnc_imv/tnc_imv_manager.c [deleted file]
src/libcharon/plugins/tnc_imv/tnc_imv_manager.h [deleted file]
src/libcharon/plugins/tnc_imv/tnc_imv_plugin.c [deleted file]
src/libcharon/plugins/tnc_imv/tnc_imv_plugin.h [deleted file]
src/libcharon/plugins/tnc_imv/tnc_imv_recommendations.c [deleted file]
src/libcharon/plugins/tnc_imv/tnc_imv_recommendations.h [deleted file]
src/libcharon/plugins/tnc_pdp/tnc_pdp.c
src/libtnccs/Makefile.am
src/libtnccs/plugins/tnc_imc/tnc_imc.c
src/libtnccs/plugins/tnc_imv/Makefile.am [new file with mode: 0644]
src/libtnccs/plugins/tnc_imv/tnc_imv.c [new file with mode: 0644]
src/libtnccs/plugins/tnc_imv/tnc_imv.h [new file with mode: 0644]
src/libtnccs/plugins/tnc_imv/tnc_imv_bind_function.c [new file with mode: 0644]
src/libtnccs/plugins/tnc_imv/tnc_imv_manager.c [new file with mode: 0644]
src/libtnccs/plugins/tnc_imv/tnc_imv_manager.h [new file with mode: 0644]
src/libtnccs/plugins/tnc_imv/tnc_imv_plugin.c [new file with mode: 0644]
src/libtnccs/plugins/tnc_imv/tnc_imv_plugin.h [new file with mode: 0644]
src/libtnccs/plugins/tnc_imv/tnc_imv_recommendations.c [new file with mode: 0644]
src/libtnccs/plugins/tnc_imv/tnc_imv_recommendations.h [new file with mode: 0644]
src/libtnccs/plugins/tnc_tnccs/tnc_tnccs_manager.c
src/libtnccs/plugins/tnccs_11/tnccs_11.c
src/libtnccs/plugins/tnccs_11/tnccs_11.h
src/libtnccs/plugins/tnccs_20/tnccs_20.c
src/libtnccs/plugins/tnccs_20/tnccs_20.h
src/libtnccs/plugins/tnccs_dynamic/tnccs_dynamic.c
src/libtnccs/plugins/tnccs_dynamic/tnccs_dynamic.h
src/libtnccs/tnc/imv/imv_manager.h
src/libtnccs/tnc/tnccs/tnccs.h
src/libtnccs/tnc/tnccs/tnccs_manager.h
src/pt-tls-client/pt-tls-client.c

index fb91ddd..7111922 100644 (file)
@@ -1062,7 +1062,7 @@ ADD_PLUGIN([xauth-noauth],         [c charon])
 ADD_PLUGIN([tnc-ifmap],            [c charon])
 ADD_PLUGIN([tnc-pdp],              [c charon])
 ADD_PLUGIN([tnc-imc],              [t charon])
-ADD_PLUGIN([tnc-imv],              [c charon])
+ADD_PLUGIN([tnc-imv],              [t charon])
 ADD_PLUGIN([tnc-tnccs],            [t charon])
 ADD_PLUGIN([tnccs-20],             [t charon])
 ADD_PLUGIN([tnccs-11],             [t charon])
@@ -1378,6 +1378,7 @@ AC_CONFIG_FILES([
        src/libtnccs/Makefile
        src/libtnccs/plugins/tnc_tnccs/Makefile
        src/libtnccs/plugins/tnc_imc/Makefile
+       src/libtnccs/plugins/tnc_imv/Makefile
        src/libtnccs/plugins/tnccs_11/Makefile
        src/libtnccs/plugins/tnccs_20/Makefile
        src/libtnccs/plugins/tnccs_dynamic/Makefile
@@ -1421,7 +1422,6 @@ AC_CONFIG_FILES([
        src/libcharon/plugins/xauth_noauth/Makefile
        src/libcharon/plugins/tnc_ifmap/Makefile
        src/libcharon/plugins/tnc_pdp/Makefile
-       src/libcharon/plugins/tnc_imv/Makefile
        src/libcharon/plugins/socket_default/Makefile
        src/libcharon/plugins/socket_dynamic/Makefile
        src/libcharon/plugins/farp/Makefile
index 6a3bbac..be8512d 100644 (file)
@@ -712,9 +712,6 @@ Path to X.509 certificate file of IF-MAP server
 .BR charon.plugins.tnc-ifmap.username_password
 Credentials of IF-MAP client of the form username:password
 .TP
-.BR charon.plugins.tnc-imv.dlclose " [yes]"
-Unload IMV after use
-.TP
 .BR charon.plugins.tnc-pdp.pt_tls.port " [271]"
 PT-TLS server port the strongSwan PDP is listening on
 .TP
@@ -880,20 +877,23 @@ TNC IMC/IMV configuration directory
 .PP
 .SS libtnccs plugins section
 .TP
-.BR charon.plugins.tnccs-11.max_message_size " [45000]"
+.BR libtnccs.plugins.tnccs-11.max_message_size " [45000]"
 Maximum size of a PA-TNC message (XML & Base64 encoding)
 .TP
-.BR charon.plugins.tnccs-20.max_batch_size " [65522]"
+.BR libtnccs.plugins.tnccs-20.max_batch_size " [65522]"
 Maximum size of a PB-TNC batch (upper limit via PT-EAP = 65529)
 .TP
-.BR charon.plugins.tnccs-20.max_message_size " [65490]"
+.BR libtnccs.plugins.tnccs-20.max_message_size " [65490]"
 Maximum size of a PA-TNC message (upper limit via PT-EAP = 65497)
 .TP
-.BR charon.plugins.tnc-imc.dlclose " [yes]"
+.BR libtnccs.plugins.tnc-imc.dlclose " [yes]"
 Unload IMC after use
 .TP
-.BR charon.plugins.tnc-imc.preferred_language " [en]"
+.BR libtnccs.plugins.tnc-imc.preferred_language " [en]"
 Preferred language for TNC recommendations
+.TP
+.BR libtnccs.plugins.tnc-imv.dlclose " [yes]"
+Unload IMV after use
 .SS libimcv section
 .TP
 .BR libimcv.assessment_result " [yes]"
index 65e344a..9c7f676 100644 (file)
@@ -385,13 +385,6 @@ if MONOLITHIC
 endif
 endif
 
-if USE_TNC_IMV
-  SUBDIRS += plugins/tnc_imv
-if MONOLITHIC
-  libcharon_la_LIBADD += plugins/tnc_imv/libstrongswan-tnc-imv.la
-endif
-endif
-
 if USE_LIBTNCCS
 if MONOLITHIC
   # otherwise this library is linked to the respective plugins
index 839425d..d14672e 100644 (file)
@@ -22,6 +22,7 @@
 #include <daemon.h>
 
 #include <tncifimv.h>
+#include <tncif_names.h>
 
 /**
  * Maximum size of an EAP-TNC message
@@ -62,6 +63,63 @@ struct private_eap_tnc_t {
 
 };
 
+/**
+ * Callback function to get recommendation from TNCCS connection
+ */
+static bool enforce_recommendation(TNC_IMV_Action_Recommendation rec,
+                                                                  TNC_IMV_Evaluation_Result eval)
+{
+       char *group;
+       identification_t *id;
+       ike_sa_t *ike_sa;
+       auth_cfg_t *auth;
+       bool no_access = FALSE;
+
+       DBG1(DBG_TNC, "final recommendation is '%N' and evaluation is '%N'",
+                TNC_IMV_Action_Recommendation_names, rec,
+                TNC_IMV_Evaluation_Result_names, eval);
+
+       switch (rec)
+       {
+               case TNC_IMV_ACTION_RECOMMENDATION_ALLOW:
+                       group = "allow";
+                       break;
+               case TNC_IMV_ACTION_RECOMMENDATION_ISOLATE:
+                       group = "isolate";
+                       break;
+               case TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS:
+               case TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION:
+               default:
+                       group = "no access";
+                       no_access = TRUE;
+                       break;
+       }
+
+       ike_sa = charon->bus->get_sa(charon->bus);
+       if (!ike_sa)
+       {
+               DBG1(DBG_TNC, "policy enforcement point did not find IKE_SA");
+               return FALSE;
+       }
+
+       id = ike_sa->get_other_id(ike_sa);
+       DBG0(DBG_TNC, "policy enforced on peer '%Y' is '%s'", id, group);
+
+       if (no_access)
+       {
+               return FALSE;
+       }
+       else
+       {
+               auth = ike_sa->get_auth_cfg(ike_sa, FALSE);
+               id = identification_create_from_string(group);
+               auth->add(auth, AUTH_RULE_GROUP, id);
+               DBG1(DBG_TNC, "policy enforcement point added group membership '%s'",
+                        group);
+       }
+       return TRUE;
+}
+
 METHOD(eap_method_t, initiate, status_t,
        private_eap_tnc_t *this, eap_payload_t **out)
 {
@@ -224,8 +282,9 @@ static eap_tnc_t *eap_tnc_create(identification_t *server,
                free(this);
                return NULL;
        }
-       this->tnccs = tnc->tnccs->create_instance(tnc->tnccs, type, is_server,
-                                                                                         server, peer, TNC_IFT_EAP_1_1);
+       this->tnccs = tnc->tnccs->create_instance(tnc->tnccs, type,
+                                               is_server, server, peer, TNC_IFT_EAP_1_1,
+                                               is_server ? enforce_recommendation : NULL);
        this->tls_eap = tls_eap_create(EAP_TNC, &this->tnccs->tls,
                                                                   EAP_TNC_MAX_MESSAGE_LEN,
                                                                   max_msg_count, FALSE);
diff --git a/src/libcharon/plugins/tnc_imv/Makefile.am b/src/libcharon/plugins/tnc_imv/Makefile.am
deleted file mode 100644 (file)
index 49efe3b..0000000
+++ /dev/null
@@ -1,26 +0,0 @@
-AM_CPPFLAGS = \
-       -I$(top_srcdir)/src/libstrongswan \
-       -I$(top_srcdir)/src/libhydra \
-       -I$(top_srcdir)/src/libcharon \
-       -I$(top_srcdir)/src/libtncif \
-       -I$(top_srcdir)/src/libtnccs \
-       -I$(top_srcdir)/src/libtls
-
-AM_CFLAGS = \
-       -rdynamic
-
-if MONOLITHIC
-noinst_LTLIBRARIES = libstrongswan-tnc-imv.la
-else
-plugin_LTLIBRARIES = libstrongswan-tnc-imv.la
-libstrongswan_tnc_imv_la_LIBADD = \
-       $(top_builddir)/src/libtncif/libtncif.la \
-       $(top_builddir)/src/libtnccs/libtnccs.la
-endif
-
-libstrongswan_tnc_imv_la_SOURCES = \
-       tnc_imv_plugin.h tnc_imv_plugin.c tnc_imv.h tnc_imv.c \
-       tnc_imv_manager.h tnc_imv_manager.c tnc_imv_bind_function.c \
-       tnc_imv_recommendations.h tnc_imv_recommendations.c
-
-libstrongswan_tnc_imv_la_LDFLAGS = -module -avoid-version
diff --git a/src/libcharon/plugins/tnc_imv/tnc_imv.c b/src/libcharon/plugins/tnc_imv/tnc_imv.c
deleted file mode 100644 (file)
index ef0387d..0000000
+++ /dev/null
@@ -1,426 +0,0 @@
-/*
- * Copyright (C) 2006 Mike McCauley
- * Copyright (C) 2010-2011 Andreas Steffen,
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include "tnc_imv.h"
-
-#include <dlfcn.h>
-
-#include <tncif_pa_subtypes.h>
-
-#include <utils/debug.h>
-#include <daemon.h>
-#include <library.h>
-#include <collections/linked_list.h>
-#include <threading/mutex.h>
-
-typedef struct private_tnc_imv_t private_tnc_imv_t;
-
-/**
- * Private data of an imv_t object.
- */
-struct private_tnc_imv_t {
-
-       /**
-        * Public members of imv_t.
-        */
-       imv_t public;
-
-       /**
-        * Name of loaded IMV
-        */
-       char *name;
-
-       /**
-        * Handle of loaded IMV
-        */
-       void *handle;
-
-       /**
-        * ID of loaded IMV
-        */
-       TNC_IMVID id;
-
-       /**
-        * List of additional IMV IDs
-        */
-       linked_list_t *additional_ids;
-
-       /**
-        * List of message types supported by IMV - Vendor ID part
-        */
-       TNC_VendorIDList supported_vids;
-
-       /**
-        * List of message types supported by IMV - Subtype part
-        */
-       TNC_MessageSubtypeList supported_subtypes;
-
-       /**
-        * Number of supported message types
-        */
-       TNC_UInt32 type_count;
-
-       /**
-        * mutex to lock the imv_t object
-        */
-       mutex_t *mutex;
-};
-
-METHOD(imv_t, set_id, void,
-       private_tnc_imv_t *this, TNC_IMVID id)
-{
-       this->id = id;
-}
-
-METHOD(imv_t, get_id, TNC_IMVID,
-       private_tnc_imv_t *this)
-{
-       return this->id;
-}
-
-METHOD(imv_t, add_id, void,
-       private_tnc_imv_t *this, TNC_IMVID id)
-{
-       TNC_IMVID *new_id;
-
-       new_id = malloc_thing(TNC_IMVID);
-       *new_id = id;
-       this->additional_ids->insert_last(this->additional_ids, new_id);
-}
-
-METHOD(imv_t, has_id, bool,
-       private_tnc_imv_t *this, TNC_IMVID id)
-{
-       enumerator_t *enumerator;
-       TNC_IMVID *additional_id;
-       bool found = FALSE;
-
-       /* check primary IMV ID */
-       if (id == this->id)
-       {
-               return TRUE;
-       }
-
-       /* return if there are no additional IMV IDs */
-       if (this->additional_ids->get_count(this->additional_ids) == 0)
-       {
-               return FALSE;
-       }
-
-       /* check additional IMV IDs */
-       enumerator = this->additional_ids->create_enumerator(this->additional_ids);
-       while (enumerator->enumerate(enumerator, &additional_id))
-       {
-               if (id == *additional_id)
-               {
-                       found = TRUE;
-                       break;
-               }
-       }
-       enumerator->destroy(enumerator);
-
-       return found;
-}
-
-METHOD(imv_t, get_name, char*,
-       private_tnc_imv_t *this)
-{
-       return this->name;
-}
-
-METHOD(imv_t, set_message_types, void,
-       private_tnc_imv_t *this, TNC_MessageTypeList supported_types,
-                                                        TNC_UInt32 type_count)
-{
-       char buf[BUF_LEN];
-       char *pos = buf;
-       int len = sizeof(buf);
-       int i, written;
-       size_t size;
-       TNC_VendorID vid;
-       TNC_MessageSubtype subtype;
-       enum_name_t *pa_subtype_names;
-
-       /* lock the imv_t instance */
-       this->mutex->lock(this->mutex);
-
-       /* Free existing VendorID and MessageSubtype lists */
-       free(this->supported_vids);
-       this->supported_vids = NULL;
-       free(this->supported_subtypes);
-       this->supported_subtypes = NULL;
-
-       /* Store the new MessageType list */
-       this->type_count = type_count;
-       if (type_count && supported_types)
-       {
-               size = type_count * sizeof(TNC_VendorID);
-               this->supported_vids = malloc(size);
-               size = type_count * sizeof(TNC_MessageSubtype);
-               this->supported_subtypes = malloc(size);
-
-               for (i = 0; i < type_count; i++)
-               {
-                       vid = (supported_types[i] >> 8) & TNC_VENDORID_ANY;
-                       subtype = supported_types[i] & TNC_SUBTYPE_ANY;
-
-                       pa_subtype_names = get_pa_subtype_names(vid);
-                       if (pa_subtype_names)
-                       {
-                               written = snprintf(pos, len," '%N/%N' 0x%06x/0x%02x",
-                                                                  pen_names, vid, pa_subtype_names, subtype,
-                                                                  vid, subtype);
-                       }
-                       else
-                       {
-                               written = snprintf(pos, len," '%N' 0x%06x/0x%02x",
-                                                                  pen_names, vid, vid, subtype);
-                       }
-                       if (written >= len)
-                       {
-                               break;
-                       }
-                       pos += written;
-                       len -= written;
-
-                       this->supported_vids[i] = vid;
-                       this->supported_subtypes[i] = subtype;
-               }
-       }
-       *pos = '\0';
-       DBG2(DBG_TNC, "IMV %u supports %u message type%s:%s",
-                                 this->id, type_count, (type_count == 1) ? "":"s", buf);
-
-       /* unlock the imv_t instance */
-       this->mutex->unlock(this->mutex);
-}
-
-METHOD(imv_t, set_message_types_long, void,
-       private_tnc_imv_t *this, TNC_VendorIDList supported_vids,
-       TNC_MessageSubtypeList supported_subtypes, TNC_UInt32 type_count)
-{
-       char buf[BUF_LEN];
-       char *pos = buf;
-       int len = sizeof(buf);
-       int i, written;
-       size_t size;
-       TNC_VendorID vid;
-       TNC_MessageSubtype subtype;
-       enum_name_t *pa_subtype_names;
-
-       /* lock the imv_t instance */
-       this->mutex->lock(this->mutex);
-
-       /* Free existing VendorID and MessageSubtype lists */
-       free(this->supported_vids);
-       this->supported_vids = NULL;
-       free(this->supported_subtypes);
-       this->supported_subtypes = NULL;
-
-       /* Store the new MessageType list */
-       this->type_count = type_count;
-       if (type_count && supported_vids && supported_subtypes)
-       {
-               size = type_count * sizeof(TNC_VendorID);
-               this->supported_vids = malloc(size);
-               memcpy(this->supported_vids, supported_vids, size);
-               size = type_count * sizeof(TNC_MessageSubtype);
-               this->supported_subtypes = malloc(size);
-               memcpy(this->supported_subtypes, supported_subtypes, size);
-
-               for (i = 0; i < type_count; i++)
-               {
-                       vid = supported_vids[i];
-                       subtype = supported_subtypes[i];
-
-                       pa_subtype_names = get_pa_subtype_names(vid);
-                       if (pa_subtype_names)
-                       {
-                               written = snprintf(pos, len," '%N/%N' 0x%06x/0x%08x",
-                                                                  pen_names, vid, pa_subtype_names, subtype,
-                                                                  vid, subtype);
-                       }
-                       else
-                       {
-                               written = snprintf(pos, len," '%N' 0x%06x/0x%08x",
-                                                                  pen_names, vid, vid, subtype);
-                       }
-                       if (written >= len)
-                       {
-                               break;
-                       }
-                       pos += written;
-                       len -= written;
-               }
-       }
-       *pos = '\0';
-       DBG2(DBG_TNC, "IMV %u supports %u message type%s:%s",
-                                 this->id, type_count, (type_count == 1) ? "":"s", buf);
-
-       /* unlock the imv_t instance */
-       this->mutex->unlock(this->mutex);
-}
-
-METHOD(imv_t, type_supported, bool,
-       private_tnc_imv_t *this, TNC_VendorID msg_vid, TNC_MessageSubtype msg_subtype)
-{
-       TNC_VendorID vid;
-       TNC_MessageSubtype subtype;
-       int i;
-
-       for (i = 0; i < this->type_count; i++)
-       {
-               vid = this->supported_vids[i];
-               subtype = this->supported_subtypes[i];
-
-               if ((vid == TNC_VENDORID_ANY && subtype == TNC_SUBTYPE_ANY) ||
-                       (vid == msg_vid && (subtype == TNC_SUBTYPE_ANY ||
-                        subtype == msg_subtype)))
-               {
-                       return TRUE;
-               }
-       }
-       return FALSE;
-}
-
-METHOD(imv_t, destroy, void,
-       private_tnc_imv_t *this)
-{
-       if (this->handle && lib->settings->get_bool(lib->settings,
-               "%s.plugins.tnc-imv.dlclose", TRUE, charon->name))
-       {
-               dlclose(this->handle);
-       }
-       this->mutex->destroy(this->mutex);
-       this->additional_ids->destroy_function(this->additional_ids, free);
-       free(this->supported_vids);
-       free(this->supported_subtypes);
-       free(this->name);
-       free(this);
-}
-
-/**
- * Generic constructor.
- */
-static private_tnc_imv_t* tnc_imv_create_empty(char *name)
-{
-       private_tnc_imv_t *this;
-
-       INIT(this,
-               .public = {
-                       .set_id = _set_id,
-                       .get_id = _get_id,
-                       .add_id = _add_id,
-                       .has_id = _has_id,
-                       .get_name = _get_name,
-                       .set_message_types = _set_message_types,
-                       .set_message_types_long = _set_message_types_long,
-                       .type_supported = _type_supported,
-                       .destroy = _destroy,
-               },
-               .name = strdup(name),
-               .additional_ids = linked_list_create(),
-               .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
-       );
-
-       return this;
-}
-
-/**
- * Described in header.
- */
-imv_t* tnc_imv_create(char *name, char *path)
-{
-       private_tnc_imv_t *this;
-
-       this = tnc_imv_create_empty(name);
-
-       this->handle = dlopen(path, RTLD_LAZY);
-       if (!this->handle)
-       {
-               DBG1(DBG_TNC, "IMV \"%s\" failed to load: %s", name, dlerror());
-               destroy(this);
-               return NULL;
-       }
-
-       this->public.initialize = dlsym(this->handle, "TNC_IMV_Initialize");
-       if (!this->public.initialize)
-       {
-               DBG1(DBG_TNC, "could not resolve TNC_IMV_Initialize in %s: %s\n",
-                                          path, dlerror());
-               destroy(this);
-               return NULL;
-       }
-       this->public.notify_connection_change =
-                                               dlsym(this->handle, "TNC_IMV_NotifyConnectionChange");
-       this->public.solicit_recommendation =
-                                               dlsym(this->handle, "TNC_IMV_SolicitRecommendation");
-       if (!this->public.solicit_recommendation)
-       {
-               DBG1(DBG_TNC, "could not resolve TNC_IMV_SolicitRecommendation in %s: %s\n",
-                                          path, dlerror());
-               destroy(this);
-               return NULL;
-       }
-       this->public.receive_message =
-                                               dlsym(this->handle, "TNC_IMV_ReceiveMessage");
-       this->public.receive_message_long =
-                                               dlsym(this->handle, "TNC_IMV_ReceiveMessageLong");
-       this->public.batch_ending =
-                                               dlsym(this->handle, "TNC_IMV_BatchEnding");
-       this->public.terminate =
-                                               dlsym(this->handle, "TNC_IMV_Terminate");
-       this->public.provide_bind_function =
-                                               dlsym(this->handle, "TNC_IMV_ProvideBindFunction");
-       if (!this->public.provide_bind_function)
-       {
-               DBG1(DBG_TNC, "could not resolve TNC_IMV_ProvideBindFunction in %s: %s\n",
-                                         path, dlerror());
-               destroy(this);
-               return NULL;
-       }
-
-       return &this->public;
-}
-
-/**
- * Described in header.
- */
-imv_t* tnc_imv_create_from_functions(char *name,
-                               TNC_IMV_InitializePointer initialize,
-                               TNC_IMV_NotifyConnectionChangePointer notify_connection_change,
-                               TNC_IMV_ReceiveMessagePointer receive_message,
-                               TNC_IMV_ReceiveMessageLongPointer receive_message_long,
-                               TNC_IMV_SolicitRecommendationPointer solicit_recommendation,
-                               TNC_IMV_BatchEndingPointer batch_ending,
-                               TNC_IMV_TerminatePointer terminate,
-                               TNC_IMV_ProvideBindFunctionPointer provide_bind_function)
-{
-       private_tnc_imv_t *this;
-
-       this = tnc_imv_create_empty(name);
-
-       this->public.initialize = initialize;
-       this->public.notify_connection_change = notify_connection_change;
-       this->public.receive_message = receive_message;
-       this->public.receive_message_long = receive_message_long;
-       this->public.solicit_recommendation = solicit_recommendation;
-       this->public.batch_ending = batch_ending;
-       this->public.terminate = terminate;
-       this->public.provide_bind_function = provide_bind_function;
-
-       return &this->public;
-}
diff --git a/src/libcharon/plugins/tnc_imv/tnc_imv.h b/src/libcharon/plugins/tnc_imv/tnc_imv.h
deleted file mode 100644 (file)
index e7c7b8b..0000000
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- * Copyright (C) 2010 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-/**
- *
- * @defgroup tnc_imv_t tnc_imv
- * @{ @ingroup tnc_imv
- */
-
-#ifndef TNC_IMV_H_
-#define TNC_IMV_H_
-
-#include <tnc/imv/imv.h>
-
-/**
- * Create an Integrity Measurement Verifier loaded from a library.
- *
- * @param name                 name of the IMV
- * @param filename             path to the dynamic IMV library
- * @return                             instance of the imv_t interface
- */
-imv_t* tnc_imv_create(char *name, char *filename);
-
-/**
- * Create an Integrity Measurement Verifier from a set of IMV functions.
- *
- * @param name                                         name of the IMV
- * @param initialize                           TNC_IMV_InitializePointer
- * @param notify_connection_change     TNC_IMV_NotifyConnectionChangePointer
- * @param receive_message                      TNC_IMV_ReceiveMessagePointer
- * @param receive_message_long         TNC_IMV_ReceiveMessageLongPointer
- * @param solicit_recommendation       TNC_IMV_SolicitRecommendationPointer
- * @param batch_ending                         TNC_IMV_BatchEndingPointer
- * @param terminate                                    TNC_IMV_TerminatePointer
- * @param provide_bind_function                TNC_IMV_ProvideBindFunctionPointer
- * @return                                                     instance of the imv_t interface
- */
-imv_t* tnc_imv_create_from_functions(char *name,
-                               TNC_IMV_InitializePointer initialize,
-                               TNC_IMV_NotifyConnectionChangePointer notify_connection_change,
-                               TNC_IMV_ReceiveMessagePointer receive_message,
-                               TNC_IMV_ReceiveMessageLongPointer receive_message_long,
-                               TNC_IMV_SolicitRecommendationPointer solicit_recommendation,
-                               TNC_IMV_BatchEndingPointer batch_ending,
-                               TNC_IMV_TerminatePointer terminate,
-                               TNC_IMV_ProvideBindFunctionPointer provide_bind_function);
-
-#endif /** TNC_IMV_H_ @}*/
diff --git a/src/libcharon/plugins/tnc_imv/tnc_imv_bind_function.c b/src/libcharon/plugins/tnc_imv/tnc_imv_bind_function.c
deleted file mode 100644 (file)
index 36cdb7f..0000000
+++ /dev/null
@@ -1,246 +0,0 @@
-/*
- * Copyright (C) 2006 Mike McCauley
- * Copyright (C) 2010-2011 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include <tnc/tnc.h>
-#include <tnc/imv/imv_manager.h>
-#include <tnc/tnccs/tnccs_manager.h>
-
-#include <utils/debug.h>
-
-/**
- * Called by the IMV to inform a TNCS about the set of message types the IMV
- * is able to receive
- */
-TNC_Result TNC_TNCS_ReportMessageTypes(TNC_IMVID imv_id,
-                                                                          TNC_MessageTypeList supported_types,
-                                                                          TNC_UInt32 type_count)
-{
-       if (!tnc->imvs->is_registered(tnc->imvs, imv_id))
-       {
-               DBG1(DBG_TNC, "ignoring ReportMessageTypes() from unregistered IMV %u",
-                                          imv_id);
-               return TNC_RESULT_INVALID_PARAMETER;
-       }
-       return tnc->imvs->set_message_types(tnc->imvs, imv_id, supported_types,
-                                                                               type_count);
-}
-
-/**
- * Called by the IMV to inform a TNCS about the set of message types the IMV
- * is able to receive. This function supports long message types.
- */
-TNC_Result TNC_TNCS_ReportMessageTypesLong(TNC_IMVID imv_id,
-                                                                          TNC_VendorIDList supported_vids,
-                                                                          TNC_MessageSubtypeList supported_subtypes,
-                                                                          TNC_UInt32 type_count)
-{
-       if (!tnc->imvs->is_registered(tnc->imvs, imv_id))
-       {
-               DBG1(DBG_TNC, "ignoring ReportMessageTypesLong() from unregistered IMV %u",
-                                          imv_id);
-               return TNC_RESULT_INVALID_PARAMETER;
-       }
-       return tnc->imvs->set_message_types_long(tnc->imvs, imv_id, supported_vids,
-                                                                                        supported_subtypes, type_count);
-}
-
-/**
- * Called by the IMV to ask a TNCS to retry an Integrity Check Handshake
- */
-TNC_Result TNC_TNCS_RequestHandshakeRetry(TNC_IMVID imv_id,
-                                                                                 TNC_ConnectionID connection_id,
-                                                                                 TNC_RetryReason reason)
-{
-       if (!tnc->imvs->is_registered(tnc->imvs, imv_id))
-       {
-               DBG1(DBG_TNC, "ignoring RequestHandshakeRetry() from unregistered IMV %u",
-                                          imv_id);
-               return TNC_RESULT_INVALID_PARAMETER;
-       }
-       return tnc->tnccs->request_handshake_retry(tnc->tnccs, FALSE, imv_id,
-                                                                                          connection_id, reason);
-}
-
-/**
- * Called by the IMV when an IMV-IMC message is to be sent
- */
-TNC_Result TNC_TNCS_SendMessage(TNC_IMVID imv_id,
-                                                               TNC_ConnectionID connection_id,
-                                                               TNC_BufferReference msg,
-                                                               TNC_UInt32 msg_len,
-                                                               TNC_MessageType msg_type)
-{
-       TNC_VendorID msg_vid;
-       TNC_MessageSubtype msg_subtype;
-
-       if (!tnc->imvs->is_registered(tnc->imvs, imv_id))
-       {
-               DBG1(DBG_TNC, "ignoring SendMessage() from unregistered IMV %u",
-                                          imv_id);
-               return TNC_RESULT_INVALID_PARAMETER;
-       }
-       msg_vid = (msg_type >> 8) & TNC_VENDORID_ANY;
-       msg_subtype = msg_type & TNC_SUBTYPE_ANY;
-
-       return tnc->tnccs->send_message(tnc->tnccs, TNC_IMCID_ANY, imv_id,
-                                               connection_id, 0, msg, msg_len, msg_vid, msg_subtype);
-}
-
-/**
- * Called by the IMV when an IMV-IMC message is to be sent over IF-TNCCS 2.0
- */
-TNC_Result TNC_TNCS_SendMessageLong(TNC_IMVID imv_id,
-                                                                       TNC_ConnectionID connection_id,
-                                                                       TNC_UInt32 msg_flags,
-                                                                       TNC_BufferReference msg,
-                                                                       TNC_UInt32 msg_len,
-                                                                       TNC_VendorID msg_vid,
-                                                                       TNC_MessageSubtype msg_subtype,
-                                                                       TNC_UInt32 imc_id)
-{
-       if (!tnc->imvs->is_registered(tnc->imvs, imv_id))
-       {
-               DBG1(DBG_TNC, "ignoring SendMessageLong() from unregistered IMV %u",
-                                          imv_id);
-               return TNC_RESULT_INVALID_PARAMETER;
-       }
-       return tnc->tnccs->send_message(tnc->tnccs, imc_id, imv_id, connection_id,
-                                                               msg_flags, msg, msg_len, msg_vid, msg_subtype);
-}
-
-/**
- * Called by the IMV to deliver its IMV Action Recommendation and IMV Evaluation
- * Result to the TNCS
- */
-TNC_Result TNC_TNCS_ProvideRecommendation(TNC_IMVID imv_id,
-                                                               TNC_ConnectionID connection_id,
-                                                               TNC_IMV_Action_Recommendation recommendation,
-                                                               TNC_IMV_Evaluation_Result evaluation)
-{
-       if (!tnc->imvs->is_registered(tnc->imvs, imv_id))
-       {
-               DBG1(DBG_TNC, "ignoring ProvideRecommendation() from unregistered IMV %u",
-                                          imv_id);
-               return TNC_RESULT_INVALID_PARAMETER;
-       }
-       return tnc->tnccs->provide_recommendation(tnc->tnccs, imv_id, connection_id,
-                                                                                         recommendation, evaluation);
-}
-
-/**
- * Called by the IMV to get the value of an attribute associated with a
- * connection or with the TNCS as a whole.
- */
-TNC_Result TNC_TNCS_GetAttribute(TNC_IMVID imv_id,
-                                                                TNC_ConnectionID connection_id,
-                                                                TNC_AttributeID attribute_id,
-                                                                TNC_UInt32 buffer_len,
-                                                                TNC_BufferReference buffer,
-                                                                TNC_UInt32 *out_value_len)
-{
-       if (!tnc->imvs->is_registered(tnc->imvs, imv_id))
-       {
-               DBG1(DBG_TNC, "ignoring GetAttribute() from unregistered IMV %u",
-                                          imv_id);
-               return TNC_RESULT_INVALID_PARAMETER;
-       }
-       return tnc->tnccs->get_attribute(tnc->tnccs, FALSE, imv_id, connection_id,
-                                                       attribute_id, buffer_len, buffer, out_value_len);
-}
-
-/**
- * Called by the IMV to set the value of an attribute associated with a
- * connection or with the TNCS as a whole.
- */
-TNC_Result TNC_TNCS_SetAttribute(TNC_IMVID imv_id,
-                                                                TNC_ConnectionID connection_id,
-                                                                TNC_AttributeID attribute_id,
-                                                                TNC_UInt32 buffer_len,
-                                                                TNC_BufferReference buffer)
-{
-       if (!tnc->imvs->is_registered(tnc->imvs, imv_id))
-       {
-               DBG1(DBG_TNC, "ignoring SetAttribute() from unregistered IMV %u",
-                                          imv_id);
-               return TNC_RESULT_INVALID_PARAMETER;
-       }
-       return tnc->tnccs->set_attribute(tnc->tnccs, FALSE, imv_id, connection_id,
-                                                                        attribute_id, buffer_len, buffer);
-}
-
-/**
- * Called by the IMV when it wants to reserve an additional IMV ID for itself
- */
-TNC_Result TNC_TNCS_ReserveAdditionalIMVID(TNC_IMVID imv_id, TNC_UInt32 *new_id)
-{
-       if (tnc->imvs->reserve_id(tnc->imvs, imv_id, new_id))
-       {
-               return TNC_RESULT_SUCCESS;
-       }
-       DBG1(DBG_TNC, "ignoring ReserveAdditionalIMVID() from unregistered IMV %u",
-                                  imv_id);
-       return TNC_RESULT_INVALID_PARAMETER;
-}
-
-/**
- * Called by the IMV when it needs a function pointer
- */
-TNC_Result TNC_TNCS_BindFunction(TNC_IMVID id,
-                                                                char *function_name,
-                                                                void **function_pointer)
-{
-       if (streq(function_name, "TNC_TNCS_ReportMessageTypes"))
-       {
-               *function_pointer = (void*)TNC_TNCS_ReportMessageTypes;
-       }
-       else if (streq(function_name, "TNC_TNCS_ReportMessageTypesLong"))
-       {
-               *function_pointer = (void*)TNC_TNCS_ReportMessageTypesLong;
-       }
-       else if (streq(function_name, "TNC_TNCS_RequestHandshakeRetry"))
-       {
-               *function_pointer = (void*)TNC_TNCS_RequestHandshakeRetry;
-       }
-       else if (streq(function_name, "TNC_TNCS_SendMessage"))
-       {
-               *function_pointer = (void*)TNC_TNCS_SendMessage;
-       }
-       else if (streq(function_name, "TNC_TNCS_SendMessageLong"))
-       {
-               *function_pointer = (void*)TNC_TNCS_SendMessageLong;
-       }
-       else if (streq(function_name, "TNC_TNCS_ProvideRecommendation"))
-       {
-               *function_pointer = (void*)TNC_TNCS_ProvideRecommendation;
-       }
-       else if (streq(function_name, "TNC_TNCS_GetAttribute"))
-       {
-               *function_pointer = (void*)TNC_TNCS_GetAttribute;
-       }
-       else if (streq(function_name, "TNC_TNCS_SetAttribute"))
-       {
-               *function_pointer = (void*)TNC_TNCS_SetAttribute;
-       }
-    else if (streq(function_name, "TNC_TNCS_ReserveAdditionalIMVID"))
-       {
-               *function_pointer = (void*)TNC_TNCS_ReserveAdditionalIMVID;
-       }
-       else
-       {
-               return TNC_RESULT_INVALID_PARAMETER;
-       }
-       return TNC_RESULT_SUCCESS;
-}
diff --git a/src/libcharon/plugins/tnc_imv/tnc_imv_manager.c b/src/libcharon/plugins/tnc_imv/tnc_imv_manager.c
deleted file mode 100644 (file)
index b950e31..0000000
+++ /dev/null
@@ -1,530 +0,0 @@
-/*
- * Copyright (C) 2006 Mike McCauley
- * Copyright (C) 2010-2011 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include "tnc_imv_manager.h"
-#include "tnc_imv.h"
-#include "tnc_imv_recommendations.h"
-
-#include <tncifimv.h>
-#include <tncif_names.h>
-
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/mman.h>
-#include <unistd.h>
-#include <errno.h>
-#include <fcntl.h>
-
-#include <daemon.h>
-#include <utils/debug.h>
-#include <threading/rwlock.h>
-#include <threading/mutex.h>
-#include <collections/linked_list.h>
-
-typedef struct private_tnc_imv_manager_t private_tnc_imv_manager_t;
-
-/**
- * Private data of an imv_manager_t object.
- */
-struct private_tnc_imv_manager_t {
-
-       /**
-        * Public members of imv_manager_t.
-        */
-       imv_manager_t public;
-
-       /**
-        * Linked list of IMVs
-        */
-       linked_list_t *imvs;
-
-       /**
-        * Lock for IMV list
-        */
-       rwlock_t *lock;
-
-       /**
-        * Next IMV ID to be assigned
-        */
-       TNC_IMVID next_imv_id;
-
-       /**
-        * Mutex to access next IMV ID
-        */
-       mutex_t *id_mutex;
-
-       /**
-        * Policy defining how to derive final recommendation from individual ones
-        */
-       recommendation_policy_t policy;
-};
-
-METHOD(imv_manager_t, add, bool,
-       private_tnc_imv_manager_t *this, imv_t *imv)
-{
-       TNC_Version version;
-       TNC_IMVID imv_id;
-
-       this->id_mutex->lock(this->id_mutex);
-       imv_id = this->next_imv_id++;
-       this->id_mutex->unlock(this->id_mutex);
-
-       imv->set_id(imv, imv_id);
-       if (imv->initialize(imv_id, TNC_IFIMV_VERSION_1,
-                                               TNC_IFIMV_VERSION_1, &version) != TNC_RESULT_SUCCESS)
-       {
-               DBG1(DBG_TNC, "IMV \"%s\" failed to initialize", imv->get_name(imv));
-               return FALSE;
-       }
-       this->lock->write_lock(this->lock);
-       this->imvs->insert_last(this->imvs, imv);
-       this->lock->unlock(this->lock);
-
-       if (imv->provide_bind_function(imv->get_id(imv),
-                                                                  TNC_TNCS_BindFunction) != TNC_RESULT_SUCCESS)
-       {
-               if (imv->terminate)
-               {
-                       imv->terminate(imv->get_id(imv));
-               }
-               DBG1(DBG_TNC, "IMV \"%s\" failed to obtain bind function",
-                        imv->get_name(imv));
-               this->lock->write_lock(this->lock);
-               this->imvs->remove_last(this->imvs, (void**)&imv);
-               this->lock->unlock(this->lock);
-               return FALSE;
-       }
-       return TRUE;
-}
-
-METHOD(imv_manager_t, remove_, imv_t*,
-       private_tnc_imv_manager_t *this, TNC_IMVID id)
-{
-       enumerator_t *enumerator;
-       imv_t *imv, *removed_imv = NULL;
-
-       this->lock->write_lock(this->lock);
-       enumerator = this->imvs->create_enumerator(this->imvs);
-       while (enumerator->enumerate(enumerator, &imv))
-       {
-               if (id == imv->get_id(imv))
-               {
-                       this->imvs->remove_at(this->imvs, enumerator);
-                       removed_imv = imv;
-                       break;
-               }
-       }
-       enumerator->destroy(enumerator);
-       this->lock->unlock(this->lock);
-
-       return removed_imv;
-}
-
-METHOD(imv_manager_t, load, bool,
-       private_tnc_imv_manager_t *this, char *name, char *path)
-{
-       imv_t *imv;
-
-       imv = tnc_imv_create(name, path);
-       if (!imv)
-       {
-               return FALSE;
-       }
-       if (!add(this, imv))
-       {
-               imv->destroy(imv);
-               return FALSE;
-       }
-       DBG1(DBG_TNC, "IMV %u \"%s\" loaded from '%s'", imv->get_id(imv), name, path);
-       return TRUE;
-}
-
-METHOD(imv_manager_t, load_from_functions, bool,
-       private_tnc_imv_manager_t *this, char *name,
-       TNC_IMV_InitializePointer initialize,
-       TNC_IMV_NotifyConnectionChangePointer notify_connection_change,
-       TNC_IMV_ReceiveMessagePointer receive_message,
-       TNC_IMV_ReceiveMessageLongPointer receive_message_long,
-       TNC_IMV_SolicitRecommendationPointer solicit_recommendation,
-       TNC_IMV_BatchEndingPointer batch_ending,
-       TNC_IMV_TerminatePointer terminate,
-       TNC_IMV_ProvideBindFunctionPointer provide_bind_function)
-{
-       imv_t *imv;
-
-       imv = tnc_imv_create_from_functions(name,
-                                                                               initialize,notify_connection_change,
-                                                                               receive_message, receive_message_long,
-                                                                               solicit_recommendation, batch_ending,
-                                                                               terminate, provide_bind_function);
-       if (!imv)
-       {
-               return FALSE;
-       }
-       if (!add(this, imv))
-       {
-               imv->destroy(imv);
-               return FALSE;
-       }
-       DBG1(DBG_TNC, "IMV %u \"%s\" loaded", imv->get_id(imv), name);
-       return TRUE;
-}
-
-METHOD(imv_manager_t, is_registered, bool,
-       private_tnc_imv_manager_t *this, TNC_IMVID id)
-{
-       enumerator_t *enumerator;
-       imv_t *imv;
-       bool found = FALSE;
-
-       this->lock->read_lock(this->lock);
-       enumerator = this->imvs->create_enumerator(this->imvs);
-       while (enumerator->enumerate(enumerator, &imv))
-       {
-               if (imv->has_id(imv, id))
-               {
-                       found = TRUE;
-                       break;
-               }
-       }
-       enumerator->destroy(enumerator);
-       this->lock->unlock(this->lock);
-
-       return found;
-}
-
-METHOD(imv_manager_t, reserve_id, bool,
-       private_tnc_imv_manager_t *this, TNC_IMVID id, TNC_UInt32 *new_id)
-{
-       enumerator_t *enumerator;
-       imv_t *imv;
-       bool found = FALSE;
-
-       this->lock->read_lock(this->lock);
-       enumerator = this->imvs->create_enumerator(this->imvs);
-       while (enumerator->enumerate(enumerator, &imv))
-       {
-               if (id == imv->get_id(imv))
-               {
-                       found = TRUE;
-                       this->id_mutex->lock(this->id_mutex);
-                       *new_id = this->next_imv_id++;
-                       this->id_mutex->unlock(this->id_mutex);
-                       imv->add_id(imv, *new_id);
-                       DBG2(DBG_TNC, "additional ID %u reserved for IMV with primary ID %u",
-                                                 *new_id, id);
-                       break;
-               }
-       }
-       enumerator->destroy(enumerator);
-       this->lock->unlock(this->lock);
-
-       return found;
-}
-
-METHOD(imv_manager_t, get_recommendation_policy, recommendation_policy_t,
-       private_tnc_imv_manager_t *this)
-{
-       return this->policy;
-}
-
-METHOD(imv_manager_t, create_recommendations, recommendations_t*,
-       private_tnc_imv_manager_t *this)
-{
-       return tnc_imv_recommendations_create(this->imvs);
-}
-
-METHOD(imv_manager_t, enforce_recommendation, bool,
-       private_tnc_imv_manager_t *this, TNC_IMV_Action_Recommendation rec,
-                                                                        TNC_IMV_Evaluation_Result eval)
-{
-       char *group;
-       identification_t *id;
-       ike_sa_t *ike_sa;
-       auth_cfg_t *auth;
-       bool no_access = FALSE;
-
-       DBG1(DBG_TNC, "final recommendation is '%N' and evaluation is '%N'",
-                TNC_IMV_Action_Recommendation_names, rec,
-                TNC_IMV_Evaluation_Result_names, eval);
-
-       switch (rec)
-       {
-               case TNC_IMV_ACTION_RECOMMENDATION_ALLOW:
-                       group = "allow";
-                       break;
-               case TNC_IMV_ACTION_RECOMMENDATION_ISOLATE:
-                       group = "isolate";
-                       break;
-               case TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS:
-               case TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION:
-               default:
-                       group = "no access";
-                       no_access = TRUE;
-                       break;
-       }
-
-       ike_sa = charon->bus->get_sa(charon->bus);
-       if (!ike_sa)
-       {
-               DBG1(DBG_TNC, "policy enforcement point did not find IKE_SA");
-               return FALSE;
-       }
-
-       id = ike_sa->get_other_id(ike_sa);
-       DBG0(DBG_TNC, "policy enforced on peer '%Y' is '%s'", id, group);
-
-       if (no_access)
-       {
-               return FALSE;
-       }
-       else
-       {
-               auth = ike_sa->get_auth_cfg(ike_sa, FALSE);
-               id = identification_create_from_string(group);
-               auth->add(auth, AUTH_RULE_GROUP, id);
-               DBG1(DBG_TNC, "policy enforcement point added group membership '%s'",
-                        group);
-       }
-       return TRUE;
-}
-
-
-METHOD(imv_manager_t, notify_connection_change, void,
-       private_tnc_imv_manager_t *this, TNC_ConnectionID id,
-                                                                        TNC_ConnectionState state)
-{
-       enumerator_t *enumerator;
-       imv_t *imv;
-
-       this->lock->read_lock(this->lock);
-       enumerator = this->imvs->create_enumerator(this->imvs);
-       while (enumerator->enumerate(enumerator, &imv))
-       {
-               if (imv->notify_connection_change)
-               {
-                       imv->notify_connection_change(imv->get_id(imv), id, state);
-               }
-       }
-       enumerator->destroy(enumerator);
-       this->lock->unlock(this->lock);
-}
-
-METHOD(imv_manager_t, set_message_types, TNC_Result,
-       private_tnc_imv_manager_t *this, TNC_IMVID id,
-                                                                        TNC_MessageTypeList supported_types,
-                                                                        TNC_UInt32 type_count)
-{
-       enumerator_t *enumerator;
-       imv_t *imv;
-       TNC_Result result = TNC_RESULT_FATAL;
-
-       this->lock->read_lock(this->lock);
-       enumerator = this->imvs->create_enumerator(this->imvs);
-       while (enumerator->enumerate(enumerator, &imv))
-       {
-               if (id == imv->get_id(imv))
-               {
-                       imv->set_message_types(imv, supported_types, type_count);
-                       result = TNC_RESULT_SUCCESS;
-                       break;
-               }
-       }
-       enumerator->destroy(enumerator);
-       this->lock->unlock(this->lock);
-       return result;
-}
-
-METHOD(imv_manager_t, set_message_types_long, TNC_Result,
-       private_tnc_imv_manager_t *this, TNC_IMVID id,
-                                                                        TNC_VendorIDList supported_vids,
-                                                                        TNC_MessageSubtypeList supported_subtypes,
-                                                                        TNC_UInt32 type_count)
-{
-       enumerator_t *enumerator;
-       imv_t *imv;
-       TNC_Result result = TNC_RESULT_FATAL;
-
-       this->lock->read_lock(this->lock);
-       enumerator = this->imvs->create_enumerator(this->imvs);
-       while (enumerator->enumerate(enumerator, &imv))
-       {
-               if (id == imv->get_id(imv))
-               {
-                       imv->set_message_types_long(imv, supported_vids, supported_subtypes,
-                                                                               type_count);
-                       result = TNC_RESULT_SUCCESS;
-                       break;
-               }
-       }
-       enumerator->destroy(enumerator);
-       this->lock->unlock(this->lock);
-       return result;
-}
-
-METHOD(imv_manager_t, solicit_recommendation, void,
-       private_tnc_imv_manager_t *this, TNC_ConnectionID id)
-{
-       enumerator_t *enumerator;
-       imv_t *imv;
-
-       this->lock->read_lock(this->lock);
-       enumerator = this->imvs->create_enumerator(this->imvs);
-       while (enumerator->enumerate(enumerator, &imv))
-       {
-               imv->solicit_recommendation(imv->get_id(imv), id);
-       }
-       enumerator->destroy(enumerator);
-       this->lock->unlock(this->lock);
-}
-
-METHOD(imv_manager_t, receive_message, void,
-       private_tnc_imv_manager_t *this, TNC_ConnectionID connection_id,
-                                                                        bool excl,
-                                                                        TNC_BufferReference msg,
-                                                                        TNC_UInt32 msg_len,
-                                                                        TNC_VendorID msg_vid,
-                                                                        TNC_MessageSubtype msg_subtype,
-                                                                        TNC_UInt32 src_imc_id,
-                                                                        TNC_UInt32 dst_imv_id)
-{
-       bool type_supported = FALSE;
-       TNC_MessageType msg_type;
-       TNC_UInt32 msg_flags;
-       enumerator_t *enumerator;
-       imv_t *imv;
-
-       msg_type = (msg_vid << 8) | msg_subtype;
-
-       this->lock->read_lock(this->lock);
-       enumerator = this->imvs->create_enumerator(this->imvs);
-       while (enumerator->enumerate(enumerator, &imv))
-       {
-               if (imv->type_supported(imv, msg_vid, msg_subtype) &&
-                       (!excl || (excl && imv->has_id(imv, dst_imv_id))))
-               {
-                       if (imv->receive_message_long && src_imc_id)
-                       {
-                               type_supported = TRUE;
-                               msg_flags = excl ? TNC_MESSAGE_FLAGS_EXCLUSIVE : 0;
-                               imv->receive_message_long(imv->get_id(imv), connection_id,
-                                                               msg_flags, msg, msg_len, msg_vid, msg_subtype,
-                                                               src_imc_id, dst_imv_id);
-
-                       }
-                       else if (imv->receive_message && msg_vid <= TNC_VENDORID_ANY &&
-                                        msg_subtype <= TNC_SUBTYPE_ANY)
-                       {
-                               type_supported = TRUE;
-                               msg_type = (msg_vid << 8) | msg_subtype;
-                               imv->receive_message(imv->get_id(imv), connection_id,
-                                                                        msg, msg_len, msg_type);
-                       }
-               }
-       }
-       enumerator->destroy(enumerator);
-       this->lock->unlock(this->lock);
-
-       if (!type_supported)
-       {
-               DBG2(DBG_TNC, "message type 0x%06x/0x%08x not supported by any IMV",
-                        msg_vid, msg_subtype);
-       }
-}
-
-METHOD(imv_manager_t, batch_ending, void,
-       private_tnc_imv_manager_t *this, TNC_ConnectionID id)
-{
-       enumerator_t *enumerator;
-       imv_t *imv;
-
-       this->lock->read_lock(this->lock);
-       enumerator = this->imvs->create_enumerator(this->imvs);
-       while (enumerator->enumerate(enumerator, &imv))
-       {
-               if (imv->batch_ending)
-               {
-                       imv->batch_ending(imv->get_id(imv), id);
-               }
-       }
-       enumerator->destroy(enumerator);
-       this->lock->unlock(this->lock);
-}
-
-METHOD(imv_manager_t, destroy, void,
-       private_tnc_imv_manager_t *this)
-{
-       imv_t *imv;
-
-       while (this->imvs->remove_last(this->imvs, (void**)&imv) == SUCCESS)
-       {
-               if (imv->terminate &&
-                       imv->terminate(imv->get_id(imv)) != TNC_RESULT_SUCCESS)
-               {
-                       DBG1(DBG_TNC, "IMV \"%s\" not terminated successfully",
-                                                  imv->get_name(imv));
-               }
-               imv->destroy(imv);
-       }
-       this->imvs->destroy(this->imvs);
-       this->lock->destroy(this->lock);
-       this->id_mutex->destroy(this->id_mutex);
-       free(this);
-}
-
-/**
- * Described in header.
- */
-imv_manager_t* tnc_imv_manager_create(void)
-{
-       private_tnc_imv_manager_t *this;
-       recommendation_policy_t policy;
-
-       INIT(this,
-               .public = {
-                       .add = _add,
-                       .remove = _remove_, /* avoid name conflict with stdio.h */
-                       .load = _load,
-                       .load_from_functions = _load_from_functions,
-                       .is_registered = _is_registered,
-                       .reserve_id = _reserve_id,
-                       .get_recommendation_policy = _get_recommendation_policy,
-                       .create_recommendations = _create_recommendations,
-                       .enforce_recommendation = _enforce_recommendation,
-                       .notify_connection_change = _notify_connection_change,
-                       .set_message_types = _set_message_types,
-                       .set_message_types_long = _set_message_types_long,
-                       .solicit_recommendation = _solicit_recommendation,
-                       .receive_message = _receive_message,
-                       .batch_ending = _batch_ending,
-                       .destroy = _destroy,
-               },
-               .imvs = linked_list_create(),
-               .lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
-               .id_mutex = mutex_create(MUTEX_TYPE_DEFAULT),
-               .next_imv_id = 1,
-       );
-
-       policy = enum_from_name(recommendation_policy_names,
-                               lib->settings->get_str(lib->settings,
-                                       "%s.plugins.tnc-imv.recommendation_policy", "default",
-                                       charon->name));
-       this->policy = (policy != -1) ? policy : RECOMMENDATION_POLICY_DEFAULT;
-       DBG1(DBG_TNC, "TNC recommendation policy is '%N'",
-                                  recommendation_policy_names, this->policy);
-
-       return &this->public;
-}
diff --git a/src/libcharon/plugins/tnc_imv/tnc_imv_manager.h b/src/libcharon/plugins/tnc_imv/tnc_imv_manager.h
deleted file mode 100644 (file)
index 2fe9e7a..0000000
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
- * Copyright (C) 2010 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-/**
- *
- * @defgroup tnc_imv_manager tnc_imv_manager
- * @{ @ingroup tnc_imv
- */
-
-#ifndef TNC_IMV_MANAGER_H_
-#define TNC_IMV_MANAGER_H_
-
-#include <tnc/imv/imv_manager.h>
-
-/**
- * Create an IMV manager instance.
- */
-imv_manager_t *tnc_imv_manager_create();
-
-#endif /** TNC_IMV_MANAGER_H_ @}*/
diff --git a/src/libcharon/plugins/tnc_imv/tnc_imv_plugin.c b/src/libcharon/plugins/tnc_imv/tnc_imv_plugin.c
deleted file mode 100644 (file)
index d06c2fc..0000000
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
- * Copyright (C) 2010-2011 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include "tnc_imv_plugin.h"
-#include "tnc_imv_manager.h"
-
-#include <tnc/tnc.h>
-
-
-typedef struct private_tnc_imv_plugin_t private_tnc_imv_plugin_t;
-
-/**
- * Private data of a tnc_imv_plugin_t object.
- */
-struct private_tnc_imv_plugin_t {
-
-       /**
-        * Public interface.
-        */
-       tnc_imv_plugin_t public;
-
-};
-
-
-METHOD(plugin_t, get_name, char*,
-       tnc_imv_plugin_t *this)
-{
-       return "tnc-imv";
-}
-
-METHOD(plugin_t, get_features, int,
-       private_tnc_imv_plugin_t *this, plugin_feature_t *features[])
-{
-       static plugin_feature_t f[] = {
-               PLUGIN_CALLBACK(tnc_manager_register, tnc_imv_manager_create),
-                       PLUGIN_PROVIDE(CUSTOM, "imv-manager"),
-                               PLUGIN_DEPENDS(CUSTOM, "tnccs-manager"),
-                               PLUGIN_SDEPEND(CERT_DECODE, CERT_X509),
-                               PLUGIN_SDEPEND(CERT_DECODE, CERT_TRUSTED_PUBKEY),
-                               PLUGIN_SDEPEND(DATABASE, DB_ANY),
-       };
-       *features = f;
-       return countof(f);
-}
-
-METHOD(plugin_t, destroy, void,
-       private_tnc_imv_plugin_t *this)
-{
-       free(this);
-}
-
-/*
- * see header file
- */
-plugin_t *tnc_imv_plugin_create()
-{
-       private_tnc_imv_plugin_t *this;
-
-       INIT(this,
-               .public = {
-                       .plugin = {
-                               .get_name = _get_name,
-                               .get_features = _get_features,
-                               .destroy = _destroy,
-                       },
-               },
-       );
-
-       return &this->public.plugin;
-}
-
diff --git a/src/libcharon/plugins/tnc_imv/tnc_imv_plugin.h b/src/libcharon/plugins/tnc_imv/tnc_imv_plugin.h
deleted file mode 100644 (file)
index afeee2e..0000000
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Copyright (C) 2010 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup tnc_imv tnc_imv
- * @ingroup cplugins
- *
- * @defgroup tnc_imv_plugin tnc_imv_plugin
- * @{ @ingroup tnc_imv
- */
-
-#ifndef TNC_IMV_PLUGIN_H_
-#define TNC_IMV_PLUGIN_H_
-
-#include <plugins/plugin.h>
-
-typedef struct tnc_imv_plugin_t tnc_imv_plugin_t;
-
-/**
- * TNC IMV plugin
- */
-struct tnc_imv_plugin_t {
-
-       /**
-        * implements plugin interface
-        */
-       plugin_t plugin;
-};
-
-#endif /** TNC_IMV_PLUGIN_H_ @}*/
diff --git a/src/libcharon/plugins/tnc_imv/tnc_imv_recommendations.c b/src/libcharon/plugins/tnc_imv/tnc_imv_recommendations.c
deleted file mode 100644 (file)
index a9dbb2b..0000000
+++ /dev/null
@@ -1,406 +0,0 @@
-/*
- * Copyright (C) 2010-2012 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include <tncifimv.h>
-#include <tncif_names.h>
-#include <tncif_policy.h>
-
-#include <tnc/tnc.h>
-#include <tnc/imv/imv.h>
-#include <tnc/imv/imv_manager.h>
-#include <tnc/imv/imv_recommendations.h>
-
-#include <utils/debug.h>
-#include <collections/linked_list.h>
-
-typedef struct private_tnc_imv_recommendations_t private_tnc_imv_recommendations_t;
-typedef struct recommendation_entry_t recommendation_entry_t;
-
-/**
- * Recommendation entry
- */
-struct recommendation_entry_t {
-
-       /**
-        * IMV ID
-        */
-       TNC_IMVID id;
-
-       /**
-        * Received a recommendation message from this IMV?
-        */
-       bool have_recommendation;
-
-       /**
-        * Action Recommendation provided by IMV instance
-        */
-       TNC_IMV_Action_Recommendation rec;
-
-       /**
-        * Evaluation Result provided by IMV instance
-        */
-       TNC_IMV_Evaluation_Result eval;
-
-       /**
-        * Reason string provided by IMV instance
-        */
-       chunk_t reason;
-
-       /**
-        * Reason language provided by IMV instance
-        */
-       chunk_t reason_language;
-};
-
-/**
- * Private data of a recommendations_t object.
- */
-struct private_tnc_imv_recommendations_t {
-
-       /**
-        * Public members of recommendations_t.
-        */
-       recommendations_t public;
-
-       /**
-        * list of recommendations and evaluations provided by IMVs
-        */
-       linked_list_t *recs;
-
-       /**
-        * Preferred language for remediation messages
-        */
-       chunk_t preferred_language;
-};
-
-METHOD(recommendations_t, provide_recommendation, TNC_Result,
-       private_tnc_imv_recommendations_t* this, TNC_IMVID id,
-                                                                                        TNC_IMV_Action_Recommendation rec,
-                                                                                        TNC_IMV_Evaluation_Result eval)
-{
-       enumerator_t *enumerator;
-       recommendation_entry_t *entry;
-       bool found = FALSE;
-
-       DBG2(DBG_TNC, "IMV %u provides recommendation '%N' and evaluation '%N'", id,
-                TNC_IMV_Action_Recommendation_names, rec,
-                TNC_IMV_Evaluation_Result_names, eval);
-
-       enumerator = this->recs->create_enumerator(this->recs);
-       while (enumerator->enumerate(enumerator, &entry))
-       {
-               if (entry->id == id)
-               {
-                       found = TRUE;
-                       entry->have_recommendation = TRUE;
-                       entry->rec = rec;
-                       entry->eval = eval;
-                       break;
-               }
-       }
-       enumerator->destroy(enumerator);
-       return found ? TNC_RESULT_SUCCESS : TNC_RESULT_FATAL;
-}
-
-METHOD(recommendations_t, have_recommendation, bool,
-       private_tnc_imv_recommendations_t *this, TNC_IMV_Action_Recommendation *rec,
-                                                                                        TNC_IMV_Evaluation_Result *eval)
-{
-       enumerator_t *enumerator;
-       recommendation_entry_t *entry;
-       recommendation_policy_t policy;
-       TNC_IMV_Action_Recommendation final_rec;
-       TNC_IMV_Evaluation_Result final_eval;
-       bool first = TRUE, incomplete = FALSE;
-
-       final_rec  = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION;
-       final_eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
-       if (rec && eval)
-       {
-               *rec  = final_rec;
-               *eval = final_eval;
-       }
-
-       if (this->recs->get_count(this->recs) == 0)
-       {
-               DBG1(DBG_TNC, "there are no IMVs to make a recommendation");
-               return TRUE;
-       }
-       policy = tnc->imvs->get_recommendation_policy(tnc->imvs);
-
-       enumerator = this->recs->create_enumerator(this->recs);
-       while (enumerator->enumerate(enumerator, &entry))
-       {
-               if (!entry->have_recommendation)
-               {
-                       incomplete = TRUE;
-                       break;
-               }
-               if (first)
-               {
-                       final_rec = entry->rec;
-                       final_eval = entry->eval;
-                       first = FALSE;
-                       continue;
-               }
-               switch (policy)
-               {
-                       case RECOMMENDATION_POLICY_DEFAULT:
-                               final_rec = tncif_policy_update_recommendation(final_rec,
-                                                                                                                          entry->rec);
-                               final_eval = tncif_policy_update_evaluation(final_eval,
-                                                                                                                       entry->eval);
-                               break;
-
-                       case RECOMMENDATION_POLICY_ALL:
-                               if (entry->rec != final_rec)
-                               {
-                                       final_rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION;
-                               }
-                               if (entry->eval != final_eval)
-                               {
-                                       final_eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
-                               }
-                               break;
-
-                       case RECOMMENDATION_POLICY_ANY:
-                               switch (entry->rec)
-                               {
-                                       case TNC_IMV_ACTION_RECOMMENDATION_ALLOW:
-                                               final_rec = entry->rec;
-                                               break;
-                                       case TNC_IMV_ACTION_RECOMMENDATION_ISOLATE:
-                                               if (final_rec != TNC_IMV_ACTION_RECOMMENDATION_ALLOW)
-                                               {
-                                                       final_rec = entry->rec;
-                                               };
-                                               break;
-                                       case TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS:
-                                               if (final_rec == TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION)
-                                               {
-                                                       final_rec = entry->rec;
-                                               };
-                                               break;
-                                       case TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION:
-                                               break;
-                               }
-                               switch (entry->eval)
-                               {
-                                       case TNC_IMV_EVALUATION_RESULT_COMPLIANT:
-                                               final_eval = entry->eval;
-                                               break;
-                                       case TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR:
-                                               if (final_eval != TNC_IMV_EVALUATION_RESULT_COMPLIANT)
-                                               {
-                                                       final_eval = entry->eval;
-                                               }
-                                               break;
-                                       case TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MAJOR:
-                                               if (final_eval != TNC_IMV_EVALUATION_RESULT_COMPLIANT &&
-                                                       final_eval != TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR)
-                                               {
-                                                       final_eval = entry->eval;
-                                               }
-                                               break;
-                                       case TNC_IMV_EVALUATION_RESULT_ERROR:
-                                               if (final_eval == TNC_IMV_EVALUATION_RESULT_DONT_KNOW)
-                                               {
-                                                       final_eval = entry->eval;
-                                               }
-                                               break;
-                                       case TNC_IMV_EVALUATION_RESULT_DONT_KNOW:
-                                               break;
-                               }
-               }
-       }
-       enumerator->destroy(enumerator);
-
-       if (incomplete)
-       {
-               return FALSE;
-       }
-       if (rec && eval)
-       {
-               *rec  = final_rec;
-               *eval = final_eval;
-       }
-       return TRUE;
-}
-
-METHOD(recommendations_t, clear_recommendation, void,
-       private_tnc_imv_recommendations_t *this)
-{
-       enumerator_t *enumerator;
-       recommendation_entry_t *entry;
-
-       enumerator = this->recs->create_enumerator(this->recs);
-       while (enumerator->enumerate(enumerator, &entry))
-       {
-               entry->have_recommendation = FALSE;
-               entry->rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION;
-               entry->eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
-               chunk_clear(&entry->reason);
-               chunk_clear(&entry->reason_language);
-       }
-       enumerator->destroy(enumerator);
-}
-
-METHOD(recommendations_t, get_preferred_language, chunk_t,
-       private_tnc_imv_recommendations_t *this)
-{
-       return this->preferred_language;
-}
-
-METHOD(recommendations_t, set_preferred_language, void,
-       private_tnc_imv_recommendations_t *this, chunk_t pref_lang)
-{
-       free(this->preferred_language.ptr);
-       this->preferred_language = chunk_clone(pref_lang);
-}
-
-METHOD(recommendations_t, set_reason_string, TNC_Result,
-       private_tnc_imv_recommendations_t *this, TNC_IMVID id, chunk_t reason)
-{
-       enumerator_t *enumerator;
-       recommendation_entry_t *entry;
-       bool found = FALSE;
-
-       DBG2(DBG_TNC, "IMV %u is setting reason string to '%.*s'",
-                id, (int)reason.len, reason.ptr);
-
-       enumerator = this->recs->create_enumerator(this->recs);
-       while (enumerator->enumerate(enumerator, &entry))
-       {
-               if (entry->id == id)
-               {
-                       found = TRUE;
-                       free(entry->reason.ptr);
-                       entry->reason = chunk_clone(reason);
-                       break;
-               }
-       }
-       enumerator->destroy(enumerator);
-       return found ? TNC_RESULT_SUCCESS : TNC_RESULT_INVALID_PARAMETER;
-}
-
-METHOD(recommendations_t, set_reason_language, TNC_Result,
-       private_tnc_imv_recommendations_t *this, TNC_IMVID id, chunk_t reason_lang)
-{
-       enumerator_t *enumerator;
-       recommendation_entry_t *entry;
-       bool found = FALSE;
-
-       DBG2(DBG_TNC, "IMV %u is setting reason language to '%.*s'",
-                id, (int)reason_lang.len, reason_lang.ptr);
-
-       enumerator = this->recs->create_enumerator(this->recs);
-       while (enumerator->enumerate(enumerator, &entry))
-       {
-               if (entry->id == id)
-               {
-                       found = TRUE;
-                       free(entry->reason_language.ptr);
-                       entry->reason_language = chunk_clone(reason_lang);
-                       break;
-               }
-       }
-       enumerator->destroy(enumerator);
-       return found ? TNC_RESULT_SUCCESS : TNC_RESULT_INVALID_PARAMETER;
-}
-
-/**
- * Enumerate reason and reason_language, not recommendation entries
- */
-static bool reason_filter(void *null, recommendation_entry_t **entry,
-                                                TNC_IMVID *id, void *i2, chunk_t *reason, void *i3,
-                                                chunk_t *reason_language)
-{
-       if ((*entry)->reason.len)
-       {
-               *id = (*entry)->id;
-               *reason = (*entry)->reason;
-               *reason_language = (*entry)->reason_language;
-               return TRUE;
-       }
-       else
-       {
-               return FALSE;
-       }
-}
-
-METHOD(recommendations_t, create_reason_enumerator, enumerator_t*,
-       private_tnc_imv_recommendations_t *this)
-{
-       return enumerator_create_filter(this->recs->create_enumerator(this->recs),
-                                       (void*)reason_filter, NULL, NULL);
-}
-
-METHOD(recommendations_t, destroy, void,
-       private_tnc_imv_recommendations_t *this)
-{
-       recommendation_entry_t *entry;
-
-       while (this->recs->remove_last(this->recs, (void**)&entry) == SUCCESS)
-       {
-               free(entry->reason.ptr);
-               free(entry->reason_language.ptr);
-               free(entry);
-       }
-       this->recs->destroy(this->recs);
-       free(this->preferred_language.ptr);
-       free(this);
-}
-
-/**
- * Described in header.
- */
-recommendations_t* tnc_imv_recommendations_create(linked_list_t *imv_list)
-{
-       private_tnc_imv_recommendations_t *this;
-       recommendation_entry_t *entry;
-       enumerator_t *enumerator;
-       imv_t *imv;
-
-       INIT(this,
-               .public = {
-                       .provide_recommendation = _provide_recommendation,
-                       .have_recommendation = _have_recommendation,
-                       .clear_recommendation = _clear_recommendation,
-                       .get_preferred_language = _get_preferred_language,
-                       .set_preferred_language = _set_preferred_language,
-                       .set_reason_string = _set_reason_string,
-                       .set_reason_language = _set_reason_language,
-                       .create_reason_enumerator = _create_reason_enumerator,
-                       .destroy = _destroy,
-               },
-               .recs = linked_list_create(),
-       );
-
-       enumerator = imv_list->create_enumerator(imv_list);
-       while (enumerator->enumerate(enumerator, &imv))
-       {
-               entry = malloc_thing(recommendation_entry_t);
-               entry->id = imv->get_id(imv);
-               entry->have_recommendation = FALSE;
-               entry->rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION;
-               entry->eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
-               entry->reason = chunk_empty;
-               entry->reason_language = chunk_empty;
-               this->recs->insert_last(this->recs, entry);
-       }
-       enumerator->destroy(enumerator);
-
-       return &this->public;
-}
diff --git a/src/libcharon/plugins/tnc_imv/tnc_imv_recommendations.h b/src/libcharon/plugins/tnc_imv/tnc_imv_recommendations.h
deleted file mode 100644 (file)
index 66d03b2..0000000
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
- * Copyright (C) 2010 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-/**
- *
- * @defgroup tnc_imv_manager tnc_imv_manager
- * @{ @ingroup tnc_imv
- */
-
-#ifndef TNC_IMV_RECOMMENDATIONS_H_
-#define TNC_IMV_RECOMMENDATIONS_H_
-
-#include <tnc/imv/imv_recommendations.h>
-#include <collections/linked_list.h>
-
-/**
- * Create an IMV empty recommendations instance
- */
-recommendations_t *tnc_imv_recommendations_create();
-
-#endif /** TNC_IMV_RECOMMENDATIONS_H_ @}*/
index 686df15..707b113 100644 (file)
@@ -26,6 +26,9 @@
 
 #include <tnc/tnc.h>
 
+#include <tncifimv.h>
+#include <tncif_names.h>
+
 #include <daemon.h>
 #include <utils/debug.h>
 #include <pen/pen.h>
@@ -563,6 +566,19 @@ end:
 }
 
 /**
+ * Callback function to get recommendation from TNCCS connection
+ */
+static bool get_recommendation(TNC_IMV_Action_Recommendation rec,
+                                                          TNC_IMV_Evaluation_Result eval)
+{
+       DBG1(DBG_TNC, "final recommendation is '%N' and evaluation is '%N'",
+                TNC_IMV_Action_Recommendation_names, rec,
+                TNC_IMV_Evaluation_Result_names, eval);
+
+       return TRUE;
+}
+
+/**
  * Get more data on a PT-TLS connection
  */
 static bool pt_tls_receive_more(pt_tls_server_t *this, int fd,
@@ -607,7 +623,8 @@ static bool pt_tls_receive(private_tnc_pdp_t *this, int fd, watcher_event_t even
        peer = identification_create_from_encoding(ID_ANY, chunk_empty),
 
        tnccs = tnc->tnccs->create_instance(tnc->tnccs, TNCCS_2_0, TRUE,
-                                                                               this->server, peer, TNC_IFT_TLS_2_0);
+                                                                               this->server, peer, TNC_IFT_TLS_2_0,
+                                                                               (tnccs_cb_t)get_recommendation);
        peer->destroy(peer);
 
        if (!tnccs)
index 8d618c3..d1f8825 100644 (file)
@@ -40,6 +40,13 @@ if MONOLITHIC
 endif
 endif
 
+if USE_TNC_IMV
+  SUBDIRS += plugins/tnc_imv
+if MONOLITHIC
+  libtnccs_la_LIBADD += plugins/tnc_imv/libstrongswan-tnc-imv.la
+endif
+endif
+
 if USE_TNCCS_11
   SUBDIRS += plugins/tnccs_11
 if MONOLITHIC
index cbecf14..7c52ab3 100644 (file)
@@ -1,6 +1,5 @@
 /*
- * Copyright (C) 2006 Mike McCauley
- * Copyright (C) 2010-2011 Andreas Steffen,
+ * Copyright (C) 2010-2013 Andreas Steffen,
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
diff --git a/src/libtnccs/plugins/tnc_imv/Makefile.am b/src/libtnccs/plugins/tnc_imv/Makefile.am
new file mode 100644 (file)
index 0000000..0541d4c
--- /dev/null
@@ -0,0 +1,24 @@
+AM_CPPFLAGS = \
+       -I$(top_srcdir)/src/libstrongswan \
+       -I$(top_srcdir)/src/libtncif \
+       -I$(top_srcdir)/src/libtnccs \
+       -I$(top_srcdir)/src/libtls
+
+AM_CFLAGS = \
+       -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-tnc-imv.la
+else
+plugin_LTLIBRARIES = libstrongswan-tnc-imv.la
+libstrongswan_tnc_imv_la_LIBADD = \
+       $(top_builddir)/src/libtncif/libtncif.la \
+       $(top_builddir)/src/libtnccs/libtnccs.la
+endif
+
+libstrongswan_tnc_imv_la_SOURCES = \
+       tnc_imv_plugin.h tnc_imv_plugin.c tnc_imv.h tnc_imv.c \
+       tnc_imv_manager.h tnc_imv_manager.c tnc_imv_bind_function.c \
+       tnc_imv_recommendations.h tnc_imv_recommendations.c
+
+libstrongswan_tnc_imv_la_LDFLAGS = -module -avoid-version
diff --git a/src/libtnccs/plugins/tnc_imv/tnc_imv.c b/src/libtnccs/plugins/tnc_imv/tnc_imv.c
new file mode 100644 (file)
index 0000000..ebf9045
--- /dev/null
@@ -0,0 +1,424 @@
+/*
+ * Copyright (C) 2010-2013 Andreas Steffen,
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "tnc_imv.h"
+
+#include <dlfcn.h>
+
+#include <tncif_pa_subtypes.h>
+
+#include <utils/debug.h>
+#include <library.h>
+#include <collections/linked_list.h>
+#include <threading/mutex.h>
+
+typedef struct private_tnc_imv_t private_tnc_imv_t;
+
+/**
+ * Private data of an imv_t object.
+ */
+struct private_tnc_imv_t {
+
+       /**
+        * Public members of imv_t.
+        */
+       imv_t public;
+
+       /**
+        * Name of loaded IMV
+        */
+       char *name;
+
+       /**
+        * Handle of loaded IMV
+        */
+       void *handle;
+
+       /**
+        * ID of loaded IMV
+        */
+       TNC_IMVID id;
+
+       /**
+        * List of additional IMV IDs
+        */
+       linked_list_t *additional_ids;
+
+       /**
+        * List of message types supported by IMV - Vendor ID part
+        */
+       TNC_VendorIDList supported_vids;
+
+       /**
+        * List of message types supported by IMV - Subtype part
+        */
+       TNC_MessageSubtypeList supported_subtypes;
+
+       /**
+        * Number of supported message types
+        */
+       TNC_UInt32 type_count;
+
+       /**
+        * mutex to lock the imv_t object
+        */
+       mutex_t *mutex;
+};
+
+METHOD(imv_t, set_id, void,
+       private_tnc_imv_t *this, TNC_IMVID id)
+{
+       this->id = id;
+}
+
+METHOD(imv_t, get_id, TNC_IMVID,
+       private_tnc_imv_t *this)
+{
+       return this->id;
+}
+
+METHOD(imv_t, add_id, void,
+       private_tnc_imv_t *this, TNC_IMVID id)
+{
+       TNC_IMVID *new_id;
+
+       new_id = malloc_thing(TNC_IMVID);
+       *new_id = id;
+       this->additional_ids->insert_last(this->additional_ids, new_id);
+}
+
+METHOD(imv_t, has_id, bool,
+       private_tnc_imv_t *this, TNC_IMVID id)
+{
+       enumerator_t *enumerator;
+       TNC_IMVID *additional_id;
+       bool found = FALSE;
+
+       /* check primary IMV ID */
+       if (id == this->id)
+       {
+               return TRUE;
+       }
+
+       /* return if there are no additional IMV IDs */
+       if (this->additional_ids->get_count(this->additional_ids) == 0)
+       {
+               return FALSE;
+       }
+
+       /* check additional IMV IDs */
+       enumerator = this->additional_ids->create_enumerator(this->additional_ids);
+       while (enumerator->enumerate(enumerator, &additional_id))
+       {
+               if (id == *additional_id)
+               {
+                       found = TRUE;
+                       break;
+               }
+       }
+       enumerator->destroy(enumerator);
+
+       return found;
+}
+
+METHOD(imv_t, get_name, char*,
+       private_tnc_imv_t *this)
+{
+       return this->name;
+}
+
+METHOD(imv_t, set_message_types, void,
+       private_tnc_imv_t *this, TNC_MessageTypeList supported_types,
+                                                        TNC_UInt32 type_count)
+{
+       char buf[BUF_LEN];
+       char *pos = buf;
+       int len = sizeof(buf);
+       int i, written;
+       size_t size;
+       TNC_VendorID vid;
+       TNC_MessageSubtype subtype;
+       enum_name_t *pa_subtype_names;
+
+       /* lock the imv_t instance */
+       this->mutex->lock(this->mutex);
+
+       /* Free existing VendorID and MessageSubtype lists */
+       free(this->supported_vids);
+       this->supported_vids = NULL;
+       free(this->supported_subtypes);
+       this->supported_subtypes = NULL;
+
+       /* Store the new MessageType list */
+       this->type_count = type_count;
+       if (type_count && supported_types)
+       {
+               size = type_count * sizeof(TNC_VendorID);
+               this->supported_vids = malloc(size);
+               size = type_count * sizeof(TNC_MessageSubtype);
+               this->supported_subtypes = malloc(size);
+
+               for (i = 0; i < type_count; i++)
+               {
+                       vid = (supported_types[i] >> 8) & TNC_VENDORID_ANY;
+                       subtype = supported_types[i] & TNC_SUBTYPE_ANY;
+
+                       pa_subtype_names = get_pa_subtype_names(vid);
+                       if (pa_subtype_names)
+                       {
+                               written = snprintf(pos, len," '%N/%N' 0x%06x/0x%02x",
+                                                                  pen_names, vid, pa_subtype_names, subtype,
+                                                                  vid, subtype);
+                       }
+                       else
+                       {
+                               written = snprintf(pos, len," '%N' 0x%06x/0x%02x",
+                                                                  pen_names, vid, vid, subtype);
+                       }
+                       if (written >= len)
+                       {
+                               break;
+                       }
+                       pos += written;
+                       len -= written;
+
+                       this->supported_vids[i] = vid;
+                       this->supported_subtypes[i] = subtype;
+               }
+       }
+       *pos = '\0';
+       DBG2(DBG_TNC, "IMV %u supports %u message type%s:%s",
+                                 this->id, type_count, (type_count == 1) ? "":"s", buf);
+
+       /* unlock the imv_t instance */
+       this->mutex->unlock(this->mutex);
+}
+
+METHOD(imv_t, set_message_types_long, void,
+       private_tnc_imv_t *this, TNC_VendorIDList supported_vids,
+       TNC_MessageSubtypeList supported_subtypes, TNC_UInt32 type_count)
+{
+       char buf[BUF_LEN];
+       char *pos = buf;
+       int len = sizeof(buf);
+       int i, written;
+       size_t size;
+       TNC_VendorID vid;
+       TNC_MessageSubtype subtype;
+       enum_name_t *pa_subtype_names;
+
+       /* lock the imv_t instance */
+       this->mutex->lock(this->mutex);
+
+       /* Free existing VendorID and MessageSubtype lists */
+       free(this->supported_vids);
+       this->supported_vids = NULL;
+       free(this->supported_subtypes);
+       this->supported_subtypes = NULL;
+
+       /* Store the new MessageType list */
+       this->type_count = type_count;
+       if (type_count && supported_vids && supported_subtypes)
+       {
+               size = type_count * sizeof(TNC_VendorID);
+               this->supported_vids = malloc(size);
+               memcpy(this->supported_vids, supported_vids, size);
+               size = type_count * sizeof(TNC_MessageSubtype);
+               this->supported_subtypes = malloc(size);
+               memcpy(this->supported_subtypes, supported_subtypes, size);
+
+               for (i = 0; i < type_count; i++)
+               {
+                       vid = supported_vids[i];
+                       subtype = supported_subtypes[i];
+
+                       pa_subtype_names = get_pa_subtype_names(vid);
+                       if (pa_subtype_names)
+                       {
+                               written = snprintf(pos, len," '%N/%N' 0x%06x/0x%08x",
+                                                                  pen_names, vid, pa_subtype_names, subtype,
+                                                                  vid, subtype);
+                       }
+                       else
+                       {
+                               written = snprintf(pos, len," '%N' 0x%06x/0x%08x",
+                                                                  pen_names, vid, vid, subtype);
+                       }
+                       if (written >= len)
+                       {
+                               break;
+                       }
+                       pos += written;
+                       len -= written;
+               }
+       }
+       *pos = '\0';
+       DBG2(DBG_TNC, "IMV %u supports %u message type%s:%s",
+                                 this->id, type_count, (type_count == 1) ? "":"s", buf);
+
+       /* unlock the imv_t instance */
+       this->mutex->unlock(this->mutex);
+}
+
+METHOD(imv_t, type_supported, bool,
+       private_tnc_imv_t *this, TNC_VendorID msg_vid, TNC_MessageSubtype msg_subtype)
+{
+       TNC_VendorID vid;
+       TNC_MessageSubtype subtype;
+       int i;
+
+       for (i = 0; i < this->type_count; i++)
+       {
+               vid = this->supported_vids[i];
+               subtype = this->supported_subtypes[i];
+
+               if ((vid == TNC_VENDORID_ANY && subtype == TNC_SUBTYPE_ANY) ||
+                       (vid == msg_vid && (subtype == TNC_SUBTYPE_ANY ||
+                        subtype == msg_subtype)))
+               {
+                       return TRUE;
+               }
+       }
+       return FALSE;
+}
+
+METHOD(imv_t, destroy, void,
+       private_tnc_imv_t *this)
+{
+       if (this->handle && lib->settings->get_bool(lib->settings,
+                               "libtnccs.plugins.tnc-imv.dlclose", TRUE))
+       {
+               dlclose(this->handle);
+       }
+       this->mutex->destroy(this->mutex);
+       this->additional_ids->destroy_function(this->additional_ids, free);
+       free(this->supported_vids);
+       free(this->supported_subtypes);
+       free(this->name);
+       free(this);
+}
+
+/**
+ * Generic constructor.
+ */
+static private_tnc_imv_t* tnc_imv_create_empty(char *name)
+{
+       private_tnc_imv_t *this;
+
+       INIT(this,
+               .public = {
+                       .set_id = _set_id,
+                       .get_id = _get_id,
+                       .add_id = _add_id,
+                       .has_id = _has_id,
+                       .get_name = _get_name,
+                       .set_message_types = _set_message_types,
+                       .set_message_types_long = _set_message_types_long,
+                       .type_supported = _type_supported,
+                       .destroy = _destroy,
+               },
+               .name = strdup(name),
+               .additional_ids = linked_list_create(),
+               .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
+       );
+
+       return this;
+}
+
+/**
+ * Described in header.
+ */
+imv_t* tnc_imv_create(char *name, char *path)
+{
+       private_tnc_imv_t *this;
+
+       this = tnc_imv_create_empty(name);
+
+       this->handle = dlopen(path, RTLD_LAZY);
+       if (!this->handle)
+       {
+               DBG1(DBG_TNC, "IMV \"%s\" failed to load: %s", name, dlerror());
+               destroy(this);
+               return NULL;
+       }
+
+       this->public.initialize = dlsym(this->handle, "TNC_IMV_Initialize");
+       if (!this->public.initialize)
+       {
+               DBG1(DBG_TNC, "could not resolve TNC_IMV_Initialize in %s: %s\n",
+                                          path, dlerror());
+               destroy(this);
+               return NULL;
+       }
+       this->public.notify_connection_change =
+                                               dlsym(this->handle, "TNC_IMV_NotifyConnectionChange");
+       this->public.solicit_recommendation =
+                                               dlsym(this->handle, "TNC_IMV_SolicitRecommendation");
+       if (!this->public.solicit_recommendation)
+       {
+               DBG1(DBG_TNC, "could not resolve TNC_IMV_SolicitRecommendation in %s: %s\n",
+                                          path, dlerror());
+               destroy(this);
+               return NULL;
+       }
+       this->public.receive_message =
+                                               dlsym(this->handle, "TNC_IMV_ReceiveMessage");
+       this->public.receive_message_long =
+                                               dlsym(this->handle, "TNC_IMV_ReceiveMessageLong");
+       this->public.batch_ending =
+                                               dlsym(this->handle, "TNC_IMV_BatchEnding");
+       this->public.terminate =
+                                               dlsym(this->handle, "TNC_IMV_Terminate");
+       this->public.provide_bind_function =
+                                               dlsym(this->handle, "TNC_IMV_ProvideBindFunction");
+       if (!this->public.provide_bind_function)
+       {
+               DBG1(DBG_TNC, "could not resolve TNC_IMV_ProvideBindFunction in %s: %s\n",
+                                         path, dlerror());
+               destroy(this);
+               return NULL;
+       }
+
+       return &this->public;
+}
+
+/**
+ * Described in header.
+ */
+imv_t* tnc_imv_create_from_functions(char *name,
+                               TNC_IMV_InitializePointer initialize,
+                               TNC_IMV_NotifyConnectionChangePointer notify_connection_change,
+                               TNC_IMV_ReceiveMessagePointer receive_message,
+                               TNC_IMV_ReceiveMessageLongPointer receive_message_long,
+                               TNC_IMV_SolicitRecommendationPointer solicit_recommendation,
+                               TNC_IMV_BatchEndingPointer batch_ending,
+                               TNC_IMV_TerminatePointer terminate,
+                               TNC_IMV_ProvideBindFunctionPointer provide_bind_function)
+{
+       private_tnc_imv_t *this;
+
+       this = tnc_imv_create_empty(name);
+
+       this->public.initialize = initialize;
+       this->public.notify_connection_change = notify_connection_change;
+       this->public.receive_message = receive_message;
+       this->public.receive_message_long = receive_message_long;
+       this->public.solicit_recommendation = solicit_recommendation;
+       this->public.batch_ending = batch_ending;
+       this->public.terminate = terminate;
+       this->public.provide_bind_function = provide_bind_function;
+
+       return &this->public;
+}
diff --git a/src/libtnccs/plugins/tnc_imv/tnc_imv.h b/src/libtnccs/plugins/tnc_imv/tnc_imv.h
new file mode 100644 (file)
index 0000000..e7c7b8b
--- /dev/null
@@ -0,0 +1,60 @@
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ *
+ * @defgroup tnc_imv_t tnc_imv
+ * @{ @ingroup tnc_imv
+ */
+
+#ifndef TNC_IMV_H_
+#define TNC_IMV_H_
+
+#include <tnc/imv/imv.h>
+
+/**
+ * Create an Integrity Measurement Verifier loaded from a library.
+ *
+ * @param name                 name of the IMV
+ * @param filename             path to the dynamic IMV library
+ * @return                             instance of the imv_t interface
+ */
+imv_t* tnc_imv_create(char *name, char *filename);
+
+/**
+ * Create an Integrity Measurement Verifier from a set of IMV functions.
+ *
+ * @param name                                         name of the IMV
+ * @param initialize                           TNC_IMV_InitializePointer
+ * @param notify_connection_change     TNC_IMV_NotifyConnectionChangePointer
+ * @param receive_message                      TNC_IMV_ReceiveMessagePointer
+ * @param receive_message_long         TNC_IMV_ReceiveMessageLongPointer
+ * @param solicit_recommendation       TNC_IMV_SolicitRecommendationPointer
+ * @param batch_ending                         TNC_IMV_BatchEndingPointer
+ * @param terminate                                    TNC_IMV_TerminatePointer
+ * @param provide_bind_function                TNC_IMV_ProvideBindFunctionPointer
+ * @return                                                     instance of the imv_t interface
+ */
+imv_t* tnc_imv_create_from_functions(char *name,
+                               TNC_IMV_InitializePointer initialize,
+                               TNC_IMV_NotifyConnectionChangePointer notify_connection_change,
+                               TNC_IMV_ReceiveMessagePointer receive_message,
+                               TNC_IMV_ReceiveMessageLongPointer receive_message_long,
+                               TNC_IMV_SolicitRecommendationPointer solicit_recommendation,
+                               TNC_IMV_BatchEndingPointer batch_ending,
+                               TNC_IMV_TerminatePointer terminate,
+                               TNC_IMV_ProvideBindFunctionPointer provide_bind_function);
+
+#endif /** TNC_IMV_H_ @}*/
diff --git a/src/libtnccs/plugins/tnc_imv/tnc_imv_bind_function.c b/src/libtnccs/plugins/tnc_imv/tnc_imv_bind_function.c
new file mode 100644 (file)
index 0000000..36cdb7f
--- /dev/null
@@ -0,0 +1,246 @@
+/*
+ * Copyright (C) 2006 Mike McCauley
+ * Copyright (C) 2010-2011 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include <tnc/tnc.h>
+#include <tnc/imv/imv_manager.h>
+#include <tnc/tnccs/tnccs_manager.h>
+
+#include <utils/debug.h>
+
+/**
+ * Called by the IMV to inform a TNCS about the set of message types the IMV
+ * is able to receive
+ */
+TNC_Result TNC_TNCS_ReportMessageTypes(TNC_IMVID imv_id,
+                                                                          TNC_MessageTypeList supported_types,
+                                                                          TNC_UInt32 type_count)
+{
+       if (!tnc->imvs->is_registered(tnc->imvs, imv_id))
+       {
+               DBG1(DBG_TNC, "ignoring ReportMessageTypes() from unregistered IMV %u",
+                                          imv_id);
+               return TNC_RESULT_INVALID_PARAMETER;
+       }
+       return tnc->imvs->set_message_types(tnc->imvs, imv_id, supported_types,
+                                                                               type_count);
+}
+
+/**
+ * Called by the IMV to inform a TNCS about the set of message types the IMV
+ * is able to receive. This function supports long message types.
+ */
+TNC_Result TNC_TNCS_ReportMessageTypesLong(TNC_IMVID imv_id,
+                                                                          TNC_VendorIDList supported_vids,
+                                                                          TNC_MessageSubtypeList supported_subtypes,
+                                                                          TNC_UInt32 type_count)
+{
+       if (!tnc->imvs->is_registered(tnc->imvs, imv_id))
+       {
+               DBG1(DBG_TNC, "ignoring ReportMessageTypesLong() from unregistered IMV %u",
+                                          imv_id);
+               return TNC_RESULT_INVALID_PARAMETER;
+       }
+       return tnc->imvs->set_message_types_long(tnc->imvs, imv_id, supported_vids,
+                                                                                        supported_subtypes, type_count);
+}
+
+/**
+ * Called by the IMV to ask a TNCS to retry an Integrity Check Handshake
+ */
+TNC_Result TNC_TNCS_RequestHandshakeRetry(TNC_IMVID imv_id,
+                                                                                 TNC_ConnectionID connection_id,
+                                                                                 TNC_RetryReason reason)
+{
+       if (!tnc->imvs->is_registered(tnc->imvs, imv_id))
+       {
+               DBG1(DBG_TNC, "ignoring RequestHandshakeRetry() from unregistered IMV %u",
+                                          imv_id);
+               return TNC_RESULT_INVALID_PARAMETER;
+       }
+       return tnc->tnccs->request_handshake_retry(tnc->tnccs, FALSE, imv_id,
+                                                                                          connection_id, reason);
+}
+
+/**
+ * Called by the IMV when an IMV-IMC message is to be sent
+ */
+TNC_Result TNC_TNCS_SendMessage(TNC_IMVID imv_id,
+                                                               TNC_ConnectionID connection_id,
+                                                               TNC_BufferReference msg,
+                                                               TNC_UInt32 msg_len,
+                                                               TNC_MessageType msg_type)
+{
+       TNC_VendorID msg_vid;
+       TNC_MessageSubtype msg_subtype;
+
+       if (!tnc->imvs->is_registered(tnc->imvs, imv_id))
+       {
+               DBG1(DBG_TNC, "ignoring SendMessage() from unregistered IMV %u",
+                                          imv_id);
+               return TNC_RESULT_INVALID_PARAMETER;
+       }
+       msg_vid = (msg_type >> 8) & TNC_VENDORID_ANY;
+       msg_subtype = msg_type & TNC_SUBTYPE_ANY;
+
+       return tnc->tnccs->send_message(tnc->tnccs, TNC_IMCID_ANY, imv_id,
+                                               connection_id, 0, msg, msg_len, msg_vid, msg_subtype);
+}
+
+/**
+ * Called by the IMV when an IMV-IMC message is to be sent over IF-TNCCS 2.0
+ */
+TNC_Result TNC_TNCS_SendMessageLong(TNC_IMVID imv_id,
+                                                                       TNC_ConnectionID connection_id,
+                                                                       TNC_UInt32 msg_flags,
+                                                                       TNC_BufferReference msg,
+                                                                       TNC_UInt32 msg_len,
+                                                                       TNC_VendorID msg_vid,
+                                                                       TNC_MessageSubtype msg_subtype,
+                                                                       TNC_UInt32 imc_id)
+{
+       if (!tnc->imvs->is_registered(tnc->imvs, imv_id))
+       {
+               DBG1(DBG_TNC, "ignoring SendMessageLong() from unregistered IMV %u",
+                                          imv_id);
+               return TNC_RESULT_INVALID_PARAMETER;
+       }
+       return tnc->tnccs->send_message(tnc->tnccs, imc_id, imv_id, connection_id,
+                                                               msg_flags, msg, msg_len, msg_vid, msg_subtype);
+}
+
+/**
+ * Called by the IMV to deliver its IMV Action Recommendation and IMV Evaluation
+ * Result to the TNCS
+ */
+TNC_Result TNC_TNCS_ProvideRecommendation(TNC_IMVID imv_id,
+                                                               TNC_ConnectionID connection_id,
+                                                               TNC_IMV_Action_Recommendation recommendation,
+                                                               TNC_IMV_Evaluation_Result evaluation)
+{
+       if (!tnc->imvs->is_registered(tnc->imvs, imv_id))
+       {
+               DBG1(DBG_TNC, "ignoring ProvideRecommendation() from unregistered IMV %u",
+                                          imv_id);
+               return TNC_RESULT_INVALID_PARAMETER;
+       }
+       return tnc->tnccs->provide_recommendation(tnc->tnccs, imv_id, connection_id,
+                                                                                         recommendation, evaluation);
+}
+
+/**
+ * Called by the IMV to get the value of an attribute associated with a
+ * connection or with the TNCS as a whole.
+ */
+TNC_Result TNC_TNCS_GetAttribute(TNC_IMVID imv_id,
+                                                                TNC_ConnectionID connection_id,
+                                                                TNC_AttributeID attribute_id,
+                                                                TNC_UInt32 buffer_len,
+                                                                TNC_BufferReference buffer,
+                                                                TNC_UInt32 *out_value_len)
+{
+       if (!tnc->imvs->is_registered(tnc->imvs, imv_id))
+       {
+               DBG1(DBG_TNC, "ignoring GetAttribute() from unregistered IMV %u",
+                                          imv_id);
+               return TNC_RESULT_INVALID_PARAMETER;
+       }
+       return tnc->tnccs->get_attribute(tnc->tnccs, FALSE, imv_id, connection_id,
+                                                       attribute_id, buffer_len, buffer, out_value_len);
+}
+
+/**
+ * Called by the IMV to set the value of an attribute associated with a
+ * connection or with the TNCS as a whole.
+ */
+TNC_Result TNC_TNCS_SetAttribute(TNC_IMVID imv_id,
+                                                                TNC_ConnectionID connection_id,
+                                                                TNC_AttributeID attribute_id,
+                                                                TNC_UInt32 buffer_len,
+                                                                TNC_BufferReference buffer)
+{
+       if (!tnc->imvs->is_registered(tnc->imvs, imv_id))
+       {
+               DBG1(DBG_TNC, "ignoring SetAttribute() from unregistered IMV %u",
+                                          imv_id);
+               return TNC_RESULT_INVALID_PARAMETER;
+       }
+       return tnc->tnccs->set_attribute(tnc->tnccs, FALSE, imv_id, connection_id,
+                                                                        attribute_id, buffer_len, buffer);
+}
+
+/**
+ * Called by the IMV when it wants to reserve an additional IMV ID for itself
+ */
+TNC_Result TNC_TNCS_ReserveAdditionalIMVID(TNC_IMVID imv_id, TNC_UInt32 *new_id)
+{
+       if (tnc->imvs->reserve_id(tnc->imvs, imv_id, new_id))
+       {
+               return TNC_RESULT_SUCCESS;
+       }
+       DBG1(DBG_TNC, "ignoring ReserveAdditionalIMVID() from unregistered IMV %u",
+                                  imv_id);
+       return TNC_RESULT_INVALID_PARAMETER;
+}
+
+/**
+ * Called by the IMV when it needs a function pointer
+ */
+TNC_Result TNC_TNCS_BindFunction(TNC_IMVID id,
+                                                                char *function_name,
+                                                                void **function_pointer)
+{
+       if (streq(function_name, "TNC_TNCS_ReportMessageTypes"))
+       {
+               *function_pointer = (void*)TNC_TNCS_ReportMessageTypes;
+       }
+       else if (streq(function_name, "TNC_TNCS_ReportMessageTypesLong"))
+       {
+               *function_pointer = (void*)TNC_TNCS_ReportMessageTypesLong;
+       }
+       else if (streq(function_name, "TNC_TNCS_RequestHandshakeRetry"))
+       {
+               *function_pointer = (void*)TNC_TNCS_RequestHandshakeRetry;
+       }
+       else if (streq(function_name, "TNC_TNCS_SendMessage"))
+       {
+               *function_pointer = (void*)TNC_TNCS_SendMessage;
+       }
+       else if (streq(function_name, "TNC_TNCS_SendMessageLong"))
+       {
+               *function_pointer = (void*)TNC_TNCS_SendMessageLong;
+       }
+       else if (streq(function_name, "TNC_TNCS_ProvideRecommendation"))
+       {
+               *function_pointer = (void*)TNC_TNCS_ProvideRecommendation;
+       }
+       else if (streq(function_name, "TNC_TNCS_GetAttribute"))
+       {
+               *function_pointer = (void*)TNC_TNCS_GetAttribute;
+       }
+       else if (streq(function_name, "TNC_TNCS_SetAttribute"))
+       {
+               *function_pointer = (void*)TNC_TNCS_SetAttribute;
+       }
+    else if (streq(function_name, "TNC_TNCS_ReserveAdditionalIMVID"))
+       {
+               *function_pointer = (void*)TNC_TNCS_ReserveAdditionalIMVID;
+       }
+       else
+       {
+               return TNC_RESULT_INVALID_PARAMETER;
+       }
+       return TNC_RESULT_SUCCESS;
+}
diff --git a/src/libtnccs/plugins/tnc_imv/tnc_imv_manager.c b/src/libtnccs/plugins/tnc_imv/tnc_imv_manager.c
new file mode 100644 (file)
index 0000000..b4f131b
--- /dev/null
@@ -0,0 +1,470 @@
+/*
+ * Copyright (C) 2010-2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "tnc_imv_manager.h"
+#include "tnc_imv.h"
+#include "tnc_imv_recommendations.h"
+
+#include <tncifimv.h>
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/mman.h>
+#include <unistd.h>
+#include <errno.h>
+#include <fcntl.h>
+
+#include <utils/debug.h>
+#include <threading/rwlock.h>
+#include <threading/mutex.h>
+#include <collections/linked_list.h>
+
+typedef struct private_tnc_imv_manager_t private_tnc_imv_manager_t;
+
+/**
+ * Private data of an imv_manager_t object.
+ */
+struct private_tnc_imv_manager_t {
+
+       /**
+        * Public members of imv_manager_t.
+        */
+       imv_manager_t public;
+
+       /**
+        * Linked list of IMVs
+        */
+       linked_list_t *imvs;
+
+       /**
+        * Lock for IMV list
+        */
+       rwlock_t *lock;
+
+       /**
+        * Next IMV ID to be assigned
+        */
+       TNC_IMVID next_imv_id;
+
+       /**
+        * Mutex to access next IMV ID
+        */
+       mutex_t *id_mutex;
+
+       /**
+        * Policy defining how to derive final recommendation from individual ones
+        */
+       recommendation_policy_t policy;
+};
+
+METHOD(imv_manager_t, add, bool,
+       private_tnc_imv_manager_t *this, imv_t *imv)
+{
+       TNC_Version version;
+       TNC_IMVID imv_id;
+
+       this->id_mutex->lock(this->id_mutex);
+       imv_id = this->next_imv_id++;
+       this->id_mutex->unlock(this->id_mutex);
+
+       imv->set_id(imv, imv_id);
+       if (imv->initialize(imv_id, TNC_IFIMV_VERSION_1,
+                                               TNC_IFIMV_VERSION_1, &version) != TNC_RESULT_SUCCESS)
+       {
+               DBG1(DBG_TNC, "IMV \"%s\" failed to initialize", imv->get_name(imv));
+               return FALSE;
+       }
+       this->lock->write_lock(this->lock);
+       this->imvs->insert_last(this->imvs, imv);
+       this->lock->unlock(this->lock);
+
+       if (imv->provide_bind_function(imv->get_id(imv),
+                                                                  TNC_TNCS_BindFunction) != TNC_RESULT_SUCCESS)
+       {
+               if (imv->terminate)
+               {
+                       imv->terminate(imv->get_id(imv));
+               }
+               DBG1(DBG_TNC, "IMV \"%s\" failed to obtain bind function",
+                        imv->get_name(imv));
+               this->lock->write_lock(this->lock);
+               this->imvs->remove_last(this->imvs, (void**)&imv);
+               this->lock->unlock(this->lock);
+               return FALSE;
+       }
+       return TRUE;
+}
+
+METHOD(imv_manager_t, remove_, imv_t*,
+       private_tnc_imv_manager_t *this, TNC_IMVID id)
+{
+       enumerator_t *enumerator;
+       imv_t *imv, *removed_imv = NULL;
+
+       this->lock->write_lock(this->lock);
+       enumerator = this->imvs->create_enumerator(this->imvs);
+       while (enumerator->enumerate(enumerator, &imv))
+       {
+               if (id == imv->get_id(imv))
+               {
+                       this->imvs->remove_at(this->imvs, enumerator);
+                       removed_imv = imv;
+                       break;
+               }
+       }
+       enumerator->destroy(enumerator);
+       this->lock->unlock(this->lock);
+
+       return removed_imv;
+}
+
+METHOD(imv_manager_t, load, bool,
+       private_tnc_imv_manager_t *this, char *name, char *path)
+{
+       imv_t *imv;
+
+       imv = tnc_imv_create(name, path);
+       if (!imv)
+       {
+               return FALSE;
+       }
+       if (!add(this, imv))
+       {
+               imv->destroy(imv);
+               return FALSE;
+       }
+       DBG1(DBG_TNC, "IMV %u \"%s\" loaded from '%s'", imv->get_id(imv), name, path);
+       return TRUE;
+}
+
+METHOD(imv_manager_t, load_from_functions, bool,
+       private_tnc_imv_manager_t *this, char *name,
+       TNC_IMV_InitializePointer initialize,
+       TNC_IMV_NotifyConnectionChangePointer notify_connection_change,
+       TNC_IMV_ReceiveMessagePointer receive_message,
+       TNC_IMV_ReceiveMessageLongPointer receive_message_long,
+       TNC_IMV_SolicitRecommendationPointer solicit_recommendation,
+       TNC_IMV_BatchEndingPointer batch_ending,
+       TNC_IMV_TerminatePointer terminate,
+       TNC_IMV_ProvideBindFunctionPointer provide_bind_function)
+{
+       imv_t *imv;
+
+       imv = tnc_imv_create_from_functions(name,
+                                                                               initialize,notify_connection_change,
+                                                                               receive_message, receive_message_long,
+                                                                               solicit_recommendation, batch_ending,
+                                                                               terminate, provide_bind_function);
+       if (!imv)
+       {
+               return FALSE;
+       }
+       if (!add(this, imv))
+       {
+               imv->destroy(imv);
+               return FALSE;
+       }
+       DBG1(DBG_TNC, "IMV %u \"%s\" loaded", imv->get_id(imv), name);
+       return TRUE;
+}
+
+METHOD(imv_manager_t, is_registered, bool,
+       private_tnc_imv_manager_t *this, TNC_IMVID id)
+{
+       enumerator_t *enumerator;
+       imv_t *imv;
+       bool found = FALSE;
+
+       this->lock->read_lock(this->lock);
+       enumerator = this->imvs->create_enumerator(this->imvs);
+       while (enumerator->enumerate(enumerator, &imv))
+       {
+               if (imv->has_id(imv, id))
+               {
+                       found = TRUE;
+                       break;
+               }
+       }
+       enumerator->destroy(enumerator);
+       this->lock->unlock(this->lock);
+
+       return found;
+}
+
+METHOD(imv_manager_t, reserve_id, bool,
+       private_tnc_imv_manager_t *this, TNC_IMVID id, TNC_UInt32 *new_id)
+{
+       enumerator_t *enumerator;
+       imv_t *imv;
+       bool found = FALSE;
+
+       this->lock->read_lock(this->lock);
+       enumerator = this->imvs->create_enumerator(this->imvs);
+       while (enumerator->enumerate(enumerator, &imv))
+       {
+               if (id == imv->get_id(imv))
+               {
+                       found = TRUE;
+                       this->id_mutex->lock(this->id_mutex);
+                       *new_id = this->next_imv_id++;
+                       this->id_mutex->unlock(this->id_mutex);
+                       imv->add_id(imv, *new_id);
+                       DBG2(DBG_TNC, "additional ID %u reserved for IMV with primary ID %u",
+                                                 *new_id, id);
+                       break;
+               }
+       }
+       enumerator->destroy(enumerator);
+       this->lock->unlock(this->lock);
+
+       return found;
+}
+
+METHOD(imv_manager_t, get_recommendation_policy, recommendation_policy_t,
+       private_tnc_imv_manager_t *this)
+{
+       return this->policy;
+}
+
+METHOD(imv_manager_t, create_recommendations, recommendations_t*,
+       private_tnc_imv_manager_t *this)
+{
+       return tnc_imv_recommendations_create(this->imvs);
+}
+
+
+METHOD(imv_manager_t, notify_connection_change, void,
+       private_tnc_imv_manager_t *this, TNC_ConnectionID id,
+                                                                        TNC_ConnectionState state)
+{
+       enumerator_t *enumerator;
+       imv_t *imv;
+
+       this->lock->read_lock(this->lock);
+       enumerator = this->imvs->create_enumerator(this->imvs);
+       while (enumerator->enumerate(enumerator, &imv))
+       {
+               if (imv->notify_connection_change)
+               {
+                       imv->notify_connection_change(imv->get_id(imv), id, state);
+               }
+       }
+       enumerator->destroy(enumerator);
+       this->lock->unlock(this->lock);
+}
+
+METHOD(imv_manager_t, set_message_types, TNC_Result,
+       private_tnc_imv_manager_t *this, TNC_IMVID id,
+                                                                        TNC_MessageTypeList supported_types,
+                                                                        TNC_UInt32 type_count)
+{
+       enumerator_t *enumerator;
+       imv_t *imv;
+       TNC_Result result = TNC_RESULT_FATAL;
+
+       this->lock->read_lock(this->lock);
+       enumerator = this->imvs->create_enumerator(this->imvs);
+       while (enumerator->enumerate(enumerator, &imv))
+       {
+               if (id == imv->get_id(imv))
+               {
+                       imv->set_message_types(imv, supported_types, type_count);
+                       result = TNC_RESULT_SUCCESS;
+                       break;
+               }
+       }
+       enumerator->destroy(enumerator);
+       this->lock->unlock(this->lock);
+       return result;
+}
+
+METHOD(imv_manager_t, set_message_types_long, TNC_Result,
+       private_tnc_imv_manager_t *this, TNC_IMVID id,
+                                                                        TNC_VendorIDList supported_vids,
+                                                                        TNC_MessageSubtypeList supported_subtypes,
+                                                                        TNC_UInt32 type_count)
+{
+       enumerator_t *enumerator;
+       imv_t *imv;
+       TNC_Result result = TNC_RESULT_FATAL;
+
+       this->lock->read_lock(this->lock);
+       enumerator = this->imvs->create_enumerator(this->imvs);
+       while (enumerator->enumerate(enumerator, &imv))
+       {
+               if (id == imv->get_id(imv))
+               {
+                       imv->set_message_types_long(imv, supported_vids, supported_subtypes,
+                                                                               type_count);
+                       result = TNC_RESULT_SUCCESS;
+                       break;
+               }
+       }
+       enumerator->destroy(enumerator);
+       this->lock->unlock(this->lock);
+       return result;
+}
+
+METHOD(imv_manager_t, solicit_recommendation, void,
+       private_tnc_imv_manager_t *this, TNC_ConnectionID id)
+{
+       enumerator_t *enumerator;
+       imv_t *imv;
+
+       this->lock->read_lock(this->lock);
+       enumerator = this->imvs->create_enumerator(this->imvs);
+       while (enumerator->enumerate(enumerator, &imv))
+       {
+               imv->solicit_recommendation(imv->get_id(imv), id);
+       }
+       enumerator->destroy(enumerator);
+       this->lock->unlock(this->lock);
+}
+
+METHOD(imv_manager_t, receive_message, void,
+       private_tnc_imv_manager_t *this, TNC_ConnectionID connection_id,
+                                                                        bool excl,
+                                                                        TNC_BufferReference msg,
+                                                                        TNC_UInt32 msg_len,
+                                                                        TNC_VendorID msg_vid,
+                                                                        TNC_MessageSubtype msg_subtype,
+                                                                        TNC_UInt32 src_imc_id,
+                                                                        TNC_UInt32 dst_imv_id)
+{
+       bool type_supported = FALSE;
+       TNC_MessageType msg_type;
+       TNC_UInt32 msg_flags;
+       enumerator_t *enumerator;
+       imv_t *imv;
+
+       msg_type = (msg_vid << 8) | msg_subtype;
+
+       this->lock->read_lock(this->lock);
+       enumerator = this->imvs->create_enumerator(this->imvs);
+       while (enumerator->enumerate(enumerator, &imv))
+       {
+               if (imv->type_supported(imv, msg_vid, msg_subtype) &&
+                       (!excl || (excl && imv->has_id(imv, dst_imv_id))))
+               {
+                       if (imv->receive_message_long && src_imc_id)
+                       {
+                               type_supported = TRUE;
+                               msg_flags = excl ? TNC_MESSAGE_FLAGS_EXCLUSIVE : 0;
+                               imv->receive_message_long(imv->get_id(imv), connection_id,
+                                                               msg_flags, msg, msg_len, msg_vid, msg_subtype,
+                                                               src_imc_id, dst_imv_id);
+
+                       }
+                       else if (imv->receive_message && msg_vid <= TNC_VENDORID_ANY &&
+                                        msg_subtype <= TNC_SUBTYPE_ANY)
+                       {
+                               type_supported = TRUE;
+                               msg_type = (msg_vid << 8) | msg_subtype;
+                               imv->receive_message(imv->get_id(imv), connection_id,
+                                                                        msg, msg_len, msg_type);
+                       }
+               }
+       }
+       enumerator->destroy(enumerator);
+       this->lock->unlock(this->lock);
+
+       if (!type_supported)
+       {
+               DBG2(DBG_TNC, "message type 0x%06x/0x%08x not supported by any IMV",
+                        msg_vid, msg_subtype);
+       }
+}
+
+METHOD(imv_manager_t, batch_ending, void,
+       private_tnc_imv_manager_t *this, TNC_ConnectionID id)
+{
+       enumerator_t *enumerator;
+       imv_t *imv;
+
+       this->lock->read_lock(this->lock);
+       enumerator = this->imvs->create_enumerator(this->imvs);
+       while (enumerator->enumerate(enumerator, &imv))
+       {
+               if (imv->batch_ending)
+               {
+                       imv->batch_ending(imv->get_id(imv), id);
+               }
+       }
+       enumerator->destroy(enumerator);
+       this->lock->unlock(this->lock);
+}
+
+METHOD(imv_manager_t, destroy, void,
+       private_tnc_imv_manager_t *this)
+{
+       imv_t *imv;
+
+       while (this->imvs->remove_last(this->imvs, (void**)&imv) == SUCCESS)
+       {
+               if (imv->terminate &&
+                       imv->terminate(imv->get_id(imv)) != TNC_RESULT_SUCCESS)
+               {
+                       DBG1(DBG_TNC, "IMV \"%s\" not terminated successfully",
+                                                  imv->get_name(imv));
+               }
+               imv->destroy(imv);
+       }
+       this->imvs->destroy(this->imvs);
+       this->lock->destroy(this->lock);
+       this->id_mutex->destroy(this->id_mutex);
+       free(this);
+}
+
+/**
+ * Described in header.
+ */
+imv_manager_t* tnc_imv_manager_create(void)
+{
+       private_tnc_imv_manager_t *this;
+       recommendation_policy_t policy;
+
+       INIT(this,
+               .public = {
+                       .add = _add,
+                       .remove = _remove_, /* avoid name conflict with stdio.h */
+                       .load = _load,
+                       .load_from_functions = _load_from_functions,
+                       .is_registered = _is_registered,
+                       .reserve_id = _reserve_id,
+                       .get_recommendation_policy = _get_recommendation_policy,
+                       .create_recommendations = _create_recommendations,
+                       .notify_connection_change = _notify_connection_change,
+                       .set_message_types = _set_message_types,
+                       .set_message_types_long = _set_message_types_long,
+                       .solicit_recommendation = _solicit_recommendation,
+                       .receive_message = _receive_message,
+                       .batch_ending = _batch_ending,
+                       .destroy = _destroy,
+               },
+               .imvs = linked_list_create(),
+               .lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
+               .id_mutex = mutex_create(MUTEX_TYPE_DEFAULT),
+               .next_imv_id = 1,
+       );
+
+       policy = enum_from_name(recommendation_policy_names,
+                               lib->settings->get_str(lib->settings,
+                                       "libtnccs.plugins.tnc-imv.recommendation_policy", "default"));
+       this->policy = (policy != -1) ? policy : RECOMMENDATION_POLICY_DEFAULT;
+       DBG1(DBG_TNC, "TNC recommendation policy is '%N'",
+                                  recommendation_policy_names, this->policy);
+
+       return &this->public;
+}
diff --git a/src/libtnccs/plugins/tnc_imv/tnc_imv_manager.h b/src/libtnccs/plugins/tnc_imv/tnc_imv_manager.h
new file mode 100644 (file)
index 0000000..2fe9e7a
--- /dev/null
@@ -0,0 +1,32 @@
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ *
+ * @defgroup tnc_imv_manager tnc_imv_manager
+ * @{ @ingroup tnc_imv
+ */
+
+#ifndef TNC_IMV_MANAGER_H_
+#define TNC_IMV_MANAGER_H_
+
+#include <tnc/imv/imv_manager.h>
+
+/**
+ * Create an IMV manager instance.
+ */
+imv_manager_t *tnc_imv_manager_create();
+
+#endif /** TNC_IMV_MANAGER_H_ @}*/
diff --git a/src/libtnccs/plugins/tnc_imv/tnc_imv_plugin.c b/src/libtnccs/plugins/tnc_imv/tnc_imv_plugin.c
new file mode 100644 (file)
index 0000000..d06c2fc
--- /dev/null
@@ -0,0 +1,83 @@
+/*
+ * Copyright (C) 2010-2011 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "tnc_imv_plugin.h"
+#include "tnc_imv_manager.h"
+
+#include <tnc/tnc.h>
+
+
+typedef struct private_tnc_imv_plugin_t private_tnc_imv_plugin_t;
+
+/**
+ * Private data of a tnc_imv_plugin_t object.
+ */
+struct private_tnc_imv_plugin_t {
+
+       /**
+        * Public interface.
+        */
+       tnc_imv_plugin_t public;
+
+};
+
+
+METHOD(plugin_t, get_name, char*,
+       tnc_imv_plugin_t *this)
+{
+       return "tnc-imv";
+}
+
+METHOD(plugin_t, get_features, int,
+       private_tnc_imv_plugin_t *this, plugin_feature_t *features[])
+{
+       static plugin_feature_t f[] = {
+               PLUGIN_CALLBACK(tnc_manager_register, tnc_imv_manager_create),
+                       PLUGIN_PROVIDE(CUSTOM, "imv-manager"),
+                               PLUGIN_DEPENDS(CUSTOM, "tnccs-manager"),
+                               PLUGIN_SDEPEND(CERT_DECODE, CERT_X509),
+                               PLUGIN_SDEPEND(CERT_DECODE, CERT_TRUSTED_PUBKEY),
+                               PLUGIN_SDEPEND(DATABASE, DB_ANY),
+       };
+       *features = f;
+       return countof(f);
+}
+
+METHOD(plugin_t, destroy, void,
+       private_tnc_imv_plugin_t *this)
+{
+       free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *tnc_imv_plugin_create()
+{
+       private_tnc_imv_plugin_t *this;
+
+       INIT(this,
+               .public = {
+                       .plugin = {
+                               .get_name = _get_name,
+                               .get_features = _get_features,
+                               .destroy = _destroy,
+                       },
+               },
+       );
+
+       return &this->public.plugin;
+}
+
diff --git a/src/libtnccs/plugins/tnc_imv/tnc_imv_plugin.h b/src/libtnccs/plugins/tnc_imv/tnc_imv_plugin.h
new file mode 100644 (file)
index 0000000..afeee2e
--- /dev/null
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tnc_imv tnc_imv
+ * @ingroup cplugins
+ *
+ * @defgroup tnc_imv_plugin tnc_imv_plugin
+ * @{ @ingroup tnc_imv
+ */
+
+#ifndef TNC_IMV_PLUGIN_H_
+#define TNC_IMV_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct tnc_imv_plugin_t tnc_imv_plugin_t;
+
+/**
+ * TNC IMV plugin
+ */
+struct tnc_imv_plugin_t {
+
+       /**
+        * implements plugin interface
+        */
+       plugin_t plugin;
+};
+
+#endif /** TNC_IMV_PLUGIN_H_ @}*/
diff --git a/src/libtnccs/plugins/tnc_imv/tnc_imv_recommendations.c b/src/libtnccs/plugins/tnc_imv/tnc_imv_recommendations.c
new file mode 100644 (file)
index 0000000..a9dbb2b
--- /dev/null
@@ -0,0 +1,406 @@
+/*
+ * Copyright (C) 2010-2012 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include <tncifimv.h>
+#include <tncif_names.h>
+#include <tncif_policy.h>
+
+#include <tnc/tnc.h>
+#include <tnc/imv/imv.h>
+#include <tnc/imv/imv_manager.h>
+#include <tnc/imv/imv_recommendations.h>
+
+#include <utils/debug.h>
+#include <collections/linked_list.h>
+
+typedef struct private_tnc_imv_recommendations_t private_tnc_imv_recommendations_t;
+typedef struct recommendation_entry_t recommendation_entry_t;
+
+/**
+ * Recommendation entry
+ */
+struct recommendation_entry_t {
+
+       /**
+        * IMV ID
+        */
+       TNC_IMVID id;
+
+       /**
+        * Received a recommendation message from this IMV?
+        */
+       bool have_recommendation;
+
+       /**
+        * Action Recommendation provided by IMV instance
+        */
+       TNC_IMV_Action_Recommendation rec;
+
+       /**
+        * Evaluation Result provided by IMV instance
+        */
+       TNC_IMV_Evaluation_Result eval;
+
+       /**
+        * Reason string provided by IMV instance
+        */
+       chunk_t reason;
+
+       /**
+        * Reason language provided by IMV instance
+        */
+       chunk_t reason_language;
+};
+
+/**
+ * Private data of a recommendations_t object.
+ */
+struct private_tnc_imv_recommendations_t {
+
+       /**
+        * Public members of recommendations_t.
+        */
+       recommendations_t public;
+
+       /**
+        * list of recommendations and evaluations provided by IMVs
+        */
+       linked_list_t *recs;
+
+       /**
+        * Preferred language for remediation messages
+        */
+       chunk_t preferred_language;
+};
+
+METHOD(recommendations_t, provide_recommendation, TNC_Result,
+       private_tnc_imv_recommendations_t* this, TNC_IMVID id,
+                                                                                        TNC_IMV_Action_Recommendation rec,
+                                                                                        TNC_IMV_Evaluation_Result eval)
+{
+       enumerator_t *enumerator;
+       recommendation_entry_t *entry;
+       bool found = FALSE;
+
+       DBG2(DBG_TNC, "IMV %u provides recommendation '%N' and evaluation '%N'", id,
+                TNC_IMV_Action_Recommendation_names, rec,
+                TNC_IMV_Evaluation_Result_names, eval);
+
+       enumerator = this->recs->create_enumerator(this->recs);
+       while (enumerator->enumerate(enumerator, &entry))
+       {
+               if (entry->id == id)
+               {
+                       found = TRUE;
+                       entry->have_recommendation = TRUE;
+                       entry->rec = rec;
+                       entry->eval = eval;
+                       break;
+               }
+       }
+       enumerator->destroy(enumerator);
+       return found ? TNC_RESULT_SUCCESS : TNC_RESULT_FATAL;
+}
+
+METHOD(recommendations_t, have_recommendation, bool,
+       private_tnc_imv_recommendations_t *this, TNC_IMV_Action_Recommendation *rec,
+                                                                                        TNC_IMV_Evaluation_Result *eval)
+{
+       enumerator_t *enumerator;
+       recommendation_entry_t *entry;
+       recommendation_policy_t policy;
+       TNC_IMV_Action_Recommendation final_rec;
+       TNC_IMV_Evaluation_Result final_eval;
+       bool first = TRUE, incomplete = FALSE;
+
+       final_rec  = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION;
+       final_eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
+       if (rec && eval)
+       {
+               *rec  = final_rec;
+               *eval = final_eval;
+       }
+
+       if (this->recs->get_count(this->recs) == 0)
+       {
+               DBG1(DBG_TNC, "there are no IMVs to make a recommendation");
+               return TRUE;
+       }
+       policy = tnc->imvs->get_recommendation_policy(tnc->imvs);
+
+       enumerator = this->recs->create_enumerator(this->recs);
+       while (enumerator->enumerate(enumerator, &entry))
+       {
+               if (!entry->have_recommendation)
+               {
+                       incomplete = TRUE;
+                       break;
+               }
+               if (first)
+               {
+                       final_rec = entry->rec;
+                       final_eval = entry->eval;
+                       first = FALSE;
+                       continue;
+               }
+               switch (policy)
+               {
+                       case RECOMMENDATION_POLICY_DEFAULT:
+                               final_rec = tncif_policy_update_recommendation(final_rec,
+                                                                                                                          entry->rec);
+                               final_eval = tncif_policy_update_evaluation(final_eval,
+                                                                                                                       entry->eval);
+                               break;
+
+                       case RECOMMENDATION_POLICY_ALL:
+                               if (entry->rec != final_rec)
+                               {
+                                       final_rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION;
+                               }
+                               if (entry->eval != final_eval)
+                               {
+                                       final_eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
+                               }
+                               break;
+
+                       case RECOMMENDATION_POLICY_ANY:
+                               switch (entry->rec)
+                               {
+                                       case TNC_IMV_ACTION_RECOMMENDATION_ALLOW:
+                                               final_rec = entry->rec;
+                                               break;
+                                       case TNC_IMV_ACTION_RECOMMENDATION_ISOLATE:
+                                               if (final_rec != TNC_IMV_ACTION_RECOMMENDATION_ALLOW)
+                                               {
+                                                       final_rec = entry->rec;
+                                               };
+                                               break;
+                                       case TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS:
+                                               if (final_rec == TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION)
+                                               {
+                                                       final_rec = entry->rec;
+                                               };
+                                               break;
+                                       case TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION:
+                                               break;
+                               }
+                               switch (entry->eval)
+                               {
+                                       case TNC_IMV_EVALUATION_RESULT_COMPLIANT:
+                                               final_eval = entry->eval;
+                                               break;
+                                       case TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR:
+                                               if (final_eval != TNC_IMV_EVALUATION_RESULT_COMPLIANT)
+                                               {
+                                                       final_eval = entry->eval;
+                                               }
+                                               break;
+                                       case TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MAJOR:
+                                               if (final_eval != TNC_IMV_EVALUATION_RESULT_COMPLIANT &&
+                                                       final_eval != TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR)
+                                               {
+                                                       final_eval = entry->eval;
+                                               }
+                                               break;
+                                       case TNC_IMV_EVALUATION_RESULT_ERROR:
+                                               if (final_eval == TNC_IMV_EVALUATION_RESULT_DONT_KNOW)
+                                               {
+                                                       final_eval = entry->eval;
+                                               }
+                                               break;
+                                       case TNC_IMV_EVALUATION_RESULT_DONT_KNOW:
+                                               break;
+                               }
+               }
+       }
+       enumerator->destroy(enumerator);
+
+       if (incomplete)
+       {
+               return FALSE;
+       }
+       if (rec && eval)
+       {
+               *rec  = final_rec;
+               *eval = final_eval;
+       }
+       return TRUE;
+}
+
+METHOD(recommendations_t, clear_recommendation, void,
+       private_tnc_imv_recommendations_t *this)
+{
+       enumerator_t *enumerator;
+       recommendation_entry_t *entry;
+
+       enumerator = this->recs->create_enumerator(this->recs);
+       while (enumerator->enumerate(enumerator, &entry))
+       {
+               entry->have_recommendation = FALSE;
+               entry->rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION;
+               entry->eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
+               chunk_clear(&entry->reason);
+               chunk_clear(&entry->reason_language);
+       }
+       enumerator->destroy(enumerator);
+}
+
+METHOD(recommendations_t, get_preferred_language, chunk_t,
+       private_tnc_imv_recommendations_t *this)
+{
+       return this->preferred_language;
+}
+
+METHOD(recommendations_t, set_preferred_language, void,
+       private_tnc_imv_recommendations_t *this, chunk_t pref_lang)
+{
+       free(this->preferred_language.ptr);
+       this->preferred_language = chunk_clone(pref_lang);
+}
+
+METHOD(recommendations_t, set_reason_string, TNC_Result,
+       private_tnc_imv_recommendations_t *this, TNC_IMVID id, chunk_t reason)
+{
+       enumerator_t *enumerator;
+       recommendation_entry_t *entry;
+       bool found = FALSE;
+
+       DBG2(DBG_TNC, "IMV %u is setting reason string to '%.*s'",
+                id, (int)reason.len, reason.ptr);
+
+       enumerator = this->recs->create_enumerator(this->recs);
+       while (enumerator->enumerate(enumerator, &entry))
+       {
+               if (entry->id == id)
+               {
+                       found = TRUE;
+                       free(entry->reason.ptr);
+                       entry->reason = chunk_clone(reason);
+                       break;
+               }
+       }
+       enumerator->destroy(enumerator);
+       return found ? TNC_RESULT_SUCCESS : TNC_RESULT_INVALID_PARAMETER;
+}
+
+METHOD(recommendations_t, set_reason_language, TNC_Result,
+       private_tnc_imv_recommendations_t *this, TNC_IMVID id, chunk_t reason_lang)
+{
+       enumerator_t *enumerator;
+       recommendation_entry_t *entry;
+       bool found = FALSE;
+
+       DBG2(DBG_TNC, "IMV %u is setting reason language to '%.*s'",
+                id, (int)reason_lang.len, reason_lang.ptr);
+
+       enumerator = this->recs->create_enumerator(this->recs);
+       while (enumerator->enumerate(enumerator, &entry))
+       {
+               if (entry->id == id)
+               {
+                       found = TRUE;
+                       free(entry->reason_language.ptr);
+                       entry->reason_language = chunk_clone(reason_lang);
+                       break;
+               }
+       }
+       enumerator->destroy(enumerator);
+       return found ? TNC_RESULT_SUCCESS : TNC_RESULT_INVALID_PARAMETER;
+}
+
+/**
+ * Enumerate reason and reason_language, not recommendation entries
+ */
+static bool reason_filter(void *null, recommendation_entry_t **entry,
+                                                TNC_IMVID *id, void *i2, chunk_t *reason, void *i3,
+                                                chunk_t *reason_language)
+{
+       if ((*entry)->reason.len)
+       {
+               *id = (*entry)->id;
+               *reason = (*entry)->reason;
+               *reason_language = (*entry)->reason_language;
+               return TRUE;
+       }
+       else
+       {
+               return FALSE;
+       }
+}
+
+METHOD(recommendations_t, create_reason_enumerator, enumerator_t*,
+       private_tnc_imv_recommendations_t *this)
+{
+       return enumerator_create_filter(this->recs->create_enumerator(this->recs),
+                                       (void*)reason_filter, NULL, NULL);
+}
+
+METHOD(recommendations_t, destroy, void,
+       private_tnc_imv_recommendations_t *this)
+{
+       recommendation_entry_t *entry;
+
+       while (this->recs->remove_last(this->recs, (void**)&entry) == SUCCESS)
+       {
+               free(entry->reason.ptr);
+               free(entry->reason_language.ptr);
+               free(entry);
+       }
+       this->recs->destroy(this->recs);
+       free(this->preferred_language.ptr);
+       free(this);
+}
+
+/**
+ * Described in header.
+ */
+recommendations_t* tnc_imv_recommendations_create(linked_list_t *imv_list)
+{
+       private_tnc_imv_recommendations_t *this;
+       recommendation_entry_t *entry;
+       enumerator_t *enumerator;
+       imv_t *imv;
+
+       INIT(this,
+               .public = {
+                       .provide_recommendation = _provide_recommendation,
+                       .have_recommendation = _have_recommendation,
+                       .clear_recommendation = _clear_recommendation,
+                       .get_preferred_language = _get_preferred_language,
+                       .set_preferred_language = _set_preferred_language,
+                       .set_reason_string = _set_reason_string,
+                       .set_reason_language = _set_reason_language,
+                       .create_reason_enumerator = _create_reason_enumerator,
+                       .destroy = _destroy,
+               },
+               .recs = linked_list_create(),
+       );
+
+       enumerator = imv_list->create_enumerator(imv_list);
+       while (enumerator->enumerate(enumerator, &imv))
+       {
+               entry = malloc_thing(recommendation_entry_t);
+               entry->id = imv->get_id(imv);
+               entry->have_recommendation = FALSE;
+               entry->rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION;
+               entry->eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
+               entry->reason = chunk_empty;
+               entry->reason_language = chunk_empty;
+               this->recs->insert_last(this->recs, entry);
+       }
+       enumerator->destroy(enumerator);
+
+       return &this->public;
+}
diff --git a/src/libtnccs/plugins/tnc_imv/tnc_imv_recommendations.h b/src/libtnccs/plugins/tnc_imv/tnc_imv_recommendations.h
new file mode 100644 (file)
index 0000000..66d03b2
--- /dev/null
@@ -0,0 +1,33 @@
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ *
+ * @defgroup tnc_imv_manager tnc_imv_manager
+ * @{ @ingroup tnc_imv
+ */
+
+#ifndef TNC_IMV_RECOMMENDATIONS_H_
+#define TNC_IMV_RECOMMENDATIONS_H_
+
+#include <tnc/imv/imv_recommendations.h>
+#include <collections/linked_list.h>
+
+/**
+ * Create an IMV empty recommendations instance
+ */
+recommendations_t *tnc_imv_recommendations_create();
+
+#endif /** TNC_IMV_RECOMMENDATIONS_H_ @}*/
index 60f6bc3..b8683f7 100644 (file)
@@ -169,8 +169,8 @@ METHOD(tnccs_manager_t, remove_method, void,
 
 METHOD(tnccs_manager_t, create_instance, tnccs_t*,
        private_tnc_tnccs_manager_t *this, tnccs_type_t type, bool is_server,
-       identification_t *server, identification_t *peer,
-       tnc_ift_type_t transport)
+       identification_t *server, identification_t *peer, tnc_ift_type_t transport,
+       tnccs_cb_t cb)
 {
        enumerator_t *enumerator;
        tnccs_entry_t *entry;
@@ -182,7 +182,7 @@ METHOD(tnccs_manager_t, create_instance, tnccs_t*,
        {
                if (type == entry->type)
                {
-                       protocol = entry->constructor(is_server, server, peer, transport);
+                       protocol = entry->constructor(is_server, server, peer, transport, cb);
                        if (protocol)
                        {
                                break;
index b19a048..7155861 100644 (file)
@@ -121,6 +121,11 @@ struct private_tnccs_11_t {
         */
        recommendations_t *recs;
 
+       /**
+        * Callback function to communicate recommendation (TNC Server only)
+        */
+       tnccs_cb_t callback;
+
 };
 
 METHOD(tnccs_t, send_msg, TNC_Result,
@@ -540,7 +545,7 @@ METHOD(tls_t, is_complete, bool,
 
        if (this->recs && this->recs->have_recommendation(this->recs, &rec, &eval))
        {
-               return tnc->imvs->enforce_recommendation(tnc->imvs, rec, eval);
+               return this->callback ? this->callback(rec, eval) : TRUE;
        }
        else
        {
@@ -594,9 +599,8 @@ METHOD(tnccs_t, set_auth_type, void,
  * See header
  */
 tnccs_t* tnccs_11_create(bool is_server,
-                                                identification_t *server,
-                                                identification_t *peer,
-                                                tnc_ift_type_t transport)
+                                                identification_t *server, identification_t *peer,
+                                                tnc_ift_type_t transport, tnccs_cb_t cb)
 {
        private_tnccs_11_t *this;
 
@@ -622,6 +626,7 @@ tnccs_t* tnccs_11_create(bool is_server,
                .server = server->clone(server),
                .peer = peer->clone(peer),
                .transport = transport,
+               .callback = cb,
                .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
                .max_msg_len = lib->settings->get_int(lib->settings,
                                                        "libtnccs.plugins.tnccs-11.max_message_size", 45000),
index 531ebb6..e805df8 100644 (file)
  * @param server               Server identity
  * @param peer                 Client identity
  * @param transport            Underlying IF-T transport protocol
+ * @param cb                   Callback function if TNC Server, NULL if TNC Client
  * @return                             TNC_IF_TNCCS 1.1 protocol stack
  */
 tnccs_t* tnccs_11_create(bool is_server,
-                                                identification_t *server,
-                                                identification_t *peer,
-                                                tnc_ift_type_t transport);
+                                                identification_t *server, identification_t *peer,
+                                                tnc_ift_type_t transport, tnccs_cb_t cb);
 
 #endif /** TNCCS_11_H_ @}*/
index 09900ad..e5117e8 100644 (file)
@@ -131,6 +131,16 @@ struct private_tnccs_20_t {
         */
        recommendations_t *recs;
 
+       /**
+        * Callback function to communicate recommendation (TNC Server only)
+        */
+       tnccs_cb_t callback;
+
+       /**
+        * Data to pass to callback function (TNC Server only)
+        */
+       void *cb_data;
+
 };
 
 /**
@@ -844,7 +854,7 @@ METHOD(tls_t, is_complete, bool,
 
        if (this->recs && this->recs->have_recommendation(this->recs, &rec, &eval))
        {
-               return tnc->imvs->enforce_recommendation(tnc->imvs, rec, eval);
+               return this->callback ? this->callback(rec, eval) : TRUE;
        }
        else
        {
@@ -900,9 +910,8 @@ METHOD(tnccs_t, set_auth_type, void,
  * See header
  */
 tnccs_t* tnccs_20_create(bool is_server,
-                                                identification_t *server,
-                                                identification_t *peer,
-                                                tnc_ift_type_t transport)
+                                                identification_t *server, identification_t *peer,
+                                                tnc_ift_type_t transport, tnccs_cb_t cb)
 {
        private_tnccs_20_t *this;
 
@@ -928,6 +937,7 @@ tnccs_t* tnccs_20_create(bool is_server,
                .server = server->clone(server),
                .peer = peer->clone(peer),
                .transport = transport,
+               .callback = cb,
                .state_machine = pb_tnc_state_machine_create(is_server),
                .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
                .messages = linked_list_create(),
index 3149350..2857b14 100644 (file)
  * @param server               Server identity
  * @param peer                 Client identity
  * @param transport            Underlying IF-T transport protocol
+ * @param cb                   Callback function if TNC Server, NULL if TNC Client
  * @return                             TNC_IF_TNCCS 2.0 protocol stack
  */
 tnccs_t* tnccs_20_create(bool is_server,
-                                                identification_t *server,
-                                                identification_t *peer,
-                                                tnc_ift_type_t transport);
+                                                identification_t *server, identification_t *peer,
+                                                tnc_ift_type_t transport, tnccs_cb_t cb);
 
 #endif /** TNCCS_20_H_ @}*/
index d4fc6a6..bc31126 100644 (file)
@@ -56,6 +56,11 @@ struct private_tnccs_dynamic_t {
         */
        u_int32_t auth_type;
 
+       /**
+        * Callback function to communicate recommendation (TNC Server only)
+        */
+       tnccs_cb_t callback;
+
 };
 
 /**
@@ -99,7 +104,8 @@ METHOD(tls_t, process, status_t,
                DBG1(DBG_TNC, "%N protocol detected dynamically",
                                           tnccs_type_names, type);
                tnccs = tnc->tnccs->create_instance(tnc->tnccs, type, TRUE,
-                                                       this->server, this->peer, this->transport);
+                                                       this->server, this->peer, this->transport,
+                                                       this->callback);
                if (!tnccs)
                {
                        DBG1(DBG_TNC, "N% protocol not supported", tnccs_type_names, type);
@@ -190,9 +196,8 @@ METHOD(tnccs_t, set_auth_type, void,
  * See header
  */
 tnccs_t* tnccs_dynamic_create(bool is_server,
-                                                         identification_t *server,
-                                                         identification_t *peer,
-                                                         tnc_ift_type_t transport)
+                                                         identification_t *server, identification_t *peer,
+                                                         tnc_ift_type_t transport, tnccs_cb_t cb)
 {
        private_tnccs_dynamic_t *this;
 
@@ -217,6 +222,7 @@ tnccs_t* tnccs_dynamic_create(bool is_server,
                .server = server->clone(server),
                .peer = peer->clone(peer),
                .transport = transport,
+               .callback = cb,
        );
 
        return &this->public;
index e4cff74..cbdc80b 100644 (file)
  * @param server               Server identity
  * @param peer                 Client identity
  * @param transport            Underlying IF-T transport protocol
+ * @param cb                   Callback function if TNC Server, NULL if TNC Client
  * @return                             dynamic TNC IF-TNCCS protocol stack
  */
 tnccs_t* tnccs_dynamic_create(bool is_server,
-                                                         identification_t *server,
-                                                         identification_t *peer,
-                                                         tnc_ift_type_t transport);
+                                                         identification_t *server, identification_t *peer,
+                                                         tnc_ift_type_t transport, tnccs_cb_t cb);
 
 #endif /** TNCCS_DYNAMIC_H_ @}*/
index 7772b7e..b72eb8b 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2010 Andreas Steffen
+ * Copyright (C) 2010-2013 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -114,18 +114,6 @@ struct imv_manager_t {
        recommendations_t* (*create_recommendations)(imv_manager_t *this);
 
        /**
-        * Enforce the TNC recommendation on the IKE_SA by either inserting an
-        * allow|isolate group membership rule (TRUE) or by blocking access (FALSE)
-        *
-        * @param rec                           TNC action recommendation
-        * @param eval                          TNC evaluation result
-        * @return                                      TRUE for allow|isolate, FALSE for none
-        */
-       bool (*enforce_recommendation)(imv_manager_t *this,
-                                                                  TNC_IMV_Action_Recommendation rec,
-                                                                  TNC_IMV_Evaluation_Result eval);
-
-       /**
         * Notify all IMV instances
         *
         * @param state                 communicate the state a connection has reached
index fd3e5ca..b1ac090 100644 (file)
@@ -38,6 +38,17 @@ typedef enum tnc_ift_type_t tnc_ift_type_t;
 #include <tls.h>
 
 /**
+ * Callback function to communicate action recommendation and evaluation result
+ * generated by TNC server
+ *
+ * @param rec          TNC Action Recommendation
+ * @param eval         TNC Evaluation Result
+ * @return                     TRUE to terminate TNCCS connection, FALSE to keep it
+ */
+typedef bool (*tnccs_cb_t)(TNC_IMV_Action_Recommendation rec,
+                                                  TNC_IMV_Evaluation_Result eval);
+
+/**
  * Type of TNC Client/Server protocol
  */
 enum tnccs_type_t {
@@ -112,12 +123,14 @@ struct tnccs_t {
  * @param server               Server identity
  * @param peer                 Client identity
  * @param transport            Underlying TNC IF-T transport protocol used
+ * @param cb                   Callback function if TNC Server, NULL if TNC Client
  * @return                             implementation of the tnccs_t interface
  */
 typedef tnccs_t *(*tnccs_constructor_t)(bool is_server,
                                                                                identification_t *server,
                                                                                identification_t *peer,
-                                                                               tnc_ift_type_t transport);
+                                                                               tnc_ift_type_t transport,
+                                                                               tnccs_cb_t cb);
 
 /**
  * Callback function adding a message to a TNCCS batch
index 4ab9d7e..791336e 100644 (file)
@@ -59,12 +59,13 @@ struct tnccs_manager_t {
         * @param server          Server identity
         * @param peer            Client identity
         * @param transport       Underlying TNC IF-T transport protocol used
+        * @param cb              Callback function if TNC Server, NULL if TNC Client
         * @return                        TNCCS protocol instance, NULL if no constructor found
         */
        tnccs_t* (*create_instance)(tnccs_manager_t *this, tnccs_type_t type,
                                                                bool is_server, identification_t *server,
                                                                identification_t *peer,
-                                                               tnc_ift_type_t transport);
+                                                               tnc_ift_type_t transport, tnccs_cb_t cb);
 
        /**
         * Create a TNCCS connection and assign a unique connection ID as well a
index 2b104f8..09b42b6 100644 (file)
@@ -59,7 +59,7 @@ static int client(char *address, u_int16_t port, char *identity)
        server = identification_create_from_string(address);
        client = identification_create_from_string(identity);
        tnccs = (tls_t*)tnc->tnccs->create_instance(tnc->tnccs, TNCCS_2_0, FALSE,
-                                                                                               server, client, TNC_IFT_TLS_2_0);
+                                                               server, client, TNC_IFT_TLS_2_0, NULL);
        if (!tnccs)
        {
                fprintf(stderr, "loading TNCCS failed: %s\n", PLUGINS);