implemented IETF Factory Default Password Enabled attribute
authorAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 12 Oct 2012 20:04:51 +0000 (22:04 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 12 Oct 2012 20:04:51 +0000 (22:04 +0200)
src/libimcv/Makefile.am
src/libimcv/ietf/ietf_attr.c
src/libimcv/ietf/ietf_attr_default_pwd_enabled.c [new file with mode: 0644]
src/libimcv/ietf/ietf_attr_default_pwd_enabled.h [new file with mode: 0644]
src/libimcv/plugins/imc_os/imc_os.c
src/libimcv/plugins/imv_os/imv_os.c

index 79fc211..249d5ae 100644 (file)
@@ -13,6 +13,7 @@ libimcv_la_SOURCES = \
        ietf/ietf_attr_assess_result.h ietf/ietf_attr_assess_result.c \
        ietf/ietf_attr_attr_request.h ietf/ietf_attr_attr_request.c \
        ietf/ietf_attr_fwd_enabled.h ietf/ietf_attr_fwd_enabled.c \
+       ietf/ietf_attr_default_pwd_enabled.h ietf/ietf_attr_default_pwd_enabled.c \
        ietf/ietf_attr_installed_packages.h ietf/ietf_attr_installed_packages.c \
        ietf/ietf_attr_pa_tnc_error.h ietf/ietf_attr_pa_tnc_error.c \
        ietf/ietf_attr_port_filter.h ietf/ietf_attr_port_filter.c \
index 19eac6f..8aa05c1 100644 (file)
@@ -17,6 +17,7 @@
 #include "ietf/ietf_attr_assess_result.h"
 #include "ietf/ietf_attr_attr_request.h"
 #include "ietf/ietf_attr_fwd_enabled.h"
+#include "ietf/ietf_attr_default_pwd_enabled.h"
 #include "ietf/ietf_attr_installed_packages.h"
 #include "ietf/ietf_attr_pa_tnc_error.h"
 #include "ietf/ietf_attr_port_filter.h"
@@ -63,11 +64,12 @@ pa_tnc_attr_t* ietf_attr_create_from_data(u_int32_t type, chunk_t value)
                        return ietf_attr_assess_result_create_from_data(value);
                case IETF_ATTR_FORWARDING_ENABLED:
                        return ietf_attr_fwd_enabled_create_from_data(value);
+               case IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED:
+                       return ietf_attr_default_pwd_enabled_create_from_data(value);
                case IETF_ATTR_TESTING:
                case IETF_ATTR_NUMERIC_VERSION:
                case IETF_ATTR_OPERATIONAL_STATUS:
                case IETF_ATTR_REMEDIATION_INSTRUCTIONS:
-               case IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED:
                case IETF_ATTR_RESERVED:
                default:
                        return NULL;
diff --git a/src/libimcv/ietf/ietf_attr_default_pwd_enabled.c b/src/libimcv/ietf/ietf_attr_default_pwd_enabled.c
new file mode 100644 (file)
index 0000000..4c0d7eb
--- /dev/null
@@ -0,0 +1,220 @@
+/*
+ * Copyright (C) 2012 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "ietf_attr_default_pwd_enabled.h"
+
+#include <pa_tnc/pa_tnc_msg.h>
+#include <bio/bio_writer.h>
+#include <bio/bio_reader.h>
+#include <debug.h>
+
+typedef struct private_ietf_attr_default_pwd_enabled_t private_ietf_attr_default_pwd_enabled_t;
+
+/**
+ * PA-TNC Factory Default Password Enabled type (see section 4.2.12 of RFC 5792)
+ *
+ *                       1                   2                   3
+ *   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *  |              Factory Default Password Enabled                 |
+ *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ */
+
+#define DEFAULT_PWD_ENABLED_SIZE       4
+
+/**
+ * Private data of an ietf_attr_default_pwd_enabled_t object.
+ */
+struct private_ietf_attr_default_pwd_enabled_t {
+
+       /**
+        * Public members of ietf_attr_default_pwd_enabled_t
+        */
+       ietf_attr_default_pwd_enabled_t public;
+
+       /**
+        * Vendor-specific attribute type
+        */
+       pen_type_t type;
+
+       /**
+        * Attribute value
+        */
+       chunk_t value;
+
+       /**
+        * Noskip flag
+        */
+       bool noskip_flag;
+
+       /**
+        * Factory Default Password Enabled status
+        */
+       bool status;
+
+       /**
+        * Reference count
+        */
+       refcount_t ref;
+};
+
+METHOD(pa_tnc_attr_t, get_type, pen_type_t,
+       private_ietf_attr_default_pwd_enabled_t *this)
+{
+       return this->type;
+}
+
+METHOD(pa_tnc_attr_t, get_value, chunk_t,
+       private_ietf_attr_default_pwd_enabled_t *this)
+{
+       return this->value;
+}
+
+METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
+       private_ietf_attr_default_pwd_enabled_t *this)
+{
+       return this->noskip_flag;
+}
+
+METHOD(pa_tnc_attr_t, set_noskip_flag,void,
+       private_ietf_attr_default_pwd_enabled_t *this, bool noskip)
+{
+       this->noskip_flag = noskip;
+}
+
+METHOD(pa_tnc_attr_t, build, void,
+       private_ietf_attr_default_pwd_enabled_t *this)
+{
+       bio_writer_t *writer;
+
+       if (this->value.ptr)
+       {
+               return;
+       }
+       writer = bio_writer_create(DEFAULT_PWD_ENABLED_SIZE);
+       writer->write_uint32(writer, this->status);
+
+       this->value = chunk_clone(writer->get_buf(writer));
+       writer->destroy(writer);
+}
+
+METHOD(pa_tnc_attr_t, process, status_t,
+       private_ietf_attr_default_pwd_enabled_t *this, u_int32_t *offset)
+{
+       bio_reader_t *reader;
+       u_int32_t status;
+
+       *offset = 0;
+
+       if (this->value.len != DEFAULT_PWD_ENABLED_SIZE)
+       {
+               DBG1(DBG_TNC, "incorrect size for IETF factory default password "
+                                         "enabled attribute");
+               return FAILED;
+       }
+       reader = bio_reader_create(this->value);
+       reader->read_uint32(reader, &status);
+       reader->destroy(reader);
+
+       if (status > TRUE)
+       {
+               DBG1(DBG_TNC, "IETF factory default password enabled field "
+                                         "has unknown value %u", status);
+               return FAILED;
+       }
+       this->status = status;
+
+       return SUCCESS;
+}
+
+METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
+       private_ietf_attr_default_pwd_enabled_t *this)
+{
+       ref_get(&this->ref);
+       return &this->public.pa_tnc_attribute;
+}
+
+METHOD(pa_tnc_attr_t, destroy, void,
+       private_ietf_attr_default_pwd_enabled_t *this)
+{
+       if (ref_put(&this->ref))
+       {
+               free(this->value.ptr);
+               free(this);
+       }
+}
+
+METHOD(ietf_attr_default_pwd_enabled_t, get_status, bool,
+       private_ietf_attr_default_pwd_enabled_t *this)
+{
+       return this->status;
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *ietf_attr_default_pwd_enabled_create(bool status)
+{
+       private_ietf_attr_default_pwd_enabled_t *this;
+
+       INIT(this,
+               .public = {
+                       .pa_tnc_attribute = {
+                               .get_type = _get_type,
+                               .get_value = _get_value,
+                               .get_noskip_flag = _get_noskip_flag,
+                               .set_noskip_flag = _set_noskip_flag,
+                               .build = _build,
+                               .process = _process,
+                               .get_ref = _get_ref,
+                               .destroy = _destroy,
+                       },
+                       .get_status = _get_status,
+               },
+               .type = { PEN_IETF, IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED },
+               .status = status,
+               .ref = 1,
+       );
+
+       return &this->public.pa_tnc_attribute;
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *ietf_attr_default_pwd_enabled_create_from_data(chunk_t data)
+{
+       private_ietf_attr_default_pwd_enabled_t *this;
+
+       INIT(this,
+               .public = {
+                       .pa_tnc_attribute = {
+                               .get_type = _get_type,
+                               .get_value = _get_value,
+                               .build = _build,
+                               .process = _process,
+                               .get_ref = _get_ref,
+                               .destroy = _destroy,
+                       },
+                       .get_status = _get_status,
+               },
+               .type = { PEN_IETF, IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED },
+               .value = chunk_clone(data),
+               .ref = 1,
+       );
+
+       return &this->public.pa_tnc_attribute;
+}
+
diff --git a/src/libimcv/ietf/ietf_attr_default_pwd_enabled.h b/src/libimcv/ietf/ietf_attr_default_pwd_enabled.h
new file mode 100644 (file)
index 0000000..f6026b0
--- /dev/null
@@ -0,0 +1,63 @@
+/*
+ * Copyright (C) 2012 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ietf_attr_default_pwd_enabled ietf_attr_default_pwd_enabled
+ * @{ @ingroup ietf
+ */
+
+#ifndef IETF_ATTR_PWD_ENABLED_H_
+#define IETF_ATTR_PWD_ENABLED_H_
+
+typedef struct ietf_attr_default_pwd_enabled_t ietf_attr_default_pwd_enabled_t;
+
+#include "ietf_attr.h"
+#include "pa_tnc/pa_tnc_attr.h"
+
+/**
+ * Class implementing the IETF PA-TNC Factory Default Password Enabled attribute.
+ *
+ */
+struct ietf_attr_default_pwd_enabled_t {
+
+       /**
+        * Public PA-TNC attribute interface
+        */
+       pa_tnc_attr_t pa_tnc_attribute;
+
+       /**
+        * Gets the Factory Default Password Enabled status
+        *
+        * @return                              Factory Default Password Enabled status
+        */
+       bool (*get_status)(ietf_attr_default_pwd_enabled_t *this);
+
+};
+
+/**
+ * Creates an ietf_attr_default_pwd_enabled_t object
+ *
+ * @param status                       Factory Default Password Enabled status
+ */
+pa_tnc_attr_t* ietf_attr_default_pwd_enabled_create(bool status);
+
+/**
+ * Creates an ietf_attr_default_pwd_enabled_t object from received data
+ *
+ * @param value                                unparsed attribute value
+ */
+pa_tnc_attr_t* ietf_attr_default_pwd_enabled_create_from_data(chunk_t value);
+
+#endif /** IETF_ATTR_PWD_ENABLED_H_ @}*/
index 771605a..cbadc9c 100644 (file)
@@ -20,6 +20,7 @@
 #include <ietf/ietf_attr.h>
 #include <ietf/ietf_attr_assess_result.h>
 #include <ietf/ietf_attr_attr_request.h>
+#include <ietf/ietf_attr_default_pwd_enabled.h>
 #include <ietf/ietf_attr_fwd_enabled.h>
 #include <ietf/ietf_attr_installed_packages.h>
 #include <ietf/ietf_attr_pa_tnc_error.h>
@@ -154,6 +155,18 @@ static void add_fwd_enabled(linked_list_t *attr_list)
 }
 
 /**
+ * Add IETF Factory Default Password Enabled attribute to the send queue
+ */
+static void add_default_pwd_enabled(linked_list_t *attr_list)
+{
+       pa_tnc_attr_t *attr;
+
+       DBG1(DBG_IMC, "factory default password: disabled");
+       attr = ietf_attr_default_pwd_enabled_create(FALSE);
+       attr_list->insert_last(attr_list, attr);
+}
+
+/**
  * Add an IETF Installed Packages attribute to the send queue
  */
 static void add_installed_packages(linked_list_t *attr_list)
@@ -195,6 +208,7 @@ TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id,
                add_product_info(attr_list);
                add_string_version(attr_list);
                add_fwd_enabled(attr_list);
+               add_default_pwd_enabled(attr_list);
                result = imc_os->send_message(imc_os, connection_id, FALSE, 0,
                                                                          TNC_IMVID_ANY, attr_list);
                attr_list->destroy(attr_list);
@@ -285,6 +299,9 @@ static TNC_Result receive_message(TNC_IMCID imc_id,
                                        case IETF_ATTR_FORWARDING_ENABLED:
                                                add_fwd_enabled(attr_list);
                                                break;
+                                       case IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED:
+                                               add_default_pwd_enabled(attr_list);
+                                               break;
                                        case IETF_ATTR_INSTALLED_PACKAGES:
                                                add_installed_packages(attr_list);
                                                break;
index 3d2c00d..655d1bf 100644 (file)
@@ -19,6 +19,7 @@
 #include <pa_tnc/pa_tnc_msg.h>
 #include <ietf/ietf_attr.h>
 #include <ietf/ietf_attr_attr_request.h>
+#include <ietf/ietf_attr_default_pwd_enabled.h>
 #include <ietf/ietf_attr_fwd_enabled.h>
 #include <ietf/ietf_attr_installed_packages.h>
 #include <ietf/ietf_attr_pa_tnc_error.h>
@@ -191,6 +192,17 @@ static TNC_Result receive_message(TNC_IMVID imv_id,
                                                           os_fwd_status_names, fwd_status);
                                break;
                        }
+                       case IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED:
+                       {
+                               ietf_attr_default_pwd_enabled_t *attr_cast;
+                               bool default_pwd_status;
+
+                               attr_cast = (ietf_attr_default_pwd_enabled_t*)attr;
+                               default_pwd_status = attr_cast->get_status(attr_cast);
+                               DBG1(DBG_IMV, "factory default password: %sabled",
+                                                          default_pwd_status ? "en":"dis");
+                               break;
+                       }
                        case IETF_ATTR_INSTALLED_PACKAGES:
                        { 
                                ietf_attr_installed_packages_t *attr_cast;
@@ -353,6 +365,7 @@ TNC_Result TNC_IMV_BatchEnding(TNC_IMVID imv_id,
                attr_cast = (ietf_attr_attr_request_t*)attr;
                attr_cast->add(attr_cast, PEN_IETF, IETF_ATTR_STRING_VERSION);
                attr_cast->add(attr_cast, PEN_IETF, IETF_ATTR_FORWARDING_ENABLED);
+               attr_cast->add(attr_cast, PEN_IETF, IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED);
                attr_list->insert_last(attr_list, attr);
                result = imv_os->send_message(imv_os, connection_id, FALSE, imv_id,
                                                                          TNC_IMCID_ANY, attr_list);