Allow to treat specified Attribute-Type-Not-Supported errors as non-fatal
authorAndreas Steffen <andreas.steffen@strongswan.org>
Thu, 17 Jul 2014 13:16:38 +0000 (15:16 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 3 Oct 2014 20:25:09 +0000 (22:25 +0200)
src/libimcv/imc/imc_agent.c
src/libimcv/imc/imc_agent.h
src/libimcv/imc/imc_msg.c
src/libimcv/imc/imc_msg.h
src/libimcv/imv/imv_agent.c
src/libimcv/imv/imv_agent.h
src/libimcv/imv/imv_msg.c
src/libimcv/imv/imv_msg.h
src/libimcv/pa_tnc/pa_tnc_msg.c
src/libimcv/pa_tnc/pa_tnc_msg.h

index 5331517..0d622f1 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -59,6 +59,11 @@ struct private_imc_agent_t {
        linked_list_t *additional_ids;
 
        /**
+        * list of non-fatal unsupported PA-TNC attribute types
+        */
+       linked_list_t *non_fatal_attr_types;
+
+       /**
         * list of TNCC connection entries
         */
        linked_list_t *connections;
@@ -510,11 +515,29 @@ METHOD(imc_agent_t, create_id_enumerator, enumerator_t*,
        return this->additional_ids->create_enumerator(this->additional_ids);
 }
 
+METHOD(imc_agent_t, add_non_fatal_attr_type, void,
+       private_imc_agent_t *this, pen_type_t type)
+{
+       pen_type_t *type_p;
+
+       type_p = malloc_thing(pen_type_t);
+       *type_p = type;
+       this->non_fatal_attr_types->insert_last(this->non_fatal_attr_types, type_p);
+}
+
+METHOD(imc_agent_t, get_non_fatal_attr_types, linked_list_t*,
+       private_imc_agent_t *this)
+{
+       return this->non_fatal_attr_types;
+}
+
 METHOD(imc_agent_t, destroy, void,
        private_imc_agent_t *this)
 {
        DBG1(DBG_IMC, "IMC %u \"%s\" terminated", this->id, this->name);
        this->additional_ids->destroy(this->additional_ids);
+       this->non_fatal_attr_types->destroy_function(this->non_fatal_attr_types,
+                                                                                                free);
        this->connections->destroy_function(this->connections, free);
        this->connection_lock->destroy(this->connection_lock);
        free(this);
@@ -550,6 +573,8 @@ imc_agent_t *imc_agent_create(const char *name,
                        .reserve_additional_ids = _reserve_additional_ids,
                        .count_additional_ids = _count_additional_ids,
                        .create_id_enumerator = _create_id_enumerator,
+                       .add_non_fatal_attr_type = _add_non_fatal_attr_type,
+                       .get_non_fatal_attr_types = _get_non_fatal_attr_types,
                        .destroy = _destroy,
                },
                .name = name,
@@ -557,6 +582,7 @@ imc_agent_t *imc_agent_create(const char *name,
                .type_count = type_count,
                .id = id,
                .additional_ids = linked_list_create(),
+               .non_fatal_attr_types = linked_list_create(),
                .connections = linked_list_create(),
                .connection_lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
        );
index 0a1638f..8bdfb6c 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -172,6 +172,16 @@ struct imc_agent_t {
        enumerator_t* (*create_id_enumerator)(imc_agent_t *this);
 
        /**
+        * Add an item to the list of non-fatal unsupported PA-TNC attribute types
+        */
+       void (*add_non_fatal_attr_type)(imc_agent_t *this, pen_type_t type);
+
+       /**
+        * Get a list of non-fatal unsupported PA-TNC attribute types
+        */
+       linked_list_t* (*get_non_fatal_attr_types)(imc_agent_t *this);
+
+       /**
         * Destroys an imc_agent_t object
         */
        void (*destroy)(imc_agent_t *this);
index 1cf81c7..5f2772e 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -210,6 +210,7 @@ static void print_assessment_trailer(bool first)
 METHOD(imc_msg_t, receive, TNC_Result,
        private_imc_msg_t *this, bool *fatal_error)
 {
+       linked_list_t *non_fatal_types;
        TNC_UInt32 target_imc_id;
        enumerator_t *enumerator;
        pa_tnc_attr_t *attr;
@@ -282,7 +283,9 @@ METHOD(imc_msg_t, receive, TNC_Result,
                                         this->dst_id : this->agent->get_id(this->agent);
 
        /* preprocess any received IETF standard error attributes */
-       *fatal_error = this->pa_msg->process_ietf_std_errors(this->pa_msg);
+       non_fatal_types = this->agent->get_non_fatal_attr_types(this->agent);
+       *fatal_error = this->pa_msg->process_ietf_std_errors(this->pa_msg,
+                                                                                                                non_fatal_types);
 
        /* preprocess any received IETF assessment result attribute */
        enumerator = this->pa_msg->create_attribute_enumerator(this->pa_msg);
index 588225d..5a68e9e 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
index a46455d..6b24f4b 100644 (file)
@@ -65,6 +65,11 @@ struct private_imv_agent_t {
        linked_list_t *additional_ids;
 
        /**
+        * list of non-fatal unsupported PA-TNC attribute types
+        */
+       linked_list_t *non_fatal_attr_types;
+
+       /**
         * list of TNCS connection entries
         */
        linked_list_t *connections;
@@ -772,11 +777,29 @@ METHOD(imv_agent_t, provide_recommendation, TNC_Result,
        return this->provide_recommendation(this->id, connection_id, rec, eval);
 }
 
+METHOD(imv_agent_t, add_non_fatal_attr_type, void,
+       private_imv_agent_t *this, pen_type_t type)
+{
+       pen_type_t *type_p;
+
+       type_p = malloc_thing(pen_type_t);
+       *type_p = type;
+       this->non_fatal_attr_types->insert_last(this->non_fatal_attr_types, type_p);
+}
+
+METHOD(imv_agent_t, get_non_fatal_attr_types, linked_list_t*,
+       private_imv_agent_t *this)
+{
+       return this->non_fatal_attr_types;
+}
+
 METHOD(imv_agent_t, destroy, void,
        private_imv_agent_t *this)
 {
        DBG1(DBG_IMV, "IMV %u \"%s\" terminated", this->id, this->name);
        this->additional_ids->destroy(this->additional_ids);
+       this->non_fatal_attr_types->destroy_function(this->non_fatal_attr_types,
+                                                                                                free);
        this->connections->destroy_offset(this->connections,
                                                                          offsetof(imv_state_t, destroy));
        this->connection_lock->destroy(this->connection_lock);
@@ -815,6 +838,8 @@ imv_agent_t *imv_agent_create(const char *name,
                        .create_id_enumerator = _create_id_enumerator,
                        .create_language_enumerator = _create_language_enumerator,
                        .provide_recommendation = _provide_recommendation,
+                       .add_non_fatal_attr_type = _add_non_fatal_attr_type,
+                       .get_non_fatal_attr_types = _get_non_fatal_attr_types,
                        .destroy = _destroy,
                },
                .name = name,
@@ -822,6 +847,7 @@ imv_agent_t *imv_agent_create(const char *name,
                .type_count = type_count,
                .id = id,
                .additional_ids = linked_list_create(),
+               .non_fatal_attr_types = linked_list_create(),
                .connections = linked_list_create(),
                .connection_lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
        );
index 47ce770..1f6a10b 100644 (file)
@@ -189,6 +189,16 @@ struct imv_agent_t {
        TNC_Result (*provide_recommendation)(imv_agent_t *this, imv_state_t* state);
 
        /**
+        * Add an item to the list of non-fatal unsupported PA-TNC attribute types
+        */
+       void (*add_non_fatal_attr_type)(imv_agent_t *this, pen_type_t type);
+
+       /**
+        * Get a list of non-fatal unsupported PA-TNC attribute types
+        */
+       linked_list_t* (*get_non_fatal_attr_types)(imv_agent_t *this);
+
+       /**
         * Destroys an imv_agent_t object
         */
        void (*destroy)(imv_agent_t *this);
index e718175..35017b5 100644 (file)
@@ -248,6 +248,7 @@ METHOD(imv_msg_t, send_assessment, TNC_Result,
 METHOD(imv_msg_t, receive, TNC_Result,
        private_imv_msg_t *this, bool *fatal_error)
 {
+       linked_list_t *non_fatal_types;
        enumerator_t *enumerator;
        pa_tnc_attr_t *attr;
        chunk_t msg;
@@ -313,7 +314,9 @@ METHOD(imv_msg_t, receive, TNC_Result,
        }
 
        /* preprocess any received IETF standard error attributes */
-       *fatal_error = this->pa_msg->process_ietf_std_errors(this->pa_msg);
+       non_fatal_types = this->agent->get_non_fatal_attr_types(this->agent);
+       *fatal_error = this->pa_msg->process_ietf_std_errors(this->pa_msg,
+                                                                                                                non_fatal_types);
 
        return TNC_RESULT_SUCCESS;
 }
index dfec169..6f93e12 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
index fa4ee00..4cfb9bd 100644 (file)
@@ -349,26 +349,27 @@ err:
 }
 
 METHOD(pa_tnc_msg_t, process_ietf_std_errors, bool,
-       private_pa_tnc_msg_t *this)
+       private_pa_tnc_msg_t *this, linked_list_t *non_fatal_types)
 {
-       enumerator_t *enumerator;
+       enumerator_t *e1, *e2;
        enum_name_t *pa_attr_names;
        pa_tnc_attr_t *attr;
        pen_type_t type, unsupported_type;
        uint8_t flags;
        bool fatal_error = FALSE;
 
-       enumerator = this->attributes->create_enumerator(this->attributes);
-       while (enumerator->enumerate(enumerator, &attr))
+       e1 = this->attributes->create_enumerator(this->attributes);
+       while (e1->enumerate(e1, &attr))
        {
                type = attr->get_type(attr);
 
                if (type.vendor_id == PEN_IETF && type.type == IETF_ATTR_PA_TNC_ERROR)
                {
                        ietf_attr_pa_tnc_error_t *error_attr;
-                       pen_type_t error_code;
+                       pen_type_t error_code, *non_fatal_type;
                        chunk_t msg_info;
                        uint32_t offset;
+                       bool fatal_current_error = TRUE;
 
                        error_attr = (ietf_attr_pa_tnc_error_t*)attr;
                        error_code = error_attr->get_error_code(error_attr);
@@ -412,14 +413,27 @@ METHOD(pa_tnc_msg_t, process_ietf_std_errors, bool,
                                                         unsupported_type.vendor_id, unsupported_type.type,
                                                         flags);
                                        }
+                                       e2 = non_fatal_types->create_enumerator(non_fatal_types);
+                                       while (e2->enumerate(e2, &non_fatal_type))
+                                       {
+                                               if (pen_type_equals(unsupported_type, *non_fatal_type))
+                                               {
+                                                       fatal_current_error = FALSE;
+                                                       break;
+                                               }
+                                       }
+                                       e2->destroy(e2);
                                        break;
                                default:
                                        break;
                        }
-                       fatal_error = TRUE;
+                       if (fatal_current_error)
+                       {
+                               fatal_error = TRUE;
+                       }
                }
        }
-       enumerator->destroy(enumerator);
+       e1->destroy(e1);
 
        return fatal_error;
 }
index 84814b9..57ff1a0 100644 (file)
@@ -68,9 +68,11 @@ struct pa_tnc_msg_t {
        /**
         * Process all IETF standard error PA-TNC attributes
         *
-        * @return                                      TRUE if at least one error attribute processed
+        * @param non_fatal_types       list of non fatal unsupported attribute types
+        * @return                                      TRUE if at least one fatal error processed
         */
-       bool (*process_ietf_std_errors)(pa_tnc_msg_t *this);
+       bool (*process_ietf_std_errors)(pa_tnc_msg_t *this,
+                                                                   linked_list_t *non_fatal_types);
 
        /**
         * Enumerates over all PA-TNC attributes