Fixed PB-TNC error handling
authorAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 27 Mar 2015 13:39:56 +0000 (14:39 +0100)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 27 Mar 2015 19:56:44 +0000 (20:56 +0100)
src/libtnccs/plugins/tnccs_20/tnccs_20.c
src/libtnccs/plugins/tnccs_20/tnccs_20_client.c
src/libtnccs/plugins/tnccs_20/tnccs_20_handler.h
src/libtnccs/plugins/tnccs_20/tnccs_20_server.c

index d8daf9a..a1a9573 100644 (file)
@@ -172,7 +172,7 @@ METHOD(tls_t, process, status_t,
        private_tnccs_20_t *this, void *buf, size_t buflen)
 {
        pb_tnc_batch_t *batch;
-       bool from_server;
+       bool from_server, fatal_header_error = FALSE;
        status_t status;
        chunk_t data;
 
@@ -198,7 +198,11 @@ METHOD(tls_t, process, status_t,
        batch = pb_tnc_batch_create_from_data(data);
        status = batch->process_header(batch, !this->mutual, this->is_server,
                                                                   &from_server);
-
+       if (status == FAILED)
+       {
+               fatal_header_error = TRUE;
+               status = VERIFY_ERROR;
+       }
        this->to_server = this->mutual ? from_server : !this->is_server;
 
        /* In the mutual case, first batch from TNC server requires a TNC client */
@@ -229,7 +233,8 @@ METHOD(tls_t, process, status_t,
        }
        if (status == VERIFY_ERROR)
        {
-               this->tnccs_handler->handle_errors(this->tnccs_handler, batch);
+               this->tnccs_handler->handle_errors(this->tnccs_handler, batch,
+                                                                                  fatal_header_error);
                status = NEED_MORE;
        }
        batch->destroy(batch);
index 9bfadcb..80ae4b6 100644 (file)
@@ -456,9 +456,7 @@ static void build_retry_batch(private_tnccs_20_client_t *this)
 METHOD(tnccs_20_handler_t, process, status_t,
        private_tnccs_20_client_t *this, pb_tnc_batch_t *batch)
 {
-       pb_tnc_msg_t *msg;
        pb_tnc_batch_type_t batch_type;
-       enumerator_t *enumerator;
        status_t status;
 
        batch_type = batch->get_type(batch);
@@ -507,20 +505,9 @@ METHOD(tnccs_20_handler_t, process, status_t,
        {
                case FAILED:
                        this->fatal_error = TRUE;
-                       this->mutex->lock(this->mutex);
-                       change_batch_type(this, PB_BATCH_CLOSE);
-                       this->mutex->unlock(this->mutex);
                        status = VERIFY_ERROR;
-                       /* fall through to add error messages to outbound batch */
+                       break;
                case VERIFY_ERROR:
-                       enumerator = batch->create_error_enumerator(batch);
-                       while (enumerator->enumerate(enumerator, &msg))
-                       {
-                               this->mutex->lock(this->mutex);
-                               this->messages->insert_last(this->messages, msg->get_ref(msg));
-                               this->mutex->unlock(this->mutex);
-                       }
-                       enumerator->destroy(enumerator);
                        break;
                case SUCCESS:
                default:
@@ -728,11 +715,19 @@ METHOD(tnccs_20_handler_t, add_msg, void,
 }
 
 METHOD(tnccs_20_handler_t, handle_errors, void,
-       private_tnccs_20_client_t *this, pb_tnc_batch_t *batch)
+       private_tnccs_20_client_t *this, pb_tnc_batch_t *batch,
+       bool fatal_header_error)
 {
        pb_tnc_msg_t *msg;
        enumerator_t *enumerator;
 
+       if (fatal_header_error || this->fatal_error)
+       {
+               this->mutex->lock(this->mutex);
+               change_batch_type(this, PB_BATCH_CLOSE);
+               this->mutex->unlock(this->mutex);
+       }
+
        enumerator = batch->create_error_enumerator(batch);
        while (enumerator->enumerate(enumerator, &msg))
        {
index d0adb24..5c4d7a7 100644 (file)
@@ -90,9 +90,11 @@ struct tnccs_20_handler_t {
        /**
         * Handle errors that occurred during PB-TNC batch header processing
         *
-        * @param batch                 batch where a fatal error occurred
+        * @param batch                                 batch where a fatal error occurred
+        * @param fatal_header_error    TRUE if fatal error in batch header
         */
-       void (*handle_errors)(tnccs_20_handler_t *this, pb_tnc_batch_t *batch);
+       void (*handle_errors)(tnccs_20_handler_t *this, pb_tnc_batch_t *batch,
+                                                 bool fatal_header_error);
 
        /**
         * Destroys a tnccs_20_handler_t object.
index c75ecdc..e6ac21a 100644 (file)
@@ -285,9 +285,7 @@ static void build_retry_batch(private_tnccs_20_server_t *this)
 METHOD(tnccs_20_handler_t, process, status_t,
        private_tnccs_20_server_t *this, pb_tnc_batch_t *batch)
 {
-       pb_tnc_msg_t *msg;
        pb_tnc_batch_type_t batch_type;
-       enumerator_t *enumerator;
        status_t status;
 
        batch_type = batch->get_type(batch);
@@ -333,20 +331,9 @@ METHOD(tnccs_20_handler_t, process, status_t,
        {
                case FAILED:
                        this->fatal_error = TRUE;
-                       this->mutex->lock(this->mutex);
-                       change_batch_type(this, PB_BATCH_CLOSE);
-                       this->mutex->unlock(this->mutex);
                        status = VERIFY_ERROR;
-                       /* fall through to add error messages to outbound batch */
+                       break;
                case VERIFY_ERROR:
-                       enumerator = batch->create_error_enumerator(batch);
-                       while (enumerator->enumerate(enumerator, &msg))
-                       {
-                               this->mutex->lock(this->mutex);
-                               this->messages->insert_last(this->messages, msg->get_ref(msg));
-                               this->mutex->unlock(this->mutex);
-                       }
-                       enumerator->destroy(enumerator);
                        break;
                case SUCCESS:
                default:
@@ -601,11 +588,19 @@ METHOD(tnccs_20_handler_t, add_msg, void,
 }
 
 METHOD(tnccs_20_handler_t, handle_errors, void,
-       private_tnccs_20_server_t *this,  pb_tnc_batch_t *batch)
+       private_tnccs_20_server_t *this,  pb_tnc_batch_t *batch,
+       bool fatal_header_error)
 {
        pb_tnc_msg_t *msg;
        enumerator_t *enumerator;
 
+       if (fatal_header_error || this->fatal_error)
+       {
+               this->mutex->lock(this->mutex);
+               change_batch_type(this, PB_BATCH_CLOSE);
+               this->mutex->unlock(this->mutex);
+       }
+
        enumerator = batch->create_error_enumerator(batch);
        while (enumerator->enumerate(enumerator, &msg))
        {