started error handling of PA-TNC protocol
authorAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 1 Jun 2011 14:33:09 +0000 (16:33 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 1 Jun 2011 14:33:44 +0000 (16:33 +0200)
src/libimcv/ietf/ietf_attr_pa_tnc_error.c
src/libimcv/ietf/ietf_attr_pa_tnc_error.h
src/libimcv/pa_tnc/pa_tnc_msg.c
src/libimcv/pa_tnc/pa_tnc_msg.h

index ccd097a..2fa0f41 100644 (file)
@@ -14,6 +14,7 @@
 
 #include "ietf_attr_pa_tnc_error.h"
 
+#include <bio/bio_writer.h>
 #include <debug.h>
 
 ENUM(pa_tnc_error_code_names, PA_ERROR_RESERVED,
@@ -24,6 +25,8 @@ ENUM(pa_tnc_error_code_names, PA_ERROR_RESERVED,
        "Attribute Type Not Supported"
 );
 
+typedef struct private_ietf_attr_pa_tnc_error_t private_ietf_attr_pa_tnc_error_t;
+
 /**
  * PA-TNC Error Attribute Type  (see section 4.2.8 of RFC 5792)
  *
@@ -39,7 +42,8 @@ ENUM(pa_tnc_error_code_names, PA_ERROR_RESERVED,
  *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  */
 
-typedef struct private_ietf_attr_pa_tnc_error_t private_ietf_attr_pa_tnc_error_t;
+#define IETF_ATTR_PA_TNC_ERROR_HEADER_SIZE     12
+#define IETF_ATTR_PA_TNC_ERROR_RESERVED                0x00
 
 /**
  * Private data of an ietf_attr_pa_tnc_error_t object.
@@ -81,6 +85,10 @@ struct private_ietf_attr_pa_tnc_error_t {
         */
        u_int32_t error_code;
 
+       /**
+        * PA-TNC message header
+        */
+       chunk_t header;
 };
 
 METHOD(pa_tnc_attr_t, get_vendor_id, pen_t,
@@ -116,7 +124,15 @@ METHOD(pa_tnc_attr_t, set_noskip_flag,void,
 METHOD(pa_tnc_attr_t, build, void,
        private_ietf_attr_pa_tnc_error_t *this)
 {
-
+       bio_writer_t *writer;
+
+       writer = bio_writer_create(IETF_ATTR_PA_TNC_ERROR_HEADER_SIZE);
+       writer->write_uint8 (writer, IETF_ATTR_PA_TNC_ERROR_RESERVED);
+       writer->write_uint24(writer, this->error_vendor_id);
+       writer->write_uint32(writer, this->error_code);
+       writer->write_data  (writer, this->header);
+       this->value = chunk_clone(writer->get_buf(writer));
+       writer->destroy(writer);
 }
 
 METHOD(pa_tnc_attr_t, process, status_t,
@@ -128,6 +144,7 @@ METHOD(pa_tnc_attr_t, process, status_t,
 METHOD(pa_tnc_attr_t, destroy, void,
        private_ietf_attr_pa_tnc_error_t *this)
 {
+       free(this->header.ptr);
        free(this);
 }
 
@@ -147,10 +164,13 @@ METHOD(ietf_attr_pa_tnc_error_t, get_error_code, u_int32_t,
  * Described in header.
  */
 pa_tnc_attr_t *ietf_attr_pa_tnc_error_create(pen_t vendor_id,
-                                                                                        u_int32_t error_code)
+                                                                                        u_int32_t error_code,
+                                                                                        chunk_t header)
 {
        private_ietf_attr_pa_tnc_error_t *this;
 
+       header.len = 8;
+
        INIT(this,
                .public = {
                        .pa_tnc_attribute = {
@@ -170,6 +190,7 @@ pa_tnc_attr_t *ietf_attr_pa_tnc_error_create(pen_t vendor_id,
                .type = IETF_ATTR_PA_TNC_ERROR,
                .error_vendor_id = vendor_id,
                .error_code = error_code,
+               .header = chunk_clone(header),
        );
 
        return &this->public.pa_tnc_attribute;
index 7d09a8e..d664163 100644 (file)
@@ -73,10 +73,12 @@ struct ietf_attr_pa_tnc_error_t {
  *
  * @param vendor_id                    PA-TNC error code vendor ID
  * @param error_code           PA-TNC error code
+ * @param header                       PA-TNC message header (first 8 bytes)
  * 
  */
 pa_tnc_attr_t* ietf_attr_pa_tnc_error_create(pen_t vendor_id,
-                                                                                        u_int32_t error_code);
+                                                                                        u_int32_t error_code,
+                                                                                        chunk_t header);
 
 /**
  * Creates an ietf_attr_pa_tnc_error_t object from received data
index 97c2ce4..0eea4c3 100644 (file)
  */
 
 #include "pa_tnc_msg.h"
+#include "ietf/ietf_attr_pa_tnc_error.h"
 
 #include <bio/bio_writer.h>
 #include <bio/bio_reader.h>
 #include <utils/linked_list.h>
-#include <tnc/pen/pen.h>
+#include <pen/pen.h>
 #include <debug.h>
 
 
@@ -78,6 +79,11 @@ struct private_pa_tnc_msg_t {
        linked_list_t *attributes;
 
        /**
+        * linked list of PA-TNC error messages
+        */
+       linked_list_t *errors;
+
+       /**
         * Message identifier
         */
        u_int32_t identifier;
@@ -154,20 +160,19 @@ METHOD(pa_tnc_msg_t, build, void,
 METHOD(pa_tnc_msg_t, process, status_t,
        private_pa_tnc_msg_t *this)
 {
+       bio_reader_t *reader;
+       pa_tnc_attr_t *error;
        u_int8_t version;
        u_int32_t reserved;
-       bio_reader_t *reader;
-       status_t status = FAILED;
-
-       reader = bio_reader_create(this->encoding);
 
        /* process message header */
-       if (reader->remaining(reader) < PA_TNC_HEADER_SIZE)
+       if (this->encoding.len < PA_TNC_HEADER_SIZE)
        {
                DBG1(DBG_TNC, "%u bytes insufficient to parse PA-TNC message header",
                                           this->encoding.len);
-               goto end;
+               return FAILED;
        }
+       reader = bio_reader_create(this->encoding);
        reader->read_uint8 (reader, &version);
        reader->read_uint24(reader, &reserved);
        reader->read_uint32(reader, &this->identifier);
@@ -175,7 +180,9 @@ METHOD(pa_tnc_msg_t, process, status_t,
        if (version != PA_TNC_VERSION)
        {
                DBG1(DBG_TNC, "PA-TNC version %u not supported", version);
-               goto end;
+               error = ietf_attr_pa_tnc_error_create(PEN_IETF,
+                                       PA_ERROR_VERSION_NOT_SUPPORTED, this->encoding);
+               goto err;
        }
        DBG2(DBG_TNC, "processing PA-TNC message with ID 0x%08x", this->identifier);
        
@@ -199,14 +206,18 @@ METHOD(pa_tnc_msg_t, process, status_t,
                {
                        DBG1(DBG_TNC, "%u bytes too small for PA-TNC attribute length",
                                                   length);
-                       goto end;
+                       error = ietf_attr_pa_tnc_error_create(PEN_IETF,
+                                               PA_ERROR_INVALID_PARAMETER, this->encoding);
+                       goto err;
                }
                length -= PA_TNC_ATTR_HEADER_SIZE;
 
                if (!reader->read_data(reader, length , &value))
                {
                        DBG1(DBG_TNC, "insufficient bytes for PA-TNC attribute value");
-                       goto end; 
+                       error = ietf_attr_pa_tnc_error_create(PEN_IETF,
+                                               PA_ERROR_INVALID_PARAMETER, this->encoding);
+                       goto err; 
                } 
                DBG3(DBG_TNC, "%B", &value);
 
@@ -216,7 +227,9 @@ METHOD(pa_tnc_msg_t, process, status_t,
                        if (flags & PA_TNC_ATTR_FLAG_NOSKIP)
                        {
                                DBG1(DBG_TNC, "unsupported PA-TNC attribute with NOSKIP flag");
-                               goto end;
+                               error = ietf_attr_pa_tnc_error_create(PEN_IETF,
+                                                       PA_ERROR_ATTR_TYPE_NOT_SUPPORTED, this->encoding);
+                               goto err;
                        }
                        else
                        {
@@ -227,19 +240,23 @@ METHOD(pa_tnc_msg_t, process, status_t,
                if (attr->process(attr) != SUCCESS)
                {
                        attr->destroy(attr);
-                       goto end;
+                       error = ietf_attr_pa_tnc_error_create(PEN_IETF,
+                                               PA_ERROR_INVALID_PARAMETER, this->encoding);
+                       goto err;
                }
                add_attribute(this, attr);
        }
 
        if (reader->remaining(reader) == 0)
        {
-               status = SUCCESS;
+               reader->destroy(reader);
+               return SUCCESS;
        }
 
-end:
+err:
        reader->destroy(reader);
-       return status;
+       this->errors->insert_last(this->errors, error);
+       return VERIFY_ERROR;
 }
 
 METHOD(pa_tnc_msg_t, create_attribute_enumerator, enumerator_t*,
@@ -248,16 +265,23 @@ METHOD(pa_tnc_msg_t, create_attribute_enumerator, enumerator_t*,
        return this->attributes->create_enumerator(this->attributes);
 }
 
+METHOD(pa_tnc_msg_t, create_error_enumerator, enumerator_t*,
+       private_pa_tnc_msg_t *this)
+{
+       return this->errors->create_enumerator(this->attributes);
+}
+
 METHOD(pa_tnc_msg_t, destroy, void,
        private_pa_tnc_msg_t *this)
 {
        this->attributes->destroy_offset(this->attributes,
                                                                         offsetof(pa_tnc_attr_t, destroy)); 
+       this->errors->destroy_offset(this->errors,
+                                                                        offsetof(pa_tnc_attr_t, destroy));
        free(this->encoding.ptr);
        free(this);
 }
 
-
 /**
  * See header
  */
@@ -272,10 +296,12 @@ pa_tnc_msg_t *pa_tnc_msg_create_from_data(chunk_t data)
                        .build = _build,
                        .process = _process,
                        .create_attribute_enumerator = _create_attribute_enumerator,
+                       .create_error_enumerator = _create_error_enumerator,
                        .destroy = _destroy,
                },
                .encoding = chunk_clone(data),
                .attributes = linked_list_create(),
+               .errors = linked_list_create(),
        );
 
        return &this->public;
@@ -289,4 +315,3 @@ pa_tnc_msg_t *pa_tnc_msg_create(void)
        return pa_tnc_msg_create_from_data(chunk_empty);
 }
 
-
index 9e1e0a6..b640600 100644 (file)
@@ -67,6 +67,13 @@ struct pa_tnc_msg_t {
        enumerator_t* (*create_attribute_enumerator)(pa_tnc_msg_t *this);
 
        /**
+        * Enumerates over all parsing errors
+        *
+        * @return                              return error enumerator
+        */
+       enumerator_t* (*create_error_enumerator)(pa_tnc_msg_t *this);
+
+       /**
         * Destroys a pa_tnc_msg_t object.
         */
        void (*destroy)(pa_tnc_msg_t *this);