implemented IETF String Version attribute
authorAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 10 Oct 2012 10:30:18 +0000 (12:30 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 10 Oct 2012 10:30:18 +0000 (12:30 +0200)
src/libimcv/Makefile.am
src/libimcv/ietf/ietf_attr.c
src/libimcv/ietf/ietf_attr_string_version.c [new file with mode: 0644]
src/libimcv/ietf/ietf_attr_string_version.h [new file with mode: 0644]
src/libimcv/plugins/imc_os/imc_os.c
src/libimcv/plugins/imv_os/imv_os.c
src/libimcv/plugins/imv_os/imv_os_state.c
src/libimcv/plugins/imv_os/imv_os_state.h

index b871862..87e8347 100644 (file)
@@ -10,12 +10,13 @@ libimcv_la_SOURCES = \
        imc/imc_agent.h imc/imc_agent.c imc/imc_state.h \
        imv/imv_agent.h imv/imv_agent.c imv/imv_state.h \
        ietf/ietf_attr.h ietf/ietf_attr.c \
+       ietf/ietf_attr_assess_result.h ietf/ietf_attr_assess_result.c \
+       ietf/ietf_attr_attr_request.h ietf/ietf_attr_attr_request.c \
+       ietf/ietf_attr_installed_packages.h ietf/ietf_attr_installed_packages.c \
        ietf/ietf_attr_pa_tnc_error.h ietf/ietf_attr_pa_tnc_error.c \
        ietf/ietf_attr_port_filter.h ietf/ietf_attr_port_filter.c \
        ietf/ietf_attr_product_info.h ietf/ietf_attr_product_info.c \
-       ietf/ietf_attr_installed_packages.h ietf/ietf_attr_installed_packages.c \
-       ietf/ietf_attr_attr_request.h ietf/ietf_attr_attr_request.c \
-       ietf/ietf_attr_assess_result.h ietf/ietf_attr_assess_result.c \
+       ietf/ietf_attr_string_version.h ietf/ietf_attr_string_version.c \
        ita/ita_attr.h ita/ita_attr.c \
        ita/ita_attr_command.h ita/ita_attr_command.c \
        ita/ita_attr_dummy.h ita/ita_attr_dummy.c \
index 7115c81..02eb760 100644 (file)
  */
 
 #include "ietf_attr.h"
+#include "ietf/ietf_attr_assess_result.h"
+#include "ietf/ietf_attr_attr_request.h"
+#include "ietf/ietf_attr_installed_packages.h"
 #include "ietf/ietf_attr_pa_tnc_error.h"
 #include "ietf/ietf_attr_port_filter.h"
 #include "ietf/ietf_attr_product_info.h"
-#include "ietf/ietf_attr_installed_packages.h"
-#include "ietf/ietf_attr_attr_request.h"
-#include "ietf/ietf_attr_assess_result.h"
+#include "ietf/ietf_attr_string_version.h"
 
 
 ENUM(ietf_attr_names, IETF_ATTR_TESTING, IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED,
@@ -48,6 +49,8 @@ pa_tnc_attr_t* ietf_attr_create_from_data(u_int32_t type, chunk_t value)
                        return ietf_attr_attr_request_create_from_data(value);
                case IETF_ATTR_PRODUCT_INFORMATION:
                        return ietf_attr_product_info_create_from_data(value);
+               case IETF_ATTR_STRING_VERSION:
+                       return ietf_attr_string_version_create_from_data(value);
                case IETF_ATTR_PORT_FILTER:
                        return ietf_attr_port_filter_create_from_data(value);
                case IETF_ATTR_INSTALLED_PACKAGES:
@@ -58,7 +61,6 @@ pa_tnc_attr_t* ietf_attr_create_from_data(u_int32_t type, chunk_t value)
                        return ietf_attr_assess_result_create_from_data(value);
                case IETF_ATTR_TESTING:
                case IETF_ATTR_NUMERIC_VERSION:
-               case IETF_ATTR_STRING_VERSION:
                case IETF_ATTR_OPERATIONAL_STATUS:
                case IETF_ATTR_REMEDIATION_INSTRUCTIONS:
                case IETF_ATTR_FORWARDING_ENABLED:
diff --git a/src/libimcv/ietf/ietf_attr_string_version.c b/src/libimcv/ietf/ietf_attr_string_version.c
new file mode 100644 (file)
index 0000000..7cc3447
--- /dev/null
@@ -0,0 +1,298 @@
+/*
+ * Copyright (C) 2012 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "ietf_attr_string_version.h"
+
+#include <pa_tnc/pa_tnc_msg.h>
+#include <bio/bio_writer.h>
+#include <bio/bio_reader.h>
+#include <debug.h>
+
+typedef struct private_ietf_attr_string_version_t private_ietf_attr_string_version_t;
+
+/**
+ * PA-TNC String Version type  (see section 4.2.4 of RFC 5792)
+ *
+ *                       1                   2                   3
+ *   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *  |  Version Len  |   Product Version Number (Variable Length)    |
+ *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *  | Build Num Len |   Internal Build Number (Variable Length)     |
+ *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *  |  Config. Len  | Configuration Version Number (Variable Length)|
+ *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ */
+
+#define STRING_VERSION_MIN_SIZE                3
+
+/**
+ * Private data of an ietf_attr_string_version_t object.
+ */
+struct private_ietf_attr_string_version_t {
+
+       /**
+        * Public members of ietf_attr_string_version_t
+        */
+       ietf_attr_string_version_t public;
+
+       /**
+        * Vendor-specific attribute type
+        */
+       pen_type_t type;
+
+       /**
+        * Attribute value
+        */
+       chunk_t value;
+
+       /**
+        * Noskip flag
+        */
+       bool noskip_flag;
+
+       /**
+        * Product Version Number
+        */
+       chunk_t version;
+
+       /**
+        * Internal Build Number
+        */
+       chunk_t build;
+
+       /**
+        * Configuration Version Number
+        */
+       chunk_t config;
+
+       /**
+        * Reference count
+        */
+       refcount_t ref;
+};
+
+METHOD(pa_tnc_attr_t, get_type, pen_type_t,
+       private_ietf_attr_string_version_t *this)
+{
+       return this->type;
+}
+
+METHOD(pa_tnc_attr_t, get_value, chunk_t,
+       private_ietf_attr_string_version_t *this)
+{
+       return this->value;
+}
+
+METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
+       private_ietf_attr_string_version_t *this)
+{
+       return this->noskip_flag;
+}
+
+METHOD(pa_tnc_attr_t, set_noskip_flag,void,
+       private_ietf_attr_string_version_t *this, bool noskip)
+{
+       this->noskip_flag = noskip;
+}
+
+METHOD(pa_tnc_attr_t, build, void,
+       private_ietf_attr_string_version_t *this)
+{
+       bio_writer_t *writer;
+
+       if (this->value.ptr)
+       {
+               return;
+       }
+
+       writer = bio_writer_create(STRING_VERSION_MIN_SIZE);
+       writer->write_data8(writer, this->version);
+       writer->write_data8(writer, this->build);
+       writer->write_data8(writer, this->config);
+
+       this->value = chunk_clone(writer->get_buf(writer));
+       writer->destroy(writer);
+}
+
+METHOD(pa_tnc_attr_t, process, status_t,
+       private_ietf_attr_string_version_t *this, u_int32_t *offset)
+{
+       bio_reader_t *reader;
+       status_t status = FAILED;
+       chunk_t version, build, config;
+       u_char *pos;
+
+       *offset = 0;
+
+       if (this->value.len < STRING_VERSION_MIN_SIZE)
+       {
+               DBG1(DBG_TNC, "insufficient data for IETF string version");
+               return FAILED;
+       }
+       reader = bio_reader_create(this->value);
+       
+       if (!reader->read_data8(reader, &version))
+       {
+               DBG1(DBG_TNC, "insufficient data for IETF product version number");
+               goto end;
+
+       }
+       pos = memchr(version.ptr, '\0', version.len);
+       if (pos)
+       {
+               DBG1(DBG_TNC, "nul termination in IETF product version number");
+               *offset += 1 + (pos - version.ptr);
+               goto end;
+       }
+       *offset += 1 + version.len;
+
+       if (!reader->read_data8(reader, &build))
+       {
+               DBG1(DBG_TNC, "insufficient data for IETF internal build number");
+               goto end;
+
+       }
+       pos = memchr(build.ptr, '\0', build.len);
+       if (pos)
+       {
+               DBG1(DBG_TNC, "nul termination in IETF internal build number");
+               *offset += 1 + (pos - build.ptr);
+               goto end;
+       }
+       *offset += 1 + build.len;
+
+       if (!reader->read_data8(reader, &config))
+       {
+               DBG1(DBG_TNC, "insufficient data for IETF configuration version number");
+               goto end;
+
+       }
+       pos = memchr(config.ptr, '\0', config.len);
+       if (pos)
+       {
+               DBG1(DBG_TNC, "nul termination in IETF configuration version number");
+               *offset += 1 + (pos - config.ptr);
+               goto end;
+       }
+       
+       this->version = chunk_clone(version);
+       this->build = chunk_clone(build);
+       this->config = chunk_clone(config);
+       status = SUCCESS;
+
+end:
+       reader->destroy(reader);
+       return status;
+}
+
+METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
+       private_ietf_attr_string_version_t *this)
+{
+       ref_get(&this->ref);
+       return &this->public.pa_tnc_attribute;
+}
+
+METHOD(pa_tnc_attr_t, destroy, void,
+       private_ietf_attr_string_version_t *this)
+{
+       if (ref_put(&this->ref))
+       {
+               free(this->version.ptr);
+               free(this->build.ptr);
+               free(this->config.ptr);
+               free(this->value.ptr);
+               free(this);
+       }
+}
+
+METHOD(ietf_attr_string_version_t, get_version, chunk_t,
+       private_ietf_attr_string_version_t *this, chunk_t *build, chunk_t *config)
+{
+       if (build)
+       {
+               *build = this->build;
+       }
+       if (config)
+       {
+               *config = this->config;
+       }
+       return this->version;
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *ietf_attr_string_version_create(chunk_t version, chunk_t build,
+                                                                                          chunk_t config)
+{
+       private_ietf_attr_string_version_t *this;
+
+       /* limit version numbers to 255 octets */
+       version.len = min(255, version.len);
+       build.len = min(255, build.len);
+       config.len = min(255, config.len);
+
+       INIT(this,
+               .public = {
+                       .pa_tnc_attribute = {
+                               .get_type = _get_type,
+                               .get_value = _get_value,
+                               .get_noskip_flag = _get_noskip_flag,
+                               .set_noskip_flag = _set_noskip_flag,
+                               .build = _build,
+                               .process = _process,
+                               .get_ref = _get_ref,
+                               .destroy = _destroy,
+                       },
+                       .get_version = _get_version,
+               },
+               .type = { PEN_IETF, IETF_ATTR_STRING_VERSION },
+               .version = chunk_clone(version),
+               .build = chunk_clone(build),
+               .config = chunk_clone(config),
+               .ref = 1,
+       );
+
+       return &this->public.pa_tnc_attribute;
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *ietf_attr_string_version_create_from_data(chunk_t data)
+{
+       private_ietf_attr_string_version_t *this;
+
+       INIT(this,
+               .public = {
+                       .pa_tnc_attribute = {
+                               .get_type = _get_type,
+                               .get_value = _get_value,
+                               .build = _build,
+                               .process = _process,
+                               .get_ref = _get_ref,
+                               .destroy = _destroy,
+                       },
+                       .get_version = _get_version,
+               },
+               .type = { PEN_IETF, IETF_ATTR_STRING_VERSION },
+               .value = chunk_clone(data),
+               .ref = 1,
+       );
+
+       return &this->public.pa_tnc_attribute;
+}
+
diff --git a/src/libimcv/ietf/ietf_attr_string_version.h b/src/libimcv/ietf/ietf_attr_string_version.h
new file mode 100644 (file)
index 0000000..3194962
--- /dev/null
@@ -0,0 +1,67 @@
+/*
+ * Copyright (C) 2012 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ietf_attr_string_versiont ietf_attr_string_version
+ * @{ @ingroup ietf
+ */
+
+#ifndef IETF_ATTR_STRING_VERSION_H_
+#define IETF_ATTR_STRING_VERSION_H_
+
+typedef struct ietf_attr_string_version_t ietf_attr_string_version_t;
+
+#include "ietf_attr.h"
+#include "pa_tnc/pa_tnc_attr.h"
+
+
+/**
+ * Class implementing the IETF PA-TNC Product Information attribute.
+ *
+ */
+struct ietf_attr_string_version_t {
+
+       /**
+        * Public PA-TNC attribute interface
+        */
+       pa_tnc_attr_t pa_tnc_attribute;
+
+       /**
+        * Gets the Product Version Number and optionally the Internal Build
+        * and Configuration Version Numbers
+        *
+        * @param build                 Internal Build Number (if build != NULL)
+        * @param config                Configuration Version Number (if config != NULL)
+        * @return                              Product Version Number
+        */
+       chunk_t (*get_version)(ietf_attr_string_version_t *this, chunk_t *build,
+                                                                                                                        chunk_t *config);
+};
+
+/**
+ * Creates an ietf_attr_string_version_t object
+ *
+ */
+pa_tnc_attr_t* ietf_attr_string_version_create(chunk_t version, chunk_t build,
+                                                                                          chunk_t config);
+
+/**
+ * Creates an ietf_attr_string_version_t object from received data
+ *
+ * @param value                                unparsed attribute value
+ */
+pa_tnc_attr_t* ietf_attr_string_version_create_from_data(chunk_t value);
+
+#endif /** IETF_ATTR_STRING_VERSION_H_ @}*/
index 8c0aadb..be6fb36 100644 (file)
 #include <imc/imc_agent.h>
 #include <pa_tnc/pa_tnc_msg.h>
 #include <ietf/ietf_attr.h>
+#include <ietf/ietf_attr_assess_result.h>
 #include <ietf/ietf_attr_attr_request.h>
-#include <ietf/ietf_attr_product_info.h>
 #include <ietf/ietf_attr_installed_packages.h>
 #include <ietf/ietf_attr_pa_tnc_error.h>
-#include <ietf/ietf_attr_assess_result.h>
+#include <ietf/ietf_attr_product_info.h>
+#include <ietf/ietf_attr_string_version.h>
 
 #include <tncif_pa_subtypes.h>
 
@@ -104,13 +105,26 @@ TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id,
 }
 
 /**
- * Add an IETF Product Information attribute to the send queue
+ * Add IETF Product Information attribute to the send queue
  */
 static void add_product_info(linked_list_t *attr_list)
 {
        pa_tnc_attr_t *attr;
+       char *os_name = "Ubuntu";
 
-       attr = ietf_attr_product_info_create(PEN_IETF, 0, "Ubuntu 12.04 LTS i686");
+       attr = ietf_attr_product_info_create(PEN_IETF, 0, os_name);
+       attr_list->insert_last(attr_list, attr);
+}
+
+/**
+ * Add IETF String Version attribute to the send queue
+ */
+static void add_string_version(linked_list_t *attr_list)
+{
+       pa_tnc_attr_t *attr;
+       chunk_t os_version = { "12.04", 5};
+
+       attr = ietf_attr_string_version_create(os_version, chunk_empty, chunk_empty);
        attr_list->insert_last(attr_list, attr);
 }
 
@@ -148,12 +162,13 @@ TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id,
        }
 
        if (lib->settings->get_bool(lib->settings,
-                                                       "libimcv.plugins.imc-os.send_product_info", TRUE))
+                                                               "libimcv.plugins.imc-os.send_info", TRUE))
        {
                linked_list_t *attr_list;
 
                attr_list = linked_list_create();
                add_product_info(attr_list);
+               add_string_version(attr_list);
                result = imc_os->send_message(imc_os, connection_id, FALSE, 0,
                                                                          TNC_IMVID_ANY, attr_list);
                attr_list->destroy(attr_list);
@@ -238,6 +253,9 @@ static TNC_Result receive_message(TNC_IMCID imc_id,
                                        case IETF_ATTR_PRODUCT_INFORMATION:
                                                add_product_info(attr_list);
                                                break;
+                                       case IETF_ATTR_STRING_VERSION:
+                                               add_string_version(attr_list);
+                                               break;
                                        case IETF_ATTR_INSTALLED_PACKAGES:
                                                add_installed_packages(attr_list);
                                                break;
index b094e10..c4e6737 100644 (file)
 #include <pa_tnc/pa_tnc_msg.h>
 #include <ietf/ietf_attr.h>
 #include <ietf/ietf_attr_attr_request.h>
-#include <ietf/ietf_attr_product_info.h>
 #include <ietf/ietf_attr_installed_packages.h>
 #include <ietf/ietf_attr_pa_tnc_error.h>
+#include <ietf/ietf_attr_product_info.h>
+#include <ietf/ietf_attr_string_version.h>
 
 #include <tncif_names.h>
 #include <tncif_pa_subtypes.h>
@@ -111,6 +112,8 @@ static TNC_Result receive_message(TNC_IMVID imv_id,
        imv_os_state_t *os_state;
        enumerator_t *enumerator;
        TNC_Result result;
+       char *os_name = NULL;
+       chunk_t os_version = chunk_empty;
        bool fatal_error, assessment = FALSE;
 
        if (!imv_os)
@@ -155,19 +158,25 @@ static TNC_Result receive_message(TNC_IMVID imv_id,
                        case IETF_ATTR_PRODUCT_INFORMATION:
                        {
                                ietf_attr_product_info_t *attr_cast;
-                               char *info;
 
                                attr_cast = (ietf_attr_product_info_t*)attr;
-                               info = attr_cast->get_info(attr_cast, NULL, NULL);
-                               os_state->set_info(os_state, info);
-                               DBG1(DBG_IMV, "operating system is '%s'", info);
-                               
-                               /* request installed packages */
-                               attr = ietf_attr_attr_request_create(PEN_IETF,
-                                                                                       IETF_ATTR_INSTALLED_PACKAGES);
-                               attr_list->insert_last(attr_list, attr);
+                               os_name = attr_cast->get_info(attr_cast, NULL, NULL);
+                               DBG1(DBG_IMV, "operating system name is '%s'", os_name);
+                               break;
+                       }
+                       case IETF_ATTR_STRING_VERSION:
+                       {
+                               ietf_attr_string_version_t *attr_cast;
+
+                               attr_cast = (ietf_attr_string_version_t*)attr;
+                               os_version = attr_cast->get_version(attr_cast, NULL, NULL);
+                               if (os_version.len)
+                               {
+                                       DBG1(DBG_IMV, "operating system version is '%.*s'",
+                                                                  os_version.len, os_version.ptr);
+                               }
                                break;
-                       }       
+                       }
                        case IETF_ATTR_INSTALLED_PACKAGES:
                        { 
                                ietf_attr_installed_packages_t *attr_cast;
@@ -194,6 +203,17 @@ static TNC_Result receive_message(TNC_IMVID imv_id,
                }               
        }
        enumerator->destroy(enumerator);
+
+       if (os_name && os_version.len)
+       {
+               os_state->set_info(os_state, os_name, os_version);
+
+               DBG1(DBG_IMV, "requesting installed packages for '%s'",
+                                          os_state->get_info(os_state));
+               attr = ietf_attr_attr_request_create(PEN_IETF,
+                                                                                        IETF_ATTR_INSTALLED_PACKAGES);
+               attr_list->insert_last(attr_list, attr);
+       }
        pa_tnc_msg->destroy(pa_tnc_msg);
 
        if (fatal_error)
@@ -203,6 +223,7 @@ static TNC_Result receive_message(TNC_IMVID imv_id,
                                                                TNC_IMV_EVALUATION_RESULT_ERROR);
                assessment = TRUE;
        }
+
        if (assessment)
        {
                attr_list->destroy_offset(attr_list, offsetof(pa_tnc_attr_t, destroy));
@@ -295,10 +316,13 @@ TNC_Result TNC_IMV_BatchEnding(TNC_IMVID imv_id,
        {
                pa_tnc_attr_t *attr;
                linked_list_t *attr_list;
+               ietf_attr_attr_request_t *attr_cast;
 
                attr_list = linked_list_create();
                attr = ietf_attr_attr_request_create(PEN_IETF,
                                                                                         IETF_ATTR_PRODUCT_INFORMATION);
+               attr_cast = (ietf_attr_attr_request_t*)attr;
+               attr_cast->add(attr_cast, PEN_IETF, IETF_ATTR_STRING_VERSION);
                attr_list->insert_last(attr_list, attr);
                result = imv_os->send_message(imv_os, connection_id, FALSE, imv_id,
                                                                          TNC_IMCID_ANY, attr_list);
index c367f72..65160b4 100644 (file)
@@ -164,9 +164,14 @@ METHOD(imv_state_t, destroy, void,
 }
 
 METHOD(imv_os_state_t, set_info, void,
-       private_imv_os_state_t *this, char *info)
+       private_imv_os_state_t *this, char *name, chunk_t version)
 {
-       this->info = strdup(info);
+       int len = strlen(name) + 1 + version.len + 1;
+
+       /* OS info is a concatenation of OS name and OS version */
+       free(this->info);
+       this->info = malloc(len);
+       snprintf(this->info, len, "%s %.*s", name, version.len, version.ptr);
 }
 
 METHOD(imv_os_state_t, get_info, char*,
index 14ac150..6382197 100644 (file)
@@ -39,11 +39,16 @@ struct imv_os_state_t {
 
        /**
         * Set OS Product Information
+        *
+        * @param name          OS name
+        * @param version       OS version
         */
-       void (*set_info)(imv_os_state_t *this, char *info);
+       void (*set_info)(imv_os_state_t *this, char *name, chunk_t version);
 
        /**
         * Get OS Product Information
+        *
+        * @result                      OS name & version
         */
        char* (*get_info)(imv_os_state_t *this);