Switch encoding of AR Identity Value from binary to UTF-8
authorAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 22 Mar 2013 09:37:49 +0000 (10:37 +0100)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 22 Mar 2013 09:37:49 +0000 (10:37 +0100)
14 files changed:
src/libcharon/plugins/tnc_tnccs/tnc_tnccs_manager.c
src/libimcv/imv/imv_agent.c
src/libimcv/imv/imv_state.h
src/libimcv/plugins/imv_os/imv_os.c
src/libimcv/plugins/imv_os/imv_os_database.c
src/libimcv/plugins/imv_os/imv_os_database.h
src/libimcv/plugins/imv_os/imv_os_state.c
src/libimcv/plugins/imv_scanner/imv_scanner_state.c
src/libimcv/plugins/imv_test/imv_test_state.c
src/libpts/plugins/imv_attestation/attest_db.c
src/libpts/plugins/imv_attestation/imv_attestation_state.c
src/libtncif/tncif_identity.c
src/libtncif/tncif_identity.h
src/libtncif/tncifimv.h

index 6ddda59..76d5e1d 100644 (file)
@@ -30,6 +30,8 @@
 #include <collections/linked_list.h>
 #include <threading/rwlock.h>
 
+#include <stdio.h>
+
 typedef struct private_tnc_tnccs_manager_t private_tnc_tnccs_manager_t;
 typedef struct tnccs_entry_t tnccs_entry_t;
 typedef struct tnccs_connection_entry_t tnccs_connection_entry_t;
@@ -716,6 +718,7 @@ METHOD(tnccs_manager_t, get_attribute, TNC_Result,
                        tnccs_t *tnccs;
                        tncif_identity_t *tnc_id;
                        u_int32_t id_type, subject_type;
+                       chunk_t id_value;
                        TNC_Result result;
 
                        list = linked_list_create();
@@ -734,7 +737,7 @@ METHOD(tnccs_manager_t, get_attribute, TNC_Result,
                                                subject_type = TNC_SUBJECT_MACHINE;
                                                break;
                                        case ID_FQDN:
-                                               id_type = TNC_ID_USER_NAME;
+                                               id_type = TNC_ID_USERNAME;
                                                subject_type = TNC_SUBJECT_USER;
                                                break;
                                        case ID_RFC822_ADDR:
@@ -742,22 +745,18 @@ METHOD(tnccs_manager_t, get_attribute, TNC_Result,
                                                subject_type = TNC_SUBJECT_USER;
                                                break;
                                        case ID_DER_ASN1_DN:
-                                               id_type = TNC_ID_DER_ASN1_DN;
+                                               id_type = TNC_ID_ASN1_DN;
                                                subject_type = TNC_SUBJECT_USER;
                                                break;
-                                       case ID_DER_ASN1_GN:
-                                               id_type = TNC_ID_DER_ASN1_GN;
-                                               subject_type = TNC_SUBJECT_UNKNOWN;
-                                               break;
                                        default:
                                                id_type = TNC_ID_UNKNOWN;
                                                subject_type = TNC_SUBJECT_UNKNOWN;
                                }
                                if (id_type != TNC_ID_UNKNOWN)
                                {
+                                       id_value.len = asprintf(&id_value.ptr, "%Y", peer);
                                        tnc_id = tncif_identity_create(
-                                                               pen_type_create(PEN_TCG, id_type),
-                                                               peer->get_encoding(peer),
+                                                               pen_type_create(PEN_TCG, id_type), id_value,
                                                                pen_type_create(PEN_TCG, subject_type),
                                                                pen_type_create(PEN_TCG,
                                                                                                tnccs->get_auth_type(tnccs)));
index 8b4247e..879a010 100644 (file)
@@ -442,10 +442,8 @@ METHOD(imv_agent_t, create_state, TNC_Result,
        while (enumerator->enumerate(enumerator, &tnc_id))
        {
                pen_type_t id_type, subject_type, auth_type;
-               int tcg_id_type, tcg_subject_type, tcg_auth_type;
+               u_int32_t tcg_id_type, tcg_subject_type, tcg_auth_type;
                chunk_t id_value;
-               identification_t *ar_id;
-               id_type_t ike_type;
 
                id_type = tnc_id->get_identity_type(tnc_id);
                id_value = tnc_id->get_identity_value(tnc_id);
@@ -459,40 +457,12 @@ METHOD(imv_agent_t, create_state, TNC_Result,
                tcg_auth_type =    (auth_type.vendor_id == PEN_TCG) ?
                                                        auth_type.type : TNC_AUTH_UNKNOWN;
 
-               switch (tcg_id_type)
-               {
-                       case TNC_ID_IPV4_ADDR:
-                               ike_type = ID_IPV4_ADDR;
-                               break;
-                       case TNC_ID_IPV6_ADDR:
-                               ike_type = ID_IPV6_ADDR;
-                               break;
-                       case TNC_ID_FQDN:
-                               ike_type = ID_FQDN;
-                               break;
-                       case TNC_ID_RFC822_ADDR:
-                               ike_type = ID_RFC822_ADDR;
-                               break;
-                       case TNC_ID_USER_NAME:
-                               ike_type = ID_USER_ID;
-                               break;
-                       case TNC_ID_DER_ASN1_DN:
-                               ike_type = ID_DER_ASN1_DN;
-                               break;
-                       case TNC_ID_DER_ASN1_GN:
-                               ike_type = ID_IPV4_ADDR;
-                               break;
-                       case TNC_ID_UNKNOWN:
-                       default:
-                               ike_type = ID_KEY_ID;
-                               break;
-               }
 
-               ar_id = identification_create_from_encoding(ike_type, id_value);
-               DBG2(DBG_IMV, "  %N AR identity '%Y' authenticated by %N",
-                        TNC_Subject_names, tcg_subject_type, ar_id,
+               DBG2(DBG_IMV, "  %N AR identity '%.*s' authenticated by %N",
+                        TNC_Subject_names, tcg_subject_type,
+                        id_value.len, id_value.ptr,
                         TNC_Authentication_names, tcg_auth_type);
-               state->set_ar_id(state, ar_id);
+               state->set_ar_id(state, tcg_id_type, id_value);
        }
        enumerator->destroy(enumerator);
 
index 5a818e6..d1a87d2 100644 (file)
@@ -80,16 +80,19 @@ struct imv_state_t {
        /**
         * Set Access Requestor ID
         *
-        * @param ar_id                 Access Requestor ID (is not going to be cloned)
+        * @param id_type               Access Requestor TCG Standard ID Type
+        * @param id_value              Access Requestor TCG Standard ID Value
+        *
         */
-       void (*set_ar_id)(imv_state_t *this, identification_t *ar_id);
+       void (*set_ar_id)(imv_state_t *this, u_int32_t id_type, chunk_t id_value);
 
        /**
         * Get Access Requestor ID
         *
-        * @return                              Access Requestor ID
+        * @param id_type               Access Requestor TCG Standard ID Type
+        * @return                              Access Requestor TCG Standard ID Value
         */
-       identification_t* (*get_ar_id)(imv_state_t *this);
+       chunk_t (*get_ar_id)(imv_state_t *this, u_int32_t *id_type);
 
        /**
         * Change the connection state
index e63fc73..f1cb74e 100644 (file)
@@ -378,6 +378,8 @@ static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg)
        {
                int device_id, count, count_update, count_blacklist, count_ok;
                u_int os_settings;
+               u_int32_t id_type;
+               chunk_t id_value;
 
                os_settings = os_state->get_os_settings(os_state);
                os_state->get_count(os_state, &count, &count_update, &count_blacklist,
@@ -388,9 +390,10 @@ static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg)
 
                /* Store device information in database */
                device_id = os_state->get_device_id(os_state);
+               id_value = state->get_ar_id(state, &id_type);
                if (os_db && device_id)
                {
-                       os_db->set_device_info(os_db, device_id, state->get_ar_id(state),
+                       os_db->set_device_info(os_db, device_id, id_type, id_value,
                                                os_state->get_info(os_state, NULL, NULL, NULL),
                                                count, count_update, count_blacklist, os_settings);
                }
index 730099a..dff4144 100644 (file)
@@ -214,9 +214,9 @@ METHOD(imv_os_database_t, get_device_id, int,
 }
 
 METHOD(imv_os_database_t, set_device_info, void,
-       private_imv_os_database_t *this,  int device_id, identification_t *ar_id,
-       char *os_info, int count, int count_update, int count_blacklist,
-       u_int flags)
+       private_imv_os_database_t *this,  int device_id, u_int32_t ar_id_type,
+       chunk_t ar_id_value, char *os_info, int count, int count_update,
+       int count_blacklist, u_int flags)
 {
        enumerator_t *e;
        time_t last_time;
@@ -245,8 +245,7 @@ METHOD(imv_os_database_t, set_device_info, void,
        /* get primary key of AR identity if it exists */
        e = this->db->query(this->db,
                        "SELECT id FROM identities WHERE type = ? AND data = ?",
-                        DB_INT,  ar_id->get_type(ar_id),
-                        DB_BLOB, ar_id->get_encoding(ar_id), DB_INT);
+                        DB_INT,  ar_id_type, DB_BLOB, ar_id_value, DB_INT);
        if (e)
        {
                e->enumerate(e, &iid);
@@ -258,8 +257,7 @@ METHOD(imv_os_database_t, set_device_info, void,
        {
                this->db->execute(this->db, &iid,
                        "INSERT INTO identities (type, data) VALUES (?, ?)",
-                        DB_INT,  ar_id->get_type(ar_id),
-                        DB_BLOB, ar_id->get_encoding(ar_id));
+                        DB_INT, ar_id_type, DB_BLOB, ar_id_value);
        }
 
        /* get latest device info record if it exists */
index 790467f..01d7e84 100644 (file)
@@ -52,7 +52,8 @@ struct imv_os_database_t {
        * Set health infos for a given  device
        *
        * @param device_id                              Device ID primary key
-       * @param ar_id                                  Access Requestor ID
+       * @param ar_id_type                             Access Requestor ID Type
+       * @param ar_id_value                    Access Requestor ID Value
        * @param os_info                                OS info string
        * @param count                                  Number of installed packages
        * @param count_update                   Number of packages to be updated
@@ -60,9 +61,9 @@ struct imv_os_database_t {
        * @param flags                                  Various flags, e.g. illegal OS settings
        */
        void (*set_device_info)(imv_os_database_t *this, int device_id,
-                                                       identification_t *ar_id, char *os_info,
-                                                       int count, int count_update, int count_blacklist,
-                                                       u_int flags);
+                                                       u_int32_t ar_id_type, chunk_t ar_id_value,
+                                                       char *os_info, int count, int count_update,
+                                                       int count_blacklist, u_int flags);
 
        /**
        * Destroys an imv_os_database_t object.
index 6a71a04..073d713 100644 (file)
@@ -62,9 +62,14 @@ struct private_imv_os_state_t {
        u_int32_t max_msg_len;
 
        /**
-        * Access Requestor ID
+        * Access Requestor ID Type
         */
-       identification_t *ar_id;
+       u_int32_t ar_id_type;
+
+       /**
+        * Access Requestor ID Value
+        */
+       chunk_t ar_id_value;
 
        /**
         * IMV action recommendation
@@ -325,16 +330,20 @@ METHOD(imv_state_t, get_max_msg_len, u_int32_t,
 }
 
 METHOD(imv_state_t, set_ar_id, void,
-       private_imv_os_state_t *this, identification_t *ar_id)
+       private_imv_os_state_t *this, u_int32_t id_type, chunk_t id_value)
 {
-       /* no cloning, caller must not destroy object */
-       this->ar_id = ar_id;
+       this->ar_id_type = id_type;
+       this->ar_id_value = chunk_clone(id_value);
 }
 
-METHOD(imv_state_t, get_ar_id, identification_t*,
-       private_imv_os_state_t *this)
+METHOD(imv_state_t, get_ar_id, chunk_t,
+       private_imv_os_state_t *this, u_int32_t *id_type)
 {
-       return this->ar_id;
+       if (id_type)
+       {
+               *id_type = this->ar_id_type;
+       }
+       return this->ar_id_value;
 }
 
 METHOD(imv_state_t, change_state, void,
@@ -453,7 +462,6 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
 METHOD(imv_state_t, destroy, void,
        private_imv_os_state_t *this)
 {
-       DESTROY_IF(this->ar_id);
        DESTROY_IF(this->reason_string);
        DESTROY_IF(this->remediation_string);
        this->update_packages->destroy_function(this->update_packages, free);
@@ -461,6 +469,7 @@ METHOD(imv_state_t, destroy, void,
        free(this->info);
        free(this->name.ptr);
        free(this->version.ptr);
+       free(this->ar_id_value.ptr);
        free(this);
 }
 
index 8821ed5..2123af7 100644 (file)
@@ -59,9 +59,14 @@ struct private_imv_scanner_state_t {
        u_int32_t max_msg_len;
 
        /**
-        * Access Requestor ID
+        * Access Requestor ID Type
         */
-       identification_t *ar_id;
+       u_int32_t ar_id_type;
+
+       /**
+        * Access Requestor ID Value
+        */
+       chunk_t ar_id_value;
 
        /**
         * IMV action recommendation
@@ -171,16 +176,20 @@ METHOD(imv_state_t, get_max_msg_len, u_int32_t,
 }
 
 METHOD(imv_state_t, set_ar_id, void,
-       private_imv_scanner_state_t *this, identification_t *ar_id)
+       private_imv_scanner_state_t *this, u_int32_t id_type, chunk_t id_value)
 {
-       /* no cloning, caller must not destroy object */
-       this->ar_id = ar_id;
+       this->ar_id_type = id_type;
+       this->ar_id_value = chunk_clone(id_value);
 }
 
-METHOD(imv_state_t, get_ar_id, identification_t*,
-       private_imv_scanner_state_t *this)
+METHOD(imv_state_t, get_ar_id, chunk_t,
+       private_imv_scanner_state_t *this, u_int32_t *id_type)
 {
-       return this->ar_id;
+       if (id_type)
+       {
+               *id_type = this->ar_id_type;
+       }
+       return this->ar_id_value;
 }
 
 METHOD(imv_state_t, change_state, void,
@@ -256,10 +265,10 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
 METHOD(imv_state_t, destroy, void,
        private_imv_scanner_state_t *this)
 {
-       DESTROY_IF(this->ar_id);
        DESTROY_IF(this->reason_string);
        DESTROY_IF(this->remediation_string);
        this->violating_ports->destroy_function(this->violating_ports, free);
+       free(this->ar_id_value.ptr);
        free(this);
 }
 
index 385a374..41da44d 100644 (file)
@@ -59,9 +59,14 @@ struct private_imv_test_state_t {
        u_int32_t max_msg_len;
 
        /**
-        * Access Requestor ID
+        * Access Requestor ID Type
         */
-       identification_t *ar_id;
+       u_int32_t ar_id_type;
+
+       /**
+        * Access Requestor ID Value
+        */
+       chunk_t ar_id_value;
 
        /**
         * IMV action recommendation
@@ -149,16 +154,20 @@ METHOD(imv_state_t, get_max_msg_len, u_int32_t,
 }
 
 METHOD(imv_state_t, set_ar_id, void,
-       private_imv_test_state_t *this, identification_t *ar_id)
+       private_imv_test_state_t *this, u_int32_t id_type, chunk_t id_value)
 {
-       /* no cloning, caller must not destroy object */
-       this->ar_id = ar_id;
+       this->ar_id_type = id_type;
+       this->ar_id_value = chunk_clone(id_value);
 }
 
-METHOD(imv_state_t, get_ar_id, identification_t*,
-       private_imv_test_state_t *this)
+METHOD(imv_state_t, get_ar_id, chunk_t,
+       private_imv_test_state_t *this, u_int32_t *id_type)
 {
-       return this->ar_id;
+       if (id_type)
+       {
+               *id_type = this->ar_id_type;
+       }
+       return this->ar_id_value;
 }
 
 METHOD(imv_state_t, change_state, void,
@@ -209,9 +218,9 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
 METHOD(imv_state_t, destroy, void,
        private_imv_test_state_t *this)
 {
-       DESTROY_IF(this->ar_id);
        DESTROY_IF(this->reason_string);
        this->imcs->destroy_function(this->imcs, free);
+       free(this->ar_id_value.ptr);
        free(this);
 }
 
index 5885e26..f745856 100644 (file)
@@ -805,13 +805,12 @@ METHOD(attest_db_t, list_devices, void,
        private_attest_db_t *this)
 {
        enumerator_t *e, *e_ar;
-       chunk_t value, ar_data;
+       chunk_t value, ar_id_value = chunk_empty;
        char *product;
        time_t timestamp;
-       int id, last_id = 0, iid = 0, last_iid = 0, device_count = 0;
+       int id, last_id = 0, ar_id = 0, last_ar_id = 0, device_count = 0;
        int count, count_update, count_blacklist;
-       id_type_t ar_type;
-       identification_t *ar_id = NULL;
+       u_int32_t ar_id_type;
        u_int tstamp, flags = 0;
 
        e = this->db->query(this->db,
@@ -826,7 +825,7 @@ METHOD(attest_db_t, list_devices, void,
        if (e)
        {
                while (e->enumerate(e, &id, &value, &tstamp, &count, &count_update,
-                                                          &count_blacklist, &flags, &iid, &product))
+                                                          &count_blacklist, &flags, &ar_id, &product))
                {
                        if (id != last_id)
                        {
@@ -837,32 +836,29 @@ METHOD(attest_db_t, list_devices, void,
                        timestamp = tstamp;
                        printf("      %T, %4d, %3d, %3d, %1u, '%s'", &timestamp, this->utc,
                                   count, count_update, count_blacklist, flags, product);
-                       if (iid)
+                       if (ar_id)
                        {
-                               if (iid != last_iid)
+                               if (ar_id != last_ar_id)
                                {
-                                       DESTROY_IF(ar_id);
-                                       ar_id = NULL;
-
+                                       chunk_free(&ar_id_value);
                                        e_ar = this->db->query(this->db,
                                                                "SELECT type, data FROM identities "
-                                                               "WHERE id = ?", DB_INT, iid, DB_INT, DB_BLOB);
-                                       if (e_ar->enumerate(e_ar, &ar_type, &ar_data))
+                                                               "WHERE id = ?", DB_INT, ar_id, DB_INT, DB_BLOB);
+                                       if (e_ar)
                                        {
-                                               ar_id = identification_create_from_encoding(ar_type,
-                                                                                                                                       ar_data);
+                                               e_ar->enumerate(e_ar, &ar_id_type, &ar_id_value);
+                                               e_ar->destroy(e_ar);
                                        }
-                                       e_ar->destroy(e_ar);
                                }
-                               if (ar_id)
+                               if (ar_id_value.len)
                                {
-                                       printf(" %Y", ar_id);
+                                       printf(" %.*s", ar_id_value.len, ar_id_value.ptr);
                                }
                        }
                        printf("\n");
                }
                e->destroy(e);
-               DESTROY_IF(ar_id);
+               free(ar_id_value.ptr);
 
                printf("%d device%s found\n", device_count,
                                                                         (device_count == 1) ? "" : "s");
index 9d95ac0..fc42466 100644 (file)
@@ -64,9 +64,14 @@ struct private_imv_attestation_state_t {
        u_int32_t max_msg_len;
 
        /**
-        * Access Requestor ID
+        * Access Requestor ID Type
         */
-       identification_t *ar_id;
+       u_int32_t ar_id_type;
+
+       /**
+        * Access Requestor ID Value
+        */
+       chunk_t ar_id_value;
 
        /**
         * IMV Attestation handshake state
@@ -222,16 +227,20 @@ METHOD(imv_state_t, get_max_msg_len, u_int32_t,
 }
 
 METHOD(imv_state_t, set_ar_id, void,
-       private_imv_attestation_state_t *this, identification_t *ar_id)
+       private_imv_attestation_state_t *this, u_int32_t id_type, chunk_t id_value)
 {
-       /* no cloning, caller must not destroy object */
-       this->ar_id = ar_id;
+       this->ar_id_type = id_type;
+       this->ar_id_value = chunk_clone(id_value);
 }
 
-METHOD(imv_state_t, get_ar_id, identification_t*,
-       private_imv_attestation_state_t *this)
+METHOD(imv_state_t, get_ar_id, chunk_t,
+       private_imv_attestation_state_t *this, u_int32_t *id_type)
 {
-       return this->ar_id;
+       if (id_type)
+       {
+               *id_type = this->ar_id_type;
+       }
+       return this->ar_id_value;
 }
 
 METHOD(imv_state_t, change_state, void,
@@ -307,11 +316,11 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
 METHOD(imv_state_t, destroy, void,
        private_imv_attestation_state_t *this)
 {
-       DESTROY_IF(this->ar_id);
        DESTROY_IF(this->reason_string);
        this->file_meas_requests->destroy_function(this->file_meas_requests, free);
        this->components->destroy_function(this->components, (void *)free_func_comp);
        this->pts->destroy(this->pts);
+       free(this->ar_id_value.ptr);
        free(this);
 }
 
index 66de83d..7ee215c 100644 (file)
@@ -196,7 +196,7 @@ tncif_identity_t *tncif_identity_create(pen_type_t identity_type,
 
        this = (private_tncif_identity_t*)tncif_identity_create_empty();
        this->identity_type = identity_type;
-       this->identity_value = chunk_clone(identity_value);
+       this->identity_value = identity_value;
        this->subject_type = subject_type;
        this->auth_type = auth_type;
 
index 3ef0dd4..ad87216 100644 (file)
@@ -100,7 +100,7 @@ tncif_identity_t* tncif_identity_create_empty(void);
  * Create an TNC Identity object from its components
  *
  * @param identity_type                        TNC Identity Type
- * @param identity_value               TNC Identity Value
+ * @param identity_value               TNC Identity Value (not cloned by constructor)
  * @param subject_type                 TNC Subject Type
  * @param auth_type                            TNC Authentication Type
  */
index 6bce8b4..945012d 100644 (file)
@@ -218,9 +218,8 @@ typedef TNC_Result (*TNC_IMV_ProvideBindFunctionPointer)(
 #define TNC_ID_IPV6_ADDR 2
 #define TNC_ID_FQDN 3
 #define TNC_ID_RFC822_ADDR 4
-#define TNC_ID_USER_NAME 5
-#define TNC_ID_DER_ASN1_DN 6
-#define TNC_ID_DER_ASN1_GN 7
+#define TNC_ID_USERNAME 5
+#define TNC_ID_ASN1_DN 6
 
 /* TNC Subject Types */