implemented IETF Numeric Version attribute
authorAndreas Steffen <andreas.steffen@strongswan.org>
Thu, 18 Oct 2012 20:33:26 +0000 (22:33 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Thu, 18 Oct 2012 20:33:26 +0000 (22:33 +0200)
src/libimcv/Makefile.am
src/libimcv/ietf/ietf_attr.c
src/libimcv/ietf/ietf_attr_numeric_version.c [new file with mode: 0644]
src/libimcv/ietf/ietf_attr_numeric_version.h [new file with mode: 0644]
src/libimcv/os_info/os_info.c
src/libimcv/os_info/os_info.h
src/libimcv/plugins/imc_os/imc_os.c
src/libimcv/plugins/imv_os/imv_os.c
testing/tests/tnc/tnccs-20-os/description.txt

index cb59999..d8c3e96 100644 (file)
@@ -17,6 +17,7 @@ libimcv_la_SOURCES = \
        ietf/ietf_attr_fwd_enabled.h ietf/ietf_attr_fwd_enabled.c \
        ietf/ietf_attr_default_pwd_enabled.h ietf/ietf_attr_default_pwd_enabled.c \
        ietf/ietf_attr_installed_packages.h ietf/ietf_attr_installed_packages.c \
+       ietf/ietf_attr_numeric_version.h ietf/ietf_attr_numeric_version.c \
        ietf/ietf_attr_op_status.h ietf/ietf_attr_op_status.c \
        ietf/ietf_attr_pa_tnc_error.h ietf/ietf_attr_pa_tnc_error.c \
        ietf/ietf_attr_port_filter.h ietf/ietf_attr_port_filter.c \
index d11ad7f..2f38198 100644 (file)
@@ -19,6 +19,7 @@
 #include "ietf/ietf_attr_fwd_enabled.h"
 #include "ietf/ietf_attr_default_pwd_enabled.h"
 #include "ietf/ietf_attr_installed_packages.h"
+#include "ietf/ietf_attr_numeric_version.h"
 #include "ietf/ietf_attr_op_status.h"
 #include "ietf/ietf_attr_pa_tnc_error.h"
 #include "ietf/ietf_attr_port_filter.h"
@@ -54,6 +55,8 @@ pa_tnc_attr_t* ietf_attr_create_from_data(u_int32_t type, chunk_t value)
                        return ietf_attr_attr_request_create_from_data(value);
                case IETF_ATTR_PRODUCT_INFORMATION:
                        return ietf_attr_product_info_create_from_data(value);
+               case IETF_ATTR_NUMERIC_VERSION:
+                       return ietf_attr_numeric_version_create_from_data(value);
                case IETF_ATTR_STRING_VERSION:
                        return ietf_attr_string_version_create_from_data(value);
                case IETF_ATTR_OPERATIONAL_STATUS:
@@ -73,7 +76,6 @@ pa_tnc_attr_t* ietf_attr_create_from_data(u_int32_t type, chunk_t value)
                case IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED:
                        return ietf_attr_default_pwd_enabled_create_from_data(value);
                case IETF_ATTR_TESTING:
-               case IETF_ATTR_NUMERIC_VERSION:
                case IETF_ATTR_RESERVED:
                default:
                        return NULL;
diff --git a/src/libimcv/ietf/ietf_attr_numeric_version.c b/src/libimcv/ietf/ietf_attr_numeric_version.c
new file mode 100644 (file)
index 0000000..7d851bb
--- /dev/null
@@ -0,0 +1,281 @@
+/*
+ * Copyright (C) 2012 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "ietf_attr_numeric_version.h"
+
+#include <pa_tnc/pa_tnc_msg.h>
+#include <bio/bio_writer.h>
+#include <bio/bio_reader.h>
+#include <debug.h>
+
+typedef struct private_ietf_attr_numeric_version_t private_ietf_attr_numeric_version_t;
+
+/**
+ * PA-TNC Numeric Version type  (see section 4.2.3 of RFC 5792)
+ *
+ *                       1                   2                   3
+ *   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *  |                        Major Version Number                   |
+ *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *  |                        Minor Version Number                   |
+ *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *  |                            Build Number                       |
+ *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *  |      Service Pack Major       |      Service Pack Minor       |
+ *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ */
+
+#define NUMERIC_VERSION_SIZE           16
+
+/**
+ * Private data of an ietf_attr_numeric_version_t object.
+ */
+struct private_ietf_attr_numeric_version_t {
+
+       /**
+        * Public members of ietf_attr_numeric_version_t
+        */
+       ietf_attr_numeric_version_t public;
+
+       /**
+        * Vendor-specific attribute type
+        */
+       pen_type_t type;
+
+       /**
+        * Attribute value
+        */
+       chunk_t value;
+
+       /**
+        * Noskip flag
+        */
+       bool noskip_flag;
+
+       /**
+        * Major Version Number
+        */
+       u_int32_t major_version;
+
+       /**
+        * Minor Version Number
+        */
+       u_int32_t minor_version;
+
+       /**
+        * IBuild Number
+        */
+       u_int32_t build;
+
+       /**
+        * Service Pack Major Number
+        */
+       u_int16_t service_pack_major;
+
+       /**
+        * Service Pack Minor Number
+        */
+       u_int16_t service_pack_minor;
+
+       /**
+        * Reference count
+        */
+       refcount_t ref;
+};
+
+METHOD(pa_tnc_attr_t, get_type, pen_type_t,
+       private_ietf_attr_numeric_version_t *this)
+{
+       return this->type;
+}
+
+METHOD(pa_tnc_attr_t, get_value, chunk_t,
+       private_ietf_attr_numeric_version_t *this)
+{
+       return this->value;
+}
+
+METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
+       private_ietf_attr_numeric_version_t *this)
+{
+       return this->noskip_flag;
+}
+
+METHOD(pa_tnc_attr_t, set_noskip_flag,void,
+       private_ietf_attr_numeric_version_t *this, bool noskip)
+{
+       this->noskip_flag = noskip;
+}
+
+METHOD(pa_tnc_attr_t, build, void,
+       private_ietf_attr_numeric_version_t *this)
+{
+       bio_writer_t *writer;
+
+       if (this->value.ptr)
+       {
+               return;
+       }
+
+       writer = bio_writer_create(NUMERIC_VERSION_SIZE);
+       writer->write_uint32(writer, this->major_version);
+       writer->write_uint32(writer, this->minor_version);
+       writer->write_uint32(writer, this->build);
+       writer->write_uint32(writer, this->service_pack_major);
+       writer->write_uint32(writer, this->service_pack_minor);
+
+       this->value = chunk_clone(writer->get_buf(writer));
+       writer->destroy(writer);
+}
+
+METHOD(pa_tnc_attr_t, process, status_t,
+       private_ietf_attr_numeric_version_t *this, u_int32_t *offset)
+{
+       bio_reader_t *reader;
+
+       if (this->value.len < NUMERIC_VERSION_SIZE)
+       {
+               DBG1(DBG_TNC, "insufficient data for IETF numeric version");
+               *offset = 0;
+               return FAILED;
+       }
+       reader = bio_reader_create(this->value);
+       reader->read_uint32(reader, &this->major_version);      
+       reader->read_uint32(reader, &this->minor_version);      
+       reader->read_uint32(reader, &this->build);      
+       reader->read_uint16(reader, &this->service_pack_major); 
+       reader->read_uint16(reader, &this->service_pack_minor); 
+       reader->destroy(reader);
+
+       return SUCCESS;
+}
+
+METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
+       private_ietf_attr_numeric_version_t *this)
+{
+       ref_get(&this->ref);
+       return &this->public.pa_tnc_attribute;
+}
+
+METHOD(pa_tnc_attr_t, destroy, void,
+       private_ietf_attr_numeric_version_t *this)
+{
+       if (ref_put(&this->ref))
+       {
+               free(this->value.ptr);
+               free(this);
+       }
+}
+
+METHOD(ietf_attr_numeric_version_t, get_version, void,
+       private_ietf_attr_numeric_version_t *this, u_int32_t *major, u_int32_t *minor)
+{
+       if (major)
+       {
+               *major = this->major_version;
+       }
+       if (minor)
+       {
+               *minor = this->minor_version;
+       }
+}
+
+METHOD(ietf_attr_numeric_version_t, get_build, u_int32_t,
+       private_ietf_attr_numeric_version_t *this)
+{
+       return this->build;
+}
+
+METHOD(ietf_attr_numeric_version_t, get_service_pack, void,
+       private_ietf_attr_numeric_version_t *this, u_int16_t *major, u_int16_t *minor)
+{
+       if (major)
+       {
+               *major = this->service_pack_major;
+       }
+       if (minor)
+       {
+               *minor = this->service_pack_minor;
+       }
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *ietf_attr_numeric_version_create(u_int32_t major, u_int32_t minor,
+                                                                                               u_int32_t build,
+                                                                                               u_int16_t service_pack_major,
+                                                                                               u_int16_t service_pack_minor)
+{
+       private_ietf_attr_numeric_version_t *this;
+
+       INIT(this,
+               .public = {
+                       .pa_tnc_attribute = {
+                               .get_type = _get_type,
+                               .get_value = _get_value,
+                               .get_noskip_flag = _get_noskip_flag,
+                               .set_noskip_flag = _set_noskip_flag,
+                               .build = _build,
+                               .process = _process,
+                               .get_ref = _get_ref,
+                               .destroy = _destroy,
+                       },
+                       .get_version = _get_version,
+                       .get_build = _get_build,
+                       .get_service_pack = _get_service_pack,
+               },
+               .type = { PEN_IETF, IETF_ATTR_NUMERIC_VERSION },
+               .major_version = major,
+               .minor_version = minor,
+               .build = build,
+               .service_pack_major = service_pack_major,
+               .service_pack_minor = service_pack_minor,
+               .ref = 1,
+       );
+
+       return &this->public.pa_tnc_attribute;
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *ietf_attr_numeric_version_create_from_data(chunk_t data)
+{
+       private_ietf_attr_numeric_version_t *this;
+
+       INIT(this,
+               .public = {
+                       .pa_tnc_attribute = {
+                               .get_type = _get_type,
+                               .get_value = _get_value,
+                               .build = _build,
+                               .process = _process,
+                               .get_ref = _get_ref,
+                               .destroy = _destroy,
+                       },
+                       .get_version = _get_version,
+                       .get_build = _get_build,
+                       .get_service_pack = _get_service_pack,
+               },
+               .type = { PEN_IETF, IETF_ATTR_NUMERIC_VERSION },
+               .value = chunk_clone(data),
+               .ref = 1,
+       );
+
+       return &this->public.pa_tnc_attribute;
+}
+
diff --git a/src/libimcv/ietf/ietf_attr_numeric_version.h b/src/libimcv/ietf/ietf_attr_numeric_version.h
new file mode 100644 (file)
index 0000000..f7d6c90
--- /dev/null
@@ -0,0 +1,84 @@
+/*
+ * Copyright (C) 2012 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ietf_attr_numeric_versiont ietf_attr_numeric_version
+ * @{ @ingroup ietf
+ */
+
+#ifndef IETF_ATTR_NUMERIC_VERSION_H_
+#define IETF_ATTR_NUMERIC_VERSION_H_
+
+typedef struct ietf_attr_numeric_version_t ietf_attr_numeric_version_t;
+
+#include "ietf_attr.h"
+#include "pa_tnc/pa_tnc_attr.h"
+
+
+/**
+ * Class implementing the IETF PA-TNC String Version attribute.
+ *
+ */
+struct ietf_attr_numeric_version_t {
+
+       /**
+        * Public PA-TNC attribute interface
+        */
+       pa_tnc_attr_t pa_tnc_attribute;
+
+       /**
+        * Gets the Major and Minor Version Numbers
+        *
+        * @param major                 Major Version Number
+        * @param minor                 Minor Version Number
+        */
+       void (*get_version)(ietf_attr_numeric_version_t *this,
+                                               u_int32_t *major, u_int32_t *minor);
+
+       /**
+        * Gets the Build Number
+        *
+        * @param major                 Major Version Number
+        * @param minor                 Minor Version Number
+        */
+       u_int32_t (*get_build)(ietf_attr_numeric_version_t *this);
+
+       /**
+        * Gets the Major and Minor Numbers of the Service Pack
+        *
+        * @param major                 Service Pack Major Number
+        * @param minor                 Servcie Pack Minor Number
+        */
+       void (*get_service_pack)(ietf_attr_numeric_version_t *this,
+                                                        u_int16_t *major, u_int16_t *minor);
+};
+
+/**
+ * Creates an ietf_attr_numeric_version_t object
+ *
+ */
+pa_tnc_attr_t* ietf_attr_numeric_version_create(u_int32_t major, u_int32_t minor,
+                                                                                               u_int32_t build,
+                                                                                               u_int16_t service_pack_major,
+                                                                                               u_int16_t service_pack_minor);
+
+/**
+ * Creates an ietf_attr_numeric_version_t object from received data
+ *
+ * @param value                                unparsed attribute value
+ */
+pa_tnc_attr_t* ietf_attr_numeric_version_create_from_data(chunk_t value);
+
+#endif /** IETF_ATTR_NUMERIC_VERSION_H_ @}*/
index fd7d6ce..576d27c 100644 (file)
@@ -58,6 +58,22 @@ METHOD(os_info_t, get_name, chunk_t,
        return this->name;
 }
 
+METHOD(os_info_t, get_numeric_version, void,
+       private_os_info_t *this, u_int32_t *major, u_int32_t *minor)
+{
+       u_char *pos;
+
+       if (major)
+       {
+               *major = atol(this->version.ptr);
+       }
+       pos = memchr(this->version.ptr, '.', this->version.len);
+       if (minor)
+       {
+               *minor = pos ? atol(pos + 1) : 0;
+       }
+}
+
 METHOD(os_info_t, get_version, chunk_t,
        private_os_info_t *this)
 {
@@ -367,6 +383,7 @@ os_info_t *os_info_create(void)
        INIT(this,
                .public = {
                        .get_name = _get_name,
+                       .get_numeric_version = _get_numeric_version,
                        .get_version = _get_version,
                        .get_fwd_status = _get_fwd_status,
                        .get_uptime = _get_uptime,
index f39d8ae..12ff979 100644 (file)
@@ -52,6 +52,15 @@ struct os_info_t {
        chunk_t (*get_name)(os_info_t *this);
 
        /**
+        * Get the numeric OS version or release
+        *
+        * @param major                         OS major version number
+        * @param minor                         OS minor version number
+        */
+       void (*get_numeric_version)(os_info_t *this, u_int32_t *major,
+                                                                                                u_int32_t *minor);
+
+       /**
         * Get the OS version or release
         *
         * @return                                      OS version
index be8ca40..acfa3e0 100644 (file)
@@ -22,6 +22,7 @@
 #include <ietf/ietf_attr_default_pwd_enabled.h>
 #include <ietf/ietf_attr_fwd_enabled.h>
 #include <ietf/ietf_attr_installed_packages.h>
+#include <ietf/ietf_attr_numeric_version.h>
 #include <ietf/ietf_attr_op_status.h>
 #include <ietf/ietf_attr_product_info.h>
 #include <ietf/ietf_attr_remediation_instr.h>
@@ -128,6 +129,22 @@ static void add_product_info(imc_msg_t *msg)
 }
 
 /**
+ * Add IETF Numeric Version attribute to the send queue
+ */
+static void add_numeric_version(imc_msg_t *msg)
+{
+       pa_tnc_attr_t *attr;
+       u_int32_t major, minor;
+
+       os->get_numeric_version(os, &major, &minor);
+       DBG1(DBG_IMC, "operating system numeric version is %d.%d",
+                                  major, minor);
+
+       attr = ietf_attr_numeric_version_create(major, minor, 0, 0, 0);
+       msg->add_attribute(msg, attr);
+}
+
+/**
  * Add IETF String Version attribute to the send queue
  */
 static void add_string_version(imc_msg_t *msg)
@@ -230,6 +247,7 @@ TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id,
                                                                 TNC_IMVID_ANY, msg_types[0]);
                add_product_info(out_msg);
                add_string_version(out_msg);
+               add_numeric_version(out_msg);
                add_op_status(out_msg);
                add_fwd_enabled(out_msg);
                add_default_pwd_enabled(out_msg);
@@ -292,6 +310,9 @@ static TNC_Result receive_message(imc_msg_t *in_msg)
                                        case IETF_ATTR_STRING_VERSION:
                                                add_string_version(out_msg);
                                                break;
+                                       case IETF_ATTR_NUMERIC_VERSION:
+                                               add_numeric_version(out_msg);
+                                               break;
                                        case IETF_ATTR_OPERATIONAL_STATUS:
                                                add_op_status(out_msg);
                                                break;
index f4ab0c6..c56c735 100644 (file)
@@ -22,6 +22,7 @@
 #include <ietf/ietf_attr_default_pwd_enabled.h>
 #include <ietf/ietf_attr_fwd_enabled.h>
 #include <ietf/ietf_attr_installed_packages.h>
+#include <ietf/ietf_attr_numeric_version.h>
 #include <ietf/ietf_attr_op_status.h>
 #include <ietf/ietf_attr_pa_tnc_error.h>
 #include <ietf/ietf_attr_product_info.h>
@@ -157,6 +158,17 @@ static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg)
                                }
                                break;
                        }
+                       case IETF_ATTR_NUMERIC_VERSION:
+                       {
+                               ietf_attr_numeric_version_t *attr_cast;
+                               u_int32_t major, minor;
+
+                               attr_cast = (ietf_attr_numeric_version_t*)attr;
+                               attr_cast->get_version(attr_cast, &major, &minor);
+                               DBG1(DBG_IMV, "operating system numeric version is %d.%d",
+                                                          major, minor);
+                               break;
+                       }
                        case IETF_ATTR_OPERATIONAL_STATUS:
                        {
                                ietf_attr_op_status_t *attr_cast;
@@ -404,6 +416,7 @@ TNC_Result TNC_IMV_BatchEnding(TNC_IMVID imv_id,
                                                                                         IETF_ATTR_PRODUCT_INFORMATION);
                attr_cast = (ietf_attr_attr_request_t*)attr;
                attr_cast->add(attr_cast, PEN_IETF, IETF_ATTR_STRING_VERSION);
+               attr_cast->add(attr_cast, PEN_IETF, IETF_ATTR_NUMERIC_VERSION);
                attr_cast->add(attr_cast, PEN_IETF, IETF_ATTR_OPERATIONAL_STATUS);
                attr_cast->add(attr_cast, PEN_IETF, IETF_ATTR_FORWARDING_ENABLED);
                attr_cast->add(attr_cast, PEN_IETF, IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED);
index 91c53a2..b5d12fc 100644 (file)
@@ -8,13 +8,13 @@ is using the <b>IF-M 1.0</b> measurement protocol defined by <b>RFC 5792 PA-TNC<
 exchange PA-TNC attributes.
 <p>
 <b>carol</b> sends information on her operating system consisting of the PA-TNC attributes
-<em>Product Information</em>, <em>String Version</em>, <em>Operational Status</em>,
-<em>Forwarding Enabled</em>, and <em>Factory Default Password Enabled</em> up-front,
-whereas <b>dave</b> must be prompted by the IMV to do so via an <em>Attribute Request</em>
-PA-TNC attribute. <b>carol</b> is then prompted to send a list of installed packages
-using the <em>Installed Packages</em> PA-TNC attribute whereas <b>dave</b>'s "Windows 1.2.3"
-operating system is not supported and thus <b>dave</b> receives a <em>Remediation
-Instructions</em> PA-TNC attribute.
+<em>Product Information</em>, <em>String Version</em>, <em>Numeric Version</em>,
+<em>Operational Status</em>, <em>Forwarding Enabled</em>, and
+<em>Factory Default Password Enabled</em> up-front, whereas <b>dave</b> must be prompted
+by the IMV to do so via an <em>Attribute Request</em> PA-TNC attribute. <b>carol</b> is
+then prompted to send a list of installed packages using the <em>Installed Packages</em>
+PA-TNC attribute whereas <b>dave</b>'s "Windows 1.2.3" operating system is not supported
+and thus <b>dave</b> receives a <em>Remediation Instructions</em> PA-TNC attribute.
 <p>
 <b>carol</b> passes the health test and <b>dave</b> fails. Based on these assessments
 which are communicated to the IMCs using the <em>Assessment Result</em> PA-TNC attribute,