sa/tasks/ike_auth_lifetime.c sa/tasks/ike_auth_lifetime.h \
sa/tasks/ike_vendor.c sa/tasks/ike_vendor.h \
sa/tasks/task.c sa/tasks/task.h \
-tnc/imv/imv.h tnc/imv/imv_manager.h \
-tnc/imv/imv_recommendations.c tnc/imv/imv_recommendations.h \
tnc/tnccs/tnccs.c tnc/tnccs/tnccs.h \
tnc/tnccs/tnccs_manager.c tnc/tnccs/tnccs_manager.h
#include <sa/shunt_manager.h>
#include <config/backend_manager.h>
#include <sa/authenticators/eap/eap_manager.h>
-#include <tnc/imv/imv_manager.h>
#include <tnc/tnccs/tnccs_manager.h>
#ifdef ME
eap_manager_t *eap;
/**
- * TNC IMV manager controlling Integrity Measurement Verifiers
- */
- imv_manager_t *imvs;
-
- /**
* TNCCS manager to maintain registered TNCCS protocols
*/
tnccs_manager_t *tnccs;
#include <errno.h>
#include <fcntl.h>
-#include <daemon.h>
#include <utils/lexparser.h>
+#include <debug.h>
+
+typedef struct private_tnc_imv_plugin_t private_tnc_imv_plugin_t;
+
+/**
+ * Private data of a tnc_imv_plugin_t object.
+ */
+struct private_tnc_imv_plugin_t {
+
+ /**
+ * Public interface.
+ */
+ tnc_imv_plugin_t public;
+
+ /**
+ * TNC IMV manager controlling Integrity Measurement Verifiers
+ */
+ imv_manager_t *imvs;
+};
/**
* load IMVs from a configuration file
*/
-static bool load_imvs(char *filename)
+static bool load_imvs(private_tnc_imv_plugin_t *this, char *filename)
{
int fd, line_nr = 0;
chunk_t src, line;
free(path);
return FALSE;
}
- if (!charon->imvs->add(charon->imvs, imv))
+ if (!this->imvs->add(this->imvs, imv))
{
if (imv->terminate &&
imv->terminate(imv->get_id(imv)) != TNC_RESULT_SUCCESS)
return "tnc-imv";
}
+METHOD(plugin_t, get_features, int,
+ private_tnc_imv_plugin_t *this, plugin_feature_t *features[])
+{
+ static plugin_feature_t f[] = {
+ PLUGIN_PROVIDE(CUSTOM, "imv-manager"),
+ };
+ *features = f;
+ return countof(f);
+}
+
METHOD(plugin_t, destroy, void,
tnc_imv_plugin_t *this)
{
- charon->imvs->destroy(charon->imvs);
+ lib->set(lib, "imv-manager", NULL);
+ this->imvs->destroy(this->imvs);
free(this);
}
tnc_imv_plugin_t *this;
INIT(this,
- .plugin = {
- .get_name = _get_name,
- .reload = (void*)return_false,
- .destroy = _destroy,
+ .public = {
+ .plugin = {
+ .get_name = _get_name,
+ .get_features = _get_features,
+ .destroy = _destroy,
+ },
},
+ .imvs = tnc_imv_manager_create(),
);
- tnc_config = lib->settings->get_str(lib->settings,
- "charon.plugins.tnc-imv.tnc_config", "/etc/tnc_config");
-
- /* Create IMV manager */
- charon->imvs = tnc_imv_manager_create();
+ lib->set(lib, "imv-manager", this->imvs);
/* Load IMVs and abort if not all instances initalize successfully */
- if (!load_imvs(tnc_config))
+ tnc_config = lib->settings->get_str(lib->settings,
+ "charon.plugins.tnc-imv.tnc_config", "/etc/tnc_config");
+ if (!load_imvs(this, tnc_config))
{
- charon->imvs->destroy(charon->imvs);
- charon->imvs = NULL;
- free(this);
+ destroy(this);
return NULL;
}
- return &this->plugin;
+ return &this->public.plugin;
}
*/
imc_manager_t *imcs;
+ /**
+ * TNC IMV manager controlling Integrity Measurement Verifiers
+ */
+ imc_manager_t *imvs;
+
};
METHOD(tnccs_t, send_msg, TNC_Result,
this->send_msg = TRUE;
if (this->is_server)
{
- charon->imvs->receive_message(charon->imvs,
+ this->imvs->receive_message(this->imvs,
this->connection_id, msg_body.ptr, msg_body.len, msg_type);
}
else
this->send_msg = TRUE;
if (this->is_server)
{
- charon->imvs->batch_ending(charon->imvs, this->connection_id);
+ this->imvs->batch_ending(this->imvs, this->connection_id);
}
else
{
.is_server = is_server,
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
.imcs = lib->get(lib, "imc-manager"),
+ .imvs = lib->get(lib, "imv-manager"),
);
return &this->public;
*/
imc_manager_t *imcs;
+ /**
+ * TNC IMV manager controlling Integrity Measurement Verifiers
+ */
+ imv_manager_t *imvs;
+
};
METHOD(tnccs_t, send_msg, TNC_Result,
this->send_msg = TRUE;
if (this->is_server)
{
- charon->imvs->receive_message(charon->imvs,
+ this->imvs->receive_message(this->imvs,
this->connection_id, msg_body.ptr, msg_body.len, msg_type);
}
else
this->send_msg = TRUE;
if (this->is_server)
{
- charon->imvs->batch_ending(charon->imvs, this->connection_id);
+ this->imvs->batch_ending(this->imvs, this->connection_id);
}
else
{
.state_machine = pb_tnc_state_machine_create(is_server),
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
.imcs = lib->get(lib, "imc-manager"),
+ .imvs = lib->get(lib, "imv-manager"),
);
return &this->public;
+++ /dev/null
-/*
- * Copyright (C) 2010 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup imv imv
- * @ingroup tnc
- *
- * @defgroup imvt imv
- * @{ @ingroup imv
- */
-
-#ifndef IMV_H_
-#define IMV_H_
-
-#include <tncifimv.h>
-
-#include <library.h>
-
-typedef struct imv_t imv_t;
-
-/**
- * Controls a single Integrity Measurement Verifier (IMV)
- */
-struct imv_t {
-
- /**
- * The TNC Server calls this function to initialize the IMV and agree on
- * the API version number to be used. It also supplies the IMV ID, an IMV
- * identifier that the IMV must use when calling TNC Server callback functions.
- *
- * @param imvID IMV ID assigned by TNCS
- * @param minVersion minimum API version supported
- * @param maxVersion maximum API version supported by TNCS
- * @param OutActualVersion mutually supported API version number
- * @return TNC result code
- */
- TNC_Result (*initialize)(TNC_IMVID imvID,
- TNC_Version minVersion,
- TNC_Version maxVersion,
- TNC_Version *OutActualVersion);
-
- /**
- * The TNC Server calls this function to inform the IMV that the state of
- * the network connection identified by connectionID has changed to newState.
- *
- * @param imvID IMV ID assigned by TNCS
- * @param connectionID network connection ID assigned by TNCS
- * @param newState new network connection state
- * @return TNC result code
- */
- TNC_Result (*notify_connection_change)(TNC_IMVID imvID,
- TNC_ConnectionID connectionID,
- TNC_ConnectionState newState);
-
- /**
- * The TNC Server calls this function at the end of an Integrity Check
- * Handshake (after all IMC-IMV messages have been delivered) to solicit
- * recommendations from IMVs that have not yet provided a recommendation.
- *
- * @param imvID IMV ID assigned by TNCS
- * @param connectionID network connection ID assigned by TNCS
- * @return TNC result code
- */
- TNC_Result (*solicit_recommendation)(TNC_IMVID imvID,
- TNC_ConnectionID connectionID);
-
- /**
- * The TNC Server calls this function to deliver a message to the IMV.
- * The message is contained in the buffer referenced by message and contains
- * the number of octets indicated by messageLength. The type of the message
- * is indicated by messageType.
- *
- * @param imvID IMV ID assigned by TNCS
- * @param connectionID network connection ID assigned by TNCS
- * @param message reference to buffer containing message
- * @param messageLength number of octets in message
- * @param messageType message type of message
- * @return TNC result code
- */
- TNC_Result (*receive_message)(TNC_IMVID imvID,
- TNC_ConnectionID connectionID,
- TNC_BufferReference message,
- TNC_UInt32 messageLength,
- TNC_MessageType messageType);
-
- /**
- * The TNC Server calls this function to notify IMVs that all IMC messages
- * received in a batch have been delivered and this is the IMV’s last chance
- * to send a message in the batch of IMV messages currently being collected.
- *
- * @param imvID IMV ID assigned by TNCS
- * @param connectionID network connection ID assigned by TNCS
- * @return TNC result code
- */
- TNC_Result (*batch_ending)(TNC_IMVID imvID,
- TNC_ConnectionID connectionID);
-
- /**
- * The TNC Server calls this function to close down the IMV.
- *
- * @param imvID IMV ID assigned by TNCS
- * @return TNC result code
- */
- TNC_Result (*terminate)(TNC_IMVID imvID);
-
- /**
- * IMVs implementing the UNIX/Linux Dynamic Linkage platform binding MUST
- * define this additional function. The TNC Server MUST call the function
- * immediately after calling TNC_IMV_Initialize to provide a pointer to the
- * TNCS bind function. The IMV can then use the TNCS bind function to obtain
- * pointers to any other TNCS functions.
- *
- * @param imvID IMV ID assigned by TNCS
- * @param bindFunction pointer to TNC_TNCS_BindFunction
- * @return TNC result code
- */
- TNC_Result (*provide_bind_function)(TNC_IMVID imvID,
- TNC_TNCS_BindFunctionPointer bindFunction);
-
- /**
- * Sets the ID of an imv_t object.
- *
- * @param id IMV ID to be assigned
- */
- void (*set_id)(imv_t *this, TNC_IMVID id);
-
- /**
- * Returns the ID of an imv_t object.
- *
- * @return IMV ID assigned by TNCS
- */
- TNC_IMVID (*get_id)(imv_t *this);
-
- /**
- * Returns the name of an imv_t object.
- *
- * @return name of IMV
- */
- char* (*get_name)(imv_t *this);
-
- /**
- * Sets the supported message types of an imv_t object.
- *
- * @param supported_types list of messages type supported by IMV
- * @param type_count number of supported message types
- */
- void (*set_message_types)(imv_t *this, TNC_MessageTypeList supported_types,
- TNC_UInt32 type_count);
-
- /**
- * Check if the IMV supports a given message type.
- *
- * @param message_type message type
- * @return TRUE if supported
- */
- bool (*type_supported)(imv_t *this, TNC_MessageType message_type);
-
- /**
- * Destroys an imv_t object.
- */
- void (*destroy)(imv_t *this);
-};
-
-#endif /** IMV_H_ @}*/
+++ /dev/null
-/*
- * Copyright (C) 2010 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup imv_manager imv_manager
- * @{ @ingroup imv
- */
-
-#ifndef IMV_MANAGER_H_
-#define IMV_MANAGER_H_
-
-typedef struct imv_manager_t imv_manager_t;
-
-#ifdef USE_TNC
-
-#include "imv.h"
-#include "imv_recommendations.h"
-
-#include <library.h>
-
-/**
- * The IMV manager controls all IMV instances.
- */
-struct imv_manager_t {
-
- /**
- * Add an IMV instance
- *
- * @param imv IMV instance
- * @return TRUE if initialization successful
- */
- bool (*add)(imv_manager_t *this, imv_t *imv);
-
- /**
- * Remove an IMV instance from the list and return it
- *
- * @param id ID of IMV instance
- * @return removed IMC instance
- */
- imv_t* (*remove)(imv_manager_t *this, TNC_IMVID id);
-
- /**
- * Check if an IMV with a given ID is registered with the IMV manager
- *
- * @param id ID of IMV instance
- * @return TRUE if registered
- */
- bool (*is_registered)(imv_manager_t *this, TNC_IMVID id);
-
-
- /**
- * Get the configured recommendation policy
- *
- * @return configured recommendation policy
- */
- recommendation_policy_t (*get_recommendation_policy)(imv_manager_t *this);
-
- /**
- * Create an empty set of IMV recommendations and evaluations
- *
- * @return instance of a recommendations_t list
- */
- recommendations_t* (*create_recommendations)(imv_manager_t *this);
-
- /**
- * Enforce the TNC recommendation on the IKE_SA by either inserting an
- * allow|isolate group membership rule (TRUE) or by blocking access (FALSE)
- *
- * @param rec TNC action recommendation
- * @param eval TNC evaluation result
- * @return TRUE for allow|isolate, FALSE for none
- */
- bool (*enforce_recommendation)(imv_manager_t *this,
- TNC_IMV_Action_Recommendation rec,
- TNC_IMV_Evaluation_Result eval);
-
- /**
- * Notify all IMV instances
- *
- * @param state communicate the state a connection has reached
- */
- void (*notify_connection_change)(imv_manager_t *this,
- TNC_ConnectionID id,
- TNC_ConnectionState state);
-
- /**
- * Sets the supported message types reported by a given IMV
- *
- * @param id ID of reporting IMV
- * @param supported_types list of messages type supported by IMV
- * @param type_count number of supported message types
- * @return TNC result code
- */
- TNC_Result (*set_message_types)(imv_manager_t *this,
- TNC_IMVID id,
- TNC_MessageTypeList supported_types,
- TNC_UInt32 type_count);
-
- /**
- * Solicit recommendations from IMVs that have not yet provided one
- *
- * @param id connection ID
- */
- void (*solicit_recommendation)(imv_manager_t *this, TNC_ConnectionID id);
-
- /**
- * Delivers a message to interested IMVs.
- *
- * @param connection_id ID of connection over which message was received
- * @param message message
- * @param message_len message length
- * @param message_type message type
- */
- void (*receive_message)(imv_manager_t *this,
- TNC_ConnectionID connection_id,
- TNC_BufferReference message,
- TNC_UInt32 message_len,
- TNC_MessageType message_type);
-
- /**
- * Notify all IMVs that all IMC messages received in a batch have been
- * delivered and this is the IMVs last chance to send a message in the
- * batch of IMV messages currently being collected.
- *
- * @param id connection ID
- */
- void (*batch_ending)(imv_manager_t *this, TNC_ConnectionID id);
-
- /**
- * Destroy an IMV manager and all its controlled instances.
- */
- void (*destroy)(imv_manager_t *this);
-};
-
-#endif /* USE_TNC */
-
-#endif /** IMV_MANAGER_H_ @}*/
+++ /dev/null
-/*
- * Copyright (C) 2010 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "imv_recommendations.h"
-
-ENUM(recommendation_policy_names, RECOMMENDATION_POLICY_DEFAULT,
- RECOMMENDATION_POLICY_ALL,
- "default",
- "any",
- "all"
-);
-
+++ /dev/null
-/*
- * Copyright (C) 2010 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup imv_recommendations imv_recommendations
- * @{ @ingroup imv
- */
-
-#ifndef IMV_RECOMMENDATIONS_H_
-#define IMV_RECOMMENDATIONS_H_
-
-#include <tncifimv.h>
-#include <library.h>
-
-typedef enum recommendation_policy_t recommendation_policy_t;
-
-enum recommendation_policy_t {
- RECOMMENDATION_POLICY_DEFAULT,
- RECOMMENDATION_POLICY_ANY,
- RECOMMENDATION_POLICY_ALL
-};
-
-extern enum_name_t *recommendation_policy_names;
-
-
-typedef struct recommendations_t recommendations_t;
-
-/**
- * Collection of all IMV action recommendations and evaluation results
- */
-struct recommendations_t {
-
- /**
- * Deliver an IMV action recommendation and IMV evaluation result to the TNCS
- *
- * @param imv_id ID of the IMV providing the recommendation
- * @param rec action recommendation
- * @param eval evaluation result
- * @return return code
- */
- TNC_Result (*provide_recommendation)(recommendations_t *this,
- TNC_IMVID imv_id,
- TNC_IMV_Action_Recommendation rec,
- TNC_IMV_Evaluation_Result eval);
-
- /**
- * If all IMVs provided a recommendation, derive a consolidated action
- * recommendation and evaluation result based on a configured policy
- *
- * @param rec action recommendation
- * @param eval evaluation result
- * @return TRUE if all IMVs provided a recommendation
- */
- bool (*have_recommendation)(recommendations_t *this,
- TNC_IMV_Action_Recommendation *rec,
- TNC_IMV_Evaluation_Result *eval);
-
- /**
- * Get the preferred language for remediation messages
- *
- * @return preferred language
- */
- chunk_t (*get_preferred_language)(recommendations_t *this);
-
- /**
- * Set the preferred language for remediation messages
- *
- * @param pref_lang preferred language
- */
- void (*set_preferred_language)(recommendations_t *this, chunk_t pref_lang);
-
- /**
- * Set the reason string
- *
- * @param id ID of IMV setting the reason string
- * @param reason reason string
- * @result return code
- */
- TNC_Result (*set_reason_string)(recommendations_t *this, TNC_IMVID id,
- chunk_t reason);
-
- /**
- * Set the language for reason strings
- *
- * @param id ID of IMV setting the reason language
- * @param reason_lang reason language
- * @result return code
- */
- TNC_Result (*set_reason_language)(recommendations_t *this, TNC_IMVID id,
- chunk_t reason_lang);
-
- /**
- * Enumerates over all IMVs sending a reason string.
- * Format: TNC_IMVID *id, chunk_t *reason, chunk_t *reason_language
- *
- * @return enumerator
- */
- enumerator_t* (*create_reason_enumerator)(recommendations_t *this);
-
- /**
- * Clears all reason entries
- */
- void (*clear_reasons)(recommendations_t *this);
-
- /**
- * Destroys an imv_t object.
- */
- void (*destroy)(recommendations_t *this);
-};
-
-#endif /** IMV_RECOMMENDATIONS_H_ @}*/
#include "tnccs_manager.h"
#include <imc/imc_manager.h>
-#include <tnc/imv/imv_recommendations.h>
+#include <imv/imv_manager.h>
#include <debug.h>
#include <daemon.h>
*/
imc_manager_t *imcs;
+ /**
+ * TNC IMV manager controlling Integrity Measurement Verifiers
+ */
+ imv_manager_t *imvs;
+
};
METHOD(tnccs_manager_t, add_method, void,
if (recs)
{
/* we assume a TNC Server needing recommendations from IMVs */
- if (!charon->imvs)
+ if (!this->imvs)
+ {
+ this->imvs = lib->get(lib, "imv-manager");
+ }
+ if (!this->imvs)
{
DBG1(DBG_TNC, "no IMV manager available!");
free(entry);
return 0;
}
- entry->recs = charon->imvs->create_recommendations(charon->imvs);
+ entry->recs = this->imvs->create_recommendations(this->imvs);
*recs = entry->recs;
}
else
if (is_server)
{
- if (charon->imvs)
+ if (this->imvs)
{
- charon->imvs->notify_connection_change(charon->imvs, id,
+ this->imvs->notify_connection_change(this->imvs, id,
TNC_CONNECTION_STATE_DELETE);
}
}
.protocol_lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
.connection_lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
.imcs = lib->get(lib, "imc-manager"),
+ .imvs = lib->get(lib, "imv-manager"),
);
return &this->public;
#include "tnccs.h"
-#include <tnc/imv/imv_recommendations.h>
+#include <imv/imv_recommendations.h>
/**
* The TNCCS manager manages all TNCCS implementations and creates instances.
libtnccs_la_LIBADD = $(top_builddir)/src/libtncif/libtncif.la
libtnccs_la_SOURCES = \
- imc/imc.h imc/imc_manager.h
+ imc/imc.h imc/imc_manager.h \
+ imv/imv.h imv/imv_manager.h \
+ imv/imv_recommendations.h imv/imv_recommendations.c
--- /dev/null
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup imv imv
+ * @ingroup tnc
+ *
+ * @defgroup imvt imv
+ * @{ @ingroup imv
+ */
+
+#ifndef IMV_H_
+#define IMV_H_
+
+#include <tncifimv.h>
+
+#include <library.h>
+
+typedef struct imv_t imv_t;
+
+/**
+ * Controls a single Integrity Measurement Verifier (IMV)
+ */
+struct imv_t {
+
+ /**
+ * The TNC Server calls this function to initialize the IMV and agree on
+ * the API version number to be used. It also supplies the IMV ID, an IMV
+ * identifier that the IMV must use when calling TNC Server callback functions.
+ *
+ * @param imvID IMV ID assigned by TNCS
+ * @param minVersion minimum API version supported
+ * @param maxVersion maximum API version supported by TNCS
+ * @param OutActualVersion mutually supported API version number
+ * @return TNC result code
+ */
+ TNC_Result (*initialize)(TNC_IMVID imvID,
+ TNC_Version minVersion,
+ TNC_Version maxVersion,
+ TNC_Version *OutActualVersion);
+
+ /**
+ * The TNC Server calls this function to inform the IMV that the state of
+ * the network connection identified by connectionID has changed to newState.
+ *
+ * @param imvID IMV ID assigned by TNCS
+ * @param connectionID network connection ID assigned by TNCS
+ * @param newState new network connection state
+ * @return TNC result code
+ */
+ TNC_Result (*notify_connection_change)(TNC_IMVID imvID,
+ TNC_ConnectionID connectionID,
+ TNC_ConnectionState newState);
+
+ /**
+ * The TNC Server calls this function at the end of an Integrity Check
+ * Handshake (after all IMC-IMV messages have been delivered) to solicit
+ * recommendations from IMVs that have not yet provided a recommendation.
+ *
+ * @param imvID IMV ID assigned by TNCS
+ * @param connectionID network connection ID assigned by TNCS
+ * @return TNC result code
+ */
+ TNC_Result (*solicit_recommendation)(TNC_IMVID imvID,
+ TNC_ConnectionID connectionID);
+
+ /**
+ * The TNC Server calls this function to deliver a message to the IMV.
+ * The message is contained in the buffer referenced by message and contains
+ * the number of octets indicated by messageLength. The type of the message
+ * is indicated by messageType.
+ *
+ * @param imvID IMV ID assigned by TNCS
+ * @param connectionID network connection ID assigned by TNCS
+ * @param message reference to buffer containing message
+ * @param messageLength number of octets in message
+ * @param messageType message type of message
+ * @return TNC result code
+ */
+ TNC_Result (*receive_message)(TNC_IMVID imvID,
+ TNC_ConnectionID connectionID,
+ TNC_BufferReference message,
+ TNC_UInt32 messageLength,
+ TNC_MessageType messageType);
+
+ /**
+ * The TNC Server calls this function to notify IMVs that all IMC messages
+ * received in a batch have been delivered and this is the IMV’s last chance
+ * to send a message in the batch of IMV messages currently being collected.
+ *
+ * @param imvID IMV ID assigned by TNCS
+ * @param connectionID network connection ID assigned by TNCS
+ * @return TNC result code
+ */
+ TNC_Result (*batch_ending)(TNC_IMVID imvID,
+ TNC_ConnectionID connectionID);
+
+ /**
+ * The TNC Server calls this function to close down the IMV.
+ *
+ * @param imvID IMV ID assigned by TNCS
+ * @return TNC result code
+ */
+ TNC_Result (*terminate)(TNC_IMVID imvID);
+
+ /**
+ * IMVs implementing the UNIX/Linux Dynamic Linkage platform binding MUST
+ * define this additional function. The TNC Server MUST call the function
+ * immediately after calling TNC_IMV_Initialize to provide a pointer to the
+ * TNCS bind function. The IMV can then use the TNCS bind function to obtain
+ * pointers to any other TNCS functions.
+ *
+ * @param imvID IMV ID assigned by TNCS
+ * @param bindFunction pointer to TNC_TNCS_BindFunction
+ * @return TNC result code
+ */
+ TNC_Result (*provide_bind_function)(TNC_IMVID imvID,
+ TNC_TNCS_BindFunctionPointer bindFunction);
+
+ /**
+ * Sets the ID of an imv_t object.
+ *
+ * @param id IMV ID to be assigned
+ */
+ void (*set_id)(imv_t *this, TNC_IMVID id);
+
+ /**
+ * Returns the ID of an imv_t object.
+ *
+ * @return IMV ID assigned by TNCS
+ */
+ TNC_IMVID (*get_id)(imv_t *this);
+
+ /**
+ * Returns the name of an imv_t object.
+ *
+ * @return name of IMV
+ */
+ char* (*get_name)(imv_t *this);
+
+ /**
+ * Sets the supported message types of an imv_t object.
+ *
+ * @param supported_types list of messages type supported by IMV
+ * @param type_count number of supported message types
+ */
+ void (*set_message_types)(imv_t *this, TNC_MessageTypeList supported_types,
+ TNC_UInt32 type_count);
+
+ /**
+ * Check if the IMV supports a given message type.
+ *
+ * @param message_type message type
+ * @return TRUE if supported
+ */
+ bool (*type_supported)(imv_t *this, TNC_MessageType message_type);
+
+ /**
+ * Destroys an imv_t object.
+ */
+ void (*destroy)(imv_t *this);
+};
+
+#endif /** IMV_H_ @}*/
--- /dev/null
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup imv_manager imv_manager
+ * @{ @ingroup imv
+ */
+
+#ifndef IMV_MANAGER_H_
+#define IMV_MANAGER_H_
+
+typedef struct imv_manager_t imv_manager_t;
+
+#include "imv.h"
+#include "imv_recommendations.h"
+
+#include <library.h>
+
+/**
+ * The IMV manager controls all IMV instances.
+ */
+struct imv_manager_t {
+
+ /**
+ * Add an IMV instance
+ *
+ * @param imv IMV instance
+ * @return TRUE if initialization successful
+ */
+ bool (*add)(imv_manager_t *this, imv_t *imv);
+
+ /**
+ * Remove an IMV instance from the list and return it
+ *
+ * @param id ID of IMV instance
+ * @return removed IMC instance
+ */
+ imv_t* (*remove)(imv_manager_t *this, TNC_IMVID id);
+
+ /**
+ * Check if an IMV with a given ID is registered with the IMV manager
+ *
+ * @param id ID of IMV instance
+ * @return TRUE if registered
+ */
+ bool (*is_registered)(imv_manager_t *this, TNC_IMVID id);
+
+
+ /**
+ * Get the configured recommendation policy
+ *
+ * @return configured recommendation policy
+ */
+ recommendation_policy_t (*get_recommendation_policy)(imv_manager_t *this);
+
+ /**
+ * Create an empty set of IMV recommendations and evaluations
+ *
+ * @return instance of a recommendations_t list
+ */
+ recommendations_t* (*create_recommendations)(imv_manager_t *this);
+
+ /**
+ * Enforce the TNC recommendation on the IKE_SA by either inserting an
+ * allow|isolate group membership rule (TRUE) or by blocking access (FALSE)
+ *
+ * @param rec TNC action recommendation
+ * @param eval TNC evaluation result
+ * @return TRUE for allow|isolate, FALSE for none
+ */
+ bool (*enforce_recommendation)(imv_manager_t *this,
+ TNC_IMV_Action_Recommendation rec,
+ TNC_IMV_Evaluation_Result eval);
+
+ /**
+ * Notify all IMV instances
+ *
+ * @param state communicate the state a connection has reached
+ */
+ void (*notify_connection_change)(imv_manager_t *this,
+ TNC_ConnectionID id,
+ TNC_ConnectionState state);
+
+ /**
+ * Sets the supported message types reported by a given IMV
+ *
+ * @param id ID of reporting IMV
+ * @param supported_types list of messages type supported by IMV
+ * @param type_count number of supported message types
+ * @return TNC result code
+ */
+ TNC_Result (*set_message_types)(imv_manager_t *this,
+ TNC_IMVID id,
+ TNC_MessageTypeList supported_types,
+ TNC_UInt32 type_count);
+
+ /**
+ * Solicit recommendations from IMVs that have not yet provided one
+ *
+ * @param id connection ID
+ */
+ void (*solicit_recommendation)(imv_manager_t *this, TNC_ConnectionID id);
+
+ /**
+ * Delivers a message to interested IMVs.
+ *
+ * @param connection_id ID of connection over which message was received
+ * @param message message
+ * @param message_len message length
+ * @param message_type message type
+ */
+ void (*receive_message)(imv_manager_t *this,
+ TNC_ConnectionID connection_id,
+ TNC_BufferReference message,
+ TNC_UInt32 message_len,
+ TNC_MessageType message_type);
+
+ /**
+ * Notify all IMVs that all IMC messages received in a batch have been
+ * delivered and this is the IMVs last chance to send a message in the
+ * batch of IMV messages currently being collected.
+ *
+ * @param id connection ID
+ */
+ void (*batch_ending)(imv_manager_t *this, TNC_ConnectionID id);
+
+ /**
+ * Destroy an IMV manager and all its controlled instances.
+ */
+ void (*destroy)(imv_manager_t *this);
+};
+
+#endif /** IMV_MANAGER_H_ @}*/
--- /dev/null
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "imv_recommendations.h"
+
+ENUM(recommendation_policy_names, RECOMMENDATION_POLICY_DEFAULT,
+ RECOMMENDATION_POLICY_ALL,
+ "default",
+ "any",
+ "all"
+);
+
--- /dev/null
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup imv_recommendations imv_recommendations
+ * @{ @ingroup imv
+ */
+
+#ifndef IMV_RECOMMENDATIONS_H_
+#define IMV_RECOMMENDATIONS_H_
+
+#include <tncifimv.h>
+#include <library.h>
+
+typedef enum recommendation_policy_t recommendation_policy_t;
+
+enum recommendation_policy_t {
+ RECOMMENDATION_POLICY_DEFAULT,
+ RECOMMENDATION_POLICY_ANY,
+ RECOMMENDATION_POLICY_ALL
+};
+
+extern enum_name_t *recommendation_policy_names;
+
+
+typedef struct recommendations_t recommendations_t;
+
+/**
+ * Collection of all IMV action recommendations and evaluation results
+ */
+struct recommendations_t {
+
+ /**
+ * Deliver an IMV action recommendation and IMV evaluation result to the TNCS
+ *
+ * @param imv_id ID of the IMV providing the recommendation
+ * @param rec action recommendation
+ * @param eval evaluation result
+ * @return return code
+ */
+ TNC_Result (*provide_recommendation)(recommendations_t *this,
+ TNC_IMVID imv_id,
+ TNC_IMV_Action_Recommendation rec,
+ TNC_IMV_Evaluation_Result eval);
+
+ /**
+ * If all IMVs provided a recommendation, derive a consolidated action
+ * recommendation and evaluation result based on a configured policy
+ *
+ * @param rec action recommendation
+ * @param eval evaluation result
+ * @return TRUE if all IMVs provided a recommendation
+ */
+ bool (*have_recommendation)(recommendations_t *this,
+ TNC_IMV_Action_Recommendation *rec,
+ TNC_IMV_Evaluation_Result *eval);
+
+ /**
+ * Get the preferred language for remediation messages
+ *
+ * @return preferred language
+ */
+ chunk_t (*get_preferred_language)(recommendations_t *this);
+
+ /**
+ * Set the preferred language for remediation messages
+ *
+ * @param pref_lang preferred language
+ */
+ void (*set_preferred_language)(recommendations_t *this, chunk_t pref_lang);
+
+ /**
+ * Set the reason string
+ *
+ * @param id ID of IMV setting the reason string
+ * @param reason reason string
+ * @result return code
+ */
+ TNC_Result (*set_reason_string)(recommendations_t *this, TNC_IMVID id,
+ chunk_t reason);
+
+ /**
+ * Set the language for reason strings
+ *
+ * @param id ID of IMV setting the reason language
+ * @param reason_lang reason language
+ * @result return code
+ */
+ TNC_Result (*set_reason_language)(recommendations_t *this, TNC_IMVID id,
+ chunk_t reason_lang);
+
+ /**
+ * Enumerates over all IMVs sending a reason string.
+ * Format: TNC_IMVID *id, chunk_t *reason, chunk_t *reason_language
+ *
+ * @return enumerator
+ */
+ enumerator_t* (*create_reason_enumerator)(recommendations_t *this);
+
+ /**
+ * Clears all reason entries
+ */
+ void (*clear_reasons)(recommendations_t *this);
+
+ /**
+ * Destroys an imv_t object.
+ */
+ void (*destroy)(recommendations_t *this);
+};
+
+#endif /** IMV_RECOMMENDATIONS_H_ @}*/
projects / strongswan.git / commitdiff