projects / strongswan.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0e080d9)
Restrict IMCs and IMVs to call SendMessage()
authorAndreas Steffen <andreas.steffen@strongswan.org>
Sat, 14 May 2011 11:31:16 +0000 (13:31 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Sat, 14 May 2011 11:31:16 +0000 (13:31 +0200)
src/libcharon/plugins/tnccs_11/tnccs_11.c patch | blob | history
src/libcharon/plugins/tnccs_20/tnccs_20.c patch | blob | history
src/libcharon/tnc/tnccs/tnccs.h patch | blob | history
src/libcharon/tnc/tnccs/tnccs_manager.c patch | blob | history

diff --git a/src/libcharon/plugins/tnccs_11/tnccs_11.c b/src/libcharon/plugins/tnccs_11/tnccs_11.c
index 033b732..cd8cd3a 100644 (file)
--- a/src/libcharon/plugins/tnccs_11/tnccs_11.c
+++ b/src/libcharon/plugins/tnccs_11/tnccs_11.c
@@ -77,6 +77,11 @@ struct private_tnccs_11_t {
        bool delete_state;
 
        /**
+        * SendMessage() by IMC/IMV only allowed if flag is set
+        */
+       bool send_msg;
+
+       /**
         * Flag set by IMC/IMV RequestHandshakeRetry() function
         */
        bool request_handshake_retry;
@@ -87,7 +92,7 @@ struct private_tnccs_11_t {
        recommendations_t *recs;
 };
 
-METHOD(tnccs_t, send_msg, void,
+METHOD(tnccs_t, send_msg, TNC_Result,
        private_tnccs_11_t* this, TNC_IMCID imc_id, TNC_IMVID imv_id,
                                                          TNC_BufferReference msg,
                                                          TNC_UInt32 msg_len,
@@ -95,6 +100,13 @@ METHOD(tnccs_t, send_msg, void,
 {
        tnccs_msg_t *tnccs_msg;
 
+       if (!this->send_msg)
+       {
+               DBG1(DBG_TNC, "%s %u not allowed to call SendMessage()",
+                       this->is_server ? "IMV" : "IMC",
+                       this->is_server ? imv_id : imc_id);
+               return TNC_RESULT_ILLEGAL_OPERATION;
+       }
        tnccs_msg = imc_imv_msg_create(msg_type, chunk_create(msg, msg_len));
 
        /* adding an IMC-IMV Message to TNCCS batch */
@@ -105,6 +117,7 @@ METHOD(tnccs_t, send_msg, void,
        }
        this->batch->add_msg(this->batch, tnccs_msg);
        this->mutex->unlock(this->mutex);
+       return TNC_RESULT_SUCCESS;
 }
 
 /**
@@ -126,6 +139,7 @@ static void handle_message(private_tnccs_11_t *this, tnccs_msg_t *msg)
 
                        DBG2(DBG_TNC, "handling IMC_IMV message type 0x%08x", msg_type);
 
+                       this->send_msg = TRUE;
                        if (this->is_server)
                        {
                                charon->imvs->receive_message(charon->imvs,
@@ -136,6 +150,7 @@ static void handle_message(private_tnccs_11_t *this, tnccs_msg_t *msg)
                                charon->imcs->receive_message(charon->imcs,
                                this->connection_id, msg_body.ptr, msg_body.len,msg_type);
                        }
+                       this->send_msg = FALSE;
                        break;
                }
                case TNCCS_MSG_RECOMMENDATION:
@@ -286,6 +301,7 @@ METHOD(tls_t, process, status_t,
                        return FAILED;
                }
 
+               this->send_msg = TRUE;
                if (this->is_server)
                {
                        charon->imvs->batch_ending(charon->imvs, this->connection_id);
@@ -294,6 +310,7 @@ METHOD(tls_t, process, status_t,
                {
                        charon->imcs->batch_ending(charon->imcs, this->connection_id);
                }
+               this->send_msg = FALSE;
        }
        batch->destroy(batch);
 
@@ -371,7 +388,9 @@ METHOD(tls_t, build, status_t,
                                                        this->connection_id, TNC_CONNECTION_STATE_CREATE);
                charon->imcs->notify_connection_change(charon->imcs,
                                                        this->connection_id, TNC_CONNECTION_STATE_HANDSHAKE);
+               this->send_msg = TRUE;
                charon->imcs->begin_handshake(charon->imcs, this->connection_id);
+               this->send_msg = FALSE;
        }
 
        /* Do not allow any asynchronous IMCs or IMVs to add additional messages */
diff --git a/src/libcharon/plugins/tnccs_20/tnccs_20.c b/src/libcharon/plugins/tnccs_20/tnccs_20.c
index 636f525..9e2081d 100644 (file)
--- a/src/libcharon/plugins/tnccs_20/tnccs_20.c
+++ b/src/libcharon/plugins/tnccs_20/tnccs_20.c
@@ -81,12 +81,17 @@ struct private_tnccs_20_t {
        bool request_handshake_retry;
 
        /**
+         * SendMessage() by IMC/IMV only allowed if flag is set
+         */
+       bool send_msg;
+
+       /**
         * Set of IMV recommendations  (TNC Server only)
         */
        recommendations_t *recs;
 };
 
-METHOD(tnccs_t, send_msg, void,
+METHOD(tnccs_t, send_msg, TNC_Result,
        private_tnccs_20_t* this, TNC_IMCID imc_id, TNC_IMVID imv_id,
                                                          TNC_BufferReference msg,
                                                          TNC_UInt32 msg_len,
@@ -97,6 +102,14 @@ METHOD(tnccs_t, send_msg, void,
        pb_tnc_msg_t *pb_tnc_msg;
        pb_tnc_batch_type_t batch_type;
 
+       if (!this->send_msg)
+       {
+               DBG1(DBG_TNC, "%s %u not allowed to call SendMessage()",
+                       this->is_server ? "IMV" : "IMC",
+                       this->is_server ? imv_id : imc_id);
+               return TNC_RESULT_ILLEGAL_OPERATION;
+       }
+
        msg_sub_type =   msg_type       & TNC_SUBTYPE_ANY;
        msg_vendor_id = (msg_type >> 8) & TNC_VENDORID_ANY;
 
@@ -119,6 +132,7 @@ METHOD(tnccs_t, send_msg, void,
                pb_tnc_msg->destroy(pb_tnc_msg);
        }
        this->mutex->unlock(this->mutex);
+       return TNC_RESULT_SUCCESS;
 }
 
 /**
@@ -145,6 +159,7 @@ static void handle_message(private_tnccs_20_t *this, pb_tnc_msg_t *msg)
 
                        DBG2(DBG_TNC, "handling PB-PA message type 0x%08x", msg_type);
 
+                       this->send_msg = TRUE;
                        if (this->is_server)
                        {
                                charon->imvs->receive_message(charon->imvs,
@@ -155,6 +170,7 @@ static void handle_message(private_tnccs_20_t *this, pb_tnc_msg_t *msg)
                                charon->imcs->receive_message(charon->imcs,
                                this->connection_id, msg_body.ptr, msg_body.len,msg_type);
                        }
+                       this->send_msg = FALSE;
                        break;
                }
                case PB_MSG_ASSESSMENT_RESULT:
@@ -358,7 +374,9 @@ METHOD(tls_t, process, status_t,
                        /* Restart the measurements */
                        charon->imcs->notify_connection_change(charon->imcs,
                        this->connection_id, TNC_CONNECTION_STATE_HANDSHAKE);
+                       this->send_msg = TRUE;
                        charon->imcs->begin_handshake(charon->imcs, this->connection_id);
+                       this->send_msg = FALSE;
                }
 
                enumerator = batch->create_msg_enumerator(batch);
@@ -385,6 +403,7 @@ METHOD(tls_t, process, status_t,
                        }
                }
 
+               this->send_msg = TRUE;
                if (this->is_server)
                {
                        charon->imvs->batch_ending(charon->imvs, this->connection_id);
@@ -393,6 +412,7 @@ METHOD(tls_t, process, status_t,
                {
                        charon->imcs->batch_ending(charon->imcs, this->connection_id);
                }
+               this->send_msg = FALSE;
        }
 
        switch (status)
@@ -501,7 +521,9 @@ METHOD(tls_t, build, status_t,
                                                        this->connection_id, TNC_CONNECTION_STATE_CREATE);
                charon->imcs->notify_connection_change(charon->imcs,
                                                        this->connection_id, TNC_CONNECTION_STATE_HANDSHAKE);
+               this->send_msg = TRUE;
                charon->imcs->begin_handshake(charon->imcs, this->connection_id);
+               this->send_msg = FALSE;
        }
 
        state = this->state_machine->get_state(this->state_machine);
diff --git a/src/libcharon/tnc/tnccs/tnccs.h b/src/libcharon/tnc/tnccs/tnccs.h
index c5d6f5e..32f065f 100644 (file)
--- a/src/libcharon/tnc/tnccs/tnccs.h
+++ b/src/libcharon/tnc/tnccs/tnccs.h
@@ -72,8 +72,9 @@ typedef tnccs_t* (*tnccs_constructor_t)(bool is_server);
  * @param msg                  message to be added
  * @param msg_len              message length
  * @param msg_type             message type
+ * @return                     result code
  */
-typedef void (*tnccs_send_message_t)(tnccs_t* tncss, TNC_IMCID imc_id,
+typedef TNC_Result (*tnccs_send_message_t)(tnccs_t* tncss, TNC_IMCID imc_id,
                                                                                                         TNC_IMVID imv_id,
                                                                                                         TNC_BufferReference msg,
                                                                                                         TNC_UInt32 msg_len,
diff --git a/src/libcharon/tnc/tnccs/tnccs_manager.c b/src/libcharon/tnc/tnccs/tnccs_manager.c
index 2e3852b..609742d 100644 (file)
--- a/src/libcharon/tnc/tnccs/tnccs_manager.c
+++ b/src/libcharon/tnc/tnccs/tnccs_manager.c
@@ -330,9 +330,8 @@ METHOD(tnccs_manager_t, send_message, TNC_Result,
 
        if (tnccs && send_message)
        {
-               send_message(tnccs, imc_id, imv_id, msg, msg_len, msg_type);
-               return TNC_RESULT_SUCCESS;
-        }
+               return send_message(tnccs, imc_id, imv_id, msg, msg_len, msg_type);
+       }
        return TNC_RESULT_FATAL;
 }
 
strongSwan - IPsec VPN