ADD_PLUGIN([eap-ttls], [c libcharon])
ADD_PLUGIN([eap-peap], [c libcharon])
ADD_PLUGIN([eap-tnc], [c libcharon])
-ADD_PLUGIN([tnccs-20], [c libcharon])
-ADD_PLUGIN([tnccs-11], [c libcharon])
-ADD_PLUGIN([tnccs-dynamic], [c libcharon])
ADD_PLUGIN([tnc-ifmap], [c libcharon])
ADD_PLUGIN([tnc-imc], [c libcharon])
ADD_PLUGIN([tnc-imv], [c libcharon])
+ADD_PLUGIN([tnc-tnccs], [c libcharon])
+ADD_PLUGIN([tnccs-20], [c libcharon])
+ADD_PLUGIN([tnccs-11], [c libcharon])
+ADD_PLUGIN([tnccs-dynamic], [c libcharon])
ADD_PLUGIN([medsrv], [c libcharon])
ADD_PLUGIN([medcli], [c libcharon])
ADD_PLUGIN([nm], [c libcharon])
AM_CONDITIONAL(USE_TNC_IFMAP, test x$tnc_ifmap = xtrue)
AM_CONDITIONAL(USE_TNC_IMC, test x$tnc_imc = xtrue)
AM_CONDITIONAL(USE_TNC_IMV, test x$tnc_imv = xtrue)
+AM_CONDITIONAL(USE_TNC_TNCCS, test x$tnccs = xtrue)
AM_CONDITIONAL(USE_TNCCS_11, test x$tnccs_11 = xtrue)
AM_CONDITIONAL(USE_TNCCS_20, test x$tnccs_20 = xtrue)
AM_CONDITIONAL(USE_TNCCS_DYNAMIC, test x$tnccs_dynamic = xtrue)
AM_CONDITIONAL(USE_LIBHYDRA, test x$charon = xtrue -o x$pluto = xtrue)
AM_CONDITIONAL(USE_LIBCHARON, test x$charon = xtrue -o x$conftest = xtrue)
AM_CONDITIONAL(USE_LIBTNCIF, test x$charon = xtrue -o x$conftest = xtrue -o x$imcv = xtrue)
+AM_CONDITIONAL(USE_LIBTNCCS, test x$tnccs = xtrue)
AM_CONDITIONAL(USE_FILE_CONFIG, test x$pluto = xtrue -o x$stroke = xtrue)
AM_CONDITIONAL(USE_IPSEC_SCRIPT, test x$pluto = xtrue -o x$stroke = xtrue -o x$tools = xtrue -o x$conftest = xtrue)
AM_CONDITIONAL(USE_LIBCAP, test x$capabilities = xlibcap)
AM_CONDITIONAL(USE_VSTR, test x$vstr = xtrue)
AM_CONDITIONAL(USE_SIMAKA, test x$simaka = xtrue)
AM_CONDITIONAL(USE_TLS, test x$tls = xtrue)
-AM_CONDITIONAL(USE_TNCCS, test x$tnccs = xtrue)
AM_CONDITIONAL(USE_IMCV, test x$imcv = xtrue)
AM_CONDITIONAL(USE_PTS, test x$pts = xtrue)
AM_CONDITIONAL(MONOLITHIC, test x$monolithic = xtrue)
src/libcharon/plugins/tnc_ifmap/Makefile
src/libcharon/plugins/tnc_imc/Makefile
src/libcharon/plugins/tnc_imv/Makefile
+ src/libcharon/plugins/tnc_tnccs/Makefile
src/libcharon/plugins/tnccs_11/Makefile
src/libcharon/plugins/tnccs_20/Makefile
src/libcharon/plugins/tnccs_dynamic/Makefile
.BR charon.plugins.tnc-imc.preferred_language " [en]"
Preferred language for TNC recommendations
.TP
-.BR charon.plugins.tnc-imc.tnc_config " [/etc/tnc_config]"
-TNC IMC configuration directory
-.TP
-.BR charon.plugins.tnc-imv.tnc_config " [/etc/tnc_config]"
-TNC IMV configuration directory
-.TP
.BR charon.plugins.whitelist.enable " [yes]"
enable loaded whitelist plugin
.SS libstrongswan section
.TP
.BR libstrongswan.plugins.pkcs11.use_hasher " [no]"
Whether the PKCS#11 modules should be used to hash data
+.SS libtnccs section
+.TP
+.BR libtnccs.tnc_config " [/etc/tnc_config]"
+TNC IMC/IMV configuration directory
.SS libimcv section
.TP
.BR libimcv.debug_level " [1]"
SUBDIRS += libtncif
endif
-if USE_TNCCS
+if USE_LIBTNCCS
SUBDIRS += libtnccs
endif
sa/tasks/ike_reauth.c sa/tasks/ike_reauth.h \
sa/tasks/ike_auth_lifetime.c sa/tasks/ike_auth_lifetime.h \
sa/tasks/ike_vendor.c sa/tasks/ike_vendor.h \
-sa/tasks/task.c sa/tasks/task.h \
-tnc/tnccs/tnccs.c tnc/tnccs/tnccs.h \
-tnc/tnccs/tnccs_manager.c tnc/tnccs/tnccs_manager.h
+sa/tasks/task.c sa/tasks/task.h
daemon.lo : $(top_builddir)/config.status
-I${linux_headers} \
-I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libhydra \
- -I$(top_srcdir)/src/libcharon \
- -I$(top_srcdir)/src/libtncif \
- -I$(top_srcdir)/src/libtnccs
+ -I$(top_srcdir)/src/libcharon
AM_CFLAGS = \
-DIPSEC_DIR=\"${ipsecdir}\" \
endif
endif
+if USE_TNC_TNCCS
+ SUBDIRS += plugins/tnc_tnccs
+if MONOLITHIC
+ libcharon_la_LIBADD += plugins/tnc_tnccs/libstrongswan-tnc_tnccs.la
+endif
+endif
+
if USE_TNCCS_11
SUBDIRS += plugins/tnccs_11
if MONOLITHIC
# endif /* CAPABILITIES_NATIVE */
#endif /* CAPABILITIES */
-#define USE_TNC /* for tnccs_manager */
-
#include "daemon.h"
#include <library.h>
DESTROY_IF(this->public.ike_sa_manager);
DESTROY_IF(this->public.controller);
DESTROY_IF(this->public.eap);
- DESTROY_IF(this->public.tnccs);
#ifdef ME
DESTROY_IF(this->public.connect_manager);
DESTROY_IF(this->public.mediation_manager);
charon = &this->public;
this->public.controller = controller_create();
this->public.eap = eap_manager_create();
- this->public.tnccs = tnccs_manager_create();
this->public.backends = backend_manager_create();
this->public.socket = socket_manager_create();
this->public.traps = trap_manager_create();
* @defgroup tasks tasks
* @ingroup sa
*
- * @defgroup tnc tnc
- * @ingroup libcharon
- *
* @addtogroup libcharon
* @{
*
#include <sa/shunt_manager.h>
#include <config/backend_manager.h>
#include <sa/authenticators/eap/eap_manager.h>
-#include <tnc/tnccs/tnccs_manager.h>
#ifdef ME
#include <sa/connect_manager.h>
*/
eap_manager_t *eap;
- /**
- * TNCCS manager to maintain registered TNCCS protocols
- */
- tnccs_manager_t *tnccs;
-
#ifdef ME
/**
* Connect manager
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
- -I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libtls \
- -I$(top_srcdir)/src/libtncif
+INCLUDES = \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon \
+ -I$(top_srcdir)/src/libtls \
+ -I$(top_srcdir)/src/libtncif \
+ -I$(top_srcdir)/src/libtnccs
AM_CFLAGS = -rdynamic
noinst_LTLIBRARIES = libstrongswan-eap-tnc.la
else
plugin_LTLIBRARIES = libstrongswan-eap-tnc.la
-libstrongswan_eap_tnc_la_LIBADD = $(top_builddir)/src/libtls/libtls.la
+libstrongswan_eap_tnc_la_LIBADD = \
+ $(top_builddir)/src/libtls/libtls.la \
+ $(top_builddir)/src/libtnccs/libtnccs.la
endif
libstrongswan_eap_tnc_la_SOURCES = \
#include "eap_tnc.h"
+#include <tnc/tnc.h>
+#include <tnc/tnccs/tnccs_manager.h>
#include <tls_eap.h>
#include <debug.h>
-#define USE_TNC
-
-#include <daemon.h>
-
typedef struct private_eap_tnc_t private_eap_tnc_t;
/**
free(this);
return NULL;
}
- tnccs = charon->tnccs->create_instance(charon->tnccs, type, is_server);
+ tnccs = tnc->tnccs->create_instance(tnc->tnccs, type, is_server);
this->tls_eap = tls_eap_create(EAP_TNC, (tls_t*)tnccs, frag_size,
max_msg_count, include_length);
if (!this->tls_eap)
PLUGIN_CALLBACK(eap_method_register, eap_tnc_create_server),
PLUGIN_PROVIDE(EAP_SERVER, EAP_TNC),
PLUGIN_DEPENDS(EAP_SERVER, EAP_TTLS),
+ PLUGIN_DEPENDS(CUSTOM, "tnccs-manager"),
PLUGIN_CALLBACK(eap_method_register, eap_tnc_create_peer),
PLUGIN_PROVIDE(EAP_PEER, EAP_TNC),
PLUGIN_DEPENDS(EAP_PEER, EAP_TTLS),
+ PLUGIN_DEPENDS(CUSTOM, "tnccs-manager"),
};
*features = f;
return countof(f);
-I$(top_srcdir)/src/libtncif \
-I$(top_srcdir)/src/libtnccs
-AM_CFLAGS = -DUSE_TNC -rdynamic
+AM_CFLAGS = -rdynamic
if MONOLITHIC
noinst_LTLIBRARIES = libstrongswan-tnc-imc.la
else
plugin_LTLIBRARIES = libstrongswan-tnc-imc.la
+libstrongswan_tnc_imc_la_LIBADD = \
+ $(top_builddir)/src/libtncif/libtncif.la \
+ $(top_builddir)/src/libtnccs/libtnccs.la
endif
libstrongswan_tnc_imc_la_SOURCES = \
#ifndef TNC_IMC_H_
#define TNC_IMC_H_
-#include <imc/imc.h>
+#include <tnc/imc/imc.h>
/**
* Create an Integrity Measurement Collector.
* for more details.
*/
-#include <imc/imc_manager.h>
+#include <tnc/tnc.h>
+#include <tnc/imc/imc_manager.h>
+#include <tnc/tnccs/tnccs_manager.h>
#include <debug.h>
-#include <daemon.h>
#define TNC_IMVID_ANY 0xffff
TNC_MessageTypeList supported_types,
TNC_UInt32 type_count)
{
- imc_manager_t *imcs = lib->get(lib, "imc-manager");
-
- if (!imcs->is_registered(imcs, imc_id))
+ if (!tnc->imcs->is_registered(tnc->imcs, imc_id))
{
DBG1(DBG_TNC, "ignoring ReportMessageTypes() from unregistered IMC %u",
imc_id);
return TNC_RESULT_INVALID_PARAMETER;
}
- return imcs->set_message_types(imcs, imc_id, supported_types, type_count);
+ return tnc->imcs->set_message_types(tnc->imcs, imc_id, supported_types,
+ type_count);
}
/**
TNC_ConnectionID connection_id,
TNC_RetryReason reason)
{
- imc_manager_t *imcs = lib->get(lib, "imc-manager");
-
- if (!imcs->is_registered(imcs, imc_id))
+ if (!tnc->imcs->is_registered(tnc->imcs, imc_id))
{
DBG1(DBG_TNC, "ignoring RequestHandshakeRetry() from unregistered IMC %u",
imc_id);
return TNC_RESULT_INVALID_PARAMETER;
}
- return charon->tnccs->request_handshake_retry(charon->tnccs, TRUE, imc_id,
- connection_id, reason);
+ return tnc->tnccs->request_handshake_retry(tnc->tnccs, TRUE, imc_id,
+ connection_id, reason);
}
/**
TNC_UInt32 msg_len,
TNC_MessageType msg_type)
{
- imc_manager_t *imcs = lib->get(lib, "imc-manager");
-
- if (!imcs->is_registered(imcs, imc_id))
+ if (!tnc->imcs->is_registered(tnc->imcs, imc_id))
{
DBG1(DBG_TNC, "ignoring SendMessage() from unregistered IMC %u",
imc_id);
return TNC_RESULT_INVALID_PARAMETER;
}
- return charon->tnccs->send_message(charon->tnccs, imc_id, TNC_IMVID_ANY,
- connection_id, msg, msg_len, msg_type);
+ return tnc->tnccs->send_message(tnc->tnccs, imc_id, TNC_IMVID_ANY,
+ connection_id, msg, msg_len, msg_type);
}
/**
*/
#include "tnc_imc_manager.h"
+#include "tnc_imc.h"
#include <tncifimc.h>
-#include <debug.h>
-#include <library.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/mman.h>
+#include <unistd.h>
+#include <errno.h>
+#include <fcntl.h>
+
#include <utils/linked_list.h>
+#include <utils/lexparser.h>
+#include <debug.h>
typedef struct private_tnc_imc_manager_t private_tnc_imc_manager_t;
return removed_imc;
}
+METHOD(imc_manager_t, load_all, bool,
+ private_tnc_imc_manager_t *this, char *filename)
+{
+ int fd, line_nr = 0;
+ chunk_t src, line;
+ struct stat sb;
+ void *addr;
+
+ DBG1(DBG_TNC, "loading IMCs from '%s'", filename);
+ fd = open(filename, O_RDONLY);
+ if (fd == -1)
+ {
+ DBG1(DBG_TNC, "opening configuration file '%s' failed: %s", filename,
+ strerror(errno));
+ return FALSE;
+ }
+ if (fstat(fd, &sb) == -1)
+ {
+ DBG1(DBG_LIB, "getting file size of '%s' failed: %s", filename,
+ strerror(errno));
+ close(fd);
+ return FALSE;
+ }
+ addr = mmap(NULL, sb.st_size, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
+ if (addr == MAP_FAILED)
+ {
+ DBG1(DBG_LIB, "mapping '%s' failed: %s", filename, strerror(errno));
+ close(fd);
+ return FALSE;
+ }
+ src = chunk_create(addr, sb.st_size);
+
+ while (fetchline(&src, &line))
+ {
+ char *name, *path;
+ chunk_t token;
+ imc_t *imc;
+
+ line_nr++;
+
+ /* skip comments or empty lines */
+ if (*line.ptr == '#' || !eat_whitespace(&line))
+ {
+ continue;
+ }
+
+ /* determine keyword */
+ if (!extract_token(&token, ' ', &line))
+ {
+ DBG1(DBG_TNC, "line %d: keyword must be followed by a space",
+ line_nr);
+ return FALSE;
+ }
+
+ /* only interested in IMCs */
+ if (!match("IMC", &token))
+ {
+ continue;
+ }
+
+ /* advance to the IMC name and extract it */
+ if (!extract_token(&token, '"', &line) ||
+ !extract_token(&token, '"', &line))
+ {
+ DBG1(DBG_TNC, "line %d: IMC name must be set in double quotes",
+ line_nr);
+ return FALSE;
+ }
+
+ /* copy the IMC name */
+ name = malloc(token.len + 1);
+ memcpy(name, token.ptr, token.len);
+ name[token.len] = '\0';
+
+ /* advance to the IMC path and extract it */
+ if (!eat_whitespace(&line))
+ {
+ DBG1(DBG_TNC, "line %d: IMC path is missing", line_nr);
+ free(name);
+ return FALSE;
+ }
+ if (!extract_token(&token, ' ', &line))
+ {
+ token = line;
+ }
+
+ /* copy the IMC path */
+ path = malloc(token.len + 1);
+ memcpy(path, token.ptr, token.len);
+ path[token.len] = '\0';
+
+ /* load and register IMC instance */
+ imc = tnc_imc_create(name, path);
+ if (!imc)
+ {
+ free(name);
+ free(path);
+ return FALSE;
+ }
+ if (!add(this, imc))
+ {
+ if (imc->terminate &&
+ imc->terminate(imc->get_id(imc)) != TNC_RESULT_SUCCESS)
+ {
+ DBG1(DBG_TNC, "IMC \"%s\" not terminated successfully",
+ imc->get_name(imc));
+ }
+ imc->destroy(imc);
+ return FALSE;
+ }
+ DBG1(DBG_TNC, "IMC %u \"%s\" loaded from '%s'", imc->get_id(imc),
+ name, path);
+ }
+ munmap(addr, sb.st_size);
+ close(fd);
+ return TRUE;
+}
+
METHOD(imc_manager_t, is_registered, bool,
private_tnc_imc_manager_t *this, TNC_IMCID id)
{
.public = {
.add = _add,
.remove = _remove_, /* avoid name conflict with stdio.h */
+ .load_all = _load_all,
.is_registered = _is_registered,
.get_preferred_language = _get_preferred_language,
.notify_connection_change = _notify_connection_change,
#ifndef TNC_IMC_MANAGER_H_
#define TNC_IMC_MANAGER_H_
-#include <imc/imc_manager.h>
+#include <tnc/imc/imc_manager.h>
/**
* Create an IMC manager instance.
/*
- * Copyright (C) 2010 Andreas Steffen
+ * Copyright (C) 2010-2011 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
#include "tnc_imc_plugin.h"
#include "tnc_imc_manager.h"
-#include "tnc_imc.h"
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/mman.h>
-#include <unistd.h>
-#include <errno.h>
-#include <fcntl.h>
-
-#include <utils/lexparser.h>
-#include <debug.h>
+#include <tnc/tnc.h>
typedef struct private_tnc_imc_plugin_t private_tnc_imc_plugin_t;
* Public interface.
*/
tnc_imc_plugin_t public;
-
- /**
- * TNC IMC manager controlling Integrity Measurement Collectors
- */
- imc_manager_t *imcs;
};
-/**
- * load IMCs from a configuration file
- */
-static bool load_imcs(private_tnc_imc_plugin_t *this, char *filename)
-{
- int fd, line_nr = 0;
- chunk_t src, line;
- struct stat sb;
- void *addr;
-
- DBG1(DBG_TNC, "loading IMCs from '%s'", filename);
- fd = open(filename, O_RDONLY);
- if (fd == -1)
- {
- DBG1(DBG_TNC, "opening configuration file '%s' failed: %s", filename,
- strerror(errno));
- return FALSE;
- }
- if (fstat(fd, &sb) == -1)
- {
- DBG1(DBG_LIB, "getting file size of '%s' failed: %s", filename,
- strerror(errno));
- close(fd);
- return FALSE;
- }
- addr = mmap(NULL, sb.st_size, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
- if (addr == MAP_FAILED)
- {
- DBG1(DBG_LIB, "mapping '%s' failed: %s", filename, strerror(errno));
- close(fd);
- return FALSE;
- }
- src = chunk_create(addr, sb.st_size);
-
- while (fetchline(&src, &line))
- {
- char *name, *path;
- chunk_t token;
- imc_t *imc;
-
- line_nr++;
-
- /* skip comments or empty lines */
- if (*line.ptr == '#' || !eat_whitespace(&line))
- {
- continue;
- }
-
- /* determine keyword */
- if (!extract_token(&token, ' ', &line))
- {
- DBG1(DBG_TNC, "line %d: keyword must be followed by a space",
- line_nr);
- return FALSE;
- }
-
- /* only interested in IMCs */
- if (!match("IMC", &token))
- {
- continue;
- }
-
- /* advance to the IMC name and extract it */
- if (!extract_token(&token, '"', &line) ||
- !extract_token(&token, '"', &line))
- {
- DBG1(DBG_TNC, "line %d: IMC name must be set in double quotes",
- line_nr);
- return FALSE;
- }
-
- /* copy the IMC name */
- name = malloc(token.len + 1);
- memcpy(name, token.ptr, token.len);
- name[token.len] = '\0';
-
- /* advance to the IMC path and extract it */
- if (!eat_whitespace(&line))
- {
- DBG1(DBG_TNC, "line %d: IMC path is missing", line_nr);
- free(name);
- return FALSE;
- }
- if (!extract_token(&token, ' ', &line))
- {
- token = line;
- }
-
- /* copy the IMC path */
- path = malloc(token.len + 1);
- memcpy(path, token.ptr, token.len);
- path[token.len] = '\0';
-
- /* load and register IMC instance */
- imc = tnc_imc_create(name, path);
- if (!imc)
- {
- free(name);
- free(path);
- return FALSE;
- }
- if (!this->imcs->add(this->imcs, imc))
- {
- if (imc->terminate &&
- imc->terminate(imc->get_id(imc)) != TNC_RESULT_SUCCESS)
- {
- DBG1(DBG_TNC, "IMC \"%s\" not terminated successfully",
- imc->get_name(imc));
- }
- imc->destroy(imc);
- return FALSE;
- }
- DBG1(DBG_TNC, "IMC %u \"%s\" loaded from '%s'", imc->get_id(imc),
- name, path);
- }
- munmap(addr, sb.st_size);
- close(fd);
- return TRUE;
-}
-
METHOD(plugin_t, get_name, char*,
private_tnc_imc_plugin_t *this)
{
private_tnc_imc_plugin_t *this, plugin_feature_t *features[])
{
static plugin_feature_t f[] = {
- PLUGIN_PROVIDE(CUSTOM, "imc-manager"),
+ PLUGIN_CALLBACK(tnc_manager_register, tnc_imc_manager_create),
+ PLUGIN_PROVIDE(CUSTOM, "imc-manager"),
+ PLUGIN_DEPENDS(CUSTOM, "tnccs-manager"),
};
*features = f;
return countof(f);
METHOD(plugin_t, destroy, void,
private_tnc_imc_plugin_t *this)
{
- lib->set(lib, "imc-manager", NULL);
- this->imcs->destroy(this->imcs);
free(this);
}
plugin_t *tnc_imc_plugin_create(void)
{
private_tnc_imc_plugin_t *this;
- char *tnc_config;
INIT(this,
.public = {
.destroy = _destroy,
},
},
- .imcs = tnc_imc_manager_create(),
);
- lib->set(lib, "imc-manager", this->imcs);
-
- /* Load IMCs and abort if not all instances initalize successfully */
- tnc_config = lib->settings->get_str(lib->settings,
- "charon.plugins.tnc-imc.tnc_config", "/etc/tnc_config");
- if (!load_imcs(this, tnc_config))
- {
- destroy(this);
- return NULL;
- }
-
return &this->public.plugin;
}
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
- -I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libtncif
+INCLUDES = \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon \
+ -I$(top_srcdir)/src/libtncif \
+ -I$(top_srcdir)/src/libtnccs
-AM_CFLAGS = -DUSE_TNC -rdynamic
+AM_CFLAGS = -rdynamic
if MONOLITHIC
noinst_LTLIBRARIES = libstrongswan-tnc-imv.la
else
plugin_LTLIBRARIES = libstrongswan-tnc-imv.la
-libstrongswan_tnc_imv_la_LIBADD = $(top_builddir)/src/libtncif/libtncif.la
+libstrongswan_tnc_imv_la_LIBADD = \
+ $(top_builddir)/src/libtncif/libtncif.la \
+ $(top_builddir)/src/libtnccs/libtnccs.la
endif
libstrongswan_tnc_imv_la_SOURCES = \
* for more details.
*/
-#include "tnc_imv.h"
+#include <tnc/tnc.h>
+#include <tnc/imv/imv_manager.h>
+#include <tnc/tnccs/tnccs_manager.h>
#include <debug.h>
-#include <daemon.h>
#define TNC_IMCID_ANY 0xffff
TNC_MessageTypeList supported_types,
TNC_UInt32 type_count)
{
- if (!charon->imvs->is_registered(charon->imvs, imv_id))
+ if (!tnc->imvs->is_registered(tnc->imvs, imv_id))
{
DBG1(DBG_TNC, "ignoring ReportMessageTypes() from unregistered IMV %u",
imv_id);
return TNC_RESULT_INVALID_PARAMETER;
}
- return charon->imvs->set_message_types(charon->imvs, imv_id,
- supported_types, type_count);
+ return tnc->imvs->set_message_types(tnc->imvs, imv_id, supported_types,
+ type_count);
}
/**
TNC_ConnectionID connection_id,
TNC_RetryReason reason)
{
- if (!charon->imvs->is_registered(charon->imvs, imv_id))
+ if (!tnc->imvs->is_registered(tnc->imvs, imv_id))
{
DBG1(DBG_TNC, "ignoring RequestHandshakeRetry() from unregistered IMV %u",
imv_id);
return TNC_RESULT_INVALID_PARAMETER;
}
- return charon->tnccs->request_handshake_retry(charon->tnccs, FALSE, imv_id,
- connection_id, reason);
+ return tnc->tnccs->request_handshake_retry(tnc->tnccs, FALSE, imv_id,
+ connection_id, reason);
}
/**
TNC_UInt32 msg_len,
TNC_MessageType msg_type)
{
- if (!charon->imvs->is_registered(charon->imvs, imv_id))
+ if (!tnc->imvs->is_registered(tnc->imvs, imv_id))
{
DBG1(DBG_TNC, "ignoring SendMessage() from unregistered IMV %u",
imv_id);
return TNC_RESULT_INVALID_PARAMETER;
}
- return charon->tnccs->send_message(charon->tnccs, TNC_IMCID_ANY, imv_id,
- connection_id, msg, msg_len, msg_type);
+ return tnc->tnccs->send_message(tnc->tnccs, TNC_IMCID_ANY, imv_id,
+ connection_id, msg, msg_len, msg_type);
}
/**
TNC_IMV_Action_Recommendation recommendation,
TNC_IMV_Evaluation_Result evaluation)
{
- if (!charon->imvs->is_registered(charon->imvs, imv_id))
+ if (!tnc->imvs->is_registered(tnc->imvs, imv_id))
{
DBG1(DBG_TNC, "ignoring ProvideRecommendation() from unregistered IMV %u",
imv_id);
return TNC_RESULT_INVALID_PARAMETER;
}
- return charon->tnccs->provide_recommendation(charon->tnccs, imv_id,
- connection_id, recommendation, evaluation);
+ return tnc->tnccs->provide_recommendation(tnc->tnccs, imv_id, connection_id,
+ recommendation, evaluation);
}
/**
TNC_BufferReference buffer,
TNC_UInt32 *out_value_len)
{
- if (!charon->imvs->is_registered(charon->imvs, imv_id))
+ if (!tnc->imvs->is_registered(tnc->imvs, imv_id))
{
DBG1(DBG_TNC, "ignoring GetAttribute() from unregistered IMV %u",
imv_id);
return TNC_RESULT_INVALID_PARAMETER;
}
- return charon->tnccs->get_attribute(charon->tnccs, imv_id, connection_id,
+ return tnc->tnccs->get_attribute(tnc->tnccs, imv_id, connection_id,
attribute_id, buffer_len, buffer, out_value_len);
}
TNC_UInt32 buffer_len,
TNC_BufferReference buffer)
{
- if (!charon->imvs->is_registered(charon->imvs, imv_id))
+ if (!tnc->imvs->is_registered(tnc->imvs, imv_id))
{
DBG1(DBG_TNC, "ignoring SetAttribute() from unregistered IMV %u",
imv_id);
return TNC_RESULT_INVALID_PARAMETER;
}
- return charon->tnccs->set_attribute(charon->tnccs, imv_id, connection_id,
- attribute_id, buffer_len, buffer);
+ return tnc->tnccs->set_attribute(tnc->tnccs, imv_id, connection_id,
+ attribute_id, buffer_len, buffer);
}
/**
*/
#include "tnc_imv_manager.h"
+#include "tnc_imv.h"
#include "tnc_imv_recommendations.h"
-#include <tnc/imv/imv_manager.h>
-
#include <tncifimv.h>
#include <tncif_names.h>
-#include <debug.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/mman.h>
+#include <unistd.h>
+#include <errno.h>
+#include <fcntl.h>
+
#include <daemon.h>
+#include <utils/lexparser.h>
+#include <debug.h>
#include <threading/mutex.h>
typedef struct private_tnc_imv_manager_t private_tnc_imv_manager_t;
return removed_imv;
}
+METHOD(imv_manager_t, load_all, bool,
+ private_tnc_imv_manager_t *this, char *filename)
+{
+ int fd, line_nr = 0;
+ chunk_t src, line;
+ struct stat sb;
+ void *addr;
+
+ DBG1(DBG_TNC, "loading IMVs from '%s'", filename);
+ fd = open(filename, O_RDONLY);
+ if (fd == -1)
+ {
+ DBG1(DBG_TNC, "opening configuration file '%s' failed: %s", filename,
+ strerror(errno));
+ return FALSE;
+ }
+ if (fstat(fd, &sb) == -1)
+ {
+ DBG1(DBG_LIB, "getting file size of '%s' failed: %s", filename,
+ strerror(errno));
+ close(fd);
+ return FALSE;
+ }
+ addr = mmap(NULL, sb.st_size, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
+ if (addr == MAP_FAILED)
+ {
+ DBG1(DBG_LIB, "mapping '%s' failed: %s", filename, strerror(errno));
+ close(fd);
+ return FALSE;
+ }
+ src = chunk_create(addr, sb.st_size);
+
+ while (fetchline(&src, &line))
+ {
+ char *name, *path;
+ chunk_t token;
+ imv_t *imv;
+
+ line_nr++;
+
+ /* skip comments or empty lines */
+ if (*line.ptr == '#' || !eat_whitespace(&line))
+ {
+ continue;
+ }
+
+ /* determine keyword */
+ if (!extract_token(&token, ' ', &line))
+ {
+ DBG1(DBG_TNC, "line %d: keyword must be followed by a space",
+ line_nr);
+ return FALSE;
+ }
+
+ /* only interested in IMVs */
+ if (!match("IMV", &token))
+ {
+ continue;
+ }
+
+ /* advance to the IMV name and extract it */
+ if (!extract_token(&token, '"', &line) ||
+ !extract_token(&token, '"', &line))
+ {
+ DBG1(DBG_TNC, "line %d: IMV name must be set in double quotes",
+ line_nr);
+ return FALSE;
+ }
+
+ /* copy the IMV name */
+ name = malloc(token.len + 1);
+ memcpy(name, token.ptr, token.len);
+ name[token.len] = '\0';
+
+ /* advance to the IMV path and extract it */
+ if (!eat_whitespace(&line))
+ {
+ DBG1(DBG_TNC, "line %d: IMV path is missing", line_nr);
+ free(name);
+ return FALSE;
+ }
+ if (!extract_token(&token, ' ', &line))
+ {
+ token = line;
+ }
+
+ /* copy the IMV path */
+ path = malloc(token.len + 1);
+ memcpy(path, token.ptr, token.len);
+ path[token.len] = '\0';
+
+ /* load and register IMV instance */
+ imv = tnc_imv_create(name, path);
+ if (!imv)
+ {
+ free(name);
+ free(path);
+ return FALSE;
+ }
+ if (!add(this, imv))
+ {
+ if (imv->terminate &&
+ imv->terminate(imv->get_id(imv)) != TNC_RESULT_SUCCESS)
+ {
+ DBG1(DBG_TNC, "IMV \"%s\" not terminated successfully",
+ imv->get_name(imv));
+ }
+ imv->destroy(imv);
+ return FALSE;
+ }
+ DBG1(DBG_TNC, "IMV %u \"%s\" loaded from '%s'", imv->get_id(imv),
+ name, path);
+ }
+ munmap(addr, sb.st_size);
+ close(fd);
+ return TRUE;
+}
+
METHOD(imv_manager_t, is_registered, bool,
private_tnc_imv_manager_t *this, TNC_IMVID id)
{
enumerator->destroy(enumerator);
}
+
METHOD(imv_manager_t, destroy, void,
private_tnc_imv_manager_t *this)
{
.public = {
.add = _add,
.remove = _remove_, /* avoid name conflict with stdio.h */
+ .load_all = _load_all,
.is_registered = _is_registered,
.get_recommendation_policy = _get_recommendation_policy,
.create_recommendations = _create_recommendations,
.imvs = linked_list_create(),
.next_imv_id = 1,
);
+
policy = enum_from_name(recommendation_policy_names,
lib->settings->get_str(lib->settings,
"charon.plugins.tnc-imv.recommendation_policy", "default"));
/*
- * Copyright (C) 2010 Andreas Steffen
+ * Copyright (C) 2010-2011 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
#include "tnc_imv_plugin.h"
#include "tnc_imv_manager.h"
-#include "tnc_imv.h"
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/mman.h>
-#include <unistd.h>
-#include <errno.h>
-#include <fcntl.h>
+#include <tnc/tnc.h>
-#include <utils/lexparser.h>
-#include <debug.h>
typedef struct private_tnc_imv_plugin_t private_tnc_imv_plugin_t;
*/
tnc_imv_plugin_t public;
- /**
- * TNC IMV manager controlling Integrity Measurement Verifiers
- */
- imv_manager_t *imvs;
};
-/**
- * load IMVs from a configuration file
- */
-static bool load_imvs(private_tnc_imv_plugin_t *this, char *filename)
-{
- int fd, line_nr = 0;
- chunk_t src, line;
- struct stat sb;
- void *addr;
-
- DBG1(DBG_TNC, "loading IMVs from '%s'", filename);
- fd = open(filename, O_RDONLY);
- if (fd == -1)
- {
- DBG1(DBG_TNC, "opening configuration file '%s' failed: %s", filename,
- strerror(errno));
- return FALSE;
- }
- if (fstat(fd, &sb) == -1)
- {
- DBG1(DBG_LIB, "getting file size of '%s' failed: %s", filename,
- strerror(errno));
- close(fd);
- return FALSE;
- }
- addr = mmap(NULL, sb.st_size, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
- if (addr == MAP_FAILED)
- {
- DBG1(DBG_LIB, "mapping '%s' failed: %s", filename, strerror(errno));
- close(fd);
- return FALSE;
- }
- src = chunk_create(addr, sb.st_size);
-
- while (fetchline(&src, &line))
- {
- char *name, *path;
- chunk_t token;
- imv_t *imv;
-
- line_nr++;
-
- /* skip comments or empty lines */
- if (*line.ptr == '#' || !eat_whitespace(&line))
- {
- continue;
- }
-
- /* determine keyword */
- if (!extract_token(&token, ' ', &line))
- {
- DBG1(DBG_TNC, "line %d: keyword must be followed by a space",
- line_nr);
- return FALSE;
- }
-
- /* only interested in IMVs */
- if (!match("IMV", &token))
- {
- continue;
- }
-
- /* advance to the IMV name and extract it */
- if (!extract_token(&token, '"', &line) ||
- !extract_token(&token, '"', &line))
- {
- DBG1(DBG_TNC, "line %d: IMV name must be set in double quotes",
- line_nr);
- return FALSE;
- }
-
- /* copy the IMV name */
- name = malloc(token.len + 1);
- memcpy(name, token.ptr, token.len);
- name[token.len] = '\0';
-
- /* advance to the IMV path and extract it */
- if (!eat_whitespace(&line))
- {
- DBG1(DBG_TNC, "line %d: IMV path is missing", line_nr);
- free(name);
- return FALSE;
- }
- if (!extract_token(&token, ' ', &line))
- {
- token = line;
- }
-
- /* copy the IMV path */
- path = malloc(token.len + 1);
- memcpy(path, token.ptr, token.len);
- path[token.len] = '\0';
-
- /* load and register IMV instance */
- imv = tnc_imv_create(name, path);
- if (!imv)
- {
- free(name);
- free(path);
- return FALSE;
- }
- if (!this->imvs->add(this->imvs, imv))
- {
- if (imv->terminate &&
- imv->terminate(imv->get_id(imv)) != TNC_RESULT_SUCCESS)
- {
- DBG1(DBG_TNC, "IMV \"%s\" not terminated successfully",
- imv->get_name(imv));
- }
- imv->destroy(imv);
- return FALSE;
- }
- DBG1(DBG_TNC, "IMV %u \"%s\" loaded from '%s'", imv->get_id(imv),
- name, path);
- }
- munmap(addr, sb.st_size);
- close(fd);
- return TRUE;
-}
METHOD(plugin_t, get_name, char*,
tnc_imv_plugin_t *this)
private_tnc_imv_plugin_t *this, plugin_feature_t *features[])
{
static plugin_feature_t f[] = {
- PLUGIN_PROVIDE(CUSTOM, "imv-manager"),
+ PLUGIN_CALLBACK(tnc_manager_register, tnc_imv_manager_create),
+ PLUGIN_PROVIDE(CUSTOM, "imv-manager"),
+ PLUGIN_DEPENDS(CUSTOM, "tnccs-manager"),
};
*features = f;
return countof(f);
}
METHOD(plugin_t, destroy, void,
- tnc_imv_plugin_t *this)
+ private_tnc_imv_plugin_t *this)
{
- lib->set(lib, "imv-manager", NULL);
- this->imvs->destroy(this->imvs);
free(this);
}
*/
plugin_t *tnc_imv_plugin_create()
{
- char *tnc_config;
- tnc_imv_plugin_t *this;
+ private_tnc_imv_plugin_t *this;
INIT(this,
.public = {
.destroy = _destroy,
},
},
- .imvs = tnc_imv_manager_create(),
);
- lib->set(lib, "imv-manager", this->imvs);
-
- /* Load IMVs and abort if not all instances initalize successfully */
- tnc_config = lib->settings->get_str(lib->settings,
- "charon.plugins.tnc-imv.tnc_config", "/etc/tnc_config");
- if (!load_imvs(this, tnc_config))
- {
- destroy(this);
- return NULL;
- }
return &this->public.plugin;
}
* for more details.
*/
-#include <debug.h>
-#include <daemon.h>
-
#include <tncifimv.h>
#include <tncif_names.h>
+#include <tnc/tnc.h>
#include <tnc/imv/imv.h>
+#include <tnc/imv/imv_manager.h>
#include <tnc/imv/imv_recommendations.h>
+#include <debug.h>
+#include <utils/linked_list.h>
+
typedef struct private_tnc_imv_recommendations_t private_tnc_imv_recommendations_t;
typedef struct recommendation_entry_t recommendation_entry_t;
DBG1(DBG_TNC, "there are no IMVs to make a recommendation");
return TRUE;
}
- policy = charon->imvs->get_recommendation_policy(charon->imvs);
+ policy = tnc->imvs->get_recommendation_policy(tnc->imvs);
enumerator = this->recs->create_enumerator(this->recs);
while (enumerator->enumerate(enumerator, &entry))
--- /dev/null
+
+INCLUDES = \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libtncif \
+ -I$(top_srcdir)/src/libtnccs
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-tnc-tnccs.la
+else
+plugin_LTLIBRARIES = libstrongswan-tnc-tnccs.la
+libstrongswan_tnc_tnccs_la_LIBADD = \
+ $(top_builddir)/src/libtncif/libtncif.la \
+ $(top_builddir)/src/libtnccs/libtnccs.la
+endif
+
+libstrongswan_tnc_tnccs_la_SOURCES = \
+ tnc_tnccs_plugin.h tnc_tnccs_plugin.c \
+ tnc_tnccs_manager.h tnc_tnccs_manager.c
+
+libstrongswan_tnc_tnccs_la_LDFLAGS = -module -avoid-version
--- /dev/null
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "tnc_tnccs_manager.h"
+
+#include <tnc/tnc.h>
+#include <tnc/imv/imv_manager.h>
+#include <tnc/imc/imc_manager.h>
+#include <tnc/imv/imv_manager.h>
+
+#include <debug.h>
+#include <utils/linked_list.h>
+#include <threading/rwlock.h>
+
+typedef struct private_tnc_tnccs_manager_t private_tnc_tnccs_manager_t;
+typedef struct tnccs_entry_t tnccs_entry_t;
+typedef struct tnccs_connection_entry_t tnccs_connection_entry_t;
+
+/**
+ * TNCCS constructor entry
+ */
+struct tnccs_entry_t {
+
+ /**
+ * TNCCS protocol type
+ */
+ tnccs_type_t type;
+
+ /**
+ * constructor function to create instance
+ */
+ tnccs_constructor_t constructor;
+};
+
+/**
+ * TNCCS connection entry
+ */
+struct tnccs_connection_entry_t {
+
+ /**
+ * TNCCS connection ID
+ */
+ TNC_ConnectionID id;
+
+ /**
+ * TNCCS instance
+ */
+ tnccs_t *tnccs;
+
+ /**
+ * TNCCS send message function
+ */
+ tnccs_send_message_t send_message;
+
+ /**
+ * TNCCS request handshake retry flag
+ */
+ bool *request_handshake_retry;
+
+ /**
+ * collection of IMV recommendations
+ */
+ recommendations_t *recs;
+};
+
+/**
+ * private data of tnc_tnccs_manager
+ */
+struct private_tnc_tnccs_manager_t {
+
+ /**
+ * public functions
+ */
+ tnccs_manager_t public;
+
+ /**
+ * list of TNCCS protocol entries
+ */
+ linked_list_t *protocols;
+
+ /**
+ * rwlock to lock the TNCCS protocol entries
+ */
+ rwlock_t *protocol_lock;
+
+ /**
+ * connection ID counter
+ */
+ TNC_ConnectionID connection_id;
+
+ /**
+ * list of TNCCS connection entries
+ */
+ linked_list_t *connections;
+
+ /**
+ * rwlock to lock TNCCS connection entries
+ */
+ rwlock_t *connection_lock;
+
+};
+
+METHOD(tnccs_manager_t, add_method, void,
+ private_tnc_tnccs_manager_t *this, tnccs_type_t type,
+ tnccs_constructor_t constructor)
+{
+ tnccs_entry_t *entry;
+
+ entry = malloc_thing(tnccs_entry_t);
+ entry->type = type;
+ entry->constructor = constructor;
+
+ this->protocol_lock->write_lock(this->protocol_lock);
+ this->protocols->insert_last(this->protocols, entry);
+ this->protocol_lock->unlock(this->protocol_lock);
+}
+
+METHOD(tnccs_manager_t, remove_method, void,
+ private_tnc_tnccs_manager_t *this, tnccs_constructor_t constructor)
+{
+ enumerator_t *enumerator;
+ tnccs_entry_t *entry;
+
+ this->protocol_lock->write_lock(this->protocol_lock);
+ enumerator = this->protocols->create_enumerator(this->protocols);
+ while (enumerator->enumerate(enumerator, &entry))
+ {
+ if (constructor == entry->constructor)
+ {
+ this->protocols->remove_at(this->protocols, enumerator);
+ free(entry);
+ }
+ }
+ enumerator->destroy(enumerator);
+ this->protocol_lock->unlock(this->protocol_lock);
+}
+
+METHOD(tnccs_manager_t, create_instance, tnccs_t*,
+ private_tnc_tnccs_manager_t *this, tnccs_type_t type, bool is_server)
+{
+ enumerator_t *enumerator;
+ tnccs_entry_t *entry;
+ tnccs_t *protocol = NULL;
+
+ this->protocol_lock->read_lock(this->protocol_lock);
+ enumerator = this->protocols->create_enumerator(this->protocols);
+ while (enumerator->enumerate(enumerator, &entry))
+ {
+ if (type == entry->type)
+ {
+ protocol = entry->constructor(is_server);
+ if (protocol)
+ {
+ break;
+ }
+ }
+ }
+ enumerator->destroy(enumerator);
+ this->protocol_lock->unlock(this->protocol_lock);
+
+ return protocol;
+}
+
+METHOD(tnccs_manager_t, create_connection, TNC_ConnectionID,
+ private_tnc_tnccs_manager_t *this, tnccs_t *tnccs,
+ tnccs_send_message_t send_message, bool* request_handshake_retry,
+ recommendations_t **recs)
+{
+ tnccs_connection_entry_t *entry;
+
+ entry = malloc_thing(tnccs_connection_entry_t);
+ entry->tnccs = tnccs;
+ entry->send_message = send_message;
+ entry->request_handshake_retry = request_handshake_retry;
+ if (recs)
+ {
+ /* we assume a TNC Server needing recommendations from IMVs */
+ if (!tnc->imvs)
+ {
+ DBG1(DBG_TNC, "no IMV manager available!");
+ free(entry);
+ return 0;
+ }
+ entry->recs = tnc->imvs->create_recommendations(tnc->imvs);
+ *recs = entry->recs;
+ }
+ else
+ {
+ /* we assume a TNC Client */
+ if (!tnc->imcs)
+ {
+ DBG1(DBG_TNC, "no IMC manager available!");
+ free(entry);
+ return 0;
+ }
+ entry->recs = NULL;
+ }
+ this->connection_lock->write_lock(this->connection_lock);
+ entry->id = ++this->connection_id;
+ this->connections->insert_last(this->connections, entry);
+ this->connection_lock->unlock(this->connection_lock);
+
+ DBG1(DBG_TNC, "assigned TNCCS Connection ID %u", entry->id);
+ return entry->id;
+}
+
+METHOD(tnccs_manager_t, remove_connection, void,
+ private_tnc_tnccs_manager_t *this, TNC_ConnectionID id, bool is_server)
+{
+ enumerator_t *enumerator;
+ tnccs_connection_entry_t *entry;
+
+ if (is_server)
+ {
+ if (tnc->imvs)
+ {
+ tnc->imvs->notify_connection_change(tnc->imvs, id,
+ TNC_CONNECTION_STATE_DELETE);
+ }
+ }
+ else
+ {
+ if (tnc->imcs)
+ {
+ tnc->imcs->notify_connection_change(tnc->imcs, id,
+ TNC_CONNECTION_STATE_DELETE);
+ }
+ }
+
+ this->connection_lock->write_lock(this->connection_lock);
+ enumerator = this->connections->create_enumerator(this->connections);
+ while (enumerator->enumerate(enumerator, &entry))
+ {
+ if (id == entry->id)
+ {
+ this->connections->remove_at(this->connections, enumerator);
+ if (entry->recs)
+ {
+ entry->recs->destroy(entry->recs);
+ }
+ free(entry);
+ DBG1(DBG_TNC, "removed TNCCS Connection ID %u", id);
+ }
+ }
+ enumerator->destroy(enumerator);
+ this->connection_lock->unlock(this->connection_lock);
+}
+
+METHOD(tnccs_manager_t, request_handshake_retry, TNC_Result,
+ private_tnc_tnccs_manager_t *this, bool is_imc, TNC_UInt32 imcv_id,
+ TNC_ConnectionID id,
+ TNC_RetryReason reason)
+{
+ enumerator_t *enumerator;
+ tnccs_connection_entry_t *entry;
+
+ if (id == TNC_CONNECTIONID_ANY)
+ {
+ DBG2(DBG_TNC, "%s %u requests handshake retry for all connections "
+ "(reason: %u)", is_imc ? "IMC":"IMV", reason);
+ }
+ else
+ {
+ DBG2(DBG_TNC, "%s %u requests handshake retry for Connection ID %u "
+ "(reason: %u)", is_imc ? "IMC":"IMV", imcv_id, id, reason);
+ }
+ this->connection_lock->read_lock(this->connection_lock);
+ enumerator = this->connections->create_enumerator(this->connections);
+ while (enumerator->enumerate(enumerator, &entry))
+ {
+ if (id == TNC_CONNECTIONID_ANY || id == entry->id)
+ {
+ *entry->request_handshake_retry = TRUE;
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ this->connection_lock->unlock(this->connection_lock);
+
+ return TNC_RESULT_SUCCESS;
+}
+
+METHOD(tnccs_manager_t, send_message, TNC_Result,
+ private_tnc_tnccs_manager_t *this, TNC_IMCID imc_id, TNC_IMVID imv_id,
+ TNC_ConnectionID id,
+ TNC_BufferReference msg,
+ TNC_UInt32 msg_len,
+ TNC_MessageType msg_type)
+
+{
+ enumerator_t *enumerator;
+ tnccs_connection_entry_t *entry;
+ tnccs_send_message_t send_message = NULL;
+ tnccs_t *tnccs = NULL;
+ TNC_VendorID msg_vid;
+ TNC_MessageSubtype msg_subtype;
+
+ msg_vid = (msg_type >> 8) & TNC_VENDORID_ANY;
+ msg_subtype = msg_type & TNC_SUBTYPE_ANY;
+
+ if (msg_vid == TNC_VENDORID_ANY || msg_subtype == TNC_SUBTYPE_ANY)
+ {
+ DBG1(DBG_TNC, "not sending message of invalid type 0x%08x", msg_type);
+ return TNC_RESULT_INVALID_PARAMETER;
+ }
+
+ this->connection_lock->read_lock(this->connection_lock);
+ enumerator = this->connections->create_enumerator(this->connections);
+ while (enumerator->enumerate(enumerator, &entry))
+ {
+ if (id == entry->id)
+ {
+ tnccs = entry->tnccs;
+ send_message = entry->send_message;
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ this->connection_lock->unlock(this->connection_lock);
+
+ if (tnccs && send_message)
+ {
+ return send_message(tnccs, imc_id, imv_id, msg, msg_len, msg_type);
+ }
+ return TNC_RESULT_FATAL;
+}
+
+METHOD(tnccs_manager_t, provide_recommendation, TNC_Result,
+ private_tnc_tnccs_manager_t *this, TNC_IMVID imv_id,
+ TNC_ConnectionID id,
+ TNC_IMV_Action_Recommendation rec,
+ TNC_IMV_Evaluation_Result eval)
+{
+ enumerator_t *enumerator;
+ tnccs_connection_entry_t *entry;
+ recommendations_t *recs = NULL;
+
+ this->connection_lock->read_lock(this->connection_lock);
+ enumerator = this->connections->create_enumerator(this->connections);
+ while (enumerator->enumerate(enumerator, &entry))
+ {
+ if (id == entry->id)
+ {
+ recs = entry->recs;
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ this->connection_lock->unlock(this->connection_lock);
+
+ if (recs)
+ {
+ recs->provide_recommendation(recs, imv_id, rec, eval);
+ return TNC_RESULT_SUCCESS;
+ }
+ return TNC_RESULT_FATAL;
+}
+
+METHOD(tnccs_manager_t, get_attribute, TNC_Result,
+ private_tnc_tnccs_manager_t *this, TNC_IMVID imv_id,
+ TNC_ConnectionID id,
+ TNC_AttributeID attribute_id,
+ TNC_UInt32 buffer_len,
+ TNC_BufferReference buffer,
+ TNC_UInt32 *out_value_len)
+{
+ enumerator_t *enumerator;
+ tnccs_connection_entry_t *entry;
+ recommendations_t *recs = NULL;
+
+ if (id == TNC_CONNECTIONID_ANY ||
+ attribute_id != TNC_ATTRIBUTEID_PREFERRED_LANGUAGE)
+ {
+ return TNC_RESULT_INVALID_PARAMETER;
+ }
+
+ this->connection_lock->read_lock(this->connection_lock);
+ enumerator = this->connections->create_enumerator(this->connections);
+ while (enumerator->enumerate(enumerator, &entry))
+ {
+ if (id == entry->id)
+ {
+ recs = entry->recs;
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ this->connection_lock->unlock(this->connection_lock);
+
+ if (recs)
+ {
+ chunk_t pref_lang;
+
+ pref_lang = recs->get_preferred_language(recs);
+ if (pref_lang.len == 0)
+ {
+ return TNC_RESULT_INVALID_PARAMETER;
+ }
+ *out_value_len = pref_lang.len;
+ if (buffer && buffer_len >= pref_lang.len)
+ {
+ memcpy(buffer, pref_lang.ptr, pref_lang.len);
+ }
+ return TNC_RESULT_SUCCESS;
+ }
+ return TNC_RESULT_INVALID_PARAMETER;
+}
+
+METHOD(tnccs_manager_t, set_attribute, TNC_Result,
+ private_tnc_tnccs_manager_t *this, TNC_IMVID imv_id,
+ TNC_ConnectionID id,
+ TNC_AttributeID attribute_id,
+ TNC_UInt32 buffer_len,
+ TNC_BufferReference buffer)
+{
+ enumerator_t *enumerator;
+ tnccs_connection_entry_t *entry;
+ recommendations_t *recs = NULL;
+
+ if (id == TNC_CONNECTIONID_ANY ||
+ (attribute_id != TNC_ATTRIBUTEID_REASON_STRING &&
+ attribute_id != TNC_ATTRIBUTEID_REASON_LANGUAGE))
+ {
+ return TNC_RESULT_INVALID_PARAMETER;
+ }
+
+ this->connection_lock->read_lock(this->connection_lock);
+ enumerator = this->connections->create_enumerator(this->connections);
+ while (enumerator->enumerate(enumerator, &entry))
+ {
+ if (id == entry->id)
+ {
+ recs = entry->recs;
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ this->connection_lock->unlock(this->connection_lock);
+
+ if (recs)
+ {
+ chunk_t attribute = { buffer, buffer_len };
+
+ if (attribute_id == TNC_ATTRIBUTEID_REASON_STRING)
+ {
+ return recs->set_reason_string(recs, imv_id, attribute);
+ }
+ else
+ {
+ return recs->set_reason_language(recs, imv_id, attribute);
+ }
+ }
+ return TNC_RESULT_INVALID_PARAMETER;
+}
+
+METHOD(tnccs_manager_t, destroy, void,
+ private_tnc_tnccs_manager_t *this)
+{
+ this->protocols->destroy_function(this->protocols, free);
+ this->protocol_lock->destroy(this->protocol_lock);
+ this->connections->destroy_function(this->connections, free);
+ this->connection_lock->destroy(this->connection_lock);
+ free(this);
+}
+
+/*
+ * See header
+ */
+tnccs_manager_t *tnc_tnccs_manager_create()
+{
+ private_tnc_tnccs_manager_t *this;
+
+ INIT(this,
+ .public = {
+ .add_method = _add_method,
+ .remove_method = _remove_method,
+ .create_instance = _create_instance,
+ .create_connection = _create_connection,
+ .remove_connection = _remove_connection,
+ .request_handshake_retry = _request_handshake_retry,
+ .send_message = _send_message,
+ .provide_recommendation = _provide_recommendation,
+ .get_attribute = _get_attribute,
+ .set_attribute = _set_attribute,
+ .destroy = _destroy,
+ },
+ .protocols = linked_list_create(),
+ .connections = linked_list_create(),
+ .protocol_lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
+ .connection_lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
+ );
+
+ return &this->public;
+}
+
--- /dev/null
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ *
+ * @defgroup tnc_tnccs_manager tnc_tnccs_manager
+ * @{ @ingroup tnc_tnccs
+ */
+
+#ifndef TNC_TNCCS_MANAGER_H_
+#define TNC_TNCCS_MANAGER_H_
+
+#include <tnc/tnccs/tnccs_manager.h>
+
+/**
+ * Create a TNCCS manager instance.
+ */
+tnccs_manager_t *tnc_tnccs_manager_create();
+
+#endif /** TNC_TNCCS_MANAGER_H_ @}*/
--- /dev/null
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "tnc_tnccs_plugin.h"
+#include "tnc_tnccs_manager.h"
+
+#include <tnc/tnc.h>
+
+typedef struct private_tnc_tnccs_plugin_t private_tnc_tnccs_plugin_t;
+
+/**
+ * Private data of a tnc_tnccs_plugin_t object.
+ */
+struct private_tnc_tnccs_plugin_t {
+
+ /**
+ * Public interface.
+ */
+ tnc_tnccs_plugin_t public;
+
+};
+
+
+METHOD(plugin_t, get_name, char*,
+ private_tnc_tnccs_plugin_t *this)
+{
+ return "tnc-tnccs";
+}
+
+METHOD(plugin_t, get_features, int,
+ private_tnc_tnccs_plugin_t *this, plugin_feature_t *features[])
+{
+ static plugin_feature_t f[] = {
+ PLUGIN_CALLBACK(tnc_manager_register, tnc_tnccs_manager_create),
+ PLUGIN_PROVIDE(CUSTOM, "tnccs-manager"),
+ };
+ *features = f;
+ return countof(f);
+}
+
+METHOD(plugin_t, destroy, void,
+ private_tnc_tnccs_plugin_t *this)
+{
+ libtnccs_deinit();
+ free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *tnc_tnccs_plugin_create(void)
+{
+ private_tnc_tnccs_plugin_t *this;
+
+ INIT(this,
+ .public = {
+ .plugin = {
+ .get_name = _get_name,
+ .get_features = _get_features,
+ .destroy = _destroy,
+ },
+ },
+ );
+
+ libtnccs_init();
+
+ return &this->public.plugin;
+}
+
--- /dev/null
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tnccs tnccs
+ * @ingroup cplugins
+ *
+ * @defgroup tnc_tnccs_plugin tnc_tnccs_plugin
+ * @{ @ingroup tnccs
+ */
+
+#ifndef TNC_TNCCS_PLUGIN_H_
+#define TNC_TNCCS_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct tnc_tnccs_plugin_t tnc_tnccs_plugin_t;
+
+/**
+ * TNCCS manager plugin
+ */
+struct tnc_tnccs_plugin_t {
+
+ /**
+ * implements plugin interface
+ */
+ plugin_t plugin;
+};
+
+#endif /** TNC_TNCCS_PLUGIN_H_ @}*/
-I$(top_srcdir)/src/libtnccs \
${xml_CFLAGS}
-AM_CFLAGS = -DUSE_TNC -rdynamic
+AM_CFLAGS = -rdynamic
libstrongswan_tnccs_11_la_LIBADD = ${xml_LIBS}
#include "tnccs_batch.h"
#include "messages/tnccs_error_msg.h"
-#include <debug.h>
-#include <utils/linked_list.h>
#include <tnc/tnccs/tnccs.h>
+#include <utils/linked_list.h>
+#include <debug.h>
+
#include <libxml/parser.h>
typedef struct private_tnccs_batch_t private_tnccs_batch_t;
#include "imc_imv_msg.h"
#include <tnc/tnccs/tnccs.h>
-#include <debug.h>
+
#include <utils/lexparser.h>
+#include <debug.h>
typedef struct private_imc_imv_msg_t private_imc_imv_msg_t;
#include <tncif_names.h>
#include <tncif_pa_subtypes.h>
-#include <imc/imc_manager.h>
+#include <tnc/tnc.h>
+#include <tnc/imc/imc_manager.h>
+#include <tnc/imv/imv_manager.h>
+#include <tnc/tnccs/tnccs.h>
+#include <tnc/tnccs/tnccs_manager.h>
-#include <daemon.h>
#include <debug.h>
#include <threading/mutex.h>
-#include <tnc/tnccs/tnccs.h>
typedef struct private_tnccs_11_t private_tnccs_11_t;
*/
recommendations_t *recs;
- /**
- * TNC IMC manager controlling Integrity Measurement Collectors
- */
- imc_manager_t *imcs;
-
- /**
- * TNC IMV manager controlling Integrity Measurement Verifiers
- */
- imc_manager_t *imvs;
-
};
METHOD(tnccs_t, send_msg, TNC_Result,
this->send_msg = TRUE;
if (this->is_server)
{
- this->imvs->receive_message(this->imvs,
+ tnc->imvs->receive_message(tnc->imvs,
this->connection_id, msg_body.ptr, msg_body.len, msg_type);
}
else
{
- this->imcs->receive_message(this->imcs,
+ tnc->imcs->receive_message(tnc->imcs,
this->connection_id, msg_body.ptr, msg_body.len,msg_type);
}
this->send_msg = FALSE;
default:
state = TNC_CONNECTION_STATE_ACCESS_NONE;
}
- this->imcs->notify_connection_change(this->imcs,
- this->connection_id, state);
+ tnc->imcs->notify_connection_change(tnc->imcs, this->connection_id,
+ state);
this->delete_state = TRUE;
break;
}
if (this->is_server && !this->connection_id)
{
- this->connection_id = charon->tnccs->create_connection(charon->tnccs,
+ this->connection_id = tnc->tnccs->create_connection(tnc->tnccs,
(tnccs_t*)this, _send_msg,
&this->request_handshake_retry, &this->recs);
if (!this->connection_id)
{
return FAILED;
}
- charon->imvs->notify_connection_change(charon->imvs,
- this->connection_id, TNC_CONNECTION_STATE_CREATE);
- charon->imvs->notify_connection_change(charon->imvs,
- this->connection_id, TNC_CONNECTION_STATE_HANDSHAKE);
+ tnc->imvs->notify_connection_change(tnc->imvs, this->connection_id,
+ TNC_CONNECTION_STATE_CREATE);
+ tnc->imvs->notify_connection_change(tnc->imvs, this->connection_id,
+ TNC_CONNECTION_STATE_HANDSHAKE);
}
data = chunk_create(buf, buflen);
this->send_msg = TRUE;
if (this->is_server)
{
- this->imvs->batch_ending(this->imvs, this->connection_id);
+ tnc->imvs->batch_ending(tnc->imvs, this->connection_id);
}
else
{
- this->imcs->batch_ending(this->imcs, this->connection_id);
+ tnc->imcs->batch_ending(tnc->imcs, this->connection_id);
}
this->send_msg = FALSE;
}
if (!this->recs->have_recommendation(this->recs, &rec, &eval))
{
- charon->imvs->solicit_recommendation(charon->imvs, this->connection_id);
+ tnc->imvs->solicit_recommendation(tnc->imvs, this->connection_id);
}
if (this->recs->have_recommendation(this->recs, &rec, &eval))
{
tnccs_msg_t *msg;
char *pref_lang;
- this->connection_id = charon->tnccs->create_connection(charon->tnccs,
+ this->connection_id = tnc->tnccs->create_connection(tnc->tnccs,
(tnccs_t*)this, _send_msg,
&this->request_handshake_retry, NULL);
if (!this->connection_id)
}
/* Create TNCCS-PreferredLanguage message */
- pref_lang = this->imcs->get_preferred_language(this->imcs);
+ pref_lang = tnc->imcs->get_preferred_language(tnc->imcs);
msg = tnccs_preferred_language_msg_create(pref_lang);
this->mutex->lock(this->mutex);
this->batch = tnccs_batch_create(this->is_server, ++this->batch_id);
this->batch->add_msg(this->batch, msg);
this->mutex->unlock(this->mutex);
- this->imcs->notify_connection_change(this->imcs,
- this->connection_id, TNC_CONNECTION_STATE_CREATE);
- this->imcs->notify_connection_change(this->imcs,
- this->connection_id, TNC_CONNECTION_STATE_HANDSHAKE);
+ tnc->imcs->notify_connection_change(tnc->imcs, this->connection_id,
+ TNC_CONNECTION_STATE_CREATE);
+ tnc->imcs->notify_connection_change(tnc->imcs, this->connection_id,
+ TNC_CONNECTION_STATE_HANDSHAKE);
this->send_msg = TRUE;
- this->imcs->begin_handshake(this->imcs, this->connection_id);
+ tnc->imcs->begin_handshake(tnc->imcs, this->connection_id);
this->send_msg = FALSE;
}
if (this->recs && this->recs->have_recommendation(this->recs, &rec, &eval))
{
- return charon->imvs->enforce_recommendation(charon->imvs, rec, eval);
+ return tnc->imvs->enforce_recommendation(tnc->imvs, rec, eval);
}
else
{
METHOD(tls_t, destroy, void,
private_tnccs_11_t *this)
{
- charon->tnccs->remove_connection(charon->tnccs, this->connection_id,
- this->is_server);
+ tnc->tnccs->remove_connection(tnc->tnccs, this->connection_id,
+ this->is_server);
this->mutex->destroy(this->mutex);
DESTROY_IF(this->batch);
free(this);
},
.is_server = is_server,
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
- .imcs = lib->get(lib, "imc-manager"),
- .imvs = lib->get(lib, "imv-manager"),
);
return &this->public;
#include "tnccs_11_plugin.h"
#include "tnccs_11.h"
-#include <daemon.h>
+#include <tnc/tnccs/tnccs_manager.h>
METHOD(plugin_t, get_name, char*,
tnccs_11_plugin_t *this)
PLUGIN_PROVIDE(CUSTOM, "tnccs-1.1"),
PLUGIN_DEPENDS(EAP_SERVER, EAP_TNC),
PLUGIN_DEPENDS(EAP_PEER, EAP_TNC),
- PLUGIN_SDEPEND(CUSTOM, "imc-manager"),
- PLUGIN_SDEPEND(CUSTOM, "imv-manager"),
+ PLUGIN_DEPENDS(CUSTOM, "tnccs-manager"),
};
*features = f;
return countof(f);
INCLUDES = \
-I$(top_srcdir)/src/libstrongswan \
- -I$(top_srcdir)/src/libhydra \
- -I$(top_srcdir)/src/libcharon \
-I$(top_srcdir)/src/libtls \
-I$(top_srcdir)/src/libtncif \
-I$(top_srcdir)/src/libtnccs
-AM_CFLAGS = -DUSE_TNC -rdynamic
+AM_CFLAGS = -rdynamic
if MONOLITHIC
noinst_LTLIBRARIES = libstrongswan-tnccs-20.la
#include "messages/pb_error_msg.h"
#include "state_machine/pb_tnc_state_machine.h"
-#include <debug.h>
+#include <tnc/tnccs/tnccs.h>
+
#include <utils/linked_list.h>
#include <bio/bio_writer.h>
#include <bio/bio_reader.h>
-#include <tnc/tnccs/tnccs.h>
#include <pen/pen.h>
+#include <debug.h>
ENUM(pb_tnc_batch_type_names, PB_BATCH_CDATA, PB_BATCH_CLOSE,
"CDATA",
#include "pb_error_msg.h"
-#include <debug.h>
+#include <tnc/tnccs/tnccs.h>
+
#include <bio/bio_writer.h>
#include <bio/bio_reader.h>
-#include <tnc/tnccs/tnccs.h>
#include <pen/pen.h>
+#include <debug.h>
ENUM(pb_tnc_error_code_names, PB_ERROR_UNEXPECTED_BATCH_TYPE,
PB_ERROR_VERSION_NOT_SUPPORTED,
#include "pb_pa_msg.h"
+#include <tnc/tnccs/tnccs.h>
+
#include <bio/bio_writer.h>
#include <bio/bio_reader.h>
-#include <tnc/tnccs/tnccs.h>
#include <pen/pen.h>
#include <debug.h>
#include <tncif_names.h>
#include <tncif_pa_subtypes.h>
-#include <imc/imc_manager.h>
+#include <tnc/tnc.h>
+#include <tnc/tnccs/tnccs_manager.h>
+#include <tnc/imc/imc_manager.h>
+#include <tnc/imv/imv_manager.h>
#include <debug.h>
-#include <daemon.h>
#include <threading/mutex.h>
-#include <tnc/tnccs/tnccs.h>
#include <pen/pen.h>
typedef struct private_tnccs_20_t private_tnccs_20_t;
*/
recommendations_t *recs;
- /**
- * TNC IMC manager controlling Integrity Measurement Collectors
- */
- imc_manager_t *imcs;
-
- /**
- * TNC IMV manager controlling Integrity Measurement Verifiers
- */
- imv_manager_t *imvs;
-
};
METHOD(tnccs_t, send_msg, TNC_Result,
this->send_msg = TRUE;
if (this->is_server)
{
- this->imvs->receive_message(this->imvs,
+ tnc->imvs->receive_message(tnc->imvs,
this->connection_id, msg_body.ptr, msg_body.len, msg_type);
}
else
{
- this->imcs->receive_message(this->imcs,
+ tnc->imcs->receive_message(tnc->imcs,
this->connection_id, msg_body.ptr, msg_body.len,msg_type);
}
this->send_msg = FALSE;
case PB_REC_QUARANTINED:
state = TNC_CONNECTION_STATE_ACCESS_ISOLATED;
}
- this->imcs->notify_connection_change(this->imcs,
- this->connection_id, state);
+ tnc->imcs->notify_connection_change(tnc->imcs, this->connection_id,
+ state);
break;
}
case PB_MSG_REMEDIATION_PARAMETERS:
}
if (this->is_server)
{
- charon->imvs->notify_connection_change(charon->imvs,
- this->connection_id, TNC_CONNECTION_STATE_HANDSHAKE);
+ tnc->imvs->notify_connection_change(tnc->imvs, this->connection_id,
+ TNC_CONNECTION_STATE_HANDSHAKE);
}
this->batch = pb_tnc_batch_create(this->is_server, batch_retry_type);
}
if (this->is_server && !this->connection_id)
{
- this->connection_id = charon->tnccs->create_connection(charon->tnccs,
+ this->connection_id = tnc->tnccs->create_connection(tnc->tnccs,
(tnccs_t*)this, _send_msg,
&this->request_handshake_retry, &this->recs);
if (!this->connection_id)
{
return FAILED;
}
- charon->imvs->notify_connection_change(charon->imvs,
- this->connection_id, TNC_CONNECTION_STATE_CREATE);
- charon->imvs->notify_connection_change(charon->imvs,
- this->connection_id, TNC_CONNECTION_STATE_HANDSHAKE);
+ tnc->imvs->notify_connection_change(tnc->imvs, this->connection_id,
+ TNC_CONNECTION_STATE_CREATE);
+ tnc->imvs->notify_connection_change(tnc->imvs, this->connection_id,
+ TNC_CONNECTION_STATE_HANDSHAKE);
}
data = chunk_create(buf, buflen);
else if (batch_type == PB_BATCH_SRETRY)
{
/* Restart the measurements */
- this->imcs->notify_connection_change(this->imcs,
+ tnc->imcs->notify_connection_change(tnc->imcs,
this->connection_id, TNC_CONNECTION_STATE_HANDSHAKE);
this->send_msg = TRUE;
- this->imcs->begin_handshake(this->imcs, this->connection_id);
+ tnc->imcs->begin_handshake(tnc->imcs, this->connection_id);
this->send_msg = FALSE;
}
this->send_msg = TRUE;
if (this->is_server)
{
- this->imvs->batch_ending(this->imvs, this->connection_id);
+ tnc->imvs->batch_ending(tnc->imvs, this->connection_id);
}
else
{
- this->imcs->batch_ending(this->imcs, this->connection_id);
+ tnc->imcs->batch_ending(tnc->imcs, this->connection_id);
}
this->send_msg = FALSE;
}
if (!this->recs->have_recommendation(this->recs, &rec, &eval))
{
- charon->imvs->solicit_recommendation(charon->imvs, this->connection_id);
+ tnc->imvs->solicit_recommendation(tnc->imvs, this->connection_id);
}
if (this->recs->have_recommendation(this->recs, &rec, &eval))
{
pb_tnc_msg_t *msg;
char *pref_lang;
- this->connection_id = charon->tnccs->create_connection(charon->tnccs,
+ this->connection_id = tnc->tnccs->create_connection(tnc->tnccs,
(tnccs_t*)this, _send_msg,
&this->request_handshake_retry, NULL);
if (!this->connection_id)
}
/* Create PB-TNC Language Preference message */
- pref_lang = this->imcs->get_preferred_language(this->imcs);
+ pref_lang = tnc->imcs->get_preferred_language(tnc->imcs);
msg = pb_language_preference_msg_create(chunk_create(pref_lang,
strlen(pref_lang)));
this->mutex->lock(this->mutex);
this->batch->add_msg(this->batch, msg);
this->mutex->unlock(this->mutex);
- this->imcs->notify_connection_change(this->imcs,
- this->connection_id, TNC_CONNECTION_STATE_CREATE);
- this->imcs->notify_connection_change(this->imcs,
- this->connection_id, TNC_CONNECTION_STATE_HANDSHAKE);
+ tnc->imcs->notify_connection_change(tnc->imcs, this->connection_id,
+ TNC_CONNECTION_STATE_CREATE);
+ tnc->imcs->notify_connection_change(tnc->imcs, this->connection_id,
+ TNC_CONNECTION_STATE_HANDSHAKE);
this->send_msg = TRUE;
- this->imcs->begin_handshake(this->imcs, this->connection_id);
+ tnc->imcs->begin_handshake(tnc->imcs, this->connection_id);
this->send_msg = FALSE;
}
if (this->recs && this->recs->have_recommendation(this->recs, &rec, &eval))
{
- return charon->imvs->enforce_recommendation(charon->imvs, rec, eval);
+ return tnc->imvs->enforce_recommendation(tnc->imvs, rec, eval);
}
else
{
METHOD(tls_t, destroy, void,
private_tnccs_20_t *this)
{
- charon->tnccs->remove_connection(charon->tnccs, this->connection_id,
- this->is_server);
+ tnc->tnccs->remove_connection(tnc->tnccs, this->connection_id,
+ this->is_server);
this->state_machine->destroy(this->state_machine);
this->mutex->destroy(this->mutex);
DESTROY_IF(this->batch);
.is_server = is_server,
.state_machine = pb_tnc_state_machine_create(is_server),
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
- .imcs = lib->get(lib, "imc-manager"),
- .imvs = lib->get(lib, "imv-manager"),
);
return &this->public;
#include "tnccs_20_plugin.h"
#include "tnccs_20.h"
-#include <daemon.h>
+#include <tnc/tnccs/tnccs_manager.h>
METHOD(plugin_t, get_name, char*,
tnccs_20_plugin_t *this)
PLUGIN_PROVIDE(CUSTOM, "tnccs-2.0"),
PLUGIN_DEPENDS(EAP_SERVER, EAP_TNC),
PLUGIN_DEPENDS(EAP_PEER, EAP_TNC),
- PLUGIN_SDEPEND(CUSTOM, "imc-manager"),
- PLUGIN_SDEPEND(CUSTOM, "imv-manager"),
+ PLUGIN_DEPENDS(CUSTOM, "tnccs-manager"),
};
*features = f;
return countof(f);
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
- -I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libtls \
- -I$(top_srcdir)/src/libtncif
+INCLUDES = \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libtls \
+ -I$(top_srcdir)/src/libtncif \
+ -I$(top_srcdir)/src/libtnccs
-AM_CFLAGS = -DUSE_TNC -rdynamic
+AM_CFLAGS = -rdynamic
if MONOLITHIC
noinst_LTLIBRARIES = libstrongswan-tnccs-dynamic.la
else
plugin_LTLIBRARIES = libstrongswan-tnccs-dynamic.la
+libstrongswan_tnccs_dynamic_la_LIBADD = \
+ $(top_builddir)/src/libtncif/libtncif.la \
+ $(top_builddir)/src/libtnccs/libtnccs.la
endif
libstrongswan_tnccs_dynamic_la_SOURCES = \
#include "tnccs_dynamic.h"
-#include <tnc/tnccs/tnccs.h>
-#include <daemon.h>
+#include <tnc/tnc.h>
+
+#include <debug.h>
typedef struct private_tnccs_dynamic_t private_tnccs_dynamic_t;
type = determine_tnccs_protocol(*(char*)buf);
DBG1(DBG_TNC, "%N protocol detected dynamically",
tnccs_type_names, type);
- this->tls = (tls_t*)charon->tnccs->create_instance(charon->tnccs,
- type, TRUE);
+ this->tls = (tls_t*)tnc->tnccs->create_instance(tnc->tnccs, type, TRUE);
if (!this->tls)
{
DBG1(DBG_TNC, "N% protocol not supported", tnccs_type_names, type);
#include "tnccs_dynamic_plugin.h"
#include "tnccs_dynamic.h"
-#include <daemon.h>
+#include <tnc/tnccs/tnccs_manager.h>
METHOD(plugin_t, get_name, char*,
tnccs_dynamic_plugin_t *this)
+++ /dev/null
-/*
- * Copyright (C) 2010 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#define USE_TNC
-
-#include "tnccs.h"
-
-#include <daemon.h>
-
-
-ENUM(tnccs_type_names, TNCCS_UNKNOWN, TNCCS_2_0,
- "unknown TNCCS",
- "TNCCS 1.1",
- "TNCCS SOH",
- "TNCCS 2.0",
-);
-
-/**
- * See header
- */
-bool tnccs_method_register(plugin_t *plugin, plugin_feature_t *feature,
- bool reg, void *data)
-{
- if (reg)
- {
- if (feature->type == FEATURE_CUSTOM)
- {
- tnccs_type_t type = TNCCS_UNKNOWN;
-
- if (streq(feature->arg.custom, "tnccs-2.0"))
- {
- type = TNCCS_2_0;
- }
- else if (streq(feature->arg.custom, "tnccs-1.1"))
- {
- type = TNCCS_1_1;
- }
- else if (streq(feature->arg.custom, "tnccs-dynamic"))
- {
- type = TNCCS_DYNAMIC;
- }
- else
- {
- return FALSE;
- }
- charon->tnccs->add_method(charon->tnccs, type,
- (tnccs_constructor_t)data);
- }
- }
- else
- {
- charon->tnccs->remove_method(charon->tnccs, (tnccs_constructor_t)data);
- }
- return TRUE;
-}
+++ /dev/null
-/*
- * Copyright (C) 2010 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup tnccs tnccs
- * @ingroup tnc
- *
- * @defgroup tnccst tnccs
- * @{ @ingroup tnccs
- */
-
-#ifndef TNCCS_H_
-#define TNCCS_H_
-
-typedef struct tnccs_t tnccs_t;
-typedef enum tnccs_type_t tnccs_type_t;
-
-#include <tncif.h>
-#include <tncifimc.h>
-#include <tncifimv.h>
-
-#include <library.h>
-#include <plugins/plugin.h>
-
-/**
- * Type of TNC Client/Server protocol
- */
-enum tnccs_type_t {
- TNCCS_UNKNOWN,
- TNCCS_1_1,
- TNCCS_SOH,
- TNCCS_2_0,
- TNCCS_DYNAMIC
-};
-
-/**
- * enum names for tnccs_type_t.
- */
-extern enum_name_t *tnccs_type_names;
-
-/**
- * Constructor definition for a pluggable TNCCS protocol implementation.
- *
- * @param is_server TRUE if TNC Server, FALSE if TNC Client
- * @return implementation of the tnccs_t interface
- */
-typedef tnccs_t *(*tnccs_constructor_t)(bool is_server);
-
-/**
- * Helper function to (un-)register TNCCS methods from plugin features.
- *
- * This function is a plugin_feature_callback_t and can be used with the
- * PLUGIN_CALLBACK macro to register a TNCCS method constructor.
- *
- * @param plugin plugin registering the TNCCS method constructor
- * @param feature associated plugin feature
- * @param reg TRUE to register, FALSE to unregister.
- * @param data data passed to callback, a tnccs_constructor_t
- */
-bool tnccs_method_register(plugin_t *plugin, plugin_feature_t *feature,
- bool reg, void *data);
-
-/**
- * Callback function adding a message to a TNCCS batch
- *
- * @param imc_id ID of IMC or TNC_IMCID_ANY
- * @param imc_id ID of IMV or TNC_IMVID_ANY
- * @param msg message to be added
- * @param msg_len message length
- * @param msg_type message type
- * @return result code
- */
-typedef TNC_Result (*tnccs_send_message_t)(tnccs_t* tncss, TNC_IMCID imc_id,
- TNC_IMVID imv_id,
- TNC_BufferReference msg,
- TNC_UInt32 msg_len,
- TNC_MessageType msg_type);
-
-#endif /** TNCCS_H_ @}*/
+++ /dev/null
-/*
- * Copyright (C) 2010 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#define USE_TNC
-
-#include "tnccs_manager.h"
-
-#include <imc/imc_manager.h>
-#include <imv/imv_manager.h>
-
-#include <debug.h>
-#include <daemon.h>
-#include <utils/linked_list.h>
-#include <threading/rwlock.h>
-
-typedef struct private_tnccs_manager_t private_tnccs_manager_t;
-typedef struct tnccs_entry_t tnccs_entry_t;
-typedef struct tnccs_connection_entry_t tnccs_connection_entry_t;
-
-/**
- * TNCCS constructor entry
- */
-struct tnccs_entry_t {
-
- /**
- * TNCCS protocol type
- */
- tnccs_type_t type;
-
- /**
- * constructor function to create instance
- */
- tnccs_constructor_t constructor;
-};
-
-/**
- * TNCCS connection entry
- */
-struct tnccs_connection_entry_t {
-
- /**
- * TNCCS connection ID
- */
- TNC_ConnectionID id;
-
- /**
- * TNCCS instance
- */
- tnccs_t *tnccs;
-
- /**
- * TNCCS send message function
- */
- tnccs_send_message_t send_message;
-
- /**
- * TNCCS request handshake retry flag
- */
- bool *request_handshake_retry;
-
- /**
- * collection of IMV recommendations
- */
- recommendations_t *recs;
-};
-
-/**
- * private data of tnccs_manager
- */
-struct private_tnccs_manager_t {
-
- /**
- * public functions
- */
- tnccs_manager_t public;
-
- /**
- * list of TNCCS protocol entries
- */
- linked_list_t *protocols;
-
- /**
- * rwlock to lock the TNCCS protocol entries
- */
- rwlock_t *protocol_lock;
-
- /**
- * connection ID counter
- */
- TNC_ConnectionID connection_id;
-
- /**
- * list of TNCCS connection entries
- */
- linked_list_t *connections;
-
- /**
- * rwlock to lock TNCCS connection entries
- */
- rwlock_t *connection_lock;
-
- /**
- * TNC IMC manager controlling Integrity Measurement Collectors
- */
- imc_manager_t *imcs;
-
- /**
- * TNC IMV manager controlling Integrity Measurement Verifiers
- */
- imv_manager_t *imvs;
-
-};
-
-METHOD(tnccs_manager_t, add_method, void,
- private_tnccs_manager_t *this, tnccs_type_t type,
- tnccs_constructor_t constructor)
-{
- tnccs_entry_t *entry;
-
- entry = malloc_thing(tnccs_entry_t);
- entry->type = type;
- entry->constructor = constructor;
-
- this->protocol_lock->write_lock(this->protocol_lock);
- this->protocols->insert_last(this->protocols, entry);
- this->protocol_lock->unlock(this->protocol_lock);
-}
-
-METHOD(tnccs_manager_t, remove_method, void,
- private_tnccs_manager_t *this, tnccs_constructor_t constructor)
-{
- enumerator_t *enumerator;
- tnccs_entry_t *entry;
-
- this->protocol_lock->write_lock(this->protocol_lock);
- enumerator = this->protocols->create_enumerator(this->protocols);
- while (enumerator->enumerate(enumerator, &entry))
- {
- if (constructor == entry->constructor)
- {
- this->protocols->remove_at(this->protocols, enumerator);
- free(entry);
- }
- }
- enumerator->destroy(enumerator);
- this->protocol_lock->unlock(this->protocol_lock);
-}
-
-METHOD(tnccs_manager_t, create_instance, tnccs_t*,
- private_tnccs_manager_t *this, tnccs_type_t type, bool is_server)
-{
- enumerator_t *enumerator;
- tnccs_entry_t *entry;
- tnccs_t *protocol = NULL;
-
- this->protocol_lock->read_lock(this->protocol_lock);
- enumerator = this->protocols->create_enumerator(this->protocols);
- while (enumerator->enumerate(enumerator, &entry))
- {
- if (type == entry->type)
- {
- protocol = entry->constructor(is_server);
- if (protocol)
- {
- break;
- }
- }
- }
- enumerator->destroy(enumerator);
- this->protocol_lock->unlock(this->protocol_lock);
-
- return protocol;
-}
-
-METHOD(tnccs_manager_t, create_connection, TNC_ConnectionID,
- private_tnccs_manager_t *this, tnccs_t *tnccs,
- tnccs_send_message_t send_message, bool* request_handshake_retry,
- recommendations_t **recs)
-{
- tnccs_connection_entry_t *entry;
-
- entry = malloc_thing(tnccs_connection_entry_t);
- entry->tnccs = tnccs;
- entry->send_message = send_message;
- entry->request_handshake_retry = request_handshake_retry;
- if (recs)
- {
- /* we assume a TNC Server needing recommendations from IMVs */
- if (!this->imvs)
- {
- this->imvs = lib->get(lib, "imv-manager");
- }
- if (!this->imvs)
- {
- DBG1(DBG_TNC, "no IMV manager available!");
- free(entry);
- return 0;
- }
- entry->recs = this->imvs->create_recommendations(this->imvs);
- *recs = entry->recs;
- }
- else
- {
- /* we assume a TNC Client */
- if (!this->imcs)
- {
- this->imcs = lib->get(lib, "imc-manager");
- }
- if (!this->imcs)
- {
- DBG1(DBG_TNC, "no IMC manager available!");
- free(entry);
- return 0;
- }
- entry->recs = NULL;
- }
- this->connection_lock->write_lock(this->connection_lock);
- entry->id = ++this->connection_id;
- this->connections->insert_last(this->connections, entry);
- this->connection_lock->unlock(this->connection_lock);
-
- DBG1(DBG_TNC, "assigned TNCCS Connection ID %u", entry->id);
- return entry->id;
-}
-
-METHOD(tnccs_manager_t, remove_connection, void,
- private_tnccs_manager_t *this, TNC_ConnectionID id, bool is_server)
-{
- enumerator_t *enumerator;
- tnccs_connection_entry_t *entry;
-
- if (is_server)
- {
- if (this->imvs)
- {
- this->imvs->notify_connection_change(this->imvs, id,
- TNC_CONNECTION_STATE_DELETE);
- }
- }
- else
- {
- if (this->imcs)
- {
- this->imcs->notify_connection_change(this->imcs, id,
- TNC_CONNECTION_STATE_DELETE);
- }
- }
-
- this->connection_lock->write_lock(this->connection_lock);
- enumerator = this->connections->create_enumerator(this->connections);
- while (enumerator->enumerate(enumerator, &entry))
- {
- if (id == entry->id)
- {
- this->connections->remove_at(this->connections, enumerator);
- if (entry->recs)
- {
- entry->recs->destroy(entry->recs);
- }
- free(entry);
- DBG1(DBG_TNC, "removed TNCCS Connection ID %u", id);
- }
- }
- enumerator->destroy(enumerator);
- this->connection_lock->unlock(this->connection_lock);
-}
-
-METHOD(tnccs_manager_t, request_handshake_retry, TNC_Result,
- private_tnccs_manager_t *this, bool is_imc, TNC_UInt32 imcv_id,
- TNC_ConnectionID id,
- TNC_RetryReason reason)
-{
- enumerator_t *enumerator;
- tnccs_connection_entry_t *entry;
-
- if (id == TNC_CONNECTIONID_ANY)
- {
- DBG2(DBG_TNC, "%s %u requests handshake retry for all connections "
- "(reason: %u)", is_imc ? "IMC":"IMV", reason);
- }
- else
- {
- DBG2(DBG_TNC, "%s %u requests handshake retry for Connection ID %u "
- "(reason: %u)", is_imc ? "IMC":"IMV", imcv_id, id, reason);
- }
- this->connection_lock->read_lock(this->connection_lock);
- enumerator = this->connections->create_enumerator(this->connections);
- while (enumerator->enumerate(enumerator, &entry))
- {
- if (id == TNC_CONNECTIONID_ANY || id == entry->id)
- {
- *entry->request_handshake_retry = TRUE;
- break;
- }
- }
- enumerator->destroy(enumerator);
- this->connection_lock->unlock(this->connection_lock);
-
- return TNC_RESULT_SUCCESS;
-}
-
-METHOD(tnccs_manager_t, send_message, TNC_Result,
- private_tnccs_manager_t *this, TNC_IMCID imc_id, TNC_IMVID imv_id,
- TNC_ConnectionID id,
- TNC_BufferReference msg,
- TNC_UInt32 msg_len,
- TNC_MessageType msg_type)
-
-{
- enumerator_t *enumerator;
- tnccs_connection_entry_t *entry;
- tnccs_send_message_t send_message = NULL;
- tnccs_t *tnccs = NULL;
- TNC_VendorID msg_vid;
- TNC_MessageSubtype msg_subtype;
-
- msg_vid = (msg_type >> 8) & TNC_VENDORID_ANY;
- msg_subtype = msg_type & TNC_SUBTYPE_ANY;
-
- if (msg_vid == TNC_VENDORID_ANY || msg_subtype == TNC_SUBTYPE_ANY)
- {
- DBG1(DBG_TNC, "not sending message of invalid type 0x%08x", msg_type);
- return TNC_RESULT_INVALID_PARAMETER;
- }
-
- this->connection_lock->read_lock(this->connection_lock);
- enumerator = this->connections->create_enumerator(this->connections);
- while (enumerator->enumerate(enumerator, &entry))
- {
- if (id == entry->id)
- {
- tnccs = entry->tnccs;
- send_message = entry->send_message;
- break;
- }
- }
- enumerator->destroy(enumerator);
- this->connection_lock->unlock(this->connection_lock);
-
- if (tnccs && send_message)
- {
- return send_message(tnccs, imc_id, imv_id, msg, msg_len, msg_type);
- }
- return TNC_RESULT_FATAL;
-}
-
-METHOD(tnccs_manager_t, provide_recommendation, TNC_Result,
- private_tnccs_manager_t *this, TNC_IMVID imv_id,
- TNC_ConnectionID id,
- TNC_IMV_Action_Recommendation rec,
- TNC_IMV_Evaluation_Result eval)
-{
- enumerator_t *enumerator;
- tnccs_connection_entry_t *entry;
- recommendations_t *recs = NULL;
-
- this->connection_lock->read_lock(this->connection_lock);
- enumerator = this->connections->create_enumerator(this->connections);
- while (enumerator->enumerate(enumerator, &entry))
- {
- if (id == entry->id)
- {
- recs = entry->recs;
- break;
- }
- }
- enumerator->destroy(enumerator);
- this->connection_lock->unlock(this->connection_lock);
-
- if (recs)
- {
- recs->provide_recommendation(recs, imv_id, rec, eval);
- return TNC_RESULT_SUCCESS;
- }
- return TNC_RESULT_FATAL;
-}
-
-METHOD(tnccs_manager_t, get_attribute, TNC_Result,
- private_tnccs_manager_t *this, TNC_IMVID imv_id,
- TNC_ConnectionID id,
- TNC_AttributeID attribute_id,
- TNC_UInt32 buffer_len,
- TNC_BufferReference buffer,
- TNC_UInt32 *out_value_len)
-{
- enumerator_t *enumerator;
- tnccs_connection_entry_t *entry;
- recommendations_t *recs = NULL;
-
- if (id == TNC_CONNECTIONID_ANY ||
- attribute_id != TNC_ATTRIBUTEID_PREFERRED_LANGUAGE)
- {
- return TNC_RESULT_INVALID_PARAMETER;
- }
-
- this->connection_lock->read_lock(this->connection_lock);
- enumerator = this->connections->create_enumerator(this->connections);
- while (enumerator->enumerate(enumerator, &entry))
- {
- if (id == entry->id)
- {
- recs = entry->recs;
- break;
- }
- }
- enumerator->destroy(enumerator);
- this->connection_lock->unlock(this->connection_lock);
-
- if (recs)
- {
- chunk_t pref_lang;
-
- pref_lang = recs->get_preferred_language(recs);
- if (pref_lang.len == 0)
- {
- return TNC_RESULT_INVALID_PARAMETER;
- }
- *out_value_len = pref_lang.len;
- if (buffer && buffer_len >= pref_lang.len)
- {
- memcpy(buffer, pref_lang.ptr, pref_lang.len);
- }
- return TNC_RESULT_SUCCESS;
- }
- return TNC_RESULT_INVALID_PARAMETER;
-}
-
-METHOD(tnccs_manager_t, set_attribute, TNC_Result,
- private_tnccs_manager_t *this, TNC_IMVID imv_id,
- TNC_ConnectionID id,
- TNC_AttributeID attribute_id,
- TNC_UInt32 buffer_len,
- TNC_BufferReference buffer)
-{
- enumerator_t *enumerator;
- tnccs_connection_entry_t *entry;
- recommendations_t *recs = NULL;
-
- if (id == TNC_CONNECTIONID_ANY ||
- (attribute_id != TNC_ATTRIBUTEID_REASON_STRING &&
- attribute_id != TNC_ATTRIBUTEID_REASON_LANGUAGE))
- {
- return TNC_RESULT_INVALID_PARAMETER;
- }
-
- this->connection_lock->read_lock(this->connection_lock);
- enumerator = this->connections->create_enumerator(this->connections);
- while (enumerator->enumerate(enumerator, &entry))
- {
- if (id == entry->id)
- {
- recs = entry->recs;
- break;
- }
- }
- enumerator->destroy(enumerator);
- this->connection_lock->unlock(this->connection_lock);
-
- if (recs)
- {
- chunk_t attribute = { buffer, buffer_len };
-
- if (attribute_id == TNC_ATTRIBUTEID_REASON_STRING)
- {
- return recs->set_reason_string(recs, imv_id, attribute);
- }
- else
- {
- return recs->set_reason_language(recs, imv_id, attribute);
- }
- }
- return TNC_RESULT_INVALID_PARAMETER;
-}
-
-METHOD(tnccs_manager_t, destroy, void,
- private_tnccs_manager_t *this)
-{
- this->protocols->destroy_function(this->protocols, free);
- this->protocol_lock->destroy(this->protocol_lock);
- this->connections->destroy_function(this->connections, free);
- this->connection_lock->destroy(this->connection_lock);
- free(this);
-}
-
-/*
- * See header
- */
-tnccs_manager_t *tnccs_manager_create()
-{
- private_tnccs_manager_t *this;
-
- INIT(this,
- .public = {
- .add_method = _add_method,
- .remove_method = _remove_method,
- .create_instance = _create_instance,
- .create_connection = _create_connection,
- .remove_connection = _remove_connection,
- .request_handshake_retry = _request_handshake_retry,
- .send_message = _send_message,
- .provide_recommendation = _provide_recommendation,
- .get_attribute = _get_attribute,
- .set_attribute = _set_attribute,
- .destroy = _destroy,
- },
- .protocols = linked_list_create(),
- .connections = linked_list_create(),
- .protocol_lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
- .connection_lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
- .imcs = lib->get(lib, "imc-manager"),
- .imvs = lib->get(lib, "imv-manager"),
- );
-
- return &this->public;
-}
-
+++ /dev/null
-/*
- * Copyright (C) 2010 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup tnccs_manager tnccs_manager
- * @{ @ingroup tnccs
- */
-
-#ifndef TNCCS_MANAGER_H_
-#define TNCCS_MANAGER_H_
-
-typedef struct tnccs_manager_t tnccs_manager_t;
-
-#ifdef USE_TNC
-
-#include "tnccs.h"
-
-#include <imv/imv_recommendations.h>
-
-/**
- * The TNCCS manager manages all TNCCS implementations and creates instances.
- *
- * A plugin registers its implemented TNCCS protocol with the manager by
- * providing type and a constructor function. The manager then creates
- * TNCCS protocol instances via the provided constructor.
- */
-struct tnccs_manager_t {
-
- /**
- * Register a TNCCS protocol implementation.
- *
- * @param type TNCCS protocol type
- * @param constructor constructor, returns a TNCCS protocol implementation
- */
- void (*add_method)(tnccs_manager_t *this, tnccs_type_t type,
- tnccs_constructor_t constructor);
-
- /**
- * Unregister a TNCCS protocol implementation using it's constructor.
- *
- * @param constructor constructor function to remove, as added in add_method
- */
- void (*remove_method)(tnccs_manager_t *this, tnccs_constructor_t constructor);
-
- /**
- * Create a new TNCCS protocol instance.
- *
- * @param type type of the TNCCS protocol
- * @param is_server TRUE if TNC Server, FALSE if TNC Client
- * @return TNCCS protocol instance, NULL if no constructor found
- */
- tnccs_t* (*create_instance)(tnccs_manager_t *this, tnccs_type_t type,
- bool is_server);
-
- /**
- * Create a TNCCS connection and assign a unique connection ID as well a
- * callback function for adding a message to a TNCCS batch and create
- * an empty set for collecting IMV recommendations
- *
- * @param tnccs TNCCS connection instance
- * @param send_message TNCCS callback function
- * @param request_handshake_retry pointer to boolean variable
- * @param recs pointer to IMV recommendation set
- * @return assigned connection ID
- */
- TNC_ConnectionID (*create_connection)(tnccs_manager_t *this, tnccs_t *tnccs,
- tnccs_send_message_t send_message,
- bool *request_handshake_retry,
- recommendations_t **recs);
-
- /**
- * Remove a TNCCS connection using its connection ID.
- *
- * @param id ID of the connection to be removed
- * @param is_server TNC Server if TRUE, TNC Client if FALSE
- */
- void (*remove_connection)(tnccs_manager_t *this, TNC_ConnectionID id,
- bool is_server);
-
- /**
- * Request a handshake retry
- *
- * @param is_imc TRUE if IMC, FALSE if IMV
- * @param imcv_id ID of IMC or IMV requesting the retry
- * @param id ID of a specific connection or any connection
- * @param reason reason for the handshake retry
- * @return return code
- */
- TNC_Result (*request_handshake_retry)(tnccs_manager_t *this, bool is_imc,
- TNC_UInt32 imcv_id,
- TNC_ConnectionID id,
- TNC_RetryReason reason);
-
- /**
- * Add an IMC/IMV message to the batch of a given connection ID.
- *
- * @param imc_id ID of IMC or TNC_IMCID_ANY
- * @param imv_id ID of IMV or TNC_IMVID_ANY
- * @param id ID of target connection
- * @param msg message to be added
- * @param msg_len message length
- * @param msg_type message type
- * @return return code
- */
- TNC_Result (*send_message)(tnccs_manager_t *this, TNC_IMCID imc_id,
- TNC_IMVID imv_id,
- TNC_ConnectionID id,
- TNC_BufferReference msg,
- TNC_UInt32 msg_len,
- TNC_MessageType msg_type);
-
- /**
- * Deliver an IMV Action Recommendation and IMV Evaluation Result to the TNCS
- *
- * @param imv_id ID of the IMV providing the recommendation
- * @param id ID of target connection
- * @param rec action recommendation
- * @param eval evaluation result
- * @return return code
- */
- TNC_Result (*provide_recommendation)(tnccs_manager_t *this,
- TNC_IMVID imv_id,
- TNC_ConnectionID id,
- TNC_IMV_Action_Recommendation rec,
- TNC_IMV_Evaluation_Result eval);
-
- /**
- * Get the value of an attribute associated with a connection or with the
- * TNCS as a whole.
- *
- * @param imv_id ID of the IMV requesting the attribute
- * @param id ID of target connection
- * @param attribute_id ID of the requested attribute
- * @param buffer_len length of the buffer in bytes
- * @param buffer pointer to the buffer
- * @param out_value_len actual length of the returned attribute
- * @return return code
- */
- TNC_Result (*get_attribute)(tnccs_manager_t *this,
- TNC_IMVID imv_id,
- TNC_ConnectionID id,
- TNC_AttributeID attribute_id,
- TNC_UInt32 buffer_len,
- TNC_BufferReference buffer,
- TNC_UInt32 *out_value_len);
-
- /**
- * Set the value of an attribute associated with a connection or with the
- * TNCS as a whole.
- *
- * @param imv_id ID of the IMV setting the attribute
- * @param id ID of target connection
- * @param attribute_id ID of the attribute to be set
- * @param buffer_len length of the buffer in bytes
- * @param buffer pointer to the buffer
- * @return return code
- */
- TNC_Result (*set_attribute)(tnccs_manager_t *this,
- TNC_IMVID imv_id,
- TNC_ConnectionID id,
- TNC_AttributeID attribute_id,
- TNC_UInt32 buffer_len,
- TNC_BufferReference buffer);
-
- /**
- * Destroy a tnccs_manager instance.
- */
- void (*destroy)(tnccs_manager_t *this);
-};
-
-/**
- * Create a tnccs_manager instance.
- */
-tnccs_manager_t *tnccs_manager_create();
-
-#endif /* USE_TNC */
-
-#endif /** TNCCS_MANAGER_H_ @}*/
libtnccs_la_LIBADD = $(top_builddir)/src/libtncif/libtncif.la
libtnccs_la_SOURCES = \
- imc/imc.h imc/imc_manager.h \
- imv/imv.h imv/imv_manager.h \
- imv/imv_recommendations.h imv/imv_recommendations.c
+ tnc/tnc.h tnc/tnc.c \
+ tnc/imc/imc.h tnc/imc/imc_manager.h \
+ tnc/imv/imv.h tnc/imv/imv_manager.h \
+ tnc/imv/imv_recommendations.h tnc/imv/imv_recommendations.c \
+ tnc/tnccs/tnccs.h tnc/tnccs/tnccs.c \
+ tnc/tnccs/tnccs_manager.h tnc/tnccs/tnccs_manager.c
+
+++ /dev/null
-/*
- * Copyright (C) 2010 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup imc imc
- * @ingroup tnc
- *
- * @defgroup imct imc
- * @{ @ingroup imc
- */
-
-#ifndef IMC_H_
-#define IMC_H_
-
-#include <tncifimc.h>
-
-#include <library.h>
-
-typedef struct imc_t imc_t;
-
-/**
- * Controls a single Integrity Measurement Collector (IMC)
- */
-struct imc_t {
-
- /**
- * The TNC Client calls this function to initialize the IMC and agree on
- * the API version number to be used. It also supplies the IMC ID, an IMC
- * identifier that the IMC must use when calling TNC Client callback functions.
- *
- * @param imcID IMC ID assigned by TNCC
- * @param minVersion minimum API version supported by TNCC
- * @param maxVersion maximum API version supported by TNCC
- * @param OutActualVersion mutually supported API version number
- * @return TNC result code
- */
- TNC_Result (*initialize)(TNC_IMCID imcID,
- TNC_Version minVersion,
- TNC_Version maxVersion,
- TNC_Version *OutActualVersion);
-
- /**
- * The TNC Client calls this function to inform the IMC that the state of
- * the network connection identified by connectionID has changed to newState.
- *
- * @param imcID IMC ID assigned by TNCC
- * @param connectionID network connection ID assigned by TNCC
- * @param newState new network connection state
- * @return TNC result code
- */
- TNC_Result (*notify_connection_change)(TNC_IMCID imcID,
- TNC_ConnectionID connectionID,
- TNC_ConnectionState newState);
-
- /**
- * The TNC Client calls this function to indicate that an Integrity Check
- * Handshake is beginning and solicit messages from IMCs for the first batch.
- *
- * @param imcID IMC ID assigned by TNCC
- * @param connectionID network connection ID assigned by TNCC
- * @return TNC result code
- */
- TNC_Result (*begin_handshake)(TNC_IMCID imcID,
- TNC_ConnectionID connectionID);
-
- /**
- * The TNC Client calls this function to deliver a message to the IMC.
- * The message is contained in the buffer referenced by message and contains
- * the number of octets indicated by messageLength. The type of the message
- * is indicated by messageType.
- *
- * @param imcID IMC ID assigned by TNCS
- * @param connectionID network connection ID assigned by TNCC
- * @param message reference to buffer containing message
- * @param messageLength number of octets in message
- * @param messageType message type of message
- * @return TNC result code
- */
- TNC_Result (*receive_message)(TNC_IMCID imcID,
- TNC_ConnectionID connectionID,
- TNC_BufferReference message,
- TNC_UInt32 messageLength,
- TNC_MessageType messageType);
-
- /**
- * The TNC Client calls this function to notify IMCs that all IMV messages
- * received in a batch have been delivered and this is the IMC’s last chance
- * to send a message in the batch of IMC messages currently being collected.
- *
- * @param imcID IMC ID assigned by TNCC
- * @param connectionID network connection ID assigned by TNCC
- * @return TNC result code
- */
- TNC_Result (*batch_ending)(TNC_IMCID imcID,
- TNC_ConnectionID connectionID);
-
- /**
- * The TNC Client calls this function to close down the IMC when all work is
- * complete or the IMC reports TNC_RESULT_FATAL.
- *
- * @param imcID IMC ID assigned by TNCC
- * @return TNC result code
- */
- TNC_Result (*terminate)(TNC_IMCID imcID);
-
- /**
- * IMVs implementing the UNIX/Linux Dynamic Linkage platform binding MUST
- * define this additional function. The TNC Server MUST call the function
- * immediately after calling TNC_IMV_Initialize to provide a pointer to the
- * TNCS bind function. The IMV can then use the TNCS bind function to obtain
- * pointers to any other TNCS functions.
- *
- * @param imcID IMC ID assigned by TNCC
- * @param bindFunction pointer to TNC_TNCC_BindFunction
- * @return TNC result code
- */
- TNC_Result (*provide_bind_function)(TNC_IMCID imcID,
- TNC_TNCC_BindFunctionPointer bindFunction);
-
- /**
- * Sets the ID of an imc_t object.
- *
- * @param id IMC ID to be assigned
- */
- void (*set_id)(imc_t *this, TNC_IMCID id);
-
- /**
- * Returns the ID of an imc_t object.
- *
- * @return assigned IMC ID
- */
- TNC_IMCID (*get_id)(imc_t *this);
-
- /**
- * Returns the name of an imc_t object.
- *
- * @return name of IMC
- */
- char* (*get_name)(imc_t *this);
-
- /**
- * Sets the supported message types of an imc_t object.
- *
- * @param supported_types list of messages type supported by IMC
- * @param type_count number of supported message types
- */
- void (*set_message_types)(imc_t *this, TNC_MessageTypeList supported_types,
- TNC_UInt32 type_count);
-
- /**
- * Check if the IMC supports a given message type.
- *
- * @param message_type message type
- * @return TRUE if supported
- */
- bool (*type_supported)(imc_t *this, TNC_MessageType message_type);
-
- /**
- * Destroys an imc_t object.
- */
- void (*destroy)(imc_t *this);
-};
-
-#endif /** IMC_H_ @}*/
+++ /dev/null
-/*
- * Copyright (C) 2010 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup imc_manager imc_manager
- * @{ @ingroup imc
- */
-
-#ifndef IMC_MANAGER_H_
-#define IMC_MANAGER_H_
-
-typedef struct imc_manager_t imc_manager_t;
-
-#include "imc.h"
-
-#include <library.h>
-
-/**
- * The IMC manager controls all IMC instances.
- */
-struct imc_manager_t {
-
- /**
- * Add an IMC instance
- *
- * @param imc IMC instance
- * @return TRUE if initialization successful
- */
- bool (*add)(imc_manager_t *this, imc_t *imc);
-
- /**
- * Remove an IMC instance from the list and return it
- *
- * @param id ID of IMC instance
- * @return removed IMC instance
- */
- imc_t* (*remove)(imc_manager_t *this, TNC_IMCID id);
-
- /**
- * Check if an IMC with a given ID is registered with the IMC manager
- *
- * @param id ID of IMC instance
- * @return TRUE if registered
- */
- bool (*is_registered)(imc_manager_t *this, TNC_IMCID id);
-
- /**
- * Return the preferred language for recommendations
- *
- * @return preferred language string
- */
- char* (*get_preferred_language)(imc_manager_t *this);
-
- /**
- * Notify all IMC instances
- *
- * @param state communicate the state a connection has reached
- */
- void (*notify_connection_change)(imc_manager_t *this,
- TNC_ConnectionID id,
- TNC_ConnectionState state);
-
- /**
- * Begin a handshake between the IMCs and a connection
- *
- * @param id connection ID
- */
- void (*begin_handshake)(imc_manager_t *this, TNC_ConnectionID id);
-
- /**
- * Sets the supported message types reported by a given IMC
- *
- * @param id ID of reporting IMC
- * @param supported_types list of messages type supported by IMC
- * @param type_count number of supported message types
- * @return TNC result code
- */
- TNC_Result (*set_message_types)(imc_manager_t *this,
- TNC_IMCID id,
- TNC_MessageTypeList supported_types,
- TNC_UInt32 type_count);
-
- /**
- * Delivers a message to interested IMCs.
- *
- * @param connection_id ID of connection over which message was received
- * @param message message
- * @param message_len message length
- * @param message_type message type
- */
- void (*receive_message)(imc_manager_t *this,
- TNC_ConnectionID connection_id,
- TNC_BufferReference message,
- TNC_UInt32 message_len,
- TNC_MessageType message_type);
-
- /**
- * Notify all IMCs that all IMV messages received in a batch have been
- * delivered and this is the IMCs last chance to send a message in the
- * batch of IMC messages currently being collected.
- *
- * @param id connection ID
- */
- void (*batch_ending)(imc_manager_t *this, TNC_ConnectionID id);
-
- /**
- * Destroy an IMC manager and all its controlled instances.
- */
- void (*destroy)(imc_manager_t *this);
-};
-
-#endif /** IMC_MANAGER_H_ @}*/
+++ /dev/null
-/*
- * Copyright (C) 2010 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup imv imv
- * @ingroup tnc
- *
- * @defgroup imvt imv
- * @{ @ingroup imv
- */
-
-#ifndef IMV_H_
-#define IMV_H_
-
-#include <tncifimv.h>
-
-#include <library.h>
-
-typedef struct imv_t imv_t;
-
-/**
- * Controls a single Integrity Measurement Verifier (IMV)
- */
-struct imv_t {
-
- /**
- * The TNC Server calls this function to initialize the IMV and agree on
- * the API version number to be used. It also supplies the IMV ID, an IMV
- * identifier that the IMV must use when calling TNC Server callback functions.
- *
- * @param imvID IMV ID assigned by TNCS
- * @param minVersion minimum API version supported
- * @param maxVersion maximum API version supported by TNCS
- * @param OutActualVersion mutually supported API version number
- * @return TNC result code
- */
- TNC_Result (*initialize)(TNC_IMVID imvID,
- TNC_Version minVersion,
- TNC_Version maxVersion,
- TNC_Version *OutActualVersion);
-
- /**
- * The TNC Server calls this function to inform the IMV that the state of
- * the network connection identified by connectionID has changed to newState.
- *
- * @param imvID IMV ID assigned by TNCS
- * @param connectionID network connection ID assigned by TNCS
- * @param newState new network connection state
- * @return TNC result code
- */
- TNC_Result (*notify_connection_change)(TNC_IMVID imvID,
- TNC_ConnectionID connectionID,
- TNC_ConnectionState newState);
-
- /**
- * The TNC Server calls this function at the end of an Integrity Check
- * Handshake (after all IMC-IMV messages have been delivered) to solicit
- * recommendations from IMVs that have not yet provided a recommendation.
- *
- * @param imvID IMV ID assigned by TNCS
- * @param connectionID network connection ID assigned by TNCS
- * @return TNC result code
- */
- TNC_Result (*solicit_recommendation)(TNC_IMVID imvID,
- TNC_ConnectionID connectionID);
-
- /**
- * The TNC Server calls this function to deliver a message to the IMV.
- * The message is contained in the buffer referenced by message and contains
- * the number of octets indicated by messageLength. The type of the message
- * is indicated by messageType.
- *
- * @param imvID IMV ID assigned by TNCS
- * @param connectionID network connection ID assigned by TNCS
- * @param message reference to buffer containing message
- * @param messageLength number of octets in message
- * @param messageType message type of message
- * @return TNC result code
- */
- TNC_Result (*receive_message)(TNC_IMVID imvID,
- TNC_ConnectionID connectionID,
- TNC_BufferReference message,
- TNC_UInt32 messageLength,
- TNC_MessageType messageType);
-
- /**
- * The TNC Server calls this function to notify IMVs that all IMC messages
- * received in a batch have been delivered and this is the IMV’s last chance
- * to send a message in the batch of IMV messages currently being collected.
- *
- * @param imvID IMV ID assigned by TNCS
- * @param connectionID network connection ID assigned by TNCS
- * @return TNC result code
- */
- TNC_Result (*batch_ending)(TNC_IMVID imvID,
- TNC_ConnectionID connectionID);
-
- /**
- * The TNC Server calls this function to close down the IMV.
- *
- * @param imvID IMV ID assigned by TNCS
- * @return TNC result code
- */
- TNC_Result (*terminate)(TNC_IMVID imvID);
-
- /**
- * IMVs implementing the UNIX/Linux Dynamic Linkage platform binding MUST
- * define this additional function. The TNC Server MUST call the function
- * immediately after calling TNC_IMV_Initialize to provide a pointer to the
- * TNCS bind function. The IMV can then use the TNCS bind function to obtain
- * pointers to any other TNCS functions.
- *
- * @param imvID IMV ID assigned by TNCS
- * @param bindFunction pointer to TNC_TNCS_BindFunction
- * @return TNC result code
- */
- TNC_Result (*provide_bind_function)(TNC_IMVID imvID,
- TNC_TNCS_BindFunctionPointer bindFunction);
-
- /**
- * Sets the ID of an imv_t object.
- *
- * @param id IMV ID to be assigned
- */
- void (*set_id)(imv_t *this, TNC_IMVID id);
-
- /**
- * Returns the ID of an imv_t object.
- *
- * @return IMV ID assigned by TNCS
- */
- TNC_IMVID (*get_id)(imv_t *this);
-
- /**
- * Returns the name of an imv_t object.
- *
- * @return name of IMV
- */
- char* (*get_name)(imv_t *this);
-
- /**
- * Sets the supported message types of an imv_t object.
- *
- * @param supported_types list of messages type supported by IMV
- * @param type_count number of supported message types
- */
- void (*set_message_types)(imv_t *this, TNC_MessageTypeList supported_types,
- TNC_UInt32 type_count);
-
- /**
- * Check if the IMV supports a given message type.
- *
- * @param message_type message type
- * @return TRUE if supported
- */
- bool (*type_supported)(imv_t *this, TNC_MessageType message_type);
-
- /**
- * Destroys an imv_t object.
- */
- void (*destroy)(imv_t *this);
-};
-
-#endif /** IMV_H_ @}*/
+++ /dev/null
-/*
- * Copyright (C) 2010 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup imv_manager imv_manager
- * @{ @ingroup imv
- */
-
-#ifndef IMV_MANAGER_H_
-#define IMV_MANAGER_H_
-
-typedef struct imv_manager_t imv_manager_t;
-
-#include "imv.h"
-#include "imv_recommendations.h"
-
-#include <library.h>
-
-/**
- * The IMV manager controls all IMV instances.
- */
-struct imv_manager_t {
-
- /**
- * Add an IMV instance
- *
- * @param imv IMV instance
- * @return TRUE if initialization successful
- */
- bool (*add)(imv_manager_t *this, imv_t *imv);
-
- /**
- * Remove an IMV instance from the list and return it
- *
- * @param id ID of IMV instance
- * @return removed IMC instance
- */
- imv_t* (*remove)(imv_manager_t *this, TNC_IMVID id);
-
- /**
- * Check if an IMV with a given ID is registered with the IMV manager
- *
- * @param id ID of IMV instance
- * @return TRUE if registered
- */
- bool (*is_registered)(imv_manager_t *this, TNC_IMVID id);
-
-
- /**
- * Get the configured recommendation policy
- *
- * @return configured recommendation policy
- */
- recommendation_policy_t (*get_recommendation_policy)(imv_manager_t *this);
-
- /**
- * Create an empty set of IMV recommendations and evaluations
- *
- * @return instance of a recommendations_t list
- */
- recommendations_t* (*create_recommendations)(imv_manager_t *this);
-
- /**
- * Enforce the TNC recommendation on the IKE_SA by either inserting an
- * allow|isolate group membership rule (TRUE) or by blocking access (FALSE)
- *
- * @param rec TNC action recommendation
- * @param eval TNC evaluation result
- * @return TRUE for allow|isolate, FALSE for none
- */
- bool (*enforce_recommendation)(imv_manager_t *this,
- TNC_IMV_Action_Recommendation rec,
- TNC_IMV_Evaluation_Result eval);
-
- /**
- * Notify all IMV instances
- *
- * @param state communicate the state a connection has reached
- */
- void (*notify_connection_change)(imv_manager_t *this,
- TNC_ConnectionID id,
- TNC_ConnectionState state);
-
- /**
- * Sets the supported message types reported by a given IMV
- *
- * @param id ID of reporting IMV
- * @param supported_types list of messages type supported by IMV
- * @param type_count number of supported message types
- * @return TNC result code
- */
- TNC_Result (*set_message_types)(imv_manager_t *this,
- TNC_IMVID id,
- TNC_MessageTypeList supported_types,
- TNC_UInt32 type_count);
-
- /**
- * Solicit recommendations from IMVs that have not yet provided one
- *
- * @param id connection ID
- */
- void (*solicit_recommendation)(imv_manager_t *this, TNC_ConnectionID id);
-
- /**
- * Delivers a message to interested IMVs.
- *
- * @param connection_id ID of connection over which message was received
- * @param message message
- * @param message_len message length
- * @param message_type message type
- */
- void (*receive_message)(imv_manager_t *this,
- TNC_ConnectionID connection_id,
- TNC_BufferReference message,
- TNC_UInt32 message_len,
- TNC_MessageType message_type);
-
- /**
- * Notify all IMVs that all IMC messages received in a batch have been
- * delivered and this is the IMVs last chance to send a message in the
- * batch of IMV messages currently being collected.
- *
- * @param id connection ID
- */
- void (*batch_ending)(imv_manager_t *this, TNC_ConnectionID id);
-
- /**
- * Destroy an IMV manager and all its controlled instances.
- */
- void (*destroy)(imv_manager_t *this);
-};
-
-#endif /** IMV_MANAGER_H_ @}*/
+++ /dev/null
-/*
- * Copyright (C) 2010 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "imv_recommendations.h"
-
-ENUM(recommendation_policy_names, RECOMMENDATION_POLICY_DEFAULT,
- RECOMMENDATION_POLICY_ALL,
- "default",
- "any",
- "all"
-);
-
+++ /dev/null
-/*
- * Copyright (C) 2010 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup imv_recommendations imv_recommendations
- * @{ @ingroup imv
- */
-
-#ifndef IMV_RECOMMENDATIONS_H_
-#define IMV_RECOMMENDATIONS_H_
-
-#include <tncifimv.h>
-#include <library.h>
-
-typedef enum recommendation_policy_t recommendation_policy_t;
-
-enum recommendation_policy_t {
- RECOMMENDATION_POLICY_DEFAULT,
- RECOMMENDATION_POLICY_ANY,
- RECOMMENDATION_POLICY_ALL
-};
-
-extern enum_name_t *recommendation_policy_names;
-
-
-typedef struct recommendations_t recommendations_t;
-
-/**
- * Collection of all IMV action recommendations and evaluation results
- */
-struct recommendations_t {
-
- /**
- * Deliver an IMV action recommendation and IMV evaluation result to the TNCS
- *
- * @param imv_id ID of the IMV providing the recommendation
- * @param rec action recommendation
- * @param eval evaluation result
- * @return return code
- */
- TNC_Result (*provide_recommendation)(recommendations_t *this,
- TNC_IMVID imv_id,
- TNC_IMV_Action_Recommendation rec,
- TNC_IMV_Evaluation_Result eval);
-
- /**
- * If all IMVs provided a recommendation, derive a consolidated action
- * recommendation and evaluation result based on a configured policy
- *
- * @param rec action recommendation
- * @param eval evaluation result
- * @return TRUE if all IMVs provided a recommendation
- */
- bool (*have_recommendation)(recommendations_t *this,
- TNC_IMV_Action_Recommendation *rec,
- TNC_IMV_Evaluation_Result *eval);
-
- /**
- * Get the preferred language for remediation messages
- *
- * @return preferred language
- */
- chunk_t (*get_preferred_language)(recommendations_t *this);
-
- /**
- * Set the preferred language for remediation messages
- *
- * @param pref_lang preferred language
- */
- void (*set_preferred_language)(recommendations_t *this, chunk_t pref_lang);
-
- /**
- * Set the reason string
- *
- * @param id ID of IMV setting the reason string
- * @param reason reason string
- * @result return code
- */
- TNC_Result (*set_reason_string)(recommendations_t *this, TNC_IMVID id,
- chunk_t reason);
-
- /**
- * Set the language for reason strings
- *
- * @param id ID of IMV setting the reason language
- * @param reason_lang reason language
- * @result return code
- */
- TNC_Result (*set_reason_language)(recommendations_t *this, TNC_IMVID id,
- chunk_t reason_lang);
-
- /**
- * Enumerates over all IMVs sending a reason string.
- * Format: TNC_IMVID *id, chunk_t *reason, chunk_t *reason_language
- *
- * @return enumerator
- */
- enumerator_t* (*create_reason_enumerator)(recommendations_t *this);
-
- /**
- * Clears all reason entries
- */
- void (*clear_reasons)(recommendations_t *this);
-
- /**
- * Destroys an imv_t object.
- */
- void (*destroy)(recommendations_t *this);
-};
-
-#endif /** IMV_RECOMMENDATIONS_H_ @}*/
--- /dev/null
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup imc imc
+ * @ingroup tnc
+ *
+ * @defgroup imct imc
+ * @{ @ingroup imc
+ */
+
+#ifndef IMC_H_
+#define IMC_H_
+
+#include <tncifimc.h>
+
+#include <library.h>
+
+typedef struct imc_t imc_t;
+
+/**
+ * Controls a single Integrity Measurement Collector (IMC)
+ */
+struct imc_t {
+
+ /**
+ * The TNC Client calls this function to initialize the IMC and agree on
+ * the API version number to be used. It also supplies the IMC ID, an IMC
+ * identifier that the IMC must use when calling TNC Client callback functions.
+ *
+ * @param imcID IMC ID assigned by TNCC
+ * @param minVersion minimum API version supported by TNCC
+ * @param maxVersion maximum API version supported by TNCC
+ * @param OutActualVersion mutually supported API version number
+ * @return TNC result code
+ */
+ TNC_Result (*initialize)(TNC_IMCID imcID,
+ TNC_Version minVersion,
+ TNC_Version maxVersion,
+ TNC_Version *OutActualVersion);
+
+ /**
+ * The TNC Client calls this function to inform the IMC that the state of
+ * the network connection identified by connectionID has changed to newState.
+ *
+ * @param imcID IMC ID assigned by TNCC
+ * @param connectionID network connection ID assigned by TNCC
+ * @param newState new network connection state
+ * @return TNC result code
+ */
+ TNC_Result (*notify_connection_change)(TNC_IMCID imcID,
+ TNC_ConnectionID connectionID,
+ TNC_ConnectionState newState);
+
+ /**
+ * The TNC Client calls this function to indicate that an Integrity Check
+ * Handshake is beginning and solicit messages from IMCs for the first batch.
+ *
+ * @param imcID IMC ID assigned by TNCC
+ * @param connectionID network connection ID assigned by TNCC
+ * @return TNC result code
+ */
+ TNC_Result (*begin_handshake)(TNC_IMCID imcID,
+ TNC_ConnectionID connectionID);
+
+ /**
+ * The TNC Client calls this function to deliver a message to the IMC.
+ * The message is contained in the buffer referenced by message and contains
+ * the number of octets indicated by messageLength. The type of the message
+ * is indicated by messageType.
+ *
+ * @param imcID IMC ID assigned by TNCS
+ * @param connectionID network connection ID assigned by TNCC
+ * @param message reference to buffer containing message
+ * @param messageLength number of octets in message
+ * @param messageType message type of message
+ * @return TNC result code
+ */
+ TNC_Result (*receive_message)(TNC_IMCID imcID,
+ TNC_ConnectionID connectionID,
+ TNC_BufferReference message,
+ TNC_UInt32 messageLength,
+ TNC_MessageType messageType);
+
+ /**
+ * The TNC Client calls this function to notify IMCs that all IMV messages
+ * received in a batch have been delivered and this is the IMC’s last chance
+ * to send a message in the batch of IMC messages currently being collected.
+ *
+ * @param imcID IMC ID assigned by TNCC
+ * @param connectionID network connection ID assigned by TNCC
+ * @return TNC result code
+ */
+ TNC_Result (*batch_ending)(TNC_IMCID imcID,
+ TNC_ConnectionID connectionID);
+
+ /**
+ * The TNC Client calls this function to close down the IMC when all work is
+ * complete or the IMC reports TNC_RESULT_FATAL.
+ *
+ * @param imcID IMC ID assigned by TNCC
+ * @return TNC result code
+ */
+ TNC_Result (*terminate)(TNC_IMCID imcID);
+
+ /**
+ * IMVs implementing the UNIX/Linux Dynamic Linkage platform binding MUST
+ * define this additional function. The TNC Server MUST call the function
+ * immediately after calling TNC_IMV_Initialize to provide a pointer to the
+ * TNCS bind function. The IMV can then use the TNCS bind function to obtain
+ * pointers to any other TNCS functions.
+ *
+ * @param imcID IMC ID assigned by TNCC
+ * @param bindFunction pointer to TNC_TNCC_BindFunction
+ * @return TNC result code
+ */
+ TNC_Result (*provide_bind_function)(TNC_IMCID imcID,
+ TNC_TNCC_BindFunctionPointer bindFunction);
+
+ /**
+ * Sets the ID of an imc_t object.
+ *
+ * @param id IMC ID to be assigned
+ */
+ void (*set_id)(imc_t *this, TNC_IMCID id);
+
+ /**
+ * Returns the ID of an imc_t object.
+ *
+ * @return assigned IMC ID
+ */
+ TNC_IMCID (*get_id)(imc_t *this);
+
+ /**
+ * Returns the name of an imc_t object.
+ *
+ * @return name of IMC
+ */
+ char* (*get_name)(imc_t *this);
+
+ /**
+ * Sets the supported message types of an imc_t object.
+ *
+ * @param supported_types list of messages type supported by IMC
+ * @param type_count number of supported message types
+ */
+ void (*set_message_types)(imc_t *this, TNC_MessageTypeList supported_types,
+ TNC_UInt32 type_count);
+
+ /**
+ * Check if the IMC supports a given message type.
+ *
+ * @param message_type message type
+ * @return TRUE if supported
+ */
+ bool (*type_supported)(imc_t *this, TNC_MessageType message_type);
+
+ /**
+ * Destroys an imc_t object.
+ */
+ void (*destroy)(imc_t *this);
+};
+
+#endif /** IMC_H_ @}*/
--- /dev/null
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup imc_manager imc_manager
+ * @{ @ingroup imc
+ */
+
+#ifndef IMC_MANAGER_H_
+#define IMC_MANAGER_H_
+
+typedef struct imc_manager_t imc_manager_t;
+
+#include "imc.h"
+
+#include <library.h>
+
+/**
+ * The IMC manager controls all IMC instances.
+ */
+struct imc_manager_t {
+
+ /**
+ * Add an IMC instance
+ *
+ * @param imc IMC instance
+ * @return TRUE if initialization successful
+ */
+ bool (*add)(imc_manager_t *this, imc_t *imc);
+
+ /**
+ * Remove an IMC instance from the list and return it
+ *
+ * @param id ID of IMC instance
+ * @return removed IMC instance
+ */
+ imc_t* (*remove)(imc_manager_t *this, TNC_IMCID id);
+
+ /**
+ * Load all IMC instances
+ *
+ * @param filename configuration file containt IMC paths
+ * @return TRUE if initialization of all IMCs succeeded
+ */
+ bool (*load_all)(imc_manager_t *this, char *filename);
+
+ /**
+ * Check if an IMC with a given ID is registered with the IMC manager
+ *
+ * @param id ID of IMC instance
+ * @return TRUE if registered
+ */
+ bool (*is_registered)(imc_manager_t *this, TNC_IMCID id);
+
+ /**
+ * Return the preferred language for recommendations
+ *
+ * @return preferred language string
+ */
+ char* (*get_preferred_language)(imc_manager_t *this);
+
+ /**
+ * Notify all IMC instances
+ *
+ * @param state communicate the state a connection has reached
+ */
+ void (*notify_connection_change)(imc_manager_t *this,
+ TNC_ConnectionID id,
+ TNC_ConnectionState state);
+
+ /**
+ * Begin a handshake between the IMCs and a connection
+ *
+ * @param id connection ID
+ */
+ void (*begin_handshake)(imc_manager_t *this, TNC_ConnectionID id);
+
+ /**
+ * Sets the supported message types reported by a given IMC
+ *
+ * @param id ID of reporting IMC
+ * @param supported_types list of messages type supported by IMC
+ * @param type_count number of supported message types
+ * @return TNC result code
+ */
+ TNC_Result (*set_message_types)(imc_manager_t *this,
+ TNC_IMCID id,
+ TNC_MessageTypeList supported_types,
+ TNC_UInt32 type_count);
+
+ /**
+ * Delivers a message to interested IMCs.
+ *
+ * @param connection_id ID of connection over which message was received
+ * @param message message
+ * @param message_len message length
+ * @param message_type message type
+ */
+ void (*receive_message)(imc_manager_t *this,
+ TNC_ConnectionID connection_id,
+ TNC_BufferReference message,
+ TNC_UInt32 message_len,
+ TNC_MessageType message_type);
+
+ /**
+ * Notify all IMCs that all IMV messages received in a batch have been
+ * delivered and this is the IMCs last chance to send a message in the
+ * batch of IMC messages currently being collected.
+ *
+ * @param id connection ID
+ */
+ void (*batch_ending)(imc_manager_t *this, TNC_ConnectionID id);
+
+ /**
+ * Destroy an IMC manager and all its controlled instances.
+ */
+ void (*destroy)(imc_manager_t *this);
+};
+
+#endif /** IMC_MANAGER_H_ @}*/
--- /dev/null
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup imv imv
+ * @ingroup tnc
+ *
+ * @defgroup imvt imv
+ * @{ @ingroup imv
+ */
+
+#ifndef IMV_H_
+#define IMV_H_
+
+#include <tncifimv.h>
+
+#include <library.h>
+
+typedef struct imv_t imv_t;
+
+/**
+ * Controls a single Integrity Measurement Verifier (IMV)
+ */
+struct imv_t {
+
+ /**
+ * The TNC Server calls this function to initialize the IMV and agree on
+ * the API version number to be used. It also supplies the IMV ID, an IMV
+ * identifier that the IMV must use when calling TNC Server callback functions.
+ *
+ * @param imvID IMV ID assigned by TNCS
+ * @param minVersion minimum API version supported
+ * @param maxVersion maximum API version supported by TNCS
+ * @param OutActualVersion mutually supported API version number
+ * @return TNC result code
+ */
+ TNC_Result (*initialize)(TNC_IMVID imvID,
+ TNC_Version minVersion,
+ TNC_Version maxVersion,
+ TNC_Version *OutActualVersion);
+
+ /**
+ * The TNC Server calls this function to inform the IMV that the state of
+ * the network connection identified by connectionID has changed to newState.
+ *
+ * @param imvID IMV ID assigned by TNCS
+ * @param connectionID network connection ID assigned by TNCS
+ * @param newState new network connection state
+ * @return TNC result code
+ */
+ TNC_Result (*notify_connection_change)(TNC_IMVID imvID,
+ TNC_ConnectionID connectionID,
+ TNC_ConnectionState newState);
+
+ /**
+ * The TNC Server calls this function at the end of an Integrity Check
+ * Handshake (after all IMC-IMV messages have been delivered) to solicit
+ * recommendations from IMVs that have not yet provided a recommendation.
+ *
+ * @param imvID IMV ID assigned by TNCS
+ * @param connectionID network connection ID assigned by TNCS
+ * @return TNC result code
+ */
+ TNC_Result (*solicit_recommendation)(TNC_IMVID imvID,
+ TNC_ConnectionID connectionID);
+
+ /**
+ * The TNC Server calls this function to deliver a message to the IMV.
+ * The message is contained in the buffer referenced by message and contains
+ * the number of octets indicated by messageLength. The type of the message
+ * is indicated by messageType.
+ *
+ * @param imvID IMV ID assigned by TNCS
+ * @param connectionID network connection ID assigned by TNCS
+ * @param message reference to buffer containing message
+ * @param messageLength number of octets in message
+ * @param messageType message type of message
+ * @return TNC result code
+ */
+ TNC_Result (*receive_message)(TNC_IMVID imvID,
+ TNC_ConnectionID connectionID,
+ TNC_BufferReference message,
+ TNC_UInt32 messageLength,
+ TNC_MessageType messageType);
+
+ /**
+ * The TNC Server calls this function to notify IMVs that all IMC messages
+ * received in a batch have been delivered and this is the IMV’s last chance
+ * to send a message in the batch of IMV messages currently being collected.
+ *
+ * @param imvID IMV ID assigned by TNCS
+ * @param connectionID network connection ID assigned by TNCS
+ * @return TNC result code
+ */
+ TNC_Result (*batch_ending)(TNC_IMVID imvID,
+ TNC_ConnectionID connectionID);
+
+ /**
+ * The TNC Server calls this function to close down the IMV.
+ *
+ * @param imvID IMV ID assigned by TNCS
+ * @return TNC result code
+ */
+ TNC_Result (*terminate)(TNC_IMVID imvID);
+
+ /**
+ * IMVs implementing the UNIX/Linux Dynamic Linkage platform binding MUST
+ * define this additional function. The TNC Server MUST call the function
+ * immediately after calling TNC_IMV_Initialize to provide a pointer to the
+ * TNCS bind function. The IMV can then use the TNCS bind function to obtain
+ * pointers to any other TNCS functions.
+ *
+ * @param imvID IMV ID assigned by TNCS
+ * @param bindFunction pointer to TNC_TNCS_BindFunction
+ * @return TNC result code
+ */
+ TNC_Result (*provide_bind_function)(TNC_IMVID imvID,
+ TNC_TNCS_BindFunctionPointer bindFunction);
+
+ /**
+ * Sets the ID of an imv_t object.
+ *
+ * @param id IMV ID to be assigned
+ */
+ void (*set_id)(imv_t *this, TNC_IMVID id);
+
+ /**
+ * Returns the ID of an imv_t object.
+ *
+ * @return IMV ID assigned by TNCS
+ */
+ TNC_IMVID (*get_id)(imv_t *this);
+
+ /**
+ * Returns the name of an imv_t object.
+ *
+ * @return name of IMV
+ */
+ char* (*get_name)(imv_t *this);
+
+ /**
+ * Sets the supported message types of an imv_t object.
+ *
+ * @param supported_types list of messages type supported by IMV
+ * @param type_count number of supported message types
+ */
+ void (*set_message_types)(imv_t *this, TNC_MessageTypeList supported_types,
+ TNC_UInt32 type_count);
+
+ /**
+ * Check if the IMV supports a given message type.
+ *
+ * @param message_type message type
+ * @return TRUE if supported
+ */
+ bool (*type_supported)(imv_t *this, TNC_MessageType message_type);
+
+ /**
+ * Destroys an imv_t object.
+ */
+ void (*destroy)(imv_t *this);
+};
+
+#endif /** IMV_H_ @}*/
--- /dev/null
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup imv_manager imv_manager
+ * @{ @ingroup imv
+ */
+
+#ifndef IMV_MANAGER_H_
+#define IMV_MANAGER_H_
+
+typedef struct imv_manager_t imv_manager_t;
+
+#include "imv.h"
+#include "imv_recommendations.h"
+
+#include <library.h>
+
+/**
+ * The IMV manager controls all IMV instances.
+ */
+struct imv_manager_t {
+
+ /**
+ * Add an IMV instance
+ *
+ * @param imv IMV instance
+ * @return TRUE if initialization successful
+ */
+ bool (*add)(imv_manager_t *this, imv_t *imv);
+
+ /**
+ * Remove an IMV instance from the list and return it
+ *
+ * @param id ID of IMV instance
+ * @return removed IMC instance
+ */
+ imv_t* (*remove)(imv_manager_t *this, TNC_IMVID id);
+
+ /**
+ * Load all IMV instances
+ *
+ * @param filename configuration file containing IMV paths
+ * @return TRUE if initialization of all IMVs succeeded
+ */
+ bool (*load_all)(imv_manager_t *this, char *filename);
+
+ /**
+ * Check if an IMV with a given ID is registered with the IMV manager
+ *
+ * @param id ID of IMV instance
+ * @return TRUE if registered
+ */
+ bool (*is_registered)(imv_manager_t *this, TNC_IMVID id);
+
+
+ /**
+ * Get the configured recommendation policy
+ *
+ * @return configured recommendation policy
+ */
+ recommendation_policy_t (*get_recommendation_policy)(imv_manager_t *this);
+
+ /**
+ * Create an empty set of IMV recommendations and evaluations
+ *
+ * @return instance of a recommendations_t list
+ */
+ recommendations_t* (*create_recommendations)(imv_manager_t *this);
+
+ /**
+ * Enforce the TNC recommendation on the IKE_SA by either inserting an
+ * allow|isolate group membership rule (TRUE) or by blocking access (FALSE)
+ *
+ * @param rec TNC action recommendation
+ * @param eval TNC evaluation result
+ * @return TRUE for allow|isolate, FALSE for none
+ */
+ bool (*enforce_recommendation)(imv_manager_t *this,
+ TNC_IMV_Action_Recommendation rec,
+ TNC_IMV_Evaluation_Result eval);
+
+ /**
+ * Notify all IMV instances
+ *
+ * @param state communicate the state a connection has reached
+ */
+ void (*notify_connection_change)(imv_manager_t *this,
+ TNC_ConnectionID id,
+ TNC_ConnectionState state);
+
+ /**
+ * Sets the supported message types reported by a given IMV
+ *
+ * @param id ID of reporting IMV
+ * @param supported_types list of messages type supported by IMV
+ * @param type_count number of supported message types
+ * @return TNC result code
+ */
+ TNC_Result (*set_message_types)(imv_manager_t *this,
+ TNC_IMVID id,
+ TNC_MessageTypeList supported_types,
+ TNC_UInt32 type_count);
+
+ /**
+ * Solicit recommendations from IMVs that have not yet provided one
+ *
+ * @param id connection ID
+ */
+ void (*solicit_recommendation)(imv_manager_t *this, TNC_ConnectionID id);
+
+ /**
+ * Delivers a message to interested IMVs.
+ *
+ * @param connection_id ID of connection over which message was received
+ * @param message message
+ * @param message_len message length
+ * @param message_type message type
+ */
+ void (*receive_message)(imv_manager_t *this,
+ TNC_ConnectionID connection_id,
+ TNC_BufferReference message,
+ TNC_UInt32 message_len,
+ TNC_MessageType message_type);
+
+ /**
+ * Notify all IMVs that all IMC messages received in a batch have been
+ * delivered and this is the IMVs last chance to send a message in the
+ * batch of IMV messages currently being collected.
+ *
+ * @param id connection ID
+ */
+ void (*batch_ending)(imv_manager_t *this, TNC_ConnectionID id);
+
+ /**
+ * Destroy an IMV manager and all its controlled instances.
+ */
+ void (*destroy)(imv_manager_t *this);
+};
+
+#endif /** IMV_MANAGER_H_ @}*/
--- /dev/null
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "imv_recommendations.h"
+
+ENUM(recommendation_policy_names, RECOMMENDATION_POLICY_DEFAULT,
+ RECOMMENDATION_POLICY_ALL,
+ "default",
+ "any",
+ "all"
+);
+
--- /dev/null
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup imv_recommendations imv_recommendations
+ * @{ @ingroup imv
+ */
+
+#ifndef IMV_RECOMMENDATIONS_H_
+#define IMV_RECOMMENDATIONS_H_
+
+#include <tncifimv.h>
+#include <library.h>
+
+typedef enum recommendation_policy_t recommendation_policy_t;
+
+enum recommendation_policy_t {
+ RECOMMENDATION_POLICY_DEFAULT,
+ RECOMMENDATION_POLICY_ANY,
+ RECOMMENDATION_POLICY_ALL
+};
+
+extern enum_name_t *recommendation_policy_names;
+
+
+typedef struct recommendations_t recommendations_t;
+
+/**
+ * Collection of all IMV action recommendations and evaluation results
+ */
+struct recommendations_t {
+
+ /**
+ * Deliver an IMV action recommendation and IMV evaluation result to the TNCS
+ *
+ * @param imv_id ID of the IMV providing the recommendation
+ * @param rec action recommendation
+ * @param eval evaluation result
+ * @return return code
+ */
+ TNC_Result (*provide_recommendation)(recommendations_t *this,
+ TNC_IMVID imv_id,
+ TNC_IMV_Action_Recommendation rec,
+ TNC_IMV_Evaluation_Result eval);
+
+ /**
+ * If all IMVs provided a recommendation, derive a consolidated action
+ * recommendation and evaluation result based on a configured policy
+ *
+ * @param rec action recommendation
+ * @param eval evaluation result
+ * @return TRUE if all IMVs provided a recommendation
+ */
+ bool (*have_recommendation)(recommendations_t *this,
+ TNC_IMV_Action_Recommendation *rec,
+ TNC_IMV_Evaluation_Result *eval);
+
+ /**
+ * Get the preferred language for remediation messages
+ *
+ * @return preferred language
+ */
+ chunk_t (*get_preferred_language)(recommendations_t *this);
+
+ /**
+ * Set the preferred language for remediation messages
+ *
+ * @param pref_lang preferred language
+ */
+ void (*set_preferred_language)(recommendations_t *this, chunk_t pref_lang);
+
+ /**
+ * Set the reason string
+ *
+ * @param id ID of IMV setting the reason string
+ * @param reason reason string
+ * @result return code
+ */
+ TNC_Result (*set_reason_string)(recommendations_t *this, TNC_IMVID id,
+ chunk_t reason);
+
+ /**
+ * Set the language for reason strings
+ *
+ * @param id ID of IMV setting the reason language
+ * @param reason_lang reason language
+ * @result return code
+ */
+ TNC_Result (*set_reason_language)(recommendations_t *this, TNC_IMVID id,
+ chunk_t reason_lang);
+
+ /**
+ * Enumerates over all IMVs sending a reason string.
+ * Format: TNC_IMVID *id, chunk_t *reason, chunk_t *reason_language
+ *
+ * @return enumerator
+ */
+ enumerator_t* (*create_reason_enumerator)(recommendations_t *this);
+
+ /**
+ * Clears all reason entries
+ */
+ void (*clear_reasons)(recommendations_t *this);
+
+ /**
+ * Destroys an imv_t object.
+ */
+ void (*destroy)(recommendations_t *this);
+};
+
+#endif /** IMV_RECOMMENDATIONS_H_ @}*/
--- /dev/null
+/*
+ * Copyright (C) 2011 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "tnc.h"
+
+typedef struct private_tnc_t private_tnc_t;
+
+typedef tnccs_manager_t *(*tnc_create_tnccs_manager_t)(void);
+typedef imc_manager_t *(*tnc_create_imc_manager_t)(void);
+typedef imv_manager_t *(*tnc_create_imv_manager_t)(void);
+
+/**
+ * Private additions to tnc_t.
+ */
+struct private_tnc_t {
+
+ /**
+ * Public members of tnc_t.
+ */
+ tnc_t public;
+};
+
+/**
+ * Single instance of tnc_t.
+ */
+tnc_t *tnc;
+
+/**
+ * Described in header.
+ */
+void libtnccs_init(void)
+{
+ private_tnc_t *this;
+
+ INIT(this,
+ .public = {
+ },
+ );
+
+ tnc = &this->public;
+}
+
+/**
+ * Described in header.
+ */
+void libtnccs_deinit(void)
+{
+ private_tnc_t *this = (private_tnc_t*)tnc;
+
+ free(this);
+ tnc = NULL;
+}
+
+/**
+ * Described in header.
+ */
+bool tnc_manager_register(plugin_t *plugin, plugin_feature_t *feature,
+ bool reg, void *data)
+{
+ char *tnc_config;
+
+ tnc_config = lib->settings->get_str(lib->settings,
+ "libtnccs.tnc_config", "/etc/tnc_config");
+
+ if (feature->type == FEATURE_CUSTOM)
+ {
+ if (streq(feature->arg.custom, "tnccs-manager"))
+ {
+ if (reg)
+ {
+ tnc->tnccs = ((tnc_create_tnccs_manager_t)data)();
+ }
+ else
+ {
+ tnc->tnccs->destroy(tnc->tnccs);
+ tnc->tnccs = NULL;
+ }
+ }
+ else if (streq(feature->arg.custom, "imc-manager"))
+ {
+ if (reg)
+ {
+ tnc->imcs = ((tnc_create_imc_manager_t)data)();
+
+
+ if (!tnc->imcs->load_all(tnc->imcs, tnc_config))
+ {
+ tnc->imcs->destroy(tnc->imcs);
+ tnc->imcs = NULL;
+ return FALSE;
+ }
+ }
+ else
+ {
+ tnc->imcs->destroy(tnc->imcs);
+ tnc->imcs = NULL;
+ }
+ }
+ else if (streq(feature->arg.custom, "imv-manager"))
+ {
+ if (reg)
+ {
+ tnc->imvs = ((tnc_create_imv_manager_t)data)();
+
+ if (!tnc->imvs->load_all(tnc->imvs, tnc_config))
+ {
+ tnc->imvs->destroy(tnc->imvs);
+ tnc->imvs = NULL;
+ return FALSE;
+ }
+ }
+ else
+ {
+ tnc->imvs->destroy(tnc->imvs);
+ tnc->imvs = NULL;
+ }
+ }
+ else
+ {
+ return FALSE;
+ }
+ }
+ return TRUE;
+}
+
--- /dev/null
+/*
+ * Copyright (C) 2011 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tnc tnc
+ * @ingroup tnc
+ *
+ * @defgroup tnc tnc
+ * @{ @ingroup tnc
+ */
+
+#ifndef TNC_H_
+#define TNC_H_
+
+typedef struct tnc_t tnc_t;
+
+#include "tnc/imc/imc_manager.h"
+#include "tnc/imv/imv_manager.h"
+#include "tnc/tnccs/tnccs_manager.h"
+
+#include <library.h>
+
+/**
+ * TNC management support object.
+ */
+struct tnc_t {
+
+ /**
+ * TNC-IMC manager controlling Integrity Measurement Collectors
+ */
+ imc_manager_t *imcs;
+
+ /**
+ * TNC-IMV manager controlling Integrity Measurement Verifiers
+ */
+ imv_manager_t *imvs;
+
+ /**
+ * TNC-TNCCS manager controlling the TNC Server and Client protocols
+ */
+ tnccs_manager_t *tnccs;
+
+};
+
+/**
+ * The single instance of tnc_t.
+ *
+ * Exists between calls to libtnccs_init() and libtnccs_deinit().
+ */
+extern tnc_t *tnc;
+
+/**
+ * Initialize libtnccs.
+ */
+void libtnccs_init(void);
+
+/**
+ * Deinitialize libtnccs
+ */
+void libtnccs_deinit(void);
+
+/**
+ * Helper function to (un-)register TNC managers from plugin features.
+ *
+ * This function is a plugin_feature_callback_t and can be used with the
+ * PLUGIN_CALLBACK macro to register a TNC manager constructor.
+ *
+ * @param plugin plugin registering the TNC manager
+ * @param feature associated plugin feature
+ * @param reg TRUE to register, FALSE to unregister.
+ * @param data data passed to callback, a TNC manager constructor
+ */
+bool tnc_manager_register(plugin_t *plugin, plugin_feature_t *feature,
+ bool reg, void *data);
+
+#endif /** TNC_H_ @}*/
--- /dev/null
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "tnccs.h"
+
+ENUM(tnccs_type_names, TNCCS_UNKNOWN, TNCCS_2_0,
+ "unknown TNCCS",
+ "TNCCS 1.1",
+ "TNCCS SOH",
+ "TNCCS 2.0",
+);
+
--- /dev/null
+/*
+ * Copyright (C) 2010-1011 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tnccs tnccs
+ * @ingroup tnc
+ *
+ * @defgroup tnccst tnccs
+ * @{ @ingroup tnccs
+ */
+
+#ifndef TNCCS_H_
+#define TNCCS_H_
+
+typedef struct tnccs_t tnccs_t;
+typedef enum tnccs_type_t tnccs_type_t;
+
+#include <tncif.h>
+#include <tncifimc.h>
+#include <tncifimv.h>
+
+#include <library.h>
+#include <plugins/plugin.h>
+
+/**
+ * Type of TNC Client/Server protocol
+ */
+enum tnccs_type_t {
+ TNCCS_UNKNOWN,
+ TNCCS_1_1,
+ TNCCS_SOH,
+ TNCCS_2_0,
+ TNCCS_DYNAMIC
+};
+
+/**
+ * enum names for tnccs_type_t.
+ */
+extern enum_name_t *tnccs_type_names;
+
+/**
+ * Constructor definition for a pluggable TNCCS protocol implementation.
+ *
+ * @param is_server TRUE if TNC Server, FALSE if TNC Client
+ * @return implementation of the tnccs_t interface
+ */
+typedef tnccs_t *(*tnccs_constructor_t)(bool is_server);
+
+/**
+ * Callback function adding a message to a TNCCS batch
+ *
+ * @param imc_id ID of IMC or TNC_IMCID_ANY
+ * @param imc_id ID of IMV or TNC_IMVID_ANY
+ * @param msg message to be added
+ * @param msg_len message length
+ * @param msg_type message type
+ * @return result code
+ */
+typedef TNC_Result (*tnccs_send_message_t)(tnccs_t* tncss, TNC_IMCID imc_id,
+ TNC_IMVID imv_id,
+ TNC_BufferReference msg,
+ TNC_UInt32 msg_len,
+ TNC_MessageType msg_type);
+
+#endif /** TNCCS_H_ @}*/
--- /dev/null
+/*
+ * Copyright (C) 2011 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "tnccs_manager.h"
+
+#include "tnc/tnc.h"
+
+#include <debug.h>
+
+/**
+ * See header
+ */
+bool tnccs_method_register(plugin_t *plugin, plugin_feature_t *feature,
+ bool reg, void *data)
+{
+ if (!tnc || !tnc->tnccs)
+ {
+ DBG1(DBG_TNC, "TNC TNCCS manager does not exist");
+ return FALSE;
+ }
+ if (reg)
+ {
+ if (feature->type == FEATURE_CUSTOM)
+ {
+ tnccs_type_t type = TNCCS_UNKNOWN;
+
+ if (streq(feature->arg.custom, "tnccs-2.0"))
+ {
+ type = TNCCS_2_0;
+ }
+ else if (streq(feature->arg.custom, "tnccs-1.1"))
+ {
+ type = TNCCS_1_1;
+ }
+ else if (streq(feature->arg.custom, "tnccs-dynamic"))
+ {
+ type = TNCCS_DYNAMIC;
+ }
+ else
+ {
+ return FALSE;
+ }
+ tnc->tnccs->add_method(tnc->tnccs, type, (tnccs_constructor_t)data);
+ }
+ }
+ else
+ {
+ tnc->tnccs->remove_method(tnc->tnccs, (tnccs_constructor_t)data);
+ }
+ return TRUE;
+}
--- /dev/null
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tnccs_manager tnccs_manager
+ * @{ @ingroup tnccs
+ */
+
+#ifndef TNCCS_MANAGER_H_
+#define TNCCS_MANAGER_H_
+
+typedef struct tnccs_manager_t tnccs_manager_t;
+
+#include "tnccs.h"
+#include "tnc/imv/imv_recommendations.h"
+
+/**
+ * The TNCCS manager manages all TNCCS implementations and creates instances.
+ *
+ * A plugin registers its implemented TNCCS protocol with the manager by
+ * providing type and a constructor function. The manager then creates
+ * TNCCS protocol instances via the provided constructor.
+ */
+struct tnccs_manager_t {
+
+ /**
+ * Register a TNCCS protocol implementation.
+ *
+ * @param type TNCCS protocol type
+ * @param constructor constructor, returns a TNCCS protocol implementation
+ */
+ void (*add_method)(tnccs_manager_t *this, tnccs_type_t type,
+ tnccs_constructor_t constructor);
+
+ /**
+ * Unregister a TNCCS protocol implementation using it's constructor.
+ *
+ * @param constructor constructor function to remove, as added in add_method
+ */
+ void (*remove_method)(tnccs_manager_t *this, tnccs_constructor_t constructor);
+
+ /**
+ * Create a new TNCCS protocol instance.
+ *
+ * @param type type of the TNCCS protocol
+ * @param is_server TRUE if TNC Server, FALSE if TNC Client
+ * @return TNCCS protocol instance, NULL if no constructor found
+ */
+ tnccs_t* (*create_instance)(tnccs_manager_t *this, tnccs_type_t type,
+ bool is_server);
+
+ /**
+ * Create a TNCCS connection and assign a unique connection ID as well a
+ * callback function for adding a message to a TNCCS batch and create
+ * an empty set for collecting IMV recommendations
+ *
+ * @param tnccs TNCCS connection instance
+ * @param send_message TNCCS callback function
+ * @param request_handshake_retry pointer to boolean variable
+ * @param recs pointer to IMV recommendation set
+ * @return assigned connection ID
+ */
+ TNC_ConnectionID (*create_connection)(tnccs_manager_t *this, tnccs_t *tnccs,
+ tnccs_send_message_t send_message,
+ bool *request_handshake_retry,
+ recommendations_t **recs);
+
+ /**
+ * Remove a TNCCS connection using its connection ID.
+ *
+ * @param id ID of the connection to be removed
+ * @param is_server TNC Server if TRUE, TNC Client if FALSE
+ */
+ void (*remove_connection)(tnccs_manager_t *this, TNC_ConnectionID id,
+ bool is_server);
+
+ /**
+ * Request a handshake retry
+ *
+ * @param is_imc TRUE if IMC, FALSE if IMV
+ * @param imcv_id ID of IMC or IMV requesting the retry
+ * @param id ID of a specific connection or any connection
+ * @param reason reason for the handshake retry
+ * @return return code
+ */
+ TNC_Result (*request_handshake_retry)(tnccs_manager_t *this, bool is_imc,
+ TNC_UInt32 imcv_id,
+ TNC_ConnectionID id,
+ TNC_RetryReason reason);
+
+ /**
+ * Add an IMC/IMV message to the batch of a given connection ID.
+ *
+ * @param imc_id ID of IMC or TNC_IMCID_ANY
+ * @param imv_id ID of IMV or TNC_IMVID_ANY
+ * @param id ID of target connection
+ * @param msg message to be added
+ * @param msg_len message length
+ * @param msg_type message type
+ * @return return code
+ */
+ TNC_Result (*send_message)(tnccs_manager_t *this, TNC_IMCID imc_id,
+ TNC_IMVID imv_id,
+ TNC_ConnectionID id,
+ TNC_BufferReference msg,
+ TNC_UInt32 msg_len,
+ TNC_MessageType msg_type);
+
+ /**
+ * Deliver an IMV Action Recommendation and IMV Evaluation Result to the TNCS
+ *
+ * @param imv_id ID of the IMV providing the recommendation
+ * @param id ID of target connection
+ * @param rec action recommendation
+ * @param eval evaluation result
+ * @return return code
+ */
+ TNC_Result (*provide_recommendation)(tnccs_manager_t *this,
+ TNC_IMVID imv_id,
+ TNC_ConnectionID id,
+ TNC_IMV_Action_Recommendation rec,
+ TNC_IMV_Evaluation_Result eval);
+
+ /**
+ * Get the value of an attribute associated with a connection or with the
+ * TNCS as a whole.
+ *
+ * @param imv_id ID of the IMV requesting the attribute
+ * @param id ID of target connection
+ * @param attribute_id ID of the requested attribute
+ * @param buffer_len length of the buffer in bytes
+ * @param buffer pointer to the buffer
+ * @param out_value_len actual length of the returned attribute
+ * @return return code
+ */
+ TNC_Result (*get_attribute)(tnccs_manager_t *this,
+ TNC_IMVID imv_id,
+ TNC_ConnectionID id,
+ TNC_AttributeID attribute_id,
+ TNC_UInt32 buffer_len,
+ TNC_BufferReference buffer,
+ TNC_UInt32 *out_value_len);
+
+ /**
+ * Set the value of an attribute associated with a connection or with the
+ * TNCS as a whole.
+ *
+ * @param imv_id ID of the IMV setting the attribute
+ * @param id ID of target connection
+ * @param attribute_id ID of the attribute to be set
+ * @param buffer_len length of the buffer in bytes
+ * @param buffer pointer to the buffer
+ * @return return code
+ */
+ TNC_Result (*set_attribute)(tnccs_manager_t *this,
+ TNC_IMVID imv_id,
+ TNC_ConnectionID id,
+ TNC_AttributeID attribute_id,
+ TNC_UInt32 buffer_len,
+ TNC_BufferReference buffer);
+
+ /**
+ * Destroy a tnccs_manager instance.
+ */
+ void (*destroy)(tnccs_manager_t *this);
+};
+
+/**
+ * Helper function to (un-)register TNCCS methods from plugin features.
+ *
+ * This function is a plugin_feature_callback_t and can be used with the
+ * PLUGIN_CALLBACK macro to register a TNCCS method constructor.
+ *
+ * @param plugin plugin registering the TNCCS method constructor
+ * @param feature associated plugin feature
+ * @param reg TRUE to register, FALSE to unregister.
+ * @param data data passed to callback, a tnccs_constructor_t
+ */
+bool tnccs_method_register(plugin_t *plugin, plugin_feature_t *feature,
+ bool reg, void *data);
+
+#endif /** TNCCS_MANAGER_H_ @}*/